Add drizzle indexes to match db

Batch get olm ids
Merge pull request #3294 from fosrl/copilot/add-batching-mechanism-to-rebuild-client-associati
2026-06-21 22:59:52 +00:00 · 2026-06-21 17:43:39 -04:00 · 2026-06-21 17:34:46 -04:00 · 2026-06-21 14:20:56 -07:00 · 2026-06-21 17:20:07 -04:00 · 2026-06-16 22:50:03 +00:00
62 changed files with 2983 additions and 4073 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,5 +34,4 @@ build.ts
 tsconfig.json
 Dockerfile*
 drizzle.config.ts
-allowedDevOrigins.json
+allowedDevOrigins.json
 scratch/
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Вижте частни ресурси",
    "siteInstallNewt": "Инсталирайте Newt",
    "siteInstallNewtDescription": "Пуснете Newt на вашата система",
    "siteInstallKubernetesDocsDescription": "За повече и актуална информация относно инсталацията на Kubernetes, вижте <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "За инструкции за инсталиране на Advantech модем, вижте <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard конфигурация",
    "WgConfigurationDescription": "Използвайте следната конфигурация, за да се свържете с мрежата",
    "operatingSystem": "Операционна система",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Ще можете да виждате това само веднъж. Уверете се да го копирате на сигурно място.",
    "siteInfo": "Информация за сайта",
    "status": "Статус",
-    "shareTitle": "Управление на споделими връзки",
+    "shareTitle": "Управление на връзки за споделяне",
    "shareDescription": "Създайте споделими връзки, за да предоставите временен или постоянен достъп до прокси ресурсите",
-    "shareSearch": "Търсене на споделими връзки...",
+    "shareSearch": "Търсене на връзки за споделяне...",
-    "shareCreate": "Създаване на споделима връзка",
+    "shareCreate": "Създайте връзка за споделяне",
    "shareErrorDelete": "Неуспешно изтриване на връзката",
    "shareErrorDeleteMessage": "Възникна грешка при изтриване на връзката",
    "shareDeleted": "Връзката беше изтрита",
    "shareDeletedDescription": "Връзката беше премахната",
-    "shareDelete": "Изтриване на споделима връзка",
+    "shareDelete": "Изтрийте споделената връзка",
-    "shareDeleteConfirm": "Потвърдете изтриването на споделима връзка",
+    "shareDeleteConfirm": "Потвърдете изтриването на споделената връзка",
    "shareQuestionRemove": "Сигурни ли сте, че искате да изтриете тази споделена връзка?",
    "shareMessageRemove": "След изтриване връзката вече няма да работи и всеки, който я използва, ще загуби достъп до ресурса.",
    "shareTokenDescription": "Достъпният токен може да бъде предаван по два начина: като параметър или в хедърите на заявките. Те трябва да бъдат предавани от клиента при всяка заявка за удостоверен достъп.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Всеки с тази връзка може да получи достъп до ресурса",
    "shareTitleOptional": "Заглавие (по избор)",
    "sharePathOptional": "Път (по избор)",
    "sharePathDescription": "След удостоверяване, линкът ще препрати потребителите на този път.",
    "expireIn": "Изтече",
    "neverExpire": "Никога не изтича",
    "shareExpireDescription": "Времето на изтичане е колко дълго връзката ще бъде използваема и ще предоставя достъп до ресурса. След това време, връзката няма да работи и потребителите, които са я използвали, ще загубят достъп до ресурса.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Моля, изберете ресурс",
    "proxyResourceTitle": "Управление на обществени ресурси",
    "proxyResourceDescription": "Създайте и управлявайте ресурси, които са общодостъпни чрез уеб браузър.",
-    "publicResourcesBannerTitle": "Публичен достъп през Интернет",
+    "publicResourcesBannerTitle": "Публичен достъп чрез уеб.",
-    "publicResourcesBannerDescription": "Публичните ресурси са HTTPS проксита, достъпни за всеки в Интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват клиентски софтуер и могат да включват издентити и контексто-осъзнати политики за достъп.",
+    "publicResourcesBannerDescription": "Публичните ресурси са HTTPS или TCP/UDP проксита, достъпни за всеки в интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват софтуер от страна на клиента и могат да включват издентити и контексто-осъзнати политики за достъп.",
    "clientResourceTitle": "Управление на частни ресурси",
    "clientResourceDescription": "Създайте и управлявайте ресурси, които са достъпни само чрез свързан клиент.",
    "privateResourcesBannerTitle": "Достъп до частни ресурси с нулево доверие.",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Търсене на ресурси...",
    "resourceAdd": "Добавете ресурс",
    "resourceErrorDelte": "Грешка при изтриване на ресурс",
-    "resourcePoliciesBannerTitle": "Повторно използване на Удостоверяване и Правила за Достъп",
+    "resourcePoliciesTitle": "Управление на политики за ресурси",
-    "resourcePoliciesBannerDescription": "Споделените ресурсни политики ви позволяват да дефинирате методи за удостоверяване и правила за достъп веднъж, след което ги прикачвате към множество публични ресурси. Когато актуализирате политика, всеки свързан ресурс автоматично унаследява промените.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Свързани ресурси",
    "resourcePoliciesBannerButtonText": "Научете Повече",
    "resourcePoliciesTitle": "Управление на публични ресурсни политики",
    "resourcePoliciesAttachedResourcesColumnTitle": "Ресурси",
    "resourcePoliciesAttachedResources": "{count} ресурс(а)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} other {# ресурси}}",
    "resourcePoliciesAttachedResourcesEmpty": "няма ресурси",
-    "resourcePoliciesDescription": "Създайте и управлявайте политики за удостоверяване за контролиране на достъпа до вашите публични ресурси",
+    "resourcePoliciesDescription": "Създавай и управлявай политики за автентикация, за да контролирате достъпа до вашите ресурси",
    "resourcePoliciesSearch": "Търсене на политики...",
    "resourcePoliciesAdd": "Добавяне на политика",
    "resourcePoliciesDefaultBadgeText": "Стандартна политика",
-    "resourcePoliciesCreate": "Създаване на публична ресурсна политика",
+    "resourcePoliciesCreate": "Създаване на политика за ресурс",
    "resourcePoliciesCreateDescription": "Следвайте стъпките по-долу, за да създадете нова политика",
    "resourcePolicyName": "Име на политика",
    "resourcePolicyNameDescription": "Дайте на тази политика име, за да я идентифицирате в цялото ви ресурси",
@@ -281,7 +274,7 @@
    "back": "Назад",
    "cancel": "Отмяна",
    "resourceConfig": "Конфигурационни фрагменти",
-    "resourceConfigDescription": "Копирайте и поставете тези фрагменти от конфигурация за настройка на TCP/UDP ресурса.",
+    "resourceConfigDescription": "Копирайте и поставете тези конфигурационни отрязъци, за да настроите TCP/UDP ресурса",
    "resourceAddEntrypoints": "Traefik: Добавете Входни точки",
    "resourceExposePorts": "Gerbil: Изложете портове в Docker Compose",
    "resourceLearnRaw": "Научете как да конфигурирате TCP/UDP ресурси",
@@ -294,8 +287,6 @@
    "labelDelete": "Изтриване на етикета",
    "labelAdd": "Добавяне на етикет",
    "labelCreateSuccessMessage": "Етикетът е създаден успешно",
    "labelDuplicateError": "Дублиран етикет",
    "labelDuplicateErrorDescription": "Етикет с това име вече съществува.",
    "labelEditSuccessMessage": "Етикетът е променен успешно",
    "labelNameField": "Име на етикет",
    "labelColorField": "Цвят на етикет",
@@ -320,7 +311,7 @@
    "rules": "Правила",
    "resourceSettingDescription": "Конфигурирайте настройките на ресурса",
    "resourceSetting": "Настройки на {resourceName}",
-    "resourcePolicySettingDescription": "Конфигурирайте настройките на тази публична ресурсна политика",
+    "resourcePolicySettingDescription": "Конфигурирайте настройките на политиката за ресурс",
    "resourcePolicySetting": "Настройки за {policyName}",
    "alwaysAllow": "Заобикаляне на Ауторизацията",
    "alwaysDeny": "Блокиране на Достъпа",
@@ -728,7 +719,7 @@
    "targetSubmit": "Добавяне на цел",
    "targetNoOne": "Този ресурс няма цели. Добавете цел, за да конфигурирате къде да се изпращат заявките към бекенда.",
    "targetNoOneDescription": "Добавянето на повече от една цел ще активира натоварването на баланса.",
-    "targetsSubmit": "Запази Настройки",
+    "targetsSubmit": "Запазване на целите",
    "addTarget": "Добавете цел",
    "proxyMultiSiteRoundRobinNodeHelp": "Роунд Робин маршрутизирането няма да работи между сайтове, които не са свързани към един и същ възел, но автоматичното превключване ще работи.",
    "targetErrorInvalidIp": "Невалиден IP адрес",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Дубликат на правило",
    "rulesErrorDuplicateDescription": "Правило с тези настройки вече съществува",
    "rulesErrorInvalidIpAddressRange": "Невалиден CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Въведете валиден CIDR диапазон (напр., 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Моля, въведете валидна стойност на CIDR",
-    "rulesErrorInvalidUrl": "Невалиден път",
+    "rulesErrorInvalidUrl": "Невалиден URL път",
-    "rulesErrorInvalidUrlDescription": "Въведете валиден път на URL или шаблон (напр., /api/*).",
+    "rulesErrorInvalidUrlDescription": "Моля, въведете валидна стойност за URL път",
-    "rulesErrorInvalidIpAddress": "Невалиден IP адрес",
+    "rulesErrorInvalidIpAddress": "Невалиден IP",
-    "rulesErrorInvalidIpAddressDescription": "Въведете валиден IPv4 или IPv6 адрес.",
+    "rulesErrorInvalidIpAddressDescription": "Моля, въведете валиден IP адрес",
    "rulesErrorUpdate": "Неуспешно актуализиране на правилата",
    "rulesErrorUpdateDescription": "Възникна грешка при актуализиране на правилата",
    "rulesUpdated": "Активиране на правилата",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Въведете IP адрес (напр. 103.21.244.12)",
    "rulesMatchUrl": "Въведете URL път или модел (напр. /api/v1/todos или /api/v1/*)",
    "rulesErrorInvalidPriority": "Невалиден приоритет",
-    "rulesErrorInvalidPriorityDescription": "Въведете цяло число 1 или по-голямо.",
+    "rulesErrorInvalidPriorityDescription": "Моля, въведете валиден приоритет",
-    "rulesErrorDuplicatePriority": "Дублирания на приоритети",
+    "rulesErrorDuplicatePriority": "Дублирани приоритети",
-    "rulesErrorDuplicatePriorityDescription": "Всяко правило трябва да има уникален номер на приоритет.",
+    "rulesErrorDuplicatePriorityDescription": "Моля, въведете уникални приоритети",
    "rulesErrorValidation": "Невалидни правила",
    "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Изберете валиден тип съвпадение (път, IP, CIDR, държава, регион или ASN).",
    "rulesErrorValueRequired": "Въведете стойност за това правило.",
    "rulesErrorInvalidCountry": "Невалидна държава",
    "rulesErrorInvalidCountryDescription": "Изберете валидна държава.",
    "rulesErrorInvalidAsn": "Невалиден ASN",
    "rulesErrorInvalidAsnDescription": "Въведете валиден ASN (напр., AS15169).",
    "ruleUpdated": "Правилата са актуализирани",
    "ruleUpdatedDescription": "Правилата бяха успешно актуализирани",
    "ruleErrorUpdate": "Операцията не бе успешна",
    "ruleErrorUpdateDescription": "Възникна грешка по време на операцията за запис",
    "rulesPriority": "Приоритет",
    "rulesReorderDragHandle": "Плъзнете за преаранжиране на приоритети на правилата",
    "rulesAction": "Действие",
    "rulesMatchType": "Тип на съвпадение",
    "value": "Стойност",
@@ -810,7 +792,7 @@
    "rulesResource": "Конфигурация на правилата за ресурси",
    "rulesResourceDescription": "Конфигурирайте правила за контролиране на достъпа до ресурса",
    "ruleSubmit": "Добави правило",
-    "rulesNoOne": "Все още няма правила.",
+    "rulesNoOne": "Няма правила. Добавете правило чрез формуляра.",
    "rulesOrder": "Правилата се оценяват по приоритет в нарастващ ред.",
    "rulesSubmit": "Запазване на правилата",
    "policyErrorCreate": "Грешка при създаване на политика",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Възникна неочаквана грешка",
    "policyCreatedSuccess": "Политиката за ресурс е създадена успешно",
    "policyUpdatedSuccess": "Политиката за ресурс е актуализирана успешно",
-    "authMethodsSave": "Запази Настройки",
+    "authMethodsSave": "Запазете методите за идентификация",
    "policyAuthStackTitle": "Удостоверяване",
    "policyAuthStackDescription": "Контролирайте кои методи за удостоверяване са необходими за достъп до този ресурс",
    "policyAuthOrLogicTitle": "Множество активни методи за удостоверяване",
    "policyAuthOrLogicBanner": "Посетителите могат да се удостоверяват чрез който и да е от активните методи по-долу. Не е необходимо да преминават през всичките.",
    "policyAuthMethodActive": "Активен",
    "policyAuthMethodOff": "Изключено",
    "policyAuthSsoTitle": "Платформено SSO",
    "policyAuthSsoDescription": "Изисква вход чрез удостоверител на вашата организация",
    "policyAuthSsoSummary": "{idp} · {users} потребители, {roles} роли",
    "policyAuthSsoDefaultIdp": "По подразбиране удостоверител",
    "policyAuthAddDefaultIdentityProvider": "Добавете удостоверител по подразбиране",
    "policyAuthOtherMethodsTitle": "Други Методи",
    "policyAuthOtherMethodsDescription": "Опционални методи, които посетителите могат да използват вместо или заедно с платформния SSO",
    "policyAuthPasscodeTitle": "Парола",
    "policyAuthPasscodeDescription": "Изисква споделена алфанумерична парола за достъп до ресурса",
    "policyAuthPasscodeSummary": "Зададена парола",
    "policyAuthPincodeTitle": "ПИН код",
    "policyAuthPincodeDescription": "Кратък цифров код, необходим за достъп до ресурса",
    "policyAuthPincodeSummary": "Зададен 6-цифрен ПИН код",
    "policyAuthEmailTitle": "Списък с имейл адреси",
    "policyAuthEmailDescription": "Позволете изброените имейл адреси с еднократни пароли",
    "policyAuthEmailSummary": "{count} адреси са позволени",
    "policyAuthEmailOtpCallout": "Активирането на списъка с имейл адреси изпраща еднократна парола на имейла на посетителя при влизане.",
    "policyAuthHeaderAuthTitle": "Базово удостоверяване чрез заглавие",
    "policyAuthHeaderAuthDescription": "Валидирайте собствено HTTP заглавие и стойност при всяка заявка",
    "policyAuthHeaderAuthSummary": "Конфигурирано заглавие",
    "policyAuthHeaderName": "Име на заглавието",
    "policyAuthHeaderValue": "Очаквана стойност",
    "policyAuthSetPasscode": "Задайте парола",
    "policyAuthSetPincode": "Задайте ПИН код",
    "policyAuthSetEmailWhitelist": "Задайте списък с имейли",
    "policyAuthSetHeaderAuth": "Задайте базово удостоверяване чрез заглавие",
    "policyAccessRulesTitle": "Правила за достъп",
    "policyAccessRulesEnableDescription": "Когато е включено, правилата се оценяват в низходящ ред, докато едно не се оцени като вярно.",
    "policyAccessRulesFirstMatch": "Правилата се оценяват от горе надолу. Първото съвпадащо правило определя резултата.",
    "policyAccessRulesHowItWorks": "Правилата съпоставят заявки по път, IP адрес, местоположение или друг критерий. Всяко правило прилага действие: заобикаля удостоверяване, блокира достъп или преминава към удостоверяване. Ако няма съвпадение, трафикът продължава към удостоверяване.",
    "policyAccessRulesFallthroughOff": "Когато правилата са изключени, целият трафик преминава към удостоверяване.",
    "policyAccessRulesFallthroughOn": "Когато няма съвпадение, трафикът преминава към удостоверяване.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Запазете правилата",
    "resourceErrorCreate": "Грешка при създаване на ресурс",
    "resourceErrorCreateDescription": "Възникна грешка при създаването на ресурса",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Възникна грешка при актуализиране на ресурса",
    "access": "Достъп",
    "accessControl": "Контрол на достъпа",
-    "shareLink": "{resource} Споделима връзка",
+    "shareLink": "{resource} Сподели връзка",
    "resourceSelect": "Изберете ресурс",
-    "shareLinks": "Споделими връзки",
+    "shareLinks": "Споделени връзки",
    "share": "Споделени връзки",
    "shareDescription2": "Създайте връзки за достъп до ресурси. Връзките предоставят временен или неограничен достъп до вашия ресурс. Можете да конфигурирате продължителността на изтичане на връзката, когато я създавате.",
    "shareEasyCreate": "Лесно за създаване и споделяне",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Администраторите винаги могат да имат достъп до този ресурс.",
    "resourcePolicySelectTitle": "Политика за достъп до ресурс",
    "resourcePolicySelectDescription": "Изберете типа на политиката за ресурс за идентификация",
    "resourcePolicyTypeLabel": "Тип политика",
    "resourcePolicyLabel": "Ресурсна политика",
    "resourcePolicyInline": "Инлайн Политика за Ресурс",
    "resourcePolicyInlineDescription": "Политика за достъп, ограничена само до този ресурс",
    "resourcePolicyShared": "Споделена Политика за Ресурс",
-    "resourcePolicySharedDescription": "Този ресурс използва споделена политика.",
+    "resourcePolicySharedDescription": "Този ресурс използва споделена политика. Настройки на ниво политика (методи за идентификация, бял списък на имейли) са заключени. Можете да добавите правила за ресурса, роли и потребители по-долу.",
    "sharedPolicy": "Споделена политика",
    "sharedPolicyNoneDescription": "Този ресурс има своя собствена политика.",
    "resourceSharedPolicyOwnDescription": "Този ресурс има свои собствени контроли за удостоверяване и правила за достъп.",
    "resourceSharedPolicyInheritedDescription": "Този ресурс наследява от <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Този ресурс използва споделена политика. Някои настройки на удостоверяване могат да се редактират на този ресурс, за да се добавят към политиката. За да промените основната политика, трябва да редактирате <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Този ресурс използва споделена политика. Някои правила за достъп могат да се редактират на този ресурс. За да промените основната политика, трябва да редактирате <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Контроли за достъп",
    "resourceUsersRolesDescription": "Конфигурирайте кои потребители и роли могат да посещават този ресурс",
    "resourceUsersRolesSubmit": "Запазване на управлението на достъп.",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Видимост",
    "resourceVisibilityTitleDescription": "Напълно активирайте или деактивирайте видимостта на ресурса",
    "resourceGeneral": "Общи настройки",
-    "resourceGeneralDescription": "Конфигурирайте име, адрес и политика за достъп за този ресурс.",
+    "resourceGeneralDescription": "Конфигурирайте общите настройки за този ресурс",
    "resourceGeneralDetailsSubsection": "Подробности за ресурса",
    "resourceGeneralDetailsSubsectionDescription": "Задайте показвано име, идентификатор и публично достъпен домейн за този ресурс.",
    "resourceGeneralDetailsSubsectionPortDescription": "Задайте показвано име, идентификатор и публичен порт за този ресурс.",
    "resourceGeneralPublicAddressSubsection": "Публичен Адрес",
    "resourceGeneralPublicAddressSubsectionDescription": "Конфигурирайте как потребителите достигат до този ресурс.",
    "resourceGeneralAuthenticationAccessSubsection": "Удостоверяване и Достъп",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Изберете дали този ресурс използва собствена политика или наследява от споделена политика.",
    "resourceEnable": "Активирайте ресурс",
    "resourceTransfer": "Прехвърлете ресурс",
    "resourceTransferDescription": "Прехвърлете този ресурс към различен сайт",
@@ -1294,14 +1220,11 @@
    "addLabels": "Добавяне на етикети",
    "siteLabelsTab": "Етикети",
    "siteLabelsDescription": "Управление на етикети, свързани с този сайт.",
-    "labelsNotFound": "Не са намерени етикети.",
+    "labelsNotFound": "Етикети не са намерени",
    "labelsEmptyCreateHint": "Започнете да пишете горе, за да създадете етикет.",
    "labelSearch": "Търсене на етикети",
    "labelSearchOrCreate": "Търсене или създаване на етикет",
    "accessLabelFilterCount": "{count, plural, one {# етикет} other {# етикети}}",
    "labelOverflowCount": "+{count, plural, one {# етикет} other {# етикети}}",
    "accessLabelFilterClear": "Изчисти филтрите за етикети",
    "accessFilterClear": "Изчистване на филтри",
    "selectColor": "Изберете цвят",
    "createNewLabel": "Създайте нов организационен етикет \"{label}\"",
    "inviteInvalidDescription": "Линкът към поканата е невалиден.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Ресурси",
    "sidebarProxyResources": "Публично",
    "sidebarClientResources": "Частно",
-    "sidebarPolicies": "Споделени политики",
+    "sidebarPolicies": "Политики",
-    "sidebarResourcePolicies": "Публични ресурси",
+    "sidebarResourcePolicies": "Ресурси",
    "sidebarAccessControl": "Контрол на достъпа",
    "sidebarLogsAndAnalytics": "Дневници и анализи",
    "sidebarTeam": "Екип",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Администратор",
    "sidebarInvitations": "Покани",
    "sidebarRoles": "Роли",
-    "sidebarShareableLinks": "Споделими връзки",
+    "sidebarShareableLinks": "Връзки",
    "sidebarApiKeys": "API ключове",
    "sidebarProvisioning": "Осигуряване",
    "sidebarSettings": "Настройки",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Ресурс {id}",
    "blueprints": "Чертежи",
    "blueprintsLog": "Регистър на скицописи",
-    "blueprintsDescription": "Прегледайте съществуващите blueprint приложения и резултатите им или приложете нов blueprint",
+    "blueprintsDescription": "Вижте предишни приложения и техните резултати",
    "blueprintAdd": "Добави Чертеж",
    "blueprintGoBack": "Виж всички Чертежи",
    "blueprintCreate": "Създай Чертеж",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Активиране на Docker Чернова",
    "enableDockerSocketDescription": "Активирайте изтегляне с етикети на Docker Socket за скицописи. Пътят на гнездото трябва да бъде предоставен на конектора на сайта. Прочетете как работи това в <docsLink>документацията</docsLink>.",
    "newtAutoUpdate": "Активиране на автоматично обновяване на сайта",
-    "newtAutoUpdateDescription": "Когато е активирана, свързочният възел на сайта автоматично ще изтегли последната версия и ще се рестартира сам. Това може да бъде преодоляно на ниво сайт.",
+    "newtAutoUpdateDescription": "Когато е активно, конекторите на сайта автоматично ще се актуализират до най-новата версия при наличието на ново издание.",
    "siteAutoUpdate": "Автоматично обновяване на сайта",
    "siteAutoUpdateLabel": "Активиране на автоматично обновяване",
-    "siteAutoUpdateDescription": "Когато е активирана, конекторът на този сайт автоматично ще изтегли последната версия и ще се рестартира сам.",
+    "siteAutoUpdateDescription": "Управлявайте дали конекторът за този сайт автоматично изтегля последната версия.",
    "siteAutoUpdateOrgDefault": "По подразбиране за организацията: {state}",
    "siteAutoUpdateOverriding": "Преодоляване на настройката на организацията",
    "siteAutoUpdateResetToOrg": "Възстановяване към организацията по подразбиране",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Настройката на профила завърши успешно! Добре дошли в Pangolin!",
    "documentation": "Документация",
    "saveAllSettings": "Запазване на всички настройки",
-    "saveResourceTargets": "Запази Настройки",
+    "saveResourceTargets": "Запазване на целеви ресурси.",
-    "saveResourceHttp": "Запази Настройки",
+    "saveResourceHttp": "Запазване на прокси настройките.",
-    "saveProxyProtocol": "Запази Настройки",
+    "saveProxyProtocol": "Запазване на настройките на прокси протокола.",
    "settingsUpdated": "Настройките са обновени",
    "settingsUpdatedDescription": "Настройките са успешно актуализирани.",
    "settingsErrorUpdate": "Неуспешно обновяване на настройките",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Неизвестен",
    "healthCheck": "Проверка на здравето",
    "configureHealthCheck": "Конфигуриране на проверка на здравето",
-    "configureHealthCheckDescription": "Настройте мониторинг за вашия ресурс, за да се уверите, че винаги е на разположение",
+    "configureHealthCheckDescription": "Настройте мониторинг на здравето за {target}",
    "enableHealthChecks": "Разрешаване на проверки на здравето",
    "healthCheckDisabledStateDescription": "Когато е деактивиран, сайтът не изпълнява проверки и състоянието се счита за неизвестно.",
    "enableHealthChecksDescription": "Мониторинг на здравето на тази цел. Можете да наблюдавате различен краен пункт от целта, ако е необходимо.",
    "healthScheme": "Метод",
    "healthSelectScheme": "Избор на метод",
-    "healthCheckPortInvalid": "Портът трябва да бъде между 1 и 65535",
+    "healthCheckPortInvalid": "Портът за проверка на състоянието трябва да е между 1 и 65535",
    "healthCheckPath": "Път",
    "healthHostname": "IP / Хост",
    "healthPort": "Порт",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Изискват одобрение на устройства",
    "requireDeviceApprovalDescription": "Потребители с тази роля трябва да имат нови устройства одобрени от администратор преди да могат да се свържат и да имат достъп до ресурси.",
    "sshSettings": "Настройки за SSH",
    "sshAccess": "SSH Достъп",
    "rdpSettings": "Настройки за RDP",
    "vncSettings": "Настройки за VNC",
    "sshServer": "SSH сървър",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Уверете се, че вашата целева хост машина е правилно конфигурирана за изпълнение на демона за идентификация преди завършване на тази настройка, в противен случай осигуряването ще се провали.",
    "sshDaemonPort": "Порт на демона",
    "sshServerDestination": "Дестинация на сървъра",
-    "sshServerDestinationDescription": "Конфигурирайте дестинацията на SSH сървъра",
+    "sshServerDestinationDescription": "Конфигуриране на дестинацията и порта на SSH сървъра",
    "destination": "Дестинация",
    "destinationRequired": "Дестинацията е необходима.",
    "domainRequired": "Домейнът е необходим.",
    "proxyPortRequired": "Портът е необходим.",
    "invalidPathConfiguration": "Невалидна конфигурация на пътя.",
    "invalidRewritePathConfiguration": "Невалидна конфигурация на пренаписване на пътя.",
    "bgTargetMultiSiteDisclaimer": "Избиране на множество сайтове позволява устойчиво маршрутизиране и сокетно превключване за висока наличност.",
    "roleAllowSsh": "Разреши SSH",
    "roleAllowSshAllow": "Разреши",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.",
    "sshSudo": "Разреши sudo",
    "sshSudoCommands": "Sudo команди",
-    "sshSudoCommandsDescription": "Списък с команди, които потребителят има право да изпълнява със sudo, разделени със запетаи, интервали или нови редове. Необходимо е да се използват абсолютни пътища.",
+    "sshSudoCommandsDescription": "Списък с командите, разрешени да се изпълняват от потребителя с sudo. Трябва да се използват абсолютни пътища.",
    "sshCreateHomeDir": "Създай начална директория",
    "sshUnixGroups": "Unix групи",
-    "sshUnixGroupsDescription": "Unix групи, за добавяне на потребителя на целевия хост, разделени със запетаи, интервали или нови редове.",
+    "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.",
    "roleTextFieldPlaceholder": "Въведете стойности или пуснете .txt или .csv файл",
    "roleTextImportTitle": "Импортиране от файл",
    "roleTextImportDescription": "Импортиране на {fileName} в {fieldLabel}.",
    "roleTextImportSkipHeader": "Пропускане на първи ред (заглавие)",
    "roleTextImportOverride": "Заместване на съществуващите",
    "roleTextImportAppend": "Добавяне към съществуващите",
    "roleTextImportMode": "Режим на импортиране",
    "roleTextImportPreview": "Преглед",
    "roleTextImportItemCount": "{count, plural, =0 {Няма артикули за импортиране} one {1 артикул за импортиране} other {# артикули за импортиране}}",
    "roleTextImportTotalCount": "{existing} съществуващи + {imported} импортирани = {total} общо",
    "roleTextImportConfirm": "Импортиране",
    "roleTextImportInvalidFile": "Неподдържан тип файл",
    "roleTextImportInvalidFileDescription": "Само .txt и .csv файлове са поддържани.",
    "roleTextImportEmpty": "Няма намерени елементи във файла",
    "roleTextImportEmptyDescription": "Файлът не съдържа подлежащи на импортиране елементи.",
    "retryAttempts": "Опити за повторно",
    "expectedResponseCodes": "Очаквани кодове за отговор",
    "expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Активирайте прокси протокола",
    "proxyProtocolInfo": "Запазете IP адресите на клиентите за TCP бекендове",
    "proxyProtocolVersion": "Версия на прокси протокола",
-    "version1": "Версия 1 (Препоръчана)",
+    "version1": "Версия 1 (Препоръчително)",
    "version2": "Версия 2",
-    "version1Description": "Текстово-базирана и широко поддържана. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
+    "versionDescription": "Версия 1 е текстово-базирана и широко поддържана. Версия 2 е бърна и по-ефективна, но по-малко съвместима.",
    "version2Description": "Двоична и по-ефективна, но по-малко съвместима. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
    "warning": "Предупреждение",
    "proxyProtocolWarning": "Вашето бекенд приложение трябва да бъде конфигурирано да приема прокси протоколни връзки. Ако вашият бекенд не поддържа прокси протокол, активирането му ще прекъсне всички връзки. Уверете се, че сте конфигурирали вашия бекенд да се доверява на заглавията на прокси протокола от Traefik.",
    "restarting": "Рестартиране...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Въведете потвърждение.",
    "blueprintViewDetails": "Подробности.",
    "defaultIdentityProvider": "По подразбиране доставчик на идентичност.",
-    "defaultIdentityProviderDescription": "Потребителят автоматично ще бъде пренасочен към този удостоверител за удостоверяване.",
+    "defaultIdentityProviderDescription": "Когато е избран основен доставчик на идентичност, потребителят ще бъде автоматично пренасочен към доставчика за удостоверяване.",
    "editInternalResourceDialogNetworkSettings": "Мрежови настройки.",
    "editInternalResourceDialogAccessPolicy": "Политика за достъп.",
    "editInternalResourceDialogAddRoles": "Добавяне на роли.",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Тип режим на поддръжка.",
    "showMaintenancePage": "Показване на страницата за поддръжка на посетители.",
    "enableMaintenanceMode": "Активиране на режим на поддръжка.",
    "enableMaintenanceModeDescription": "При включване, посетителите ще виждат страница за поддръжка вместо вашия ресурс.",
    "automatic": "Автоматично.",
    "automaticModeDescription": "Показване на страницата за поддръжка само когато всички целеви подсистеми са неработоспособни или в лошо състояние. Вашият ресурс продължава да работи нормално, докато поне един целеви подсистемен елемент е в здравия диапазон.",
    "forced": "Наложително.",
@@ -3182,8 +3082,6 @@
    "warning:": "Предупреждение:",
    "forcedeModeWarning": "Целият трафик ще бъде пренасочен към страницата за поддръжка. Вашите подсистемни ресурси няма да получат никакви заявки.",
    "pageTitle": "Заглавие на страницата.",
    "maintenancePageContentSubsection": "Съдържание на страницата",
    "maintenancePageContentSubsectionDescription": "Персонализирайте съдържанието, показвано на страницата за поддръжка",
    "pageTitleDescription": "Основното заглавие, показвано на страницата за поддръжка.",
    "maintenancePageMessage": "Съобщение за поддръжка.",
    "maintenancePageMessagePlaceholder": "Ще се върнем скоро! Нашият сайт понастоящем е в процес на планирана поддръжка.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Сигурни ли сте, че искате да отвържете този доставчик на самоличност от тази организация?",
    "idpUnassociateDescription": "Всички потребители, свързани с този доставчик на самоличност, ще бъдат премахнати от тази организация, но доставчика на самоличност ще продължи да съществува за други свързани организации.",
    "idpUnassociateConfirm": "Потвърдете отвързване на доставчика на самоличност",
    "idpConfirmDeleteAndRemoveMeFromOrg": "ИЗТРИВАНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
    "idpUnassociateAndRemoveMeFromOrg": "ОДЕЛЯНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
    "idpUnassociateWarning": "Това не може да бъде отменено за тази организация.",
    "idpUnassociatedDescription": "Доставчика на самоличност е успешно отвързан от тази организация",
    "idpUnassociateMenu": "Отвързване",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Свързване…",
    "sshInitializing": "Инициализиране…",
    "sshSignInTitle": "Вход в SSH",
-    "sshSignInDescription": "Въведете вашите SSH данни за свързване",
+    "sshSignInDescription": "Въведете данните за SSH",
    "sshPasswordTab": "Парола",
    "sshPrivateKeyTab": "Частен ключ",
    "sshPrivateKeyField": "Частен ключ",
    "sshPrivateKeyDisclaimer": "Частният ви ключ не се съхранява или видима за Панголиин. Като алтернатива, можете да използвате краткотрайни сертификати за безпроблемна автентикация с вашата съществуваща идентичност в Панголиин.",
    "sshLearnMore": "Научете повече",
    "sshPrivateKeyFile": "Файл с частен ключ",
-    "sshAuthenticate": "Свързване",
+    "sshAuthenticate": "Идентичност",
    "sshTerminate": "Прекратяване",
    "sshPoweredBy": "Подпомогнато от",
    "sshErrorNoTarget": "Няма посочена цел",
    "sshErrorWebSocket": "Неуспешно създаване на WebSocket връзка",
    "sshErrorAuthFailed": "Неуспешна идентификация",
-    "sshErrorConnectionClosed": "Връзката е затворена преди завършване на идентификацията",
+    "sshErrorConnectionClosed": "Връзката е затворена преди завършване на идентификацията"
    "sitePangolinSshDescription": "Позволете SSH достъп до ресурси на този сайт. Това може да бъде променено по-късно.",
    "browserGatewayNoResourceForDomain": "Не е намерен ресурс за този домейн",
    "browserGatewayNoTarget": "Няма цел",
    "browserGatewayConnect": "Свързване",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Неуспешно подписване на SSH ключ за PAM push удостоверяване. Вписахте ли се като потребител?",
    "sshTerminalError": "Грешка: {error}",
    "sshConnectionClosedCode": "Връзката е затворена (код {code})",
    "sshPrivateKeyPlaceholder": "-----НАЧАЛО НА OPENSSH ЧАСТЕН КЛЮЧ-----",
    "sshPrivateKeyRequired": "Изисква се частен ключ",
    "vncTitle": "VNC",
    "vncSignInDescription": "Въведете вашата VNC парола за свързване",
    "vncPasswordOptional": "Парола (по избор)",
    "vncNoResourceTarget": "Не е налична цел за ресурса",
    "vncFailedToLoadNovnc": "Неуспешно зареждане на noVNC",
    "vncAuthFailedStatus": "Статус {status}",
    "vncPasteClipboard": "Поставяне на клепач",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Вписване в Отдалечен Работен Плот",
    "rdpSignInDescription": "Въведете данните за вашата Windows, за да се свържете",
    "rdpLoadingModule": "Зареждане на модул...",
    "rdpFailedToLoadModule": "Неуспешно зареждане на RDP модул",
    "rdpNotReady": "Не е готов",
    "rdpModuleInitializing": "RDP модулът все още се инициализира",
    "rdpDownloadingFiles": "Изтегляне на {count} файл/файлове от отдалечено...",
    "rdpDownloadFailed": "Изтеглянето е неуспешно: {fileName}",
    "rdpUploaded": "Качено: {fileName}",
    "rdpNoConnectionTarget": "Няма налична цел за свързване",
    "rdpConnectionFailed": "Връзката неуспешна",
    "rdpFit": "Напасване",
    "rdpFull": "Пълен",
    "rdpReal": "Реален",
    "rdpMeta": "Мета",
    "rdpUploadFiles": "Качване на файловете",
    "rdpFilesReadyToPaste": "Файлове готови за поставяне",
    "rdpFilesReadyToPasteDescription": "{count} файл(ове) копирани в отдалечения клипборд — натиснете Ctrl+V на отдалечения работен плот за поставяне.",
    "rdpUploadFailed": "Качването неуспешно",
    "rdpUnicodeKeyboardMode": "Режим на unicode клавиатура",
    "sessionToolbarShow": "Показване на лентата с инструменти",
    "sessionToolbarHide": "Скриване на лентата с инструменти"
 }
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Zobrazit soukromé zdroje",
    "siteInstallNewt": "Nainstalovat Newt",
    "siteInstallNewtDescription": "Spustit Newt na vašem systému",
    "siteInstallKubernetesDocsDescription": "Pro více aktuálních informací o instalaci Kubernetes navštivte <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Pro pokyny k instalaci modemu Advantech navštivte <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Konfigurace WireGuard",
    "WgConfigurationDescription": "K připojení k síti použijte následující konfiguraci",
    "operatingSystem": "Operační systém",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Toto nastavení uvidíte pouze jednou. Ujistěte se, že jej zkopírujete na bezpečné místo.",
    "siteInfo": "Údaje o lokalitě",
    "status": "Stav",
-    "shareTitle": "Spravovat sdílné odkazy",
+    "shareTitle": "Spravovat sdílení odkazů",
    "shareDescription": "Vytvořit sdílitelné odkazy pro udělení dočasného nebo trvalého přístupu ke zdrojům proxy",
-    "shareSearch": "Hledat sdílné odkazy...",
+    "shareSearch": "Hledat sdílené odkazy...",
-    "shareCreate": "Vytvořit sdílný odkaz",
+    "shareCreate": "Vytvořit odkaz",
    "shareErrorDelete": "Nepodařilo se odstranit odkaz",
    "shareErrorDeleteMessage": "Došlo k chybě při odstraňování odkazu",
    "shareDeleted": "Odkaz odstraněn",
    "shareDeletedDescription": "Odkaz byl odstraněn",
-    "shareDelete": "Odstranit sdílný odkaz",
+    "shareDelete": "Smazat odkaz ke sdílení",
-    "shareDeleteConfirm": "Potvrdit odstranění sdílného odkazu",
+    "shareDeleteConfirm": "Potvrdit smazání odkazu ke sdílení",
    "shareQuestionRemove": "Jste si jisti, že chcete smazat tento odkaz ke sdílení?",
    "shareMessageRemove": "Jakmile bude smazán, odkaz přestane fungovat a všichni, kdo jej používají, ztratí přístup k prostředku.",
    "shareTokenDescription": "Přístupový token může být předán dvěma způsoby: jako parametr dotazu nebo v záhlaví požadavku. Tyto údaje musí být předány klientovi na každé žádosti o ověřený přístup.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Kdokoliv s tímto odkazem může přistupovat ke zdroji",
    "shareTitleOptional": "Název (volitelné)",
    "sharePathOptional": "Cesta (volitelně)",
    "sharePathDescription": "Odkaz přesměruje uživatele na tuto cestu po autentikaci.",
    "expireIn": "Platnost vyprší za",
    "neverExpire": "Nikdy nevyprší",
    "shareExpireDescription": "Doba platnosti určuje, jak dlouho bude odkaz použitelný a bude poskytovat přístup ke zdroji. Po této době odkaz již nebude fungovat a uživatelé kteří tento odkaz používali ztratí přístup ke zdroji.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Zvolte prosím zdroj",
    "proxyResourceTitle": "Spravovat veřejné zdroje",
    "proxyResourceDescription": "Vytváření a správa zdrojů, které jsou veřejně přístupné prostřednictvím webového prohlížeče",
-    "publicResourcesBannerTitle": "Webové Veřejné Přístupy",
+    "publicResourcesBannerTitle": "Veřejný přístup založený na webu",
-    "publicResourcesBannerDescription": "Veřejné prostředky jsou HTTPS proxy přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
+    "publicResourcesBannerDescription": "Veřejné prostředky jsou HTTPS nebo TCP/UDP proxy, které jsou přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
    "clientResourceTitle": "Spravovat soukromé zdroje",
    "clientResourceDescription": "Vytváření a správa zdrojů, které jsou přístupné pouze prostřednictvím připojeného klienta",
    "privateResourcesBannerTitle": "Zero-Trust soukromý přístup",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Prohledat zdroje...",
    "resourceAdd": "Přidat zdroj",
    "resourceErrorDelte": "Chyba při odstraňování zdroje",
-    "resourcePoliciesBannerTitle": "Opětovné použití pravidel pro autentifikaci a přístup",
+    "resourcePoliciesTitle": "Spravovat zásady zdrojů",
-    "resourcePoliciesBannerDescription": "Sdílené politiky zdrojů vám umožňují definovat metody autentifikace a přístupová pravidla jednou, poté je připojit k více veřejným zdrojům. Při aktualizaci politiky každý propojený zdroj automaticky dědí změnu.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Připojené zdroje",
    "resourcePoliciesBannerButtonText": "Zjistit více",
    "resourcePoliciesTitle": "Správa Veřejných Zásad Zdrojů",
    "resourcePoliciesAttachedResourcesColumnTitle": "Zdroje",
    "resourcePoliciesAttachedResources": "{count} zdroj(e/ů)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zdroj} few {# zdroje} many {# zdrojů} other {# zdrojů}}",
    "resourcePoliciesAttachedResourcesEmpty": "žádné zdroje",
-    "resourcePoliciesDescription": "Vytvořte a spravujte zásady autentifikace pro řízení přístupu k vašim veřejným zdrojům",
+    "resourcePoliciesDescription": "Vytvářejte a spravujte zásady ověřování k řízení přístupu ke svým zdrojům",
    "resourcePoliciesSearch": "Hledat zásady...",
    "resourcePoliciesAdd": "Přidat zásadu",
    "resourcePoliciesDefaultBadgeText": "Výchozí zásada",
-    "resourcePoliciesCreate": "Vytvořit Veřejnou Zásadu Zdroje",
+    "resourcePoliciesCreate": "Vytvořit zásadu zdroje",
    "resourcePoliciesCreateDescription": "Postupujte podle následujících kroků k vytvoření nové zásady",
    "resourcePolicyName": "Název zásady",
    "resourcePolicyNameDescription": "Pojmenujte tuto zásadu, aby byla rozpoznatelná napříč vašimi zdroji",
@@ -281,7 +274,7 @@
    "back": "Zpět",
    "cancel": "Zrušit",
    "resourceConfig": "Konfigurační snippety",
-    "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační úryvky pro nastavení TCP/UDP zdroje.",
+    "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační textové bloky pro nastavení TCP/UDP zdroje",
    "resourceAddEntrypoints": "Traefik: Přidat vstupní body",
    "resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
    "resourceLearnRaw": "Naučte se konfigurovat zdroje TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Smazat štítek",
    "labelAdd": "Přidat štítek",
    "labelCreateSuccessMessage": "Štítek byl úspěšně vytvořen",
    "labelDuplicateError": "Duplikátní štítek",
    "labelDuplicateErrorDescription": "Štítek s tímto názvem již existuje.",
    "labelEditSuccessMessage": "Štítek byl úspěšně změněn",
    "labelNameField": "Název štítku",
    "labelColorField": "Barva štítku",
@@ -320,7 +311,7 @@
    "rules": "Pravidla",
    "resourceSettingDescription": "Konfigurace nastavení na zdroji",
    "resourceSetting": "Nastavení {resourceName}",
-    "resourcePolicySettingDescription": "Konfigurujte nastavení této veřejné zásady zdrojů",
+    "resourcePolicySettingDescription": "Nakonfigurujte nastavení na zásadě zdroje",
    "resourcePolicySetting": "Nastavení {policyName}",
    "alwaysAllow": "Obejít Auth",
    "alwaysDeny": "Blokovat přístup",
@@ -728,7 +719,7 @@
    "targetSubmit": "Add Target",
    "targetNoOne": "Tento zdroj nemá žádné cíle. Přidejte cíl pro konfiguraci kam poslat žádosti na backend.",
    "targetNoOneDescription": "Přidáním více než jednoho cíle se umožní vyvážení zatížení.",
-    "targetsSubmit": "Uložit Nastavení",
+    "targetsSubmit": "Uložit cíle",
    "addTarget": "Add Target",
    "proxyMultiSiteRoundRobinNodeHelp": "Round robin routing nebude fungovat mezi lokalitami, které nejsou připojeny ke stejnému uzlu, ale failover bude fungovat.",
    "targetErrorInvalidIp": "Neplatná IP adresa",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Duplikovat pravidlo",
    "rulesErrorDuplicateDescription": "Pravidlo s těmito nastaveními již existuje",
    "rulesErrorInvalidIpAddressRange": "Neplatný CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Zadejte platný rozsah CIDR (např. 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Zadejte prosím platnou hodnotu CIDR",
-    "rulesErrorInvalidUrl": "Neplatná cesta",
+    "rulesErrorInvalidUrl": "Neplatná URL cesta",
-    "rulesErrorInvalidUrlDescription": "Zadejte platnou URL cestu nebo vzor (např. /api/*).",
+    "rulesErrorInvalidUrlDescription": "Zadejte platnou hodnotu URL cesty",
    "rulesErrorInvalidIpAddress": "Neplatná IP adresa",
-    "rulesErrorInvalidIpAddressDescription": "Zadejte platnou IPv4 nebo IPv6 adresu.",
+    "rulesErrorInvalidIpAddressDescription": "Zadejte prosím platnou IP adresu",
    "rulesErrorUpdate": "Aktualizace pravidel se nezdařila",
    "rulesErrorUpdateDescription": "Při aktualizaci pravidel došlo k chybě",
    "rulesUpdated": "Povolit pravidla",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "Zadejte adresu ve formátu CIDR (např. 103.21.244.0/22)",
    "rulesMatchIpAddress": "Zadejte IP adresu (např. 103.21.244.12)",
    "rulesMatchUrl": "Zadejte URL cestu nebo vzor (např. /api/v1/todos nebo /api/v1/*)",
-    "rulesErrorInvalidPriority": "Neplatná priorita",
+    "rulesErrorInvalidPriority": "Neplatná Priorita",
-    "rulesErrorInvalidPriorityDescription": "Zadejte celé číslo 1 nebo vyšší.",
+    "rulesErrorInvalidPriorityDescription": "Zadejte prosím platnou prioritu",
-    "rulesErrorDuplicatePriority": "Duplicitní priority",
+    "rulesErrorDuplicatePriority": "Duplikovat priority",
-    "rulesErrorDuplicatePriorityDescription": "Každé pravidlo musí mít unikátní číslo priority.",
+    "rulesErrorDuplicatePriorityDescription": "Zadejte prosím unikátní priority",
    "rulesErrorValidation": "Neplatná pravidla",
    "rulesErrorValidationRuleDescription": "Pravidlo {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Vyberte platný typ shody (cesta, IP, CIDR, země, oblast nebo ASN).",
    "rulesErrorValueRequired": "Zadejte hodnotu pro toto pravidlo.",
    "rulesErrorInvalidCountry": "Neplatná země",
    "rulesErrorInvalidCountryDescription": "Vyberte platnou zemi.",
    "rulesErrorInvalidAsn": "Neplatný ASN",
    "rulesErrorInvalidAsnDescription": "Zadejte platný ASN (např. AS15169).",
    "ruleUpdated": "Pravidla byla aktualizována",
    "ruleUpdatedDescription": "Pravidla byla úspěšně aktualizována",
    "ruleErrorUpdate": "Operace selhala",
    "ruleErrorUpdateDescription": "Při ukládání došlo k chybě",
    "rulesPriority": "Priorita",
    "rulesReorderDragHandle": "Přetažením změňte prioritu pravidel",
    "rulesAction": "Akce",
    "rulesMatchType": "Typ shody",
    "value": "Hodnota",
@@ -810,7 +792,7 @@
    "rulesResource": "Konfigurace pravidel zdroje",
    "rulesResourceDescription": "Nastavit pravidla pro kontrolu přístupu ke zdroji",
    "ruleSubmit": "Přidat pravidlo",
-    "rulesNoOne": "Žádná pravidla zatím nejsou.",
+    "rulesNoOne": "Žádná pravidla. Přidejte pravidlo pomocí formuláře.",
    "rulesOrder": "Pravidla jsou hodnocena podle priority vzestupně.",
    "rulesSubmit": "Uložit pravidla",
    "policyErrorCreate": "Chyba při vytváření zásady",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Došlo k neočekávané chybě",
    "policyCreatedSuccess": "Zásada zdroje byla úspěšně vytvořena",
    "policyUpdatedSuccess": "Zásada zdroje byla úspěšně aktualizována",
-    "authMethodsSave": "Uložit nastavení",
+    "authMethodsSave": "Uložit metody ověřování",
    "policyAuthStackTitle": "Autentifikace",
    "policyAuthStackDescription": "Určete, které metody autentifikace jsou požadovány pro přístup k tomuto zdroji",
    "policyAuthOrLogicTitle": "Více metod autentifikace je aktivních",
    "policyAuthOrLogicBanner": "Návštěvníci mohou použít jakoukoli aktivní metodu uvedenou níže. Nemusí splnit všechny z nich.",
    "policyAuthMethodActive": "Aktivní",
    "policyAuthMethodOff": "Vypnuto",
    "policyAuthSsoTitle": "Platformové SSO",
    "policyAuthSsoDescription": "Požadujte přihlášení prostřednictvím identifikačního poskytovatele vaší organizace",
    "policyAuthSsoSummary": "{idp} · {users} uživatelé, {roles} role",
    "policyAuthSsoDefaultIdp": "Výchozí poskytovatel",
    "policyAuthAddDefaultIdentityProvider": "Přidat výchozího identifikačního poskytovatele",
    "policyAuthOtherMethodsTitle": "Ostatní metody",
    "policyAuthOtherMethodsDescription": "Volitelné metody, které návštěvníci mohou použít místo nebo vedle platformového SSO",
    "policyAuthPasscodeTitle": "Heslo",
    "policyAuthPasscodeDescription": "Vyžadovat sdílené alfanumerické heslo pro přístup ke zdroji",
    "policyAuthPasscodeSummary": "Sada hesel",
    "policyAuthPincodeTitle": "PIN Kód",
    "policyAuthPincodeDescription": "Krátký číselný kód vyžadován pro přístup ke zdroji",
    "policyAuthPincodeSummary": "Nastaven 6místný PIN",
    "policyAuthEmailTitle": "Email Whitelist",
    "policyAuthEmailDescription": "Povolit vybraným emailovým adresám s jednorázovými hesly",
    "policyAuthEmailSummary": "Povoleno {count} adres(y)",
    "policyAuthEmailOtpCallout": "Povolení seznamu povolených e-mailů odešle jednorázové heslo na e-mail návštěvníka při přihlášení.",
    "policyAuthHeaderAuthTitle": "Základní Ověření Záhlaví",
    "policyAuthHeaderAuthDescription": "Ověřit vlastní HTTP hlavičku názvu a hodnoty při každém požadavku",
    "policyAuthHeaderAuthSummary": "Nastaveno hlavička",
    "policyAuthHeaderName": "Název hlavičky",
    "policyAuthHeaderValue": "Očekávaná hodnota",
    "policyAuthSetPasscode": "Nastavit přístupový kód",
    "policyAuthSetPincode": "Nastavit PIN kód",
    "policyAuthSetEmailWhitelist": "Nastavit e-mailový whitelist",
    "policyAuthSetHeaderAuth": "Nastavit základní autentizaci hlavičkou",
    "policyAccessRulesTitle": "Pravidla Přístupu",
    "policyAccessRulesEnableDescription": "Když je povoleno, pravidla jsou hodnocena sestupně, dokud jedno není vyhodnoceno jako pravda.",
    "policyAccessRulesFirstMatch": "Pravidla jsou vyhodnocována shora dolů. První odpovídající pravidlo určuje výsledek.",
    "policyAccessRulesHowItWorks": "Pravidla odpovídají požadavkům podle cesty, IP adresy, lokace nebo jiného kritéria. Každé pravidlo aplikuje akci: obejít autentizaci, zablokovat přístup nebo předat k autentizaci. Pokud žádné neodpovídá, provoz pokračuje k autentizaci.",
    "policyAccessRulesFallthroughOff": "Když jsou pravidla zakázána, veškerý provoz přechází k autentizaci.",
    "policyAccessRulesFallthroughOn": "Když žádné pravidlo neodpovídá, provoz přechází k autentizaci.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Uložit pravidla",
    "resourceErrorCreate": "Chyba při vytváření zdroje",
    "resourceErrorCreateDescription": "Při vytváření zdroje došlo k chybě",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Došlo k chybě při aktualizaci zdroje",
    "access": "Přístup",
    "accessControl": "Kontrola přístupu",
-    "shareLink": "{resource} Sdílný odkaz",
+    "shareLink": "{resource} Sdílet odkaz",
    "resourceSelect": "Vyberte zdroj",
-    "shareLinks": "Sdíletelné odkazy",
+    "shareLinks": "Sdílet odkazy",
    "share": "Sdílené odkazy",
    "shareDescription2": "Vytvořte sdílitelné odkazy na zdroje. Odkazy poskytují dočasný nebo neomezený přístup k vašemu zdroji. Můžete nakonfigurovat dobu vypršení platnosti odkazu při jeho vytvoření.",
    "shareEasyCreate": "Snadné vytváření a sdílení",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Administrátoři mají vždy přístup k tomuto zdroji.",
    "resourcePolicySelectTitle": "Zásada přístupu ke zdrojům",
    "resourcePolicySelectDescription": "Vyberte typ zásady zdroje ověřování",
    "resourcePolicyTypeLabel": "Typ zásady zdroje",
    "resourcePolicyLabel": "Zásada zdroje",
    "resourcePolicyInline": "Inline Zásada Zdroje",
    "resourcePolicyInlineDescription": "Zásada přístupu se zaměřením pouze na tento zdroj",
    "resourcePolicyShared": "Sdílená Zásada Zdroje",
-    "resourcePolicySharedDescription": "Tento zdroj používá sdílenou zásadu.",
+    "resourcePolicySharedDescription": "Tento zdroj používá sdílenou zásadu. Nastavení na úrovni zásady (metody ověřování, seznam povolených emailů) jsou uzamčena. Níže můžete přidat pravidla, role a uživatele specifické pro zdroj.",
    "sharedPolicy": "Sdílená Zásada",
    "sharedPolicyNoneDescription": "Tento zdroj má vlastní zásadu.",
    "resourceSharedPolicyOwnDescription": "Tento zdroj má vlastní ovládání autentifikace a přístupových pravidel.",
    "resourceSharedPolicyInheritedDescription": "Tento zdroj dědí ze <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Tento zdroj používá sdílenou politiku. Některá nastavení autentizace lze upravit na tomto zdroji k doplnění politiky. Pro úpravu základní politiky musíte upravit <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Tento zdroj používá sdílenou politiku. Některá přístupová pravidla lze upravit na tomto zdroji. Chcete-li změnit základní politiku, musíte upravit <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Kontrola přístupu",
    "resourceUsersRolesDescription": "Nastavení, kteří uživatelé a role mohou navštívit tento zdroj",
    "resourceUsersRolesSubmit": "Uložit přístupové řízení",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Viditelnost",
    "resourceVisibilityTitleDescription": "Zcela povolit nebo zakázat viditelnost zdrojů",
    "resourceGeneral": "Obecná nastavení",
-    "resourceGeneralDescription": "Nakonfigurujte název, adresu a přístupovou politiku pro tento zdroj.",
+    "resourceGeneralDescription": "Konfigurace obecných nastavení tohoto zdroje",
    "resourceGeneralDetailsSubsection": "Detaily zdroje",
    "resourceGeneralDetailsSubsectionDescription": "Nastavte zobrazovaný název, identifikátor a veřejně dostupnou doménu pro tento zdroj.",
    "resourceGeneralDetailsSubsectionPortDescription": "Nastavte zobrazovaný název, identifikátor a veřejný port pro tento zdroj.",
    "resourceGeneralPublicAddressSubsection": "Veřejná Adresa",
    "resourceGeneralPublicAddressSubsectionDescription": "Nakonfigurujte, jak uživatelé dosáhnou tento zdroj.",
    "resourceGeneralAuthenticationAccessSubsection": "Autentizace & Přístup",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Vyberte, zda tento zdroj používá vlastní politiku, nebo dědí od sdílené politiky.",
    "resourceEnable": "Povolit dokument",
    "resourceTransfer": "Přenos zdroje",
    "resourceTransferDescription": "Přenést tento zdroj na jiný web",
@@ -1294,14 +1220,11 @@
    "addLabels": "Přidat štítky",
    "siteLabelsTab": "Štítky",
    "siteLabelsDescription": "Spravujte štítky přiřazené k této lokalitě.",
-    "labelsNotFound": "Nebyly nalezeny žádné štítky.",
+    "labelsNotFound": "Štítky nenalezeny",
    "labelsEmptyCreateHint": "Začněte psát výše k vytvoření štítku.",
    "labelSearch": "Hledat štítky",
    "labelSearchOrCreate": "Hledání nebo vytvoření štítku",
    "accessLabelFilterCount": "{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
    "labelOverflowCount": "+{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
    "accessLabelFilterClear": "Vymazat filtry štítků",
    "accessFilterClear": "Vymazat filtry",
    "selectColor": "Vybrat barvu",
    "createNewLabel": "Vytvořit nový štítek organizace \"{label}\"",
    "inviteInvalidDescription": "Odkaz pro pozvání je neplatný.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Zdroje",
    "sidebarProxyResources": "Veřejnost",
    "sidebarClientResources": "Soukromé",
-    "sidebarPolicies": "Sdílené Odkazy",
+    "sidebarPolicies": "Zásady",
-    "sidebarResourcePolicies": "Veřejné Zdroje",
+    "sidebarResourcePolicies": "Zdroje",
    "sidebarAccessControl": "Kontrola přístupu",
    "sidebarLogsAndAnalytics": "Logy & Analytika",
    "sidebarTeam": "Tým",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Pozvánky",
    "sidebarRoles": "Role",
-    "sidebarShareableLinks": "Sdílené Odkazy",
+    "sidebarShareableLinks": "Odkazy",
    "sidebarApiKeys": "API klíče",
    "sidebarProvisioning": "Zajištění",
    "sidebarSettings": "Nastavení",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Zdroj {id}",
    "blueprints": "Plány",
    "blueprintsLog": "Protokol plánů",
-    "blueprintsDescription": "Zobrazit předchozí aplikace modrotisku a jejich výsledky nebo aplikovat nový modrotisk",
+    "blueprintsDescription": "Prohlédněte si aplikace předchozích plánů a jejich výsledky",
    "blueprintAdd": "Přidat plán",
    "blueprintGoBack": "Zobrazit všechny plány",
    "blueprintCreate": "Vytvořit plán",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Povolit Docker plán",
    "enableDockerSocketDescription": "Povolte seškrábání štítků pro Docker Socket pro štítky plánů. Před připojením na lokalitní konektor musí být uvedena cesta k soketu. Přečtěte si, jak to funguje <docsLink>v dokumentaci</docsLink>.",
    "newtAutoUpdate": "Povolit automatickou aktualizaci stránek",
-    "newtAutoUpdateDescription": "Když je povoleno, konektory stránek automaticky stáhnou nejnovější verzi a restartují se. To lze přepsat na základě jednotlivých míst.",
+    "newtAutoUpdateDescription": "Když je zapnuto, konektory lokality se automaticky aktualizují na nejnovější verzi, když je k dispozici nové vydání.",
    "siteAutoUpdate": "Automatická aktualizace stránek",
    "siteAutoUpdateLabel": "Povolte automatickou aktualizaci",
-    "siteAutoUpdateDescription": "Když je povoleno, konektor této stránky automaticky stáhne nejnovější verzi a restartuje se sám.",
+    "siteAutoUpdateDescription": "Ovládněte, zda bude konektor tohoto webu automaticky stahovat nejnovější verzi.",
    "siteAutoUpdateOrgDefault": "Výchozí organizace: {state}",
    "siteAutoUpdateOverriding": "Přepsání nastavení organizace",
    "siteAutoUpdateResetToOrg": "Obnovit na výchozí organizaci",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Nastavení účtu dokončeno! Vítejte v Pangolinu!",
    "documentation": "Dokumentace",
    "saveAllSettings": "Uložit všechna nastavení",
-    "saveResourceTargets": "Uložit Nastavení",
+    "saveResourceTargets": "Uložit cíle",
-    "saveResourceHttp": "Uložit Nastavení",
+    "saveResourceHttp": "Uložit nastavení proxy",
-    "saveProxyProtocol": "Uložit Nastavení",
+    "saveProxyProtocol": "Uložit nastavení proxy protokolu",
    "settingsUpdated": "Nastavení aktualizováno",
    "settingsUpdatedDescription": "Nastavení úspěšně aktualizována",
    "settingsErrorUpdate": "Aktualizace nastavení se nezdařila",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Neznámý",
    "healthCheck": "Kontrola stavu",
    "configureHealthCheck": "Konfigurace kontroly stavu",
-    "configureHealthCheckDescription": "Nastavte monitorování vašeho zdroje, abyste zajistili, že je vždy dostupný",
+    "configureHealthCheckDescription": "Nastavit sledování zdravotního stavu pro {target}",
    "enableHealthChecks": "Povolit kontrolu stavu",
    "healthCheckDisabledStateDescription": "Pokud je zakázáno, web nebude provádět zdravotní kontroly a stav bude považován za neznámý.",
    "enableHealthChecksDescription": "Sledujte zdraví tohoto cíle. V případě potřeby můžete sledovat jiný cílový bod, než je cíl.",
    "healthScheme": "Způsob",
    "healthSelectScheme": "Vybrat metodu",
-    "healthCheckPortInvalid": "Port musí být mezi 1 a 65535",
+    "healthCheckPortInvalid": "Přístav kontroly stavu musí být mezi 1 a 65535",
    "healthCheckPath": "Cesta",
    "healthHostname": "IP / Hostitel",
    "healthPort": "Přístav",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Vyžadovat schválení zařízení",
    "requireDeviceApprovalDescription": "Uživatelé s touto rolí potřebují nová zařízení schválená správcem, než se mohou připojit a přistupovat ke zdrojům.",
    "sshSettings": "Nastavení SSH",
    "sshAccess": "SSH Přístup",
    "rdpSettings": "Nastavení RDP",
    "vncSettings": "Nastavení VNC",
    "sshServer": "SSH server",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Ujistěte se, že váš cílový hostitel je správně nakonfigurován k přímu spuštění ověřovacího démona, jinak zřizování selže.",
    "sshDaemonPort": "Port démona",
    "sshServerDestination": "Cíl serveru",
-    "sshServerDestinationDescription": "Nakonfigurujte cíl serveru SSH",
+    "sshServerDestinationDescription": "Nakonfigurujte cíl a port SSH serveru",
    "destination": "Cíl",
    "destinationRequired": "Destinace je vyžadována.",
    "domainRequired": "Doména je vyžadována.",
    "proxyPortRequired": "Port je vyžadován.",
    "invalidPathConfiguration": "Neplatná konfigurace cesty.",
    "invalidRewritePathConfiguration": "Neplatná konfigurace přepsat cesty.",
    "bgTargetMultiSiteDisclaimer": "Výběr více lokalit umožňuje odolné směrování a převzetí služeb při selhání pro vysokou dostupnost.",
    "roleAllowSsh": "Povolit SSH",
    "roleAllowSshAllow": "Povolit",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.",
    "sshSudo": "Povolit sudo",
    "sshSudoCommands": "Sudo příkazy",
-    "sshSudoCommandsDescription": "Seznam příkazů, které je uživateli povoleno spouštět se sudo, oddělený čárkami, mezerami, nebo novými řádky. Je třeba používat absolutní cesty.",
+    "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které je uživatel povolen spustit s sudo. Musí být použity absolutní cesty.",
    "sshCreateHomeDir": "Vytvořit domovský adresář",
    "sshUnixGroups": "Unixové skupiny",
-    "sshUnixGroupsDescription": "Unixové skupiny, do kterých má být uživatel přidán na cílovém hostu, oddělené čárkami, mezerami, nebo novými řádky.",
+    "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.",
    "roleTextFieldPlaceholder": "Zadejte hodnoty nebo přetáhněte soubor .txt nebo .csv",
    "roleTextImportTitle": "Importovat ze souboru",
    "roleTextImportDescription": "Importuje se {fileName} do {fieldLabel}.",
    "roleTextImportSkipHeader": "Přeskočit první řádek (záhlaví)",
    "roleTextImportOverride": "Nahradit existující",
    "roleTextImportAppend": "Přidat k existujícímu",
    "roleTextImportMode": "Režim importu",
    "roleTextImportPreview": "Náhled",
    "roleTextImportItemCount": "{count, plural, =0 {Žádné položky k importu} one {1 položka k importu} few {# položky k importu} many {# položek k importu} other {# položek k importu}}",
    "roleTextImportTotalCount": "{existing} existující + {imported} importované = {total} celkem",
    "roleTextImportConfirm": "Importovat",
    "roleTextImportInvalidFile": "Nepodporovaný typ souboru",
    "roleTextImportInvalidFileDescription": "Podporovány jsou pouze soubory .txt a .csv.",
    "roleTextImportEmpty": "V souboru nebyly nalezeny žádné položky",
    "roleTextImportEmptyDescription": "Soubor neobsahuje žádné položky k importu.",
    "retryAttempts": "Opakovat pokusy",
    "expectedResponseCodes": "Očekávané kódy odezvy",
    "expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Povolit Proxy protokol",
    "proxyProtocolInfo": "Zachovat IP adresu klienta pro TCP zálohy",
    "proxyProtocolVersion": "Verze proxy protokolu",
-    "version1": "Verze 1 (Doporučeno)",
+    "version1": " Verze 1 (doporučeno)",
    "version2": "Verze 2",
-    "version1Description": "Textově založený a široce podporovaný. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
+    "versionDescription": "Verze 1 je textová a široce podporovaná. Verze 2 je binární a efektivnější, ale méně kompatibilní.",
    "version2Description": "Binární a efektivnější, ale méně kompatibilní. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
    "warning": "Varování",
    "proxyProtocolWarning": "Aplikace backend musí být nakonfigurována, aby mohla přijímat připojení k Proxy protokolu. Pokud vaše backend nepodporuje Proxy protokol, povolením tohoto protokolu dojde k přerušení všech připojení, takže toto povolíte pouze pokud víte, co děláte. Ujistěte se, že nastavíte svou backend a důvěřujte hlavičkám Proxy protokolu z Traefik.",
    "restarting": "Restartování...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Zadejte potvrzení",
    "blueprintViewDetails": "Detaily",
    "defaultIdentityProvider": "Výchozí poskytovatel identity",
-    "defaultIdentityProviderDescription": "Uživatel bude automaticky přesměrován na tohoto identifikačního poskytovatele pro autentifikaci.",
+    "defaultIdentityProviderDescription": "Pokud je vybrán výchozí poskytovatel identity, uživatel bude automaticky přesměrován na poskytovatele pro ověření.",
    "editInternalResourceDialogNetworkSettings": "Nastavení sítě",
    "editInternalResourceDialogAccessPolicy": "Přístupová politika",
    "editInternalResourceDialogAddRoles": "Přidat role",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Typ režimu údržby",
    "showMaintenancePage": "Zobrazit stránku údržby návštěvníkům",
    "enableMaintenanceMode": "Povolit režim údržby",
    "enableMaintenanceModeDescription": "Když je povoleno, návštěvníci uvidí údržbu místo vašeho zdroje.",
    "automatic": "Automatické",
    "automaticModeDescription": "Zobrazte stránku údržby pouze, když jsou všechny cílové servery uživatele nebo prostředku nefunkční nebo nezdravé. Vaše prostředky budou nadále fungovat normálně, pokud je alespoň jeden cíl v pořádku.",
    "forced": "Nucené",
@@ -3182,8 +3082,6 @@
    "warning:": "Varování:",
    "forcedeModeWarning": "Veškerý provoz bude směrován na stránku údržby. Vaše prostředky backendu neobdrží žádné žádosti.",
    "pageTitle": "Název stránky",
    "maintenancePageContentSubsection": "Obsah Stránky",
    "maintenancePageContentSubsectionDescription": "Přizpůsobte obsah zobrazovaný na stránce údržby",
    "pageTitleDescription": "Hlavní titulek zobrazovaný na stránce údržby",
    "maintenancePageMessage": "Zpráva údržby",
    "maintenancePageMessagePlaceholder": "Vrátíme se brzy! Naše stránka právě prochází plánovanou údrbou.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Opravdu chcete odpojit tohoto poskytovatele identity od této organizace?",
    "idpUnassociateDescription": "Všichni uživatelé spojení s tímto poskytovatelem identity budou odstraněni z této organizace, ale poskytovatel identity zůstane nadále existovat pro ostatní přidružené organizace.",
    "idpUnassociateConfirm": "Potvrdit odpojení poskytovatele identity",
    "idpConfirmDeleteAndRemoveMeFromOrg": "SMAZAT A ODSTRANIT MĚ Z ORGANIZACE",
    "idpUnassociateAndRemoveMeFromOrg": "ODPOJIT A ODSTRANIT MĚ Z ORGANIZACE",
    "idpUnassociateWarning": "Toto nelze pro tuto organizaci vrátit.",
    "idpUnassociatedDescription": "Poskytovatel identity byl úspěšně odpojen od této organizace",
    "idpUnassociateMenu": "Odpojit",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Připojení…",
    "sshInitializing": "Inicializace…",
    "sshSignInTitle": "Přihlášení do SSH",
-    "sshSignInDescription": "Zadejte své údaje SSH pro připojení",
+    "sshSignInDescription": "Zadejte své SSH přihlašovací údaje",
    "sshPasswordTab": "Heslo",
    "sshPrivateKeyTab": "Soukromý klíč",
    "sshPrivateKeyField": "Soukromý klíč",
    "sshPrivateKeyDisclaimer": "Váš soukromý klíč není ukládán ani viditelný pro Pangolin. Alternativně můžete použít krátkodobé certifikáty pro bezproblémové ověřování pomocí vaší stávající identity Pangolin.",
    "sshLearnMore": "Přečtěte si více",
    "sshPrivateKeyFile": "Soubor soukromého klíče",
-    "sshAuthenticate": "Připojit",
+    "sshAuthenticate": "Ověřit",
    "sshTerminate": "Ukončit",
    "sshPoweredBy": "Vytváří",
    "sshErrorNoTarget": "Cíl nebyl určen",
    "sshErrorWebSocket": "Chyba připojení WebSocketu",
    "sshErrorAuthFailed": "Ověření selhalo",
-    "sshErrorConnectionClosed": "Připojení bylo uzavřeno před dokončením ověřování",
+    "sshErrorConnectionClosed": "Připojení bylo uzavřeno před dokončením ověřování"
    "sitePangolinSshDescription": "Povolte SSH přístup k zdrojům na tomto místě. Toto lze změnit později.",
    "browserGatewayNoResourceForDomain": "Pro tuto doménu nebyl nalezen žádný zdroj",
    "browserGatewayNoTarget": "Žádný cíl",
    "browserGatewayConnect": "Připojit",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Nepodařilo se podepsat klíč SSH pro ověřování pomocí PAM push. Přihlásili jste se jako uživatel?",
    "sshTerminalError": "Chyba: {error}",
    "sshConnectionClosedCode": "Připojení bylo uzavřeno (kód {code})",
    "sshPrivateKeyPlaceholder": "-----ZAČÁTEK SOUKROMÉHO KLÍČE OPENSSH-----",
    "sshPrivateKeyRequired": "Je vyžadován soukromý klíč",
    "vncTitle": "VNC",
    "vncSignInDescription": "Zadejte své heslo VNC pro připojení",
    "vncPasswordOptional": "Heslo (nepovinné)",
    "vncNoResourceTarget": "Není k dispozici žádný cíl zdroje",
    "vncFailedToLoadNovnc": "Nepodařilo se načíst noVNC",
    "vncAuthFailedStatus": "Stav {status}",
    "vncPasteClipboard": "Vložit schránku",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Přihlásit se k Vzdálené ploše",
    "rdpSignInDescription": "Zadejte přihlašovací údaje pro Windows k připojení",
    "rdpLoadingModule": "Načítá se modul...",
    "rdpFailedToLoadModule": "Nepodařilo se načíst modul RDP",
    "rdpNotReady": "Není připraveno",
    "rdpModuleInitializing": "Modul RDP se stále inicializuje",
    "rdpDownloadingFiles": "Stahuje se {count} soubor(y) z dálky...",
    "rdpDownloadFailed": "Stažení se nezdařilo: {fileName}",
    "rdpUploaded": "Nahráno: {fileName}",
    "rdpNoConnectionTarget": "Žádný dostupný cíl připojení",
    "rdpConnectionFailed": "Připojení se nezdařilo",
    "rdpFit": "Přizpůsobit",
    "rdpFull": "Celé",
    "rdpReal": "Skutečný",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Nahrát soubory",
    "rdpFilesReadyToPaste": "Soubory připravené ke vložení",
    "rdpFilesReadyToPasteDescription": "{count} soubor(y) zkopírován(y) do vzdálené schránky — stiskněte Ctrl+V na vzdálené ploše pro vložení.",
    "rdpUploadFailed": "Nahrání selhalo",
    "rdpUnicodeKeyboardMode": "Režim Unicode klávesnice",
    "sessionToolbarShow": "Zobrazit panel nástrojů",
    "sessionToolbarHide": "Skrýt panel nástrojů"
 }
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Private Ressourcen anzeigen",
    "siteInstallNewt": "Newt installieren",
    "siteInstallNewtDescription": "Installiere Newt auf deinem System.",
    "siteInstallKubernetesDocsDescription": "Für aktuelle Installationsinformationen zu Kubernetes, siehe <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Für Installationsanweisungen für Advantech-Modems siehe <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Konfiguration",
    "WgConfigurationDescription": "Verwenden Sie folgende Konfiguration, um sich mit dem Netzwerk zu verbinden",
    "operatingSystem": "Betriebssystem",
@@ -159,7 +157,7 @@
    "shareDeleted": "Link gelöscht",
    "shareDeletedDescription": "Der Link wurde gelöscht",
    "shareDelete": "Freigabelink löschen",
-    "shareDeleteConfirm": "Löschung des Freigabelinks bestätigen",
+    "shareDeleteConfirm": "Löschen des Freigabelinks bestätigen",
    "shareQuestionRemove": "Sind Sie sicher, dass Sie diesen Freigabelink löschen möchten?",
    "shareMessageRemove": "Nach dem Löschen funktioniert der Link nicht mehr, und jeder, der ihn nutzt, verliert den Zugriff auf die Ressource.",
    "shareTokenDescription": "Das Zugriffstoken kann auf zwei Arten übergeben werden: als Abfrageparameter oder in den Request-Headern. Diese müssen vom Client auf jeder Anfrage für authentifizierten Zugriff weitergegeben werden.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Jeder mit diesem Link kann auf die Ressource zugreifen",
    "shareTitleOptional": "Titel (optional)",
    "sharePathOptional": "Pfad (optional)",
    "sharePathDescription": "Der Link leitet Benutzer nach der Authentifizierung zu diesem Pfad weiter.",
    "expireIn": "Läuft ab in",
    "neverExpire": "Läuft nie ab",
    "shareExpireDescription": "Ablaufzeit ist, wie lange der Link verwendet werden kann und bietet Zugriff auf die Ressource. Nach dieser Zeit wird der Link nicht mehr funktionieren und Benutzer, die diesen Link benutzt haben, verlieren den Zugriff auf die Ressource.",
@@ -204,7 +201,7 @@
    "proxyResourceTitle": "Öffentliche Ressourcen verwalten",
    "proxyResourceDescription": "Erstelle und verwalte Ressourcen, die über einen Webbrowser öffentlich zugänglich sind",
    "publicResourcesBannerTitle": "Web-basierter öffentlicher Zugang",
-    "publicResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS-Proxys, die über einen Webbrowser für jeden im Internet zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextuelle Zugriffsrichtlinien enthalten.",
+    "publicResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS oder TCP/UDP-Proxys, die über einen Webbrowser für jeden zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextbezogene Zugriffsrichtlinien beinhalten.",
    "clientResourceTitle": "Private Ressourcen verwalten",
    "clientResourceDescription": "Erstelle und verwalte Ressourcen, die nur über einen verbundenen Client zugänglich sind",
    "privateResourcesBannerTitle": "Zero-Trust-Zugriff auf private Ressourcen",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Suche Ressourcen...",
    "resourceAdd": "Ressource hinzufügen",
    "resourceErrorDelte": "Fehler beim Löschen der Ressource",
-    "resourcePoliciesBannerTitle": "Authentifizierungs- und Zugriffsregeln wiederverwenden",
+    "resourcePoliciesTitle": "Ressourcenrichtlinien verwalten",
-    "resourcePoliciesBannerDescription": "Freigegebene Ressourcenrichtlinien ermöglichen es Ihnen, Authentifizierungsmethoden und Zugriffsregeln einmal zu definieren und sie dann an mehrere öffentliche Ressourcen zu binden. Wenn Sie eine Richtlinie aktualisieren, übernimmt jede verknüpfte Ressource die Änderung automatisch.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Angehängte Ressourcen",
    "resourcePoliciesBannerButtonText": "Mehr erfahren",
    "resourcePoliciesTitle": "Öffentliche Ressourcen Richtlinien verwalten",
    "resourcePoliciesAttachedResourcesColumnTitle": "Ressourcen",
    "resourcePoliciesAttachedResources": "{count} Ressource(n)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# Ressource} other {# Ressourcen}}",
    "resourcePoliciesAttachedResourcesEmpty": "keine Ressourcen",
-    "resourcePoliciesDescription": "Erstellen und verwalten Sie Authentifizierungsrichtlinien, um den Zugriff auf Ihre öffentlichen Ressourcen zu steuern",
+    "resourcePoliciesDescription": "Erstellen und verwalten Sie Authentifizierungsrichtlinien, um den Zugang zu Ihren Ressourcen zu steuern",
    "resourcePoliciesSearch": "Richtlinien suchen...",
    "resourcePoliciesAdd": "Richtlinie hinzufügen",
    "resourcePoliciesDefaultBadgeText": "Standardrichtlinie",
-    "resourcePoliciesCreate": "Öffentliche Ressourcen Richtlinie erstellen",
+    "resourcePoliciesCreate": "Ressourcenrichtlinie erstellen",
    "resourcePoliciesCreateDescription": "Befolgen Sie die unten stehenden Schritte, um eine neue Richtlinie zu erstellen",
    "resourcePolicyName": "Richtlinienname",
    "resourcePolicyNameDescription": "Geben Sie dieser Richtlinie einen Namen, um sie für Ihre Ressourcen zu identifizieren",
@@ -281,7 +274,7 @@
    "back": "Zurück",
    "cancel": "Abbrechen",
    "resourceConfig": "Konfiguration Snippets",
-    "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurationsschnipsel ein, um die TCP/UDP-Ressource einzurichten.",
+    "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurations-Snippets ein, um die TCP/UDP Ressource einzurichten",
    "resourceAddEntrypoints": "Traefik: Einstiegspunkte hinzufügen",
    "resourceExposePorts": "Gerbil: Ports im Docker Compose freigeben",
    "resourceLearnRaw": "Lernen Sie, wie Sie TCP/UDP Ressourcen konfigurieren",
@@ -294,8 +287,6 @@
    "labelDelete": "Etikett löschen",
    "labelAdd": "Etikett hinzufügen",
    "labelCreateSuccessMessage": "Etikett erfolgreich erstellt",
    "labelDuplicateError": "Doppeltes Label",
    "labelDuplicateErrorDescription": "Ein Label mit diesem Namen existiert bereits.",
    "labelEditSuccessMessage": "Etikett erfolgreich bearbeitet",
    "labelNameField": "Etikettenname",
    "labelColorField": "Etikettenfarbe",
@@ -320,7 +311,7 @@
    "rules": "Regeln",
    "resourceSettingDescription": "Einstellungen für die Ressource konfigurieren",
    "resourceSetting": "{resourceName} Einstellungen",
-    "resourcePolicySettingDescription": "Richten Sie die Einstellungen für diese öffentliche Ressourcenrichtlinie ein",
+    "resourcePolicySettingDescription": "Konfigurieren Sie die Einstellungen der Ressourcenrichtlinie",
    "resourcePolicySetting": "{policyName} Einstellungen",
    "alwaysAllow": "Authentifizierung umgehen",
    "alwaysDeny": "Zugriff blockieren",
@@ -728,7 +719,7 @@
    "targetSubmit": "Ziel hinzufügen",
    "targetNoOne": "Diese Ressource hat keine Ziele. Fügen Sie ein Ziel hinzu, um zu konfigurieren, wo Anfragen an das Backend gesendet werden sollen.",
    "targetNoOneDescription": "Das Hinzufügen von mehr als einem Ziel aktiviert den Lastausgleich.",
-    "targetsSubmit": "Einstellungen speichern",
+    "targetsSubmit": "Ziele speichern",
    "addTarget": "Ziel hinzufügen",
    "proxyMultiSiteRoundRobinNodeHelp": "Round-Robin-Routing funktioniert nicht zwischen Standorten, die nicht mit demselben Knoten verbunden sind, aber Failover funktioniert.",
    "targetErrorInvalidIp": "Ungültige IP-Adresse",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Doppelte Regel",
    "rulesErrorDuplicateDescription": "Eine Regel mit diesen Einstellungen existiert bereits",
    "rulesErrorInvalidIpAddressRange": "Ungültiger CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Geben Sie einen gültigen CIDR-Bereich ein (z.B., 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Bitte geben Sie einen gültigen CIDR-Wert ein",
-    "rulesErrorInvalidUrl": "Ungültiger Pfad",
+    "rulesErrorInvalidUrl": "Ungültiger URL-Pfad",
-    "rulesErrorInvalidUrlDescription": "Geben Sie einen gültigen URL-Pfad oder ein gültiges Muster ein (z.B., /api/*).",
+    "rulesErrorInvalidUrlDescription": "Bitte geben Sie einen gültigen URL-Pfad-Wert ein",
-    "rulesErrorInvalidIpAddress": "Ungültige IP-Adresse",
+    "rulesErrorInvalidIpAddress": "Ungültige IP",
-    "rulesErrorInvalidIpAddressDescription": "Geben Sie eine gültige IPv4 oder IPv6 Adresse ein.",
+    "rulesErrorInvalidIpAddressDescription": "Bitte geben Sie eine gültige IP-Adresse ein",
    "rulesErrorUpdate": "Fehler beim Aktualisieren der Regeln",
    "rulesErrorUpdateDescription": "Beim Aktualisieren der Regeln ist ein Fehler aufgetreten",
    "rulesUpdated": "Regeln aktivieren",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Geben Sie eine IP-Adresse ein (z.B. 103.21.244.12)",
    "rulesMatchUrl": "Geben Sie einen URL-Pfad oder -Muster ein (z.B. /api/v1/todos oder /api/v1/*)",
    "rulesErrorInvalidPriority": "Ungültige Priorität",
-    "rulesErrorInvalidPriorityDescription": "Geben Sie eine ganze Zahl von 1 oder höher ein.",
+    "rulesErrorInvalidPriorityDescription": "Bitte geben Sie eine gültige Priorität ein",
    "rulesErrorDuplicatePriority": "Doppelte Prioritäten",
-    "rulesErrorDuplicatePriorityDescription": "Jede Regel muss eine eindeutige Prioritätsnummer haben.",
+    "rulesErrorDuplicatePriorityDescription": "Bitte geben Sie eindeutige Prioritäten ein",
    "rulesErrorValidation": "Ungültige Regeln",
    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Wählen Sie einen gültigen Vergleichstyp (Pfad, IP, CIDR, Land, Region oder ASN).",
    "rulesErrorValueRequired": "Geben Sie einen Wert für diese Regel ein.",
    "rulesErrorInvalidCountry": "Ungültiges Land",
    "rulesErrorInvalidCountryDescription": "Wählen Sie ein gültiges Land aus.",
    "rulesErrorInvalidAsn": "Ungültiges ASN",
    "rulesErrorInvalidAsnDescription": "Geben Sie ein gültiges ASN ein (z.B., AS15169).",
    "ruleUpdated": "Regeln aktualisiert",
    "ruleUpdatedDescription": "Regeln erfolgreich aktualisiert",
    "ruleErrorUpdate": "Operation fehlgeschlagen",
    "ruleErrorUpdateDescription": "Während des Speichervorgangs ist ein Fehler aufgetreten",
    "rulesPriority": "Priorität",
    "rulesReorderDragHandle": "Ziehen, um die Regelpriorität neu zu ordnen",
    "rulesAction": "Aktion",
    "rulesMatchType": "Übereinstimmungstyp",
    "value": "Wert",
@@ -810,7 +792,7 @@
    "rulesResource": "Ressourcen-Regelkonfiguration",
    "rulesResourceDescription": "Regeln konfigurieren, um den Zugriff auf die Ressource zu steuern",
    "ruleSubmit": "Regel hinzufügen",
-    "rulesNoOne": "Noch keine Regeln vorhanden.",
+    "rulesNoOne": "Keine Regeln. Fügen Sie eine Regel über das Formular hinzu.",
    "rulesOrder": "Regeln werden nach aufsteigender Priorität ausgewertet.",
    "rulesSubmit": "Regeln speichern",
    "policyErrorCreate": "Fehler beim Erstellen der Richtlinie",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten",
    "policyCreatedSuccess": "Ressourcenrichtlinie erfolgreich erstellt",
    "policyUpdatedSuccess": "Ressourcenrichtlinie erfolgreich aktualisiert",
-    "authMethodsSave": "Einstellungen speichern",
+    "authMethodsSave": "Authentifizierungsmethoden speichern",
    "policyAuthStackTitle": "Authentifizierung",
    "policyAuthStackDescription": "Kontrollieren Sie, welche Authentifizierungsmethoden erforderlich sind, um auf diese Ressource zuzugreifen",
    "policyAuthOrLogicTitle": "Mehrere Authentifizierungsmethoden aktiv",
    "policyAuthOrLogicBanner": "Besucher können sich mit einer der unten aktiven Methoden authentifizieren. Sie müssen nicht alle abschließen.",
    "policyAuthMethodActive": "Aktiv",
    "policyAuthMethodOff": "Aus",
    "policyAuthSsoTitle": "Plattform SSO",
    "policyAuthSsoDescription": "Anmeldung über den Identitätsanbieter Ihrer Organisation erforderlich",
    "policyAuthSsoSummary": "{idp} · {users} Benutzer, {roles} Rollen",
    "policyAuthSsoDefaultIdp": "Standardanbieter",
    "policyAuthAddDefaultIdentityProvider": "Standardidentitätsanbieter hinzufügen",
    "policyAuthOtherMethodsTitle": "Andere Methoden",
    "policyAuthOtherMethodsDescription": "Optionale Methoden, die Besucher anstelle von oder zusammen mit Plattform-SSO verwenden können",
    "policyAuthPasscodeTitle": "Passwort",
    "policyAuthPasscodeDescription": "Erfordere einen geteilten alphanumerischen Passcode für den Zugriff auf die Ressource",
    "policyAuthPasscodeSummary": "Passcode festgelegt",
    "policyAuthPincodeTitle": "PIN-Code",
    "policyAuthPincodeDescription": "Ein kurzer numerischer Code, der erforderlich ist, um auf die Ressource zuzugreifen",
    "policyAuthPincodeSummary": "6-stelliger PIN festgelegt",
    "policyAuthEmailTitle": "E-Mail-Whitelist",
    "policyAuthEmailDescription": "Erlaubte E-Mail-Adressen mit Einmalpasswörtern",
    "policyAuthEmailSummary": "{count} Adressen erlaubt",
    "policyAuthEmailOtpCallout": "Durch Aktivieren der E-Mail-Whitelist wird beim Einloggen ein Einmalpasswort an die E-Mail des Besuchers gesendet.",
    "policyAuthHeaderAuthTitle": "Grundlegende Header-Authentifizierung",
    "policyAuthHeaderAuthDescription": "Überprüfen Sie einen benutzerdefinierten HTTP-Headernamen und -wert bei jeder Anfrage",
    "policyAuthHeaderAuthSummary": "Header konfiguriert",
    "policyAuthHeaderName": "Header-Name",
    "policyAuthHeaderValue": "Erwarteter Wert",
    "policyAuthSetPasscode": "Passcode setzen",
    "policyAuthSetPincode": "PIN-Code festlegen",
    "policyAuthSetEmailWhitelist": "E-Mail-Whitelist festlegen",
    "policyAuthSetHeaderAuth": "Grundlegende Header-Authentifizierung festlegen",
    "policyAccessRulesTitle": "Zugriffsregeln",
    "policyAccessRulesEnableDescription": "Bei Aktivierung werden die Regeln in absteigender Reihenfolge ausgewertet, bis eine als wahr ausgewertet wird.",
    "policyAccessRulesFirstMatch": "Regeln werden von oben nach unten ausgewertet. Die erste übereinstimmende Regel bestimmt das Ergebnis.",
    "policyAccessRulesHowItWorks": "Regeln vergleichen Anfragen nach Pfad, IP-Adresse, Standort oder anderen Kriterien. Jede Regel wendet eine Aktion an: Authentifizierung umgehen, Zugriff blockieren oder zur Authentifizierung weiterleiten. Wenn keine Regel zutrifft, wird der Verkehr zur Authentifizierung weitergeleitet.",
    "policyAccessRulesFallthroughOff": "Wenn Regeln deaktiviert sind, wird der gesamte Verkehr zur Authentifizierung weitergeleitet.",
    "policyAccessRulesFallthroughOn": "Wenn keine Regel übereinstimmt, wird der Verkehr zur Authentifizierung weitergeleitet.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Regeln speichern",
    "resourceErrorCreate": "Fehler beim Erstellen der Ressource",
    "resourceErrorCreateDescription": "Beim Erstellen der Ressource ist ein Fehler aufgetreten",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Beim Aktualisieren der Ressource ist ein Fehler aufgetreten",
    "access": "Zugriff",
    "accessControl": "Zugriffskontrolle",
-    "shareLink": "{resource} Freigabelink",
+    "shareLink": "{resource} Freigabe-Link",
    "resourceSelect": "Ressource auswählen",
-    "shareLinks": "Teilbare Links",
+    "shareLinks": "Freigabe-Links",
    "share": "Teilbare Links",
    "shareDescription2": "Erstellen Sie teilbare Links zu Ressourcen. Links bieten temporären oder unbegrenzten Zugriff auf Ihre Ressource. Sie können die Verfallsdauer des Links beim Erstellen eines Links festlegen.",
    "shareEasyCreate": "Einfach zu erstellen und zu teilen",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Administratoren haben immer Zugriff auf diese Ressource.",
    "resourcePolicySelectTitle": "Zugriffsrichtlinie für Ressourcen",
    "resourcePolicySelectDescription": "Wählen Sie den Ressourcentransfertyp für die Authentifizierung",
    "resourcePolicyTypeLabel": "Richtlinientyp",
    "resourcePolicyLabel": "Ressourcenrichtlinie",
    "resourcePolicyInline": "Inline-Ressourcenrichtlinie",
    "resourcePolicyInlineDescription": "Zugriffsrichtlinie nur für diese Ressource",
    "resourcePolicyShared": "Geteilte Ressourcenrichtlinie",
-    "resourcePolicySharedDescription": "Diese Ressource verwendet eine gemeinsame Richtlinie.",
+    "resourcePolicySharedDescription": "Diese Ressource verwendet eine geteilte Richtlinie. Richtlinienebene Einstellungen (Authentifizierungsmethoden, E-Mail-Whitelist) sind gesperrt. Sie können ressourcenspezifische Regeln, Rollen und Benutzer hinzufügen.",
    "sharedPolicy": "Gemeinsame Richtlinie",
    "sharedPolicyNoneDescription": "Diese Ressource hat ihre eigene Richtlinie.",
    "resourceSharedPolicyOwnDescription": "Diese Ressource hat eigene Authentifizierungs- und Zugriffsregel-Kontrollen.",
    "resourceSharedPolicyInheritedDescription": "Diese Ressource erbt von <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Diese Ressource verwendet eine geteilte Richtlinie. Einige Authentifizierungseinstellungen können in dieser Ressource bearbeitet werden, um zur Richtlinie beizutragen. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie zu <policyLink>{policyName}</policyLink> wechseln.",
    "resourceSharedPolicyRulesNotice": "Diese Ressource verwendet eine gemeinsame Richtlinie. Einige Zugriffsregeln können in dieser Ressource bearbeitet werden. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie <policyLink>{policyName}</policyLink> bearbeiten.",
    "resourceUsersRoles": "Zugriffskontrolle",
    "resourceUsersRolesDescription": "Konfigurieren Sie, welche Benutzer und Rollen diese Ressource besuchen können",
    "resourceUsersRolesSubmit": "Zugriffskontrollen speichern",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Sichtbarkeit",
    "resourceVisibilityTitleDescription": "Ressourcensichtbarkeit vollständig aktivieren oder deaktivieren",
    "resourceGeneral": "Allgemeine Einstellungen",
-    "resourceGeneralDescription": "Konfigurieren Sie Name, Adresse und Zugriffsrichtlinie für diese Ressource.",
+    "resourceGeneralDescription": "Konfigurieren Sie die allgemeinen Einstellungen für diese Ressource",
    "resourceGeneralDetailsSubsection": "Ressourcendetails",
    "resourceGeneralDetailsSubsectionDescription": "Legen Sie den Anzeigenamen, die Kennung und die öffentlich zugängliche Domain für diese Ressource fest.",
    "resourceGeneralDetailsSubsectionPortDescription": "Legen Sie den Anzeigenamen, die Kennung und den öffentlichen Port für diese Ressource fest.",
    "resourceGeneralPublicAddressSubsection": "Öffentliche Adresse",
    "resourceGeneralPublicAddressSubsectionDescription": "Bestimmen Sie, wie Benutzer diese Ressource erreichen.",
    "resourceGeneralAuthenticationAccessSubsection": "Authentifizierung und Zugriff",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Wählen Sie, ob diese Ressource ihre eigene Richtlinie verwendet oder von einer gemeinsamen Richtlinie erbt.",
    "resourceEnable": "Ressource aktivieren",
    "resourceTransfer": "Ressource übertragen",
    "resourceTransferDescription": "Diese Ressource auf einen anderen Standort übertragen",
@@ -1294,14 +1220,11 @@
    "addLabels": "Etiketten hinzufügen",
    "siteLabelsTab": "Etiketten",
    "siteLabelsDescription": "Verwalten Sie die mit diesem Standort verbundenen Etiketten.",
-    "labelsNotFound": "Keine Kennzeichnungen gefunden.",
+    "labelsNotFound": "Etiketten nicht gefunden",
    "labelsEmptyCreateHint": "Beginnen Sie oben zu tippen, um ein Label zu erstellen.",
    "labelSearch": "Etiketten suchen",
    "labelSearchOrCreate": "Suchen oder erstellen Sie ein Label",
    "accessLabelFilterCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
    "labelOverflowCount": "+{count, plural, one {# Etikett} other {# Etiketten}}",
    "accessLabelFilterClear": "Etikettenfilter löschen",
    "accessFilterClear": "Filter löschen",
    "selectColor": "Farbe auswählen",
    "createNewLabel": "Neues Org-Etikett \"{label}\" erstellen",
    "inviteInvalidDescription": "Der Einladungslink ist ungültig.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Ressourcen",
    "sidebarProxyResources": "Öffentlich",
    "sidebarClientResources": "Privat",
-    "sidebarPolicies": "Gemeinsame Richtlinien",
+    "sidebarPolicies": "Richtlinien",
-    "sidebarResourcePolicies": "Öffentliche Ressourcen",
+    "sidebarResourcePolicies": "Ressourcen",
    "sidebarAccessControl": "Zugriffskontrolle",
    "sidebarLogsAndAnalytics": "Protokolle & Analysen",
    "sidebarTeam": "Team",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Einladungen",
    "sidebarRoles": "Rollen",
-    "sidebarShareableLinks": "Teilbare Links",
+    "sidebarShareableLinks": "Links",
    "sidebarApiKeys": "API-Schlüssel",
    "sidebarProvisioning": "Bereitstellung",
    "sidebarSettings": "Einstellungen",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressource {id}",
    "blueprints": "Blaupausen",
    "blueprintsLog": "Blaupausen-Protokoll",
-    "blueprintsDescription": "Betrachten Sie vergangene Blueprint-Anwendungen und deren Ergebnisse oder wenden Sie einen neuen Blueprint an",
+    "blueprintsDescription": "Frühere Blaupausen-Anwendungen und deren Ergebnisse ansehen",
    "blueprintAdd": "Blueprint hinzufügen",
    "blueprintGoBack": "Alle Blueprints ansehen",
    "blueprintCreate": "Blueprint erstellen",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Docker Blueprint aktivieren",
    "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blueprint-Etiketten. Der Socket-Pfad muss dem Site-Connector angegeben werden. Lesen Sie, wie dies in <docsLink>der Dokumentation</docsLink> funktioniert.",
    "newtAutoUpdate": "Standort-Auto-Update aktivieren",
-    "newtAutoUpdateDescription": "Wenn aktiviert, werden die Seiten-Connectoren automatisch die neueste Version herunterladen und sich selbst neu starten. Dies kann für jede Seite überschrieben werden.",
+    "newtAutoUpdateDescription": "Wenn aktiviert, aktualisieren sich die Standort-Connectoren automatisch auf die neueste Version, sobald eine neue Version verfügbar ist.",
    "siteAutoUpdate": "Standort-Auto-Update",
    "siteAutoUpdateLabel": "Autoupdate aktivieren",
-    "siteAutoUpdateDescription": "Wenn aktiviert, wird der Seiten-Connector automatisch die neueste Version herunterladen und sich selbst neu starten.",
+    "siteAutoUpdateDescription": "Steuern Sie, ob der Connector dieses Standorts automatisch die neueste Version herunterlädt.",
    "siteAutoUpdateOrgDefault": "Standard der Organisation: {state}",
    "siteAutoUpdateOverriding": "Organisations-Einstellung überschreiben",
    "siteAutoUpdateResetToOrg": "Auf Standard der Organisation zurücksetzen",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Kontoeinrichtung abgeschlossen! Willkommen bei Pangolin!",
    "documentation": "Dokumentation",
    "saveAllSettings": "Alle Einstellungen speichern",
-    "saveResourceTargets": "Einstellungen speichern",
+    "saveResourceTargets": "Ziele speichern",
-    "saveResourceHttp": "Einstellungen speichern",
+    "saveResourceHttp": "Proxy-Einstellungen speichern",
-    "saveProxyProtocol": "Einstellungen speichern",
+    "saveProxyProtocol": "Proxy-Protokolleinstellungen speichern",
    "settingsUpdated": "Einstellungen aktualisiert",
    "settingsUpdatedDescription": "Einstellungen erfolgreich aktualisiert",
    "settingsErrorUpdate": "Einstellungen konnten nicht aktualisiert werden",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Unbekannt",
    "healthCheck": "Gesundheits-Check",
    "configureHealthCheck": "Gesundheits-Check konfigurieren",
-    "configureHealthCheckDescription": "Richten Sie die Überwachung für Ihre Resource ein, um sicherzustellen, dass sie immer verfügbar ist",
+    "configureHealthCheckDescription": "Richten Sie die Gesundheitsüberwachung für {target} ein",
    "enableHealthChecks": "Gesundheits-Checks aktivieren",
    "healthCheckDisabledStateDescription": "Wenn deaktiviert, führt der Standort keine Gesundheitsprüfungen durch und der Zustand wird als unbekannt betrachtet.",
    "enableHealthChecksDescription": "Überwachen Sie die Gesundheit dieses Ziels. Bei Bedarf können Sie einen anderen Endpunkt als das Ziel überwachen.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Methode auswählen",
-    "healthCheckPortInvalid": "Der Port muss zwischen 1 und 65535 liegen",
+    "healthCheckPortInvalid": "Der Gesundheitskontroll-Port muss zwischen 1 und 65535 liegen",
    "healthCheckPath": "Pfad",
    "healthHostname": "IP / Host",
    "healthPort": "Port",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Gerätegenehmigungen erforderlich",
    "requireDeviceApprovalDescription": "Benutzer mit dieser Rolle benötigen neue Geräte, die von einem Administrator genehmigt wurden, bevor sie sich verbinden und auf Ressourcen zugreifen können.",
    "sshSettings": "SSH-Einstellungen",
    "sshAccess": "SSH Zugriff",
    "rdpSettings": "RDP-Einstellungen",
    "vncSettings": "VNC-Einstellungen",
    "sshServer": "SSH-Server",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Stellen Sie sicher, dass Ihr Zielhost korrekt konfiguriert ist, um den Auth-Daemon auszuführen, bevor Sie dieses Setup abschließen, andernfalls wird die Bereitstellung fehlschlagen.",
    "sshDaemonPort": "Daemon-Port",
    "sshServerDestination": "Serverziel",
-    "sshServerDestinationDescription": "Ziel des SSH-Servers konfigurieren",
+    "sshServerDestinationDescription": "Konfigurieren Sie das Ziel und den Port des SSH-Servers",
    "destination": "Ziel",
    "destinationRequired": "Ziel ist erforderlich.",
    "domainRequired": "Domain ist erforderlich.",
    "proxyPortRequired": "Port ist erforderlich.",
    "invalidPathConfiguration": "Ungültige Pfadkonfiguration.",
    "invalidRewritePathConfiguration": "Ungültige Neupfad-Konfiguration.",
    "bgTargetMultiSiteDisclaimer": "Die Auswahl mehrerer Standorte ermöglicht eine widerstandsfähige Weiterleitung und einen Failover für hohe Verfügbarkeit.",
    "roleAllowSsh": "SSH erlauben",
    "roleAllowSshAllow": "Erlauben",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
    "sshSudo": "sudo erlauben",
    "sshSudoCommands": "Sudo-Befehle",
-    "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf, durch Kommas, Leerzeichen oder neue Zeilen getrennt. Absolute Pfade müssen verwendet werden.",
+    "sshSudoCommandsDescription": "Komma-getrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf. Es müssen absolute Pfade verwendet werden.",
    "sshCreateHomeDir": "Home-Verzeichnis erstellen",
    "sshUnixGroups": "Unix-Gruppen",
-    "sshUnixGroupsDescription": "Unix-Gruppen, in die der Benutzer auf dem Ziel-Host aufgenommen werden soll, getrennt durch Kommas, Leerzeichen oder neue Zeilen.",
+    "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
    "roleTextFieldPlaceholder": "Werte eingeben oder eine .txt- oder .csv-Datei ablegen",
    "roleTextImportTitle": "Von Datei importieren",
    "roleTextImportDescription": "Importiere {fileName} in {fieldLabel}.",
    "roleTextImportSkipHeader": "Erste Zeile überspringen (Header)",
    "roleTextImportOverride": "Vorhandenes ersetzen",
    "roleTextImportAppend": "An vorhandenes anfügen",
    "roleTextImportMode": "Importmodus",
    "roleTextImportPreview": "Vorschau",
    "roleTextImportItemCount": "{count, plural, =0 {Keine Elemente zu importieren} one {1 Element zu importieren} other {# Elemente zu importieren}}",
    "roleTextImportTotalCount": "{existing} vorhanden + {imported} importiert = {total} gesamt",
    "roleTextImportConfirm": "Importieren",
    "roleTextImportInvalidFile": "Nicht unterstützter Dateityp",
    "roleTextImportInvalidFileDescription": "Nur .txt- und .csv-Dateien werden unterstützt.",
    "roleTextImportEmpty": "Keine Elemente in der Datei gefunden",
    "roleTextImportEmptyDescription": "Die Datei enthält keine importierbaren Elemente.",
    "retryAttempts": "Wiederholungsversuche",
    "expectedResponseCodes": "Erwartete Antwortcodes",
    "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Proxy-Protokoll aktivieren",
    "proxyProtocolInfo": "Client-IP-Adressen für TCP-Backends beibehalten",
    "proxyProtocolVersion": "Proxy-Protokollversion",
-    "version1": "Version 1 (Empfohlen)",
+    "version1": " Version 1 (empfohlen)",
    "version2": "Version 2",
-    "version1Description": "Textbasiert und weit verbreitet. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
+    "versionDescription": "Die Version 1 ist textbasiert und unterstützt die Version 2, ist binär und effizienter, aber weniger kompatibel.",
    "version2Description": "Binär und effizienter, aber weniger kompatibel. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
    "warning": "Warnung",
    "proxyProtocolWarning": "Die Backend-Anwendung muss so konfiguriert sein, dass Proxy-Protokoll-Verbindungen akzeptiert werden. Wenn Ihr Backend das Proxy-Protokoll nicht unterstützt, wird das Aktivieren aller Verbindungen unterbrochen, so dass Sie dies nur aktivieren, wenn Sie wissen, was Sie tun. Stellen Sie sicher, dass Sie Ihr Backend so konfigurieren, dass es Proxy-Protokoll-Header von Traefik vertraut.",
    "restarting": "Neustarten...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Bestätigung eingeben",
    "blueprintViewDetails": "Details",
    "defaultIdentityProvider": "Standard Identitätsanbieter",
-    "defaultIdentityProviderDescription": "Der Benutzer wird automatisch zu diesem Identitätsanbieter für die Authentifizierung weitergeleitet.",
+    "defaultIdentityProviderDescription": "Wenn ein Standard-Identity Provider ausgewählt ist, wird der Benutzer zur Authentifizierung automatisch an den Anbieter weitergeleitet.",
    "editInternalResourceDialogNetworkSettings": "Netzwerkeinstellungen",
    "editInternalResourceDialogAccessPolicy": "Zugriffsrichtlinie",
    "editInternalResourceDialogAddRoles": "Rollen hinzufügen",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Art des Wartungsmodus",
    "showMaintenancePage": "Eine Wartungsseite für Besucher anzeigen",
    "enableMaintenanceMode": "Wartungsmodus aktivieren",
    "enableMaintenanceModeDescription": "Bei Aktivierung sehen Besucher eine Wartungsseite anstelle Ihrer Ressource.",
    "automatic": "Automatisch",
    "automaticModeDescription": " Wartungsseite nur anzeigen, wenn alle Backend-Ziele deaktiviert oder ungesund sind. Deine Ressource funktioniert normal, solange mindestens ein Ziel gesund ist.",
    "forced": "Erzwungen",
@@ -3182,8 +3082,6 @@
    "warning:": "Warnung:",
    "forcedeModeWarning": "Der gesamte Datenverkehr wird zur Wartungsseite weitergeleitet. Ihre Backend-Ressourcen werden keine Anfragen erhalten.",
    "pageTitle": "Seitentitel",
    "maintenancePageContentSubsection": "Seiteninhalt",
    "maintenancePageContentSubsectionDescription": "Passen Sie den auf der Wartungsseite angezeigten Inhalt an",
    "pageTitleDescription": "Die Hauptüberschrift auf der Wartungsseite",
    "maintenancePageMessage": "Wartungsmeldung",
    "maintenancePageMessagePlaceholder": "Wir sind bald wieder da! Unsere Seite wird derzeit planmäßig gewartet.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Sind Sie sicher, dass Sie die Verknüpfung dieses Identitätsanbieters mit dieser Organisation aufheben möchten?",
    "idpUnassociateDescription": "Alle Benutzer, die mit diesem Identitätsanbieter verbunden sind, werden aus dieser Organisation entfernt, aber der Identitätsanbieter bleibt für andere verbundene Organisationen weiterhin bestehen.",
    "idpUnassociateConfirm": "Verknüpfung des Identitätsanbieters aufheben bestätigen",
    "idpConfirmDeleteAndRemoveMeFromOrg": "LÖSCHE UND ENTFERNE MICH AUS DER ORG",
    "idpUnassociateAndRemoveMeFromOrg": "VERBINDUNG LÖSEN UND ENTFERNE MICH AUS DER ORG",
    "idpUnassociateWarning": "Dies kann für diese Organisation nicht rückgängig gemacht werden.",
    "idpUnassociatedDescription": "Identitätsanbieter erfolgreich von dieser Organisation gelöst",
    "idpUnassociateMenu": "Verknüpfung aufheben",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Verbindung wird hergestellt…",
    "sshInitializing": "Initialisieren…",
    "sshSignInTitle": "Anmelden bei SSH",
-    "sshSignInDescription": "Geben Sie Ihre SSH-Anmeldedaten ein, um sich zu verbinden",
+    "sshSignInDescription": "Geben Sie Ihre SSH-Anmeldedaten ein",
    "sshPasswordTab": "Passwort",
    "sshPrivateKeyTab": "Privater Schlüssel",
    "sshPrivateKeyField": "Privater Schlüssel",
    "sshPrivateKeyDisclaimer": "Ihr privater Schlüssel wird von Pangolin nicht gespeichert oder angezeigt. Alternativ können Sie kurzlebige Zertifikate für nahtlose Authentifizierung mit Ihrer bestehenden Pangolin-Identität verwenden.",
    "sshLearnMore": "Mehr erfahren",
    "sshPrivateKeyFile": "Private Schlüsseldatei",
-    "sshAuthenticate": "Verbinden",
+    "sshAuthenticate": "Authentifizieren",
    "sshTerminate": "Beenden",
    "sshPoweredBy": "Bereitgestellt von",
    "sshErrorNoTarget": "Kein Ziel angegeben",
    "sshErrorWebSocket": "WebSocket-Verbindung fehlgeschlagen",
    "sshErrorAuthFailed": "Authentifizierung fehlgeschlagen",
-    "sshErrorConnectionClosed": "Verbindung geschlossen, bevor die Authentifizierung abgeschlossen wurde",
+    "sshErrorConnectionClosed": "Verbindung geschlossen, bevor die Authentifizierung abgeschlossen wurde"
    "sitePangolinSshDescription": "Erlaube SSH-Zugriff auf Ressourcen an diesem Standort. Dies kann später geändert werden.",
    "browserGatewayNoResourceForDomain": "Keine Ressource für diese Domain gefunden",
    "browserGatewayNoTarget": "Kein Ziel",
    "browserGatewayConnect": "Verbinden",
    "browserGatewayCtrlAltDel": "Strg+Alt+Entf",
    "sshErrorSignKeyFailed": "Fehler beim Signieren des SSH-Schlüssels für die PAM-Push-Authentifizierung. Haben Sie sich als Benutzer angemeldet?",
    "sshTerminalError": "Fehler: {error}",
    "sshConnectionClosedCode": "Verbindung geschlossen (Code {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "Privater Schlüssel ist erforderlich",
    "vncTitle": "VNC",
    "vncSignInDescription": "Geben Sie Ihr VNC-Passwort ein, um sich zu verbinden",
    "vncPasswordOptional": "Passwort (optional)",
    "vncNoResourceTarget": "Kein Ressourcen-Ziel verfügbar",
    "vncFailedToLoadNovnc": "Fehler beim Laden von noVNC",
    "vncAuthFailedStatus": "Status {status}",
    "vncPasteClipboard": "Zwischenablage einfügen",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Anmeldung bei Remote Desktop",
    "rdpSignInDescription": "Geben Sie die Windows-Anmeldedaten ein, um sich zu verbinden",
    "rdpLoadingModule": "Modul wird geladen...",
    "rdpFailedToLoadModule": "Fehler beim Laden des RDP-Moduls",
    "rdpNotReady": "Nicht bereit",
    "rdpModuleInitializing": "RDP-Modul wird noch initialisiert",
    "rdpDownloadingFiles": "Herunterladen von {count} Datei(en) von Remote…",
    "rdpDownloadFailed": "Download fehlgeschlagen: {fileName}",
    "rdpUploaded": "Hochgeladen: {fileName}",
    "rdpNoConnectionTarget": "Kein Verbindungsziel verfügbar",
    "rdpConnectionFailed": "Verbindung fehlgeschlagen",
    "rdpFit": "Anpassen",
    "rdpFull": "Vollständig",
    "rdpReal": "Real",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Dateien hochladen",
    "rdpFilesReadyToPaste": "Dateien bereit zum Einfügen",
    "rdpFilesReadyToPasteDescription": "{count} Datei(en) in die Remote-Zwischenablage kopiert — drücken Sie Strg+V auf dem Remote-Desktop, um einzufügen.",
    "rdpUploadFailed": "Upload fehlgeschlagen",
    "rdpUnicodeKeyboardMode": "Unicode-Tastaturmodus",
    "sessionToolbarShow": "Werkzeugleiste zeigen",
    "sessionToolbarHide": "Werkzeugleiste ausblenden"
 }
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -984,7 +984,7 @@
    "sharedPolicy": "Shared Policy",
    "sharedPolicyNoneDescription": "This resource has its own policy.",
    "resourceSharedPolicyOwnDescription": "This resource has its own authentication and access rules controls.",
-    "resourceSharedPolicyInheritedDescription": "This resource inherits from <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyInheritedDescription": "This resource inherits authentication and access rules controls from <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "This resource is using a shared policy. Some authentication settings can be edited on this resource to add to the policy. To change the underlying policy, you must edit to <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "This resource is using a shared policy. Some access rules can be edited on this resource. To change the underlying policy, you must edit <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Access Controls",
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Ver Recursos Privados",
    "siteInstallNewt": "Instalar Newt",
    "siteInstallNewtDescription": "Recibe Newt corriendo en tu sistema",
    "siteInstallKubernetesDocsDescription": "Para información de instalación de Kubernetes más reciente, consulta <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Para instrucciones de instalación del módem Advantech, consulta <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuración de Wirex Guard",
    "WgConfigurationDescription": "Utilice la siguiente configuración para conectarse a la red",
    "operatingSystem": "Sistema operativo",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Sólo podrás verlo una vez. Asegúrate de copiarlo a un lugar seguro.",
    "siteInfo": "Información del sitio",
    "status": "Estado",
-    "shareTitle": "Gestionar Enlaces Compartibles",
+    "shareTitle": "Administrar Enlaces de Compartir",
    "shareDescription": "Crear enlaces compartidos para conceder acceso temporal o permanente a recursos proxy",
-    "shareSearch": "Buscar enlaces compartibles...",
+    "shareSearch": "Buscar enlaces compartidos...",
-    "shareCreate": "Crear Enlace Compartible",
+    "shareCreate": "Crear enlace Compartir",
    "shareErrorDelete": "Error al eliminar el enlace",
    "shareErrorDeleteMessage": "Se ha producido un error al eliminar el enlace",
    "shareDeleted": "Enlace eliminado",
    "shareDeletedDescription": "El enlace ha sido eliminado",
-    "shareDelete": "Eliminar Enlace Compartible",
+    "shareDelete": "Borrar Enlace Compartido",
-    "shareDeleteConfirm": "Confirmar Eliminación de Enlace Compartible",
+    "shareDeleteConfirm": "Confirmar Borrado del Enlace Compartido",
    "shareQuestionRemove": "¿Está seguro de que desea borrar este enlace compartido?",
    "shareMessageRemove": "Una vez borrado, el enlace dejará de funcionar y cualquier persona que lo use perderá acceso al recurso.",
    "shareTokenDescription": "El token de acceso puede ser pasado de dos maneras: como parámetro de consulta o en las cabeceras de solicitud. Estos deben ser pasados del cliente en cada solicitud de acceso autenticado.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Cualquiera con este enlace puede acceder al recurso",
    "shareTitleOptional": "Título (opcional)",
    "sharePathOptional": "Ruta (opcional)",
    "sharePathDescription": "El enlace redirigirá a los usuarios a esta ruta tras la autenticación.",
    "expireIn": "Caduca en",
    "neverExpire": "Nunca expirar",
    "shareExpireDescription": "El tiempo de caducidad es cuánto tiempo el enlace será utilizable y proporcionará acceso al recurso. Después de este tiempo, el enlace ya no funcionará, y los usuarios que usaron este enlace perderán el acceso al recurso.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Por favor, seleccione un recurso",
    "proxyResourceTitle": "Administrar recursos públicos",
    "proxyResourceDescription": "Crear y administrar recursos que sean accesibles públicamente a través de un navegador web",
-    "publicResourcesBannerTitle": "Acceso Público basado en Web",
+    "publicResourcesBannerTitle": "Acceso público basado en web",
-    "publicResourcesBannerDescription": "Los recursos públicos son proxies HTTPS accesibles para cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluyen políticas de acceso basadas en identidad y contexto.",
+    "publicResourcesBannerDescription": "Los recursos públicos son proxies HTTPS o TCP/UDP accesibles a cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluye políticas de acceso basadas en identidad y contexto.",
    "clientResourceTitle": "Administrar recursos privados",
    "clientResourceDescription": "Crear y administrar recursos que sólo son accesibles a través de un cliente conectado",
    "privateResourcesBannerTitle": "Acceso privado de confianza cero",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Buscar recursos...",
    "resourceAdd": "Añadir Recurso",
    "resourceErrorDelte": "Error al eliminar el recurso",
-    "resourcePoliciesBannerTitle": "Reutilizar Reglas de Autenticación y Acceso",
+    "resourcePoliciesTitle": "Administrar Políticas de Recursos",
-    "resourcePoliciesBannerDescription": "Las políticas de recursos compartidos te permiten definir métodos de autenticación y reglas de acceso una vez, y luego adjuntarlas a múltiples recursos públicos. Al actualizar una política, cada recurso vinculado hereda automáticamente el cambio.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos Adjuntos",
    "resourcePoliciesBannerButtonText": "Saber más",
    "resourcePoliciesTitle": "Gestionar Políticas de Recursos Públicos",
    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
    "resourcePoliciesAttachedResources": "{count} recurso/s",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
    "resourcePoliciesAttachedResourcesEmpty": "sin recursos",
-    "resourcePoliciesDescription": "Crear y gestionar políticas de autenticación para controlar el acceso a tus recursos públicos",
+    "resourcePoliciesDescription": "Cree y administre políticas de autenticación para controlar el acceso a sus recursos",
    "resourcePoliciesSearch": "Buscar políticas...",
    "resourcePoliciesAdd": "Agregar Política",
    "resourcePoliciesDefaultBadgeText": "Política predeterminada",
-    "resourcePoliciesCreate": "Crear Política de Recursos Públicos",
+    "resourcePoliciesCreate": "Crear Política de Recursos",
    "resourcePoliciesCreateDescription": "Siga los pasos a continuación para crear una nueva política",
    "resourcePolicyName": "Nombre de la política",
    "resourcePolicyNameDescription": "Déle a esta política un nombre para identificarla en sus recursos",
@@ -281,7 +274,7 @@
    "back": "Atrás",
    "cancel": "Cancelar",
    "resourceConfig": "Fragmentos de configuración",
-    "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP.",
+    "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP",
    "resourceAddEntrypoints": "Traefik: Añadir puntos de entrada",
    "resourceExposePorts": "Gerbil: Exponer puertos en Docker Compose",
    "resourceLearnRaw": "Aprende cómo configurar los recursos TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Eliminar etiqueta",
    "labelAdd": "Agregar etiqueta",
    "labelCreateSuccessMessage": "Etiqueta creada correctamente",
    "labelDuplicateError": "Etiqueta Duplicada",
    "labelDuplicateErrorDescription": "Una etiqueta con este nombre ya existe.",
    "labelEditSuccessMessage": "Etiqueta modificada correctamente",
    "labelNameField": "Nombre de la etiqueta",
    "labelColorField": "Color de la etiqueta",
@@ -320,7 +311,7 @@
    "rules": "Reglas",
    "resourceSettingDescription": "Configurar la configuración del recurso",
    "resourceSetting": "Ajustes {resourceName}",
-    "resourcePolicySettingDescription": "Configura los ajustes de esta política de recursos públicos",
+    "resourcePolicySettingDescription": "Configure la configuración en la política de recursos",
    "resourcePolicySetting": "Configuración {policyName}",
    "alwaysAllow": "Autorización Bypass",
    "alwaysDeny": "Bloquear acceso",
@@ -728,7 +719,7 @@
    "targetSubmit": "Añadir destino",
    "targetNoOne": "Este recurso no tiene ningún objetivo. Agrega un objetivo para configurar dónde enviar peticiones al backend.",
    "targetNoOneDescription": "Si se añade más de un objetivo anterior se activará el balance de carga.",
-    "targetsSubmit": "Guardar ajustes",
+    "targetsSubmit": "Guardar objetivos",
    "addTarget": "Añadir destino",
    "proxyMultiSiteRoundRobinNodeHelp": "El enrutamiento de turnos no funcionará entre sitios que no están conectados al mismo nodo, pero el failover funcionará.",
    "targetErrorInvalidIp": "Dirección IP inválida",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Duplicar regla",
    "rulesErrorDuplicateDescription": "Ya existe una regla con estos ajustes",
    "rulesErrorInvalidIpAddressRange": "CIDR inválido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Introduce un rango CIDR válido (por ejemplo, 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Por favor, introduzca un valor CIDR válido",
-    "rulesErrorInvalidUrl": "Ruta no válida",
+    "rulesErrorInvalidUrl": "Ruta URL inválida",
-    "rulesErrorInvalidUrlDescription": "Introduce una ruta URL o patrón válido (por ejemplo, /api/*).",
+    "rulesErrorInvalidUrlDescription": "Por favor, introduzca un valor de ruta de URL válido",
-    "rulesErrorInvalidIpAddress": "Dirección IP no válida",
+    "rulesErrorInvalidIpAddress": "IP inválida",
-    "rulesErrorInvalidIpAddressDescription": "Introduce una dirección IPv4 o IPv6 válida.",
+    "rulesErrorInvalidIpAddressDescription": "Por favor, introduzca una dirección IP válida",
    "rulesErrorUpdate": "Error al actualizar las reglas",
    "rulesErrorUpdateDescription": "Se ha producido un error al actualizar las reglas",
    "rulesUpdated": "Activar Reglas",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "Introduzca una dirección en formato CIDR (por ejemplo, 103.21.244.0/22)",
    "rulesMatchIpAddress": "Introduzca una dirección IP (por ejemplo, 103.21.244.12)",
    "rulesMatchUrl": "Introduzca una ruta URL o patrón (por ej., /api/v1/todos o /api/v1/*)",
-    "rulesErrorInvalidPriority": "Prioridad no válida",
+    "rulesErrorInvalidPriority": "Prioridad inválida",
-    "rulesErrorInvalidPriorityDescription": "Introduce un número entero de 1 o mayor.",
+    "rulesErrorInvalidPriorityDescription": "Por favor, introduzca una prioridad válida",
    "rulesErrorDuplicatePriority": "Prioridades duplicadas",
-    "rulesErrorDuplicatePriorityDescription": "Cada regla debe tener un número de prioridad único.",
+    "rulesErrorDuplicatePriorityDescription": "Por favor, introduzca prioridades únicas",
    "rulesErrorValidation": "Reglas no válidas",
    "rulesErrorValidationRuleDescription": "Regla {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Selecciona un tipo de coincidencia válido (ruta, IP, CIDR, país, región o ASN).",
    "rulesErrorValueRequired": "Introduce un valor para esta regla.",
    "rulesErrorInvalidCountry": "País no válido",
    "rulesErrorInvalidCountryDescription": "Selecciona un país válido.",
    "rulesErrorInvalidAsn": "ASN no válido",
    "rulesErrorInvalidAsnDescription": "Introduce un ASN válido (por ejemplo, AS15169).",
    "ruleUpdated": "Reglas actualizadas",
    "ruleUpdatedDescription": "Reglas actualizadas correctamente",
    "ruleErrorUpdate": "Operación fallida",
    "ruleErrorUpdateDescription": "Se ha producido un error durante la operación de guardado",
    "rulesPriority": "Prioridad",
    "rulesReorderDragHandle": "Arrastra para reordenar la prioridad de reglas",
    "rulesAction": "Accin",
    "rulesMatchType": "Tipo de partida",
    "value": "Valor",
@@ -810,7 +792,7 @@
    "rulesResource": "Configuración de reglas de recursos",
    "rulesResourceDescription": "Configurar reglas para controlar el acceso al recurso",
    "ruleSubmit": "Añadir Regla",
-    "rulesNoOne": "Aún no hay reglas.",
+    "rulesNoOne": "No hay reglas. Agregue una regla usando el formulario.",
    "rulesOrder": "Las reglas son evaluadas por prioridad en orden ascendente.",
    "rulesSubmit": "Guardar Reglas",
    "policyErrorCreate": "Error al crear la política",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Se ha producido un error inesperado",
    "policyCreatedSuccess": "Política de recursos creada con éxito",
    "policyUpdatedSuccess": "Política de recursos actualizada con éxito",
-    "authMethodsSave": "Guardar ajustes",
+    "authMethodsSave": "Guardar métodos de autenticación",
    "policyAuthStackTitle": "Autenticación",
    "policyAuthStackDescription": "Controla qué métodos de autenticación son necesarios para acceder a este recurso",
    "policyAuthOrLogicTitle": "Múltiples métodos de autenticación activos",
    "policyAuthOrLogicBanner": "Los visitantes pueden autenticarse utilizando cualquier método activo a continuación. No necesitan completar todos ellos.",
    "policyAuthMethodActive": "Activo",
    "policyAuthMethodOff": "Apagado",
    "policyAuthSsoTitle": "SSO de Plataforma",
    "policyAuthSsoDescription": "Requiere iniciar sesión a través del proveedor de identidad de tu organización",
    "policyAuthSsoSummary": "{idp} · {users} usuarios, {roles} roles",
    "policyAuthSsoDefaultIdp": "Proveedor por defecto",
    "policyAuthAddDefaultIdentityProvider": "Añadir Proveedor de Identidad Predeterminado",
    "policyAuthOtherMethodsTitle": "Otros Métodos",
    "policyAuthOtherMethodsDescription": "Métodos opcionales que los visitantes pueden utilizar en lugar de o junto con el SSO de plataforma",
    "policyAuthPasscodeTitle": "Código de Acceso",
    "policyAuthPasscodeDescription": "Requiere un código alfanumérico compartido para acceder al recurso",
    "policyAuthPasscodeSummary": "Código de acceso establecido",
    "policyAuthPincodeTitle": "Código PIN",
    "policyAuthPincodeDescription": "Un código numérico corto necesario para acceder al recurso",
    "policyAuthPincodeSummary": "Código PIN de 6 dígitos establecido",
    "policyAuthEmailTitle": "Lista Blanca de Correo",
    "policyAuthEmailDescription": "Permitir direcciones de correo listadas con contraseñas de un solo uso",
    "policyAuthEmailSummary": "{count} direcciones permitidas",
    "policyAuthEmailOtpCallout": "Habilitar la lista blanca de correos envía una contraseña de un solo uso al correo del visitante al iniciar sesión.",
    "policyAuthHeaderAuthTitle": "Autenticación Básica del Encabezado",
    "policyAuthHeaderAuthDescription": "Valida un nombre y valor de encabezado HTTP personalizado en cada petición",
    "policyAuthHeaderAuthSummary": "Encabezado configurado",
    "policyAuthHeaderName": "Nombre del encabezado",
    "policyAuthHeaderValue": "Valor esperado",
    "policyAuthSetPasscode": "Establecer Código de Acceso",
    "policyAuthSetPincode": "Establecer Código PIN",
    "policyAuthSetEmailWhitelist": "Establecer Lista Blanca de Correo",
    "policyAuthSetHeaderAuth": "Establecer Autenticación Básica del Encabezado",
    "policyAccessRulesTitle": "Reglas de Acceso",
    "policyAccessRulesEnableDescription": "Cuando está habilitado, las reglas se evalúan en orden descendente hasta que una se evalúa como verdadera.",
    "policyAccessRulesFirstMatch": "Las reglas se evalúan de arriba a abajo. La primera regla coincidente decide el resultado.",
    "policyAccessRulesHowItWorks": "Las reglas coinciden con las solicitudes por ruta, dirección IP, ubicación u otros criterios. Cada regla aplica una acción: omitir autenticación, bloquear acceso o pasar a autenticación. Si ninguna regla coincide, el tráfico sigue a la autenticación.",
    "policyAccessRulesFallthroughOff": "Cuando las reglas están deshabilitadas, todo el tráfico pasa a autenticación.",
    "policyAccessRulesFallthroughOn": "Cuando no coincide ninguna regla, el tráfico pasa a autenticación.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Guardar reglas",
    "resourceErrorCreate": "Error al crear recurso",
    "resourceErrorCreateDescription": "Se ha producido un error al crear el recurso",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Se ha producido un error al actualizar el recurso",
    "access": "Acceder",
    "accessControl": "Control de acceso",
-    "shareLink": "Enlace Compartible de {resource}",
+    "shareLink": "{resource} Compartir Enlace",
    "resourceSelect": "Seleccionar recurso",
-    "shareLinks": "Enlaces Compartibles",
+    "shareLinks": "Compartir enlaces",
    "share": "Enlaces compartibles",
    "shareDescription2": "Crea enlaces compartidos a recursos. Los enlaces proporcionan acceso temporal o ilimitado a tu recurso. Puede configurar la duración de caducidad del enlace cuando cree uno.",
    "shareEasyCreate": "Fácil de crear y compartir",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Los administradores siempre pueden acceder a este recurso.",
    "resourcePolicySelectTitle": "Política de Acceso a Recursos",
    "resourcePolicySelectDescription": "Seleccione el tipo de política de recursos para la autenticación",
    "resourcePolicyTypeLabel": "Tipo de política",
    "resourcePolicyLabel": "Política de recurso",
    "resourcePolicyInline": "Política de Recursos Integrada",
    "resourcePolicyInlineDescription": "Política de Acceso solo destinada a este recurso",
    "resourcePolicyShared": "Política de Recursos Compartida",
-    "resourcePolicySharedDescription": "Este recurso utiliza una política compartida.",
+    "resourcePolicySharedDescription": "Este recurso utiliza una política compartida. Las configuraciones a nivel de política (métodos de autenticación, lista blanca de correos electrónicos) están bloqueadas. Puede agregar reglas específicas de recursos, roles y usuarios más abajo.",
    "sharedPolicy": "Política Compartida",
    "sharedPolicyNoneDescription": "Este recurso tiene su propia política.",
    "resourceSharedPolicyOwnDescription": "Este recurso tiene sus propios controles de autenticación y reglas de acceso.",
    "resourceSharedPolicyInheritedDescription": "Este recurso hereda de <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando una política compartida. Algunas configuraciones de autenticación se pueden editar en este recurso para añadirse a la política. Para cambiar la política subyacente, debes editar a <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Este recurso está utilizando una política compartida. Algunas reglas de acceso se pueden editar en este recurso. Para cambiar la política subyacente, debes editar <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controles de acceso",
    "resourceUsersRolesDescription": "Configurar qué usuarios y roles pueden visitar este recurso",
    "resourceUsersRolesSubmit": "Guardar controles de acceso",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Visibilidad",
    "resourceVisibilityTitleDescription": "Activar o desactivar completamente la visibilidad de los recursos",
    "resourceGeneral": "Configuración General",
-    "resourceGeneralDescription": "Configurar nombre, dirección y política de acceso para este recurso.",
+    "resourceGeneralDescription": "Configurar la configuración general de este recurso",
    "resourceGeneralDetailsSubsection": "Detalles del Recurso",
    "resourceGeneralDetailsSubsectionDescription": "Establecer el nombre de visualización, identificador y dominio públicamente accesible para este recurso.",
    "resourceGeneralDetailsSubsectionPortDescription": "Establecer el nombre de visualización, identificador y puerto público para este recurso.",
    "resourceGeneralPublicAddressSubsection": "Dirección Pública",
    "resourceGeneralPublicAddressSubsectionDescription": "Configura cómo los usuarios acceden a este recurso.",
    "resourceGeneralAuthenticationAccessSubsection": "Autenticación y Acceso",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Elige si este recurso utiliza su propia política o hereda de una política compartida.",
    "resourceEnable": "Activar recurso",
    "resourceTransfer": "Transferir recursos",
    "resourceTransferDescription": "Transferir este recurso a un sitio diferente",
@@ -1294,14 +1220,11 @@
    "addLabels": "Agregar etiquetas",
    "siteLabelsTab": "Etiquetas",
    "siteLabelsDescription": "Administrar las etiquetas asociadas con este sitio.",
-    "labelsNotFound": "No se encontraron etiquetas.",
+    "labelsNotFound": "Etiquetas no encontradas",
    "labelsEmptyCreateHint": "Empieza a escribir arriba para crear una etiqueta.",
    "labelSearch": "Buscar etiquetas",
    "labelSearchOrCreate": "Buscar o crear una etiqueta",
    "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
    "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
    "accessLabelFilterClear": "Borrar filtros de etiquetas",
    "accessFilterClear": "Limpiar filtros",
    "selectColor": "Seleccionar color",
    "createNewLabel": "Crear nueva etiqueta de organización \"{label}\"",
    "inviteInvalidDescription": "El enlace de invitación no es válido.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Recursos",
    "sidebarProxyResources": "Público",
    "sidebarClientResources": "Privado",
-    "sidebarPolicies": "Políticas Compartidas",
+    "sidebarPolicies": "Políticas",
-    "sidebarResourcePolicies": "Recursos Públicos",
+    "sidebarResourcePolicies": "Recursos",
    "sidebarAccessControl": "Control de acceso",
    "sidebarLogsAndAnalytics": "Registros y análisis",
    "sidebarTeam": "Equipo",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Invitaciones",
    "sidebarRoles": "Roles",
-    "sidebarShareableLinks": "Enlaces Compartibles",
+    "sidebarShareableLinks": "Enlaces",
    "sidebarApiKeys": "Claves API",
    "sidebarProvisioning": "Aprovisionamiento",
    "sidebarSettings": "Ajustes",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Recurso {id}",
    "blueprints": "Planos",
    "blueprintsLog": "Registro de planos",
-    "blueprintsDescription": "Ver aplicaciones de planos anteriores y sus resultados o aplicar un nuevo plano",
+    "blueprintsDescription": "Ver aplicaciones de plano anteriores y sus resultados",
    "blueprintAdd": "Añadir plano",
    "blueprintGoBack": "Ver todos los Planos",
    "blueprintCreate": "Crear Plano",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Habilitar Plano Docker",
    "enableDockerSocketDescription": "Activar el raspado de etiquetas del socket Docker para etiquetas de planos. La ruta del socket debe proporcionarse al conector del sitio. Lea sobre cómo funciona esto en <docsLink>la documentación</docsLink>.",
    "newtAutoUpdate": "Habilitar actualización automática del sitio",
-    "newtAutoUpdateDescription": "Cuando está habilitado, los conectores del sitio descargarán automáticamente la última versión y se reiniciarán. Esto se puede anular por sitio.",
+    "newtAutoUpdateDescription": "Cuando está habilitado, los conectores del sitio se actualizarán automáticamente a la última versión cuando haya disponible una nueva versión.",
    "siteAutoUpdate": "Actualización automática del sitio",
    "siteAutoUpdateLabel": "Habilitar actualización automática",
-    "siteAutoUpdateDescription": "Cuando está habilitado, el conector de este sitio descargará automáticamente la última versión y se reiniciará.",
+    "siteAutoUpdateDescription": "Controlar si el conector de este sitio descarga automáticamente la última versión.",
    "siteAutoUpdateOrgDefault": "Predeterminado de la organización: {state}",
    "siteAutoUpdateOverriding": "Configuración de anulación de la organización",
    "siteAutoUpdateResetToOrg": "Restablecer al predeterminado de la organización",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "¡Configuración de cuenta completada! ¡Bienvenido a Pangolin!",
    "documentation": "Documentación",
    "saveAllSettings": "Guardar todos los ajustes",
-    "saveResourceTargets": "Guardar ajustes",
+    "saveResourceTargets": "Guardar objetivos",
-    "saveResourceHttp": "Guardar ajustes",
+    "saveResourceHttp": "Guardar ajustes de proxy",
-    "saveProxyProtocol": "Guardar ajustes",
+    "saveProxyProtocol": "Guardar configuraciones del protocolo de proxy",
    "settingsUpdated": "Ajustes actualizados",
    "settingsUpdatedDescription": "Configuraciones actualizadas correctamente",
    "settingsErrorUpdate": "Error al actualizar ajustes",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Desconocido",
    "healthCheck": "Chequeo de salud",
    "configureHealthCheck": "Configurar Chequeo de Salud",
-    "configureHealthCheckDescription": "Configura la monitorización para tu recurso para asegurarte que siempre está disponible",
+    "configureHealthCheckDescription": "Configura la monitorización de salud para {target}",
    "enableHealthChecks": "Activar Chequeos de Salud",
    "healthCheckDisabledStateDescription": "Cuando está deshabilitado, el sitio no realizará comprobaciones de salud y el estado se considerará desconocido.",
    "enableHealthChecksDescription": "Controlar la salud de este objetivo. Puedes supervisar un punto final diferente al objetivo si es necesario.",
    "healthScheme": "Método",
    "healthSelectScheme": "Seleccionar método",
-    "healthCheckPortInvalid": "El puerto debe estar entre 1 y 65535",
+    "healthCheckPortInvalid": "El puerto de chequeo de salud debe estar entre 1 y 65535",
    "healthCheckPath": "Ruta",
    "healthHostname": "IP / Nombre del host",
    "healthPort": "Puerto",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Requiere aprobaciones del dispositivo",
    "requireDeviceApprovalDescription": "Los usuarios con este rol necesitan nuevos dispositivos aprobados por un administrador antes de poder conectarse y acceder a los recursos.",
    "sshSettings": "Configuración SSH",
    "sshAccess": "Acceso SSH",
    "rdpSettings": "Configuración RDP",
    "vncSettings": "Configuración VNC",
    "sshServer": "Servidor SSH",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Asegúrese de que su host objetivo esté correctamente configurado para ejecutar el daemon de autenticación antes de completar esta configuración, o la provisión fallará.",
    "sshDaemonPort": "Puerto del Daemon",
    "sshServerDestination": "Destino del Servidor",
-    "sshServerDestinationDescription": "Configurar el destino del servidor SSH",
+    "sshServerDestinationDescription": "Configure el destino y el puerto del servidor SSH",
    "destination": "Destino",
    "destinationRequired": "Se requiere destino.",
    "domainRequired": "Se requiere dominio.",
    "proxyPortRequired": "Se requiere puerto.",
    "invalidPathConfiguration": "Configuración de ruta no válida.",
    "invalidRewritePathConfiguration": "Configuración de ruta de reescritura no válida.",
    "bgTargetMultiSiteDisclaimer": "Seleccionar múltiples sitios permite el enrutamiento resiliente y el failover para alta disponibilidad.",
    "roleAllowSsh": "Permitir SSH",
    "roleAllowSshAllow": "Permitir",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista de comandos que el usuario tiene permitido ejecutar con sudo, separados por comas, espacios o nuevas líneas. Se deben usar rutas absolutas.",
+    "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo. Se deben usar rutas absolutas.",
    "sshCreateHomeDir": "Crear directorio principal",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix a los que añadir el usuario en el host de destino, separados por comas, espacios o nuevas líneas.",
+    "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
    "roleTextFieldPlaceholder": "Introduce valores, o suelta un archivo .txt o .csv",
    "roleTextImportTitle": "Importar desde Archivo",
    "roleTextImportDescription": "Importando {fileName} en {fieldLabel}.",
    "roleTextImportSkipHeader": "Omitir Primera Fila (Encabezado)",
    "roleTextImportOverride": "Reemplazar Existente",
    "roleTextImportAppend": "Añadir al Existente",
    "roleTextImportMode": "Modo de Importación",
    "roleTextImportPreview": "Previsualizar",
    "roleTextImportItemCount": "{count, plural, =0 {No hay elementos para importar} one {1 elemento para importar} other {# elementos para importar}}",
    "roleTextImportTotalCount": "{existing} existentes + {imported} importados = {total} total",
    "roleTextImportConfirm": "Importar",
    "roleTextImportInvalidFile": "Tipo de archivo no soportado",
    "roleTextImportInvalidFileDescription": "Sólo se soportan archivos .txt y .csv.",
    "roleTextImportEmpty": "No se encontraron elementos en el archivo",
    "roleTextImportEmptyDescription": "El archivo no contiene ningún elemento importable.",
    "retryAttempts": "Intentos de Reintento",
    "expectedResponseCodes": "Códigos de respuesta esperados",
    "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Habilitar protocolo proxy",
    "proxyProtocolInfo": "Conservar direcciones IP del cliente para backends TCP",
    "proxyProtocolVersion": "Versión del Protocolo Proxy",
-    "version1": "Versión 1 (Recomendada)",
+    "version1": " Versión 1 (Recomendado)",
    "version2": "Versión 2",
-    "version1Description": "Basado en texto y ampliamente compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
+    "versionDescription": "La versión 1 está basada en texto y es ampliamente soportada. La versión 2 es binaria y más eficiente pero menos compatible.",
    "version2Description": "Binario y más eficiente, pero menos compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
    "warning": "Advertencia",
    "proxyProtocolWarning": "La aplicación backend debe configurarse para aceptar conexiones Proxy Protocol. Si el backend no soporta Proxy Protocol, activarlo romperá todas las conexiones, así que sólo habilítelo si sabe lo que está haciendo. Asegúrese de configurar su backend para que confíe en las cabeceras del protocolo Proxy de Traefik.",
    "restarting": "Reiniciando...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Ingresar confirmación",
    "blueprintViewDetails": "Detalles",
    "defaultIdentityProvider": "Proveedor de identidad predeterminado",
-    "defaultIdentityProviderDescription": "El usuario será redirigido automáticamente a este proveedor de identidad para autenticación.",
+    "defaultIdentityProviderDescription": "Cuando se selecciona un proveedor de identidad por defecto, el usuario será redirigido automáticamente al proveedor de autenticación.",
    "editInternalResourceDialogNetworkSettings": "Configuración de red",
    "editInternalResourceDialogAccessPolicy": "Política de acceso",
    "editInternalResourceDialogAddRoles": "Agregar roles",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Tipo de modo de mantenimiento",
    "showMaintenancePage": "Mostrar página de mantenimiento a los visitantes",
    "enableMaintenanceMode": "Habilitar modo de mantenimiento",
    "enableMaintenanceModeDescription": "Cuando esté habilitado, los visitantes verán una página de mantenimiento en lugar de tu recurso.",
    "automatic": "Automático",
    "automaticModeDescription": "Mostrar página de mantenimiento solo cuando todos los objetivos de backend están caídos o no saludables. Su recurso continúa funcionando normalmente siempre que al menos un objetivo esté saludable.",
    "forced": "Forzado",
@@ -3182,8 +3082,6 @@
    "warning:": "Advertencia:",
    "forcedeModeWarning": "Todo el tráfico será dirigido a la página de mantenimiento. Sus recursos de backend no recibirán solicitudes.",
    "pageTitle": "Título de la página",
    "maintenancePageContentSubsection": "Contenido de la Página",
    "maintenancePageContentSubsectionDescription": "Personaliza el contenido mostrado en la página de mantenimiento",
    "pageTitleDescription": "El encabezado principal visible en la página de mantenimiento",
    "maintenancePageMessage": "Mensaje de mantenimiento",
    "maintenancePageMessagePlaceholder": "¡Volveremos pronto! Nuestro sitio está actualmente en mantenimiento programado.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "¿Está seguro de que desea desasociar este proveedor de identidad de esta organización?",
    "idpUnassociateDescription": "Todos los usuarios asociados con este proveedor de identidad serán eliminados de esta organización, pero el proveedor de identidad continuará existiendo para otras organizaciones asociadas.",
    "idpUnassociateConfirm": "Confirme Desasociar Proveedor de Identidad",
    "idpConfirmDeleteAndRemoveMeFromOrg": "ELIMINAR Y QUITARME DE ORG",
    "idpUnassociateAndRemoveMeFromOrg": "DESASOCIAR Y QUITARME DE ORG",
    "idpUnassociateWarning": "Esto no se puede deshacer para esta organización.",
    "idpUnassociatedDescription": "Proveedor de identidad desasociado de esta organización con éxito",
    "idpUnassociateMenu": "Desasociar",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Conectando…",
    "sshInitializing": "Inicializando…",
    "sshSignInTitle": "Iniciar sesión en SSH",
-    "sshSignInDescription": "Ingresa tus credenciales SSH para conectar",
+    "sshSignInDescription": "Ingrese sus credenciales SSH",
    "sshPasswordTab": "Contraseña",
    "sshPrivateKeyTab": "Clave Privada",
    "sshPrivateKeyField": "Clave Privada",
    "sshPrivateKeyDisclaimer": "Su clave privada no se almacena ni es visible para Pangolin. Alternativamente, puede usar certificados de corta duración para una autenticación sin interrupciones usando su identidad Pangolin existente.",
    "sshLearnMore": "Más información",
    "sshPrivateKeyFile": "Archivo de clave privada",
-    "sshAuthenticate": "Conectar",
+    "sshAuthenticate": "Autenticarse",
    "sshTerminate": "Terminar",
    "sshPoweredBy": "Desarrollado por",
    "sshErrorNoTarget": "No se especificó el objetivo",
    "sshErrorWebSocket": "Conexión WebSocket fallida",
    "sshErrorAuthFailed": "Falló la autenticación",
-    "sshErrorConnectionClosed": "La conexión se cerró antes de completar la autenticación",
+    "sshErrorConnectionClosed": "La conexión se cerró antes de completar la autenticación"
    "sitePangolinSshDescription": "Permitir acceso SSH a los recursos en este sitio. Esto se puede cambiar más tarde.",
    "browserGatewayNoResourceForDomain": "No se encontró un recurso para este dominio",
    "browserGatewayNoTarget": "Sin destino",
    "browserGatewayConnect": "Conectar",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Error al firmar la clave SSH para autenticación PAM push. ¿Te has iniciado sesión como usuario?",
    "sshTerminalError": "Error: {error}",
    "sshConnectionClosedCode": "Conexión cerrada (código {code})",
    "sshPrivateKeyPlaceholder": "-----COMIENZO DE LA CLAVE PRIVADA OPENSSH-----",
    "sshPrivateKeyRequired": "Se requiere clave privada",
    "vncTitle": "VNC",
    "vncSignInDescription": "Introduce tu contraseña VNC para conectar",
    "vncPasswordOptional": "Contraseña (opcional)",
    "vncNoResourceTarget": "No hay objetivo de recurso disponible",
    "vncFailedToLoadNovnc": "Error al cargar noVNC",
    "vncAuthFailedStatus": "Estado {status}",
    "vncPasteClipboard": "Pegar portapapeles",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Iniciar sesión en el Escritorio Remoto",
    "rdpSignInDescription": "Introduce las credenciales de Windows para conectar",
    "rdpLoadingModule": "Cargando módulo...",
    "rdpFailedToLoadModule": "Error al cargar el módulo RDP",
    "rdpNotReady": "No está listo",
    "rdpModuleInitializing": "El módulo RDP aún se está iniciando",
    "rdpDownloadingFiles": "Descargando {count} archivo(s) del remoto…",
    "rdpDownloadFailed": "Error al descargar: {fileName}",
    "rdpUploaded": "Subido: {fileName}",
    "rdpNoConnectionTarget": "No hay objetivo de conexión disponible",
    "rdpConnectionFailed": "Conexión fallida",
    "rdpFit": "Ajustar",
    "rdpFull": "Completo",
    "rdpReal": "Real",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Subir archivos",
    "rdpFilesReadyToPaste": "Archivos listos para pegar",
    "rdpFilesReadyToPasteDescription": "{count, plural, one {# archivo copiado al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.} other {# archivos copiados al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.}}",
    "rdpUploadFailed": "Error de subida",
    "rdpUnicodeKeyboardMode": "Modo teclado Unicode",
    "sessionToolbarShow": "Mostrar barra de herramientas",
    "sessionToolbarHide": "Ocultar barra de herramientas"
 }
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Voir les ressources privées",
    "siteInstallNewt": "Installer Newt",
    "siteInstallNewtDescription": "Faites fonctionner Newt sur votre système",
    "siteInstallKubernetesDocsDescription": "Pour plus d'informations à jour sur l'installation de Kubernetes, consultez <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Pour les instructions d'installation du modem Advantech, voir <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuration WireGuard",
    "WgConfigurationDescription": "Utilisez la configuration suivante pour vous connecter au réseau",
    "operatingSystem": "Système d'exploitation",
@@ -158,8 +156,8 @@
    "shareErrorDeleteMessage": "Une erreur s'est produite lors de la suppression du lien",
    "shareDeleted": "Lien supprimé",
    "shareDeletedDescription": "Le lien a été supprimé",
-    "shareDelete": "Supprimer le lien partageable",
+    "shareDelete": "Supprimer le lien de partage",
-    "shareDeleteConfirm": "Confirmer la suppression du lien partageable",
+    "shareDeleteConfirm": "Confirmer la suppression du lien de partage",
    "shareQuestionRemove": "Êtes-vous sûr de vouloir supprimer ce lien de partage ?",
    "shareMessageRemove": "Une fois supprimé, le lien ne fonctionnera plus et toute personne l'utilisant perdra l'accès à la ressource.",
    "shareTokenDescription": "Le jeton d'accès peut être passé de deux façons : en tant que paramètre de requête ou dans les en-têtes de la requête. Elles doivent être transmises par le client à chaque demande d'accès authentifié.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "N'importe qui avec ce lien peut accéder à la ressource",
    "shareTitleOptional": "Titre (facultatif)",
    "sharePathOptional": "Chemin (optionnel)",
    "sharePathDescription": "Le lien redirigera les utilisateurs vers ce chemin après l'authentification.",
    "expireIn": "Expire dans",
    "neverExpire": "N'expire jamais",
    "shareExpireDescription": "Le délai d'expiration correspond à la période pendant laquelle le lien sera utilisable et permettra d'accéder à la ressource. Passé ce délai, le lien ne fonctionnera plus et les utilisateurs qui l'ont utilisé perdront l'accès à la ressource.",
@@ -204,7 +201,7 @@
    "proxyResourceTitle": "Gérer les ressources publiques",
    "proxyResourceDescription": "Créer et gérer des ressources accessibles au public via un navigateur web",
    "publicResourcesBannerTitle": "Accès public basé sur le Web",
-    "publicResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS accessibles à quiconque sur Internet via un navigateur Web. Contrairement aux ressources privées, elles ne nécessitent pas de logiciel côté client et peuvent inclure des politiques d'accès fondées sur l'identité et le contexte.",
+    "publicResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS ou TCP/UDP accessibles par tout le monde sur Internet via un navigateur Web. Contrairement aux ressources privées, elles n'exigent pas de logiciel côté client et peuvent inclure des politiques d'accès basées sur l'identité et le contexte.",
    "clientResourceTitle": "Gérer les ressources privées",
    "clientResourceDescription": "Créer et gérer des ressources qui ne sont accessibles que via un client connecté",
    "privateResourcesBannerTitle": "Accès privé sans confiance",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Chercher des ressources...",
    "resourceAdd": "Ajouter une ressource",
    "resourceErrorDelte": "Erreur lors de la de suppression de la ressource",
-    "resourcePoliciesBannerTitle": "Réutiliser les règles d'authentification et d'accès",
+    "resourcePoliciesTitle": "Gérer les politiques de ressource",
-    "resourcePoliciesBannerDescription": "Les politiques de ressources partagées vous permettent de définir des méthodes d'authentification et des règles d'accès une fois, puis de les attacher à plusieurs ressources publiques. Lorsque vous mettez à jour une politique, chaque ressource liée hérite automatiquement des changements.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ressources attachées",
    "resourcePoliciesBannerButtonText": "En Savoir Plus",
    "resourcePoliciesTitle": "Gérer les politiques de ressources publiques",
    "resourcePoliciesAttachedResourcesColumnTitle": "Ressources",
    "resourcePoliciesAttachedResources": "{count} ressource(s)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressource} other {# ressources}}",
    "resourcePoliciesAttachedResourcesEmpty": "pas de ressources",
-    "resourcePoliciesDescription": "Créez et gérer les politiques d'authentification pour contrôler l'accès à vos ressources publiques",
+    "resourcePoliciesDescription": "Créer et gérer des politiques d'authentification pour contrôler l'accès à vos ressources",
    "resourcePoliciesSearch": "Chercher des politiques...",
    "resourcePoliciesAdd": "Ajouter une politique",
    "resourcePoliciesDefaultBadgeText": "Politique par défaut",
-    "resourcePoliciesCreate": "Créer une politique de ressource publique",
+    "resourcePoliciesCreate": "Créer une politique de ressource",
    "resourcePoliciesCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle politique",
    "resourcePolicyName": "Nom de la politique",
    "resourcePolicyNameDescription": "Donnez à cette politique un nom pour l'identifier parmi vos ressources",
@@ -281,7 +274,7 @@
    "back": "Précédent",
    "cancel": "Abandonner",
    "resourceConfig": "Snippets de configuration",
-    "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP.",
+    "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP",
    "resourceAddEntrypoints": "Traefik: Ajouter des points d'entrée",
    "resourceExposePorts": "Gerbil: Exposer des ports dans Docker Compose",
    "resourceLearnRaw": "Apprenez à configurer les ressources TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Supprimer Étiquette",
    "labelAdd": "Ajouter Étiquette",
    "labelCreateSuccessMessage": "Étiquette créée avec succès",
    "labelDuplicateError": "Étiquette en double",
    "labelDuplicateErrorDescription": "Une étiquette avec ce nom existe déjà.",
    "labelEditSuccessMessage": "Étiquette modifiée avec succès",
    "labelNameField": "Nom de l'étiquette",
    "labelColorField": "Couleur de l'étiquette",
@@ -320,7 +311,7 @@
    "rules": "Règles",
    "resourceSettingDescription": "Configurer les paramètres de la ressource",
    "resourceSetting": "Réglages de {resourceName}",
-    "resourcePolicySettingDescription": "Configurez les paramètres de cette politique de ressource publique",
+    "resourcePolicySettingDescription": "Configurer les paramètres de la politique de ressource",
    "resourcePolicySetting": "Paramètres de {policyName}",
    "alwaysAllow": "Outrepasser l'authentification",
    "alwaysDeny": "Bloquer l'accès",
@@ -728,7 +719,7 @@
    "targetSubmit": "Ajouter une cible",
    "targetNoOne": "Cette ressource n'a aucune cible. Ajoutez une cible pour configurer où envoyer des requêtes à l'arrière-plan.",
    "targetNoOneDescription": "L'ajout de plus d'une cible ci-dessus activera l'équilibrage de charge.",
-    "targetsSubmit": "Enregistrer les paramètres",
+    "targetsSubmit": "Enregistrer les cibles",
    "addTarget": "Ajouter une cible",
    "proxyMultiSiteRoundRobinNodeHelp": "Le routage en tourniquet n'opérera pas entre des sites qui ne sont pas connectés au même nœud, mais le basculement fonctionnera.",
    "targetErrorInvalidIp": "Adresse IP invalide",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Règle en double",
    "rulesErrorDuplicateDescription": "Une règle avec ces paramètres existe déjà",
    "rulesErrorInvalidIpAddressRange": "CIDR invalide",
-    "rulesErrorInvalidIpAddressRangeDescription": "Entrez une plage CIDR valide (par ex., 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Veuillez entrer une valeur CIDR valide",
-    "rulesErrorInvalidUrl": "Chemin non valide",
+    "rulesErrorInvalidUrl": "Chemin URL invalide",
-    "rulesErrorInvalidUrlDescription": "Entrez un chemin URL valide ou un modèle (par exemple, /api/*).",
+    "rulesErrorInvalidUrlDescription": "Veuillez entrer un chemin URL valide",
-    "rulesErrorInvalidIpAddress": "Adresse IP invalide",
+    "rulesErrorInvalidIpAddress": "IP invalide",
-    "rulesErrorInvalidIpAddressDescription": "Entrez une adresse IPv4 ou IPv6 valide.",
+    "rulesErrorInvalidIpAddressDescription": "Veuillez entrer une adresse IP valide",
    "rulesErrorUpdate": "Échec de la mise à jour des règles",
    "rulesErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour des règles",
    "rulesUpdated": "Activer les règles",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Entrez une adresse IP (ex: 103.21.244.12)",
    "rulesMatchUrl": "Entrez un chemin URL ou un motif (ex: /api/v1/todos ou /api/v1/*)",
    "rulesErrorInvalidPriority": "Priorité invalide",
-    "rulesErrorInvalidPriorityDescription": "Entrez un nombre entier de 1 ou plus.",
+    "rulesErrorInvalidPriorityDescription": "Veuillez entrer une priorité valide",
    "rulesErrorDuplicatePriority": "Priorités en double",
-    "rulesErrorDuplicatePriorityDescription": "Chaque règle doit avoir un numéro de priorité unique.",
+    "rulesErrorDuplicatePriorityDescription": "Veuillez entrer des priorités uniques",
    "rulesErrorValidation": "Règles invalides",
    "rulesErrorValidationRuleDescription": "Règle {ruleNumber} : {message}",
    "rulesErrorInvalidMatchTypeDescription": "Sélectionnez un type de correspondance valide (chemin, IP, CIDR, pays, région ou ASN).",
    "rulesErrorValueRequired": "Entrez une valeur pour cette règle.",
    "rulesErrorInvalidCountry": "Pays invalide",
    "rulesErrorInvalidCountryDescription": "Sélectionnez un pays valide.",
    "rulesErrorInvalidAsn": "ASN invalide",
    "rulesErrorInvalidAsnDescription": "Entrez un ASN valide (par exemple, AS15169).",
    "ruleUpdated": "Règles mises à jour",
    "ruleUpdatedDescription": "Règles mises à jour avec succès",
    "ruleErrorUpdate": "L'opération a échoué",
    "ruleErrorUpdateDescription": "Une erreur s'est produite lors de l'enregistrement",
    "rulesPriority": "Priorité",
    "rulesReorderDragHandle": "Faites glisser pour réorganiser la priorité des règles",
    "rulesAction": "Action",
    "rulesMatchType": "Type de correspondance",
    "value": "Valeur",
@@ -810,7 +792,7 @@
    "rulesResource": "Configuration des règles de ressource",
    "rulesResourceDescription": "Configurer les règles pour contrôler l'accès à la ressource",
    "ruleSubmit": "Ajouter une règle",
-    "rulesNoOne": "Aucune règle pour le moment.",
+    "rulesNoOne": "Aucune règle. Ajoutez une règle en utilisant le formulaire.",
    "rulesOrder": "Les règles sont évaluées par priorité dans l'ordre croissant.",
    "rulesSubmit": "Enregistrer les règles",
    "policyErrorCreate": "Erreur lors de la création de la politique",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Une erreur inattendue s'est produite",
    "policyCreatedSuccess": "Politique de ressource créée avec succès",
    "policyUpdatedSuccess": "Politique de ressource mise à jour avec succès",
-    "authMethodsSave": "Enregistrer les paramètres",
+    "authMethodsSave": "Enregistrer les méthodes d'authentification",
    "policyAuthStackTitle": "Authentification",
    "policyAuthStackDescription": "Contrôlez quelles méthodes d'authentification sont nécessaires pour accéder à cette ressource",
    "policyAuthOrLogicTitle": "Plusieurs méthodes d'authentification actives",
    "policyAuthOrLogicBanner": "Les visiteurs peuvent s'authentifier en utilisant l'une des méthodes actives ci-dessous. Ils n'ont pas besoin de toutes les compléter.",
    "policyAuthMethodActive": "Actif",
    "policyAuthMethodOff": "Éteint",
    "policyAuthSsoTitle": "SSO de la plateforme",
    "policyAuthSsoDescription": "Exigez une connexion via le fournisseur d'identité de votre organisation",
    "policyAuthSsoSummary": "{idp} · {users} utilisateurs, {roles} rôles",
    "policyAuthSsoDefaultIdp": "Fournisseur par défaut",
    "policyAuthAddDefaultIdentityProvider": "Ajouter un fournisseur d'identité par défaut",
    "policyAuthOtherMethodsTitle": "Autres méthodes",
    "policyAuthOtherMethodsDescription": "Des méthodes facultatives que les visiteurs peuvent utiliser à la place de ou en parallèle avec la SSO de la plateforme",
    "policyAuthPasscodeTitle": "Code confidentiel",
    "policyAuthPasscodeDescription": "Exiger un code confidentiel alphanumérique partagé pour accéder à la ressource",
    "policyAuthPasscodeSummary": "Code confidentiel établi",
    "policyAuthPincodeTitle": "Code PIN",
    "policyAuthPincodeDescription": "Un code numérique court requis pour accéder à la ressource",
    "policyAuthPincodeSummary": "Code PIN à 6 chiffres établi",
    "policyAuthEmailTitle": "Liste blanche des e-mails",
    "policyAuthEmailDescription": "Autorisez les adresses e-mail listées avec des mots de passe à usage unique",
    "policyAuthEmailSummary": "{count} adresses autorisées",
    "policyAuthEmailOtpCallout": "Activer la liste blanche des e-mails envoie un mot de passe à usage unique à l'e-mail du visiteur lors de la connexion.",
    "policyAuthHeaderAuthTitle": "Authentification de l'en-tête de base",
    "policyAuthHeaderAuthDescription": "Validez un nom et une valeur d'en-tête HTTP personnalisé à chaque requête",
    "policyAuthHeaderAuthSummary": "En-tête configuré",
    "policyAuthHeaderName": "Nom de l'en-tête",
    "policyAuthHeaderValue": "Valeur attendue",
    "policyAuthSetPasscode": "Définir le code confidentiel",
    "policyAuthSetPincode": "Définir le code PIN",
    "policyAuthSetEmailWhitelist": "Définir la liste blanche des e-mails",
    "policyAuthSetHeaderAuth": "Configurer l'authentification des en-têtes de base",
    "policyAccessRulesTitle": "Règles d'accès",
    "policyAccessRulesEnableDescription": "Lorsqu'elles sont activées, les règles sont évaluées dans l'ordre décroissant jusqu'à ce que l'une soit évaluée comme vraie.",
    "policyAccessRulesFirstMatch": "Les règles sont évaluées de haut en bas. La première règle correspondante décide du résultat.",
    "policyAccessRulesHowItWorks": "Les règles correspondent aux demandes par chemin, adresse IP, emplacement, ou d'autres critères. Chaque règle applique une action : contourner l'authentification, bloquer l'accès, ou passer à l'authentification. Si aucune règle ne correspond, le trafic continue jusqu'à l'authentification.",
    "policyAccessRulesFallthroughOff": "Lorsque les règles sont désactivées, tout le trafic passe par l'authentification.",
    "policyAccessRulesFallthroughOn": "Lorsqu'aucune règle ne correspond, le trafic passe par l'authentification.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Enregistrer les règles",
    "resourceErrorCreate": "Erreur lors de la création de la ressource",
    "resourceErrorCreateDescription": "Une erreur s'est produite lors de la création de la ressource",
@@ -885,7 +826,7 @@
    "accessControl": "Contrôle d'accès",
    "shareLink": "Lien de partage {resource}",
    "resourceSelect": "Sélectionner une ressource",
-    "shareLinks": "Liens partageables",
+    "shareLinks": "Liens de partage",
    "share": "Liens partageables",
    "shareDescription2": "Créez des liens partageables vers des ressources. Les liens fournissent un accès temporaire ou illimité à votre ressource. Vous pouvez configurer la durée d'expiration du lien lorsque vous en créez un.",
    "shareEasyCreate": "Facile à créer et à partager",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Les administrateurs peuvent toujours accéder à cette ressource.",
    "resourcePolicySelectTitle": "Politique d'accès à la ressource",
    "resourcePolicySelectDescription": "Sélectionner le type de politique de ressource pour l'authentification",
    "resourcePolicyTypeLabel": "Type de politique",
    "resourcePolicyLabel": "Politique de ressource",
    "resourcePolicyInline": "Politique de ressource en ligne",
    "resourcePolicyInlineDescription": "Politique d'accès limitée uniquement à cette ressource",
    "resourcePolicyShared": "Politique de ressource partagée",
-    "resourcePolicySharedDescription": "Cette ressource utilise une politique partagée.",
+    "resourcePolicySharedDescription": "Cette ressource utilise une politique partagée. Les paramètres de niveau politique (méthodes d'authentification, liste blanche email) sont verrouillés. Vous pouvez ajouter des règles spécifiques à la ressource, rôles et utilisateurs ci-dessous.",
    "sharedPolicy": "Politique partagée",
    "sharedPolicyNoneDescription": "Cette ressource a sa propre politique.",
    "resourceSharedPolicyOwnDescription": "Cette ressource a ses propres contrôles de règles d'authentification et d'accès.",
    "resourceSharedPolicyInheritedDescription": "Cette ressource hérite de <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Cette ressource utilise une politique partagée. Certains paramètres d'authentification peuvent être modifiés sur cette ressource pour ajouter à la politique. Pour changer la politique sous-jacente, vous devez éditer à <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Cette ressource utilise une politique partagée. Certaines règles d'accès peuvent être modifiées sur cette ressource. Pour changer la politique sous-jacente, vous devez éditer <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Contrôles d'accès",
    "resourceUsersRolesDescription": "Configurer quels utilisateurs et rôles peuvent visiter cette ressource",
    "resourceUsersRolesSubmit": "Enregistrer les contrôles d'accès",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Visibilité",
    "resourceVisibilityTitleDescription": "Activer ou désactiver complètement la visibilité de la ressource",
    "resourceGeneral": "Paramètres généraux",
-    "resourceGeneralDescription": "Configurer le nom, l'adresse et la politique d'accès pour cette ressource.",
+    "resourceGeneralDescription": "Configurer les paramètres généraux de cette ressource",
    "resourceGeneralDetailsSubsection": "Détails de la ressource",
    "resourceGeneralDetailsSubsectionDescription": "Définir le nom d'affichage, l'identifiant et le domaine accessible publiquement pour cette ressource.",
    "resourceGeneralDetailsSubsectionPortDescription": "Définir le nom d'affichage, l'identifiant et le port public pour cette ressource.",
    "resourceGeneralPublicAddressSubsection": "Adresse publique",
    "resourceGeneralPublicAddressSubsectionDescription": "Configurez comment les utilisateurs accèdent à cette ressource.",
    "resourceGeneralAuthenticationAccessSubsection": "Authentification & Accès",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Choisissez si cette ressource utilise sa propre politique ou hérite d'une politique partagée.",
    "resourceEnable": "Activer la ressource",
    "resourceTransfer": "Transférer la ressource",
    "resourceTransferDescription": "Transférer cette ressource vers un autre site",
@@ -1294,14 +1220,11 @@
    "addLabels": "Ajouter des étiquettes",
    "siteLabelsTab": "Étiquettes",
    "siteLabelsDescription": "Gérer les étiquettes associées à ce site.",
-    "labelsNotFound": "Aucune étiquette trouvée.",
+    "labelsNotFound": "Étiquettes introuvables",
    "labelsEmptyCreateHint": "Commencez à taper ci-dessus pour créer une étiquette.",
    "labelSearch": "Chercher des étiquettes",
    "labelSearchOrCreate": "Recherchez ou créez une étiquette",
    "accessLabelFilterCount": "{count, plural, one {# étiquette} other {# étiquettes}}",
    "labelOverflowCount": "+{count, plural, one {# étiquette} other {# étiquettes}}",
    "accessLabelFilterClear": "Effacer les filtres d'étiquette",
    "accessFilterClear": "Effacer les filtres",
    "selectColor": "Sélectionner la couleur",
    "createNewLabel": "Créer une nouvelle étiquette d'organisation \"{label}\"",
    "inviteInvalidDescription": "Le lien d'invitation n'est pas valide.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Ressource",
    "sidebarProxyResources": "Publique",
    "sidebarClientResources": "Privé",
-    "sidebarPolicies": "Politiques partagées",
+    "sidebarPolicies": "Politiques",
-    "sidebarResourcePolicies": "Ressources publiques",
+    "sidebarResourcePolicies": "Ressources",
    "sidebarAccessControl": "Contrôle d'accès",
    "sidebarLogsAndAnalytics": "Journaux & Analytiques",
    "sidebarTeam": "Equipe",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Administrateur",
    "sidebarInvitations": "Invitations",
    "sidebarRoles": "Rôles",
-    "sidebarShareableLinks": "Liens partageables",
+    "sidebarShareableLinks": "Liens",
    "sidebarApiKeys": "Clés API",
    "sidebarProvisioning": "Mise en place",
    "sidebarSettings": "Réglages",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressource {id}",
    "blueprints": "Configs",
    "blueprintsLog": "Journal des plans",
-    "blueprintsDescription": "Consultez les applications et leurs résultats de planches à dessin passées ou appliquez une nouvelle planche à dessin",
+    "blueprintsDescription": "Voir les applications passées des plans et leurs résultats",
    "blueprintAdd": "Ajouter une Config",
    "blueprintGoBack": "Voir toutes les Configs",
    "blueprintCreate": "Créer une Config",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Activer la Config Docker",
    "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin du socket doit être fourni au connecteur du site. Lisez plus à ce sujet dans <docsLink>la documentation</docsLink>.",
    "newtAutoUpdate": "Activer la mise à jour automatique du site",
-    "newtAutoUpdateDescription": "Lorsqu'il est activé, les connecteurs de site téléchargeront automatiquement la dernière version et redémarreront eux-mêmes. Cela peut être contourné sur une base par site.",
+    "newtAutoUpdateDescription": "Lorsqu'il est activé, les connecteurs de site se mettront automatiquement à jour vers la dernière version lorsqu'une nouvelle version sera disponible.",
    "siteAutoUpdate": "Mise à jour automatique du site",
    "siteAutoUpdateLabel": "Activer la mise à jour automatique",
-    "siteAutoUpdateDescription": "Lorsqu'il est activé, le connecteur de ce site téléchargera automatiquement la dernière version et se redémarrera.",
+    "siteAutoUpdateDescription": "Contrôler si le connecteur de ce site télécharge automatiquement la dernière version.",
    "siteAutoUpdateOrgDefault": "Valeur par défaut de l'organisation : {state}",
    "siteAutoUpdateOverriding": "Substitution des paramètres de l'organisation",
    "siteAutoUpdateResetToOrg": "Réinitialiser à la valeur par défaut de l'organisation",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Configuration du compte terminée! Bienvenue chez Pangolin !",
    "documentation": "Documentation",
    "saveAllSettings": "Enregistrer tous les paramètres",
-    "saveResourceTargets": "Enregistrer les paramètres",
+    "saveResourceTargets": "Enregistrer les cibles",
-    "saveResourceHttp": "Enregistrer les paramètres",
+    "saveResourceHttp": "Enregistrer les paramètres de proxy",
-    "saveProxyProtocol": "Enregistrer les paramètres",
+    "saveProxyProtocol": "Enregistrer les paramètres du protocole proxy",
    "settingsUpdated": "Paramètres mis à jour",
    "settingsUpdatedDescription": "Paramètres mis à jour avec succès",
    "settingsErrorUpdate": "Échec de la mise à jour des paramètres",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Inconnu",
    "healthCheck": "Vérification de l'état de santé",
    "configureHealthCheck": "Configurer la vérification de l'état de santé",
-    "configureHealthCheckDescription": "Configurez la surveillance de votre ressource pour vous assurer qu'elle est toujours disponible",
+    "configureHealthCheckDescription": "Configurer la surveillance de la santé pour {target}",
    "enableHealthChecks": "Activer les vérifications de santé",
    "healthCheckDisabledStateDescription": "Lorsqu'il est désactivé, le site ne procédera pas aux vérifications de santé et l'état sera considéré comme inconnu.",
    "enableHealthChecksDescription": "Surveiller la vie de cette cible. Vous pouvez surveiller un point de terminaison différent de la cible si nécessaire.",
    "healthScheme": "Méthode",
    "healthSelectScheme": "Sélectionnez la méthode",
-    "healthCheckPortInvalid": "Le port doit être compris entre 1 et 65535",
+    "healthCheckPortInvalid": "Le port du bilan de santé doit être compris entre 1 et 65535",
    "healthCheckPath": "Chemin d'accès",
    "healthHostname": "IP / Hôte",
    "healthPort": "Port",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Exiger les autorisations de l'appareil",
    "requireDeviceApprovalDescription": "Les utilisateurs ayant ce rôle ont besoin de nouveaux périphériques approuvés par un administrateur avant de pouvoir se connecter et accéder aux ressources.",
    "sshSettings": "Paramètres SSH",
    "sshAccess": "Accès SSH",
    "rdpSettings": "Paramètres RDP",
    "vncSettings": "Paramètres VNC",
    "sshServer": "Serveur SSH",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Assurez-vous que votre hôte cible est correctement configuré pour exécuter le daemon auth avant de terminer cette configuration, ou l'approvisionnement échouera.",
    "sshDaemonPort": "Port du Démon",
    "sshServerDestination": "Destination du Serveur",
-    "sshServerDestinationDescription": "Configurez la destination du serveur SSH",
+    "sshServerDestinationDescription": "Configurer la destination et le port du serveur SSH",
    "destination": "Destination",
    "destinationRequired": "La destination est requise.",
    "domainRequired": "Le domaine est requis.",
    "proxyPortRequired": "Le port est requis.",
    "invalidPathConfiguration": "Configuration de chemin invalide.",
    "invalidRewritePathConfiguration": "Configuration de réécriture de chemin invalide.",
    "bgTargetMultiSiteDisclaimer": "La sélection de plusieurs sites permet un routage résilient et une bascule pour une haute disponibilité.",
    "roleAllowSsh": "Autoriser SSH",
    "roleAllowSshAllow": "Autoriser",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.",
    "sshSudo": "Autoriser sudo",
    "sshSudoCommands": "Commandes Sudo",
-    "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo, séparées par des virgules, des espaces ou des nouvelles lignes. Les chemins absolus doivent être utilisés.",
+    "sshSudoCommandsDescription": "Liste de commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo. Des chemins absolus doivent être utilisés.",
    "sshCreateHomeDir": "Créer un répertoire personnel",
    "sshUnixGroups": "Groupes Unix",
-    "sshUnixGroupsDescription": "Groupes Unix auxquels ajouter l'utilisateur sur l'hôte cible, séparés par des virgules, des espaces, ou des nouvelles lignes.",
+    "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.",
    "roleTextFieldPlaceholder": "Entrez des valeurs, ou déposez un fichier .txt ou .csv",
    "roleTextImportTitle": "Importer depuis un fichier",
    "roleTextImportDescription": "Importation de {fileName} dans {fieldLabel}.",
    "roleTextImportSkipHeader": "Ignorer la première ligne (en-tête)",
    "roleTextImportOverride": "Remplacer l'existant",
    "roleTextImportAppend": "Ajouter à l'existant",
    "roleTextImportMode": "Mode d'importation",
    "roleTextImportPreview": "Aperçu",
    "roleTextImportItemCount": "{count, plural, =0 {Aucun élément à importer} one {1 élément à importer} other {# éléments à importer}}",
    "roleTextImportTotalCount": "{existing} existant + {imported} importé = {total} total",
    "roleTextImportConfirm": "Importer",
    "roleTextImportInvalidFile": "Type de fichier non pris en charge",
    "roleTextImportInvalidFileDescription": "Seuls les fichiers .txt et .csv sont pris en charge.",
    "roleTextImportEmpty": "Aucun élément trouvé dans le fichier",
    "roleTextImportEmptyDescription": "Le fichier ne contient aucun élément importable.",
    "retryAttempts": "Tentatives de réessai",
    "expectedResponseCodes": "Codes de réponse attendus",
    "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Activer le protocole Proxy",
    "proxyProtocolInfo": "Conserver les adresses IP du client pour les backends TCP",
    "proxyProtocolVersion": "Version du protocole proxy",
-    "version1": "Version 1 (Recommandée)",
+    "version1": " Version 1 (Recommandé)",
    "version2": "Version 2",
-    "version1Description": "Basé sur texte et largement pris en charge. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
+    "versionDescription": "La version 1 est basée sur du texte et est largement supportée. La version 2 est binaire et plus efficace mais moins compatible.",
    "version2Description": "Binaire et plus efficace mais moins compatible. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
    "warning": "Avertissement",
    "proxyProtocolWarning": "L'application backend doit être configurée pour accepter les connexions Proxy Protocol. Si votre backend ne prend pas en charge le protocole Proxy, l'activation de cette option va perturber toutes les connexions, donc n'activez cette option que si vous savez ce que vous faites. Assurez-vous de configurer votre backend pour faire confiance aux en-têtes du protocole Proxy de Traefik.",
    "restarting": "Redémarrage...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Entrez la confirmation",
    "blueprintViewDetails": "Détails",
    "defaultIdentityProvider": "Fournisseur d'identité par défaut",
-    "defaultIdentityProviderDescription": "L'utilisateur sera automatiquement redirigé vers ce fournisseur d'identité pour l'authentification.",
+    "defaultIdentityProviderDescription": "Lorsqu'un fournisseur d'identité par défaut est sélectionné, l'utilisateur sera automatiquement redirigé vers le fournisseur pour authentification.",
    "editInternalResourceDialogNetworkSettings": "Paramètres réseau",
    "editInternalResourceDialogAccessPolicy": "Politique d'accès",
    "editInternalResourceDialogAddRoles": "Ajouter des rôles",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Type de mode de maintenance",
    "showMaintenancePage": "Afficher une page de maintenance aux visiteurs",
    "enableMaintenanceMode": "Activer le mode de maintenance",
    "enableMaintenanceModeDescription": "Lorsqu'il est activé, les visiteurs verront une page de maintenance au lieu de votre ressource.",
    "automatic": "Automatique",
    "automaticModeDescription": "Afficher la page de maintenance uniquement lorsque toutes les cibles backend sont en panne ou dégradées. Votre ressource continue à fonctionner normalement tant qu'au moins une cible est en bonne santé.",
    "forced": "Forcé",
@@ -3182,8 +3082,6 @@
    "warning:": "Attention :",
    "forcedeModeWarning": "Tout le trafic sera dirigé vers la page de maintenance. Vos ressources backend ne recevront aucune demande.",
    "pageTitle": "Titre de la page",
    "maintenancePageContentSubsection": "Contenu de la page",
    "maintenancePageContentSubsectionDescription": "Personnalisez le contenu affiché sur la page de maintenance",
    "pageTitleDescription": "Le titre principal affiché sur la page de maintenance",
    "maintenancePageMessage": "Message de maintenance",
    "maintenancePageMessagePlaceholder": "Nous serons bientôt de retour ! Notre site est actuellement en maintenance planifiée.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Êtes-vous sûr de vouloir dissocier ce fournisseur d'identités de cette organisation?",
    "idpUnassociateDescription": "Tous les utilisateurs associés à ce fournisseur d'identités seront retirés de cette organisation, mais le fournisseur d'identités continuera d'exister pour d'autres organisations associées.",
    "idpUnassociateConfirm": "Confirmer la dissociation du fournisseur d'identités",
    "idpConfirmDeleteAndRemoveMeFromOrg": "SUPPRIMER ET ME RETIRER DE L'ORG",
    "idpUnassociateAndRemoveMeFromOrg": "DÉ-ASSOCIER ET ME RETIRER DE L'ORG",
    "idpUnassociateWarning": "Cela ne peut pas être annulé pour cette organisation.",
    "idpUnassociatedDescription": "Fournisseur d'identités dissocié de cette organisation avec succès",
    "idpUnassociateMenu": "Dissocier",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Connexion…",
    "sshInitializing": "Initialisation…",
    "sshSignInTitle": "Se connecter à SSH",
-    "sshSignInDescription": "Entrez vos identifiants SSH pour vous connecter",
+    "sshSignInDescription": "Entrez vos identifiants SSH",
    "sshPasswordTab": "Mot de passe",
    "sshPrivateKeyTab": "Clé Privée",
    "sshPrivateKeyField": "Clé Privée",
    "sshPrivateKeyDisclaimer": "Votre clé privée n'est pas stockée ou visible par Pangolin. Alternativement, vous pouvez utiliser des certificats de courte durée pour une authentification transparente utilisant votre identité Pangolin existante.",
    "sshLearnMore": "En savoir plus",
    "sshPrivateKeyFile": "Fichier de Clé Privée",
-    "sshAuthenticate": "Connecter",
+    "sshAuthenticate": "Authentifier",
    "sshTerminate": "Terminer",
    "sshPoweredBy": "Propulsé par",
    "sshErrorNoTarget": "Aucune cible spécifiée",
    "sshErrorWebSocket": "Échec de la connexion WebSocket",
    "sshErrorAuthFailed": "Échec de l'authentification",
-    "sshErrorConnectionClosed": "Connexion fermée avant que l'authentification soit terminée",
+    "sshErrorConnectionClosed": "Connexion fermée avant que l'authentification soit terminée"
    "sitePangolinSshDescription": "Autoriser l'accès SSH aux ressources sur ce site. Cela peut être modifié plus tard.",
    "browserGatewayNoResourceForDomain": "Aucune ressource trouvée pour ce domaine",
    "browserGatewayNoTarget": "Aucune cible",
    "browserGatewayConnect": "Connecter",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Suppr",
    "sshErrorSignKeyFailed": "Échec de la signature de la clé SSH pour l'authentification Push PAM. Vous êtes-vous connecté en tant qu'utilisateur ?",
    "sshTerminalError": "Erreur : {error}",
    "sshConnectionClosedCode": "Connexion fermée (code {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "Une clé privée est requise",
    "vncTitle": "VNC",
    "vncSignInDescription": "Entrez votre mot de passe VNC pour vous connecter",
    "vncPasswordOptional": "Mot de passe (facultatif)",
    "vncNoResourceTarget": "Aucune cible de ressource disponible",
    "vncFailedToLoadNovnc": "Échec du chargement de noVNC",
    "vncAuthFailedStatus": "Statut {status}",
    "vncPasteClipboard": "Coller le presse-papiers",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Se connecter au Bureau à distance",
    "rdpSignInDescription": "Entrez vos identifiants Windows pour vous connecter",
    "rdpLoadingModule": "Chargement du module...",
    "rdpFailedToLoadModule": "Échec du chargement du module RDP",
    "rdpNotReady": "Pas prêt",
    "rdpModuleInitializing": "Le module RDP est encore en cours d'initialisation",
    "rdpDownloadingFiles": "Téléchargement de {count} fichier(s) depuis le site distant…",
    "rdpDownloadFailed": "Échec du téléchargement : {fileName}",
    "rdpUploaded": "Téléchargé : {fileName}",
    "rdpNoConnectionTarget": "Aucune cible de connexion disponible",
    "rdpConnectionFailed": "Échec de la connexion",
    "rdpFit": "Ajuster",
    "rdpFull": "Plein",
    "rdpReal": "Réel",
    "rdpMeta": "Méta",
    "rdpUploadFiles": "Télécharger des fichiers",
    "rdpFilesReadyToPaste": "Fichiers prêts à coller",
    "rdpFilesReadyToPasteDescription": "{count} fichier(s) copié(s) vers le presse-papier distant — appuyez sur Ctrl+V sur le bureau distant pour coller.",
    "rdpUploadFailed": "Échec du téléchargement",
    "rdpUnicodeKeyboardMode": "Mode clavier Unicode",
    "sessionToolbarShow": "Afficher la barre d'outils",
    "sessionToolbarHide": "Masquer la barre d'outils"
 }
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Visualizza Risorse Private",
    "siteInstallNewt": "Installa Newt",
    "siteInstallNewtDescription": "Esegui Newt sul tuo sistema",
    "siteInstallKubernetesDocsDescription": "Per ulteriori informazioni aggiornate sull'installazione di Kubernetes, consulta <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Per le istruzioni sull'installazione del modem Advantech, consulta <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configurazione WireGuard",
    "WgConfigurationDescription": "Utilizzare la seguente configurazione per connettersi alla rete",
    "operatingSystem": "Sistema Operativo",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Potrai vederlo solo una volta. Assicurati di copiarlo in un luogo sicuro.",
    "siteInfo": "Informazioni Sito",
    "status": "Stato",
-    "shareTitle": "Gestisci Collegamenti Condivisibili",
+    "shareTitle": "Gestisci Collegamenti Di Condivisione",
    "shareDescription": "Crea link condivisibili per concedere accesso temporaneo o permanente alle risorse proxy",
-    "shareSearch": "Cerca collegamenti condivisibili...",
+    "shareSearch": "Cerca link condivisi...",
-    "shareCreate": "Crea Collegamento Condivisibile",
+    "shareCreate": "Crea Link Di Condivisione",
    "shareErrorDelete": "Impossibile eliminare il link",
    "shareErrorDeleteMessage": "Si è verificato un errore durante l'eliminazione del link",
    "shareDeleted": "Link eliminato",
    "shareDeletedDescription": "Il link è stato eliminato",
-    "shareDelete": "Elimina Collegamento Condivisibile",
+    "shareDelete": "Elimina Link di Condivisione",
-    "shareDeleteConfirm": "Conferma Eliminazione Collegamento Condivisibile",
+    "shareDeleteConfirm": "Conferma Eliminazione Link di Condivisione",
    "shareQuestionRemove": "Sei sicuro di voler eliminare questo link di condivisione?",
    "shareMessageRemove": "Una volta eliminato, il link non funzionerà più e chiunque lo utilizzi perderà l'accesso alla risorsa.",
    "shareTokenDescription": "Il token di accesso può essere passato in due modi: come parametro di interrogazione o nelle intestazioni della richiesta. Questi devono essere passati dal client su ogni richiesta di accesso autenticato.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Chiunque con questo link può accedere alla risorsa",
    "shareTitleOptional": "Titolo (facoltativo)",
    "sharePathOptional": "Percorso (opzionale)",
    "sharePathDescription": "Il link reindirizzerà gli utenti a questo percorso dopo l'autenticazione.",
    "expireIn": "Scadenza In",
    "neverExpire": "Nessuna scadenza",
    "shareExpireDescription": "Il tempo di scadenza indica per quanto tempo il link sarà utilizzabile e fornirà accesso alla risorsa. Dopo questo tempo, il link non funzionerà più e gli utenti che hanno utilizzato questo link perderanno l'accesso alla risorsa.",
@@ -204,7 +201,7 @@
    "proxyResourceTitle": "Gestisci Risorse Pubbliche",
    "proxyResourceDescription": "Creare e gestire risorse pubbliche accessibili tramite un browser web",
    "publicResourcesBannerTitle": "Accesso Pubblico Basato sul Web",
-    "publicResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS accessibili a chiunque su Internet tramite un browser web. A differenza delle risorse private, non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
+    "publicResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS o TCP/UDP accessibili da chiunque tramite Internet da un browser web. A differenza delle risorse private non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
    "clientResourceTitle": "Gestisci Risorse Private",
    "clientResourceDescription": "Crea e gestisci risorse accessibili solo tramite un client connesso",
    "privateResourcesBannerTitle": "Accesso Privato Zero-Trust",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Cerca risorse...",
    "resourceAdd": "Aggiungi Risorsa",
    "resourceErrorDelte": "Errore nell'eliminare la risorsa",
-    "resourcePoliciesBannerTitle": "Riutilizza Regole di Autenticazione e Accesso",
+    "resourcePoliciesTitle": "Gestisci Politiche sulle Risorse",
-    "resourcePoliciesBannerDescription": "Le politiche di risorsa condivise ti permettono di definire metodi di autenticazione e regole di accesso una volta, poi di applicarle a più risorse pubbliche. Quando aggiorni una politica, ogni risorsa collegata eredita il cambiamento automaticamente.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Risorse collegate",
    "resourcePoliciesBannerButtonText": "Scopri di più",
    "resourcePoliciesTitle": "Gestisci Politiche delle Risorse Pubbliche",
    "resourcePoliciesAttachedResourcesColumnTitle": "Risorse",
    "resourcePoliciesAttachedResources": "{count} risorsa(e)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# risorsa} other {# risorse}}",
    "resourcePoliciesAttachedResourcesEmpty": "nessuna risorsa",
-    "resourcePoliciesDescription": "Crea e gestisci politiche d'autenticazione per controllare l'accesso alle tue risorse pubbliche",
+    "resourcePoliciesDescription": "Crea e gestisci le politiche di autenticazione per controllare l'accesso alle tue risorse",
    "resourcePoliciesSearch": "Cerca politiche...",
    "resourcePoliciesAdd": "Aggiungi Politica",
    "resourcePoliciesDefaultBadgeText": "Politica Predefinita",
-    "resourcePoliciesCreate": "Crea Politica Risorse Pubbliche",
+    "resourcePoliciesCreate": "Crea Politica Risorse",
    "resourcePoliciesCreateDescription": "Segui i passaggi seguenti per creare una nuova politica",
    "resourcePolicyName": "Nome Politica",
    "resourcePolicyNameDescription": "Dai un nome a questa politica per identificarla tra le tue risorse",
@@ -281,7 +274,7 @@
    "back": "Indietro",
    "cancel": "Annulla",
    "resourceConfig": "Snippet Di Configurazione",
-    "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP.",
+    "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP",
    "resourceAddEntrypoints": "Traefik: Aggiungi Entrypoint",
    "resourceExposePorts": "Gerbil: espone le porte in Docker Compose",
    "resourceLearnRaw": "Scopri come configurare le risorse TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Elimina Etichetta",
    "labelAdd": "Aggiungi Etichetta",
    "labelCreateSuccessMessage": "Etichetta Creata con Successo",
    "labelDuplicateError": "Etichetta Duplicata",
    "labelDuplicateErrorDescription": "Esiste già un'etichetta con questo nome.",
    "labelEditSuccessMessage": "Etichetta Modificata con Successo",
    "labelNameField": "Nome Etichetta",
    "labelColorField": "Colore Etichetta",
@@ -320,7 +311,7 @@
    "rules": "Regole",
    "resourceSettingDescription": "Configura le impostazioni sulla risorsa",
    "resourceSetting": "Impostazioni {resourceName}",
-    "resourcePolicySettingDescription": "Configura le impostazioni su questa politica di risorsa pubblica",
+    "resourcePolicySettingDescription": "Configura le impostazioni sulla politica delle risorse",
    "resourcePolicySetting": "Impostazioni del sito {policyName}",
    "alwaysAllow": "Bypass Autenticazione",
    "alwaysDeny": "Blocca Accesso",
@@ -728,7 +719,7 @@
    "targetSubmit": "Aggiungi Target",
    "targetNoOne": "Questa risorsa non ha destinazioni. Aggiungi un obiettivo per configurare dove inviare richieste al backend.",
    "targetNoOneDescription": "L'aggiunta di più di un target abiliterà il bilanciamento del carico.",
-    "targetsSubmit": "Salva Impostazioni",
+    "targetsSubmit": "Salva Target",
    "addTarget": "Aggiungi Target",
    "proxyMultiSiteRoundRobinNodeHelp": "Il routing round robin non funzionerà tra siti che non sono connessi allo stesso nodo, ma il failover funzionerà.",
    "targetErrorInvalidIp": "Indirizzo IP non valido",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Regola duplicata",
    "rulesErrorDuplicateDescription": "Esiste già una regola con queste impostazioni",
    "rulesErrorInvalidIpAddressRange": "CIDR non valido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un intervallo CIDR valido (es., 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un valore CIDR valido",
-    "rulesErrorInvalidUrl": "Percorso non valido",
+    "rulesErrorInvalidUrl": "Percorso URL non valido",
-    "rulesErrorInvalidUrlDescription": "Inserisci un percorso URL valido o un pattern (es., /api/*).",
+    "rulesErrorInvalidUrlDescription": "Inserisci un valore di percorso URL valido",
-    "rulesErrorInvalidIpAddress": "Indirizzo IP non valido",
+    "rulesErrorInvalidIpAddress": "IP non valido",
-    "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IPv4 o IPv6 valido.",
+    "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IP valido",
    "rulesErrorUpdate": "Impossibile aggiornare le regole",
    "rulesErrorUpdateDescription": "Si è verificato un errore durante l'aggiornamento delle regole",
    "rulesUpdated": "Abilita Regole",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "Inserisci un indirizzo in formato CIDR (es. 103.21.244.0/22)",
    "rulesMatchIpAddress": "Inserisci un indirizzo IP (es. 103.21.244.12)",
    "rulesMatchUrl": "Inserisci un percorso URL o pattern (es. /api/v1/todos o /api/v1/*)",
-    "rulesErrorInvalidPriority": "Priorità non valida",
+    "rulesErrorInvalidPriority": "Priorità Non Valida",
-    "rulesErrorInvalidPriorityDescription": "Inserisci un numero intero di 1 o superiore.",
+    "rulesErrorInvalidPriorityDescription": "Inserisci una priorità valida",
-    "rulesErrorDuplicatePriority": "Priorità duplicate",
+    "rulesErrorDuplicatePriority": "Priorità Duplicate",
-    "rulesErrorDuplicatePriorityDescription": "Ogni regola deve avere un numero di priorità univoco.",
+    "rulesErrorDuplicatePriorityDescription": "Inserisci priorità uniche",
    "rulesErrorValidation": "Regole non valide",
    "rulesErrorValidationRuleDescription": "Regola {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Seleziona un tipo di corrispondenza valido (percorso, IP, CIDR, paese, regione o ASN).",
    "rulesErrorValueRequired": "Inserisci un valore per questa regola.",
    "rulesErrorInvalidCountry": "Nazione non valida",
    "rulesErrorInvalidCountryDescription": "Seleziona un paese valido.",
    "rulesErrorInvalidAsn": "ASN non valido",
    "rulesErrorInvalidAsnDescription": "Inserisci un ASN valido (es., AS15169).",
    "ruleUpdated": "Regole aggiornate",
    "ruleUpdatedDescription": "Regole aggiornate con successo",
    "ruleErrorUpdate": "Operazione fallita",
    "ruleErrorUpdateDescription": "Si è verificato un errore durante il salvataggio",
    "rulesPriority": "Priorità",
    "rulesReorderDragHandle": "Trascina per riorganizzare la priorità delle regole",
    "rulesAction": "Azione",
    "rulesMatchType": "Tipo di Corrispondenza",
    "value": "Valore",
@@ -810,7 +792,7 @@
    "rulesResource": "Configurazione Regole Risorsa",
    "rulesResourceDescription": "Configura le regole per controllare l'accesso alla risorsa",
    "ruleSubmit": "Aggiungi Regola",
-    "rulesNoOne": "Nessuna regola ancora.",
+    "rulesNoOne": "Nessuna regola. Aggiungi una regola usando il modulo.",
    "rulesOrder": "Le regole sono valutate per priorità in ordine crescente.",
    "rulesSubmit": "Salva Regole",
    "policyErrorCreate": "Errore nella creazione della politica",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Si è verificato un errore imprevisto",
    "policyCreatedSuccess": "Politica risorse creata con successo",
    "policyUpdatedSuccess": "Politica risorse aggiornata con successo",
-    "authMethodsSave": "Salva Impostazioni",
+    "authMethodsSave": "Salva metodi di autenticazione",
    "policyAuthStackTitle": "Autenticazione",
    "policyAuthStackDescription": "Controlla quali metodi di autenticazione sono richiesti per accedere a questa risorsa",
    "policyAuthOrLogicTitle": "Più metodi di autenticazione attivi",
    "policyAuthOrLogicBanner": "I visitatori possono autenticarsi utilizzando uno qualsiasi dei metodi attivi sottostanti. Non è necessario completarli tutti.",
    "policyAuthMethodActive": "Attivo",
    "policyAuthMethodOff": "Disattivo",
    "policyAuthSsoTitle": "SSO della Piattaforma",
    "policyAuthSsoDescription": "Richiedi l'accesso tramite il provider di identità della tua organizzazione",
    "policyAuthSsoSummary": "{idp} · {users} utenti, {roles} ruoli",
    "policyAuthSsoDefaultIdp": "Provider predefinito",
    "policyAuthAddDefaultIdentityProvider": "Aggiungi Provider di Identità Predefinito",
    "policyAuthOtherMethodsTitle": "Altri Metodi",
    "policyAuthOtherMethodsDescription": "Metodi opzionali che i visitatori possono utilizzare al posto o insieme al SSO della piattaforma",
    "policyAuthPasscodeTitle": "Codice di Accesso",
    "policyAuthPasscodeDescription": "Richiedi un codice alfanumerico condiviso per accedere alla risorsa",
    "policyAuthPasscodeSummary": "Codice di accesso impostato",
    "policyAuthPincodeTitle": "Codice PIN",
    "policyAuthPincodeDescription": "Un breve codice numerico richiesto per accedere alla risorsa",
    "policyAuthPincodeSummary": "Codice PIN a 6 cifre impostato",
    "policyAuthEmailTitle": "Lista Autorizzazioni Email",
    "policyAuthEmailDescription": "Consenti indirizzi email elencati con password monouso",
    "policyAuthEmailSummary": "{count} indirizzi consentiti",
    "policyAuthEmailOtpCallout": "L'abilitazione dell'elenco email invia una password monouso all'email del visitatore durante il login.",
    "policyAuthHeaderAuthTitle": "Autenticazione Header Base",
    "policyAuthHeaderAuthDescription": "Convalida un nome e un valore di intestazione HTTP personalizzato su ogni richiesta",
    "policyAuthHeaderAuthSummary": "Intestazione configurata",
    "policyAuthHeaderName": "Nome dell'intestazione",
    "policyAuthHeaderValue": "Valore atteso",
    "policyAuthSetPasscode": "Imposta Codice di Accesso",
    "policyAuthSetPincode": "Imposta Codice PIN",
    "policyAuthSetEmailWhitelist": "Imposta Lista Autorizzazioni Email",
    "policyAuthSetHeaderAuth": "Imposta Autenticazione Header Base",
    "policyAccessRulesTitle": "Regole di Accesso",
    "policyAccessRulesEnableDescription": "Quando abilitate, le regole vengono valutate in ordine discendente finché una non è vera.",
    "policyAccessRulesFirstMatch": "Le regole sono valutate dall'alto verso il basso. La prima regola corrispondente decide il risultato.",
    "policyAccessRulesHowItWorks": "Le regole corrispondono alle richieste per percorso, indirizzo IP, posizione o altri criteri. Ogni regola applica un'azione: bypassa l'autenticazione, blocca l'accesso o passa all'autenticazione. Se nessuna regola corrisponde, il traffico continua all'autenticazione.",
    "policyAccessRulesFallthroughOff": "Quando le regole sono disabilitate, tutto il traffico passa all'autenticazione.",
    "policyAccessRulesFallthroughOn": "Quando nessuna regola corrisponde, il traffico passa all'autenticazione.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Salva Regole",
    "resourceErrorCreate": "Errore nella creazione della risorsa",
    "resourceErrorCreateDescription": "Si è verificato un errore durante la creazione della risorsa",
@@ -885,7 +826,7 @@
    "accessControl": "Controllo Accessi",
    "shareLink": "Link di Condivisione {resource}",
    "resourceSelect": "Seleziona risorsa",
-    "shareLinks": "Collegamenti Condivisibili",
+    "shareLinks": "Link di Condivisione",
    "share": "Link Condivisibili",
    "shareDescription2": "Crea link condivisibili alle risorse. I link forniscono un accesso temporaneo o illimitato alla tua risorsa. È possibile configurare la durata di scadenza del collegamento quando ne viene creato uno.",
    "shareEasyCreate": "Facile da creare e condividere",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Gli amministratori possono sempre accedere a questa risorsa.",
    "resourcePolicySelectTitle": "Politica di Accesso Risorse",
    "resourcePolicySelectDescription": "Seleziona il tipo di politica delle risorse per l'autenticazione",
    "resourcePolicyTypeLabel": "Tipo di politica",
    "resourcePolicyLabel": "Politica delle risorse",
    "resourcePolicyInline": "Politica Inline delle Risorse",
    "resourcePolicyInlineDescription": "Politica di Accesso limitata solo a questa risorsa",
    "resourcePolicyShared": "Politica Condivisa delle Risorse",
-    "resourcePolicySharedDescription": "Questa risorsa utilizza una politica condivisa.",
+    "resourcePolicySharedDescription": "Questa risorsa utilizza una politica condivisa. Le impostazioni a livello di politica (metodi di autenticazione, email whitelist) sono bloccate. Puoi aggiungere regole, ruoli e utenti specifici per la risorsa di seguito.",
    "sharedPolicy": "Politica Condivisa",
    "sharedPolicyNoneDescription": "Questa risorsa ha la sua politica.",
    "resourceSharedPolicyOwnDescription": "Questa risorsa ha il controllo delle proprie regole di autenticazione e accesso.",
    "resourceSharedPolicyInheritedDescription": "Questa risorsa eredita da <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Questa risorsa utilizza una politica condivisa. Alcune impostazioni di autenticazione possono essere modificate su questa risorsa per aggiungerle alla politica. Per cambiare la politica sottostante, devi modificare <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Questa risorsa utilizza una politica condivisa. Alcune regole di accesso possono essere modificate su questa risorsa. Per cambiare la politica sottostante, devi modificare <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controlli di Accesso",
    "resourceUsersRolesDescription": "Configura quali utenti e ruoli possono visitare questa risorsa",
    "resourceUsersRolesSubmit": "Salva Controlli di Accesso",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Visibilità",
    "resourceVisibilityTitleDescription": "Abilita o disabilita completamente la visibilità della risorsa",
    "resourceGeneral": "Impostazioni Generali",
-    "resourceGeneralDescription": "Configura nome, indirizzo e politica di accesso per questa risorsa.",
+    "resourceGeneralDescription": "Configura le impostazioni generali per questa risorsa",
    "resourceGeneralDetailsSubsection": "Dettagli Risorsa",
    "resourceGeneralDetailsSubsectionDescription": "Imposta il nome visualizzato, l'identificatore e il dominio pubblicamente accessibile per questa risorsa.",
    "resourceGeneralDetailsSubsectionPortDescription": "Imposta il nome visualizzato, l'identificatore e la porta pubblica per questa risorsa.",
    "resourceGeneralPublicAddressSubsection": "Indirizzo Pubblico",
    "resourceGeneralPublicAddressSubsectionDescription": "Configura come gli utenti raggiungono questa risorsa.",
    "resourceGeneralAuthenticationAccessSubsection": "Autenticazione e Accesso",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Scegli se questa risorsa utilizza la sua politica o eredita da una politica condivisa.",
    "resourceEnable": "Abilita Risorsa",
    "resourceTransfer": "Trasferisci Risorsa",
    "resourceTransferDescription": "Trasferisci questa risorsa a un sito diverso",
@@ -1294,14 +1220,11 @@
    "addLabels": "Aggiungi etichette",
    "siteLabelsTab": "Etichette",
    "siteLabelsDescription": "Gestisci le etichette associate a questo sito.",
-    "labelsNotFound": "Nessuna etichetta trovata.",
+    "labelsNotFound": "Etichette non trovate",
    "labelsEmptyCreateHint": "Inizia a digitare sopra per creare un'etichetta.",
    "labelSearch": "Cerca etichette",
    "labelSearchOrCreate": "Cerca o crea un'etichetta",
    "accessLabelFilterCount": "{count, plural, one {# etichetta} other {# etichette}}",
    "labelOverflowCount": "+{count, plural, one {# etichetta} other {# etichette}}",
    "accessLabelFilterClear": "Cancella filtri etichette",
    "accessFilterClear": "Cancella filtri",
    "selectColor": "Seleziona colore",
    "createNewLabel": "Crea nuova etichetta dell'organizzazione \"{label}\"",
    "inviteInvalidDescription": "Il link di invito non è valido.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Risorse",
    "sidebarProxyResources": "Pubblico",
    "sidebarClientResources": "Privato",
-    "sidebarPolicies": "Politiche Condivise",
+    "sidebarPolicies": "Politiche",
-    "sidebarResourcePolicies": "Risorse Pubbliche",
+    "sidebarResourcePolicies": "Risorse",
    "sidebarAccessControl": "Controllo Accesso",
    "sidebarLogsAndAnalytics": "Registri E Analisi",
    "sidebarTeam": "Squadra",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Amministratore",
    "sidebarInvitations": "Inviti",
    "sidebarRoles": "Ruoli",
-    "sidebarShareableLinks": "Collegamenti Condivisibili",
+    "sidebarShareableLinks": "Collegamenti",
    "sidebarApiKeys": "Chiavi API",
    "sidebarProvisioning": "Accantonamento",
    "sidebarSettings": "Impostazioni",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Risorsa {id}",
    "blueprints": "Progetti",
    "blueprintsLog": "Registro Progetti",
-    "blueprintsDescription": "Visualizza le applicazioni blueprint passate e i loro risultati o applica un nuovo blueprint",
+    "blueprintsDescription": "Visualizza le applicazioni passate dei progetti e i loro risultati",
    "blueprintAdd": "Aggiungi Progetto",
    "blueprintGoBack": "Vedi tutti i progetti",
    "blueprintCreate": "Crea Progetto",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Abilita Progetto Docker",
    "enableDockerSocketDescription": "Abilita lo scraping delle etichette Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito al connettore del sito. Leggi come funziona nel <docsLink>documentazione</docsLink>.",
    "newtAutoUpdate": "Abilita Aggiornamento Automatico del Sito",
-    "newtAutoUpdateDescription": "Quando abilitati, i connettori del sito scaricheranno automaticamente l'ultima versione e si riavvieranno. Questo può essere sovrascritto caso per caso.",
+    "newtAutoUpdateDescription": "Quando abilitato, i connettori di sito si aggiorneranno automaticamente all'ultima versione quando è disponibile un nuovo rilascio.",
    "siteAutoUpdate": "Aggiornamento Automatico del Sito",
    "siteAutoUpdateLabel": "Abilita Aggiornamento Automatico",
-    "siteAutoUpdateDescription": "Quando abilitato, il connettore di questo sito scaricherà automaticamente l'ultima versione e si riavvierà.",
+    "siteAutoUpdateDescription": "Controlla se il connettore di questo sito scarica automaticamente l'ultima versione.",
    "siteAutoUpdateOrgDefault": "Predefinito dell'organizzazione: {state}",
    "siteAutoUpdateOverriding": "Sovrascrivere le impostazioni dell'organizzazione",
    "siteAutoUpdateResetToOrg": "Reimposta al Predefinito dell'Organizzazione",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Configurazione dell'account completata! Benvenuto su Pangolin!",
    "documentation": "Documentazione",
    "saveAllSettings": "Salva Tutte le Impostazioni",
-    "saveResourceTargets": "Salva Impostazioni",
+    "saveResourceTargets": "Salva Target",
-    "saveResourceHttp": "Salva Impostazioni",
+    "saveResourceHttp": "Salva Impostazioni Proxy",
-    "saveProxyProtocol": "Salva Impostazioni",
+    "saveProxyProtocol": "Salva impostazioni protocollo proxy",
    "settingsUpdated": "Impostazioni aggiornate",
    "settingsUpdatedDescription": "Impostazioni aggiornate con successo",
    "settingsErrorUpdate": "Impossibile aggiornare le impostazioni",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Sconosciuto",
    "healthCheck": "Controllo Salute",
    "configureHealthCheck": "Configura Controllo Salute",
-    "configureHealthCheckDescription": "Imposta il monitoraggio per la tua risorsa per assicurarti che sia sempre disponibile",
+    "configureHealthCheckDescription": "Imposta il monitoraggio della salute per {target}",
    "enableHealthChecks": "Abilita i Controlli di Salute",
    "healthCheckDisabledStateDescription": "Quando disabilitato, il sito non eseguirà controlli di integrità e lo stato sarà considerato sconosciuto.",
    "enableHealthChecksDescription": "Monitorare lo stato di salute di questo obiettivo. Se necessario, è possibile monitorare un endpoint diverso da quello del bersaglio.",
    "healthScheme": "Metodo",
    "healthSelectScheme": "Seleziona Metodo",
-    "healthCheckPortInvalid": "La porta deve essere compresa tra 1 e 65535",
+    "healthCheckPortInvalid": "La porta di controllo dello stato di salute deve essere compresa tra 1 e 65535",
    "healthCheckPath": "Percorso",
    "healthHostname": "IP / Nome host",
    "healthPort": "Porta",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Richiede Approvazioni Dispositivo",
    "requireDeviceApprovalDescription": "Gli utenti con questo ruolo hanno bisogno di nuovi dispositivi approvati da un amministratore prima di poter connettersi e accedere alle risorse.",
    "sshSettings": "Impostazioni SSH",
    "sshAccess": "Accesso SSH",
    "rdpSettings": "Impostazioni RDP",
    "vncSettings": "Impostazioni VNC",
    "sshServer": "Server SSH",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Assicurati che l'host target sia correttamente configurato per eseguire il demone di autenticazione prima di completare questa configurazione, altrimenti il provisioning fallirà.",
    "sshDaemonPort": "Porta Daemon",
    "sshServerDestination": "Destinazione Server",
-    "sshServerDestinationDescription": "Configura la destinazione del server SSH",
+    "sshServerDestinationDescription": "Configura la destinazione e la porta del server SSH",
    "destination": "Destinazione",
    "destinationRequired": "La destinazione è obbligatoria.",
    "domainRequired": "Il dominio è obbligatorio.",
    "proxyPortRequired": "La porta è obbligatoria.",
    "invalidPathConfiguration": "Configurazione percorso non valida.",
    "invalidRewritePathConfiguration": "Configurazione percorso di riscrittura non valida.",
    "bgTargetMultiSiteDisclaimer": "Selezionare più siti abilita instradamento resiliente e failover per alta disponibilità.",
    "roleAllowSsh": "Consenti SSH",
    "roleAllowSshAllow": "Consenti",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.",
    "sshSudo": "Consenti sudo",
    "sshSudoCommands": "Comandi Sudo",
-    "sshSudoCommandsDescription": "Elenco di comandi che l'utente è autorizzato ad eseguire con sudo, separati da virgole, spazi o nuove righe. Devono essere utilizzati percorsi assoluti.",
+    "sshSudoCommandsDescription": "Elenco separato da virgole di comandi che l'utente è autorizzato a eseguire con sudo. Devono essere utilizzati percorsi assoluti.",
    "sshCreateHomeDir": "Crea Cartella Home",
    "sshUnixGroups": "Gruppi Unix",
-    "sshUnixGroupsDescription": "Gruppi Unix a cui aggiungere l'utente sull'host di destinazione, separati da virgole, spazi o nuove righe.",
+    "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.",
    "roleTextFieldPlaceholder": "Inserisci i valori o rilascia un file .txt o .csv",
    "roleTextImportTitle": "Importa da File",
    "roleTextImportDescription": "Importazione di {fileName} in {fieldLabel}.",
    "roleTextImportSkipHeader": "Ignora Prima Riga (Intestazione)",
    "roleTextImportOverride": "Sostituisci Esistente",
    "roleTextImportAppend": "Aggiungi a Esistente",
    "roleTextImportMode": "Modalità Importazione",
    "roleTextImportPreview": "Anteprima",
    "roleTextImportItemCount": "{count, plural, =0 {Nessun elemento da importare} one {1 elemento da importare} other {# elementi da importare}}",
    "roleTextImportTotalCount": "{existing} esistente + {imported} importato = {total} totale",
    "roleTextImportConfirm": "Importa",
    "roleTextImportInvalidFile": "Tipo di file non supportato",
    "roleTextImportInvalidFileDescription": "Sono supportati solo file .txt e .csv.",
    "roleTextImportEmpty": "Nessun elemento trovato nel file",
    "roleTextImportEmptyDescription": "Il file non contiene elementi importabili.",
    "retryAttempts": "Tentativi di Riprova",
    "expectedResponseCodes": "Codici di Risposta Attesi",
    "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Abilita Protocollo Proxy",
    "proxyProtocolInfo": "Conserva gli indirizzi IP del client per i backend TCP",
    "proxyProtocolVersion": "Versione Protocollo Proxy",
-    "version1": "Versione 1 (Consigliato)",
+    "version1": " Versione 1 (Consigliato)",
    "version2": "Versione 2",
-    "version1Description": "Testuale e ampiamente supportata. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
+    "versionDescription": "La versione 1 è testuale e ampiamente supportata. La versione 2 è binaria e più efficiente, ma meno compatibile.",
    "version2Description": "Binaria e più efficiente ma meno compatibile. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
    "warning": "Attenzione",
    "proxyProtocolWarning": "L'applicazione backend deve essere configurata per accettare le connessioni del protocollo proxy. Se il tuo backend non supporta il protocollo proxy, abilitarlo interromperà tutte le connessioni, quindi attivalo solo se sai cosa stai facendo. Assicurati di configurare il tuo backend per fidarti delle intestazioni del protocollo proxy da Traefik.",
    "restarting": "Riavvio...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Inserisci conferma",
    "blueprintViewDetails": "Dettagli",
    "defaultIdentityProvider": "Provider di Identità Predefinito",
-    "defaultIdentityProviderDescription": "L'utente verrà automaticamente reindirizzato a questo provider di identità per l'autenticazione.",
+    "defaultIdentityProviderDescription": "Quando viene selezionato un provider di identità predefinito, l'utente verrà automaticamente reindirizzato al provider per l'autenticazione.",
    "editInternalResourceDialogNetworkSettings": "Impostazioni di Rete",
    "editInternalResourceDialogAccessPolicy": "Politica di Accesso",
    "editInternalResourceDialogAddRoles": "Aggiungi Ruoli",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Tipo di Modalità di Manutenzione",
    "showMaintenancePage": "Mostra una pagina di manutenzione ai visitatori",
    "enableMaintenanceMode": "Abilita Modalità di Manutenzione",
    "enableMaintenanceModeDescription": "Quando abilitato, i visitatori vedranno una pagina di manutenzione invece della tua risorsa.",
    "automatic": "Automatico",
    "automaticModeDescription": "Mostra pagina di manutenzione solo quando tutti i target del backend sono inattivi o non in salute. La tua risorsa continua a funzionare normalmente finché almeno un target è in salute.",
    "forced": "Forzato",
@@ -3182,8 +3082,6 @@
    "warning:": "Avviso:",
    "forcedeModeWarning": "Tutto il traffico verrà indirizzato alla pagina di manutenzione. Le risorse del tuo backend non riceveranno richieste.",
    "pageTitle": "Titolo Pagina",
    "maintenancePageContentSubsection": "Contenuto della Pagina",
    "maintenancePageContentSubsectionDescription": "Personalizza il contenuto visualizzato sulla pagina di manutenzione",
    "pageTitleDescription": "L'intestazione principale visualizzata sulla pagina di manutenzione",
    "maintenancePageMessage": "Messaggio di Manutenzione",
    "maintenancePageMessagePlaceholder": "Torneremo presto! Il nostro sito è attualmente in manutenzione programmata.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Sei sicuro di voler disassociare questo provider di identità da questa organizzazione?",
    "idpUnassociateDescription": "Tutti gli utenti associati a questo provider di identità verranno rimossi da questa organizzazione, ma il provider di identità continuerà ad esistere per altre organizzazioni associate.",
    "idpUnassociateConfirm": "Conferma Disassociazione Provider di Identità",
    "idpConfirmDeleteAndRemoveMeFromOrg": "CANCELLA E RIMUOVIMI DALL'ORGANIZZAZIONE",
    "idpUnassociateAndRemoveMeFromOrg": "DISASSOCIA E RIMUOVIMI DALL'ORGANIZZAZIONE",
    "idpUnassociateWarning": "Questo non può essere annullato per questa organizzazione.",
    "idpUnassociatedDescription": "Provider di identità disassociato con successo da questa organizzazione",
    "idpUnassociateMenu": "Disassocia",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Connessione…",
    "sshInitializing": "Inizializzazione…",
    "sshSignInTitle": "Accedi a SSH",
-    "sshSignInDescription": "Inserisci le tue credenziali SSH per connetterti",
+    "sshSignInDescription": "Inserisci le tue credenziali SSH",
    "sshPasswordTab": "Password",
    "sshPrivateKeyTab": "Chiave Privata",
    "sshPrivateKeyField": "Chiave Privata",
    "sshPrivateKeyDisclaimer": "La tua chiave privata non è memorizzata o visibile a Pangolin. In alternativa, puoi utilizzare certificati a vita breve per un'autenticazione continua utilizzando la tua identità Pangolin esistente.",
    "sshLearnMore": "Scopri di più",
    "sshPrivateKeyFile": "File Chiave Privata",
-    "sshAuthenticate": "Connetti",
+    "sshAuthenticate": "Autentica",
    "sshTerminate": "Termina",
    "sshPoweredBy": "Offerto da",
    "sshErrorNoTarget": "Nessun obiettivo specificato",
    "sshErrorWebSocket": "Connessione WebSocket fallita",
    "sshErrorAuthFailed": "Autenticazione fallita",
-    "sshErrorConnectionClosed": "Connessione chiusa prima del completamento dell'autenticazione",
+    "sshErrorConnectionClosed": "Connessione chiusa prima del completamento dell'autenticazione"
    "sitePangolinSshDescription": "Consenti l'accesso SSH alle risorse su questo sito. Questo può essere modificato in seguito.",
    "browserGatewayNoResourceForDomain": "Nessuna risorsa trovata per questo dominio",
    "browserGatewayNoTarget": "Nessun bersaglio",
    "browserGatewayConnect": "Connetti",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Canc",
    "sshErrorSignKeyFailed": "Impossibile firmare la chiave SSH per l'autenticazione push PAM. Ti sei autenticato come utente?",
    "sshTerminalError": "Errore: {error}",
    "sshConnectionClosedCode": "Connessione chiusa (codice {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "È richiesta una chiave privata",
    "vncTitle": "VNC",
    "vncSignInDescription": "Inserisci la tua password VNC per connetterti",
    "vncPasswordOptional": "Password (opzionale)",
    "vncNoResourceTarget": "Nessun bersaglio di risorsa disponibile",
    "vncFailedToLoadNovnc": "Impossibile caricare noVNC",
    "vncAuthFailedStatus": "Stato {status}",
    "vncPasteClipboard": "Incolla appunti",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Accedi al Desktop Remoto",
    "rdpSignInDescription": "Inserisci le credenziali di Windows per connetterti",
    "rdpLoadingModule": "Caricamento modulo...",
    "rdpFailedToLoadModule": "Impossibile caricare il modulo RDP",
    "rdpNotReady": "Non pronto",
    "rdpModuleInitializing": "Il modulo RDP è ancora in inizializzazione",
    "rdpDownloadingFiles": "Scaricamento di {count} file(s) da remoto…",
    "rdpDownloadFailed": "Download fallito: {fileName}",
    "rdpUploaded": "Caricato: {fileName}",
    "rdpNoConnectionTarget": "Nessun bersaglio di connessione disponibile",
    "rdpConnectionFailed": "Connessione fallita",
    "rdpFit": "Adatta",
    "rdpFull": "Completo",
    "rdpReal": "Reale",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Carica file",
    "rdpFilesReadyToPaste": "File pronti per essere incollati",
    "rdpFilesReadyToPasteDescription": "{count} file(s) copiati negli appunti remoti — premi Ctrl+V sul desktop remoto per incollare.",
    "rdpUploadFailed": "Caricamento fallito",
    "rdpUnicodeKeyboardMode": "Modalità tastiera Unicode",
    "sessionToolbarShow": "Mostra barra degli strumenti",
    "sessionToolbarHide": "Nascondi barra degli strumenti"
 }
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "개인 리소스 보기",
    "siteInstallNewt": "Newt 설치",
    "siteInstallNewtDescription": "시스템에서 Newt 실행하기",
    "siteInstallKubernetesDocsDescription": "더 많은 정보와 최신의 쿠버네티스 설치 정보를 보려면 <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>를 참조하세요.",
    "siteInstallAdvantechDocsDescription": "Advantech 모뎀 설치 지침은 <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>을 참조하세요.",
    "WgConfiguration": "WireGuard 구성",
    "WgConfigurationDescription": "네트워크에 연결하기 위한 다음 구성을 사용하세요.",
    "operatingSystem": "운영 체제",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
    "siteInfo": "사이트 정보",
    "status": "상태",
-    "shareTitle": "공유 가능한 링크 관리",
+    "shareTitle": "공유 링크 관리",
    "shareDescription": "공유 가능한 링크를 생성하여 프록시 리소스에 임시 또는 영구적으로 액세스하세요.",
-    "shareSearch": "공유 가능한 링크 검색...",
+    "shareSearch": "공유 링크 검색...",
-    "shareCreate": "공유 가능한 링크 생성",
+    "shareCreate": "공유 링크 생성",
    "shareErrorDelete": "링크 삭제에 실패했습니다.",
    "shareErrorDeleteMessage": "링크 삭제 중 오류가 발생했습니다.",
    "shareDeleted": "링크가 삭제되었습니다.",
    "shareDeletedDescription": "링크가 삭제되었습니다.",
-    "shareDelete": "공유 가능한 링크 삭제",
+    "shareDelete": "공유 링크 삭제",
-    "shareDeleteConfirm": "공유 가능한 링크 삭제 확인",
+    "shareDeleteConfirm": "공유 링크 삭제 확인",
    "shareQuestionRemove": "이 공유 링크를 삭제하시겠습니까?",
    "shareMessageRemove": "삭제되면 링크가 더 이상 작동하지 않으며, 이를 사용하는 모든 사용자는 자원에 대한 접근을 잃게 됩니다.",
    "shareTokenDescription": "액세스 토큰은 쿼리 매개변수 또는 요청 헤더의 두 가지 방법으로 전달될 수 있습니다. 이는 인증된 액세스를 위해 클라이언트에서 모든 요청마다 전달되어야 합니다.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "이 링크가 있는 누구나 리소스에 접근할 수 있습니다.",
    "shareTitleOptional": "제목 (선택 사항)",
    "sharePathOptional": "경로 (선택 사항)",
    "sharePathDescription": "링크는 인증 후 이 경로로 사용자를 리디렉션합니다.",
    "expireIn": "만료됨",
    "neverExpire": "만료되지 않음",
    "shareExpireDescription": "만료 시간은 링크가 사용 가능하고 리소스에 접근할 수 있는 기간입니다. 이 시간이 지나면 링크는 더 이상 작동하지 않으며, 이 링크를 사용한 사용자는 리소스에 대한 접근 권한을 잃게 됩니다.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "리소스를 선택하세요",
    "proxyResourceTitle": "공개 리소스 관리",
    "proxyResourceDescription": "웹 브라우저를 통해 공용으로 접근할 수 있는 리소스를 생성하고 관리하세요.",
-    "publicResourcesBannerTitle": "웹 기반의 공개 액세스",
+    "publicResourcesBannerTitle": "웹 기반 공공 접근",
-    "publicResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
+    "publicResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 또는 TCP/UDP 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
    "clientResourceTitle": "개인 리소스 관리",
    "clientResourceDescription": "연결된 클라이언트를 통해서만 접근할 수 있는 리소스를 생성하고 관리하세요.",
    "privateResourcesBannerTitle": "제로 트러스트 개인 접근",
@@ -212,19 +209,15 @@
    "resourcesSearch": "리소스 검색...",
    "resourceAdd": "리소스 추가",
    "resourceErrorDelte": "리소스 삭제 중 오류 발생",
-    "resourcePoliciesBannerTitle": "인증 및 액세스 규칙 재사용",
+    "resourcePoliciesTitle": "리소스 정책 관리",
-    "resourcePoliciesBannerDescription": "공유 리소스 정책을 사용하면 한 번 인증 방법 및 액세스 규칙을 정의하고, 여러 공개 리소스에 첨부할 수 있습니다. 정책을 업데이트하면 모든 연결된 리소스가 자동으로 변경 사항을 상속받습니다.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "첨부 리소스",
    "resourcePoliciesBannerButtonText": "자세히 알아보기",
    "resourcePoliciesTitle": "공개 리소스 정책 관리",
    "resourcePoliciesAttachedResourcesColumnTitle": "리소스",
    "resourcePoliciesAttachedResources": "{count} 리소스",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 자원}}",
    "resourcePoliciesAttachedResourcesEmpty": "리소스 없음",
-    "resourcePoliciesDescription": "공개 리소스에 대한 인증 정책을 생성하고 관리하여 접근을 제어합니다",
+    "resourcePoliciesDescription": "리소스에 대한 접근을 제어할 인증 정책을 생성 및 관리합니다",
    "resourcePoliciesSearch": "정책 검색...",
    "resourcePoliciesAdd": "정책 추가",
    "resourcePoliciesDefaultBadgeText": "기본 정책",
-    "resourcePoliciesCreate": "공개 리소스 정책 생성",
+    "resourcePoliciesCreate": "리소스 정책 생성",
    "resourcePoliciesCreateDescription": "새로운 정책을 생성하려면 아래 단계들을 따르세요",
    "resourcePolicyName": "정책 이름",
    "resourcePolicyNameDescription": "이 정책에 리소스 간에 식별할 이름을 지정합니다",
@@ -281,7 +274,7 @@
    "back": "뒤로",
    "cancel": "취소",
    "resourceConfig": "구성 스니펫",
-    "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣으세요.",
+    "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣습니다.",
    "resourceAddEntrypoints": "Traefik: 엔트리포인트 추가",
    "resourceExposePorts": "Gerbil: Docker Compose에서 포트 노출",
    "resourceLearnRaw": "TCP/UDP 리소스 구성 방법 알아보기",
@@ -294,8 +287,6 @@
    "labelDelete": "레이블 삭제",
    "labelAdd": "레이블 추가",
    "labelCreateSuccessMessage": "레이블이 성공적으로 생성되었습니다",
    "labelDuplicateError": "중복 레이블",
    "labelDuplicateErrorDescription": "이 이름의 레이블이 이미 존재합니다.",
    "labelEditSuccessMessage": "레이블이 성공적으로 수정되었습니다",
    "labelNameField": "레이블 이름",
    "labelColorField": "레이블 색상",
@@ -320,7 +311,7 @@
    "rules": "규칙",
    "resourceSettingDescription": "리소스의 설정을 구성하세요.",
    "resourceSetting": "{resourceName} 설정",
-    "resourcePolicySettingDescription": "이 공개 리소스 정책의 설정을 구성하세요",
+    "resourcePolicySettingDescription": "리소스 정책에 대한 설정을 구성합니다",
    "resourcePolicySetting": "{policyName} 설정",
    "alwaysAllow": "인증 우회",
    "alwaysDeny": "접근 차단",
@@ -728,7 +719,7 @@
    "targetSubmit": "대상 추가",
    "targetNoOne": "이 리소스에는 대상이 없습니다. 백엔드로 요청을 보낼 대상을 구성하려면 대상을 추가하세요.",
    "targetNoOneDescription": "위에 하나 이상의 대상을 추가하면 로드 밸런싱이 활성화됩니다.",
-    "targetsSubmit": "설정 저장",
+    "targetsSubmit": "대상 저장",
    "addTarget": "대상 추가",
    "proxyMultiSiteRoundRobinNodeHelp": "라운드 로빈 라우팅은 동일한 노드에 연결되지 않은 사이트 간에는 작동하지 않으나, 대체 라우팅은 작동합니다.",
    "targetErrorInvalidIp": "유효하지 않은 IP 주소",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "중복 규칙",
    "rulesErrorDuplicateDescription": "이 설정을 가진 규칙이 이미 존재합니다.",
    "rulesErrorInvalidIpAddressRange": "유효하지 않은 CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 범위를 입력하세요 (예: 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 값을 입력하십시오.",
-    "rulesErrorInvalidUrl": "유효하지 않은 경로",
+    "rulesErrorInvalidUrl": "유효하지 않은 URL 경로",
-    "rulesErrorInvalidUrlDescription": "유효한 URL 경로 또는 패턴을 입력하세요 (예: /api/*).",
+    "rulesErrorInvalidUrlDescription": "유효한 URL 경로 값을 입력해 주세요.",
-    "rulesErrorInvalidIpAddress": "유효하지 않은 IP 주소",
+    "rulesErrorInvalidIpAddress": "유효하지 않은 IP",
-    "rulesErrorInvalidIpAddressDescription": "유효한 IPv4 또는 IPv6 주소를 입력하세요.",
+    "rulesErrorInvalidIpAddressDescription": "유효한 IP 주소를 입력하세요",
    "rulesErrorUpdate": "규칙 업데이트에 실패했습니다.",
    "rulesErrorUpdateDescription": "규칙 업데이트 중 오류가 발생했습니다.",
    "rulesUpdated": "규칙 활성화",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "IP 주소를 입력하세요 (예: 103.21.244.12)",
    "rulesMatchUrl": "URL 경로 또는 패턴을 입력하세요 (예: /api/v1/todos 또는 /api/v1/*)",
    "rulesErrorInvalidPriority": "유효하지 않은 우선순위",
-    "rulesErrorInvalidPriorityDescription": "1 이상의 정수를 입력하세요.",
+    "rulesErrorInvalidPriorityDescription": "유효한 우선 순위를 입력하세요.",
-    "rulesErrorDuplicatePriority": "중복된 우선순위",
+    "rulesErrorDuplicatePriority": "중복 우선순위",
-    "rulesErrorDuplicatePriorityDescription": "각 규칙은 고유한 우선순위 번호를 가져야 합니다.",
+    "rulesErrorDuplicatePriorityDescription": "고유한 우선 순위를 입력하십시오.",
    "rulesErrorValidation": "유효하지 않은 규칙",
    "rulesErrorValidationRuleDescription": "규칙 {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "유효한 매칭 유형을 선택하세요 (경로, IP, CIDR, 국가, 지역, 또는 ASN).",
    "rulesErrorValueRequired": "이 규칙에 대한 값을 입력하세요.",
    "rulesErrorInvalidCountry": "유효하지 않은 국가",
    "rulesErrorInvalidCountryDescription": "유효한 국가를 선택하세요.",
    "rulesErrorInvalidAsn": "유효하지 않은 ASN",
    "rulesErrorInvalidAsnDescription": "유효한 ASN을 입력하세요 (예: AS15169).",
    "ruleUpdated": "규칙이 업데이트되었습니다",
    "ruleUpdatedDescription": "규칙이 성공적으로 업데이트되었습니다",
    "ruleErrorUpdate": "작업 실패",
    "ruleErrorUpdateDescription": "저장 작업 중 오류가 발생했습니다.",
    "rulesPriority": "우선순위",
    "rulesReorderDragHandle": "드래그하여 규칙 우선순위 재정렬",
    "rulesAction": "작업",
    "rulesMatchType": "일치 유형",
    "value": "값",
@@ -810,7 +792,7 @@
    "rulesResource": "리소스 규칙 구성",
    "rulesResourceDescription": "리소스에 대한 접근을 제어하는 규칙 구성",
    "ruleSubmit": "규칙 추가",
-    "rulesNoOne": "아직 규칙이 없습니다.",
+    "rulesNoOne": "규칙이 없습니다. 양식을 사용하여 규칙을 추가하십시오.",
    "rulesOrder": "규칙은 우선 순위에 따라 오름차순으로 평가됩니다.",
    "rulesSubmit": "규칙 저장",
    "policyErrorCreate": "정책 생성 오류",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "예기치 않은 오류가 발생했습니다",
    "policyCreatedSuccess": "리소스 정책이 성공적으로 생성되었습니다",
    "policyUpdatedSuccess": "리소스 정책이 성공적으로 업데이트되었습니다",
-    "authMethodsSave": "설정 저장",
+    "authMethodsSave": "인증 방법 저장",
    "policyAuthStackTitle": "인증",
    "policyAuthStackDescription": "이 리소스에 접근하려면 어떤 인증 방법이 필요한지 제어합니다",
    "policyAuthOrLogicTitle": "다수의 인증 방법 활성화",
    "policyAuthOrLogicBanner": "방문자는 아래 활성화된 방법 중 하나만을 선택하여 인증할 수 있습니다. 모든 방법을 완료할 필요는 없습니다.",
    "policyAuthMethodActive": "활성화",
    "policyAuthMethodOff": "비활성화",
    "policyAuthSsoTitle": "플랫폼 SSO",
    "policyAuthSsoDescription": "사용자의 아이덴티티 공급자를 통해 로그인 필요",
    "policyAuthSsoSummary": "{idp} · {users} 사용자, {roles} 역할",
    "policyAuthSsoDefaultIdp": "기본 공급자",
    "policyAuthAddDefaultIdentityProvider": "기본 아이덴티티 공급자 추가",
    "policyAuthOtherMethodsTitle": "기타 방법",
    "policyAuthOtherMethodsDescription": "플랫폼 SSO 대신 또는 함께 사용할 수 있는 선택적 방법",
    "policyAuthPasscodeTitle": "패스코드",
    "policyAuthPasscodeDescription": "리소스 접근을 위한 공유 알파벳 및 숫자 패스코드 필요",
    "policyAuthPasscodeSummary": "패스코드 설정됨",
    "policyAuthPincodeTitle": "PIN 코드",
    "policyAuthPincodeDescription": "리소스 접근에 필요한 짧은 숫자 코드",
    "policyAuthPincodeSummary": "6자리 PIN 코드 설정됨",
    "policyAuthEmailTitle": "이메일 화이트리스트",
    "policyAuthEmailDescription": "허용된 이메일 주소로 일회용 비밀번호 전송",
    "policyAuthEmailSummary": "{count}개의 주소 허용됨",
    "policyAuthEmailOtpCallout": "이메일 화이트리스트를 활성화하면 로그인 시 방문자의 이메일로 일회용 비밀번호가 전송됩니다.",
    "policyAuthHeaderAuthTitle": "기본 헤더 인증",
    "policyAuthHeaderAuthDescription": "각 요청에서 맞춤 HTTP 헤더 이름 및 값을 검증",
    "policyAuthHeaderAuthSummary": "헤더 구성됨",
    "policyAuthHeaderName": "헤더 이름",
    "policyAuthHeaderValue": "예상 값",
    "policyAuthSetPasscode": "패스코드 설정",
    "policyAuthSetPincode": "PIN 코드 설정",
    "policyAuthSetEmailWhitelist": "이메일 화이트리스트 설정",
    "policyAuthSetHeaderAuth": "기본 헤더 인증 설정",
    "policyAccessRulesTitle": "액세스 규칙",
    "policyAccessRulesEnableDescription": "활성화되면 규칙은 내림차순으로 평가되며, 하나가 참으로 평가될 때까지 계속됩니다.",
    "policyAccessRulesFirstMatch": "규칙은 위에서 아래로 평가됩니다. 첫 번째 매칭 규칙이 결과를 결정합니다.",
    "policyAccessRulesHowItWorks": "규칙은 경로, IP 주소, 위치 또는 기타 기준에 따라 요청을 매칭합니다. 각 규칙은 인증 우회, 접근 차단 또는 인증 전송의 액션을 적용합니다. 매칭되는 규칙이 없으면, 트래픽은 인증으로 계속됩니다.",
    "policyAccessRulesFallthroughOff": "규칙이 비활성화되면, 모든 트래픽은 인증으로 넘어갑니다.",
    "policyAccessRulesFallthroughOn": "매칭되는 규칙이 없으면, 트래픽은 인증으로 넘어갑니다.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "규칙 저장",
    "resourceErrorCreate": "리소스 생성 오류",
    "resourceErrorCreateDescription": "리소스를 생성하는 중 오류가 발생했습니다.",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "리소스를 업데이트하는 동안 오류가 발생했습니다.",
    "access": "접속",
    "accessControl": "액세스 제어",
-    "shareLink": "{resource} 공유 가능한 링크",
+    "shareLink": "{resource} 공유 링크",
    "resourceSelect": "리소스 선택",
-    "shareLinks": "공유 가능한 링크",
+    "shareLinks": "공유 링크",
    "share": "공유 가능한 링크",
    "shareDescription2": "리소스에 대한 공유 가능한 링크를 생성하세요. 링크는 리소스에 대한 임시 또는 무제한 액세스를 제공합니다. 링크를 생성할 때 만료 기간을 설정할 수 있습니다.",
    "shareEasyCreate": "생성하고 공유하기 쉬움",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "관리자는 항상 이 리소스에 접근할 수 있습니다.",
    "resourcePolicySelectTitle": "리소스 액세스 정책",
    "resourcePolicySelectDescription": "인증을 위한 리소스 정책 유형을 선택하세요",
    "resourcePolicyTypeLabel": "정책 유형",
    "resourcePolicyLabel": "리소스 정책",
    "resourcePolicyInline": "인라인 리소스 정책",
    "resourcePolicyInlineDescription": "이 리소스에만 범위가 있는 액세스 정책",
    "resourcePolicyShared": "공유 리소스 정책",
-    "resourcePolicySharedDescription": "이 리소스는 공유 정책을 사용합니다.",
+    "resourcePolicySharedDescription": "이 리소스는 공유 정책을 사용합니다. 정책 수준 설정(인증 방법, 이메일 화이트리스트)은 잠겨 있습니다. 아래에서 리소스별 규칙, 역할 및 사용자를 추가할 수 있습니다.",
    "sharedPolicy": "공유 정책",
    "sharedPolicyNoneDescription": "이 리소스는 자체 정책을 가지고 있습니다.",
    "resourceSharedPolicyOwnDescription": "이 리소스는 자체 인증 및 접근 규칙 제어를 가지고 있습니다.",
    "resourceSharedPolicyInheritedDescription": "이 리소스는 <policyLink>{policyName}</policyLink>에서 상속받습니다.",
    "resourceSharedPolicyAuthenticationNotice": "이 리소스는 공유 정책을 사용합니다. 일부 인증 설정은 이 리소스에서 정책에 추가하기 위해 편집할 수 있습니다. 기본 정책을 변경하려면 <policyLink>{policyName}</policyLink>을 편집해야 합니다.",
    "resourceSharedPolicyRulesNotice": "이 리소스는 공유 정책을 사용합니다. 일부 액세스 규칙은 이 리소스에서 편집할 수 있습니다. 기본 정책을 변경하려면 <policyLink>{policyName}</policyLink>을 수정해야 합니다.",
    "resourceUsersRoles": "접근 제어",
    "resourceUsersRolesDescription": "이 리소스를 방문할 수 있는 사용자 및 역할을 구성하십시오",
    "resourceUsersRolesSubmit": "접근 제어 저장",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "가시성",
    "resourceVisibilityTitleDescription": "리소스 가시성을 완전히 활성화하거나 비활성화",
    "resourceGeneral": "일반 설정",
-    "resourceGeneralDescription": "이 리소스를 위한 이름, 주소 및 접근 정책을 구성하세요.",
+    "resourceGeneralDescription": "이 리소스에 대한 일반 설정을 구성하십시오.",
    "resourceGeneralDetailsSubsection": "리소스 세부 정보",
    "resourceGeneralDetailsSubsectionDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 도메인을 설정합니다.",
    "resourceGeneralDetailsSubsectionPortDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 포트를 설정합니다.",
    "resourceGeneralPublicAddressSubsection": "공공 주소",
    "resourceGeneralPublicAddressSubsectionDescription": "사용자가 이 리소스에 도달하는 방법을 구성하세요.",
    "resourceGeneralAuthenticationAccessSubsection": "인증 및 접근",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "이 리소스가 자체 정책을 사용하는지 또는 공유 정책에서 상속받는지를 선택하세요.",
    "resourceEnable": "리소스 활성화",
    "resourceTransfer": "리소스 전송",
    "resourceTransferDescription": "이 리소스를 다른 사이트로 전송",
@@ -1294,14 +1220,11 @@
    "addLabels": "레이블 추가",
    "siteLabelsTab": "레이블",
    "siteLabelsDescription": "이 사이트와 연결된 레이블을 관리합니다.",
-    "labelsNotFound": "레이블을 찾을 수 없습니다.",
+    "labelsNotFound": "레이블을 찾을 수 없습니다",
    "labelsEmptyCreateHint": "라벨을 생성하려면 위에서 입력을 시작하세요.",
    "labelSearch": "레이블 검색",
    "labelSearchOrCreate": "레이블을 검색하거나 생성하세요",
    "accessLabelFilterCount": "{count, plural, other {# 레이블}}",
    "labelOverflowCount": " +{count, plural, other {# 레이블}}",
    "accessLabelFilterClear": "레이블 필터 초기화",
    "accessFilterClear": "필터 지우기",
    "selectColor": "색상 선택",
    "createNewLabel": "새 조직 레이블 \"{label}\" 만들기",
    "inviteInvalidDescription": "초대 링크가 유효하지 않습니다.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "리소스",
    "sidebarProxyResources": "공유",
    "sidebarClientResources": "비공개",
-    "sidebarPolicies": "공유 정책들",
+    "sidebarPolicies": "정책",
-    "sidebarResourcePolicies": "공개 리소스",
+    "sidebarResourcePolicies": "리소스",
    "sidebarAccessControl": "액세스 제어",
    "sidebarLogsAndAnalytics": "로그 및 분석",
    "sidebarTeam": "팀",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "관리자",
    "sidebarInvitations": "초대",
    "sidebarRoles": "역할",
-    "sidebarShareableLinks": "공유 가능한 링크",
+    "sidebarShareableLinks": "링크",
    "sidebarApiKeys": "API 키",
    "sidebarProvisioning": "프로비저닝",
    "sidebarSettings": "설정",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "리소스 {id}",
    "blueprints": "청사진",
    "blueprintsLog": "블루프린트 로그",
-    "blueprintsDescription": "이전에 블루프린트 응용 프로그램과 그 결과를 보거나 새 블루프린트를 적용하세요",
+    "blueprintsDescription": "과거 블루프린트 적용 및 결과 보기",
    "blueprintAdd": "청사진 추가",
    "blueprintGoBack": "모든 청사진 보기",
    "blueprintCreate": "청사진 생성",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Docker 청사진 활성화",
    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 스크래핑을 활성화합니다. 소켓 경로는 사이트 커넥터에 제공되어야 합니다. 동작 방법에 대한 자세한 정보는 <docsLink>문서</docsLink>에서 확인하세요.",
    "newtAutoUpdate": "사이트 자동 업데이트 활성화",
-    "newtAutoUpdateDescription": "활성화되면, 사이트 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다. 각 사이트별로 이를 무시할 수 있습니다.",
+    "newtAutoUpdateDescription": "활성화되면, 사이트 커넥터는 새 릴리스가 출시될 때 자동으로 최신 버전으로 업데이트됩니다.",
    "siteAutoUpdate": "사이트 자동 업데이트",
    "siteAutoUpdateLabel": "자동 업데이트 활성화",
-    "siteAutoUpdateDescription": "활성화되면, 이 사이트의 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다.",
+    "siteAutoUpdateDescription": "이 사이트의 커넥터가 최신 버전을 자동으로 다운로드할지 여부를 제어합니다.",
    "siteAutoUpdateOrgDefault": "조직 기본값: {state}",
    "siteAutoUpdateOverriding": "조직 설정 재정의",
    "siteAutoUpdateResetToOrg": "조직 기본값으로 재설정",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "계정 설정이 완료되었습니다! 판골린에 오신 것을 환영합니다!",
    "documentation": "문서",
    "saveAllSettings": "모든 설정 저장",
-    "saveResourceTargets": "설정 저장",
+    "saveResourceTargets": "대상 저장",
-    "saveResourceHttp": "설정 저장",
+    "saveResourceHttp": "프록시 설정 저장",
-    "saveProxyProtocol": "설정 저장",
+    "saveProxyProtocol": "프록시 프로토콜 설정 저장",
    "settingsUpdated": "설정이 업데이트되었습니다",
    "settingsUpdatedDescription": "설정이 성공적으로 업데이트되었습니다.",
    "settingsErrorUpdate": "설정 업데이트 실패",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "알 수 없음",
    "healthCheck": "상태 확인",
    "configureHealthCheck": "상태 확인 설정",
-    "configureHealthCheckDescription": "리소스의 모니터링을 설정하여 항상 이용 가능하도록 하세요",
+    "configureHealthCheckDescription": "{target}에 대한 상태 모니터링 설정",
    "enableHealthChecks": "상태 확인 활성화",
    "healthCheckDisabledStateDescription": "비활성화되면 이 사이트가 상태 확인을 수행하지 않으며 상태가 알 수 없는 것으로 간주됩니다.",
    "enableHealthChecksDescription": "이 대상을 모니터링하여 건강 상태를 확인하세요. 필요에 따라 대상과 다른 엔드포인트를 모니터링할 수 있습니다.",
    "healthScheme": "방법",
    "healthSelectScheme": "방법 선택",
-    "healthCheckPortInvalid": "포트는 1에서 65535 사이여야 합니다",
+    "healthCheckPortInvalid": "올바르지 않은 서브넷 마스크입니다. 1에서 65535 사이여야 합니다",
    "healthCheckPath": "경로",
    "healthHostname": "IP / 호스트",
    "healthPort": "포트",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "장치 승인 요구",
    "requireDeviceApprovalDescription": "이 역할을 가진 사용자는 장치가 연결되기 전에 관리자의 승인이 필요합니다.",
    "sshSettings": "SSH 설정",
    "sshAccess": "SSH 접속",
    "rdpSettings": "RDP 설정",
    "vncSettings": "VNC 설정",
    "sshServer": "SSH 서버",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "이 설정을 완료하기 전에 인증 데몬을 실행할 대상 호스트가 적절히 구성되었는지 확인하십시오. 그렇지 않으면 프로비저닝이 실패할 수 있습니다.",
    "sshDaemonPort": "데몬 포트",
    "sshServerDestination": "서버 목적지",
-    "sshServerDestinationDescription": "SSH 서버의 목적지를 설정합니다",
+    "sshServerDestinationDescription": "SSH 서버의 목적지 및 포트를 구성합니다",
    "destination": "대상지",
    "destinationRequired": "목적지가 필요합니다.",
    "domainRequired": "도메인은 필수입니다.",
    "proxyPortRequired": "포트가 필요합니다.",
    "invalidPathConfiguration": "유효하지 않은 경로 구성입니다.",
    "invalidRewritePathConfiguration": "유효하지 않은 재작성 경로 구성입니다.",
    "bgTargetMultiSiteDisclaimer": "여러 사이트를 선택하면 고가용성을 위한 내구성 있는 라우팅 및 장애 조치를 활성화합니다.",
    "roleAllowSsh": "SSH 허용",
    "roleAllowSshAllow": "허용",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
    "sshSudo": "Sudo 허용",
    "sshSudoCommands": "Sudo 명령",
-    "sshSudoCommandsDescription": "사용자가 쉘에서 sudo로 실행할 수 있는 명령 목록, 쉼표, 공백 또는 새 줄로 구분됩니다. 절대 경로를 사용해야 합니다.",
+    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령의 쉼표로 구분된 목록입니다. 절대 경로를 사용해야 합니다.",
    "sshCreateHomeDir": "홈 디렉터리 생성",
    "sshUnixGroups": "유닉스 그룹",
-    "sshUnixGroupsDescription": "사용자를 대상 호스트에 추가할 유닉스 그룹들, 쉼표, 공백 또는 새 줄로 구분됩니다.",
+    "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
    "roleTextFieldPlaceholder": "값을 입력하거나 .txt나 .csv 파일을 드롭하세요",
    "roleTextImportTitle": "파일에서 가져오기",
    "roleTextImportDescription": "{fileName}을(를) {fieldLabel}에 가져오는 중",
    "roleTextImportSkipHeader": "첫 행 건너뛰기 (헤더)",
    "roleTextImportOverride": "기존 항목 교체",
    "roleTextImportAppend": "기존 항목에 추가",
    "roleTextImportMode": "가져오기 모드",
    "roleTextImportPreview": "미리보기",
    "roleTextImportItemCount": "{count, plural, =0 {가져올 항목 없음} other {# 개의 항목 가져오기}}",
    "roleTextImportTotalCount": "{existing} 기존 + {imported} 가져옴 = {total} 총계",
    "roleTextImportConfirm": "가져오기",
    "roleTextImportInvalidFile": "지원되지 않는 파일 유형",
    "roleTextImportInvalidFileDescription": ".txt 및 .csv 파일만 지원됩니다.",
    "roleTextImportEmpty": "파일에서 항목을 찾을 수 없습니다",
    "roleTextImportEmptyDescription": "파일에 가져올 항목이 포함되어 있지 않습니다.",
    "retryAttempts": "재시도 횟수",
    "expectedResponseCodes": "예상 응답 코드",
    "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "프록시 프로토콜 활성화",
    "proxyProtocolInfo": "TCP 백엔드에 대한 클라이언트 IP 주소를 유지합니다.",
    "proxyProtocolVersion": "프록시 프로토콜 버전",
-    "version1": "버전 1 (추천)",
+    "version1": " 버전 1 (추천)",
    "version2": "버전 2",
-    "version1Description": "텍스트 기반으로 널리 지원됩니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
+    "versionDescription": "버전 1은 텍스트 기반으로 널리 지원됩니다. 버전 2는 이진 기반으로 더 효율적이지만 호환성이 낮습니다.",
    "version2Description": "바이너리 및 더 효율적이지만 호환성은 낮습니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
    "warning": "경고",
    "proxyProtocolWarning": "백엔드 애플리케이션이 프록시 프로토콜 연결을 허용하도록 구성되어야 합니다. 백엔드가 프록시 프로토콜을 지원하지 않으면, 이를 활성화하면 모든 연결이 끊어집니다. 트래픽에서 온 프록시 프로토콜 헤더를 백엔드가 신뢰하도록 구성하십시오.",
    "restarting": "재시작 중...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "확인 입력",
    "blueprintViewDetails": "세부 정보",
    "defaultIdentityProvider": "기본 아이덴티티 공급자",
-    "defaultIdentityProviderDescription": "사용자는 인증을 위해 이 아이덴티티 공급자로 자동 리디렉션됩니다.",
+    "defaultIdentityProviderDescription": "기본 ID 공급자가 선택되면, 사용자는 인증을 위해 자동으로 해당 공급자로 리디렉션됩니다.",
    "editInternalResourceDialogNetworkSettings": "네트워크 설정",
    "editInternalResourceDialogAccessPolicy": "액세스 정책",
    "editInternalResourceDialogAddRoles": "역할 추가",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "유지보수 모드 유형",
    "showMaintenancePage": "방문자에게 유지보수 페이지 표시",
    "enableMaintenanceMode": "유지보수 모드 활성화",
    "enableMaintenanceModeDescription": "활성화되면 방문자는 리소스 대신 유지보수 페이지를 보게 됩니다.",
    "automatic": "자동",
    "automaticModeDescription": "백엔드 타깃이 모두 다운되거나 건강하지 않을 때만 유지보수 페이지를 표시합니다. 적어도 하나의 타깃이 건강한 한 리소스는 정상 작동합니다.",
    "forced": "강제",
@@ -3182,8 +3082,6 @@
    "warning:": "경고:",
    "forcedeModeWarning": "모든 트래픽이 유지보수 페이지로 전달됩니다. 백엔드 리소스는 어떠한 요청도 받지 않습니다.",
    "pageTitle": "페이지 제목",
    "maintenancePageContentSubsection": "페이지 콘텐츠",
    "maintenancePageContentSubsectionDescription": "유지보수 페이지에 표시될 콘텐츠를 사용자 정의하세요",
    "pageTitleDescription": "유지보수 페이지에 표시될 주요 제목",
    "maintenancePageMessage": "유지보수 메시지",
    "maintenancePageMessagePlaceholder": "곧 돌아오겠습니다! 사이트는 현재 예정된 유지보수를 진행 중입니다.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "정말로 이 조직에서 이 아이덴티티 공급자의 연관을 해제하시겠습니까?",
    "idpUnassociateDescription": "이 아이덴티티 공급자와 연관된 모든 사용자는 이 조직에서 제거될 것이지만, 아이덴티티 공급자는 다른 연관된 조직에 계속해서 존재할 것입니다.",
    "idpUnassociateConfirm": "아이덴티티 공급자 연관 해제 확인",
    "idpConfirmDeleteAndRemoveMeFromOrg": "조직에서 삭제하고 제거하기",
    "idpUnassociateAndRemoveMeFromOrg": "조직에서 연관 해제하고 제거하기",
    "idpUnassociateWarning": "이 조직에서 이것은 되돌릴 수 없습니다.",
    "idpUnassociatedDescription": "아이덴티티 공급자가 이 조직에서 성공적으로 연관 해제되었습니다",
    "idpUnassociateMenu": "연관 해제",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "연결 중…",
    "sshInitializing": "초기화 중…",
    "sshSignInTitle": "SSH에 로그인",
-    "sshSignInDescription": "연결하려면 SSH 자격 증명을 입력하세요",
+    "sshSignInDescription": "SSH 자격 증명을 입력하세요",
    "sshPasswordTab": "비밀번호",
    "sshPrivateKeyTab": "개인 키",
    "sshPrivateKeyField": "개인 키",
    "sshPrivateKeyDisclaimer": "당신의 개인 키는 Pangolin에 저장되거나 보이지 않습니다. 대신, 기존 Pangolin 신원을 사용하여 매끄러운 인증을 제공하는 단기 인증서를 사용할 수 있습니다.",
    "sshLearnMore": "자세히 알아보기",
    "sshPrivateKeyFile": "개인 키 파일",
-    "sshAuthenticate": "연결",
+    "sshAuthenticate": "인증",
    "sshTerminate": "종료",
    "sshPoweredBy": "제공자",
    "sshErrorNoTarget": "지정된 대상이 없습니다",
    "sshErrorWebSocket": "WebSocket 연결 실패",
    "sshErrorAuthFailed": "인증 실패",
-    "sshErrorConnectionClosed": "인증이 완료되기 전에 연결이 닫혔습니다",
+    "sshErrorConnectionClosed": "인증이 완료되기 전에 연결이 닫혔습니다"
    "sitePangolinSshDescription": "이 사이트의 리소스에 SSH 접속을 허용합니다. 나중에 변경할 수 있습니다.",
    "browserGatewayNoResourceForDomain": "이 도메인에 대한 리소스를 찾을 수 없습니다",
    "browserGatewayNoTarget": "대상 없음",
    "browserGatewayConnect": "연결",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "PAM 푸시 인증을 위한 SSH 키 서명 실패. 사용자로 로그인하셨나요?",
    "sshTerminalError": "오류: {error}",
    "sshConnectionClosedCode": "연결 종료됨 (코드 {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "프라이빗 키가 필요합니다",
    "vncTitle": "VNC",
    "vncSignInDescription": "연결하려면 VNC 비밀번호를 입력하세요",
    "vncPasswordOptional": "비밀번호 (선택 사항)",
    "vncNoResourceTarget": "사용할 수 있는 리소스 대상이 없습니다",
    "vncFailedToLoadNovnc": "noVNC 로드를 실패했습니다",
    "vncAuthFailedStatus": "상태 {status}",
    "vncPasteClipboard": "클립보드 붙여넣기",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "원격 데스크톱에 로그인",
    "rdpSignInDescription": "연결하려면 Windows 자격 증명을 입력하세요",
    "rdpLoadingModule": "모듈 로딩 중...",
    "rdpFailedToLoadModule": "RDP 모듈 로딩 실패",
    "rdpNotReady": "준비되지 않음",
    "rdpModuleInitializing": "RDP 모듈이 아직 초기화 중입니다",
    "rdpDownloadingFiles": "원격에서 {count}개의 파일 다운로드 중…",
    "rdpDownloadFailed": "다운로드 실패: {fileName}",
    "rdpUploaded": "업로드 완료: {fileName}",
    "rdpNoConnectionTarget": "연결 대상 없음",
    "rdpConnectionFailed": "연결 실패",
    "rdpFit": "적합",
    "rdpFull": "전체",
    "rdpReal": "실제",
    "rdpMeta": "메타",
    "rdpUploadFiles": "파일 업로드",
    "rdpFilesReadyToPaste": "붙여넣기 준비 완료된 파일",
    "rdpFilesReadyToPasteDescription": "{count}개의 파일이 원격 클립보드에 복사되었습니다 — 원격 데스크탑에서 Ctrl+V를 눌러 붙여 넣으세요.",
    "rdpUploadFailed": "업로드 실패",
    "rdpUnicodeKeyboardMode": "유니코드 키보드 모드",
    "sessionToolbarShow": "툴바 보기",
    "sessionToolbarHide": "툴바 숨기기"
 }
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Vis private ressurser",
    "siteInstallNewt": "Installer Newt",
    "siteInstallNewtDescription": "Få Newt til å kjøre på systemet ditt",
    "siteInstallKubernetesDocsDescription": "For mer og oppdatert informasjon om Kubernetes-installasjon, se <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "For installasjonsinstruksjoner for Advantech-modem, se <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Konfigurasjon",
    "WgConfigurationDescription": "Bruk følgende konfigurasjon for å koble til nettverket",
    "operatingSystem": "Operativsystem",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.",
    "siteInfo": "Områdeinformasjon",
    "status": "Status",
-    "shareTitle": "Administrer delbare lenker",
+    "shareTitle": "Administrer delingslenker",
    "shareDescription": "Opprett delbare lenker for å gi midlertidige eller permanent tilgang til proxyressurser",
-    "shareSearch": "Søk delbare lenker...",
+    "shareSearch": "Søk delingslenker...",
-    "shareCreate": "Opprett delbar lenke",
+    "shareCreate": "Opprett delingslenke",
    "shareErrorDelete": "Klarte ikke å slette lenke",
    "shareErrorDeleteMessage": "En feil oppstod ved sletting av lenke",
    "shareDeleted": "Lenke slettet",
    "shareDeletedDescription": "Lenken har blitt slettet",
-    "shareDelete": "Slett delbar lenke",
+    "shareDelete": "Slett delingslenke",
-    "shareDeleteConfirm": "Bekreft sletting av delbar lenke",
+    "shareDeleteConfirm": "Bekreft sletting av delingslenke",
    "shareQuestionRemove": "Er du sikker på at du vil slette denne delingslenken?",
    "shareMessageRemove": "Når slettet, vil lenken ikke lenger fungere, og alle som bruker den vil miste tilgang til ressursen.",
    "shareTokenDescription": "Adgangstoken kan sendes på to måter: som en spørringsparameter eller i forespørselsoverskriftene. Disse må sendes fra klienten på hver forespørsel om autentisert tilgang.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Alle med denne lenken får tilgang til ressursen",
    "shareTitleOptional": "Tittel (valgfritt)",
    "sharePathOptional": "Bane (valgfritt)",
    "sharePathDescription": "Lenken vil videresende brukere til denne stien etter autentisering.",
    "expireIn": "Utløper om",
    "neverExpire": "Utløper aldri",
    "shareExpireDescription": "Utløpstid er hvor lenge lenken vil være brukbar og gi tilgang til ressursen. Etter denne tiden vil lenken ikke lenger fungere, og brukere som brukte denne lenken vil miste tilgangen til ressursen.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Vennligst velg en ressurs",
    "proxyResourceTitle": "Administrere offentlige ressurser",
    "proxyResourceDescription": "Opprett og administrer ressurser som er offentlig tilgjengelige via en nettleser",
-    "publicResourcesBannerTitle": "Web-basert offentlig tilgang",
+    "publicResourcesBannerTitle": "Nettbasert offentlig tilgang",
-    "publicResourcesBannerDescription": "Offentlige ressurser er HTTPS-proxyer som er tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klientprogramvare og kan inkludere identitets- og kontekstsensitive tilgangspolicyer.",
+    "publicResourcesBannerDescription": "Offentlige ressurser er HTTPS- eller TCP/UDP-proxyer tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klient-basert programvare og kan inkludere identitets- og kontekstbevisste tilgangspolicyer.",
    "clientResourceTitle": "Administrer private ressurser",
    "clientResourceDescription": "Opprette og administrere ressurser som bare er tilgjengelige via en tilkoblet klient",
    "privateResourcesBannerTitle": "Zero-Trust privat tilgang",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Søk i ressurser...",
    "resourceAdd": "Legg til ressurs",
    "resourceErrorDelte": "Feil ved sletting av ressurs",
-    "resourcePoliciesBannerTitle": "Gjenbruk autentisering og tilgangsregler",
+    "resourcePoliciesTitle": "Administrer Ressurspolitikk",
-    "resourcePoliciesBannerDescription": "Delte ressursretningslinjer lar deg definere autentiseringsmetoder og tilgangsregler en gang, for deretter å knytte dem til flere offentlige ressurser. Når du oppdaterer en policy, arver alle tilknyttede ressurser endringen automatisk.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Vedlagte ressurser",
    "resourcePoliciesBannerButtonText": "Lær mer",
    "resourcePoliciesTitle": "Administrer offentlige ressursretningslinjer",
    "resourcePoliciesAttachedResourcesColumnTitle": "Ressurser",
    "resourcePoliciesAttachedResources": "{count} ressurs(er)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressurs} other {# ressurser}}",
    "resourcePoliciesAttachedResourcesEmpty": "ingen ressurser",
-    "resourcePoliciesDescription": "Opprett og administrer autentiseringsretningslinjer for å kontrollere tilgang til dine offentlige ressurser",
+    "resourcePoliciesDescription": "Opprett og administrer autentiseringsregler for å kontrollere tilgang til dine ressurser",
    "resourcePoliciesSearch": "Søk etter regler...",
    "resourcePoliciesAdd": "Legg til policy",
    "resourcePoliciesDefaultBadgeText": "Standard politisk",
-    "resourcePoliciesCreate": "Opprett offentlig ressursretningslinje",
+    "resourcePoliciesCreate": "Opprett Ressurspolitikk",
    "resourcePoliciesCreateDescription": "Følg trinnene nedenfor for å lage en ny policy",
    "resourcePolicyName": "Polisnavn",
    "resourcePolicyNameDescription": "Gi denne policynavnet for å identifisere den på tvers av dine ressurser",
@@ -281,7 +274,7 @@
    "back": "Tilbake",
    "cancel": "Avbryt",
    "resourceConfig": "Konfigurasjonsutdrag",
-    "resourceConfigDescription": "Kopier og lim inn disse konfigurasjonsbitene for å sette opp TCP/UDP ressursen.",
+    "resourceConfigDescription": "Kopier og lim inn disse konfigurasjons-øyeblikkene for å sette opp TCP/UDP ressursen",
    "resourceAddEntrypoints": "Traefik: Legg til inngangspunkter",
    "resourceExposePorts": "Gerbil: Eksponer Porter i Docker Compose",
    "resourceLearnRaw": "Lær hvordan å konfigurere TCP/UDP-ressurser",
@@ -294,8 +287,6 @@
    "labelDelete": "Slett etikett",
    "labelAdd": "Legg til etikett",
    "labelCreateSuccessMessage": "Etikett opprettet vellykket",
    "labelDuplicateError": "Dupliser etikett",
    "labelDuplicateErrorDescription": "En etikett med dette navnet finnes allerede.",
    "labelEditSuccessMessage": "Etikett endret vellykket",
    "labelNameField": "Etikettnavn",
    "labelColorField": "Etikettfarge",
@@ -320,7 +311,7 @@
    "rules": "Regler",
    "resourceSettingDescription": "Konfigurere innstillingene på ressursen",
    "resourceSetting": "{resourceName} Innstillinger",
-    "resourcePolicySettingDescription": "Konfigurer innstillingene for denne offentlige ressursretningslinjen",
+    "resourcePolicySettingDescription": "Konfigurer innstillingene på ressurspolitikken",
    "resourcePolicySetting": "{policyName} Innstillinger",
    "alwaysAllow": "Omgå Auth",
    "alwaysDeny": "Blokker tilgang",
@@ -728,7 +719,7 @@
    "targetSubmit": "Legg til mål",
    "targetNoOne": "Denne ressursen har ikke noen mål. Legg til et mål for å konfigurere hvor du vil sende forespørsler til backend.",
    "targetNoOneDescription": "Å legge til mer enn ett mål ovenfor vil aktivere lastbalansering.",
-    "targetsSubmit": "Lagre innstillinger",
+    "targetsSubmit": "Lagre mål",
    "addTarget": "Legg til mål",
    "proxyMultiSiteRoundRobinNodeHelp": "Rundkjøringrutefordeling vil ikke fungere mellom steder som ikke er koblet til samme node, men failover vil fungere.",
    "targetErrorInvalidIp": "Ugyldig IP-adresse",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Duplisert regel",
    "rulesErrorDuplicateDescription": "En regel med disse innstillingene finnes allerede",
    "rulesErrorInvalidIpAddressRange": "Ugyldig CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Skriv inn et gyldig CIDR-område (f.eks. 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Vennligst skriv inn en gyldig CIDR-verdi",
-    "rulesErrorInvalidUrl": "Ugyldig sti",
+    "rulesErrorInvalidUrl": "Ugyldig URL-sti",
-    "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig URL-sti eller et mønster (f.eks., /api/*).",
+    "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig verdi for URL-sti",
-    "rulesErrorInvalidIpAddress": "Ugyldig IP-adresse",
+    "rulesErrorInvalidIpAddress": "Ugyldig IP",
-    "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IPv4 eller IPv6 adresse.",
+    "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IP-adresse",
    "rulesErrorUpdate": "Kunne ikke oppdatere regler",
    "rulesErrorUpdateDescription": "Det oppsto en feil under oppdatering av regler",
    "rulesUpdated": "Aktiver Regler",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Angi en IP-adresse (f.eks. 103.21.244.12)",
    "rulesMatchUrl": "Skriv inn en URL-sti eller et mønster (f.eks. /api/v1/todos eller /api/v1/*)",
    "rulesErrorInvalidPriority": "Ugyldig prioritet",
-    "rulesErrorInvalidPriorityDescription": "Skriv inn et heltall på 1 eller høyere.",
+    "rulesErrorInvalidPriorityDescription": "Vennligst skriv inn en gyldig prioritet",
-    "rulesErrorDuplicatePriority": "Dupliserte prioriteter",
+    "rulesErrorDuplicatePriority": "Dupliserte prioriteringer",
-    "rulesErrorDuplicatePriorityDescription": "Hver regel må ha et unikt prioritetstall.",
+    "rulesErrorDuplicatePriorityDescription": "Vennligst angi unike prioriteringer",
    "rulesErrorValidation": "Ugyldige regler",
    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Velg en gyldig samsvarstype (sti, IP, CIDR, land, region eller ASN).",
    "rulesErrorValueRequired": "Skriv inn en verdi for denne regelen.",
    "rulesErrorInvalidCountry": "Ugyldig land",
    "rulesErrorInvalidCountryDescription": "Velg et gyldig land.",
    "rulesErrorInvalidAsn": "Ugyldig ASN",
    "rulesErrorInvalidAsnDescription": "Skriv inn en gyldig ASN (f.eks., AS15169).",
    "ruleUpdated": "Regler oppdatert",
    "ruleUpdatedDescription": "Reglene er oppdatert",
    "ruleErrorUpdate": "Operasjon mislyktes",
    "ruleErrorUpdateDescription": "En feil oppsto under lagringsoperasjonen",
    "rulesPriority": "Prioritet",
    "rulesReorderDragHandle": "Dra for å omorganisere regelprioriteringen",
    "rulesAction": "Handling",
    "rulesMatchType": "Trefftype",
    "value": "Verdi",
@@ -810,7 +792,7 @@
    "rulesResource": "Konfigurasjon av ressursregler",
    "rulesResourceDescription": "Konfigurer regler for å kontrollere tilgang til ressursen",
    "ruleSubmit": "Legg til regel",
-    "rulesNoOne": "Ingen regler ennå.",
+    "rulesNoOne": "Ingen regler. Legg til en regel ved å bruke skjemaet.",
    "rulesOrder": "Regler evalueres etter prioritet i stigende rekkefølge.",
    "rulesSubmit": "Lagre regler",
    "policyErrorCreate": "Feil ved opprettelse av policy",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "En uventet feil oppstod",
    "policyCreatedSuccess": "Ressurspolitikken ble opprettet vellykket",
    "policyUpdatedSuccess": "Ressurspolitikken ble oppdatert vellykket",
-    "authMethodsSave": "Lagre innstillinger",
+    "authMethodsSave": "Lagre autentiseringsmetoder",
    "policyAuthStackTitle": "Autentisering",
    "policyAuthStackDescription": "Kontroller hvilke autentiseringsmetoder som kreves for å få tilgang til denne ressursen",
    "policyAuthOrLogicTitle": "Flere autentiseringsmetoder aktive",
    "policyAuthOrLogicBanner": "Besøkende kan autentisere ved bruk av en hvilken som helst av de aktive metodene nedenfor. De trenger ikke å fullføre alle.",
    "policyAuthMethodActive": "Aktiv",
    "policyAuthMethodOff": "Av",
    "policyAuthSsoTitle": "Plattform SSO",
    "policyAuthSsoDescription": "Krev pålogging gjennom din organisasjons identitetsleverandør",
    "policyAuthSsoSummary": "{idp} · {users} brukere, {roles} roller",
    "policyAuthSsoDefaultIdp": "Standardleverandør",
    "policyAuthAddDefaultIdentityProvider": "Legg til standard identitetsleverandør",
    "policyAuthOtherMethodsTitle": "Andre metoder",
    "policyAuthOtherMethodsDescription": "Valgfrie metoder som besøkende kan bruke i stedet for eller i tillegg til plattform SSO",
    "policyAuthPasscodeTitle": "Kodeord",
    "policyAuthPasscodeDescription": "Krev en delt alfanumerisk kodeord for å få tilgang til ressursen",
    "policyAuthPasscodeSummary": "Kodeord satt",
    "policyAuthPincodeTitle": "PIN-kode",
    "policyAuthPincodeDescription": "En kort numerisk kode kreves for å få tilgang til ressursen",
    "policyAuthPincodeSummary": "6-sifret PIN satt",
    "policyAuthEmailTitle": "E-post hviteliste",
    "policyAuthEmailDescription": "Tillat oppførte e-postadresser med engangspassord",
    "policyAuthEmailSummary": "{count} adresser tillatt",
    "policyAuthEmailOtpCallout": "Aktivering av e-post hviteliste sender en engangskode til den besøkendes e-post ved innlogging.",
    "policyAuthHeaderAuthTitle": "Grunnleggende Header Autentisering",
    "policyAuthHeaderAuthDescription": "Bekreft et tilpasset HTTP-headernavn og verdi ved hver forespørsel",
    "policyAuthHeaderAuthSummary": "Header konfigurert",
    "policyAuthHeaderName": "Headernavn",
    "policyAuthHeaderValue": "Forventet verdi",
    "policyAuthSetPasscode": "Angi passordkode",
    "policyAuthSetPincode": "Sett PIN-kode",
    "policyAuthSetEmailWhitelist": "Angi e-post hviteliste",
    "policyAuthSetHeaderAuth": "Sett grunnleggende Header Autentisering",
    "policyAccessRulesTitle": "Tilgangsregler",
    "policyAccessRulesEnableDescription": "Når aktivert, blir regler evaluert i synkende rekkefølge til en evaluerer til sann.",
    "policyAccessRulesFirstMatch": "Regler evalueres ovenfra og ned. Den første samsvarande regeln bestemmer utfall.",
    "policyAccessRulesHowItWorks": "Regler samsvarer forespørsler etter sti, IP-adresse, lokasjon eller andre kriterier. Hver regel anvender en handling: omgå autentisering, blokkere tilgang, eller sende til autentisering. Hvis ingen regler samsvarer, fortsetter trafikken til autentisering.",
    "policyAccessRulesFallthroughOff": "Når regler er deaktivert, går all trafikk gjennom til autentisering.",
    "policyAccessRulesFallthroughOn": "Når ingen regler samsvarer, fortsetter trafikken til autentisering.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Lagre Regler",
    "resourceErrorCreate": "Feil under oppretting av ressurs",
    "resourceErrorCreateDescription": "Det oppstod en feil under oppretting av ressursen",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "En feil oppstod under oppdatering av ressursen",
    "access": "Tilgang",
    "accessControl": "Tilgangskontroll",
-    "shareLink": "{resource} Delbar lenke",
+    "shareLink": "{resource} Del Lenke",
    "resourceSelect": "Velg ressurs",
-    "shareLinks": "Delbare lenker",
+    "shareLinks": "Del lenker",
    "share": "Delbare lenker",
    "shareDescription2": "Opprett delbare lenker til ressurser. Lenker gir midlertidig eller ubegrenset tilgang til din ressurs. Du kan konfigurere utløpsvarigheten på lenken når du oppretter en.",
    "shareEasyCreate": "Enkelt å lage og dele",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Administratorer har alltid tilgang til denne ressursen.",
    "resourcePolicySelectTitle": "Ressurstilgangspolitikk",
    "resourcePolicySelectDescription": "Velg policytype for autentisering",
    "resourcePolicyTypeLabel": "Policy-type",
    "resourcePolicyLabel": "Ressurspolicy",
    "resourcePolicyInline": "Inline Ressursregler",
    "resourcePolicyInlineDescription": "Tilgangspolitikk som kun er gyldig for denne ressursen",
    "resourcePolicyShared": "Delte Ressursregler",
-    "resourcePolicySharedDescription": "Denne ressursen bruker en delt policy.",
+    "resourcePolicySharedDescription": "Denne ressursen bruker en delt policy. Policyinnstillinger (autentiseringsmetoder, e-post whitelist) er låst. Du kan legge til ressurs-spesifikke regler, roller, og brukere nedenfor.",
    "sharedPolicy": "Delt policy",
    "sharedPolicyNoneDescription": "Denne ressursen har sin egen policy.",
    "resourceSharedPolicyOwnDescription": "Denne ressursen har sine egne autentiserings- og tilgangskontroller.",
    "resourceSharedPolicyInheritedDescription": "Denne ressursen arver fra <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Denne ressursen bruker en delt policy. Noen autentiseringsinnstillinger kan redigeres på denne ressursen for å legge til policyen. For å endre den underliggende policyen, må du redigere til <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Denne ressursen bruker en delt policy. Noen tilgangsregler kan redigeres på denne ressursen. For å endre den underliggende policyen, må du redigere <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Tilgangskontroller",
    "resourceUsersRolesDescription": "Konfigurer hvilke brukere og roller som har tilgang til denne ressursen",
    "resourceUsersRolesSubmit": "Lagre tilgangskontroller",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Synlighet",
    "resourceVisibilityTitleDescription": "Fullstendig aktiver eller deaktiver ressursynlighet",
    "resourceGeneral": "Generelle innstillinger",
-    "resourceGeneralDescription": "Konfigurer navn, adresse og tilgangspolicy for denne ressursen.",
+    "resourceGeneralDescription": "Konfigurer de generelle innstillingene for denne ressursen",
    "resourceGeneralDetailsSubsection": "Ressursdetaljer",
    "resourceGeneralDetailsSubsectionDescription": "Angi visningsnavn, identifikator og offentlig tilgjengelig domene for denne ressursen.",
    "resourceGeneralDetailsSubsectionPortDescription": "Angi visningsnavn, identifikator og offentlig port for denne ressursen.",
    "resourceGeneralPublicAddressSubsection": "Offentlig adresse",
    "resourceGeneralPublicAddressSubsectionDescription": "Konfigurer hvordan brukere får tilgang til denne ressursen.",
    "resourceGeneralAuthenticationAccessSubsection": "Autentisering og tilgang",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Velg om denne ressursen bruker sin egen policy eller arver fra en delt policy.",
    "resourceEnable": "Aktiver ressurs",
    "resourceTransfer": "Overfør Ressurs",
    "resourceTransferDescription": "Overfør denne ressursen til et annet område",
@@ -1294,14 +1220,11 @@
    "addLabels": "Legg til etiketter",
    "siteLabelsTab": "Etiketter",
    "siteLabelsDescription": "Administrer etiketter knyttet til dette nettstedet.",
-    "labelsNotFound": "Ingen etiketter funnet.",
+    "labelsNotFound": "Etiketter ikke funnet",
    "labelsEmptyCreateHint": "Start å skrive ovenfor for å lage en etikett.",
    "labelSearch": "Søk etter etiketter",
    "labelSearchOrCreate": "Søk eller opprett en etikett",
    "accessLabelFilterCount": "{count, plural, one {en etikett} other {# etiketter}}",
    "labelOverflowCount": "+{count, plural, one {en etikett} other {# etiketter}}",
    "accessLabelFilterClear": "Fjern etikettfiltre",
    "accessFilterClear": "Fjern filtre",
    "selectColor": "Velg farge",
    "createNewLabel": "Opprett ny org-etikett \"{label}\"",
    "inviteInvalidDescription": "Invitasjonslenken er ugyldig.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Ressurser",
    "sidebarProxyResources": "Offentlig",
    "sidebarClientResources": "Privat",
-    "sidebarPolicies": "Delte policies",
+    "sidebarPolicies": "Retningslinjer",
-    "sidebarResourcePolicies": "Offentlige ressurser",
+    "sidebarResourcePolicies": "Ressurser",
    "sidebarAccessControl": "Tilgangskontroll",
    "sidebarLogsAndAnalytics": "Logger og analyser",
    "sidebarTeam": "Lag",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Invitasjoner",
    "sidebarRoles": "Roller",
-    "sidebarShareableLinks": "Delbare lenker",
+    "sidebarShareableLinks": "Lenker",
    "sidebarApiKeys": "API-nøkler",
    "sidebarProvisioning": "Levering",
    "sidebarSettings": "Innstillinger",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressurs {id}",
    "blueprints": "Tegninger",
    "blueprintsLog": "Blåkopieringslogg",
-    "blueprintsDescription": "Se tidligere blueprint-applikasjoner og deres resultater, eller bruk et nytt blueprint",
+    "blueprintsDescription": "Vis tidligere applikasjoner av blåkopier og deres resultater",
    "blueprintAdd": "Legg til blåkopi",
    "blueprintGoBack": "Se alle blåkopier",
    "blueprintCreate": "Opprette mal",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Aktiver Docker blåkopi",
    "enableDockerSocketDescription": "Aktiver Docker Socket etikett skrubbing for blueprint etiketter. Socket bane må oppgis til nettstedkobleren. Les om hvordan dette fungerer i <docsLink>dokumentasjonen</docsLink>.",
    "newtAutoUpdate": "Aktiver Automatisk Oppdatering av Nettsted",
-    "newtAutoUpdateDescription": "Når aktivert, vil nettstedskoblinger automatisk laste ned den nyeste versjonen og starte seg selv på nytt. Dette kan overstyres på basis per nettsted.",
+    "newtAutoUpdateDescription": "Når aktivert, vil nettstedskoblere automatisk oppdatere til nyeste versjon når en ny utgave er tilgjengelig.",
    "siteAutoUpdate": "Automatisk Oppdatering av Nettsted",
    "siteAutoUpdateLabel": "Aktiver Automatisk Oppdatering",
-    "siteAutoUpdateDescription": "Når aktivert, vil denne nettstedets kobling automatisk laste ned den nyeste versjonen og starte seg selv på nytt.",
+    "siteAutoUpdateDescription": "Kontroller om denne sidens kobler automatisk laster ned den nyeste versjonen.",
    "siteAutoUpdateOrgDefault": "Organisasjon standard: {state}",
    "siteAutoUpdateOverriding": "Overstyrer organisasjonens innstilling",
    "siteAutoUpdateResetToOrg": "Tilbakestill til Organisasjonsstandard",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Kontooppsett fullført! Velkommen til Pangolin!",
    "documentation": "Dokumentasjon",
    "saveAllSettings": "Lagre alle innstillinger",
-    "saveResourceTargets": "Lagre innstillinger",
+    "saveResourceTargets": "Lagre mål",
-    "saveResourceHttp": "Lagre innstillinger",
+    "saveResourceHttp": "Lagre proxy-innstillinger",
-    "saveProxyProtocol": "Lagre innstillinger",
+    "saveProxyProtocol": "Lagre proxy-protokollinnstillinger",
    "settingsUpdated": "Innstillinger oppdatert",
    "settingsUpdatedDescription": "Innstillinger oppdatert vellykket",
    "settingsErrorUpdate": "Klarte ikke å oppdatere innstillinger",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Ukjent",
    "healthCheck": "Helsekontroll",
    "configureHealthCheck": "Konfigurer Helsekontroll",
-    "configureHealthCheckDescription": "Sett opp overvåking av ressursen din for å sikre at den alltid er tilgjengelig",
+    "configureHealthCheckDescription": "Sett opp helsekontroll for {target}",
    "enableHealthChecks": "Aktiver Helsekontroller",
    "healthCheckDisabledStateDescription": "Når deaktivert, vil ikke nettstedet utføre helsekontroller, og tilstanden vil anses som ukjent.",
    "enableHealthChecksDescription": "Overvåk helsen til dette målet. Du kan overvåke et annet endepunkt enn målet hvis nødvendig.",
    "healthScheme": "Metode",
    "healthSelectScheme": "Velg metode",
-    "healthCheckPortInvalid": "Porten må være mellom 1 og 65535",
+    "healthCheckPortInvalid": "Helsekontrollporten må være mellom 1 og 65535",
    "healthCheckPath": "Sti",
    "healthHostname": "IP / Vert",
    "healthPort": "Port",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Krev enhetsgodkjenning",
    "requireDeviceApprovalDescription": "Brukere med denne rollen trenger nye enheter godkjent av en admin før de kan koble seg og få tilgang til ressurser.",
    "sshSettings": "SSH Innstillinger",
    "sshAccess": "SSH-tilgang",
    "rdpSettings": "RDP Innstillinger",
    "vncSettings": "VNC Innstillinger",
    "sshServer": "SSH-server",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Sørg for at målenheten din er riktig konfigurert for å kjøre autentiseringsdaemon før du fullfører denne oppsettet, eller klargjøring vil mislykkes.",
    "sshDaemonPort": "Daemon-port",
    "sshServerDestination": "Serverens Destinasjon",
-    "sshServerDestinationDescription": "Konfigurer destinasjonen for SSH-serveren",
+    "sshServerDestinationDescription": "Konfigurer destinasjonen og porten til SSH-serveren",
    "destination": "Destinasjon",
    "destinationRequired": "Destinasjon er påkrevd.",
    "domainRequired": "Domene er påkrevd.",
    "proxyPortRequired": "Port er påkrevd.",
    "invalidPathConfiguration": "Ugyldig sti-konfigurasjon.",
    "invalidRewritePathConfiguration": "Ugyldig omskrivingssti-konfigurasjon.",
    "bgTargetMultiSiteDisclaimer": "Ved å velge flere nettsteder aktiveres robust ruting og feilaktig avbrudd for høy tilgjengelighet.",
    "roleAllowSsh": "Tillat SSH",
    "roleAllowSshAllow": "Tillat",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
    "sshSudo": "Tillat sudo",
    "sshSudoCommands": "Sudo kommandoer",
-    "sshSudoCommandsDescription": "Liste over kommandoer brukeren har lov til å kjøre med sudo, separert med komma, mellomrom eller nye linjer. Absolutte stier må brukes.",
+    "sshSudoCommandsDescription": "Kommaseparert liste over kommandoer brukeren tillates å kjøre med sudo. Absolutte stier må brukes.",
    "sshCreateHomeDir": "Opprett hjemmappe",
    "sshUnixGroups": "Unix grupper",
-    "sshUnixGroupsDescription": "Unix-grupper å legge til brukeren i på målverten, separert med komma, mellomrom eller nye linjer.",
+    "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
    "roleTextFieldPlaceholder": "Skriv inn verdier, eller slipp en .txt eller .csv fil",
    "roleTextImportTitle": "Importer fra fil",
    "roleTextImportDescription": "Importerer {fileName} til {fieldLabel}.",
    "roleTextImportSkipHeader": "Hopp over første rad (header)",
    "roleTextImportOverride": "Erstatte eksisterende",
    "roleTextImportAppend": "Legg til eksisterende",
    "roleTextImportMode": "Importmodus",
    "roleTextImportPreview": "Forhåndsvisning",
    "roleTextImportItemCount": "{count, plural, =0 {Ingen elementer å importere} one {ett element å importere} other {# elementer å importere}}",
    "roleTextImportTotalCount": "{existing} eksisterende + {imported} importert = {total} totalt",
    "roleTextImportConfirm": "Import",
    "roleTextImportInvalidFile": "Ustøttet filtype",
    "roleTextImportInvalidFileDescription": "Bare .txt og .csv filer er støttet.",
    "roleTextImportEmpty": "Ingen elementer funnet i filen",
    "roleTextImportEmptyDescription": "Filen inneholder ingen importerbare elementer.",
    "retryAttempts": "Forsøk på nytt",
    "expectedResponseCodes": "Forventede svarkoder",
    "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Aktiver Proxy-protokoll",
    "proxyProtocolInfo": "Bevar klientens IP-adresser for TCP backends",
    "proxyProtocolVersion": "Proxy protokoll versjon",
-    "version1": "Versjon 1 (Anbefalt)",
+    "version1": " Versjon 1 (Anbefalt)",
    "version2": "Versjon 2",
-    "version1Description": "Tekstbasert og bredt støttet. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
+    "versionDescription": "Versjon 1 er tekstbasert og støttet. Versjon 2 er binært og mer effektivt, men mindre kompatibel.",
    "version2Description": "Binært og mer effektivt, men mindre kompatibel. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
    "warning": "Advarsel",
    "proxyProtocolWarning": "backend-programmet må konfigureres til å akseptere forbindelser i Proxy Protokoll. Hvis backend ikke støtter Proxy Beskyttelse vil aktivering av dette ødelegge alle tilkoblinger så bare dette hvis du vet hva du gjør. Sørg for å konfigurere backend til å stole på Proxy Protokoll overskrifter fra Traefik.",
    "restarting": "Restarter...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Skriv inn bekreftelse",
    "blueprintViewDetails": "Detaljer",
    "defaultIdentityProvider": "Standard identitetsleverandør",
-    "defaultIdentityProviderDescription": "Brukeren vil automatisk bli videresendt til denne identitetsleverandøren for autentisering.",
+    "defaultIdentityProviderDescription": "Når en standard identitetsleverandør er valgt, vil brukeren automatisk bli omdirigert til leverandøren for autentisering.",
    "editInternalResourceDialogNetworkSettings": "Nettverksinnstillinger",
    "editInternalResourceDialogAccessPolicy": "Tilgangsregler for tilgang",
    "editInternalResourceDialogAddRoles": "Legg til roller",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Vedlikeholdsmodus type",
    "showMaintenancePage": "Vis en vedlikeholdsside til besøkende",
    "enableMaintenanceMode": "Aktiver vedlikeholdsmodus",
    "enableMaintenanceModeDescription": "Når aktivert, vil besøkende se en vedlikeholdsside i stedet for ressursen din.",
    "automatic": "Automatisk",
    "automaticModeDescription": "Vis vedlikeholdsside kun når alle serverens mål er nede eller usunne. Ressursen din fortsetter å fungere normalt så lenge minst ett mål er sunt.",
    "forced": "Tvunget",
@@ -3182,8 +3082,6 @@
    "warning:": "Advarsel:",
    "forcedeModeWarning": "All trafikk vil bli dirigeres til vedlikeholdssiden. Serverens ressurser vil ikke motta noen forespørsler.",
    "pageTitle": "Sidetittel",
    "maintenancePageContentSubsection": "Sideinnhold",
    "maintenancePageContentSubsectionDescription": "Tilpass innholdet som vises på vedlikeholdssiden",
    "pageTitleDescription": "Hovedoverskriften vist på vedlikeholdssiden",
    "maintenancePageMessage": "Vedlikeholdsbeskjed",
    "maintenancePageMessagePlaceholder": "Vi kommer snart tilbake! Vårt nettsted gjennomgår for øyeblikket planlagt vedlikehold.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Er du sikker på at du vil frakoble denne identitetsleverandøren fra denne organisasjonen?",
    "idpUnassociateDescription": "Alle brukere knyttet til denne identitetsleverandøren vil bli fjernet fra denne organisasjonen, men identitetsleverandøren vil fortsatt eksistere for andre tilknyttede organisasjoner.",
    "idpUnassociateConfirm": "Bekreft frakobling av identitetsleverandør",
    "idpConfirmDeleteAndRemoveMeFromOrg": "SLETT OG FJERN MEG FRA ORGANISASJONEN",
    "idpUnassociateAndRemoveMeFromOrg": "AVKOBLE OG FJERN MEG FRA ORGANISASJONEN",
    "idpUnassociateWarning": "Dette kan ikke angres for denne organisasjonen.",
    "idpUnassociatedDescription": "Identitetsleverandør er vellykket frakoblet fra denne organisasjonen",
    "idpUnassociateMenu": "Frakoble",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Kobler til…",
    "sshInitializing": "Initialiserer…",
    "sshSignInTitle": "Logg inn på SSH",
-    "sshSignInDescription": "Skriv inn dine SSH-legitimasjon for å koble til",
+    "sshSignInDescription": "Oppgi dine SSH-legitimasjoner",
    "sshPasswordTab": "Passord",
    "sshPrivateKeyTab": "Privat Nøkkel",
    "sshPrivateKeyField": "Privat Nøkkel",
    "sshPrivateKeyDisclaimer": "Din private nøkkel er ikke lagret eller synlig for Pangolin. Alternativt kan du bruke kortevaliderte sertifikater for sømløs autentisering ved å bruke din eksisterende Pangolin-identitet.",
    "sshLearnMore": "Lær mer",
    "sshPrivateKeyFile": "Privat Nøkkelfil",
-    "sshAuthenticate": "Koble til",
+    "sshAuthenticate": "Autentiser",
    "sshTerminate": "Avslutt",
    "sshPoweredBy": "Drevet av",
    "sshErrorNoTarget": "Ingen mål spesifisert",
    "sshErrorWebSocket": "WebSocket-tilkobling mislyktes",
    "sshErrorAuthFailed": "Autentisering mislyktes",
-    "sshErrorConnectionClosed": "Tilkobling avsluttet før autentisering ble fullført",
+    "sshErrorConnectionClosed": "Tilkobling avsluttet før autentisering ble fullført"
    "sitePangolinSshDescription": "Tillat SSH-tilgang til ressurser på dette nettstedet. Dette kan endres senere.",
    "browserGatewayNoResourceForDomain": "Ingen ressurser funnet for dette domenet",
    "browserGatewayNoTarget": "Ingen mål",
    "browserGatewayConnect": "Koble til",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Kunne ikke signere SSH-nøkkel for PAM-påloggingsautentisering. Logget du inn som bruker?",
    "sshTerminalError": "Feil: {error}",
    "sshConnectionClosedCode": "Tilkoblingen ble lukket (kode {code})",
    "sshPrivateKeyPlaceholder": "-----BEGYNN OPENSSH PRIVAT NØKKEL-----",
    "sshPrivateKeyRequired": "Privat nøkkel er påkrevd",
    "vncTitle": "VNC",
    "vncSignInDescription": "Skriv inn VNC-passordet for å koble til",
    "vncPasswordOptional": "Passord (valgfritt)",
    "vncNoResourceTarget": "Ingen ressursemål tilgjengelig",
    "vncFailedToLoadNovnc": "Klarte ikke å laste noVNC",
    "vncAuthFailedStatus": "Status {status}",
    "vncPasteClipboard": "Lim inn utklippstavle",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Logg på Fjernskrivebord",
    "rdpSignInDescription": "Skriv inn Windows-legitimasjon for å koble til",
    "rdpLoadingModule": "Laster modul...",
    "rdpFailedToLoadModule": "Kunne ikke laste RDP-modul",
    "rdpNotReady": "Ikke klar",
    "rdpModuleInitializing": "RDP-modulen er fortsatt under initialisering",
    "rdpDownloadingFiles": "Laster ned {count} fil(er) fra fjern…",
    "rdpDownloadFailed": "Nedlasting feilet: {fileName}",
    "rdpUploaded": "Opplastet: {fileName}",
    "rdpNoConnectionTarget": "Ingen tilkoblingsmål tilgjengelig",
    "rdpConnectionFailed": "Tilkoblingen feilet",
    "rdpFit": "Tilpass",
    "rdpFull": "Full",
    "rdpReal": "Ekte",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Last opp filer",
    "rdpFilesReadyToPaste": "Filer klare til å limes inn",
    "rdpFilesReadyToPasteDescription": "{count} fil(er) kopiert til fjernutklippstavlen — trykk Ctrl+V på fjernskrivebordet for å lime inn.",
    "rdpUploadFailed": "Opplastningen mislyktes",
    "rdpUnicodeKeyboardMode": "Unicode tastaturmodus",
    "sessionToolbarShow": "Vis verktøylinje",
    "sessionToolbarHide": "Skjul verktøylinje"
 }
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Privébronnen bekijken",
    "siteInstallNewt": "Installeer Newt",
    "siteInstallNewtDescription": "Laat Newt draaien op uw systeem",
    "siteInstallKubernetesDocsDescription": "Voor meer informatie over de installatie van Kubernetes, zie <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Voor instructies voor de installatie van Advantech modems, zie <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Configuratie",
    "WgConfigurationDescription": "Gebruik de volgende configuratie om verbinding te maken met het netwerk",
    "operatingSystem": "Operating systeem",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
    "siteInfo": "Site informatie",
    "status": "Status",
-    "shareTitle": "Beheer Deelbare Links",
+    "shareTitle": "Beheer deellinks",
    "shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot proxybronnen te verlenen",
-    "shareSearch": "Zoek deelbare links...",
+    "shareSearch": "Zoek share links...",
-    "shareCreate": "Creëer Deelbare Link",
+    "shareCreate": "Maak Share link",
    "shareErrorDelete": "Kan link niet verwijderen",
    "shareErrorDeleteMessage": "Fout opgetreden tijdens het verwijderen link",
    "shareDeleted": "Link verwijderd",
    "shareDeletedDescription": "De link is verwijderd",
-    "shareDelete": "Verwijder Deelbare Link",
+    "shareDelete": "Verwijder Deel Link",
-    "shareDeleteConfirm": "Bevestig Verwijdering Deelbare Link",
+    "shareDeleteConfirm": "Bevestig verwijdering van Deel Link",
    "shareQuestionRemove": "Weet u zeker dat u deze deel link wilt verwijderen?",
    "shareMessageRemove": "Zodra verwijderd, zal de link niet meer werken en zal iedereen die het gebruikt de toegang tot de bron verliezen.",
    "shareTokenDescription": "De toegangstoken kan op twee manieren worden doorgegeven: als queryparameter of in de aanvraagheaders. Deze moeten worden doorgegeven van de client op elk verzoek voor geverifieerde toegang.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Iedereen met deze link heeft toegang tot de pagina",
    "shareTitleOptional": "Titel (optioneel)",
    "sharePathOptional": "Pad (optioneel)",
    "sharePathDescription": "De link zal gebruikers naar dit pad doorsturen na authenticatie.",
    "expireIn": "Vervalt in",
    "neverExpire": "Nooit verlopen",
    "shareExpireDescription": "Vervaltijd is hoe lang de link bruikbaar is en geeft toegang tot de bron. Na deze tijd zal de link niet meer werken en zullen gebruikers die deze link hebben gebruikt de toegang tot de pagina verliezen.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Selecteer een bron",
    "proxyResourceTitle": "Openbare bronnen beheren",
    "proxyResourceDescription": "Creëer en beheer bronnen die openbaar toegankelijk zijn via een webbrowser",
-    "publicResourcesBannerTitle": "Web-gebaseerde Openbare Toegang",
+    "publicResourcesBannerTitle": "Webgebaseerde openbare toegang",
-    "publicResourcesBannerDescription": "Openbare bronnen zijn HTTPS-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot privébronnen hoeven ze geen client-software te hebben en kunnen ze identiteit- en context bewuste toegangsmiddelen bevatten.",
+    "publicResourcesBannerDescription": "Openbare bronnen zijn HTTPS of TCP/UDP-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot priv<EFBFBD><EFBFBD>bronnen vereisen ze geen client-side software maar kunnen ze identiteits- en context-bewuste toegangsrichtlijnen bevatten.",
    "clientResourceTitle": "Privébronnen beheren",
    "clientResourceDescription": "Creëer en beheer bronnen die alleen toegankelijk zijn via een verbonden client",
    "privateResourcesBannerTitle": "Zero-Trust Private Access",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Zoek bronnen...",
    "resourceAdd": "Bron toevoegen",
    "resourceErrorDelte": "Fout bij verwijderen document",
-    "resourcePoliciesBannerTitle": "Herbruik Authenticatie en Toegangsregels",
+    "resourcePoliciesTitle": "Beheer Bron Beleid",
-    "resourcePoliciesBannerDescription": "Gedeelde bronbeleidslijnen laten u authenticatiemethoden en toegangsregels eenmaal definiëren, en ze vervolgens koppelen aan meerdere openbare bronnen. Wanneer u een beleid bijwerkt, erft elke gekoppelde bron de wijziging automatisch.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Bijgevoegde bronnen",
    "resourcePoliciesBannerButtonText": "Meer informatie",
    "resourcePoliciesTitle": "Beheer Openbare Bronnenbeleid",
    "resourcePoliciesAttachedResourcesColumnTitle": "Bronnen",
    "resourcePoliciesAttachedResources": "{count} bron(nen)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# bron} other {# bronnen}}",
    "resourcePoliciesAttachedResourcesEmpty": "geen bronnen",
-    "resourcePoliciesDescription": "Creëer en beheer authenticatiebeleid om toegang tot uw openbare bronnen te controleren",
+    "resourcePoliciesDescription": "Maak en beheer authenticatiebeleid om toegang tot uw bronnen te controleren",
    "resourcePoliciesSearch": "Beleidsregels zoeken...",
    "resourcePoliciesAdd": "Beleid toevoegen",
    "resourcePoliciesDefaultBadgeText": "Standaard beleidsregel",
-    "resourcePoliciesCreate": "Openbare Bronbeleid maken",
+    "resourcePoliciesCreate": "Creëer Bronbeleid",
    "resourcePoliciesCreateDescription": "Volg de onderstaande stappen om een nieuw beleid aan te maken",
    "resourcePolicyName": "Beleidsregelnaam",
    "resourcePolicyNameDescription": "Geef deze beleidsregel een naam om deze te identificeren in uw bronnen",
@@ -281,7 +274,7 @@
    "back": "Achterzijde",
    "cancel": "Annuleren",
    "resourceConfig": "Configuratie tekstbouwstenen",
-    "resourceConfigDescription": "Kopieer en plak deze configuratiesnippets om de TCP/UDP-bron op te zetten.",
+    "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om de TCP/UDP-bron in te stellen",
    "resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
    "resourceExposePorts": "Gerbild: Gevangen blootstellen in Docker Compose",
    "resourceLearnRaw": "Leer hoe je TCP/UDP bronnen kunt configureren",
@@ -294,8 +287,6 @@
    "labelDelete": "Label verwijderen",
    "labelAdd": "Label toevoegen",
    "labelCreateSuccessMessage": "Label succesvol aangemaakt",
    "labelDuplicateError": "Dubbel Label",
    "labelDuplicateErrorDescription": "Een label met deze naam bestaat al.",
    "labelEditSuccessMessage": "Label succesvol gewijzigd",
    "labelNameField": "Labelnaam",
    "labelColorField": "Label kleur",
@@ -320,7 +311,7 @@
    "rules": "Regels",
    "resourceSettingDescription": "Configureer de instellingen in de bron",
    "resourceSetting": "{resourceName} instellingen",
-    "resourcePolicySettingDescription": "Configureer de instellingen van dit openbare bronbeleid",
+    "resourcePolicySettingDescription": "Configureer de instellingen op het bronbeleid",
    "resourcePolicySetting": "{policyName} instellingen",
    "alwaysAllow": "Authenticatie omzeilen",
    "alwaysDeny": "Blokkeer toegang",
@@ -728,7 +719,7 @@
    "targetSubmit": "Doelwit toevoegen",
    "targetNoOne": "Deze bron heeft geen doelwitten. Voeg een doel toe om te configureren waar verzoeken naar de backend verzonden kunnen worden.",
    "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
-    "targetsSubmit": "Instellingen opslaan",
+    "targetsSubmit": "Doelstellingen opslaan",
    "addTarget": "Doelwit toevoegen",
    "proxyMultiSiteRoundRobinNodeHelp": "Round-robin routering werkt niet tussen locaties die niet met hetzelfde knooppunt zijn verbonden, maar failover werkt wel.",
    "targetErrorInvalidIp": "Ongeldig IP-adres",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Dupliceer regel",
    "rulesErrorDuplicateDescription": "Een regel met deze instellingen bestaat al",
    "rulesErrorInvalidIpAddressRange": "Ongeldige CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldig CIDR-bereik in (bijv. 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldige CIDR waarde in",
-    "rulesErrorInvalidUrl": "Ongeldig pad",
+    "rulesErrorInvalidUrl": "Ongeldige URL pad",
-    "rulesErrorInvalidUrlDescription": "Voer een geldig URL-pad of patroon in (bijv. /api/*).",
+    "rulesErrorInvalidUrlDescription": "Voer een geldige URL padwaarde in",
-    "rulesErrorInvalidIpAddress": "Ongeldig IP-adres",
+    "rulesErrorInvalidIpAddress": "Ongeldig IP",
-    "rulesErrorInvalidIpAddressDescription": "Voer een geldig IPv4- of IPv6-adres in.",
+    "rulesErrorInvalidIpAddressDescription": "Voer een geldig IP-adres in",
    "rulesErrorUpdate": "Regels bijwerken mislukt",
    "rulesErrorUpdateDescription": "Fout opgetreden tijdens het bijwerken van de regels",
    "rulesUpdated": "Regels inschakelen",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Voer een IP-adres in (bijv. 103.21.244.12)",
    "rulesMatchUrl": "Voer een URL-pad of patroon in (bijv. /api/v1/todos of /api/v1/*)",
    "rulesErrorInvalidPriority": "Ongeldige prioriteit",
-    "rulesErrorInvalidPriorityDescription": "Voer een geheel getal van 1 of hoger in.",
+    "rulesErrorInvalidPriorityDescription": "Voer een geldige prioriteit in",
    "rulesErrorDuplicatePriority": "Dubbele prioriteiten",
-    "rulesErrorDuplicatePriorityDescription": "Elke regel moet een uniek prioriteitsnummer hebben.",
+    "rulesErrorDuplicatePriorityDescription": "Voer unieke prioriteiten in",
    "rulesErrorValidation": "Ongeldige regels",
    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Selecteer een geldig matchtype (pad, IP, CIDR, land, regio of ASN).",
    "rulesErrorValueRequired": "Voer een waarde in voor deze regel.",
    "rulesErrorInvalidCountry": "Ongeldig land",
    "rulesErrorInvalidCountryDescription": "Selecteer een geldig land.",
    "rulesErrorInvalidAsn": "Ongeldige ASN",
    "rulesErrorInvalidAsnDescription": "Voer een geldig ASN in (bijv. AS15169).",
    "ruleUpdated": "Regels bijgewerkt",
    "ruleUpdatedDescription": "Regels met succes bijgewerkt",
    "ruleErrorUpdate": "Bewerking mislukt",
    "ruleErrorUpdateDescription": "Er is een fout opgetreden tijdens het opslaan",
    "rulesPriority": "Prioriteit",
    "rulesReorderDragHandle": "Sleep om de regelprioriteit te herordenen",
    "rulesAction": "actie",
    "rulesMatchType": "Wedstrijd Type",
    "value": "Waarde",
@@ -810,7 +792,7 @@
    "rulesResource": "Configuratie Resource Regels",
    "rulesResourceDescription": "Regels instellen om toegang tot de bron te beheren",
    "ruleSubmit": "Regel toevoegen",
-    "rulesNoOne": "Nog geen regels.",
+    "rulesNoOne": "Geen regels. Voeg een regel toe via het formulier.",
    "rulesOrder": "Regels worden in oplopende volgorde volgens prioriteit beoordeeld.",
    "rulesSubmit": "Regels opslaan",
    "policyErrorCreate": "Fout bij het maken van beleid",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Er is een onverwachte fout opgetreden",
    "policyCreatedSuccess": "Bronbeleid met succes aangemaakt",
    "policyUpdatedSuccess": "Bronbeleid succesvol bijgewerkt",
-    "authMethodsSave": "Instellingen opslaan",
+    "authMethodsSave": "Bewaar authenticatiemethoden",
    "policyAuthStackTitle": "Authenticatie",
    "policyAuthStackDescription": "Bepaal welke authenticatiemethoden vereist zijn om toegang tot deze bron te krijgen",
    "policyAuthOrLogicTitle": "Meerdere authenticatiemethoden actief",
    "policyAuthOrLogicBanner": "Bezoekers kunnen zich aanmelden met een van de hieronder actieve methoden. Ze hoeven ze niet allemaal te voltooien.",
    "policyAuthMethodActive": "Actief",
    "policyAuthMethodOff": "Uit",
    "policyAuthSsoTitle": "Platform SSO",
    "policyAuthSsoDescription": "Vereis inloggen via de identiteit provider van uw organisatie",
    "policyAuthSsoSummary": "{idp} · {users} gebruikers, {roles} rollen",
    "policyAuthSsoDefaultIdp": "Standaard provider",
    "policyAuthAddDefaultIdentityProvider": "Standaard Identiteit Provider Toevoegen",
    "policyAuthOtherMethodsTitle": "Andere Methoden",
    "policyAuthOtherMethodsDescription": "Optionele methoden die bezoekers kunnen gebruiken in plaats van of samen met platform SSO",
    "policyAuthPasscodeTitle": "Toegangscode",
    "policyAuthPasscodeDescription": "Vereis een alfanumerieke toegangscode om toegang te krijgen tot de bron",
    "policyAuthPasscodeSummary": "Toegangscode ingesteld",
    "policyAuthPincodeTitle": "Pincode",
    "policyAuthPincodeDescription": "Een korte numerieke code vereist om toegang tot de bron te krijgen",
    "policyAuthPincodeSummary": "6-cijferige Pincode ingesteld",
    "policyAuthEmailTitle": "E-mail Whitelist",
    "policyAuthEmailDescription": "Sta vermelde e-mailadressen toe met eenmalige wachtwoorden",
    "policyAuthEmailSummary": "{count} adressen toegestaan",
    "policyAuthEmailOtpCallout": "Het inschakelen van e-mailwhitelist stuurt een eenmalig wachtwoord naar de e-mail van de bezoeker bij het inloggen.",
    "policyAuthHeaderAuthTitle": "Basic Header Authenticatie",
    "policyAuthHeaderAuthDescription": "Valideer een aangepaste HTTP-headernaam en waarde bij elk verzoek",
    "policyAuthHeaderAuthSummary": "Header geconfigureerd",
    "policyAuthHeaderName": "Header naam",
    "policyAuthHeaderValue": "Verwachte waarde",
    "policyAuthSetPasscode": "Stel toegangscode in",
    "policyAuthSetPincode": "Stel Pincode in",
    "policyAuthSetEmailWhitelist": "Stel E-mail Whitelist in",
    "policyAuthSetHeaderAuth": "Stel Basis Header Authenticatie in",
    "policyAccessRulesTitle": "Toegang Regels",
    "policyAccessRulesEnableDescription": "Wanneer ingeschakeld, worden regels in aflopende volgorde geëvalueerd totdat er één als waar wordt geoordeeld.",
    "policyAccessRulesFirstMatch": "Regels worden van boven naar beneden geëvalueerd. De eerste overeenkomstige regel bepaalt de uitkomst.",
    "policyAccessRulesHowItWorks": "Regels komen overeen met verzoeken op basis van pad, IP-adres, locatie of andere criteria. Elke regel past een actie toe: authenticatie omzeilen, toegang blokkeren of authenticatie doorgeven. Als er geen regel overeenkomt, gaat het verkeer door naar authenticatie.",
    "policyAccessRulesFallthroughOff": "Wanneer regels zijn uitgeschakeld, passeert al het verkeer naar authenticatie.",
    "policyAccessRulesFallthroughOn": "Wanneer geen regel overeenkomt, passeert het verkeer naar authenticatie.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Regels opslaan",
    "resourceErrorCreate": "Fout bij maken document",
    "resourceErrorCreateDescription": "Er is een fout opgetreden bij het maken van het document",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Er is een fout opgetreden tijdens het bijwerken van het document",
    "access": "Toegangsrechten",
    "accessControl": "Toegangs controle",
-    "shareLink": "{resource} Deelbare Link",
+    "shareLink": "{resource} Share link",
    "resourceSelect": "Selecteer resource",
-    "shareLinks": "Deelbare Links",
+    "shareLinks": "Links delen",
    "share": "Deelbare links",
    "shareDescription2": "Maak deelbare links naar bronnen. Links bieden tijdelijke of onbeperkte toegang tot je bestand. U kunt de vervalduur van de link configureren wanneer u er een aanmaakt.",
    "shareEasyCreate": "Makkelijk te maken en te delen",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Beheerders hebben altijd toegang tot deze bron.",
    "resourcePolicySelectTitle": "Toegangsbeleid voor bronnen",
    "resourcePolicySelectDescription": "Selecteer het bronbeleidstype voor authenticatie",
    "resourcePolicyTypeLabel": "Beleidstype",
    "resourcePolicyLabel": "Bronbeleid",
    "resourcePolicyInline": "Inline bronbeleid",
    "resourcePolicyInlineDescription": "Toegangsbeleid alleen gericht op deze bron",
    "resourcePolicyShared": "Gedeeld bronbeleid",
-    "resourcePolicySharedDescription": "Deze bron gebruikt een gedeeld beleid.",
+    "resourcePolicySharedDescription": "Deze bron gebruikt een gedeeld beleid. Instellingen op beleidsniveau (authenticatiemethoden, e-mailwhitelist) zijn vergrendeld. U kunt hieronder bron-specifieke regels, rollen en gebruikers toevoegen.",
    "sharedPolicy": "Gedeeld Beleid",
    "sharedPolicyNoneDescription": "Deze bron heeft zijn eigen beleid.",
    "resourceSharedPolicyOwnDescription": "Deze bron heeft zijn eigen authenticatie- en toegangsvanregels.",
    "resourceSharedPolicyInheritedDescription": "Deze bron erft van <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Deze bron gebruikt een gedeeld beleid. Sommige authenticatie-instellingen kunnen op deze bron worden bewerkt om toe te voegen aan het beleid. Om het onderliggende beleid te wijzigen, moet u het beleid bewerken in <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Deze bron gebruikt een gedeeld beleid. Sommige toegangsregels kunnen op deze bron worden bewerkt. Om het onderliggende beleid te wijzigen, moet u <policyLink>{policyName}</policyLink> bewerken.",
    "resourceUsersRoles": "Toegang Bediening",
    "resourceUsersRolesDescription": "Configureer welke gebruikers en rollen deze pagina kunnen bezoeken",
    "resourceUsersRolesSubmit": "Bewaar Toegangsbesturing",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Zichtbaarheid",
    "resourceVisibilityTitleDescription": "Zichtbaarheid van bestanden volledig in- of uitschakelen",
    "resourceGeneral": "Algemene instellingen",
-    "resourceGeneralDescription": "Configureer naam, adres en toegangspolicy voor deze bron.",
+    "resourceGeneralDescription": "Configureer de algemene instellingen voor deze bron",
    "resourceGeneralDetailsSubsection": "Bron Details",
    "resourceGeneralDetailsSubsectionDescription": "Stel de weergavenaam, identificatiecode en publiek toegankelijk domein voor deze bron in.",
    "resourceGeneralDetailsSubsectionPortDescription": "Stel de weergavenaam, identificatiecode en publieke poort voor deze bron in.",
    "resourceGeneralPublicAddressSubsection": "Publiek Adres",
    "resourceGeneralPublicAddressSubsectionDescription": "Configureer hoe gebruikers deze bron bereiken.",
    "resourceGeneralAuthenticationAccessSubsection": "Authenticatie & Toegang",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Kies of deze bron zijn eigen beleid gebruikt of van een gedeeld beleid erft.",
    "resourceEnable": "Resource inschakelen",
    "resourceTransfer": "Bronnen overdragen",
    "resourceTransferDescription": "Verplaats dit document naar een andere site",
@@ -1294,14 +1220,11 @@
    "addLabels": "Labels toevoegen",
    "siteLabelsTab": "Labels",
    "siteLabelsDescription": "Beheer labels geassocieerd met deze site.",
-    "labelsNotFound": "Geen labels gevonden.",
+    "labelsNotFound": "Labels niet gevonden",
    "labelsEmptyCreateHint": "Begin hierboven te typen om een label te maken.",
    "labelSearch": "Labels zoeken",
    "labelSearchOrCreate": "Zoek of maak een label",
    "accessLabelFilterCount": "{count, plural, one {# label} other {# labels}}",
    "labelOverflowCount": "+{count, plural, one {# label} other {# labels}}",
    "accessLabelFilterClear": "Labelfilters wissen",
    "accessFilterClear": "Wissen van filters",
    "selectColor": "Kleur selecteren",
    "createNewLabel": "Nieuw org-label \"{label}\" aanmaken",
    "inviteInvalidDescription": "Uitnodigingslink is ongeldig.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Bronnen",
    "sidebarProxyResources": "Openbaar",
    "sidebarClientResources": "Privé",
-    "sidebarPolicies": "Gedeeld Beleid",
+    "sidebarPolicies": "Beleid",
-    "sidebarResourcePolicies": "Openbare Bronnen",
+    "sidebarResourcePolicies": "Bronnen",
    "sidebarAccessControl": "Toegangs controle",
    "sidebarLogsAndAnalytics": "Logs & Analytics",
    "sidebarTeam": "Team",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Beheerder",
    "sidebarInvitations": "Uitnodigingen",
    "sidebarRoles": "Rollen",
-    "sidebarShareableLinks": "Deelbare Links",
+    "sidebarShareableLinks": "Koppelingen",
    "sidebarApiKeys": "API sleutels",
    "sidebarProvisioning": "Provisie",
    "sidebarSettings": "Instellingen",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Bron {id}",
    "blueprints": "Blauwdrukken",
    "blueprintsLog": "Log Blueprints",
-    "blueprintsDescription": "Bekijk eerdere blauwdruktoepassingen en hun resultaten of pas een nieuwe blauwdruk toe",
+    "blueprintsDescription": "Bekijk eerdere blueprint-toepassingen en hun resultaten",
    "blueprintAdd": "Blauwdruk toevoegen",
    "blueprintGoBack": "Bekijk alle Blauwdrukken",
    "blueprintCreate": "Creëer blauwdruk",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Schakel Docker Blauwdruk in",
    "enableDockerSocketDescription": "Schakel Docker Socket-label in voor blueprint-labels. Socket-pad moet worden opgegeven aan de siteconnector. Lees meer over hoe dit werkt in <docsLink>de documentatie</docsLink>.",
    "newtAutoUpdate": "Automatische site-update inschakelen",
-    "newtAutoUpdateDescription": "Als ingeschakeld, downloaden de site-connectoren automatisch de laatste versie en starten zichzelf opnieuw. Dit kan per site worden overschreven.",
+    "newtAutoUpdateDescription": "Wanneer ingeschakeld, zullen site-connectors automatisch updaten naar de nieuwste versie wanneer een nieuwe release beschikbaar is.",
    "siteAutoUpdate": "Automatische site-update",
    "siteAutoUpdateLabel": "Automatische update inschakelen",
-    "siteAutoUpdateDescription": "Als dit is ingeschakeld, downloadt en start deze site-connector automatisch de nieuwste versie opnieuw.",
+    "siteAutoUpdateDescription": "Controleer of de siteconnector automatisch de laatste versie downloadt.",
    "siteAutoUpdateOrgDefault": "Standaard van organisatie: {state}",
    "siteAutoUpdateOverriding": "Overschrijving van organisatiestandaardinstelling",
    "siteAutoUpdateResetToOrg": "Terugzetten naar standaard van organisatie",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Accountinstelling voltooid! Welkom bij Pangolin!",
    "documentation": "Documentatie",
    "saveAllSettings": "Alle instellingen opslaan",
-    "saveResourceTargets": "Instellingen opslaan",
+    "saveResourceTargets": "Doelstellingen opslaan",
-    "saveResourceHttp": "Instellingen opslaan",
+    "saveResourceHttp": "Proxyinstellingen opslaan",
-    "saveProxyProtocol": "Instellingen opslaan",
+    "saveProxyProtocol": "Proxy-protocolinstellingen opslaan",
    "settingsUpdated": "Instellingen bijgewerkt",
    "settingsUpdatedDescription": "Instellingen succesvol bijgewerkt",
    "settingsErrorUpdate": "Bijwerken van instellingen mislukt",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Onbekend",
    "healthCheck": "Gezondheidscontrole",
    "configureHealthCheck": "Configureer Gezondheidscontrole",
-    "configureHealthCheckDescription": "Stel monitoring in voor uw bron om ervoor te zorgen dat deze altijd beschikbaar is",
+    "configureHealthCheckDescription": "Stel gezondheid monitor voor {target} in",
    "enableHealthChecks": "Inschakelen Gezondheidscontroles",
    "healthCheckDisabledStateDescription": "Wanneer uitgeschakeld, zal de site geen gezondheidscontroles uitvoeren en wordt de staat als onbekend beschouwd.",
    "enableHealthChecksDescription": "Controleer de gezondheid van dit doel. U kunt een ander eindpunt monitoren dan het doel indien vereist.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Selecteer methode",
-    "healthCheckPortInvalid": "Poort moet tussen 1 en 65535 zijn",
+    "healthCheckPortInvalid": "Health check poort moet tussen 1 en 65535 zijn",
    "healthCheckPath": "Pad",
    "healthHostname": "IP / Hostnaam",
    "healthPort": "Poort",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Vereist goedkeuring van apparaat",
    "requireDeviceApprovalDescription": "Gebruikers met deze rol hebben nieuwe apparaten nodig die door een beheerder zijn goedgekeurd voordat ze verbinding kunnen maken met bronnen en deze kunnen gebruiken.",
    "sshSettings": "SSH-instellingen",
    "sshAccess": "SSH Toegang",
    "rdpSettings": "RDP-instellingen",
    "vncSettings": "VNC-instellingen",
    "sshServer": "SSH-server",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Zorg ervoor dat uw doelhost goed is geconfigureerd om de auth daemon uit te voeren voordat u deze configuratie voltooit, anders zal de voorziening mislukken.",
    "sshDaemonPort": "Demonpoort",
    "sshServerDestination": "Serverbestemming",
-    "sshServerDestinationDescription": "Configureer de bestemming van de SSH-server",
+    "sshServerDestinationDescription": "Configureer de bestemming en poort van de SSH-server",
    "destination": "Bestemming",
    "destinationRequired": "Bestemming is vereist.",
    "domainRequired": "Domein is vereist.",
    "proxyPortRequired": "Poort is vereist.",
    "invalidPathConfiguration": "Ongeldige padconfiguratie.",
    "invalidRewritePathConfiguration": "Ongeldige overschrijfpadconfiguratie.",
    "bgTargetMultiSiteDisclaimer": "Het selecteren van meerdere sites maakt veerkrachtige routering mogelijk en failover voor hoge beschikbaarheid.",
    "roleAllowSsh": "SSH toestaan",
    "roleAllowSshAllow": "Toestaan",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
    "sshSudo": "sudo toestaan",
    "sshSudoCommands": "Sudo Commando's",
-    "sshSudoCommandsDescription": "Lijst met commando's die de gebruiker mag uitvoeren met sudo, gescheiden door komma's, spaties of nieuwe regels. Absolute paden moeten worden gebruikt.",
+    "sshSudoCommandsDescription": "Commagescheiden lijst van commando's die de gebruiker met sudo mag uitvoeren. Absolute paden moeten worden gebruikt.",
    "sshCreateHomeDir": "Maak Home Directory",
    "sshUnixGroups": "Unix groepen",
-    "sshUnixGroupsDescription": "Unix-groepen om de gebruiker aan toe te voegen op de doelhost, gescheiden door komma's, spaties of nieuwe regels.",
+    "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
    "roleTextFieldPlaceholder": "Voer waarden in, of sleep een .txt of .csv-bestand",
    "roleTextImportTitle": "Importeer vanuit Bestand",
    "roleTextImportDescription": "{fileName} importeren naar {fieldLabel}.",
    "roleTextImportSkipHeader": "Sla de eerste rij over (header)",
    "roleTextImportOverride": "Vervang Bestaande",
    "roleTextImportAppend": "Voeg toe aan Bestaande",
    "roleTextImportMode": "Importeer modus",
    "roleTextImportPreview": "Voorbeeld",
    "roleTextImportItemCount": "{count, plural, =0 {Geen items om te importeren} one {1 item om te importeren} other {# items om te importeren}}",
    "roleTextImportTotalCount": "{existing} bestaande + {imported} geïmporteerd = {total} totaal",
    "roleTextImportConfirm": "Importeren",
    "roleTextImportInvalidFile": "Niet-ondersteund bestandstype",
    "roleTextImportInvalidFileDescription": "Alleen .txt en .csv-bestanden worden ondersteund.",
    "roleTextImportEmpty": "Geen items gevonden in bestand",
    "roleTextImportEmptyDescription": "Het bestand bevat geen importeerbare items.",
    "retryAttempts": "Herhaal Pogingen",
    "expectedResponseCodes": "Verwachte Reactiecodes",
    "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Proxy Protocol inschakelen",
    "proxyProtocolInfo": "Behoud IP adressen van de client voor TCP backends",
    "proxyProtocolVersion": "Proxy Protocol Versie",
-    "version1": "Versie 1 (Aanbevolen)",
+    "version1": " Versie 1 (Aanbevolen)",
    "version2": "Versie 2",
-    "version1Description": "Tekstgebaseerd en breed ondersteund. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
+    "versionDescription": "Versie 1 is text-based en breed ondersteund. Versie 2 is binair en efficiënter maar minder compatibel.",
    "version2Description": "Binair en efficiënter maar minder compatibel. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
    "warning": "Waarschuwing",
    "proxyProtocolWarning": "De backend applicatie moet worden geconfigureerd om Proxy Protocol verbindingen te accepteren. Als je backend geen Proxy Protocol ondersteunt, zal het inschakelen van dit alle verbindingen verbreken, dus schakel dit alleen in als je weet wat je doet. Zorg ervoor dat je je backend configureert om Proxy Protocol headers van Traefik.",
    "restarting": "Herstarten...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Bevestiging invoeren",
    "blueprintViewDetails": "Details",
    "defaultIdentityProvider": "Standaard Identiteitsprovider",
-    "defaultIdentityProviderDescription": "De gebruiker wordt automatisch doorgestuurd naar deze identity provider voor authenticatie.",
+    "defaultIdentityProviderDescription": "Wanneer een standaard identity provider is geselecteerd, zal de gebruiker automatisch worden doorgestuurd naar de provider voor authenticatie.",
    "editInternalResourceDialogNetworkSettings": "Netwerkinstellingen",
    "editInternalResourceDialogAccessPolicy": "Toegangsbeleid",
    "editInternalResourceDialogAddRoles": "Rollen toevoegen",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Type onderhoudsmodus",
    "showMaintenancePage": "Toon een onderhoudspagina aan bezoekers",
    "enableMaintenanceMode": "Onderhoudsmodus inschakelen",
    "enableMaintenanceModeDescription": "Wanneer ingeschakeld zien bezoekers een onderhoudspagina in plaats van uw bron.",
    "automatic": "Automatisch",
    "automaticModeDescription": " Toon onderhoudspagina alleen wanneer alle back-enddoelen niet beschikbaar zijn of ongezond zijn. Jouw bron blijft normaal functioneren zolang er tenminste één doel gezond is.",
    "forced": "Geforceerd",
@@ -3182,8 +3082,6 @@
    "warning:": "Waarschuwing:",
    "forcedeModeWarning": "Al het verkeer wordt naar de onderhoudspagina geleid. Jouw back-endbronnen ontvangen geen verzoeken.",
    "pageTitle": "Paginatitel",
    "maintenancePageContentSubsection": "Pagina-inhoud",
    "maintenancePageContentSubsectionDescription": "Pas de inhoud aan die op de onderhoudspagina wordt weergegeven",
    "pageTitleDescription": "De hoofdkop die op de onderhoudspagina wordt weergegeven",
    "maintenancePageMessage": "Onderhoudsbericht",
    "maintenancePageMessagePlaceholder": "We keren snel terug! Onze site ondergaat momenteel gepland onderhoud.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Weet u zeker dat u deze identiteitsprovider van deze organisatie wilt loskoppelen?",
    "idpUnassociateDescription": "Alle gebruikers die aan deze identiteitsprovider zijn gekoppeld, worden uit deze organisatie verwijderd, maar de identiteitsprovider blijft bestaan voor andere gerelateerde organisaties.",
    "idpUnassociateConfirm": "Bevestig ontkoppelen identiteitsprovider",
    "idpConfirmDeleteAndRemoveMeFromOrg": "VERWIJDER EN VERWIJDER ME VAN ORG",
    "idpUnassociateAndRemoveMeFromOrg": "ONTKOPPEL EN VERWIJDER ME VAN ORG",
    "idpUnassociateWarning": "Dit kan niet ongedaan worden gemaakt voor deze organisatie.",
    "idpUnassociatedDescription": "Identiteitsprovider succesvol losgekoppeld van deze organisatie",
    "idpUnassociateMenu": "Ontkoppelen",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Verbinding maken…",
    "sshInitializing": "Initialiseren…",
    "sshSignInTitle": "Meld u aan bij SSH",
-    "sshSignInDescription": "Voer uw SSH-gegevens in om verbinding te maken",
+    "sshSignInDescription": "Voer uw SSH-referenties in",
    "sshPasswordTab": "Wachtwoord",
    "sshPrivateKeyTab": "Privésleutel",
    "sshPrivateKeyField": "Privésleutel",
    "sshPrivateKeyDisclaimer": "Uw privésleutel wordt niet opgeslagen of zichtbaar gemaakt voor Pangolin. U kunt ook gebruik maken van kortlopende certificaten voor naadloze authenticatie met uw bestaande Pangolin-identiteit.",
    "sshLearnMore": "Meer informatie",
    "sshPrivateKeyFile": "Bestand met privésleutel",
-    "sshAuthenticate": "Verbinden",
+    "sshAuthenticate": "Authenticeren",
    "sshTerminate": "Beëindigen",
    "sshPoweredBy": "Aangeboden door",
    "sshErrorNoTarget": "Geen doelwit gespecificeerd",
    "sshErrorWebSocket": "WebSocket-verbinding is mislukt",
    "sshErrorAuthFailed": "Authenticatie mislukt",
-    "sshErrorConnectionClosed": "Verbinding gesloten voordat authenticatie was voltooid",
+    "sshErrorConnectionClosed": "Verbinding gesloten voordat authenticatie was voltooid"
    "sitePangolinSshDescription": "Sta SSH-toegang toe tot bronnen op deze site. Dit kan later worden gewijzigd.",
    "browserGatewayNoResourceForDomain": "Geen bron gevonden voor dit domein",
    "browserGatewayNoTarget": "Geen doelwit",
    "browserGatewayConnect": "Verbinden",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Kan SSH-sleutel voor PAM push-authenticatie niet ondertekenen. Heeft u als gebruiker aangemeld?",
    "sshTerminalError": "Fout: {error}",
    "sshConnectionClosedCode": "Verbinding gesloten (code {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "Privésleutel is vereist",
    "vncTitle": "VNC",
    "vncSignInDescription": "Voer uw VNC-wachtwoord in om verbinding te maken",
    "vncPasswordOptional": "Wachtwoord (optioneel)",
    "vncNoResourceTarget": "Geen bron doelwit beschikbaar",
    "vncFailedToLoadNovnc": "Laden van noVNC mislukt",
    "vncAuthFailedStatus": "Status {status}",
    "vncPasteClipboard": "Klembord plakken",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Meld u aan bij Remote Desktop",
    "rdpSignInDescription": "Voer Windows-gegevens in om verbinding te maken",
    "rdpLoadingModule": "Module laden...",
    "rdpFailedToLoadModule": "Laden van RDP-module mislukt",
    "rdpNotReady": "Niet gereed",
    "rdpModuleInitializing": "RDP-module is nog aan het initialiseren",
    "rdpDownloadingFiles": "{count} bestand(en) worden van een externe locatie gedownload…",
    "rdpDownloadFailed": "Download mislukt: {fileName}",
    "rdpUploaded": "Geüpload: {fileName}",
    "rdpNoConnectionTarget": "Geen verbinding doelwit beschikbaar",
    "rdpConnectionFailed": "Verbinding mislukt",
    "rdpFit": "Schalen",
    "rdpFull": "Volledig",
    "rdpReal": "Reëel",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Bestanden uploaden",
    "rdpFilesReadyToPaste": "Bestanden klaar om te plakken",
    "rdpFilesReadyToPasteDescription": "{count} bestand(en) gekopieerd naar klembord op afstand — druk op Ctrl+V op het externe bureaublad om te plakken.",
    "rdpUploadFailed": "Upload mislukt",
    "rdpUnicodeKeyboardMode": "Unicode toetsenbordmodus",
    "sessionToolbarShow": "Toon werkbalk",
    "sessionToolbarHide": "Verberg werkbalk"
 }
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Zobacz zasoby prywatne",
    "siteInstallNewt": "Zainstaluj Newt",
    "siteInstallNewtDescription": "Uruchom Newt w swoim systemie",
    "siteInstallKubernetesDocsDescription": "Aby uzyskać więcej aktualnych informacji o instalacji Kubernetes, zobacz <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Aby uzyskać instrukcje dotyczące instalacji modemu Advantech, zobacz: <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Konfiguracja WireGuard",
    "WgConfigurationDescription": "Użyj następującej konfiguracji, aby połączyć się z siecią",
    "operatingSystem": "System operacyjny",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Możesz to zobaczyć tylko raz. Upewnij się, że skopiuj je do bezpiecznego miejsca.",
    "siteInfo": "Informacje o witrynie",
    "status": "Status",
-    "shareTitle": "Zarządzaj linkami do udostępnienia",
+    "shareTitle": "Zarządzaj linkami udostępniania",
    "shareDescription": "Utwórz linki do współdzielenia, aby przyznać tymczasowy lub stały dostęp do zasobów proxy",
-    "shareSearch": "Wyszukaj linki do udostępnienia...",
+    "shareSearch": "Szukaj linków udostępnienia...",
-    "shareCreate": "Utwórz link do udostępnienia",
+    "shareCreate": "Utwórz link udostępniania",
    "shareErrorDelete": "Nie udało się usunąć linku",
    "shareErrorDeleteMessage": "Wystąpił błąd podczas usuwania linku",
    "shareDeleted": "Link usunięty",
    "shareDeletedDescription": "Link został usunięty",
-    "shareDelete": "Usuń link do udostępnienia",
+    "shareDelete": "Usuń link udostępniania",
-    "shareDeleteConfirm": "Potwierdź usunięcie linku do udostępnienia",
+    "shareDeleteConfirm": "Potwierdź usunięcie linku udostępniania",
    "shareQuestionRemove": "Czy na pewno chcesz usunąć ten link udostępniania?",
    "shareMessageRemove": "Po usunięciu, link przestanie działać i wszyscy korzystający z niego stracą dostęp do zasobu.",
    "shareTokenDescription": "Token dostępu może być przekazywany na dwa sposoby: jako parametr zapytania lub w nagłówkach żądania. Muszą być przekazywane z klienta na każde żądanie uwierzytelnionego dostępu.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Każdy z tym linkiem może uzyskać dostęp do zasobu",
    "shareTitleOptional": "Tytuł (opcjonalnie)",
    "sharePathOptional": "Ścieżka (opcjonalnie)",
    "sharePathDescription": "Link przekieruje użytkowników do tej ścieżki po uwierzytelnieniu.",
    "expireIn": "Wygasa za",
    "neverExpire": "Nigdy nie wygasa",
    "shareExpireDescription": "Czas wygaśnięcia to jak długo link będzie mógł być użyty i zapewni dostęp do zasobu. Po tym czasie link nie będzie już działał, a użytkownicy, którzy użyli tego linku, utracą dostęp do zasobu.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Wybierz zasób",
    "proxyResourceTitle": "Zarządzaj zasobami publicznymi",
    "proxyResourceDescription": "Twórz i zarządzaj zasobami, które są publicznie dostępne w przeglądarce internetowej",
-    "publicResourcesBannerTitle": "Publiczny dostęp przez przeglądarkę internetową",
+    "publicResourcesBannerTitle": "Publiczny dostęp za pośrednictwem sieci Web",
-    "publicResourcesBannerDescription": "Zasoby publiczne to serwery proxy HTTPS, dostępne dla każdego w Internecie za pośrednictwem przeglądarki. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
+    "publicResourcesBannerDescription": "Zasoby publiczne to proxy HTTPS lub TCP/UDP dostępne dla każdego w internecie za pośrednictwem przeglądarki internetowej. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
    "clientResourceTitle": "Zarządzaj zasobami prywatnymi",
    "clientResourceDescription": "Twórz i zarządzaj zasobami, które są dostępne tylko za pośrednictwem połączonego klienta",
    "privateResourcesBannerTitle": "Zero zaufania do prywatnego dostępu",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Szukaj zasobów...",
    "resourceAdd": "Dodaj zasób",
    "resourceErrorDelte": "Błąd podczas usuwania zasobu",
-    "resourcePoliciesBannerTitle": "Ponownie użyj Uwierzytelniania i Zasad Dostępu",
+    "resourcePoliciesTitle": "Zarządzaj politykami zasobów",
-    "resourcePoliciesBannerDescription": "Polityki zasobów współdzielonych pozwalają zdefiniować metody uwierzytelniania oraz zasady dostępu jednokrotnie, a następnie przypiąć je do wielu zasobów publicznych. Po zaktualizowaniu polityki każda powiązana zasób automatycznie dziedziczy zmianę.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Dołączone zasoby",
    "resourcePoliciesBannerButtonText": "Dowiedz się więcej",
    "resourcePoliciesTitle": "Zarządzaj publicznymi zasadami zasobów",
    "resourcePoliciesAttachedResourcesColumnTitle": "Zasoby",
    "resourcePoliciesAttachedResources": "{count} zasób(y)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zasób} few {# zasoby} many {# zasobów} other {# zasobów}}",
    "resourcePoliciesAttachedResourcesEmpty": "brak zasobów",
-    "resourcePoliciesDescription": "Twórz i zarządzaj politykami uwierzytelniania, aby kontrolować dostęp do swoich zasobów publicznych",
+    "resourcePoliciesDescription": "Twórz i zarządzaj politykami uwierzytelniania, aby kontrolować dostęp do swoich zasobów",
    "resourcePoliciesSearch": "Szukaj polityk...",
    "resourcePoliciesAdd": "Dodaj politykę",
    "resourcePoliciesDefaultBadgeText": "Domyślna polityka",
-    "resourcePoliciesCreate": "Utwórz publiczną politykę zasobów",
+    "resourcePoliciesCreate": "Utwórz politykę zasobu",
    "resourcePoliciesCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nową politykę",
    "resourcePolicyName": "Nazwa polityki",
    "resourcePolicyNameDescription": "Nadaj tej polityce nazwę, aby można ją było zidentyfikować w całych zasobach",
@@ -281,7 +274,7 @@
    "back": "Powrót",
    "cancel": "Anuluj",
    "resourceConfig": "Snippety konfiguracji",
-    "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP.",
+    "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP",
    "resourceAddEntrypoints": "Traefik: Dodaj punkty wejścia",
    "resourceExposePorts": "Gerbil: Podnieś porty w Komponencie Dockera",
    "resourceLearnRaw": "Dowiedz się, jak skonfigurować zasoby TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Usuń etykietę",
    "labelAdd": "Dodaj etykietę",
    "labelCreateSuccessMessage": "Etykieta została utworzona pomyślnie",
    "labelDuplicateError": "Zduplikowana etykieta",
    "labelDuplicateErrorDescription": "Etykieta o tej nazwie już istnieje.",
    "labelEditSuccessMessage": "Etykieta została pomyślnie zmodyfikowana",
    "labelNameField": "Nazwa etykiety",
    "labelColorField": "Kolor etykiety",
@@ -320,7 +311,7 @@
    "rules": "Regulamin",
    "resourceSettingDescription": "Skonfiguruj ustawienia zasobu",
    "resourceSetting": "Ustawienia {resourceName}",
-    "resourcePolicySettingDescription": "Skonfiguruj ustawienia tej publicznej polityki zasobów",
+    "resourcePolicySettingDescription": "Skonfiguruj ustawienia w polityce zasobów",
    "resourcePolicySetting": "Ustawienia {policyName}",
    "alwaysAllow": "Omijanie uwierzytelniania",
    "alwaysDeny": "Blokuj dostęp",
@@ -728,7 +719,7 @@
    "targetSubmit": "Dodaj cel",
    "targetNoOne": "Ten zasób nie ma żadnych celów. Dodaj cel do skonfigurowania adresów wysyłania żądań do backendu.",
    "targetNoOneDescription": "Dodanie więcej niż jednego celu powyżej włączy równoważenie obciążenia.",
-    "targetsSubmit": "Zapisz ustawienia",
+    "targetsSubmit": "Zapisz cele",
    "addTarget": "Dodaj cel",
    "proxyMultiSiteRoundRobinNodeHelp": "Trasowanie round-robin nie będzie działać między witrynami, które nie są połączone z tym samym węzłem, ale przełączanie awaryjne będzie działać.",
    "targetErrorInvalidIp": "Nieprawidłowy adres IP",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Duplikat reguły",
    "rulesErrorDuplicateDescription": "Reguła o tych ustawieniach już istnieje",
    "rulesErrorInvalidIpAddressRange": "Nieprawidłowy CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź poprawny zakres CIDR (np. 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź prawidłową wartość CIDR",
-    "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka",
+    "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka URL",
-    "rulesErrorInvalidUrlDescription": "Wprowadź poprawną ścieżkę URL lub wzorzec (np. /api/*).",
+    "rulesErrorInvalidUrlDescription": "Wprowadź prawidłową wartość ścieżki URL",
-    "rulesErrorInvalidIpAddress": "Nieprawidłowy adres IP",
+    "rulesErrorInvalidIpAddress": "Nieprawidłowe IP",
-    "rulesErrorInvalidIpAddressDescription": "Wprowadź poprawny adres IPv4 lub IPv6.",
+    "rulesErrorInvalidIpAddressDescription": "Wprowadź prawidłowy adres IP",
    "rulesErrorUpdate": "Nie udało się zaktualizować reguł",
    "rulesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji reguł",
    "rulesUpdated": "Włącz reguły",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Wprowadź adres IP (np. 103.21.244.12)",
    "rulesMatchUrl": "Wprowadź ścieżkę URL lub wzorzec (np. /api/v1/todos lub /api/v1/*)",
    "rulesErrorInvalidPriority": "Nieprawidłowy priorytet",
-    "rulesErrorInvalidPriorityDescription": "Wprowadź liczbę całkowitą 1 lub wyższą.",
+    "rulesErrorInvalidPriorityDescription": "Wprowadź prawidłowy priorytet",
    "rulesErrorDuplicatePriority": "Zduplikowane priorytety",
-    "rulesErrorDuplicatePriorityDescription": "Każda reguła musi mieć unikalny numer priorytetu.",
+    "rulesErrorDuplicatePriorityDescription": "Wprowadź unikalne priorytety",
    "rulesErrorValidation": "Nieprawidłowe reguły",
    "rulesErrorValidationRuleDescription": "Reguła {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Wybierz poprawny typ dopasowania (ścieżka, IP, CIDR, kraj, region lub ASN).",
    "rulesErrorValueRequired": "Wprowadź wartość dla tej reguły.",
    "rulesErrorInvalidCountry": "Nieprawidłowy kraj",
    "rulesErrorInvalidCountryDescription": "Wybierz poprawny kraj.",
    "rulesErrorInvalidAsn": "Nieprawidłowy ASN",
    "rulesErrorInvalidAsnDescription": "Wprowadź poprawny ASN (np. AS15169).",
    "ruleUpdated": "Reguły zaktualizowane",
    "ruleUpdatedDescription": "Reguły zostały pomyślnie zaktualizowane",
    "ruleErrorUpdate": "Operacja nie powiodła się",
    "ruleErrorUpdateDescription": "Wystąpił błąd podczas operacji zapisu",
    "rulesPriority": "Priorytet",
    "rulesReorderDragHandle": "Przeciągnij, aby zmienić kolejność priorytetów reguł",
    "rulesAction": "Akcja",
    "rulesMatchType": "Typ dopasowania",
    "value": "Wartość",
@@ -810,7 +792,7 @@
    "rulesResource": "Konfiguracja reguł zasobu",
    "rulesResourceDescription": "Skonfiguruj reguły, aby kontrolować dostęp do zasobu",
    "ruleSubmit": "Dodaj regułę",
-    "rulesNoOne": "Brak reguł.",
+    "rulesNoOne": "Brak reguł. Dodaj regułę używając formularza.",
    "rulesOrder": "Reguły są oceniane według priorytetu w kolejności rosnącej.",
    "rulesSubmit": "Zapisz reguły",
    "policyErrorCreate": "Błąd przy tworzeniu polityki",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Wystąpił nieoczekiwany błąd",
    "policyCreatedSuccess": "Polityka zasobów została pomyślnie utworzona",
    "policyUpdatedSuccess": "Polityka zasobów została pomyślnie zaktualizowana",
-    "authMethodsSave": "Zapisz ustawienia",
+    "authMethodsSave": "Zapisz metody uwierzytelniania",
    "policyAuthStackTitle": "Uwierzytelnianie",
    "policyAuthStackDescription": "Kontroluj, które metody uwierzytelniania są wymagane do uzyskania dostępu do tego zasobu",
    "policyAuthOrLogicTitle": "Kilka metod uwierzytelniania jest aktywnych",
    "policyAuthOrLogicBanner": "Odwiedzający mogą się uwierzytelnić, korzystając z jednej z poniższych aktywnych metod. Nie muszą ukończyć wszystkich z nich.",
    "policyAuthMethodActive": "Aktywny",
    "policyAuthMethodOff": "Wyłączony",
    "policyAuthSsoTitle": "Platforma SSO",
    "policyAuthSsoDescription": "Wymagany znak w identyfikatorze dostawcy Twojej organizacji",
    "policyAuthSsoSummary": "{idp} · {users} użytkowników, {roles} ról",
    "policyAuthSsoDefaultIdp": "Dostawca domyślny",
    "policyAuthAddDefaultIdentityProvider": "Dodaj Dostawcę Tożsamości Domyślnej",
    "policyAuthOtherMethodsTitle": "Inne Metody",
    "policyAuthOtherMethodsDescription": "Opcjonalne metody, których odwiedzający mogą używać zamiast lub razem z platformą SSO",
    "policyAuthPasscodeTitle": "Hasło dostępu",
    "policyAuthPasscodeDescription": "Wymagane wspólne hasło alfanumeryczne do uzyskania dostępu do zasobu",
    "policyAuthPasscodeSummary": "Zestaw hasła dostępu",
    "policyAuthPincodeTitle": "Kod PIN",
    "policyAuthPincodeDescription": "Krótki kod numeryczny wymagany do uzyskania dostępu do zasobu",
    "policyAuthPincodeSummary": "Ustawiono 6-cyfrowy kod PIN",
    "policyAuthEmailTitle": "Biała lista e-mail",
    "policyAuthEmailDescription": "Dozwolone adresy e-mail z hasłami jednorazowymi",
    "policyAuthEmailSummary": "Dozwolonych {count} adresów",
    "policyAuthEmailOtpCallout": "Włączenie białej listy e-mail wysyła hasło jednorazowe na e-mail odwiedzającego podczas logowania.",
    "policyAuthHeaderAuthTitle": "Podstawowe Uwierzytelnianie Nagłówka",
    "policyAuthHeaderAuthDescription": "Walidacja niestandardowej nazwy i wartości nagłówka HTTP przy każdym żądaniu",
    "policyAuthHeaderAuthSummary": "Skonfigurowany nagłówek",
    "policyAuthHeaderName": "Nazwa nagłówka",
    "policyAuthHeaderValue": "Oczekiwana wartość",
    "policyAuthSetPasscode": "Ustaw hasło dostępu",
    "policyAuthSetPincode": "Ustaw kod PIN",
    "policyAuthSetEmailWhitelist": "Ustaw białą listę e-mail",
    "policyAuthSetHeaderAuth": "Ustaw Podstawowe Uwierzytelnianie Nagłówka",
    "policyAccessRulesTitle": "Zasady Dostępu",
    "policyAccessRulesEnableDescription": "Gdy zostaną włączone, reguły są oceniane w kolejności malejącej, aż jedna z nich zostanie oceniona jako prawdziwa.",
    "policyAccessRulesFirstMatch": "Reguły są oceniane od góry do dołu. Pierwsza pasująca reguła decyduje o wyniku.",
    "policyAccessRulesHowItWorks": "Reguły dopasowują żądania według ścieżki, adresu IP, lokalizacji lub innych kryteriów. Każda reguła stosuje działanie: pominięcie uwierzytelniania, blokowanie dostępu lub przekazanie do uwierzytelniania. Jeśli żadna reguła nie pasuje, ruch przechodzi dalej do uwierzytelniania.",
    "policyAccessRulesFallthroughOff": "Gdy reguły są wyłączone, cały ruch przechodzi do uwierzytelniania.",
    "policyAccessRulesFallthroughOn": "Gdy żadna reguła nie pasuje, ruch przechodzi do uwierzytelniania.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Zapisz zasady",
    "resourceErrorCreate": "Błąd podczas tworzenia zasobu",
    "resourceErrorCreateDescription": "Wystąpił błąd podczas tworzenia zasobu",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji zasobu",
    "access": "Dostęp",
    "accessControl": "Kontrola dostępu",
-    "shareLink": "{resource} Link do udostępnienia",
+    "shareLink": "Link udostępniania {resource}",
    "resourceSelect": "Wybierz zasób",
-    "shareLinks": "Linki do udostępnienia",
+    "shareLinks": "Linki udostępniania",
    "share": "Linki do udostępniania",
    "shareDescription2": "Utwórz linki do zasobów, które można współdzielić. Linki zapewniają tymczasowy lub nieograniczony dostęp do twojego zasobu. Możesz skonfigurować czas ważności linku, gdy go utworzysz.",
    "shareEasyCreate": "Łatwe tworzenie i udostępnianie",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Administratorzy zawsze mają dostęp do tego zasobu.",
    "resourcePolicySelectTitle": "Polityka dostępu do zasobów",
    "resourcePolicySelectDescription": "Wybierz typ polityki zasobów do uwierzytelniania",
    "resourcePolicyTypeLabel": "Typ polityki",
    "resourcePolicyLabel": "Polityka zasobów",
    "resourcePolicyInline": "Warunkowa polityka zasobów",
    "resourcePolicyInlineDescription": "Polityka dostępu tylko do tego zasobu",
    "resourcePolicyShared": "Dzielona polityka zasobów",
-    "resourcePolicySharedDescription": "Ten zasób korzysta z polityki współdzielonej.",
+    "resourcePolicySharedDescription": "Ten zasób korzysta z dzielonej polityki. Ustawienia na poziomie polityki (metody uwierzytelniania, biała lista e-maili) są zablokowane. Możesz dodać zasady specyficzne dla zasobów, role i użytkowników poniżej.",
    "sharedPolicy": "Polityka Współdzielona",
    "sharedPolicyNoneDescription": "Ten zasób ma własną politykę.",
    "resourceSharedPolicyOwnDescription": "Ten zasób ma własne kontrole zasad uwierzytelniania i dostępu.",
    "resourceSharedPolicyInheritedDescription": "Ten zasób dziedziczy z <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Ten zasób używa polityki współdzielonej. Niektóre ustawienia uwierzytelniania można edytować w tym zasobie, aby dodać do polityki. Aby zmienić podlegającą politykę, musisz ją edytować do <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Ten zasób używa polityki współdzielonej. Niektóre zasady dostępu można edytować w tym zasobie. Aby zmienić podlegającą politykę, musisz edytować <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Kontrola dostępu",
    "resourceUsersRolesDescription": "Skonfiguruj, którzy użytkownicy i role mogą odwiedzać ten zasób",
    "resourceUsersRolesSubmit": "Zapisz kontrole dostępu",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Widoczność",
    "resourceVisibilityTitleDescription": "Całkowicie włącz lub wyłącz widoczność zasobu",
    "resourceGeneral": "Ustawienia ogólne",
-    "resourceGeneralDescription": "Skonfiguruj nazwę, adres i zasady dostępu dla tego zasobu.",
+    "resourceGeneralDescription": "Skonfiguruj ustawienia ogólne dla tego zasobu",
    "resourceGeneralDetailsSubsection": "Szczegóły zasobu",
    "resourceGeneralDetailsSubsectionDescription": "Ustaw nazwę wyświetlaną, identyfikator i publicznie dostępna domenę dla tego zasobu.",
    "resourceGeneralDetailsSubsectionPortDescription": "Ustaw nazwę wyświetlaną, identyfikator i publiczny port dla tego zasobu.",
    "resourceGeneralPublicAddressSubsection": "Publiczny Adres",
    "resourceGeneralPublicAddressSubsectionDescription": "Skonfiguruj, jak użytkownicy mogą dotrzeć do tego zasobu.",
    "resourceGeneralAuthenticationAccessSubsection": "Uwierzytelnianie i Dostęp",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Wybierz, czy ten zasób używa własnej polityki, czy dziedziczy z polityki współdzielonej.",
    "resourceEnable": "Włącz zasób",
    "resourceTransfer": "Przenieś zasób",
    "resourceTransferDescription": "Przenieś ten zasób do innej witryny",
@@ -1294,14 +1220,11 @@
    "addLabels": "Dodaj etykiety",
    "siteLabelsTab": "Etykiety",
    "siteLabelsDescription": "Zarządzaj etykietami powiązanymi z tą stroną.",
-    "labelsNotFound": "Nie znaleziono etykiet.",
+    "labelsNotFound": "Nie znaleziono etykiet",
    "labelsEmptyCreateHint": "Zacznij pisać powyżej, aby utworzyć etykietę.",
    "labelSearch": "Szukaj etykiet",
    "labelSearchOrCreate": "Wyszukaj lub utwórz etykietę",
    "accessLabelFilterCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
    "labelOverflowCount": "+{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
    "accessLabelFilterClear": "Wyczyść filtry etykiet",
    "accessFilterClear": "Wyczyść filtry",
    "selectColor": "Wybierz kolor",
    "createNewLabel": "Utwórz nową etykietę org \"{label}\"",
    "inviteInvalidDescription": "Link zapraszający jest nieprawidłowy.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Zasoby",
    "sidebarProxyResources": "Publiczne",
    "sidebarClientResources": "Prywatny",
-    "sidebarPolicies": "Polityki Współdzielone",
+    "sidebarPolicies": "Polityki",
-    "sidebarResourcePolicies": "Zasoby publiczne",
+    "sidebarResourcePolicies": "Zasoby",
    "sidebarAccessControl": "Kontrola dostępu",
    "sidebarLogsAndAnalytics": "Logi i Analityki",
    "sidebarTeam": "Drużyna",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Zaproszenia",
    "sidebarRoles": "Role",
-    "sidebarShareableLinks": "Linki do udostępnienia",
+    "sidebarShareableLinks": "Linki",
    "sidebarApiKeys": "Klucze API",
    "sidebarProvisioning": "Dostarczanie",
    "sidebarSettings": "Ustawienia",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Zasób {id}",
    "blueprints": "Schematy",
    "blueprintsLog": "Dziennik szablonów",
-    "blueprintsDescription": "Przeglądaj wcześniejsze aplikacje wzorców i ich wyniki lub zastosuj nowy wzorzec",
+    "blueprintsDescription": "Zobacz wcześniejsze zastosowania szablonów i ich wyniki",
    "blueprintAdd": "Dodaj schemat",
    "blueprintGoBack": "Zobacz wszystkie schematy",
    "blueprintCreate": "Utwórz schemat",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Włącz schemat dokera",
    "enableDockerSocketDescription": "Włącz etykietowanie gniazda dokera dla etykiet szablonów. Ścieżka do gniazda musi być dostarczona do łącznika strony. Przeczytaj zarówno jak to działa w <docsLink>dokumentacji</docsLink>.",
    "newtAutoUpdate": "Włącz automatyczną aktualizację witryny",
-    "newtAutoUpdateDescription": "Po włączeniu, łączniki witryn automatycznie pobiorą najnowszą wersję i uruchomią się ponownie. Można to nadpisać na poziomie poszczególnych witryn.",
+    "newtAutoUpdateDescription": "Kiedy włączone, łączniki witryn będą się automatycznie aktualizować do najnowszej wersji, gdy dostępne będzie nowe wydanie.",
    "siteAutoUpdate": "Automatyczna aktualizacja strony",
    "siteAutoUpdateLabel": "Włącz aktualizacje automatyczne",
-    "siteAutoUpdateDescription": "Po włączeniu, łącznik tej witryny automatycznie pobierze najnowszą wersję i uruchomi się ponownie.",
+    "siteAutoUpdateDescription": "Kontroluj czy łącznik tej strony automatycznie pobiera najnowszą wersję.",
    "siteAutoUpdateOrgDefault": "Domyślnie dla organizacji: {state}",
    "siteAutoUpdateOverriding": "Nadpisywanie ustawień organizacji",
    "siteAutoUpdateResetToOrg": "Zresetuj do domyślnych ustawień organizacji",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Konfiguracja konta zakończona! Witaj w Pangolin!",
    "documentation": "Dokumentacja",
    "saveAllSettings": "Zapisz wszystkie ustawienia",
-    "saveResourceTargets": "Zapisz ustawienia",
+    "saveResourceTargets": "Zapisz cele",
-    "saveResourceHttp": "Zapisz ustawienia",
+    "saveResourceHttp": "Zapisz ustawienia proxy",
-    "saveProxyProtocol": "Zapisz ustawienia",
+    "saveProxyProtocol": "Zapisz ustawienia protokołu proxy",
    "settingsUpdated": "Ustawienia zaktualizowane",
    "settingsUpdatedDescription": "Ustawienia zostały pomyślnie zaktualizowane",
    "settingsErrorUpdate": "Nie udało się zaktualizować ustawień",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Nieznany",
    "healthCheck": "Kontrola Zdrowia",
    "configureHealthCheck": "Skonfiguruj Kontrolę Zdrowia",
-    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zasobu, aby zapewnić jego dostępność",
+    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zdrowia dla {target}",
    "enableHealthChecks": "Włącz Kontrole Zdrowia",
    "healthCheckDisabledStateDescription": "Gdy wyłączone, strona nie będzie wykonywać kontroli zdrowia, a stan zostanie uznany za nieznany.",
    "enableHealthChecksDescription": "Monitoruj zdrowie tego celu. Możesz monitorować inny punkt końcowy niż docelowy w razie potrzeby.",
    "healthScheme": "Metoda",
    "healthSelectScheme": "Wybierz metodę",
-    "healthCheckPortInvalid": "Port musi być pomiędzy 1 a 65535",
+    "healthCheckPortInvalid": "Port oceny stanu musi znajdować się między 1 a 65535",
    "healthCheckPath": "Ścieżka",
    "healthHostname": "IP / Nazwa hosta",
    "healthPort": "Port",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Wymagaj zatwierdzenia urządzenia",
    "requireDeviceApprovalDescription": "Użytkownicy o tej roli potrzebują nowych urządzeń zatwierdzonych przez administratora, zanim będą mogli połączyć się i uzyskać dostęp do zasobów.",
    "sshSettings": "Ustawienia SSH",
    "sshAccess": "Dostęp SSH",
    "rdpSettings": "Ustawienia RDP",
    "vncSettings": "Ustawienia VNC",
    "sshServer": "Serwer SSH",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Upewnij się, że Twoja maszyna docelowa jest poprawnie skonfigurowana do uruchamiania demona uwierzytelniania zanim ukończysz tę konfigurację, w przeciwnym razie provisioning zakończy się niepowodzeniem.",
    "sshDaemonPort": "Port Demona",
    "sshServerDestination": "Miejsce docelowe serwera",
-    "sshServerDestinationDescription": "Skonfiguruj miejsce docelowe serwera SSH",
+    "sshServerDestinationDescription": "Skonfiguruj miejsce docelowe i port serwera SSH",
    "destination": "Miejsce docelowe",
    "destinationRequired": "Wymagane jest miejsce docelowe.",
    "domainRequired": "Wymagana jest domena.",
    "proxyPortRequired": "Wymagany jest port.",
    "invalidPathConfiguration": "Nieprawidłowa konfiguracja ścieżki.",
    "invalidRewritePathConfiguration": "Nieprawidłowa konfiguracja ścieżki modyfikacji.",
    "bgTargetMultiSiteDisclaimer": "Wybór wielu stron umożliwia odporność trasowania i zmienioność dla wysokiej dostępności.",
    "roleAllowSsh": "Zezwalaj na SSH",
    "roleAllowSshAllow": "Zezwól",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
    "sshSudo": "Zezwól na sudo",
    "sshSudoCommands": "Komendy Sudo",
-    "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchomić z sudo, oddzielone przecinkami, spacjami lub nowymi liniami. Absolutne ścieżki muszą być używane.",
+    "sshSudoCommandsDescription": "Lista rozdzielona przecinkami poleceń, które użytkownik może uruchomić z sudo. Należy używać ścieżek bezwzględnych.",
    "sshCreateHomeDir": "Utwórz katalog domowy",
    "sshUnixGroups": "Grupy Unix",
-    "sshUnixGroupsDescription": "Grupy Uniksowe, do których dodać użytkownika na docelowym hoście, oddzielone przecinkami, spacjami, lub nowymi liniami.",
+    "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
    "roleTextFieldPlaceholder": "Wprowadź wartości lub upuść plik .txt lub .csv",
    "roleTextImportTitle": "Importuj z pliku",
    "roleTextImportDescription": "Importowanie {fileName} do {fieldLabel}.",
    "roleTextImportSkipHeader": "Pomiń pierwszy wiersz (Nagłówek)",
    "roleTextImportOverride": "Zamień istniejące",
    "roleTextImportAppend": "Dołącz do istniejącego",
    "roleTextImportMode": "Tryb importu",
    "roleTextImportPreview": "Podgląd",
    "roleTextImportItemCount": "{count, plural, =0 {Brak elementów do zaimportowania} one {1 element do zaimportowania} few {# elementy do zaimportowania} many {# elementów do zaimportowania} other {# elementów do zaimportowania}}",
    "roleTextImportTotalCount": "{existing} istniejące + {imported} zaimportowane = {total} łącznie",
    "roleTextImportConfirm": "Importuj",
    "roleTextImportInvalidFile": "Nieobsługiwany typ pliku",
    "roleTextImportInvalidFileDescription": "Obsługiwane są tylko pliki .txt i .csv.",
    "roleTextImportEmpty": "Nie znaleziono elementów w pliku",
    "roleTextImportEmptyDescription": "Plik nie zawiera żadnych elementów możliwych do zaimportowania.",
    "retryAttempts": "Próby Ponowienia",
    "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
    "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Włącz protokół proxy",
    "proxyProtocolInfo": "Zachowaj adresy IP klienta dla backendów TCP",
    "proxyProtocolVersion": "Wersja protokołu proxy",
-    "version1": "Wersja 1 (Zalecane)",
+    "version1": " Wersja 1 (zalecane)",
    "version2": "Wersja 2",
-    "version1Description": "Oparta na tekście i szeroko wspierana. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
+    "versionDescription": "Wersja 1 jest oparta na tekście i szeroko wspierana. Wersja 2 jest binarna i bardziej efektywna, ale mniej kompatybilna.",
    "version2Description": "Binarna i bardziej efektywna, ale mniej kompatybilna. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
    "warning": "Ostrzeżenie",
    "proxyProtocolWarning": "Aplikacja backend musi być skonfigurowana do akceptowania połączeń protokołu proxy. Jeśli Twój backend nie obsługuje protokołu Proxy, włączenie tego spowoduje przerwanie wszystkich połączeń, więc włącz to tylko jeśli wiesz, co robisz. Upewnij się, że konfiguracja twojego backendu do zaufanych nagłówków protokołu proxy z Traefik.",
    "restarting": "Restartowanie...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Wprowadź potwierdzenie",
    "blueprintViewDetails": "Szczegóły",
    "defaultIdentityProvider": "Domyślny dostawca tożsamości",
-    "defaultIdentityProviderDescription": "Użytkownik zostanie automatycznie przekierowany do tego dostawcy tożsamości w celu uwierzytelnienia.",
+    "defaultIdentityProviderDescription": "Gdy zostanie wybrany domyślny dostawca tożsamości, użytkownik zostanie automatycznie przekierowany do dostawcy w celu uwierzytelnienia.",
    "editInternalResourceDialogNetworkSettings": "Ustawienia sieci",
    "editInternalResourceDialogAccessPolicy": "Polityka dostępowa",
    "editInternalResourceDialogAddRoles": "Dodaj role",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Typ trybu konserwacji",
    "showMaintenancePage": "Pokaż odwiedzającym stronę konserwacji",
    "enableMaintenanceMode": "Włącz tryb konserwacji",
    "enableMaintenanceModeDescription": "Gdy włączone, odwiedzający zobaczą stronę konserwacyjną zamiast Twojego zasobu.",
    "automatic": "Automatycznie",
    "automaticModeDescription": "Pokaż stronę konserwacyjną tylko wtedy, gdy wszystkie cele zaplecza są wyłączone lub niezdrowe. Twój zasób działa nadal normalnie, o ile przynajmniej jeden cel jest zdrowy.",
    "forced": "Wymuszone",
@@ -3182,8 +3082,6 @@
    "warning:": "Ostrzeżenie:",
    "forcedeModeWarning": "Cały ruch zostanie skierowany na stronę konserwacyjną. Twoje zasoby zaplecza nie otrzymają żadnych żądań.",
    "pageTitle": "Tytuł strony",
    "maintenancePageContentSubsection": "Zawartość strony",
    "maintenancePageContentSubsectionDescription": "Dostosuj treść wyświetlaną na stronie konserwacyjnej",
    "pageTitleDescription": "Główny nagłówek wyświetlany na stronie konserwacyjnej",
    "maintenancePageMessage": "Komunikat konserwacyjny",
    "maintenancePageMessagePlaceholder": "Wrócimy wkrótce! Nasza strona przechodzi obecnie zaplanowaną konserwację.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Czy na pewno chcesz odłączyć tego dostawcę tożsamości od tej organizacji?",
    "idpUnassociateDescription": "Wszystkie użytkownicy powiązani z tym dostawcą tożsamości zostaną usunięci z tej organizacji, ale dostawca tożsamości będzie nadal istniał dla innych powiązanych organizacji.",
    "idpUnassociateConfirm": "Potwierdź odłączenie dostawcy tożsamości",
    "idpConfirmDeleteAndRemoveMeFromOrg": "USUŃ I USUŃ MNIE Z ORGANIZACJI",
    "idpUnassociateAndRemoveMeFromOrg": "ODSTAW I USUŃ MNIE Z ORGANIZACJI",
    "idpUnassociateWarning": "Tego nie można cofnąć dla tej organizacji.",
    "idpUnassociatedDescription": "Dostawca tożsamości pomyślnie odłączony od tej organizacji",
    "idpUnassociateMenu": "Odłącz",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Łączenie…",
    "sshInitializing": "Inicjalizacja…",
    "sshSignInTitle": "Zaloguj się do SSH",
-    "sshSignInDescription": "Wprowadź poświadczenia SSH, aby się połączyć",
+    "sshSignInDescription": "Wprowadź swoje poświadczenia SSH",
    "sshPasswordTab": "Hasło",
    "sshPrivateKeyTab": "Klucz prywatny",
    "sshPrivateKeyField": "Klucz prywatny",
    "sshPrivateKeyDisclaimer": "Twój klucz prywatny nie jest przechowywany ani widoczny dla Pangolin. Alternatywnie, możesz używać certyfikatów krótkoterminowych do bezproblemowego uwierzytelniania za pomocą Twojej istniejącej tożsamości Pangolin.",
    "sshLearnMore": "Dowiedz się więcej",
    "sshPrivateKeyFile": "Plik klucza prywatnego",
-    "sshAuthenticate": "Połącz",
+    "sshAuthenticate": "Uwierzytelnij",
    "sshTerminate": "Zakończ",
    "sshPoweredBy": "Obsługiwane przez",
    "sshErrorNoTarget": "Nie określono celu",
    "sshErrorWebSocket": "Połączenie WebSocket nie powiodło się",
    "sshErrorAuthFailed": "Uwierzytelnianie nie powiodło się",
-    "sshErrorConnectionClosed": "Połączenie zamknięte przed ukończeniem uwierzytelniania",
+    "sshErrorConnectionClosed": "Połączenie zamknięte przed ukończeniem uwierzytelniania"
    "sitePangolinSshDescription": "Pozwól na dostęp SSH do zasobów na tej stronie. Można to zmienić później.",
    "browserGatewayNoResourceForDomain": "Nie znaleziono zasobu dla tej domeny",
    "browserGatewayNoTarget": "Brak celu",
    "browserGatewayConnect": "Połącz",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Nie udało się podpisać klucza SSH dla uwierzytelniania PAM. Czy zalogowałeś się jako użytkownik?",
    "sshTerminalError": "Błąd: {error}",
    "sshConnectionClosedCode": "Połączenie zamknięte (kod {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "Wymagany jest klucz prywatny",
    "vncTitle": "VNC",
    "vncSignInDescription": "Wprowadź hasło VNC, aby się połączyć",
    "vncPasswordOptional": "Hasło (opcjonalne)",
    "vncNoResourceTarget": "Brak dostępnego celu zasobu",
    "vncFailedToLoadNovnc": "Błąd ładowania noVNC",
    "vncAuthFailedStatus": "Status {status}",
    "vncPasteClipboard": "Wklej schowek",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Zaloguj się na Pulpit Zdalny",
    "rdpSignInDescription": "Wprowadź poświadczenia Windows, aby się połączyć",
    "rdpLoadingModule": "Ładowanie modułu...",
    "rdpFailedToLoadModule": "Nie udało się załadować modułu RDP",
    "rdpNotReady": "Nie gotowy",
    "rdpModuleInitializing": "Moduł RDP jest nadal inicjalizowany",
    "rdpDownloadingFiles": "Pobieranie {count} pliku(ów) zdalnego…",
    "rdpDownloadFailed": "Nie udało się pobrać: {fileName}",
    "rdpUploaded": "Przesłano: {fileName}",
    "rdpNoConnectionTarget": "Brak dostępnego celu połączenia",
    "rdpConnectionFailed": "Połączenie niepowiodło się",
    "rdpFit": "Dopasuj",
    "rdpFull": "Pełny",
    "rdpReal": "Rzeczywisty",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Prześlij pliki",
    "rdpFilesReadyToPaste": "Pliki gotowe do wklejenia",
    "rdpFilesReadyToPasteDescription": "Skopiowano {count} plik(-ów/-i) do zdalnego schowka — naciśnij Ctrl+V na zdalnym pulpicie, aby wkleić.",
    "rdpUploadFailed": "Niepowodzenie przesyłania",
    "rdpUnicodeKeyboardMode": "Tryb klawiatury Unicode",
    "sessionToolbarShow": "Pokaż pasek narzędzi",
    "sessionToolbarHide": "Ukryj pasek narzędzi"
 }
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Visualizar Recursos Privados",
    "siteInstallNewt": "Instalar Novo",
    "siteInstallNewtDescription": "Novo item em execução no seu sistema",
    "siteInstallKubernetesDocsDescription": "Para mais informações atualizadas sobre a instalação do Kubernetes, veja <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Para instruções de instalação do modem da Advantech, veja <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuração do WireGuard",
    "WgConfigurationDescription": "Use a seguinte configuração para conectar-se à rede",
    "operatingSystem": "Sistema operacional",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Você só será capaz de ver esta vez. Certifique-se de copiá-lo para um lugar seguro.",
    "siteInfo": "Informações do Site",
    "status": "SItuação",
-    "shareTitle": "Gerenciar Links Compartilháveis",
+    "shareTitle": "Gerir links partilhados",
    "shareDescription": "Criar links compartilháveis para conceder acesso temporário ou permanente aos recursos do proxy",
-    "shareSearch": "Pesquisar links compartilháveis...",
+    "shareSearch": "Pesquisar links de compartilhamento...",
-    "shareCreate": "Criar Link Compartilhável",
+    "shareCreate": "Criar Link de Compartilhamento",
    "shareErrorDelete": "Falha ao apagar o link",
    "shareErrorDeleteMessage": "Ocorreu um erro ao apagar o link",
    "shareDeleted": "Link excluído",
    "shareDeletedDescription": "O link foi eliminado",
-    "shareDelete": "Excluir Link Compartilhável",
+    "shareDelete": "Excluir Link de Compartilhamento",
-    "shareDeleteConfirm": "Confirmar exclusão do Link Compartilhável",
+    "shareDeleteConfirm": "Confirmar Exclusão de Link de Compartilhamento",
    "shareQuestionRemove": "Tem certeza de que deseja excluir este link de compartilhamento?",
    "shareMessageRemove": "Uma vez excluído, o link não funcionará mais e qualquer pessoa que o utilizar perderá o acesso ao recurso.",
    "shareTokenDescription": "O token de acesso pode ser passado de duas maneiras: como um parâmetro de consulta ou nos cabeçalhos da solicitação. Estes devem ser passados do cliente em todas as solicitações para acesso autenticado.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Qualquer um com este link pode aceder o recurso",
    "shareTitleOptional": "Título (opcional)",
    "sharePathOptional": "Caminho (opcional)",
    "sharePathDescription": "O link redirecionará os usuários para este caminho após a autenticação.",
    "expireIn": "Expira em",
    "neverExpire": "Nunca expirar",
    "shareExpireDescription": "Tempo de expiração é quanto tempo o link será utilizável e oferecerá acesso ao recurso. Após este tempo, o link não funcionará mais, e os utilizadores que usaram este link perderão acesso ao recurso.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Por favor, selecione um recurso",
    "proxyResourceTitle": "Gerenciar Recursos Públicos",
    "proxyResourceDescription": "Criar e gerenciar recursos que são acessíveis publicamente por meio de um navegador da web",
-    "publicResourcesBannerTitle": "Acesso Público Baseado em Web",
+    "publicResourcesBannerTitle": "Acesso Público via Web",
-    "publicResourcesBannerDescription": "Os recursos públicos são proxies HTTPS acessíveis a qualquer pessoa na internet através de um navegador web. Ao contrário dos recursos privados, eles não exigem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
+    "publicResourcesBannerDescription": "Os recursos públicos são proxies HTTPS ou TCP/UDP acessíveis a qualquer pessoa na internet por meio de um navegador web. Ao contrário dos recursos privados, eles não requerem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
    "clientResourceTitle": "Gerenciar recursos privados",
    "clientResourceDescription": "Criar e gerenciar recursos que só são acessíveis por meio de um cliente conectado",
    "privateResourcesBannerTitle": "Acesso Privado com Confiança Zero",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Procurar recursos...",
    "resourceAdd": "Adicionar Recurso",
    "resourceErrorDelte": "Erro ao apagar recurso",
-    "resourcePoliciesBannerTitle": "Reutilizar Regras de Autenticação e Acesso",
+    "resourcePoliciesTitle": "Gerenciar Políticas de Recurso",
-    "resourcePoliciesBannerDescription": "Políticas de recursos compartilhados permitem que você defina métodos de autenticação e regras de acesso apenas uma vez, e então as associe a vários recursos públicos. Quando você atualiza uma política, cada recurso vinculado herda a alteração automaticamente.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos Anexados",
    "resourcePoliciesBannerButtonText": "Saiba mais",
    "resourcePoliciesTitle": "Gerenciar Políticas de Recursos Públicos",
    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
    "resourcePoliciesAttachedResources": "{count} recurso(s)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
    "resourcePoliciesAttachedResourcesEmpty": "sem recursos",
-    "resourcePoliciesDescription": "Crie e gerencie políticas de autenticação para controlar o acesso aos seus recursos públicos",
+    "resourcePoliciesDescription": "Crie e gerencie políticas de autenticação para controlar o acesso aos seus recursos",
    "resourcePoliciesSearch": "Pesquisar políticas...",
    "resourcePoliciesAdd": "Adicionar Política",
    "resourcePoliciesDefaultBadgeText": "Política Padrão",
-    "resourcePoliciesCreate": "Criar Política de Recurso Público",
+    "resourcePoliciesCreate": "Criar Política de Recurso",
    "resourcePoliciesCreateDescription": "Siga os passos abaixo para criar uma nova política",
    "resourcePolicyName": "Nome da Política",
    "resourcePolicyNameDescription": "Dê um nome a esta política para identificá-la em seus recursos",
@@ -281,7 +274,7 @@
    "back": "Anterior",
    "cancel": "cancelar",
    "resourceConfig": "Snippets de Configuração",
-    "resourceConfigDescription": "Copie e cole estes trechos de configuração para configurar o recurso TCP/UDP.",
+    "resourceConfigDescription": "Copie e cole estes snippets de configuração para configurar o recurso TCP/UDP",
    "resourceAddEntrypoints": "Traefik: Adicionar pontos de entrada",
    "resourceExposePorts": "Gerbil: Expor Portas no Docker Compose",
    "resourceLearnRaw": "Aprenda como configurar os recursos TCP/UDP",
@@ -294,8 +287,6 @@
    "labelDelete": "Excluir Etiqueta",
    "labelAdd": "Adicionar Etiqueta",
    "labelCreateSuccessMessage": "Etiqueta Criada com Sucesso",
    "labelDuplicateError": "Etiqueta Duplicada",
    "labelDuplicateErrorDescription": "Já existe uma etiqueta com este nome.",
    "labelEditSuccessMessage": "Etiqueta Modificada com Sucesso",
    "labelNameField": "Nome da Etiqueta",
    "labelColorField": "Cor da Etiqueta",
@@ -320,7 +311,7 @@
    "rules": "Regras",
    "resourceSettingDescription": "Configure as configurações do recurso",
    "resourceSetting": "Configurações do {resourceName}",
-    "resourcePolicySettingDescription": "Configure as configurações nesta política de recurso público",
+    "resourcePolicySettingDescription": "Configure as configurações na política de recurso",
    "resourcePolicySetting": "Configurações de {policyName}",
    "alwaysAllow": "Autenticação de bypass",
    "alwaysDeny": "Bloquear Acesso",
@@ -728,7 +719,7 @@
    "targetSubmit": "Adicionar Alvo",
    "targetNoOne": "Este recurso não tem nenhum alvo. Adicione um alvo para configurar para onde enviar solicitações para o backend.",
    "targetNoOneDescription": "Adicionar mais de um alvo acima habilitará o balanceamento de carga.",
-    "targetsSubmit": "Salvar Configurações",
+    "targetsSubmit": "Guardar Alvos",
    "addTarget": "Adicionar Alvo",
    "proxyMultiSiteRoundRobinNodeHelp": "O roteamento round robin não funcionará entre sites que não estão conectados ao mesmo nó, mas o failover funcionará.",
    "targetErrorInvalidIp": "Endereço IP inválido",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Regra duplicada",
    "rulesErrorDuplicateDescription": "Uma regra com estas configurações já existe",
    "rulesErrorInvalidIpAddressRange": "CIDR inválido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Digite um intervalo CIDR válido (ex.: 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Por favor, insira um valor CIDR válido",
-    "rulesErrorInvalidUrl": "Caminho inválido",
+    "rulesErrorInvalidUrl": "Caminho URL inválido",
-    "rulesErrorInvalidUrlDescription": "Insira um caminho URL válido ou padrão (ex.: /api/*).",
+    "rulesErrorInvalidUrlDescription": "Por favor, insira um valor de caminho URL válido",
-    "rulesErrorInvalidIpAddress": "Endereço IP inválido",
+    "rulesErrorInvalidIpAddress": "IP inválido",
-    "rulesErrorInvalidIpAddressDescription": "Insira um endereço IPv4 ou IPv6 válido.",
+    "rulesErrorInvalidIpAddressDescription": "Por favor, insira um endereço IP válido",
    "rulesErrorUpdate": "Falha ao atualizar regras",
    "rulesErrorUpdateDescription": "Ocorreu um erro ao atualizar regras",
    "rulesUpdated": "Ativar Regras",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "Insira um endereço no formato CIDR (ex: 103.21.244.0/22)",
    "rulesMatchIpAddress": "Insira um endereço IP (ex: 103.21.244.12)",
    "rulesMatchUrl": "Insira um caminho URL ou padrão (ex: /api/v1/todos ou /api/v1/*)",
-    "rulesErrorInvalidPriority": "Prioridade inválida",
+    "rulesErrorInvalidPriority": "Prioridade Inválida",
-    "rulesErrorInvalidPriorityDescription": "Digite um número inteiro de 1 ou mais.",
+    "rulesErrorInvalidPriorityDescription": "Por favor, insira uma prioridade válida",
-    "rulesErrorDuplicatePriority": "Prioridades duplicadas",
+    "rulesErrorDuplicatePriority": "Prioridades Duplicadas",
-    "rulesErrorDuplicatePriorityDescription": "Cada regra deve ter um número de prioridade único.",
+    "rulesErrorDuplicatePriorityDescription": "Por favor, insira prioridades únicas",
    "rulesErrorValidation": "Regras inválidas",
    "rulesErrorValidationRuleDescription": "Regra {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Selecione um tipo de correspondência válido (caminho, IP, CIDR, país, região ou ASN).",
    "rulesErrorValueRequired": "Digite um valor para esta regra.",
    "rulesErrorInvalidCountry": "País inválido",
    "rulesErrorInvalidCountryDescription": "Selecione um país válido.",
    "rulesErrorInvalidAsn": "ASN inválido",
    "rulesErrorInvalidAsnDescription": "Insira um ASN válido (ex.: AS15169).",
    "ruleUpdated": "Regras atualizadas",
    "ruleUpdatedDescription": "Regras atualizadas com sucesso",
    "ruleErrorUpdate": "Operação falhou",
    "ruleErrorUpdateDescription": "Ocorreu um erro durante a operação de salvamento",
    "rulesPriority": "Prioridade",
    "rulesReorderDragHandle": "Arraste para reordenar a prioridade da regra",
    "rulesAction": "Ação",
    "rulesMatchType": "Tipo de Correspondência",
    "value": "Valor",
@@ -810,7 +792,7 @@
    "rulesResource": "Configuração de Regras do Recurso",
    "rulesResourceDescription": "Configurar regras para controlar o acesso ao recurso",
    "ruleSubmit": "Adicionar Regra",
-    "rulesNoOne": "Ainda não há regras.",
+    "rulesNoOne": "Sem regras. Adicione uma regra usando o formulário.",
    "rulesOrder": "As regras são avaliadas por prioridade em ordem ascendente.",
    "rulesSubmit": "Guardar Regras",
    "policyErrorCreate": "Erro ao criar política",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Ocorreu um erro inesperado",
    "policyCreatedSuccess": "Política de recurso criada com sucesso",
    "policyUpdatedSuccess": "Política de recurso atualizada com sucesso",
-    "authMethodsSave": "Salvar Configurações",
+    "authMethodsSave": "Salvar métodos de autenticação",
    "policyAuthStackTitle": "Autenticação",
    "policyAuthStackDescription": "Controle quais métodos de autenticação são necessários para acessar este recurso",
    "policyAuthOrLogicTitle": "Vários métodos de autenticação ativos",
    "policyAuthOrLogicBanner": "Os visitantes podem autenticar-se usando qualquer um dos métodos ativos abaixo. Eles não precisam completar todos eles.",
    "policyAuthMethodActive": "Ativo",
    "policyAuthMethodOff": "Desligado",
    "policyAuthSsoTitle": "SSO da Plataforma",
    "policyAuthSsoDescription": "Exigir login pelo provedor de identidade da sua organização",
    "policyAuthSsoSummary": "{idp} · {users} usuários, {roles} funções",
    "policyAuthSsoDefaultIdp": "Provedor padrão",
    "policyAuthAddDefaultIdentityProvider": "Adicionar Provedor de Identidade Padrão",
    "policyAuthOtherMethodsTitle": "Outros Métodos",
    "policyAuthOtherMethodsDescription": "Métodos opcionais que os visitantes podem usar em vez da SSO da plataforma ou junto com ela",
    "policyAuthPasscodeTitle": "Código de Acesso",
    "policyAuthPasscodeDescription": "Requer um código de acesso alfanumérico compartilhado para acessar o recurso",
    "policyAuthPasscodeSummary": "Código de acesso definido",
    "policyAuthPincodeTitle": "Código PIN",
    "policyAuthPincodeDescription": "Um código numérico curto necessário para acessar o recurso",
    "policyAuthPincodeSummary": "Código PIN de 6 dígitos definido",
    "policyAuthEmailTitle": "Lista de E-mails Permitidos",
    "policyAuthEmailDescription": "Permitir endereços de e-mail listados com senhas temporárias",
    "policyAuthEmailSummary": "{count} endereços permitidos",
    "policyAuthEmailOtpCallout": "Ativar a lista de e-mails permitidos envia uma senha temporária para o e-mail do visitante no login.",
    "policyAuthHeaderAuthTitle": "Autenticação de Cabeçalho Básico",
    "policyAuthHeaderAuthDescription": "Valide um nome e valor de cabeçalho HTTP personalizado em cada solicitação",
    "policyAuthHeaderAuthSummary": "Cabeçalho configurado",
    "policyAuthHeaderName": "Nome do Cabeçalho",
    "policyAuthHeaderValue": "Valor esperado",
    "policyAuthSetPasscode": "Definir Código de Acesso",
    "policyAuthSetPincode": "Definir Código PIN",
    "policyAuthSetEmailWhitelist": "Definir Lista de E-mails Permitidos",
    "policyAuthSetHeaderAuth": "Definir Autenticação de Cabeçalho Básico",
    "policyAccessRulesTitle": "Regras de Acesso",
    "policyAccessRulesEnableDescription": "Quando ativadas, as regras são avaliadas em ordem decrescente até que uma delas seja verdadeira.",
    "policyAccessRulesFirstMatch": "As regras são avaliadas de cima para baixo. A primeira regra correspondente decide o resultado.",
    "policyAccessRulesHowItWorks": "As regras correspondem a solicitações por caminho, endereço IP, localização ou outros critérios. Cada regra aplica uma ação: ignorar autenticação, bloquear acesso ou passar para autenticação. Se nenhuma regra corresponder, o tráfego continua até a autenticação.",
    "policyAccessRulesFallthroughOff": "Quando as regras estão desativadas, todo o tráfego passa para a autenticação.",
    "policyAccessRulesFallthroughOn": "Quando nenhuma regra corresponde, o tráfego passa para a autenticação.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Guardar Regras",
    "resourceErrorCreate": "Erro ao criar recurso",
    "resourceErrorCreateDescription": "Ocorreu um erro ao criar o recurso",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Ocorreu um erro ao atualizar o recurso",
    "access": "Acesso",
    "accessControl": "Controle de Acesso",
-    "shareLink": "Link Compartilhável {resource}",
+    "shareLink": "Link de Compartilhamento {resource}",
    "resourceSelect": "Selecionar recurso",
-    "shareLinks": "Links Compartilháveis",
+    "shareLinks": "Links de Compartilhamento",
    "share": "Links Compartilháveis",
    "shareDescription2": "Crie links compartilháveis para recursos. Links fornecem acesso temporário ou ilimitado ao seu recurso. Você pode configurar a duração de expiração do link quando você criar um.",
    "shareEasyCreate": "Fácil de criar e compartilhar",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Administradores sempre podem aceder este recurso.",
    "resourcePolicySelectTitle": "Política de Acesso ao Recurso",
    "resourcePolicySelectDescription": "Selecione o tipo de política de recurso para autenticação",
    "resourcePolicyTypeLabel": "Tipo de política",
    "resourcePolicyLabel": "Política de recurso",
    "resourcePolicyInline": "Política de Recurso Inline",
    "resourcePolicyInlineDescription": "Política de Acesso abrange apenas este recurso",
    "resourcePolicyShared": "Política de Recurso Compartilhada",
-    "resourcePolicySharedDescription": "Este recurso usa uma política compartilhada.",
+    "resourcePolicySharedDescription": "Este recurso usa uma política compartilhada. As configurações a nível de política (métodos de autenticação, lista de emails permitidos) estão bloqueadas. Você pode adicionar regras, funções e usuários específicos ao recurso abaixo.",
    "sharedPolicy": "Política Compartilhada",
    "sharedPolicyNoneDescription": "Este recurso tem sua própria política.",
    "resourceSharedPolicyOwnDescription": "Este recurso possui seus próprios controles de autenticação e regras de acesso.",
    "resourceSharedPolicyInheritedDescription": "Este recurso herda de <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando uma política compartilhada. Algumas configurações de autenticação podem ser editadas neste recurso para adicionar à política. Para alterar a política subjacente, você deve editar para <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Este recurso está usando uma política compartilhada. Algumas regras de acesso podem ser editadas neste recurso. Para alterar a política subjacente, você deve editar <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controlos de Acesso",
    "resourceUsersRolesDescription": "Configure quais utilizadores e funções podem visitar este recurso",
    "resourceUsersRolesSubmit": "Guardar Controlos de Acesso",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Visibilidade",
    "resourceVisibilityTitleDescription": "Ativar ou desativar completamente a visibilidade do recurso",
    "resourceGeneral": "Configurações Gerais",
-    "resourceGeneralDescription": "Configure o nome, endereço e política de acesso para este recurso.",
+    "resourceGeneralDescription": "Configure as configurações gerais para este recurso",
    "resourceGeneralDetailsSubsection": "Detalhes do Recurso",
    "resourceGeneralDetailsSubsectionDescription": "Defina o nome de exibição, identificador e domínio publicamente acessível para este recurso.",
    "resourceGeneralDetailsSubsectionPortDescription": "Defina o nome de exibição, identificador e porta pública para este recurso.",
    "resourceGeneralPublicAddressSubsection": "Endereço Público",
    "resourceGeneralPublicAddressSubsectionDescription": "Configure como os usuários alcançarão este recurso.",
    "resourceGeneralAuthenticationAccessSubsection": "Autenticação & Acesso",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Escolha se este recurso usa sua própria política ou herda de uma política compartilhada.",
    "resourceEnable": "Ativar Recurso",
    "resourceTransfer": "Transferir Recurso",
    "resourceTransferDescription": "Transferir este recurso para um site diferente",
@@ -1294,14 +1220,11 @@
    "addLabels": "Adicionar etiquetas",
    "siteLabelsTab": "Etiquetas",
    "siteLabelsDescription": "Gerencie etiquetas associadas a este site.",
-    "labelsNotFound": "Nenhuma etiqueta encontrada.",
+    "labelsNotFound": "Etiquetas não encontradas",
    "labelsEmptyCreateHint": "Comece a digitar acima para criar uma etiqueta.",
    "labelSearch": "Pesquisar etiquetas",
    "labelSearchOrCreate": "Pesquisar ou criar uma etiqueta",
    "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
    "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
    "accessLabelFilterClear": "Limpar filtros de etiquetas",
    "accessFilterClear": "Limpar filtros",
    "selectColor": "Selecionar cor",
    "createNewLabel": "Criar nova etiqueta na organização \"{label}\"",
    "inviteInvalidDescription": "O link do convite é inválido.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Recursos",
    "sidebarProxyResources": "Público",
    "sidebarClientResources": "Privado",
-    "sidebarPolicies": "Políticas Compartilhadas",
+    "sidebarPolicies": "Políticas",
-    "sidebarResourcePolicies": "Recursos Públicos",
+    "sidebarResourcePolicies": "Recursos",
    "sidebarAccessControl": "Controle de Acesso",
    "sidebarLogsAndAnalytics": "Registros e Análises",
    "sidebarTeam": "Equipe",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Administrador",
    "sidebarInvitations": "Convites",
    "sidebarRoles": "Papéis",
-    "sidebarShareableLinks": "Links Compartilháveis",
+    "sidebarShareableLinks": "Links",
    "sidebarApiKeys": "Chaves API",
    "sidebarProvisioning": "Provisionamento",
    "sidebarSettings": "Configurações",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Recurso {id}",
    "blueprints": "Diagramas",
    "blueprintsLog": "Registo dos Blueprint",
-    "blueprintsDescription": "Visualizar aplicações de blueprint passadas e seus resultados ou aplicar um novo blueprint",
+    "blueprintsDescription": "Ver aplicações de blueprint passadas e seus resultados",
    "blueprintAdd": "Adicionar Diagrama",
    "blueprintGoBack": "Ver todos os Diagramas",
    "blueprintCreate": "Criar Diagrama",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Habilitar o Diagrama Docker",
    "enableDockerSocketDescription": "Ative a raspagem de etiquetas do Docker Socket para etiquetas de modelo. O caminho do Socket deve ser fornecido ao conector do site. Leia sobre como isso funciona na <docsLink>documentação</docsLink>.",
    "newtAutoUpdate": "Ativar Atualização Automática do Site",
-    "newtAutoUpdateDescription": "Quando ativada, os conectores do site baixarão automaticamente a versão mais recente e reiniciarão por conta própria. Isto pode ser sobrescrito com base em cada site.",
+    "newtAutoUpdateDescription": "Quando ativado, os conectores de site atualizarão automaticamente para a versão mais recente quando uma nova versão estiver disponível.",
    "siteAutoUpdate": "Atualização Automática do Site",
    "siteAutoUpdateLabel": "Ativar Atualização Automática",
-    "siteAutoUpdateDescription": "Quando ativado, o conector deste site baixará automaticamente a versão mais recente e reiniciará por si mesmo.",
+    "siteAutoUpdateDescription": "Controle se o conector deste site baixa automaticamente a versão mais recente.",
    "siteAutoUpdateOrgDefault": "Padrão da organização: {state}",
    "siteAutoUpdateOverriding": "Substituindo configuração da organização",
    "siteAutoUpdateResetToOrg": "Redefinir para Padrão da Organização",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Configuração da conta concluída! Bem-vindo ao Pangolin!",
    "documentation": "Documentação",
    "saveAllSettings": "Guardar Todas as Configurações",
-    "saveResourceTargets": "Salvar Configurações",
+    "saveResourceTargets": "Guardar Alvos",
-    "saveResourceHttp": "Salvar Configurações",
+    "saveResourceHttp": "Guardar Configurações de Proxy",
-    "saveProxyProtocol": "Salvar Configurações",
+    "saveProxyProtocol": "Salvar configurações do protocolo de proxy",
    "settingsUpdated": "Configurações atualizadas",
    "settingsUpdatedDescription": "Configurações atualizadas com sucesso",
    "settingsErrorUpdate": "Falha ao atualizar configurações",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Desconhecido",
    "healthCheck": "Verificação de Saúde",
    "configureHealthCheck": "Configurar Verificação de Saúde",
-    "configureHealthCheckDescription": "Configure a monitorização para o seu recurso para garantir que ele esteja sempre disponível",
+    "configureHealthCheckDescription": "Configure a monitorização de saúde para {target}",
    "enableHealthChecks": "Ativar Verificações de Saúde",
    "healthCheckDisabledStateDescription": "Quando desativado, o site não realizará verificações de saúde e o estado será considerado desconhecido.",
    "enableHealthChecksDescription": "Monitore a saúde deste alvo. Você pode monitorar um ponto de extremidade diferente do alvo, se necessário.",
    "healthScheme": "Método",
    "healthSelectScheme": "Selecione o Método",
-    "healthCheckPortInvalid": "A porta deve estar entre 1 e 65535",
+    "healthCheckPortInvalid": "A porta do exame de saúde deve estar entre 1 e 65535",
    "healthCheckPath": "Caminho",
    "healthHostname": "IP / Nome do Host",
    "healthPort": "Porta",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Exigir aprovação do dispositivo",
    "requireDeviceApprovalDescription": "Usuários com esta função precisam de novos dispositivos aprovados por um administrador antes que eles possam se conectar e acessar recursos.",
    "sshSettings": "Configurações SSH",
    "sshAccess": "Acesso SSH",
    "rdpSettings": "Configurações RDP",
    "vncSettings": "Configurações VNC",
    "sshServer": "Servidor SSH",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Certifique-se de que seu host de destino está devidamente configurado para executar o daemon de autenticação antes de concluir esta configuração, ou o provisionamento falhará.",
    "sshDaemonPort": "Porta do Daemon",
    "sshServerDestination": "Destino do Servidor",
-    "sshServerDestinationDescription": "Configure o destino do servidor SSH",
+    "sshServerDestinationDescription": "Configure o destino e a porta do servidor SSH",
    "destination": "Destino",
    "destinationRequired": "Destino é obrigatório.",
    "domainRequired": "Domínio é obrigatório.",
    "proxyPortRequired": "Porta é obrigatória.",
    "invalidPathConfiguration": "Configuração de caminho inválida.",
    "invalidRewritePathConfiguration": "Configuração de caminho de reescrita inválida.",
    "bgTargetMultiSiteDisclaimer": "Selecionar vários sites permite roteamento resiliente e failover para alta disponibilidade.",
    "roleAllowSsh": "Permitir SSH",
    "roleAllowSshAllow": "Autorizar",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista de comandos que o usuário está autorizado a executar com sudo, separados por vírgulas, espaços ou novas linhas. Devem ser usados caminhos absolutos.",
+    "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo. Caminhos absolutos devem ser usados.",
    "sshCreateHomeDir": "Criar Diretório Inicial",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino, separados por vírgulas, espaços ou novas linhas.",
+    "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.",
    "roleTextFieldPlaceholder": "Insira valores, ou solte um arquivo .txt ou .csv",
    "roleTextImportTitle": "Importar de Arquivo",
    "roleTextImportDescription": "Importando {fileName} para {fieldLabel}.",
    "roleTextImportSkipHeader": "Pular Primeira Linha (Cabeçalho)",
    "roleTextImportOverride": "Substituir Existente",
    "roleTextImportAppend": "Anexar ao Existente",
    "roleTextImportMode": "Modo de Importação",
    "roleTextImportPreview": "Visualizar",
    "roleTextImportItemCount": "{count, plural, =0 {Sem itens para importar} one {1 item para importar} other {# itens para importar}}",
    "roleTextImportTotalCount": "{existing} existente + {imported} importado = {total} total",
    "roleTextImportConfirm": "Importar",
    "roleTextImportInvalidFile": "Tipo de arquivo não suportado",
    "roleTextImportInvalidFileDescription": "Apenas arquivos .txt e .csv são suportados.",
    "roleTextImportEmpty": "Nenhum item encontrado no arquivo",
    "roleTextImportEmptyDescription": "O arquivo não contém quaisquer itens importáveis.",
    "retryAttempts": "Tentativas de Repetição",
    "expectedResponseCodes": "Códigos de Resposta Esperados",
    "expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Habilitar protocolo proxy",
    "proxyProtocolInfo": "Preservar endereços IP do cliente para backends TCP",
    "proxyProtocolVersion": "Versão do Protocolo Proxy",
-    "version1": "Versão 1 (Recomendado)",
+    "version1": " Versão 1 (recomendado)",
    "version2": "Versão 2",
-    "version1Description": "Baseado em texto e amplamente suportado. Certifique-se de que o transporte dos servidores seja adicionado à configuração dinâmica.",
+    "versionDescription": "A versão 1 é baseada em texto e amplamente suportada. A versão 2 é binária e mais eficiente, mas menos compatível.",
    "version2Description": "Binário e mais eficiente, mas menos compatível. Certifique-se de que o transporte do servidor seja adicionado à configuração dinâmica.",
    "warning": "ATENÇÃO",
    "proxyProtocolWarning": "A aplicação de backend deve ser configurada para aceitar conexões de protocolo proxy. Se o seu backend não suporta o Protocolo de Proxy, habilitando isto quebrará todas as conexões, então só habilite isso se você souber o que está fazendo. Certifique-se de configurar seu backend para confiar nos cabeçalhos do protocolo proxy no Traefik.",
    "restarting": "Reiniciando...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Inserir confirmação",
    "blueprintViewDetails": "Detalhes",
    "defaultIdentityProvider": "Provedor de Identidade Padrão",
-    "defaultIdentityProviderDescription": "O usuário será redirecionado automaticamente para este provedor de identidade para autenticação.",
+    "defaultIdentityProviderDescription": "Quando um provedor de identidade padrão for selecionado, o usuário será automaticamente redirecionado para o provedor de autenticação.",
    "editInternalResourceDialogNetworkSettings": "Configurações de Rede",
    "editInternalResourceDialogAccessPolicy": "Política de Acesso",
    "editInternalResourceDialogAddRoles": "Adicionar Funções",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Tipo de Modo de Manutenção",
    "showMaintenancePage": "Mostrar uma página de manutenção para os visitantes",
    "enableMaintenanceMode": "Ativar Modo de Manutenção",
    "enableMaintenanceModeDescription": "Quando ativado, os visitantes verãos uma página de manutenção em vez do seu recurso.",
    "automatic": "Automático",
    "automaticModeDescription": "Exibir página de manutenção apenas quando todos os destinos de back-end estiverem inativos ou não saudáveis. Seu recurso continua funcionando normalmente desde que pelo menos um destino esteja saudável.",
    "forced": "Forçado",
@@ -3182,8 +3082,6 @@
    "warning:": "Aviso:",
    "forcedeModeWarning": "Todo o tráfego será direcionado para a página de manutenção. Seus recursos de back-end não receberão nenhuma solicitação.",
    "pageTitle": "Título da Página",
    "maintenancePageContentSubsection": "Conteúdo da Página",
    "maintenancePageContentSubsectionDescription": "Personalize o conteúdo exibido na página de manutenção",
    "pageTitleDescription": "O título principal exibido na página de manutenção",
    "maintenancePageMessage": "Mensagem de Manutenção",
    "maintenancePageMessagePlaceholder": "Voltaremos em breve! Nosso site está passando por manutenção programada.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Tem certeza de que deseja desassociar este provedor de identidade desta organização?",
    "idpUnassociateDescription": "Todos os usuários associados a este provedor de identidade serão removidos desta organização, mas o provedor de identidade continuará a existir para outras organizações associadas.",
    "idpUnassociateConfirm": "Confirmar Desassociação do Provedor de Identidade",
    "idpConfirmDeleteAndRemoveMeFromOrg": "DELETAR E REMOVER-ME DA ORGANIZAÇÃO",
    "idpUnassociateAndRemoveMeFromOrg": "DESASSOCIAR E REMOVER-ME DA ORGANIZAÇÃO",
    "idpUnassociateWarning": "Isso não pode ser desfeito para esta organização.",
    "idpUnassociatedDescription": "Provedor de identidade desassociado desta organização com sucesso",
    "idpUnassociateMenu": "Desassociar",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "A conectar…",
    "sshInitializing": "A iniciar…",
    "sshSignInTitle": "Entrar no SSH",
-    "sshSignInDescription": "Digite suas credenciais SSH para conectar",
+    "sshSignInDescription": "Insira suas credenciais SSH",
    "sshPasswordTab": "Palavra-passe",
    "sshPrivateKeyTab": "Chave Privada",
    "sshPrivateKeyField": "Chave Privada",
    "sshPrivateKeyDisclaimer": "Sua chave privada não é armazenada ou visível para Pangolin. Alternativamente, você pode usar certificados de curta duração para autenticação perfeita usando sua identidade Pangolin existente.",
    "sshLearnMore": "Saiba mais",
    "sshPrivateKeyFile": "Arquivo de Chave Privada",
-    "sshAuthenticate": "Conectar",
+    "sshAuthenticate": "Autenticar",
    "sshTerminate": "Terminar",
    "sshPoweredBy": "Desenvolvido por",
    "sshErrorNoTarget": "Nenhum alvo especificado",
    "sshErrorWebSocket": "Falha na conexão WebSocket",
    "sshErrorAuthFailed": "Falha na autenticação",
-    "sshErrorConnectionClosed": "Conexão encerrada antes de concluir a autenticação",
+    "sshErrorConnectionClosed": "Conexão encerrada antes de concluir a autenticação"
    "sitePangolinSshDescription": "Permitir acesso SSH aos recursos deste site. Isso pode ser alterado mais tarde.",
    "browserGatewayNoResourceForDomain": "Nenhum recurso encontrado para este domínio",
    "browserGatewayNoTarget": "Sem alvo",
    "browserGatewayConnect": "Conectar",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Falha ao assinar a chave SSH para autenticação PAM push. Você se conectou como um usuário?",
    "sshTerminalError": "Erro: {error}",
    "sshConnectionClosedCode": "Conexão encerrada (código {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "Chave privada é necessária",
    "vncTitle": "VNC",
    "vncSignInDescription": "Digite sua senha VNC para conectar",
    "vncPasswordOptional": "Senha (opcional)",
    "vncNoResourceTarget": "Nenhum alvo de recurso disponível",
    "vncFailedToLoadNovnc": "Falha ao carregar noVNC",
    "vncAuthFailedStatus": "Status {status}",
    "vncPasteClipboard": "Colar conteúdo da área de transferência",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Conectar-se à Área de Trabalho Remota",
    "rdpSignInDescription": "Digite as credenciais do Windows para conectar",
    "rdpLoadingModule": "Carregando módulo...",
    "rdpFailedToLoadModule": "Falha ao carregar módulo RDP",
    "rdpNotReady": "Não está pronto",
    "rdpModuleInitializing": "Módulo RDP ainda está inicializando",
    "rdpDownloadingFiles": "Baixando {count} arquivo(s) do remoto…",
    "rdpDownloadFailed": "Falha ao baixar: {fileName}",
    "rdpUploaded": "Enviado: {fileName}",
    "rdpNoConnectionTarget": "Nenhum alvo de conexão disponível",
    "rdpConnectionFailed": "Conexão falhou",
    "rdpFit": "Ajustar",
    "rdpFull": "Completo",
    "rdpReal": "Real",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Upload de arquivos",
    "rdpFilesReadyToPaste": "Arquivos prontos para colar",
    "rdpFilesReadyToPasteDescription": "{count} arquivo(s) copiado(s) para a área de transferência remota — pressione Ctrl+V na área de trabalho remota para colar.",
    "rdpUploadFailed": "Falha no upload",
    "rdpUnicodeKeyboardMode": "Modo de teclado Unicode",
    "sessionToolbarShow": "Mostrar barra de ferramentas",
    "sessionToolbarHide": "Ocultar barra de ferramentas"
 }
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Просмотр частных ресурсов",
    "siteInstallNewt": "Установить Newt",
    "siteInstallNewtDescription": "Запустите Newt в вашей системе",
    "siteInstallKubernetesDocsDescription": "Для получения дополнительной информации об установке Kubernetes, см. <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
    "siteInstallAdvantechDocsDescription": "Для инструкций по установке модема Advantech, см. <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Конфигурация WireGuard",
    "WgConfigurationDescription": "Используйте следующую конфигурацию для подключения к сети",
    "operatingSystem": "Операционная система",
@@ -159,7 +157,7 @@
    "shareDeleted": "Ссылка удалена",
    "shareDeletedDescription": "Ссылка была успешно удалена",
    "shareDelete": "Удалить общую ссылку",
-    "shareDeleteConfirm": "Подтвердить удаление общей ссылки",
+    "shareDeleteConfirm": "Подтвердите удаление общей ссылки",
    "shareQuestionRemove": "Вы уверены, что хотите удалить эту общую ссылку?",
    "shareMessageRemove": "После удаления ссылка перестанет работать, и все, кто ее использует, потеряют доступ к ресурсу.",
    "shareTokenDescription": "Токен доступа может быть передан двумя способами: как параметр запроса или в заголовках запроса. Они должны быть переданы от клиента по каждому запросу для аутентифицированного доступа.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Любой, у кого есть эта ссылка, может получить доступ к ресурсу",
    "shareTitleOptional": "Заголовок (необязательно)",
    "sharePathOptional": "Путь (необязательно)",
    "sharePathDescription": "Ссылка перенаправит пользователей на этот путь после аутентификации.",
    "expireIn": "Срок действия",
    "neverExpire": "Бессрочный доступ",
    "shareExpireDescription": "Срок действия - это период, в течение которого ссылка будет работать и предоставлять доступ к ресурсу. После этого времени ссылка перестанет работать, и пользователи, использовавшие эту ссылку, потеряют доступ к ресурсу.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Пожалуйста, выберите ресурс",
    "proxyResourceTitle": "Управление публичными ресурсами",
    "proxyResourceDescription": "Создание и управление ресурсами, которые доступны через веб-браузер",
-    "publicResourcesBannerTitle": "Веб-доступ к публичным ресурсам",
+    "publicResourcesBannerTitle": "Общедоступный доступ через веб",
-    "publicResourcesBannerDescription": "Публичные ресурсы — это HTTPS-прокси, доступные для любого пользователя Интернета через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать в себя политики доступа, учитывающие идентичность и контекст.",
+    "publicResourcesBannerDescription": "Общедоступные ресурсы - это прокси-по HTTPS или TCP/UDP, доступные любому пользователю в Интернете через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать политики доступа на основе идентификации и контекста.",
    "clientResourceTitle": "Управление приватными ресурсами",
    "clientResourceDescription": "Создание и управление ресурсами, которые доступны только через подключенный клиент",
    "privateResourcesBannerTitle": "Частный доступ с нулевым доверием",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Поиск ресурсов...",
    "resourceAdd": "Добавить ресурс",
    "resourceErrorDelte": "Ошибка при удалении ресурса",
-    "resourcePoliciesBannerTitle": "Повторное использование правил аутентификации и доступа",
+    "resourcePoliciesTitle": "Управление политиками ресурсов",
-    "resourcePoliciesBannerDescription": "Политики общих ресурсов позволяют один раз определить методы аутентификации и правила доступа, а затем прикреплять их к нескольким публичным ресурсам. Когда вы обновляете политику, каждое связанное с ней наследует изменение автоматически.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Прикрепленные ресурсы",
    "resourcePoliciesBannerButtonText": "Узнать больше",
    "resourcePoliciesTitle": "Управление политиками публичных ресурсов",
    "resourcePoliciesAttachedResourcesColumnTitle": "Ресурсы",
    "resourcePoliciesAttachedResources": "{count} ресурс(ов)",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} few {# ресурса} many {# ресурсов} other {# ресурсов}}",
    "resourcePoliciesAttachedResourcesEmpty": "нет ресурсов",
-    "resourcePoliciesDescription": "Создание и управление политиками аутентификации для контроля доступа к вашим публичным ресурсам",
+    "resourcePoliciesDescription": "Создавайте и управляйте политиками аутентификации для контроля доступа к вашим ресурсам",
    "resourcePoliciesSearch": "Поиск политик...",
    "resourcePoliciesAdd": "Добавить политику",
    "resourcePoliciesDefaultBadgeText": "Политика по умолчанию",
-    "resourcePoliciesCreate": "Создать политику публичного ресурса",
+    "resourcePoliciesCreate": "Создать политику ресурса",
    "resourcePoliciesCreateDescription": "Следуйте шагам ниже, чтобы создать новую политику",
    "resourcePolicyName": "Имя политики",
    "resourcePolicyNameDescription": "Дайте этой политике имя для идентификации ее в ваших ресурсах",
@@ -281,7 +274,7 @@
    "back": "Назад",
    "cancel": "Отмена",
    "resourceConfig": "Фрагменты конфигурации",
-    "resourceConfigDescription": "Скопируйте и вставьте эти фрагменты конфигурации для настройки ресурса TCP/UDP.",
+    "resourceConfigDescription": "Скопируйте и вставьте эти сниппеты для настройки TCP/UDP ресурса",
    "resourceAddEntrypoints": "Traefik: Добавить точки входа",
    "resourceExposePorts": "Gerbil: Открыть порты в Docker Compose",
    "resourceLearnRaw": "Узнайте, как настроить TCP/UDP-ресурсы",
@@ -294,8 +287,6 @@
    "labelDelete": "Удалить метку",
    "labelAdd": "Добавить метку",
    "labelCreateSuccessMessage": "Метка успешно создана",
    "labelDuplicateError": "Повторяющаяся метка",
    "labelDuplicateErrorDescription": "Метка с таким именем уже существует.",
    "labelEditSuccessMessage": "Метка успешно изменена",
    "labelNameField": "Название метки",
    "labelColorField": "Цвет метки",
@@ -320,7 +311,7 @@
    "rules": "Правила",
    "resourceSettingDescription": "Настройка параметров ресурса",
    "resourceSetting": "Настройки {resourceName}",
-    "resourcePolicySettingDescription": "Настройте параметры этой политики публичного ресурса",
+    "resourcePolicySettingDescription": "Настройка параметров политики ресурса",
    "resourcePolicySetting": "Настройки {policyName}",
    "alwaysAllow": "Авторизация байпасса",
    "alwaysDeny": "Блокировать доступ",
@@ -728,7 +719,7 @@
    "targetSubmit": "Добавить цель",
    "targetNoOne": "Этот ресурс не имеет никаких целей. Добавьте цель для настройки, где отправлять запросы в бэкэнд.",
    "targetNoOneDescription": "Добавление более одной цели выше включит балансировку нагрузки.",
-    "targetsSubmit": "Сохранить настройки",
+    "targetsSubmit": "Сохранить цели",
    "addTarget": "Добавить цель",
    "proxyMultiSiteRoundRobinNodeHelp": "Роутинг с балансировкой нагрузки не будет работать между сайтами, не подключенными к одному и тому же узлу, но подмена будет работать.",
    "targetErrorInvalidIp": "Неверный IP-адрес",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Дублирующее правило",
    "rulesErrorDuplicateDescription": "Правило с такими настройками уже существует",
    "rulesErrorInvalidIpAddressRange": "Неверный CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Введите действительный диапазон CIDR (например, 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Пожалуйста, введите корректное значение CIDR",
-    "rulesErrorInvalidUrl": "Неверный путь",
+    "rulesErrorInvalidUrl": "Неверный URL путь",
-    "rulesErrorInvalidUrlDescription": "Введите действительный URL-путь или шаблон (например, /api/*).",
+    "rulesErrorInvalidUrlDescription": "Пожалуйста, введите корректное значение URL пути",
-    "rulesErrorInvalidIpAddress": "Недействительный IP адрес",
+    "rulesErrorInvalidIpAddress": "Неверный IP",
-    "rulesErrorInvalidIpAddressDescription": "Введите действительный адрес IPv4 или IPv6.",
+    "rulesErrorInvalidIpAddressDescription": "Пожалуйста, введите корректный IP адрес",
    "rulesErrorUpdate": "Не удалось обновить правила",
    "rulesErrorUpdateDescription": "Произошла ошибка при обновлении правил",
    "rulesUpdated": "Включить правила",
@@ -775,23 +766,14 @@
    "rulesMatchIpAddress": "Введите IP адрес (например, 103.21.244.12)",
    "rulesMatchUrl": "Введите URL путь или шаблон (например, /api/v1/todos или /api/v1/*)",
    "rulesErrorInvalidPriority": "Неверный приоритет",
-    "rulesErrorInvalidPriorityDescription": "Введите целое число 1 или больше.",
+    "rulesErrorInvalidPriorityDescription": "Пожалуйста, введите корректный приоритет",
-    "rulesErrorDuplicatePriority": "Повторяющиеся приоритеты",
+    "rulesErrorDuplicatePriority": "Дублирующие приоритеты",
-    "rulesErrorDuplicatePriorityDescription": "Каждое правило должно иметь уникальный номер приоритета.",
+    "rulesErrorDuplicatePriorityDescription": "Пожалуйста, введите уникальные приоритеты",
    "rulesErrorValidation": "Неверные правила",
    "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Выберите действительный тип совпадения (путь, IP, CIDR, страна, регион или ASN).",
    "rulesErrorValueRequired": "Введите значение для этого правила.",
    "rulesErrorInvalidCountry": "Недействительная страна",
    "rulesErrorInvalidCountryDescription": "Выберите правильную страну.",
    "rulesErrorInvalidAsn": "Недействительный ASN",
    "rulesErrorInvalidAsnDescription": "Введите действительный ASN (например, AS15169).",
    "ruleUpdated": "Правила обновлены",
    "ruleUpdatedDescription": "Правила успешно обновлены",
    "ruleErrorUpdate": "Операция не удалась",
    "ruleErrorUpdateDescription": "Произошла ошибка во время операции сохранения",
    "rulesPriority": "Приоритет",
    "rulesReorderDragHandle": "Перетащите, чтобы изменить приоритет правила",
    "rulesAction": "Действие",
    "rulesMatchType": "Тип совпадения",
    "value": "Значение",
@@ -810,7 +792,7 @@
    "rulesResource": "Конфигурация правил ресурса",
    "rulesResourceDescription": "Настройка правил для контроля доступа к ресурсу",
    "ruleSubmit": "Добавить правило",
-    "rulesNoOne": "Пока нет правил.",
+    "rulesNoOne": "Нет правил. Добавьте правило с помощью формы.",
    "rulesOrder": "Правила оцениваются по приоритету в возрастающем порядке.",
    "rulesSubmit": "Сохранить правила",
    "policyErrorCreate": "Ошибка создания политики",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Произошла неожиданная ошибка",
    "policyCreatedSuccess": "Политика ресурса успешно создана",
    "policyUpdatedSuccess": "Политика ресурса успешно обновлена",
-    "authMethodsSave": "Сохранить настройки",
+    "authMethodsSave": "Сохранить методы аутентификации",
    "policyAuthStackTitle": "Аутентификация",
    "policyAuthStackDescription": "Контроль, какие методы аутентификации требуются для доступа к этому ресурсу",
    "policyAuthOrLogicTitle": "Несколько методов аутентификации активны",
    "policyAuthOrLogicBanner": "Посетители могут аутентифицироваться, используя любой из активных методов ниже. Им не нужно выполнять все.",
    "policyAuthMethodActive": "Активно",
    "policyAuthMethodOff": "Отключено",
    "policyAuthSsoTitle": "Платформа SSO",
    "policyAuthSsoDescription": "Требуется войти через поставщика удостоверений вашей организации",
    "policyAuthSsoSummary": "{idp} · {users} пользователей, {roles} ролей",
    "policyAuthSsoDefaultIdp": "Поставщик по умолчанию",
    "policyAuthAddDefaultIdentityProvider": "Добавить поставщика удостоверений по умолчанию",
    "policyAuthOtherMethodsTitle": "Другие методы",
    "policyAuthOtherMethodsDescription": "Дополнительные методы, которые посетители могут использовать вместо или вместе с платформой SSO",
    "policyAuthPasscodeTitle": "Пароль",
    "policyAuthPasscodeDescription": "Требуется общий буквенно-цифровой пароль для доступа к ресурсу",
    "policyAuthPasscodeSummary": "Пароль установлен",
    "policyAuthPincodeTitle": "ПИН-код",
    "policyAuthPincodeDescription": "Краткий числовой код, необходимый для доступа к ресурсу",
    "policyAuthPincodeSummary": "Установлен 6-значный PIN-код",
    "policyAuthEmailTitle": "Белый список email",
    "policyAuthEmailDescription": "Разрешить перечисленные email-адреса с одноразовыми паролями",
    "policyAuthEmailSummary": "Разрешено адресов: {count}",
    "policyAuthEmailOtpCallout": "Включение белого списка email отправляет одноразовый пароль на email посетителя при входе.",
    "policyAuthHeaderAuthTitle": "Базовая аутентификация заголовка",
    "policyAuthHeaderAuthDescription": "Проверка пользовательского имени и значения HTTP-заголовка для каждого запроса",
    "policyAuthHeaderAuthSummary": "Заголовок настроен",
    "policyAuthHeaderName": "Имя заголовка",
    "policyAuthHeaderValue": "Ожидаемое значение",
    "policyAuthSetPasscode": "Установить пароль",
    "policyAuthSetPincode": "Установить ПИН-код",
    "policyAuthSetEmailWhitelist": "Установить белый список email",
    "policyAuthSetHeaderAuth": "Установить базовую аутентификацию заголовка",
    "policyAccessRulesTitle": "Правила доступа",
    "policyAccessRulesEnableDescription": "При включении правила оцениваются в порядке убывания до тех пор, пока одно из них не оценивается как истинное.",
    "policyAccessRulesFirstMatch": "Правила оцениваются сверху вниз. Первое совпадающее правило определяет результат.",
    "policyAccessRulesHowItWorks": "Правила сопоставляют запросы по пути, IP-адресу, местоположению или другим критериям. Каждое правило применяет действие: обойти аутентификацию, заблокировать доступ или передать для аутентификации. Если правило не подписано, трафик продолжается для аутентификации.",
    "policyAccessRulesFallthroughOff": "Когда правила отключены, весь трафик проходит для аутентификации.",
    "policyAccessRulesFallthroughOn": "Когда правило не совпадает, трафик проходит для аутентификации.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Сохранить правила",
    "resourceErrorCreate": "Ошибка при создании ресурса",
    "resourceErrorCreateDescription": "Произошла ошибка при создании ресурса",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Администраторы всегда имеют доступ к этому ресурсу.",
    "resourcePolicySelectTitle": "Политика доступа к ресурсам",
    "resourcePolicySelectDescription": "Выберите тип политики ресурса для аутентификации",
    "resourcePolicyTypeLabel": "Тип политики",
    "resourcePolicyLabel": "Политика ресурса",
    "resourcePolicyInline": "Политика ресурса на месте",
    "resourcePolicyInlineDescription": "Политика доступа ограничена только этим ресурсом",
    "resourcePolicyShared": "Общая политика ресурса",
-    "resourcePolicySharedDescription": "Этот ресурс использует общую политику.",
+    "resourcePolicySharedDescription": "Этот ресурс использует общую политику. Настройки уровня политики (методы аутентификации, список разрешенных email) заблокированы. Вы можете добавить правила, роли и пользователей, специфичные для ресурса, ниже.",
    "sharedPolicy": "Общая политика",
    "sharedPolicyNoneDescription": "У этого ресурса есть своя политика.",
    "resourceSharedPolicyOwnDescription": "У этого ресурса есть собственные средства управления аутентификацией и правилами доступа.",
    "resourceSharedPolicyInheritedDescription": "Этот ресурс наследует от <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyAuthenticationNotice": "Этот ресурс использует общую политику. Некоторые настройки аутентификации можно изменить в этом ресурсе, чтобы добавить их в политику. Чтобы изменить основную политику, отредактируйте <policyLink>{policyName}</policyLink>.",
    "resourceSharedPolicyRulesNotice": "Этот ресурс использует общую политику. Некоторые правила доступа могут быть отредактированы для этого ресурса. Чтобы изменить основную политику, вы должны отредактировать <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Контроль доступа",
    "resourceUsersRolesDescription": "Выберите пользователей и роли с доступом к этому ресурсу",
    "resourceUsersRolesSubmit": "Сохранить контроль доступа",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Видимость",
    "resourceVisibilityTitleDescription": "Включите или отключите видимость ресурса",
    "resourceGeneral": "Общие настройки",
-    "resourceGeneralDescription": "Настройте имя, адрес и политику доступа для этого ресурса.",
+    "resourceGeneralDescription": "Настройте общие параметры этого ресурса",
    "resourceGeneralDetailsSubsection": "Детали ресурса",
    "resourceGeneralDetailsSubsectionDescription": "Установите отображаемое имя, идентификатор и публично доступный домен для этого ресурса.",
    "resourceGeneralDetailsSubsectionPortDescription": "Установите отображаемое имя, идентификатор и публичный порт для этого ресурса.",
    "resourceGeneralPublicAddressSubsection": "Публичный адрес",
    "resourceGeneralPublicAddressSubsectionDescription": "Настройте, как пользователи будут получать доступ к этому ресурсу.",
    "resourceGeneralAuthenticationAccessSubsection": "Аутентификация и доступ",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Выберите, будет ли этот ресурс использовать собственную политику или наследовать от общей политики.",
    "resourceEnable": "Ресурс активен",
    "resourceTransfer": "Перенести ресурс",
    "resourceTransferDescription": "Перенесите этот ресурс на другой сайт",
@@ -1294,14 +1220,11 @@
    "addLabels": "Добавить метки",
    "siteLabelsTab": "Метки",
    "siteLabelsDescription": "Управляйте метками, связанными с этим сайтом.",
-    "labelsNotFound": "Метки не найдены.",
+    "labelsNotFound": "Метки не найдены",
    "labelsEmptyCreateHint": "Начните печатать выше, чтобы создать метку.",
    "labelSearch": "Поиск меток",
    "labelSearchOrCreate": "Найти или создать метку",
    "accessLabelFilterCount": "{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
    "labelOverflowCount": "+{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
    "accessLabelFilterClear": "Очистить фильтры меток",
    "accessFilterClear": "Очистить фильтры",
    "selectColor": "Выберите цвет",
    "createNewLabel": "Создать новую метку организации \"{label}\"",
    "inviteInvalidDescription": "Ссылка на приглашение недействительна.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Ресурсы",
    "sidebarProxyResources": "Публичный",
    "sidebarClientResources": "Приватный",
-    "sidebarPolicies": "Общие политики",
+    "sidebarPolicies": "Политики",
-    "sidebarResourcePolicies": "Публичные ресурсы",
+    "sidebarResourcePolicies": "Ресурсы",
    "sidebarAccessControl": "Контроль доступа",
    "sidebarLogsAndAnalytics": "Журналы и аналитика",
    "sidebarTeam": "Команда",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Админ",
    "sidebarInvitations": "Приглашения",
    "sidebarRoles": "Роли",
-    "sidebarShareableLinks": "Общие ссылки",
+    "sidebarShareableLinks": "Ссылки",
    "sidebarApiKeys": "API ключи",
    "sidebarProvisioning": "Подготовка",
    "sidebarSettings": "Настройки",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Ресурс {id}",
    "blueprints": "Чертежи",
    "blueprintsLog": "Журнал чертежей",
-    "blueprintsDescription": "Просмотреть предыдущие приложения с чертежами и их результаты или применить новый чертеж",
+    "blueprintsDescription": "Просмотр прошлых применений чертежа и их результатов",
    "blueprintAdd": "Добавить чертёж",
    "blueprintGoBack": "Посмотреть все чертежи",
    "blueprintCreate": "Создать чертёж",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Включить чертёж Docker",
    "enableDockerSocketDescription": "Включить сбор меток Docker Socket для чертежей. Путь сокета должен быть предоставлен подключателю сайта. Прочтите о том, как это работает, в <docsLink>документации</docsLink>.",
    "newtAutoUpdate": "Включить автообновление сайта",
-    "newtAutoUpdateDescription": "При включении разъемы сайта автоматически загрузят последнюю версию и перезапустятся. Это можно переопределить на уровне каждого сайта.",
+    "newtAutoUpdateDescription": "При включении, коннекторы сайта будут автоматически обновляться до последней версии, когда доступен новый выпуск.",
    "siteAutoUpdate": "Автообновление сайта",
    "siteAutoUpdateLabel": "Включить автообновление",
-    "siteAutoUpdateDescription": "При включении разъем этого сайта автоматически скачает последнюю версию и перезапустится.",
+    "siteAutoUpdateDescription": "Контролировать, будет ли коннектор этого сайта автоматически загружать последнюю версию.",
    "siteAutoUpdateOrgDefault": "Значение по умолчанию для организации: {state}",
    "siteAutoUpdateOverriding": "Переопределение настройки организации",
    "siteAutoUpdateResetToOrg": "Сброс до значения по умолчанию для организации",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Настройка аккаунта завершена! Добро пожаловать в Pangolin!",
    "documentation": "Документация",
    "saveAllSettings": "Сохранить все настройки",
-    "saveResourceTargets": "Сохранить настройки",
+    "saveResourceTargets": "Сохранить цели",
-    "saveResourceHttp": "Сохранить настройки",
+    "saveResourceHttp": "Сохранить настройки прокси",
-    "saveProxyProtocol": "Сохранить настройки",
+    "saveProxyProtocol": "Сохранить настройки прокси-протокола",
    "settingsUpdated": "Настройки обновлены",
    "settingsUpdatedDescription": "Настройки успешно обновлены",
    "settingsErrorUpdate": "Не удалось обновить настройки",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Неизвестно",
    "healthCheck": "Проверка здоровья",
    "configureHealthCheck": "Настроить проверку здоровья",
-    "configureHealthCheckDescription": "Настройте мониторинг вашего ресурса, чтобы обеспечить его постоянную доступность",
+    "configureHealthCheckDescription": "Настройте мониторинг состояния для {target}",
    "enableHealthChecks": "Включить проверки здоровья",
    "healthCheckDisabledStateDescription": "Когда отключен, сайт не будет выполнять проверки состояния и состояние будет считаться неизвестным.",
    "enableHealthChecksDescription": "Мониторинг здоровья этой цели. При необходимости можно контролировать другую конечную точку.",
    "healthScheme": "Метод",
    "healthSelectScheme": "Выберите метод",
-    "healthCheckPortInvalid": "Порт должен быть в диапазоне от 1 до 65535",
+    "healthCheckPortInvalid": "Порт проверки здоровья должен быть от 1 до 65535",
    "healthCheckPath": "Путь",
    "healthHostname": "IP / хост",
    "healthPort": "Порт",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Требовать подтверждения устройства",
    "requireDeviceApprovalDescription": "Пользователям с этой ролью нужны новые устройства, одобренные администратором, прежде чем они смогут подключаться и получать доступ к ресурсам.",
    "sshSettings": "Настройки SSH",
    "sshAccess": "Доступ по SSH",
    "rdpSettings": "Настройки RDP",
    "vncSettings": "Настройки VNC",
    "sshServer": "SSH сервер",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Убедитесь, что целевой хост правильно настроен для запуска демона аутентификации перед завершением этой настройки, иначе предоставление не удастся.",
    "sshDaemonPort": "Порт демона",
    "sshServerDestination": "Пункт назначения сервера",
-    "sshServerDestinationDescription": "Настройте адрес сервера SSH",
+    "sshServerDestinationDescription": "Настройте пункт назначения и порт SSH-сервера",
    "destination": "Пункт назначения",
    "destinationRequired": "Требуется указание пункта назначения.",
    "domainRequired": "Требуется домен.",
    "proxyPortRequired": "Требуется порт.",
    "invalidPathConfiguration": "Недействительная конфигурация пути.",
    "invalidRewritePathConfiguration": "Недействительная конфигурация пути переписывания.",
    "bgTargetMultiSiteDisclaimer": "Выбор нескольких сайтов включает в себя устойчивую маршрутизацию и автоматический отказ для обеспечения высокой доступности.",
    "roleAllowSsh": "Разрешить SSH",
    "roleAllowSshAllow": "Разрешить",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.",
    "sshSudo": "Разрешить sudo",
    "sshSudoCommands": "Sudo Команды",
-    "sshSudoCommandsDescription": "Список команд, которые пользователь может запускать с sudo, разделенный запятыми, пробелами или новыми строками. Должны использоваться абсолютные пути.",
+    "sshSudoCommandsDescription": "Список команд, которые пользователь может выполнять с sudo, через запятую. Должны использоваться абсолютные пути.",
    "sshCreateHomeDir": "Создать домашний каталог",
    "sshUnixGroups": "Unix группы",
-    "sshUnixGroupsDescription": "Группы Unix, к которым пользователь добавляется на целевом хосте, разделяются запятыми, пробелами или новыми строками.",
+    "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.",
    "roleTextFieldPlaceholder": "Введите значения или перетащите файл .txt или .csv",
    "roleTextImportTitle": "Импорт из файла",
    "roleTextImportDescription": "Импортирую {fileName} в {fieldLabel}.",
    "roleTextImportSkipHeader": "Пропустить первую строку (заголовок)",
    "roleTextImportOverride": "Заменить существующее",
    "roleTextImportAppend": "Добавить к существующему",
    "roleTextImportMode": "Режим импорта",
    "roleTextImportPreview": "Предпросмотр",
    "roleTextImportItemCount": "{count, plural, =0 {Нет элементов для импорта} one {# элемент для импорта} few {# элемента для импорта} many {# элементов для импорта} other {# элементов для импорта}}",
    "roleTextImportTotalCount": "{existing} существующих + {imported} импортированных = {total} всего",
    "roleTextImportConfirm": "Импортировать",
    "roleTextImportInvalidFile": "Неподдерживаемый тип файла",
    "roleTextImportInvalidFileDescription": "Поддерживаются только файлы .txt и .csv.",
    "roleTextImportEmpty": "Элементы в файле не найдены",
    "roleTextImportEmptyDescription": "Файл не содержит элементов, которые можно импортировать.",
    "retryAttempts": "Количество попыток повторного запроса",
    "expectedResponseCodes": "Ожидаемые коды ответов",
    "expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Включить Прокси Протокол",
    "proxyProtocolInfo": "Сохранять IP-адреса клиента для backend'ов TCP",
    "proxyProtocolVersion": "Версия протокола прокси",
-    "version1": "Версия 1 (рекомендуется)",
+    "version1": " Версия 1 (рекомендуется)",
    "version2": "Версия 2",
-    "version1Description": "Основано на тексте и широко поддерживается. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
+    "versionDescription": "Версия 1 основана на тексте и широко поддерживается. Версия 2 является бинарной и более эффективной, но менее совместимой.",
    "version2Description": "Бинарная и более эффективная, но менее совместимая. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
    "warning": "Предупреждение",
    "proxyProtocolWarning": "Бэкэнд приложение должно быть настроено на принятие соединений прокси-протокола. Если ваш бэкэнд не поддерживает Прокси-протокол, то включение этой опции прервет все подключения, поэтому включите это только если вы знаете, что вы делаете. Обязательно настройте вашего бэкэнда на доверие заголовкам Proxy Protocol от Traefik.",
    "restarting": "Перезапуск...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Введите подтверждение",
    "blueprintViewDetails": "Подробности",
    "defaultIdentityProvider": "Поставщик удостоверений по умолчанию",
-    "defaultIdentityProviderDescription": "Пользователь будет автоматически перенаправлен к этому поставщику удостоверений для аутентификации.",
+    "defaultIdentityProviderDescription": "Когда выбран поставщик идентификации по умолчанию, пользователь будет автоматически перенаправлен на провайдер для аутентификации.",
    "editInternalResourceDialogNetworkSettings": "Настройки сети",
    "editInternalResourceDialogAccessPolicy": "Политика доступа",
    "editInternalResourceDialogAddRoles": "Добавить роли",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Тип режима обслуживания",
    "showMaintenancePage": "Показать страницу обслуживания посетителям",
    "enableMaintenanceMode": "Включить режим обслуживания",
    "enableMaintenanceModeDescription": "Когда включено, посетители увидят страницу обслуживания вместо вашего ресурса.",
    "automatic": "Автоматический",
    "automaticModeDescription": "Показывать страницу обслуживания только когда все цели бэкэнда недоступны или неисправны. Ваш ресурс продолжит работать нормально, пока хотя бы одна цель здорова.",
    "forced": "Принудительно",
@@ -3182,8 +3082,6 @@
    "warning:": "Предупреждение:",
    "forcedeModeWarning": "Весь трафик будет направлен на страницу обслуживания. Ваши бекэнд ресурсы не будут получать никакие запросы.",
    "pageTitle": "Заголовок страницы",
    "maintenancePageContentSubsection": "Содержимое страницы",
    "maintenancePageContentSubsectionDescription": "Настройте содержимое, отображаемое на странице обслуживания",
    "pageTitleDescription": "Основной заголовок, отображаемый на странице обслуживания",
    "maintenancePageMessage": "Сообщение об обслуживании",
    "maintenancePageMessagePlaceholder": "Мы скоро вернемся! Наш сайт в настоящее время проходит плановое техническое обслуживание.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Вы уверены, что хотите рассоединить этого поставщика удостоверений с этой организацией?",
    "idpUnassociateDescription": "Все пользователи, связанные с этим поставщиком удостоверений, будут удалены из этой организации, но поставщик удостоверений будет продолжать существовать для других связанных организаций.",
    "idpUnassociateConfirm": "Подтвердите рассоединение поставщика удостоверений",
    "idpConfirmDeleteAndRemoveMeFromOrg": "УДАЛИТЬ И ИЗВЛЕЧЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
    "idpUnassociateAndRemoveMeFromOrg": "РАЗОРВАТЬ СВЯЗЬ И УДАЛИТЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
    "idpUnassociateWarning": "Это не может быть отменено для этой организации.",
    "idpUnassociatedDescription": "Поставщик удостоверений успешно рассоединен с этой организацией",
    "idpUnassociateMenu": "Рассоединить",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Подключение…",
    "sshInitializing": "Инициализация…",
    "sshSignInTitle": "Вход в SSH",
-    "sshSignInDescription": "Введите свои учетные данные SSH для подключения",
+    "sshSignInDescription": "Введите свои учетные данные SSH",
    "sshPasswordTab": "Пароль",
    "sshPrivateKeyTab": "Закрытый ключ",
    "sshPrivateKeyField": "Закрытый ключ",
    "sshPrivateKeyDisclaimer": "Ваш закрытый ключ не хранится и не виден для Pangolin. Вместо этого вы можете использовать краткосрочные сертификаты для бесшовной аутентификации с использованием вашей текущей идентификации Pangolin.",
    "sshLearnMore": "Узнать больше",
    "sshPrivateKeyFile": "Файл закрытого ключа",
-    "sshAuthenticate": "Подключиться",
+    "sshAuthenticate": "Аутентификация",
    "sshTerminate": "Завершить",
    "sshPoweredBy": "Разработано",
    "sshErrorNoTarget": "Цель не указана",
    "sshErrorWebSocket": "Подключение WebSocket не удалось",
    "sshErrorAuthFailed": "Ошибка аутентификации",
-    "sshErrorConnectionClosed": "Подключение закрыто до завершения аутентификации",
+    "sshErrorConnectionClosed": "Подключение закрыто до завершения аутентификации"
    "sitePangolinSshDescription": "Разрешить доступ по SSH к ресурсам на этом сайте. Это можно изменить позже.",
    "browserGatewayNoResourceForDomain": "Ресурс для этого домена не найден",
    "browserGatewayNoTarget": "Нет цели",
    "browserGatewayConnect": "Подключиться",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "Не удалось подписать ключ SSH для аутентификации через PAM push. Проверьте, вошли ли вы как пользователь?",
    "sshTerminalError": "Ошибка: {error}",
    "sshConnectionClosedCode": "Соединение закрыто (код {code})",
    "sshPrivateKeyPlaceholder": "-----НАЧАЛО ЛИЧНОГО КЛЮЧА OPENSSH-----",
    "sshPrivateKeyRequired": "Требуется личный ключ",
    "vncTitle": "VNC",
    "vncSignInDescription": "Введите пароль VNC для подключения",
    "vncPasswordOptional": "Пароль (необязательно)",
    "vncNoResourceTarget": "Отсутствует целевой ресурс",
    "vncFailedToLoadNovnc": "Не удалось загрузить noVNC",
    "vncAuthFailedStatus": "Статус {status}",
    "vncPasteClipboard": "Вставить из буфера обмена",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Вход в удаленный рабочий стол",
    "rdpSignInDescription": "Введите учетные данные Windows для подключения",
    "rdpLoadingModule": "Загрузка модуля...",
    "rdpFailedToLoadModule": "Не удалось загрузить модуль RDP",
    "rdpNotReady": "Не готово",
    "rdpModuleInitializing": "Модуль RDP все еще инициализируется",
    "rdpDownloadingFiles": "Загрузка {count} файлов с удалённого сервера…",
    "rdpDownloadFailed": "Ошибка загрузки: {fileName}",
    "rdpUploaded": "Загружено: {fileName}",
    "rdpNoConnectionTarget": "Доступная цель подключения отсутствует",
    "rdpConnectionFailed": "Ошибка соединения",
    "rdpFit": "Подгонка",
    "rdpFull": "Полный",
    "rdpReal": "Настоящий",
    "rdpMeta": "Метаданные",
    "rdpUploadFiles": "Загрузить файлы",
    "rdpFilesReadyToPaste": "Файлы готовы к вставке",
    "rdpFilesReadyToPasteDescription": "{count, plural, one {# файл скопирован в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} few {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} many {# файлов скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} other {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.}}",
    "rdpUploadFailed": "Ошибка загрузки",
    "rdpUnicodeKeyboardMode": "Режим клавиатуры Unicode",
    "sessionToolbarShow": "Показать панель инструментов",
    "sessionToolbarHide": "Скрыть панель инструментов"
 }
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "Özel Kaynakları Görüntüle",
    "siteInstallNewt": "Newt Yükle",
    "siteInstallNewtDescription": "Newt'i sisteminizde çalıştırma",
    "siteInstallKubernetesDocsDescription": "Daha fazla ve güncel Kubernetes kurulum bilgileri için <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink> adresini inceleyin.",
    "siteInstallAdvantechDocsDescription": "Advantech modem kurulum talimatları için <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink> adresini inceleyin.",
    "WgConfiguration": "WireGuard Yapılandırması",
    "WgConfigurationDescription": "Ağınıza bağlanmak için aşağıdaki yapılandırmayı kullanın",
    "operatingSystem": "İşletim Sistemi",
@@ -150,16 +148,16 @@
    "siteCredentialsSaveDescription": "Yalnızca bir kez görebileceksiniz. Güvenli bir yere kopyaladığınızdan emin olun.",
    "siteInfo": "Site Bilgilendirmesi",
    "status": "Durum",
-    "shareTitle": "Paylaşılabilir Bağlantıları Yönet",
+    "shareTitle": "Paylaşım Bağlantılarını Yönet",
    "shareDescription": "Kaynaklarınıza geçici veya kalıcı erişim sağlamak için paylaşılabilir bağlantılar oluşturun",
-    "shareSearch": "Paylaşılabilir bağlantıları ara...",
+    "shareSearch": "Paylaşım bağlantılarını ara...",
-    "shareCreate": "Paylaşılabilir Bağlantı Oluştur",
+    "shareCreate": "Paylaşım Bağlantısı Oluştur",
    "shareErrorDelete": "Bağlantı silinirken hata oluştu",
    "shareErrorDeleteMessage": "Bağlantı silinirken bir hata oluştu",
    "shareDeleted": "Bağlantı silindi",
    "shareDeletedDescription": "Bağlantı silindi",
-    "shareDelete": "Paylaşılabilir Bağlantıyı Sil",
+    "shareDelete": "Paylaşım Bağlantısını Sil",
-    "shareDeleteConfirm": "Paylaşılabilir Bağlantıyı Silmeyi Onayla",
+    "shareDeleteConfirm": "Paylaşım Bağlantısının Silinmesini Onayla",
    "shareQuestionRemove": "Bu paylaşım bağlantısını silmek istediğinizden emin misiniz?",
    "shareMessageRemove": "Silindikten sonra, bağlantı artık çalışmayacak ve kullanan herkes kaynağa erişimini kaybedecek.",
    "shareTokenDescription": "Erişim jetonunuz iki şekilde iletilebilir: sorgu parametresi olarak veya istek başlıklarında. Kimlik doğrulanmış erişim için her istekten müşteri tarafından iletilmelidir.",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "Bu bağlantıya sahip olan herkes kaynağa erişebilir",
    "shareTitleOptional": "Başlık (isteğe bağlı)",
    "sharePathOptional": "Yol (isteğe bağlı)",
    "sharePathDescription": "Bağlantıdan sonra kullanıcıları bu yola yönlendirecek bağlantıyı tanımlayın.",
    "expireIn": "Süresi Dolacak",
    "neverExpire": "Hiçbir Zaman Sona Ermez",
    "shareExpireDescription": "Son kullanma süresi, bağlantının kullanılabilir ve kaynağa erişim sağlayacak süresidir. Bu süreden sonra bağlantı çalışmayı durduracak ve bu bağlantıyı kullanan kullanıcılar kaynağa erişimini kaybedecektir.",
@@ -203,8 +200,8 @@
    "shareErrorSelectResource": "Lütfen bir kaynak seçin",
    "proxyResourceTitle": "Herkese Açık Kaynakları Yönet",
    "proxyResourceDescription": "Bir web tarayıcısı aracılığıyla kamuya açık kaynaklar oluşturun ve yönetin",
-    "publicResourcesBannerTitle": "Web tabanlı Açık Erişim",
+    "publicResourcesBannerTitle": "Web Tabanlı Genel Erişim",
-    "publicResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla internette herkesin erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine istemci tarafı yazılım gerektirmezler ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
+    "publicResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla herkesin internette erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine, istemci tarafı yazılıma ihtiyaç duymazlar ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
    "clientResourceTitle": "Özel Kaynakları Yönet",
    "clientResourceDescription": "Sadece bağlı bir istemci aracılığıyla erişilebilen kaynakları oluşturun ve yönetin",
    "privateResourcesBannerTitle": "Sıfır Güven Özel Erişim",
@@ -212,19 +209,15 @@
    "resourcesSearch": "Kaynakları ara...",
    "resourceAdd": "Kaynak Ekle",
    "resourceErrorDelte": "Kaynak silinirken hata",
-    "resourcePoliciesBannerTitle": "Kimlik Doğrulama ve Erişim Kurallarını Yeniden Kullan",
+    "resourcePoliciesTitle": "Kaynak Politikalarını Yönet",
-    "resourcePoliciesBannerDescription": "Paylaşılan kaynak politikaları, kimlik doğrulama yöntemlerini ve erişim kurallarını bir kez tanımlamanıza ve ardından bunları birden fazla genel kaynağa bağlamanıza olanak tanır. Bir politikayı güncellediğinizde, bağlı her kaynak değişikliği otomatik olarak devralır.",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ekteki kaynaklar",
    "resourcePoliciesBannerButtonText": "Daha fazla bilgi",
    "resourcePoliciesTitle": "Herkese Açık Kaynak Politikalarını Yönetin",
    "resourcePoliciesAttachedResourcesColumnTitle": "Kaynaklar",
    "resourcePoliciesAttachedResources": "{count} kaynak",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# kaynak} other {# kaynaklar}}",
    "resourcePoliciesAttachedResourcesEmpty": "hiçbir kaynak",
-    "resourcePoliciesDescription": "Genel kaynaklarınıza erişimi kontrol etmek için kimlik doğrulama politikalarını oluşturun ve yönetin",
+    "resourcePoliciesDescription": "Kaynaklarınıza erişimi kontrol etmek için kimlik doğrulama politikaları oluşturun ve yönetin",
    "resourcePoliciesSearch": "Politikaları ara...",
    "resourcePoliciesAdd": "Politika Ekle",
    "resourcePoliciesDefaultBadgeText": "Varsayılan politika",
-    "resourcePoliciesCreate": "Genel Kaynak Politikası Oluştur",
+    "resourcePoliciesCreate": "Kaynak Politikası Oluştur",
    "resourcePoliciesCreateDescription": "Yeni bir politika oluşturmak için aşağıdaki adımları izleyin",
    "resourcePolicyName": "Politika Adı",
    "resourcePolicyNameDescription": "Bu politikaya kaynaklarınız arasında kolayca tanımlayabilmek için bir ad verin",
@@ -281,7 +274,7 @@
    "back": "Geri",
    "cancel": "İptal",
    "resourceConfig": "Yapılandırma Parçaları",
-    "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın.",
+    "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın",
    "resourceAddEntrypoints": "Traefik: Başlangıç Noktaları Ekleyin",
    "resourceExposePorts": "Gerbil: Docker Compose'da Portları Açın",
    "resourceLearnRaw": "TCP/UDP kaynaklarını nasıl yapılandıracağınızı öğrenin",
@@ -294,8 +287,6 @@
    "labelDelete": "Etiketi Sil",
    "labelAdd": "Etiket Ekle",
    "labelCreateSuccessMessage": "Etiket Başarıyla Oluşturuldu",
    "labelDuplicateError": "Yinelenen Etiket",
    "labelDuplicateErrorDescription": "Bu isimle bir etiket zaten var.",
    "labelEditSuccessMessage": "Etiket Başarıyla Değiştirildi",
    "labelNameField": "Etiket Adı",
    "labelColorField": "Etiket Rengi",
@@ -320,7 +311,7 @@
    "rules": "Kurallar",
    "resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın",
    "resourceSetting": "{resourceName} Ayarları",
-    "resourcePolicySettingDescription": "Bu açık kaynak politikasının ayarlarını yapılandırın",
+    "resourcePolicySettingDescription": "Kaynak politikası üzerindeki ayarları yapılandır",
    "resourcePolicySetting": "{policyName} Ayarları",
    "alwaysAllow": "Kimlik Doğrulamayı Atla",
    "alwaysDeny": "Erişimi Engelle",
@@ -728,7 +719,7 @@
    "targetSubmit": "Hedef Ekle",
    "targetNoOne": "Bu kaynağın hedefleri yok. Arka uca gönderilecek istekleri yapılandırmak için bir hedef ekleyin.",
    "targetNoOneDescription": "Yukarıdaki birden fazla hedef ekleyerek yük dengeleme etkinleştirilecektir.",
-    "targetsSubmit": "Ayarları Kaydet",
+    "targetsSubmit": "Hedefleri Kaydet",
    "addTarget": "Hedef Ekle",
    "proxyMultiSiteRoundRobinNodeHelp": "Round robin yönlendirme, aynı düğüme bağlı olmayan siteler arasında çalışmayacaktır, ancak failover çalışacaktır.",
    "targetErrorInvalidIp": "Geçersiz IP adresi",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "Yinelenen kural",
    "rulesErrorDuplicateDescription": "Bu ayarlara sahip bir kural zaten mevcut",
    "rulesErrorInvalidIpAddressRange": "Geçersiz CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Geçerli bir CIDR aralığı girin (örneğin, 10.0.0.0/8).",
+    "rulesErrorInvalidIpAddressRangeDescription": "Lütfen geçerli bir CIDR değeri girin",
-    "rulesErrorInvalidUrl": "Geçersiz yol",
+    "rulesErrorInvalidUrl": "Geçersiz URL yolu",
-    "rulesErrorInvalidUrlDescription": "Geçerli bir URL yolu veya deseni girin (örneğin, /api/*).",
+    "rulesErrorInvalidUrlDescription": "Lütfen geçerli bir URL yolu değeri girin",
-    "rulesErrorInvalidIpAddress": "Geçersiz IP adresi",
+    "rulesErrorInvalidIpAddress": "Geçersiz IP",
-    "rulesErrorInvalidIpAddressDescription": "Geçerli bir IPv4 veya IPv6 adresi girin.",
+    "rulesErrorInvalidIpAddressDescription": "Lütfen geçerli bir IP adresi girin",
    "rulesErrorUpdate": "Kurallar güncellenemedi",
    "rulesErrorUpdateDescription": "Kurallar güncellenirken bir hata oluştu",
    "rulesUpdated": "Kuralları Etkinleştir",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "CIDR formatında bir adres girin (örneğin, 103.21.244.0/22)",
    "rulesMatchIpAddress": "Bir IP adresi girin (örneğin, 103.21.244.12)",
    "rulesMatchUrl": "Bir URL yolu veya deseni girin (örneğin, /api/v1/todos veya /api/v1/*)",
-    "rulesErrorInvalidPriority": "Geçersiz öncelik",
+    "rulesErrorInvalidPriority": "Geçersiz Öncelik",
-    "rulesErrorInvalidPriorityDescription": "1 veya daha büyük bir tamsayı girin.",
+    "rulesErrorInvalidPriorityDescription": "Lütfen geçerli bir öncelik girin",
-    "rulesErrorDuplicatePriority": "Yinelenen öncelikler",
+    "rulesErrorDuplicatePriority": "Yinelenen Öncelikler",
-    "rulesErrorDuplicatePriorityDescription": "Her kuralın benzersiz bir öncelik numarası olmalıdır.",
+    "rulesErrorDuplicatePriorityDescription": "Lütfen benzersiz öncelikler girin",
    "rulesErrorValidation": "Geçersiz kurallar",
    "rulesErrorValidationRuleDescription": "Kural {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "Geçerli bir eşleşme türünü seçin (yol, IP, CIDR, ülke, bölge veya ASN).",
    "rulesErrorValueRequired": "Bu kural için bir değer girin.",
    "rulesErrorInvalidCountry": "Geçersiz ülke",
    "rulesErrorInvalidCountryDescription": "Geçerli bir ülke seçin.",
    "rulesErrorInvalidAsn": "Geçersiz ASN",
    "rulesErrorInvalidAsnDescription": "Geçerli bir ASN girin (örneğin, AS15169).",
    "ruleUpdated": "Kurallar güncellendi",
    "ruleUpdatedDescription": "Kurallar başarıyla güncellendi",
    "ruleErrorUpdate": "Operasyon başarısız oldu",
    "ruleErrorUpdateDescription": "Kaydetme operasyonu sırasında bir hata oluştu",
    "rulesPriority": "Öncelik",
    "rulesReorderDragHandle": "Kural önceliğini yeniden sıralamak için sürükleyin",
    "rulesAction": "Aksiyon",
    "rulesMatchType": "Eşleşme Türü",
    "value": "Değer",
@@ -810,7 +792,7 @@
    "rulesResource": "Kaynak Kuralları Yapılandırması",
    "rulesResourceDescription": "Kaynağa erişimi kontrol etmek için kuralları yapılandırın",
    "ruleSubmit": "Kural Ekle",
-    "rulesNoOne": "Henüz kural yok.",
+    "rulesNoOne": "Kural yok. Formu kullanarak bir kural ekleyin.",
    "rulesOrder": "Kurallar, artan öncelik sırasına göre değerlendirilir.",
    "rulesSubmit": "Kuralları Kaydet",
    "policyErrorCreate": "Politika oluşturulurken hata oluştu",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "Beklenmeyen bir hata oluştu",
    "policyCreatedSuccess": "Kaynak politikası başarıyla oluşturuldu",
    "policyUpdatedSuccess": "Kaynak politikası başarıyla güncellendi",
-    "authMethodsSave": "Ayarları Kaydet",
+    "authMethodsSave": "Kimlik doğrulama yöntemlerini kaydet",
    "policyAuthStackTitle": "Kimlik Doğrulama",
    "policyAuthStackDescription": "Bu kaynağa erişim için hangi kimlik doğrulama yöntemlerinin gerekli olduğuna karar verin",
    "policyAuthOrLogicTitle": "Birden fazla kimlik doğrulama yöntemi etkin",
    "policyAuthOrLogicBanner": "Ziyaretçiler aşağıdaki etkin yöntemlerden herhangi birini kullanarak kimlik doğrulaması yapabilirler. Hepsini tamamlamaları gerekmez.",
    "policyAuthMethodActive": "Etkin",
    "policyAuthMethodOff": "Kapalı",
    "policyAuthSsoTitle": "Platform SSO",
    "policyAuthSsoDescription": "Organizasyonunuzun kimlik sağlayıcısı üzerinden oturum açmayı zorunlu kılın",
    "policyAuthSsoSummary": "{idp} · {users} kullanıcısı, {roles} rolü",
    "policyAuthSsoDefaultIdp": "Varsayılan sağlayıcı",
    "policyAuthAddDefaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı Ekle",
    "policyAuthOtherMethodsTitle": "Diğer Yöntemler",
    "policyAuthOtherMethodsDescription": "Ziyaretçilerin platform SSO yerine veya yanı sıra kullanabileceği isteğe bağlı yöntemler",
    "policyAuthPasscodeTitle": "Şifre",
    "policyAuthPasscodeDescription": "Kaynağa erişim için paylaşılan bir alfasayısal şifre gerektir",
    "policyAuthPasscodeSummary": "Şifre ayarlandı",
    "policyAuthPincodeTitle": "PIN Kodu",
    "policyAuthPincodeDescription": "Kaynağa erişim için kısa bir sayısal kod gereklidir",
    "policyAuthPincodeSummary": "6 haneli PIN ayarlandı",
    "policyAuthEmailTitle": "E-posta Beyaz Listesi",
    "policyAuthEmailDescription": "Listelenen e-posta adreslerine tek kullanımlık parolalarla izin verin",
    "policyAuthEmailSummary": "{count} adres izinli",
    "policyAuthEmailOtpCallout": "E-posta beyaz listesinin etkinleştirilmesiyle ziyaretçinin girişinde bir kereye mahsus parola e-postasına gönderilecektir.",
    "policyAuthHeaderAuthTitle": "Temel Başlık Kimlik Doğrulama",
    "policyAuthHeaderAuthDescription": "Her istekte özel bir HTTP başlık adını ve değerini doğrulayın",
    "policyAuthHeaderAuthSummary": "Başlık yapılandırıldı",
    "policyAuthHeaderName": "Başlık adı",
    "policyAuthHeaderValue": "Beklenen değer",
    "policyAuthSetPasscode": "Şifreyi Ayarla",
    "policyAuthSetPincode": "PIN Kodunu Ayarla",
    "policyAuthSetEmailWhitelist": "E-posta Beyaz Listesini Ayarla",
    "policyAuthSetHeaderAuth": "Temel Başlık Kimlik Doğrulamasını Ayarla",
    "policyAccessRulesTitle": "Erişim Kuralları",
    "policyAccessRulesEnableDescription": "Etkinleştirildiğinde, kurallar azalan sırayla değerlendirilecektir ve biri doğru olarak değerlendirildiğinde diğerine geçilecektir.",
    "policyAccessRulesFirstMatch": "Kurallar yukarıdan aşağıya doğru değerlendirilir. İlk eşleşen kural sonucu belirler.",
    "policyAccessRulesHowItWorks": "Kurallar, yol, IP adresi, konum veya başka kriterlere göre talepleri eşleştirir. Her kural bir eylem uygular: kimlik doğrulamayı atla, erişimi engelle veya kimlik doğrulaması için geçici olarak geç.",
    "policyAccessRulesFallthroughOff": "Kurallar devre dışı bırakıldığında, tüm trafik kimlik doğrulamasına geçer.",
    "policyAccessRulesFallthroughOn": "Herhangi bir kural eşleşmediğinde trafik kimlik doğrulamasına geçer.",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Kuralları Kaydet",
    "resourceErrorCreate": "Kaynak oluşturma hatası",
    "resourceErrorCreateDescription": "Kaynak oluşturulurken bir hata oluştu",
@@ -883,9 +824,9 @@
    "resourcesErrorUpdateDescription": "Kaynak güncellenirken bir hata oluştu",
    "access": "Erişim",
    "accessControl": "Erişim Kontrolü",
-    "shareLink": "{resource} Paylaşılabilir Bağlantı",
+    "shareLink": "{resource} Paylaşım Bağlantısı",
    "resourceSelect": "Kaynak seçin",
-    "shareLinks": "Paylaşılabilir Bağlantılar",
+    "shareLinks": "Paylaşım Bağlantıları",
    "share": "Paylaşılabilir Bağlantılar",
    "shareDescription2": "Kaynaklarınıza geçici veya sınırsız erişim sağlamak için paylaşılabilir bağlantılar oluşturun. Bağlantı oluştururken sona erme süresini yapılandırabilirsiniz.",
    "shareEasyCreate": "Kolayca oluştur ve paylaş",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "Yöneticiler her zaman bu kaynağa erişebilir.",
    "resourcePolicySelectTitle": "Kaynak Erişim Politikası",
    "resourcePolicySelectDescription": "Kimlik doğrulama için kaynak politika türünü seçin",
    "resourcePolicyTypeLabel": "Politika türü",
    "resourcePolicyLabel": "Kaynak politikası",
    "resourcePolicyInline": "Satır İçi Kaynak Politikası",
    "resourcePolicyInlineDescription": "Erişim Politikası sadece bu kaynağa yönelik",
    "resourcePolicyShared": "Paylaşılan Kaynak Politikası",
-    "resourcePolicySharedDescription": "Bu kaynak bir paylaşılan politika kullanıyor.",
+    "resourcePolicySharedDescription": "Bu kaynak paylaşılan bir politika kullanır. Politika düzeyindeki ayarlar (kimlik doğrulama yöntemleri, e-posta beyaz listesi) kilitlidir. Aşağıda, kaynakla ilgili özel kurallar, roller ve kullanıcılar ekleyebilirsiniz.",
    "sharedPolicy": "Paylaşılan Politika",
    "sharedPolicyNoneDescription": "Bu kaynağın kendi politikası var.",
    "resourceSharedPolicyOwnDescription": "Bu kaynak, kendi kimlik doğrulama ve erişim kuralları denetimlerine sahiptir.",
    "resourceSharedPolicyInheritedDescription": "Bu kaynak <policyLink>{policyName}</policyLink>'dan devralmaktadır.",
    "resourceSharedPolicyAuthenticationNotice": "Bu kaynak bir ortak politika kullanıyor. Politikayı eklemek için kimlik doğrulama ayarlarını bu kaynakta düzenleyebilirsiniz. Altta yatan politikayı değiştirmek için <policyLink>{policyName}</policyLink> düzenlemelisiniz.",
    "resourceSharedPolicyRulesNotice": "Bu kaynak bir paylaşılan politika kullanıyor. Bazı erişim kuralları bu kaynakta düzenlenebilir. Temel politikayı değiştirmek için, <policyLink>{policyName}</policyLink> düzenlemeniz gerekecektir.",
    "resourceUsersRoles": "Erişim Kontrolleri",
    "resourceUsersRolesDescription": "Bu kaynağı kimlerin ziyaret edebileceği kullanıcıları ve rolleri yapılandırın",
    "resourceUsersRolesSubmit": "Erişim Kontrollerini Kaydet",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "Görünürlük",
    "resourceVisibilityTitleDescription": "Kaynak görünürlüğünü tamamen etkinleştirin veya devre dışı bırakın",
    "resourceGeneral": "Genel Ayarlar",
-    "resourceGeneralDescription": "Bu kaynak için ad, adres ve erişim politikası yapılandırın.",
+    "resourceGeneralDescription": "Bu kaynak için genel ayarları yapılandırın",
    "resourceGeneralDetailsSubsection": "Kaynak Detayları",
    "resourceGeneralDetailsSubsectionDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve herkesin erişebileceği alan adını belirleyin.",
    "resourceGeneralDetailsSubsectionPortDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve halka açık portu ayarlayın.",
    "resourceGeneralPublicAddressSubsection": "Genel Adres",
    "resourceGeneralPublicAddressSubsectionDescription": "Kullanıcıların bu kaynağa nasıl ulaşacağını yapılandırın.",
    "resourceGeneralAuthenticationAccessSubsection": "Kimlik Doğrulama ve Erişim",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "Bu kaynağın kendi politikasını mı yoksa ortak bir politikadan mı devralacağını seçin.",
    "resourceEnable": "Kaynağı Etkinleştir",
    "resourceTransfer": "Kaynağı Aktar",
    "resourceTransferDescription": "Bu kaynağı farklı bir siteye aktarın",
@@ -1294,14 +1220,11 @@
    "addLabels": "Etiketler ekle",
    "siteLabelsTab": "Etiketler",
    "siteLabelsDescription": "Bu siteyle ilişkili etiketleri yönetin.",
-    "labelsNotFound": "Etiket bulunamadı.",
+    "labelsNotFound": "Etiketler bulunamadı",
    "labelsEmptyCreateHint": "Etiket oluşturmak için yukarıdan yazmaya başlayın.",
    "labelSearch": "Etiket ara",
    "labelSearchOrCreate": "Etiket arayın veya oluşturun",
    "accessLabelFilterCount": "{count, plural, one {# etiket} other {# etiketler}}",
    "labelOverflowCount": "+{count, plural, one {# etiket} other {# etiketler}}",
    "accessLabelFilterClear": "Etiket filtrelerini temizle",
    "accessFilterClear": "Filtreleri temizle",
    "selectColor": "Renk seç",
    "createNewLabel": "Yeni kuruluş etiketi \"{label}\" oluştur",
    "inviteInvalidDescription": "Davet bağlantısı geçersiz.",
@@ -1538,8 +1461,8 @@
    "sidebarResources": "Kaynaklar",
    "sidebarProxyResources": "Herkese Açık",
    "sidebarClientResources": "Özel",
-    "sidebarPolicies": "Paylaşılan Politikalar",
+    "sidebarPolicies": "Politikalar",
-    "sidebarResourcePolicies": "Açık Kaynaklar",
+    "sidebarResourcePolicies": "Kaynaklar",
    "sidebarAccessControl": "Erişim Kontrolü",
    "sidebarLogsAndAnalytics": "Kayıtlar & Analitik",
    "sidebarTeam": "Ekip",
@@ -1547,7 +1470,7 @@
    "sidebarAdmin": "Yönetici",
    "sidebarInvitations": "Davetiye",
    "sidebarRoles": "Roller",
-    "sidebarShareableLinks": "Paylaşılabilir Bağlantılar",
+    "sidebarShareableLinks": "Bağlantılar",
    "sidebarApiKeys": "API Anahtarları",
    "sidebarProvisioning": "Tedarik",
    "sidebarSettings": "Ayarlar",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "Kaynak {id}",
    "blueprints": "Planlar",
    "blueprintsLog": "Şablonlar Günlüğü",
-    "blueprintsDescription": "Geçmiş plan uygulamalarını ve sonuçlarını görüntüleyin veya yeni bir plan uygulayın",
+    "blueprintsDescription": "Geçmiş şablon uygulamalarını ve sonuçlarını görüntüleyin",
    "blueprintAdd": "Plan Ekle",
    "blueprintGoBack": "Tüm Planları Gör",
    "blueprintCreate": "Plan Oluştur",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "Docker Soketini Etkinleştir",
    "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Site bağlantısına soket yolu sağlanmalıdır. Bunun nasıl çalıştığını <docsLink>belgelemede</docsLink> okuyun.",
    "newtAutoUpdate": "Site Otomatik-Güncellemesini Etkinleştir",
-    "newtAutoUpdateDescription": "Etkinleştirildiğinde, site konektörleri en son versiyonu otomatik olarak indirir ve yeniden başlar. Bu, site bazında geçersiz kılınabilir.",
+    "newtAutoUpdateDescription": "Etkinleştirildiğinde, site bağdaştırıcıları yeni sürüm mevcut olduğunda otomatik olarak en son sürüme güncellenecek.",
    "siteAutoUpdate": "Site Otomatik-Güncellemesi",
    "siteAutoUpdateLabel": "Otomatik Güncellemeyi Etkinleştir",
-    "siteAutoUpdateDescription": "Etkinleştirildiğinde, bu sitenin konektörü en son versiyonu otomatik olarak indirir ve kendini yeniden başlatır.",
+    "siteAutoUpdateDescription": "Bu sitenin bağdaştırıcısının en son sürümü otomatik olarak indirip indirmeyeceğini kontrol edin.",
    "siteAutoUpdateOrgDefault": "Kuruluş varsayılanı: {state}",
    "siteAutoUpdateOverriding": "Kuruluş ayarını geçersiz kılıyor",
    "siteAutoUpdateResetToOrg": "Kuruluş Varsayılanına Sıfırla",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "Hesap kurulumu tamamlandı! Pangolin'e hoş geldiniz!",
    "documentation": "Dokümantasyon",
    "saveAllSettings": "Tüm Ayarları Kaydet",
-    "saveResourceTargets": "Ayarları Kaydet",
+    "saveResourceTargets": "Hedefleri Kaydet",
-    "saveResourceHttp": "Ayarları Kaydet",
+    "saveResourceHttp": "Proxy Ayarlarını Kaydet",
-    "saveProxyProtocol": "Ayarları Kaydet",
+    "saveProxyProtocol": "Proxy protokol ayarlarını kaydet",
    "settingsUpdated": "Ayarlar güncellendi",
    "settingsUpdatedDescription": "Ayarlar başarıyla güncellendi",
    "settingsErrorUpdate": "Ayarlar güncellenemedi",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "Bilinmiyor",
    "healthCheck": "Sağlık Kontrolü",
    "configureHealthCheck": "Sağlık Kontrolünü Yapılandır",
-    "configureHealthCheckDescription": "Kaynağınızın her zaman erişilebilir olduğundan emin olmak için izleme kurun",
+    "configureHealthCheckDescription": "{hedef} için sağlık izleme kurun",
    "enableHealthChecks": "Sağlık Kontrollerini Etkinleştir",
    "healthCheckDisabledStateDescription": "Devre dışı bırakıldığında, site sağlık kontrolleri yapmaz ve durum bilinmeyen olarak kabul edilecektir.",
    "enableHealthChecksDescription": "Bu hedefin sağlığını izleyin. Gerekirse hedef dışındaki bir son noktayı izleyebilirsiniz.",
    "healthScheme": "Yöntem",
    "healthSelectScheme": "Yöntem Seç",
-    "healthCheckPortInvalid": "Bağlantı noktası 1 ile 65535 arasında olmalıdır",
+    "healthCheckPortInvalid": "Sağlık Kontrolü portu 1 ile 65535 arasında olmalıdır",
    "healthCheckPath": "Yol",
    "healthHostname": "IP / Hostname",
    "healthPort": "Bağlantı Noktası",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "Cihaz Onaylarını Gerektir",
    "requireDeviceApprovalDescription": "Bu role sahip kullanıcıların yeni cihazlarının bağlanabilmesi ve kaynaklara erişebilmesi için bir yönetici tarafından onaylanması gerekiyor.",
    "sshSettings": "SSH Ayarları",
    "sshAccess": "SSH Erişimi",
    "rdpSettings": "RDP Ayarları",
    "vncSettings": "VNC Ayarları",
    "sshServer": "SSH Sunucusu",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "Bu kurulumu tamamlamadan önce hedef ana bilgisayarınızın kimlik doğrulama daemonunu çalıştıracak şekilde düzgün yapılandırıldığından emin olun, aksi takdirde sağlama başarısız olur.",
    "sshDaemonPort": "Daemon Bağlantı Noktası",
    "sshServerDestination": "Sunucu Hedefi",
-    "sshServerDestinationDescription": "SSH sunucusunun hedefini yapılandırın",
+    "sshServerDestinationDescription": "SSH sunucusunun hedefini ve bağlantı noktasını yapılandırın",
    "destination": "Hedef",
    "destinationRequired": "Hedef gereklidir.",
    "domainRequired": "Alan adı gereklidir.",
    "proxyPortRequired": "Bağlantı noktası gereklidir.",
    "invalidPathConfiguration": "Geçersiz yol yapılandırması.",
    "invalidRewritePathConfiguration": "Geçersiz yol yeniden yazma yapılandırması.",
    "bgTargetMultiSiteDisclaimer": "Birden fazla site seçmek, yüksek erişilebilirlik için dayanıklı yönlendirme ve failover sağlar.",
    "roleAllowSsh": "SSH'a İzin Ver",
    "roleAllowSshAllow": "İzin Ver",
@@ -2171,25 +2088,10 @@
    "sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.",
    "sshSudo": "Sudo'ya izin ver",
    "sshSudoCommands": "Sudo Komutları",
-    "sshSudoCommandsDescription": "Kullanıcının 'sudo' ile çalıştırmasına izin verilen komutlar listesi noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır. Mutlak yollar kullanılmalıdır.",
+    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi. Mutlak yollar kullanılmalıdır.",
    "sshCreateHomeDir": "Ev Dizini Oluştur",
    "sshUnixGroups": "Unix Grupları",
-    "sshUnixGroupsDescription": "Hedef ana bilgisayardaki kullanıcıya eklemek için Unix grupları, noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır.",
+    "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.",
    "roleTextFieldPlaceholder": "Değerleri girin veya bir .txt veya .csv dosyası bırakın",
    "roleTextImportTitle": "Dosyadan İçe Aktar",
    "roleTextImportDescription": "{fileName} dosyası {fieldLabel} alanına içe aktarılıyor.",
    "roleTextImportSkipHeader": "İlk Satırı Atla (Başlık)",
    "roleTextImportOverride": "Mevcut Olanın Yerine Yaz",
    "roleTextImportAppend": "Mevcut olana Ekle",
    "roleTextImportMode": "İçe Aktarma Modu",
    "roleTextImportPreview": "Seçilen Dosya",
    "roleTextImportItemCount": "{count, plural, =0 {İçe aktarılacak öğe yok} one {İçe aktarılacak 1 öğe} other {İçe aktarılacak # öğe}}",
    "roleTextImportTotalCount": "{existing} mevcut + {imported} ithal = {total} toplam",
    "roleTextImportConfirm": "İçe Aktar",
    "roleTextImportInvalidFile": "Desteklenmeyen dosya türü",
    "roleTextImportInvalidFileDescription": "Yalnızca .txt ve .csv dosyaları desteklenir.",
    "roleTextImportEmpty": "Dosyada öğe bulunamadı",
    "roleTextImportEmptyDescription": "Dosya, içe aktarılabilir öğe içermiyor.",
    "retryAttempts": "Tekrar Deneme Girişimleri",
    "expectedResponseCodes": "Beklenen Yanıt Kodları",
    "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "Proxy Protokolünü Etkinleştir",
    "proxyProtocolInfo": "TCP ara yüzlerini koruyarak istemci IP adreslerini saklayın",
    "proxyProtocolVersion": "Proxy Protokol Versiyonu",
-    "version1": "Versiyon 1 (Önerilen)",
+    "version1": " Versiyon 1 (Önerilen)",
    "version2": "Versiyon 2",
-    "version1Description": "Metin tabanlı ve yaygın olarak desteklenmektedir. Sunucu taşımacılığının dinamik yapılandırmaya eklenmiş olduğundan emin olun.",
+    "versionDescription": "Versiyon 1 metin tabanlı ve yaygın olarak desteklenir. Versiyon 2 ise ikili ve daha verimlidir ama daha az uyumludur.",
    "version2Description": "İkili ve daha verimli ama daha az uyumlu. Sunucu taşımasının dinamik yapılandırmaya eklendiğinden emin olun.",
    "warning": "Uyarı",
    "proxyProtocolWarning": "Arka uç uygulamanız, Proxy Protokol bağlantılarını kabul etmek üzere yapılandırılmalıdır. Arka ucunuz Proxy Protokolünü desteklemiyorsa, bunu etkinleştirmek tüm bağlantıları koparır. Traefik'ten gelen Proxy Protokol başlıklarına güvenecek şekilde arka ucunuzu yapılandırdığınızdan emin olun.",
    "restarting": "Yeniden Başlatılıyor...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "Onayı girin",
    "blueprintViewDetails": "Detaylar",
    "defaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı",
-    "defaultIdentityProviderDescription": "Kullanıcı, kimlik doğrulama için bu kimlik sağlayıcısına otomatik olarak yönlendirilecektir.",
+    "defaultIdentityProviderDescription": "Varsayılan bir kimlik sağlayıcı seçildiğinde, kullanıcı kimlik doğrulaması için otomatik olarak sağlayıcıya yönlendirilecektir.",
    "editInternalResourceDialogNetworkSettings": "Ağ Ayarları",
    "editInternalResourceDialogAccessPolicy": "Erişim Politikası",
    "editInternalResourceDialogAddRoles": "Roller Ekle",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "Bakım Modu Türü",
    "showMaintenancePage": "Ziyaretçilere bir bakım sayfası gösterin",
    "enableMaintenanceMode": "Bakım Modunu Etkinleştir",
    "enableMaintenanceModeDescription": "Etkinleştirildiğinde, ziyaretçiler kaynak yerine bir bakım sayfası görecekler.",
    "automatic": "Otomatik",
    "automaticModeDescription": "Tüm arka uç hedefleri kapalı veya sağlıksız olduğunda yalnızca bakım sayfasını gösterin. Sağlıklı en az bir hedef olduğu sürece kaynağınız normal şekilde çalışmaya devam eder.",
    "forced": "Zorunlu",
@@ -3182,8 +3082,6 @@
    "warning:": "Uyarı:",
    "forcedeModeWarning": "Tüm trafik bakım sayfasına yönlendirilecek. Arka plan kaynaklarınız herhangi bir isteği almayacaktır.",
    "pageTitle": "Sayfa Başlığı",
    "maintenancePageContentSubsection": "Sayfa İçeriği",
    "maintenancePageContentSubsectionDescription": "Bakım sayfasında gösterilen içeriği özelleştirin",
    "pageTitleDescription": "Bakım sayfasında gösterilen ana başlık",
    "maintenancePageMessage": "Bakım Mesajı",
    "maintenancePageMessagePlaceholder": "Yakında geri döneceğiz! Sitemiz şu anda planlı bakım altındadır.",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "Bu kimlik sağlayıcının bu kuruluştan ilişiğini kesmek istediğinizden emin misiniz?",
    "idpUnassociateDescription": "Bu kimlik sağlayıcı ile ilişkilendirilen tüm kullanıcılar bu kuruluştan kaldırılacaktır, ancak kimlik sağlayıcı diğer ilişkilendirilen kuruluşlar için var olmaya devam edecektir.",
    "idpUnassociateConfirm": "Kimlik Sağlayıcının İlişkisinin Kesilmesini Onayla",
    "idpConfirmDeleteAndRemoveMeFromOrg": "BENİ SİL VE ORGANİZASYONDAN ÇIKAR",
    "idpUnassociateAndRemoveMeFromOrg": "BENİ İLİŞKİLENDİRMEYİ BIRAK VE ORGANİZASYONDAN ÇIKAR",
    "idpUnassociateWarning": "Bu işlem bu kuruluş için geri alınamaz.",
    "idpUnassociatedDescription": "Kimlik sağlayıcı bu kuruluştan başarıyla ayrıldı",
    "idpUnassociateMenu": "İlişkiyi Kes",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "Bağlanılıyor…",
    "sshInitializing": "Başlatılıyor…",
    "sshSignInTitle": "SSH'a Giriş Yap",
-    "sshSignInDescription": "Bağlanmak için SSH kimlik bilgilerinizi girin",
+    "sshSignInDescription": "SSH kimlik bilgilerinizi girin",
    "sshPasswordTab": "Şifre",
    "sshPrivateKeyTab": "Özel Anahtar",
    "sshPrivateKeyField": "Özel Anahtar",
    "sshPrivateKeyDisclaimer": "Özel anahtarınız Pangolin'de saklanmaz veya görünmez. Alternatif olarak, mevcut Pangolin kimliğinizle sorunsuz kimlik doğrulama için kısa ömürlü sertifikalar kullanabilirsiniz.",
    "sshLearnMore": "Daha fazla bilgi",
    "sshPrivateKeyFile": "Özel Anahtar Dosyası",
-    "sshAuthenticate": "Bağlan",
+    "sshAuthenticate": "Kimlik Doğrulama",
    "sshTerminate": "Sonlandır",
    "sshPoweredBy": "Tarafından sağlanmaktadır",
    "sshErrorNoTarget": "Belirtilen hedef yok",
    "sshErrorWebSocket": "WebSocket bağlantısı başarısız oldu",
    "sshErrorAuthFailed": "Kimlik doğrulama başarısız",
-    "sshErrorConnectionClosed": "Kimlik doğrulama tamamlanmadan bağlantı kapandı",
+    "sshErrorConnectionClosed": "Kimlik doğrulama tamamlanmadan bağlantı kapandı"
    "sitePangolinSshDescription": "Bu site üzerindeki kaynaklara SSH erişimine izin verin. Bu ayar sonradan değiştirilebilir.",
    "browserGatewayNoResourceForDomain": "Bu etki alanı için kaynak bulunamadı",
    "browserGatewayNoTarget": "Hedef Yok",
    "browserGatewayConnect": "Bağlan",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "PAM itmeli kimlik doğrulama için SSH anahtarı imzalanamadı. Kullanıcı olarak oturum açtınız mı?",
    "sshTerminalError": "Hata: {error}",
    "sshConnectionClosedCode": "Bağlantı kapandı (kod {code})",
    "sshPrivateKeyPlaceholder": "-----BAŞLANGIÇ OPENSSH ÖZEL ANAHTARI-----",
    "sshPrivateKeyRequired": "Özel anahtar gereklidir",
    "vncTitle": "VNC",
    "vncSignInDescription": "Bağlanmak için VNC parolanızı girin",
    "vncPasswordOptional": "Parola (isteğe bağlı)",
    "vncNoResourceTarget": "Kaynak hedefi mevcut değil",
    "vncFailedToLoadNovnc": "NoVNC yüklenemedi",
    "vncAuthFailedStatus": "Durum {status}",
    "vncPasteClipboard": "Panoya yapıştır",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "Uzak Masaüstü'ne Giriş Yap",
    "rdpSignInDescription": "Bağlanmak için Windows kimlik bilgilerinizi girin",
    "rdpLoadingModule": "Modül yükleniyor...",
    "rdpFailedToLoadModule": "RDP modülü yüklenemedi",
    "rdpNotReady": "Hazır değil",
    "rdpModuleInitializing": "RDP modülü hala başlatılıyor",
    "rdpDownloadingFiles": "Uzak {count, plural, one {dosya} other {dosya}} indiriliyor...",
    "rdpDownloadFailed": "İndirme başarısız: {fileName}",
    "rdpUploaded": "Yüklendi: {fileName}",
    "rdpNoConnectionTarget": "Bağlantı hedefi yok",
    "rdpConnectionFailed": "Bağlantı başarısız oldu",
    "rdpFit": "Sığdır",
    "rdpFull": "Tam",
    "rdpReal": "Gerçek",
    "rdpMeta": "Meta",
    "rdpUploadFiles": "Dosya yükle",
    "rdpFilesReadyToPaste": "Yapıştırmak üzere dosyalar hazır",
    "rdpFilesReadyToPasteDescription": "{count} dosya uzak panoya kopyalandı — yapıştırmak için uzak masaüstünde Ctrl+V tuşlarına basın.",
    "rdpUploadFailed": "Yükleme başarısız",
    "rdpUnicodeKeyboardMode": "Unicode klavye modu",
    "sessionToolbarShow": "Araç çubuğunu göster",
    "sessionToolbarHide": "Araç çubuğunu gizle"
 }
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -17,7 +17,7 @@
    "componentsErrorNoMemberCreate": "您目前不是任何组织的成员。创建组织以开始操作。",
    "componentsErrorNoMember": "您目前不是任何组织的成员。",
    "welcome": "欢迎使用 Pangolin",
-    "welcomeTo": "欢迎使用",
+    "welcomeTo": "欢迎来到",
    "componentsCreateOrg": "创建组织",
    "componentsMember": "您属于{count, plural, =0 {没有组织} one {一个组织} other {# 个组织}}。",
    "componentsInvalidKey": "检测到无效或过期的许可证密钥。按照许可证条款操作以继续使用所有功能。",
@@ -35,7 +35,7 @@
    "trialDaysRemaining": "{count, plural, other {# 天剩余}}",
    "trialDaysLeftShort": "试用期剩余 {days} 天",
    "trialGoToBilling": "转到账单页面",
-    "subscriptionViolationViewBilling": "查看账单",
+    "subscriptionViolationViewBilling": "查看计费",
    "componentsLicenseViolation": "许可证超限：该服务器使用了 {usedSites} 个站点，已超过授权的 {maxSites} 个。请遵守许可证条款以继续使用全部功能。",
    "componentsSupporterMessage": "感谢您的支持！您现在是 Pangolin 的 {tier} 用户。",
    "inviteErrorNotValid": "很抱歉，但看起来你试图访问的邀请尚未被接受或不再有效。",
@@ -58,21 +58,21 @@
    "name": "名称",
    "online": "在线",
    "offline": "离线的",
-    "site": "节点",
+    "site": "站点",
    "dataIn": "数据输入",
    "dataOut": "数据输出",
    "connectionType": "连接类型",
    "tunnelType": "隧道类型",
    "local": "本地的",
    "edit": "编辑",
-    "siteConfirmDelete": "确认删除节点",
+    "siteConfirmDelete": "确认删除站点",
-    "siteDelete": "删除节点",
+    "siteDelete": "删除站点",
-    "siteMessageRemove": "一旦移除，节点将无法访问。与节点相关的所有目标也将被移除。",
+    "siteMessageRemove": "一旦移除，站点将无法访问。与站点相关的所有目标也将被移除。",
-    "siteQuestionRemove": "您确定要从组织中删除该节点吗？",
+    "siteQuestionRemove": "您确定要从组织中删除该站点吗？",
    "siteManageSites": "管理站点",
    "siteDescription": "创建和管理站点，启用与私人网络的连接",
    "sitesBannerTitle": "连接任何网络",
-    "sitesBannerDescription": "站点是到远程网络的连接，使 Pangolin 能够向任何位置的用户提提供公共或私有的资源访问。你可以在任何能够运行二进制文件或容器的地方安装站点网络连接器（Newt），以建立连接。",
+    "sitesBannerDescription": "站点是连接到远程网络的链接，允许Pangolin为用户提供资源访问，无论是公共还是私人。可以在任何可以运行二进制文件或容器的地方安装站点网络连接器（Newt）以建立连接。",
    "sitesBannerButtonText": "安装站点",
    "approvalsBannerTitle": "批准或拒绝设备访问",
    "approvalsBannerDescription": "审核、批准或拒绝用户的设备访问请求。 当需要设备批准时，用户必须先获得管理员批准，然后他们的设备才能连接到您的组织资源。",
@@ -101,8 +101,6 @@
    "sitesTableViewPrivateResources": "查看私有资源",
    "siteInstallNewt": "安装 Newt",
    "siteInstallNewtDescription": "在您的系统中运行 Newt",
    "siteInstallKubernetesDocsDescription": "有关最新的 Kubernetes 安装信息，请参阅<docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>。",
    "siteInstallAdvantechDocsDescription": "有关 Advantech 调制解调器安装说明，请参阅<docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>。",
    "WgConfiguration": "WireGuard 配置",
    "WgConfigurationDescription": "使用以下配置连接到网络",
    "operatingSystem": "操作系统",
@@ -134,7 +132,7 @@
    "siteResourcesHowToAccess": "如何访问",
    "siteResourcesTargetsOnSite": "此站点上的目标",
    "siteSetting": "{siteName} 设置",
-    "siteNewtTunnel": "新节点 (推荐)",
+    "siteNewtTunnel": "新站点 (推荐)",
    "siteNewtTunnelDescription": "最简单的方式来创建任何网络的入口。没有额外的设置。",
    "siteWg": "基本 WireGuard",
    "siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。",
@@ -143,8 +141,8 @@
    "siteLocalDescriptionSaas": "仅本地资源。没有隧道。仅在远程节点上可用。",
    "siteSeeAll": "查看所有站点",
    "siteTunnelDescription": "确定如何连接到站点",
-    "siteNewtCredentials": "凭证",
+    "siteNewtCredentials": "全权证书",
-    "siteNewtCredentialsDescription": "节点如何与服务器进行身份验证",
+    "siteNewtCredentialsDescription": "站点如何通过服务器进行身份验证",
    "remoteNodeCredentialsDescription": "这是远程节点如何与服务器进行身份验证",
    "siteCredentialsSave": "保存证书",
    "siteCredentialsSaveDescription": "您只能看到一次。请确保将其复制并保存到一个安全的地方。",
@@ -152,7 +150,7 @@
    "status": "状态",
    "shareTitle": "管理共享链接",
    "shareDescription": "创建可共享的链接，允许临时或永久访问代理资源",
-    "shareSearch": "搜索共享链接……",
+    "shareSearch": "搜索共享链接...",
    "shareCreate": "创建共享链接",
    "shareErrorDelete": "删除链接失败",
    "shareErrorDeleteMessage": "删除链接时出错",
@@ -179,7 +177,6 @@
    "shareCreateDescription": "任何具有此链接的人都可以访问资源",
    "shareTitleOptional": "标题 (可选)",
    "sharePathOptional": "路径（可选）",
    "sharePathDescription": "认证后，链接将把用户重定向到此路径。",
    "expireIn": "过期时间",
    "neverExpire": "永不过期",
    "shareExpireDescription": "过期时间是链接可以使用并提供对资源的访问时间。 此时间后，链接将不再工作，使用此链接的用户将失去对资源的访问。",
@@ -203,28 +200,24 @@
    "shareErrorSelectResource": "请选择一个资源",
    "proxyResourceTitle": "管理公共资源",
    "proxyResourceDescription": "创建和管理可通过 Web 浏览器公开访问的资源",
-    "publicResourcesBannerTitle": "基于 Web 的公共访问",
+    "publicResourcesBannerTitle": "基于Web的公共访问",
-    "publicResourcesBannerDescription": "公共资源是 HTTPS 代理，可供互联网上的任何人通过 Web 浏览器访问。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知的访问策略。",
+    "publicResourcesBannerDescription": "公共资源是可以通过网络浏览器在互联网上任何人访问的HTTPS或TCP/UDP代理。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知访问策略。",
    "clientResourceTitle": "管理私有资源",
    "clientResourceDescription": "创建和管理只能通过连接客户端访问的资源",
-    "privateResourcesBannerTitle": "零信任私有访问",
+    "privateResourcesBannerTitle": "零信任的私人访问",
-    "privateResourcesBannerDescription": "私有资源采用零信任安全机制，确保只有获得明确授权的用户和机器才能访问。用户设备或机器客户端连接后，即可通过安全的虚拟专用网络访问这些资源。",
+    "privateResourcesBannerDescription": "私人资源使用零信任安全性，确保只允许明确授予的用户和机器访问资源。可以连接用户设备或机器客户端，通过安全的虚拟专用网络访问这些资源。",
    "resourcesSearch": "搜索资源...",
    "resourceAdd": "添加资源",
    "resourceErrorDelte": "删除资源时出错",
-    "resourcePoliciesBannerTitle": "重用身份验证和访问规则",
+    "resourcePoliciesTitle": "管理资源策略",
-    "resourcePoliciesBannerDescription": "共享资源策略可让您定义身份验证方法和访问规则，然后将其应用到多个公共资源。当您更新策略时，每个链接的资源都会自动继承更改。",
+    "resourcePoliciesAttachedResourcesColumnTitle": "附加资源",
    "resourcePoliciesBannerButtonText": "了解更多",
    "resourcePoliciesTitle": "管理公共资源策略",
    "resourcePoliciesAttachedResourcesColumnTitle": "资源",
    "resourcePoliciesAttachedResources": "{count} 个资源",
    "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 个资源}}",
    "resourcePoliciesAttachedResourcesEmpty": "没有资源",
-    "resourcePoliciesDescription": "创建和管理身份验证策略以控制对公共资源的访问",
+    "resourcePoliciesDescription": "创建和管理身份验证策略以控制对资源的访问",
    "resourcePoliciesSearch": "搜索策略……",
    "resourcePoliciesAdd": "添加策略",
    "resourcePoliciesDefaultBadgeText": "默认策略",
-    "resourcePoliciesCreate": "创建公共资源策略",
+    "resourcePoliciesCreate": "创建资源策略",
    "resourcePoliciesCreateDescription": "按照以下步骤创建新策略",
    "resourcePolicyName": "策略名称",
    "resourcePolicyNameDescription": "给此策略命名，以便在您的资源中识别它",
@@ -281,7 +274,7 @@
    "back": "后退",
    "cancel": "取消",
    "resourceConfig": "配置片段",
-    "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源。",
+    "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源",
    "resourceAddEntrypoints": "Traefik: 添加入口点",
    "resourceExposePorts": "Gerbil：在 Docker Compose 中显示端口",
    "resourceLearnRaw": "学习如何配置 TCP/UDP 资源",
@@ -294,8 +287,6 @@
    "labelDelete": "删除标签",
    "labelAdd": "添加标签",
    "labelCreateSuccessMessage": "标签创建成功",
    "labelDuplicateError": "标签重复",
    "labelDuplicateErrorDescription": "已存在具有该名称的标签。",
    "labelEditSuccessMessage": "标签修改成功",
    "labelNameField": "标签名称",
    "labelColorField": "标签颜色",
@@ -320,14 +311,14 @@
    "rules": "规则",
    "resourceSettingDescription": "配置资源上的设置",
    "resourceSetting": "{resourceName} 设置",
-    "resourcePolicySettingDescription": "配置此公共资源策略上的设置",
+    "resourcePolicySettingDescription": "配置资源策略上的设置",
    "resourcePolicySetting": "{policyName} 设置",
    "alwaysAllow": "旁路认证",
    "alwaysDeny": "屏蔽访问",
    "passToAuth": "传递至认证",
    "orgSettingsDescription": "配置组织设置",
    "orgGeneralSettings": "组织设置",
-    "orgGeneralSettingsDescription": "管理组织的详细信息和配置",
+    "orgGeneralSettingsDescription": "管理机构的详细信息和配置",
    "saveGeneralSettings": "保存常规设置",
    "saveSettings": "保存设置",
    "orgDangerZone": "危险区域",
@@ -381,7 +372,7 @@
    "accessApprovalsDescription": "查看和管理待审批的组织访问权限",
    "description": "描述",
    "inviteTitle": "打开邀请",
-    "inviteDescription": "管理其他用户加入组织的邀请",
+    "inviteDescription": "管理其他用户加入机构的邀请",
    "inviteSearch": "搜索邀请...",
    "minutes": "分钟",
    "hours": "小时",
@@ -425,24 +416,24 @@
    "apiKeysDelete": "删除 API 密钥",
    "apiKeysManage": "管理 API 密钥",
    "apiKeysDescription": "API 密钥用于认证集成 API",
-    "provisioningKeysTitle": "预配密钥",
+    "provisioningKeysTitle": "置备密钥",
-    "provisioningKeysManage": "管理预配密钥",
+    "provisioningKeysManage": "管理置备键",
    "provisioningKeysDescription": "置备密钥用于验证您组织的自动站点配置。",
-    "provisioningManage": "预配",
+    "provisioningManage": "置备中",
-    "provisioningDescription": "管理预配密钥，并审核待批准的站点。",
+    "provisioningDescription": "管理预配键和审查等待批准的站点。",
-    "pendingSites": "待审批站点",
+    "pendingSites": "待定站点",
    "siteApproveSuccess": "站点批准成功",
    "siteApproveError": "批准站点出错",
    "provisioningKeys": "置备键",
    "searchProvisioningKeys": "搜索配备密钥...",
-    "provisioningKeysAdd": "生成预配密钥",
+    "provisioningKeysAdd": "生成置备键",
    "provisioningKeysErrorDelete": "删除预配键时出错",
    "provisioningKeysErrorDeleteMessage": "删除预配键时出错",
    "provisioningKeysQuestionRemove": "您确定要从组织中删除此预配键吗？",
    "provisioningKeysMessageRemove": "一旦移除，密钥不能再用于站点预配。",
    "provisioningKeysDeleteConfirm": "确认删除置备键",
    "provisioningKeysDelete": "删除置备键",
-    "provisioningKeysCreate": "生成预配密钥",
+    "provisioningKeysCreate": "生成置备键",
    "provisioningKeysCreateDescription": "为组织生成一个新的预置密钥",
    "provisioningKeysSeeAll": "查看所有预配键",
    "provisioningKeysSave": "保存预配键",
@@ -462,16 +453,16 @@
    "provisioningKeysNeverUsed": "永不过期",
    "provisioningKeysEdit": "编辑置备键",
    "provisioningKeysEditDescription": "更新此密钥的最大批量大小和过期时间。",
-    "provisioningKeysApproveNewSites": "批准新节点",
+    "provisioningKeysApproveNewSites": "批准新站点",
-    "provisioningKeysApproveNewSitesDescription": "自动批准使用此密钥注册的节点。",
+    "provisioningKeysApproveNewSitesDescription": "自动批准使用此密钥注册的站点。",
    "provisioningKeysUpdateError": "更新预配键时出错",
    "provisioningKeysUpdated": "置备密钥已更新",
    "provisioningKeysUpdatedDescription": "您的更改已保存。",
-    "provisioningKeysBannerTitle": "站点预配密钥",
+    "provisioningKeysBannerTitle": "站点置备密钥",
-    "provisioningKeysBannerDescription": "生成预配密钥，并将其与 Newt 连接器配合使用，即可在首次启动时自动创建站点，无需为每个站点单独配置凭据。",
+    "provisioningKeysBannerDescription": "生成一个供应密钥，并将其与 Newt 连接器一起使用，以在首次启动时自动创建站点 - 无需为每个站点设置单独的凭据。",
    "provisioningKeysBannerButtonText": "了解更多",
-    "pendingSitesBannerTitle": "待审批站点",
+    "pendingSitesBannerTitle": "待定站点",
-    "pendingSitesBannerDescription": "使用预配密钥连接的网站会在这里以供审核。",
+    "pendingSitesBannerDescription": "使用供应密钥连接的站点将在此显示以供审核。",
    "pendingSitesBannerButtonText": "了解更多",
    "apiKeysSettings": "{apiKeyName} 设置",
    "userTitle": "管理所有用户",
@@ -728,7 +719,7 @@
    "targetSubmit": "添加目标",
    "targetNoOne": "此资源没有任何目标。添加目标来配置向后端发送请求的位置。",
    "targetNoOneDescription": "在上面添加多个目标将启用负载平衡。",
-    "targetsSubmit": "保存设置",
+    "targetsSubmit": "保存目标",
    "addTarget": "添加目标",
    "proxyMultiSiteRoundRobinNodeHelp": "轮询路由在未连接到相同节点的站点之间将不起作用，但故障转移会生效。",
    "targetErrorInvalidIp": "无效的 IP 地址",
@@ -762,11 +753,11 @@
    "rulesErrorDuplicate": "复制规则",
    "rulesErrorDuplicateDescription": "带有这些设置的规则已存在",
    "rulesErrorInvalidIpAddressRange": "无效的 CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "输入有效的 CIDR 范围（例如，10.0.0.0/8）。",
+    "rulesErrorInvalidIpAddressRangeDescription": "请输入一个有效的 CIDR 值",
-    "rulesErrorInvalidUrl": "无效路径",
+    "rulesErrorInvalidUrl": "无效的 URL 路径",
-    "rulesErrorInvalidUrlDescription": "输入有效的 URL 路径或模式（例如，/api/*）。",
+    "rulesErrorInvalidUrlDescription": "请输入一个有效的 URL 路径值",
-    "rulesErrorInvalidIpAddress": "无效 IP 地址",
+    "rulesErrorInvalidIpAddress": "无效的 IP",
-    "rulesErrorInvalidIpAddressDescription": "输入有效的 IPv4 或 IPv6 地址。",
+    "rulesErrorInvalidIpAddressDescription": "请输入一个有效的IP地址",
    "rulesErrorUpdate": "更新规则失败",
    "rulesErrorUpdateDescription": "更新规则时出错",
    "rulesUpdated": "启用规则",
@@ -774,24 +765,15 @@
    "rulesMatchIpAddressRangeDescription": "以 CIDR 格式输入地址(如：103.21.244.0/22)",
    "rulesMatchIpAddress": "输入IP地址(例如，103.21.244.12)",
    "rulesMatchUrl": "输入一个 URL 路径或模式(例如/api/v1/todos 或 /api/v1/*)",
-    "rulesErrorInvalidPriority": "优先级无效",
+    "rulesErrorInvalidPriority": "无效的优先级",
-    "rulesErrorInvalidPriorityDescription": "输入一个大于或等于 1 的整数。",
+    "rulesErrorInvalidPriorityDescription": "请输入一个有效的优先级",
-    "rulesErrorDuplicatePriority": "优先级重复",
+    "rulesErrorDuplicatePriority": "重复的优先级",
-    "rulesErrorDuplicatePriorityDescription": "每条规则必须拥有唯一的优先级号。",
+    "rulesErrorDuplicatePriorityDescription": "请输入唯一的优先级",
    "rulesErrorValidation": "规则无效",
    "rulesErrorValidationRuleDescription": "规则 {ruleNumber}: {message}",
    "rulesErrorInvalidMatchTypeDescription": "选择有效的匹配类型（路径、IP、CIDR、国家、地区或 ASN）。",
    "rulesErrorValueRequired": "为此规则输入一个值。",
    "rulesErrorInvalidCountry": "国家无效",
    "rulesErrorInvalidCountryDescription": "选择一个有效的国家。",
    "rulesErrorInvalidAsn": "ASN 无效",
    "rulesErrorInvalidAsnDescription": "输入有效的 ASN（例如，AS15169）。",
    "ruleUpdated": "规则已更新",
    "ruleUpdatedDescription": "规则更新成功",
    "ruleErrorUpdate": "操作失败",
    "ruleErrorUpdateDescription": "保存过程中发生错误",
    "rulesPriority": "优先权",
    "rulesReorderDragHandle": "拖动以重新排序规则优先级",
    "rulesAction": "行为",
    "rulesMatchType": "匹配类型",
    "value": "值",
@@ -810,7 +792,7 @@
    "rulesResource": "资源规则配置",
    "rulesResourceDescription": "配置规则来控制对资源的访问",
    "ruleSubmit": "添加规则",
-    "rulesNoOne": "尚无规则。",
+    "rulesNoOne": "没有规则。使用表单添加规则。",
    "rulesOrder": "规则按优先顺序评定。",
    "rulesSubmit": "保存规则",
    "policyErrorCreate": "创建策略时出错",
@@ -821,48 +803,7 @@
    "policyErrorUpdateMessageDescription": "发生意外错误",
    "policyCreatedSuccess": "资源策略创建成功",
    "policyUpdatedSuccess": "资源策略更新成功",
-    "authMethodsSave": "保存设置",
+    "authMethodsSave": "保存身份验证方法",
    "policyAuthStackTitle": "身份验证",
    "policyAuthStackDescription": "控制哪些身份验证方法需由用户执行才能访问资源",
    "policyAuthOrLogicTitle": "多种身份验证方法处于激活状态",
    "policyAuthOrLogicBanner": "访问者可以使用下列任意激活的方法进行身份验证。无需完成全部过程。",
    "policyAuthMethodActive": "激活",
    "policyAuthMethodOff": "关闭",
    "policyAuthSsoTitle": "平台单点登录 SSO",
    "policyAuthSsoDescription": "要求通过您组织的身份提供商登录",
    "policyAuthSsoSummary": "{idp} · {users} 个用户, {roles} 个角色",
    "policyAuthSsoDefaultIdp": "默认提供商",
    "policyAuthAddDefaultIdentityProvider": "添加默认身份提供商",
    "policyAuthOtherMethodsTitle": "其他方法",
    "policyAuthOtherMethodsDescription": "访问者可以使用以下备用或联合平台 SSO 的方法",
    "policyAuthPasscodeTitle": "密码",
    "policyAuthPasscodeDescription": "要求使用共享字母数字密码以访资源问",
    "policyAuthPasscodeSummary": "密码已设定",
    "policyAuthPincodeTitle": "PIN 码",
    "policyAuthPincodeDescription": "要求使用短数字代码以访问资源",
    "policyAuthPincodeSummary": "6 位数字 PIN 码已设定",
    "policyAuthEmailTitle": "电子邮件白名单",
    "policyAuthEmailDescription": "允许列出的电子邮件地址使用一次性密码",
    "policyAuthEmailSummary": "允许 {count} 个地址",
    "policyAuthEmailOtpCallout": "启用电子邮件白名单将在登录时向访问者的电子邮件发送一次性密码。",
    "policyAuthHeaderAuthTitle": "基础标题认证",
    "policyAuthHeaderAuthDescription": "在每次请求上验证自定义 HTTP 标头名称和值",
    "policyAuthHeaderAuthSummary": "标头已配置",
    "policyAuthHeaderName": "标头名称",
    "policyAuthHeaderValue": "预期值",
    "policyAuthSetPasscode": "设定密码",
    "policyAuthSetPincode": "设置 PIN 码",
    "policyAuthSetEmailWhitelist": "设置电子邮件白名单",
    "policyAuthSetHeaderAuth": "设置基础标题认证",
    "policyAccessRulesTitle": "访问规则",
    "policyAccessRulesEnableDescription": "启用后，规则将按下降顺序进行评估，直到某条规则评估结果为真。",
    "policyAccessRulesFirstMatch": "规则将自上而下进行评估。首次匹配的规则决定结果。",
    "policyAccessRulesHowItWorks": "规则通过路径、IP 地址、位置或其他标准匹配请求。每个规则都会应用操作：绕过身份验证、阻止访问或通过身份验证。如果没有规则匹配，流量将继续通过身份验证。",
    "policyAccessRulesFallthroughOff": "禁用规则后，所有流量将通过身份验证。",
    "policyAccessRulesFallthroughOn": "没有规则匹配时，流量将通过身份验证。",
    "rulesPlaceholderCidr": "10.0.0.0/8",
    "rulesPlaceholderPath": "/admin/*",
    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "保存规则",
    "resourceErrorCreate": "创建资源时出错",
    "resourceErrorCreateDescription": "创建资源时出错",
@@ -883,11 +824,11 @@
    "resourcesErrorUpdateDescription": "更新资源时出错",
    "access": "访问权限",
    "accessControl": "访问控制",
-    "shareLink": "{resource} 的共享链接",
+    "shareLink": "{resource} 的分享链接",
    "resourceSelect": "选择资源",
-    "shareLinks": "共享链接",
+    "shareLinks": "分享链接",
    "share": "分享链接",
-    "shareDescription2": "创建资源的共享链接。链接提供了对您资源的临时或无限制访问。 当您创建链接时，您可以配置链接的到期时间。",
+    "shareDescription2": "创建资源的可共享链接。链接提供了对您资源的临时或无限制访问。 当您创建链接时，您可以配置链接的到期时间。",
    "shareEasyCreate": "轻松创建和分享",
    "shareConfigurableExpirationDuration": "可配置的过期时间",
    "shareSecureAndRevocable": "安全和可撤销的",
@@ -975,18 +916,10 @@
    "resourceRoleDescription": "管理员总是可以访问此资源。",
    "resourcePolicySelectTitle": "资源访问策略",
    "resourcePolicySelectDescription": "选择用于认证的资源策略类型",
    "resourcePolicyTypeLabel": "策略类型",
    "resourcePolicyLabel": "资源策略",
    "resourcePolicyInline": "内联资源策略",
    "resourcePolicyInlineDescription": "仅限于此资源的访问策略",
    "resourcePolicyShared": "共享资源策略",
-    "resourcePolicySharedDescription": "此资源使用共享策略。",
+    "resourcePolicySharedDescription": "此资源使用共享策略。策略级设置（身份验证方法、电子邮件白名单）被锁定。您可以在下方添加特定资源的规则、角色和用户。",
    "sharedPolicy": "共享策略",
    "sharedPolicyNoneDescription": "此资源有自己的策略。",
    "resourceSharedPolicyOwnDescription": "此资源具有自己的身份验证和访问规则控制。",
    "resourceSharedPolicyInheritedDescription": "此资源继承自<policyLink>{policyName}</policyLink>。",
    "resourceSharedPolicyAuthenticationNotice": "此资源使用共享策略。一些身份验证设置可以在此资源上编辑以添加到策略。要更改基础策略，您必须编辑<policyLink>{policyName}</policyLink>。",
    "resourceSharedPolicyRulesNotice": "此资源正在使用一个共享策略。某些访问规则可以在此资源上编辑。要更改基础策略，您必须编辑<policyLink>{policyName}</policyLink>。",
    "resourceUsersRoles": "访问控制",
    "resourceUsersRolesDescription": "配置用户和角色可以访问此资源",
    "resourceUsersRolesSubmit": "保存访问控制",
@@ -1011,14 +944,7 @@
    "resourceVisibilityTitle": "可见性",
    "resourceVisibilityTitleDescription": "完全启用或禁用资源可见性",
    "resourceGeneral": "常规设置",
-    "resourceGeneralDescription": "配置资源的名称、地址和访问策略。",
+    "resourceGeneralDescription": "配置此资源的常规设置",
    "resourceGeneralDetailsSubsection": "资源详情",
    "resourceGeneralDetailsSubsectionDescription": "设置资源的显示名称、标识符和公共访问域名。",
    "resourceGeneralDetailsSubsectionPortDescription": "设置资源的显示名称、标识符和公共端口。",
    "resourceGeneralPublicAddressSubsection": "公共地址",
    "resourceGeneralPublicAddressSubsectionDescription": "配置用户如何访问该资源。",
    "resourceGeneralAuthenticationAccessSubsection": "身份验证与访问",
    "resourceGeneralAuthenticationAccessSubsectionDescription": "选择该资源是使用其自己的策略还是从共享策略继承。",
    "resourceEnable": "启用资源",
    "resourceTransfer": "转移资源",
    "resourceTransferDescription": "将此资源转移到另一个站点",
@@ -1059,7 +985,7 @@
    "network": "网络",
    "manage": "管理",
    "sitesNotFound": "未找到站点。",
-    "pangolinServerAdmin": "服务器管理 - Pangolin",
+    "pangolinServerAdmin": "服务器管理员 - Pangolin",
    "licenseTierProfessional": "专业许可证",
    "licenseTierEnterprise": "企业许可证",
    "licenseTierPersonal": "个人许可证",
@@ -1294,14 +1220,11 @@
    "addLabels": "添加标签",
    "siteLabelsTab": "标签",
    "siteLabelsDescription": "管理与此网站相关的标签。",
-    "labelsNotFound": "未找到标签。",
+    "labelsNotFound": "找不到标签",
    "labelsEmptyCreateHint": "在上方输入以创建标签。",
    "labelSearch": "搜索标签",
    "labelSearchOrCreate": "搜索或创建标签",
    "accessLabelFilterCount": "{count, plural, other {# 标签}}",
    "labelOverflowCount": "+{count, plural, other {# 标签}}",
    "accessLabelFilterClear": "清除标签过滤器",
    "accessFilterClear": "清除筛选器",
    "selectColor": "选择颜色",
    "createNewLabel": "创建新的组织标签 \"{label}\"",
    "inviteInvalidDescription": "邀请链接无效。",
@@ -1366,7 +1289,7 @@
    "supportKeyBuy": "购买支持者密钥",
    "logoutError": "注销错误",
    "signingAs": "登录为",
-    "serverAdmin": "服务器管理",
+    "serverAdmin": "服务器管理员",
    "managedSelfhosted": "托管自托管",
    "otpEnable": "启用双因子认证",
    "otpDisable": "禁用双因子认证",
@@ -1536,10 +1459,10 @@
    "sidebarSites": "站点",
    "sidebarApprovals": "审批请求",
    "sidebarResources": "资源",
-    "sidebarProxyResources": "公开资源",
+    "sidebarProxyResources": "公开的",
-    "sidebarClientResources": "私有资源",
+    "sidebarClientResources": "非公开的",
-    "sidebarPolicies": "共享策略",
+    "sidebarPolicies": "策略",
-    "sidebarResourcePolicies": "公共资源",
+    "sidebarResourcePolicies": "资源",
    "sidebarAccessControl": "访问控制",
    "sidebarLogsAndAnalytics": "日志与分析",
    "sidebarTeam": "团队",
@@ -1547,17 +1470,17 @@
    "sidebarAdmin": "管理员",
    "sidebarInvitations": "邀请",
    "sidebarRoles": "角色",
-    "sidebarShareableLinks": "共享链接",
+    "sidebarShareableLinks": "链接",
    "sidebarApiKeys": "API密钥",
-    "sidebarProvisioning": "预配",
+    "sidebarProvisioning": "置备中",
    "sidebarSettings": "设置",
    "sidebarAllUsers": "所有用户",
    "sidebarIdentityProviders": "身份提供商",
    "sidebarLicense": "证书",
    "sidebarClients": "客户端",
    "sidebarUserDevices": "用户设备",
-    "sidebarMachineClients": "机器身份",
+    "sidebarMachineClients": "机",
-    "sidebarDomains": "域名",
+    "sidebarDomains": "域",
    "sidebarGeneral": "管理",
    "sidebarLogAndAnalytics": "日志与分析",
    "sidebarBluePrints": "蓝图",
@@ -1689,8 +1612,8 @@
    "alertingTabHealthChecks": "健康检查",
    "alertingRulesBannerTitle": "获取通知",
    "alertingRulesBannerDescription": "每条规则都连接要监视的对象（站点、健康检查或资源），触发时间（例如离线或不健康），以及如何通过电子邮件、Webhooks 或集成将通知发送给团队。使用此列表创建、启用和管理这些规则。",
-    "alertingHealthChecksBannerTitle": "资源与健康监控",
+    "alertingHealthChecksBannerTitle": "监视健康和资源",
-    "alertingHealthChecksBannerDescription": "通过 HTTP 或 TCP 检查目标状态，并在服务异常或恢复时发送通知。资源中配置的健康检查也会显示在这里。",
+    "alertingHealthChecksBannerDescription": "健康检查是您一次定义的 HTTP 或 TCP 监控。然后可以将它们用作告警规则中的来源，以便目标变得正常或不正常时得到通知。资源上的健康检查也会出现在此处。",
    "standaloneHcTableTitle": "健康检查",
    "standaloneHcSearchPlaceholder": "搜索健康检查…",
    "standaloneHcAddButton": "创建健康检查",
@@ -1724,7 +1647,7 @@
    "standaloneHcFilterResourceIdFallback": "资源 {id}",
    "blueprints": "蓝图",
    "blueprintsLog": "蓝图日志",
-    "blueprintsDescription": "查看过去的蓝图应用及其结果或应用一个新的蓝图",
+    "blueprintsDescription": "查看过去的蓝图应用及其结果",
    "blueprintAdd": "添加蓝图",
    "blueprintGoBack": "查看所有蓝图",
    "blueprintCreate": "创建蓝图",
@@ -1744,10 +1667,10 @@
    "enableDockerSocket": "启用 Docker 蓝图",
    "enableDockerSocketDescription": "启用用于蓝图标签的 Docker 套接字标签擦除。必须为站点连接器提供套接字路径。阅读<docsLink>文档</docsLink>以了解相关工作原理。",
    "newtAutoUpdate": "启用站点自动更新",
-    "newtAutoUpdateDescription": "启用后，站点连接器将自动下载最新版本并重新启动。可以针对每个站点进行覆盖。",
+    "newtAutoUpdateDescription": "启用时，站点连接器将在有新版本发布时自动更新到最新版本。",
    "siteAutoUpdate": "站点自动更新",
    "siteAutoUpdateLabel": "启用自动更新",
-    "siteAutoUpdateDescription": "启用后，该站点的连接器将自动下载最新版本并重新启动。",
+    "siteAutoUpdateDescription": "控制此站点连接器是否自动下载最新版本。",
    "siteAutoUpdateOrgDefault": "组织默认设置：{state}",
    "siteAutoUpdateOverriding": "覆盖组织设置",
    "siteAutoUpdateResetToOrg": "重置为组织默认设置",
@@ -1791,17 +1714,17 @@
    "theme": "主题",
    "subnetRequired": "子网是必填项",
    "initialSetupTitle": "初始服务器设置",
-    "initialSetupDescription": "创建初始的管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
+    "initialSetupDescription": "创建初始服务器管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
    "createAdminAccount": "创建管理员帐户",
-    "setupErrorCreateAdmin": "创建管理员账户时发生错误。",
+    "setupErrorCreateAdmin": "创建服务器管理员账户时发生错误。",
    "certificateStatus": "证书",
    "certificateStatusAutoRefreshHint": "状态自动刷新。",
    "loading": "加载中",
    "loadingEllipsis": "加载中……",
    "loadingAnalytics": "加载分析",
    "restart": "重启",
-    "domains": "域名",
+    "domains": "域",
-    "domainsDescription": "创建和管理组织中可用的域名",
+    "domainsDescription": "创建和管理组织中可用的域",
    "domainsSearch": "搜索域...",
    "domainAdd": "添加域",
    "domainAddDescription": "注册一个新域名到组织",
@@ -1845,9 +1768,9 @@
    "accountSetupSuccess": "账号设置完成！欢迎来到 Pangolin！",
    "documentation": "文档",
    "saveAllSettings": "保存所有设置",
-    "saveResourceTargets": "保存设置",
+    "saveResourceTargets": "保存目标",
-    "saveResourceHttp": "保存设置",
+    "saveResourceHttp": "保存代理设置",
-    "saveProxyProtocol": "保存设置",
+    "saveProxyProtocol": "保存代理协议设置",
    "settingsUpdated": "设置已更新",
    "settingsUpdatedDescription": "设置更新成功",
    "settingsErrorUpdate": "设置更新失败",
@@ -2104,13 +2027,13 @@
    "healthCheckUnknown": "未知",
    "healthCheck": "健康检查",
    "configureHealthCheck": "配置健康检查",
-    "configureHealthCheckDescription": "为您的资源设置监控以确保其始终可用",
+    "configureHealthCheckDescription": "为 {target} 设置健康监控",
    "enableHealthChecks": "启用健康检查",
    "healthCheckDisabledStateDescription": "禁用后，站点不会进行健康检查，状态将被视为未知。",
    "enableHealthChecksDescription": "监视此目标的健康状况。如果需要，您可以监视一个不同的终点。",
    "healthScheme": "方法",
    "healthSelectScheme": "选择方法",
-    "healthCheckPortInvalid": "端口必须在 1 和 65535 之间",
+    "healthCheckPortInvalid": "健康检查端口必须介于 1 到 65535 之间",
    "healthCheckPath": "路径",
    "healthHostname": "IP / 主机",
    "healthPort": "端口",
@@ -2123,7 +2046,6 @@
    "requireDeviceApproval": "需要设备批准",
    "requireDeviceApprovalDescription": "具有此角色的用户需要管理员批准的新设备才能连接和访问资源。",
    "sshSettings": "SSH 设置",
    "sshAccess": "SSH 访问",
    "rdpSettings": "RDP 设置",
    "vncSettings": "VNC 设置",
    "sshServer": "SSH 服务器",
@@ -2150,13 +2072,8 @@
    "sshDaemonDisclaimer": "在完成本设置之前，请确保您的目标主机已经正确配置以运行身份验证守护程序，否则配置将失败。",
    "sshDaemonPort": "守护程序端口",
    "sshServerDestination": "服务器目标",
-    "sshServerDestinationDescription": "配置 SSH 服务器的目的地",
+    "sshServerDestinationDescription": "配置 SSH 服务器的目标和端口",
    "destination": "目标",
    "destinationRequired": "需要目的地。",
    "domainRequired": "需要域。",
    "proxyPortRequired": "需要端口。",
    "invalidPathConfiguration": "路径配置无效。",
    "invalidRewritePathConfiguration": "重写路径配置无效。",
    "bgTargetMultiSiteDisclaimer": "选择多个站点可实现高可用性的弹性路由和故障转移。",
    "roleAllowSsh": "允许 SSH",
    "roleAllowSshAllow": "允许",
@@ -2165,31 +2082,16 @@
    "sshSudoMode": "Sudo 访问",
    "sshSudoModeNone": "无",
    "sshSudoModeNoneDescription": "用户不能用sudo运行命令。",
-    "sshSudoModeFull": "完整 Sudo 权限",
+    "sshSudoModeFull": "全苏多",
    "sshSudoModeFullDescription": "用户可以用 sudo 运行任何命令。",
    "sshSudoModeCommands": "命令",
    "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
    "sshSudo": "允许Sudo",
-    "sshSudoCommands": "可用 Sudo 命令",
+    "sshSudoCommands": "Sudo 命令",
-    "sshSudoCommandsDescription": "用户可以使用 sudo 运行的命令列表，以逗号、空格或新行分隔。必须使用绝对路径。",
+    "sshSudoCommandsDescription": "逗号分隔的命令列表，用户可以通过sudo运行。必须使用绝对路径。",
    "sshCreateHomeDir": "创建主目录",
    "sshUnixGroups": "Unix 组",
-    "sshUnixGroupsDescription": "在目标主机上将用户添加到的 Unix 组，以逗号、空格或新行分隔。",
+    "sshUnixGroupsDescription": "用逗号分隔了Unix组，将用户添加到目标主机上。",
    "roleTextFieldPlaceholder": "输入值，或放入 .txt 或 .csv 文件",
    "roleTextImportTitle": "从文件导入",
    "roleTextImportDescription": "将 {fileName} 导入到 {fieldLabel}。",
    "roleTextImportSkipHeader": "跳过第一行（标题）",
    "roleTextImportOverride": "替换现有",
    "roleTextImportAppend": "附加到现有",
    "roleTextImportMode": "导入模式",
    "roleTextImportPreview": "预览",
    "roleTextImportItemCount": "{count, plural, =0 {没有可导入的项目} one {1 个可导入项目} other {# 个可导入项目}}",
    "roleTextImportTotalCount": "{existing} 个现有 + {imported} 个导入 = {total} 个总计",
    "roleTextImportConfirm": "导入",
    "roleTextImportInvalidFile": "不支持的文件类型",
    "roleTextImportInvalidFileDescription": "仅支持 .txt 和 .csv 文件。",
    "roleTextImportEmpty": "文件中未找到项目",
    "roleTextImportEmptyDescription": "文件不包含任何可导入的项目。",
    "retryAttempts": "重试次数",
    "expectedResponseCodes": "期望响应代码",
    "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",
@@ -2235,8 +2137,8 @@
    "resourceEditDomain": "编辑域名",
    "siteName": "站点名称",
    "proxyPort": "端口",
-    "resourcesTableProxyResources": "",
+    "resourcesTableProxyResources": "公开的",
-    "resourcesTableClientResources": "私有资源",
+    "resourcesTableClientResources": "非公开的",
    "resourcesTableNoProxyResourcesFound": "未找到代理资源。",
    "resourcesTableNoInternalResourcesFound": "未找到内部资源。",
    "resourcesTableDestination": "目标",
@@ -2925,7 +2827,7 @@
    "logRetentionRequestDescription": "保留请求日志的时间",
    "logRetentionAccessLabel": "访问日志保留",
    "logRetentionAccessDescription": "保留访问日志的时间",
-    "logRetentionActionLabel": "审计日志保留",
+    "logRetentionActionLabel": "动作日志保留",
    "logRetentionActionDescription": "保留操作日志的时间",
    "logRetentionConnectionLabel": "连接日志保留",
    "logRetentionConnectionDescription": "保留连接日志的时间",
@@ -2938,11 +2840,11 @@
    "logRetentionForever": "永远的",
    "logRetentionEndOfFollowingYear": "下一年结束",
    "actionLogsDescription": "查看此机构执行的操作历史",
-    "accessLogsDescription": "查看此组织资源的访问认证请求",
+    "accessLogsDescription": "查看此机构资源的访问认证请求",
    "connectionLogs": "连接日志",
    "connectionLogsDescription": "查看此机构隧道的连接日志",
    "sidebarLogsConnection": "连接日志",
-    "sidebarLogsStreaming": "事件流",
+    "sidebarLogsStreaming": "流流",
    "sourceAddress": "源地址",
    "destinationAddress": "目的地址",
    "duration": "期限",
@@ -2973,10 +2875,9 @@
    "enableProxyProtocol": "启用代理协议",
    "proxyProtocolInfo": "为TCP后端保留客户端IP地址",
    "proxyProtocolVersion": "代理协议版本",
-    "version1": "版本 1（推荐）",
+    "version1": " 版本 1 (推荐)",
    "version2": "版本 2",
-    "version1Description": "基于文本和广泛支持。确保服务器传输添加到动态配置。",
+    "versionDescription": "版本 1 是基于文本和广泛支持的版本。版本 2 是二进制和更有效率但不那么兼容。",
    "version2Description": "二进制且更有效率但兼容性较低。确保服务器传输添加到动态配置。",
    "warning": "警告",
    "proxyProtocolWarning": "后端应用程序必须配置为接受代理协议连接。 如果您的后端不支持代理协议，启用此功能将会中断所有连接，只有当您知道自己在做什么时才能启用此功能。 请务必从Traefik配置您的后端到信任代理协议标题。",
    "restarting": "正在重启...",
@@ -3133,7 +3034,7 @@
    "enterConfirmation": "输入确认",
    "blueprintViewDetails": "详细信息",
    "defaultIdentityProvider": "默认身份提供商",
-    "defaultIdentityProviderDescription": "用户将自动重定向到此身份提供者进行身份验证。",
+    "defaultIdentityProviderDescription": "当选择默认身份提供商时，用户将自动重定向到提供商进行身份验证。",
    "editInternalResourceDialogNetworkSettings": "网络设置",
    "editInternalResourceDialogAccessPolicy": "访问策略",
    "editInternalResourceDialogAddRoles": "添加角色",
@@ -3174,7 +3075,6 @@
    "maintenanceModeType": "维护模式类型",
    "showMaintenancePage": "只在所有后端目标都故障或不健康时显示维护页面。只要至少一个目标健康，您的资源将正常工作。",
    "enableMaintenanceMode": "启用维护模式",
    "enableMaintenanceModeDescription": "启用后，访问者将看到维护页面而不是您的资源。",
    "automatic": "自动",
    "automaticModeDescription": "如果所有后端目标都故障或不健康，则仅显示维护页面。只要至少一个目标健康，您的资源将正常工作。",
    "forced": "强制",
@@ -3182,8 +3082,6 @@
    "warning:": "警告：",
    "forcedeModeWarning": "所有流量将被引导到维护页面。您的后端资源不会收到任何请求。",
    "pageTitle": "页面标题",
    "maintenancePageContentSubsection": "页面内容",
    "maintenancePageContentSubsectionDescription": "自定义维护页面上显示的内容",
    "pageTitleDescription": "维护页面显示的主标题",
    "maintenancePageMessage": "维护信息",
    "maintenancePageMessagePlaceholder": "我们很快回来！ 我们的网站目前正在进行计划中的维护。",
@@ -3448,8 +3346,6 @@
    "idpUnassociateQuestion": "您确定要将此身份提供者从此组织中取消关联吗？",
    "idpUnassociateDescription": "与此身份提供者关联的所有用户将从该组织中移除，但身份提供者仍会继续存在于关联的其他组织中。",
    "idpUnassociateConfirm": "确认取消关联身份提供者",
    "idpConfirmDeleteAndRemoveMeFromOrg": "删除并将我从组织中移除",
    "idpUnassociateAndRemoveMeFromOrg": "解除关联并将我从组织中移除",
    "idpUnassociateWarning": "此操作无法对该组织撤销。",
    "idpUnassociatedDescription": "身份提供者已成功从该组织中取消关联",
    "idpUnassociateMenu": "取消关联",
@@ -3543,58 +3439,18 @@
    "sshConnecting": "正在连接…",
    "sshInitializing": "初始化中…",
    "sshSignInTitle": "登录 SSH",
-    "sshSignInDescription": "输入您的 SSH 凭据以进行连接",
+    "sshSignInDescription": "输入您的 SSH 凭据",
    "sshPasswordTab": "密码",
    "sshPrivateKeyTab": "私钥",
    "sshPrivateKeyField": "私钥",
    "sshPrivateKeyDisclaimer": "您的私钥不会被 Pangolin 存储或显示。或者，您可以使用短期证书，使用您现有的 Pangolin 身份无缝认证。",
    "sshLearnMore": "了解更多",
    "sshPrivateKeyFile": "私钥文件",
-    "sshAuthenticate": "连接",
+    "sshAuthenticate": "验证",
    "sshTerminate": "终止",
    "sshPoweredBy": "支持者",
    "sshErrorNoTarget": "未指定目标",
    "sshErrorWebSocket": "WebSocket 连接失败",
    "sshErrorAuthFailed": "身份验证失败",
-    "sshErrorConnectionClosed": "认证完成前连接已关闭",
+    "sshErrorConnectionClosed": "认证完成前连接已关闭"
    "sitePangolinSshDescription": "允许对该站点的资源进行 SSH 访问。可稍后更改。",
    "browserGatewayNoResourceForDomain": "未找到该域的资源",
    "browserGatewayNoTarget": "没有目标",
    "browserGatewayConnect": "连接",
    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
    "sshErrorSignKeyFailed": "签署 SSH 密钥以进行 PAM 推送身份验证失败。您以用户身份登录了吗？",
    "sshTerminalError": "错误: {error}",
    "sshConnectionClosedCode": "连接关闭 (代码 {code})",
    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
    "sshPrivateKeyRequired": "需要私钥",
    "vncTitle": "VNC",
    "vncSignInDescription": "输入您的 VNC 密码以连接",
    "vncPasswordOptional": "密码 (可选)",
    "vncNoResourceTarget": "没有可用的资源目标",
    "vncFailedToLoadNovnc": "加载 noVNC 失败",
    "vncAuthFailedStatus": "状态 {status}",
    "vncPasteClipboard": "粘贴剪贴板",
    "rdpTitle": "RDP",
    "rdpSignInTitle": "登录到远程桌面",
    "rdpSignInDescription": "输入 Windows 凭据以连接",
    "rdpLoadingModule": "加载模块中……",
    "rdpFailedToLoadModule": "加载 RDP 模块失败",
    "rdpNotReady": "未准备好",
    "rdpModuleInitializing": "RDP 模块仍在初始化中",
    "rdpDownloadingFiles": "正在从远程下载 {count} 个文件...",
    "rdpDownloadFailed": "下载失败: {fileName}",
    "rdpUploaded": "已上传: {fileName}",
    "rdpNoConnectionTarget": "没有可用的连接目标",
    "rdpConnectionFailed": "连接失败",
    "rdpFit": "适合",
    "rdpFull": "完整",
    "rdpReal": "真实",
    "rdpMeta": "元数据",
    "rdpUploadFiles": "上传文件",
    "rdpFilesReadyToPaste": "文件准备好粘贴",
    "rdpFilesReadyToPasteDescription": "已将 {count} 个文件复制到远程剪贴板——在远程桌面上按 Ctrl+V 进行粘贴",
    "rdpUploadFailed": "上传失败",
    "rdpUnicodeKeyboardMode": "Unicode 键盘模式",
    "sessionToolbarShow": "显示工具栏",
    "sessionToolbarHide": "隐藏工具栏"
 }
--- a/server/auth/canUserAccessResource.ts
+++ b/server/auth/canUserAccessResource.ts
@@ -1,12 +1,6 @@
 import { db } from "@server/db";
-import { and, eq, inArray, isNull, or } from "drizzle-orm";
+import { and, eq, inArray } from "drizzle-orm";
-import {
+import { roleResources, userResources } from "@server/db";
    rolePolicies,
    roleResources,
    resources,
    userPolicies,
    userResources
 } from "@server/db";
 export async function canUserAccessResource({
    userId,
@@ -17,14 +11,9 @@ export async function canUserAccessResource({
    resourceId: number;
    roleIds: number[];
 }): Promise<boolean> {
-    const [
+    const roleResourceAccess =
        roleResourceAccess,
        rolePolicyAccess,
        userResourceAccess,
        userPolicyAccess
    ] = await Promise.all([
        roleIds.length > 0
-            ? db
+            ? await db
                  .select()
                  .from(roleResources)
                  .where(
@@ -34,87 +23,26 @@ export async function canUserAccessResource({
                      )
                  )
                  .limit(1)
-            : [],
+            : [];
        roleIds.length > 0
            ? db
                  .select({
                      roleId: rolePolicies.roleId,
                      resourcePolicyId: rolePolicies.resourcePolicyId
                  })
                  .from(rolePolicies)
                  .innerJoin(
                      resources,
                      // Shared policy wins; only use default policy when no shared
                      // policy is assigned to the resource.
                      or(
                          eq(
                              resources.resourcePolicyId,
                              rolePolicies.resourcePolicyId
                          ),
                          and(
                              isNull(resources.resourcePolicyId),
                              eq(
                                  resources.defaultResourcePolicyId,
                                  rolePolicies.resourcePolicyId
                              )
                          )
                      )
                  )
                  .where(
                      and(
                          eq(resources.resourceId, resourceId),
                          inArray(rolePolicies.roleId, roleIds)
                      )
                  )
                  .limit(1)
            : [],
        db
            .select()
            .from(userResources)
            .where(
                and(
                    eq(userResources.userId, userId),
                    eq(userResources.resourceId, resourceId)
                )
            )
            .limit(1),
        db
            .select({
                userId: userPolicies.userId,
                resourcePolicyId: userPolicies.resourcePolicyId
            })
            .from(userPolicies)
            .innerJoin(
                resources,
                // Shared policy wins; only use default policy when no shared
                // policy is assigned to the resource.
                or(
                    eq(
                        resources.resourcePolicyId,
                        userPolicies.resourcePolicyId
                    ),
                    and(
                        isNull(resources.resourcePolicyId),
                        eq(
                            resources.defaultResourcePolicyId,
                            userPolicies.resourcePolicyId
                        )
                    )
                )
            )
            .where(
                and(
                    eq(resources.resourceId, resourceId),
                    eq(userPolicies.userId, userId)
                )
            )
            .limit(1)
    ]);
-    return (
+    if (roleResourceAccess.length > 0) {
-        roleResourceAccess.length > 0 ||
+        return true;
-        rolePolicyAccess.length > 0 ||
+    }
-        userResourceAccess.length > 0 ||
+
-        userPolicyAccess.length > 0
+    const userResourceAccess = await db
-    );
+        .select()
        .from(userResources)
        .where(
            and(
                eq(userResources.userId, userId),
                eq(userResources.resourceId, resourceId)
            )
        )
        .limit(1);
    if (userResourceAccess.length > 0) {
        return true;
    }
    return false;
 }
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -11,7 +11,7 @@ import {
    primaryKey,
    uniqueIndex
 } from "drizzle-orm/pg-core";
-import { InferSelectModel } from "drizzle-orm";
+import { InferSelectModel, sql } from "drizzle-orm";
 import {
    domains,
    orgs,
@@ -207,17 +207,28 @@ export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
    expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
 });
-export const loginPage = pgTable("loginPage", {
+export const loginPage = pgTable(
-    loginPageId: serial("loginPageId").primaryKey(),
+    "loginPage",
-    subdomain: varchar("subdomain"),
+    {
-    fullDomain: varchar("fullDomain"),
+        loginPageId: serial("loginPageId").primaryKey(),
-    exitNodeId: integer("exitNodeId").references(() => exitNodes.exitNodeId, {
+        subdomain: varchar("subdomain"),
-        onDelete: "set null"
+        fullDomain: varchar("fullDomain"),
-    }),
+        exitNodeId: integer("exitNodeId").references(
-    domainId: varchar("domainId").references(() => domains.domainId, {
+            () => exitNodes.exitNodeId,
-        onDelete: "set null"
+            {
-    })
+                onDelete: "set null"
-});
+            }
        ),
        domainId: varchar("domainId").references(() => domains.domainId, {
            onDelete: "set null"
        })
    },
    (t) => [
        index("idx_loginpage_fulldomain")
            .on(t.fullDomain)
            .where(sql`${t.fullDomain} IS NOT NULL`)
    ]
 );
 export const loginPageOrg = pgTable("loginPageOrg", {
    loginPageId: integer("loginPageId")
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -1,5 +1,5 @@
 import { randomUUID } from "crypto";
-import { InferSelectModel } from "drizzle-orm";
+import { InferSelectModel, sql } from "drizzle-orm";
 import {
    bigint,
    boolean,
@@ -82,107 +82,130 @@ export const orgDomains = pgTable("orgDomains", {
        .references(() => domains.domainId, { onDelete: "cascade" })
 });
-export const sites = pgTable("sites", {
+export const sites = pgTable(
-    siteId: serial("siteId").primaryKey(),
+    "sites",
-    orgId: varchar("orgId")
+    {
-        .references(() => orgs.orgId, {
+        siteId: serial("siteId").primaryKey(),
-            onDelete: "cascade"
+        orgId: varchar("orgId")
-        })
+            .references(() => orgs.orgId, {
-        .notNull(),
+                onDelete: "cascade"
-    niceId: varchar("niceId").notNull(),
+            })
-    exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+            .notNull(),
-        onDelete: "set null"
+        niceId: varchar("niceId").notNull(),
-    }),
+        exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
-    name: varchar("name").notNull(),
+            onDelete: "set null"
-    pubKey: varchar("pubKey"),
+        }),
-    subnet: varchar("subnet"),
+        name: varchar("name").notNull(),
-    megabytesIn: real("bytesIn").default(0),
+        pubKey: varchar("pubKey"),
-    megabytesOut: real("bytesOut").default(0),
+        subnet: varchar("subnet"),
-    lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
+        megabytesIn: real("bytesIn").default(0),
-    type: varchar("type").notNull(), // "newt" or "wireguard"
+        megabytesOut: real("bytesOut").default(0),
-    online: boolean("online").notNull().default(false),
+        lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
-    lastPing: integer("lastPing"),
+        type: varchar("type").notNull(), // "newt" or "wireguard"
-    address: varchar("address"),
+        online: boolean("online").notNull().default(false),
-    endpoint: varchar("endpoint"),
+        lastPing: integer("lastPing"),
-    publicKey: varchar("publicKey"),
+        address: varchar("address"),
-    lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
+        endpoint: varchar("endpoint"),
-    listenPort: integer("listenPort"),
+        publicKey: varchar("publicKey"),
-    dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true),
+        lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
-    autoUpdateEnabled: boolean("autoUpdateEnabled").notNull().default(false),
+        listenPort: integer("listenPort"),
-    autoUpdateOverrideOrg: boolean("autoUpdateOverrideOrg")
+        dockerSocketEnabled: boolean("dockerSocketEnabled")
-        .notNull()
+            .notNull()
-        .default(false),
+            .default(true),
-    status: varchar("status")
+        autoUpdateEnabled: boolean("autoUpdateEnabled")
-        .$type<"pending" | "approved">()
+            .notNull()
-        .default("approved")
+            .default(false),
-});
+        autoUpdateOverrideOrg: boolean("autoUpdateOverrideOrg")
            .notNull()
            .default(false),
        status: varchar("status")
            .$type<"pending" | "approved">()
            .default("approved")
    },
    (t) => [
        index("idx_sites_exitnodeid").on(t.exitNodeId),
        index("idx_sites_exitnode_type_siteid").on(
            t.exitNodeId,
            t.type,
            t.siteId
        )
    ]
 );
-export const resources = pgTable("resources", {
+export const resources = pgTable(
-    resourceId: serial("resourceId").primaryKey(),
+    "resources",
-    resourcePolicyId: integer("resourcePolicyId").references(
+    {
-        () => resourcePolicies.resourcePolicyId,
+        resourceId: serial("resourceId").primaryKey(),
-        { onDelete: "set null" }
+        resourcePolicyId: integer("resourcePolicyId").references(
-    ),
+            () => resourcePolicies.resourcePolicyId,
-    defaultResourcePolicyId: integer("defaultResourcePolicyId").references(
+            { onDelete: "set null" }
-        () => resourcePolicies.resourcePolicyId,
+        ),
-        {
+        defaultResourcePolicyId: integer("defaultResourcePolicyId").references(
-            onDelete: "restrict"
+            () => resourcePolicies.resourcePolicyId,
-        }
+            {
-    ),
+                onDelete: "restrict"
-    resourceGuid: varchar("resourceGuid", { length: 36 })
+            }
-        .unique()
+        ),
-        .notNull()
+        resourceGuid: varchar("resourceGuid", { length: 36 })
-        .$defaultFn(() => randomUUID()),
+            .unique()
-    orgId: varchar("orgId")
+            .notNull()
-        .references(() => orgs.orgId, {
+            .$defaultFn(() => randomUUID()),
-            onDelete: "cascade"
+        orgId: varchar("orgId")
-        })
+            .references(() => orgs.orgId, {
-        .notNull(),
+                onDelete: "cascade"
-    niceId: text("niceId").notNull(),
+            })
-    name: varchar("name").notNull(),
+            .notNull(),
-    subdomain: varchar("subdomain"),
+        niceId: text("niceId").notNull(),
-    fullDomain: varchar("fullDomain"),
+        name: varchar("name").notNull(),
-    domainId: varchar("domainId").references(() => domains.domainId, {
+        subdomain: varchar("subdomain"),
-        onDelete: "set null"
+        fullDomain: varchar("fullDomain"),
-    }),
+        domainId: varchar("domainId").references(() => domains.domainId, {
-    ssl: boolean("ssl").notNull().default(false),
+            onDelete: "set null"
-    blockAccess: boolean("blockAccess").notNull().default(false),
+        }),
-    proxyPort: integer("proxyPort"),
+        ssl: boolean("ssl").notNull().default(false),
-    sso: boolean("sso"),
+        blockAccess: boolean("blockAccess").notNull().default(false),
-    emailWhitelistEnabled: boolean("emailWhitelistEnabled"),
+        proxyPort: integer("proxyPort"),
-    applyRules: boolean("applyRules"),
+        sso: boolean("sso"),
-    enabled: boolean("enabled").notNull().default(true),
+        emailWhitelistEnabled: boolean("emailWhitelistEnabled"),
-    stickySession: boolean("stickySession").notNull().default(false),
+        applyRules: boolean("applyRules"),
-    tlsServerName: varchar("tlsServerName"),
+        enabled: boolean("enabled").notNull().default(true),
-    setHostHeader: varchar("setHostHeader"),
+        stickySession: boolean("stickySession").notNull().default(false),
-    enableProxy: boolean("enableProxy").default(true),
+        tlsServerName: varchar("tlsServerName"),
-    skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
+        setHostHeader: varchar("setHostHeader"),
-        onDelete: "set null"
+        enableProxy: boolean("enableProxy").default(true),
-    }),
+        skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
-    headers: text("headers"), // comma-separated list of headers to add to the request
+            onDelete: "set null"
-    proxyProtocol: boolean("proxyProtocol").notNull().default(false),
+        }),
-    proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
+        headers: text("headers"), // comma-separated list of headers to add to the request
-    maintenanceModeEnabled: boolean("maintenanceModeEnabled")
+        proxyProtocol: boolean("proxyProtocol").notNull().default(false),
-        .notNull()
+        proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
-        .default(false),
+        maintenanceModeEnabled: boolean("maintenanceModeEnabled")
-    maintenanceModeType: text("maintenanceModeType", {
+            .notNull()
-        enum: ["forced", "automatic"]
+            .default(false),
-    }).default("forced"), // "forced" = always show, "automatic" = only when down
+        maintenanceModeType: text("maintenanceModeType", {
-    maintenanceTitle: text("maintenanceTitle"),
+            enum: ["forced", "automatic"]
-    maintenanceMessage: text("maintenanceMessage"),
+        }).default("forced"), // "forced" = always show, "automatic" = only when down
-    maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
+        maintenanceTitle: text("maintenanceTitle"),
-    postAuthPath: text("postAuthPath"),
+        maintenanceMessage: text("maintenanceMessage"),
-    health: varchar("health").default("unknown"), // "healthy", "unhealthy", "unknown"
+        maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
-    wildcard: boolean("wildcard").notNull().default(false),
+        postAuthPath: text("postAuthPath"),
-    mode: text("mode").default("http").notNull(), // rdp, ssh, http, vnc
+        health: varchar("health").default("unknown"), // "healthy", "unhealthy", "unknown"
-    pamMode: varchar("pamMode", { length: 32 })
+        wildcard: boolean("wildcard").notNull().default(false),
-        .$type<"passthrough" | "push">()
+        mode: text("mode").default("http").notNull(), // rdp, ssh, http, vnc
-        .default("passthrough"),
+        pamMode: varchar("pamMode", { length: 32 })
-    authDaemonMode: varchar("authDaemonMode", { length: 32 })
+            .$type<"passthrough" | "push">()
-        .$type<"site" | "remote" | "native">()
+            .default("passthrough"),
-        .default("site"),
+        authDaemonMode: varchar("authDaemonMode", { length: 32 })
-    authDaemonPort: integer("authDaemonPort").default(22123)
+            .$type<"site" | "remote" | "native">()
-});
+            .default("site"),
        authDaemonPort: integer("authDaemonPort").default(22123)
    },
    (t) => [
        index("idx_resources_fulldomain")
            .on(t.fullDomain)
            .where(sql`${t.fullDomain} IS NOT NULL`)
    ]
 );
 export const labels = pgTable("labels", {
    labelId: serial("labelId").primaryKey(),
@@ -267,71 +290,84 @@ export const clientLabels = pgTable(
    (t) => [unique("client_label_uniq").on(t.clientId, t.labelId)]
 );
-export const targets = pgTable("targets", {
+export const targets = pgTable(
-    targetId: serial("targetId").primaryKey(),
+    "targets",
-    resourceId: integer("resourceId")
+    {
-        .references(() => resources.resourceId, {
+        targetId: serial("targetId").primaryKey(),
-            onDelete: "cascade"
+        resourceId: integer("resourceId")
-        })
+            .references(() => resources.resourceId, {
-        .notNull(),
+                onDelete: "cascade"
-    siteId: integer("siteId")
+            })
-        .references(() => sites.siteId, {
+            .notNull(),
-            onDelete: "cascade"
+        siteId: integer("siteId")
-        })
+            .references(() => sites.siteId, {
-        .notNull(),
+                onDelete: "cascade"
-    ip: varchar("ip").notNull(),
+            })
-    method: varchar("method"),
+            .notNull(),
-    port: integer("port").notNull(),
+        ip: varchar("ip").notNull(),
-    internalPort: integer("internalPort"),
+        method: varchar("method"),
-    enabled: boolean("enabled").notNull().default(true),
+        port: integer("port").notNull(),
-    path: text("path"),
+        internalPort: integer("internalPort"),
-    pathMatchType: text("pathMatchType"), // exact, prefix, regex
+        enabled: boolean("enabled").notNull().default(true),
-    rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
+        path: text("path"),
-    rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
+        pathMatchType: text("pathMatchType"), // exact, prefix, regex
-    priority: integer("priority").notNull().default(100),
+        rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
-    mode: varchar("mode")
+        rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
-        .$type<"http" | "tcp" | "udp" | "ssh" | "rdp" | "vnc">()
+        priority: integer("priority").notNull().default(100),
-        .notNull()
+        mode: varchar("mode")
-        .default("http"),
+            .$type<"http" | "tcp" | "udp" | "ssh" | "rdp" | "vnc">()
-    authToken: varchar("authToken")
+            .notNull()
-});
+            .default("http"),
        authToken: varchar("authToken")
    },
    (t) => [
        index("idx_targets_resourceid_siteid").on(t.resourceId, t.siteId),
        index("idx_targets_site_enabled_priority_target_resource")
            .on(t.siteId, t.priority.desc(), t.targetId, t.resourceId)
            .where(sql`${t.enabled} = true`)
    ]
 );
-export const targetHealthCheck = pgTable("targetHealthCheck", {
+export const targetHealthCheck = pgTable(
-    targetHealthCheckId: serial("targetHealthCheckId").primaryKey(),
+    "targetHealthCheck",
-    targetId: integer("targetId").references(() => targets.targetId, {
+    {
-        onDelete: "cascade"
+        targetHealthCheckId: serial("targetHealthCheckId").primaryKey(),
-    }),
+        targetId: integer("targetId").references(() => targets.targetId, {
    orgId: varchar("orgId")
        .references(() => orgs.orgId, {
            onDelete: "cascade"
-        })
+        }),
-        .notNull(),
+        orgId: varchar("orgId")
-    siteId: integer("siteId")
+            .references(() => orgs.orgId, {
-        .references(() => sites.siteId, {
+                onDelete: "cascade"
-            onDelete: "cascade"
+            })
-        })
+            .notNull(),
-        .notNull(),
+        siteId: integer("siteId")
-    name: varchar("name"),
+            .references(() => sites.siteId, {
-    hcEnabled: boolean("hcEnabled").notNull().default(false),
+                onDelete: "cascade"
-    hcPath: varchar("hcPath"),
+            })
-    hcScheme: varchar("hcScheme"),
+            .notNull(),
-    hcMode: varchar("hcMode").default("http"),
+        name: varchar("name"),
-    hcHostname: varchar("hcHostname"),
+        hcEnabled: boolean("hcEnabled").notNull().default(false),
-    hcPort: integer("hcPort"),
+        hcPath: varchar("hcPath"),
-    hcInterval: integer("hcInterval").default(30), // in seconds
+        hcScheme: varchar("hcScheme"),
-    hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
+        hcMode: varchar("hcMode").default("http"),
-    hcTimeout: integer("hcTimeout").default(5), // in seconds
+        hcHostname: varchar("hcHostname"),
-    hcHeaders: varchar("hcHeaders"),
+        hcPort: integer("hcPort"),
-    hcFollowRedirects: boolean("hcFollowRedirects").default(true),
+        hcInterval: integer("hcInterval").default(30), // in seconds
-    hcMethod: varchar("hcMethod").default("GET"),
+        hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
-    hcStatus: integer("hcStatus"), // http code
+        hcTimeout: integer("hcTimeout").default(5), // in seconds
-    hcHealth: text("hcHealth")
+        hcHeaders: varchar("hcHeaders"),
-        .$type<"unknown" | "healthy" | "unhealthy">()
+        hcFollowRedirects: boolean("hcFollowRedirects").default(true),
-        .default("unknown"), // "unknown", "healthy", "unhealthy"
+        hcMethod: varchar("hcMethod").default("GET"),
-    hcTlsServerName: text("hcTlsServerName"),
+        hcStatus: integer("hcStatus"), // http code
-    hcHealthyThreshold: integer("hcHealthyThreshold").default(1),
+        hcHealth: text("hcHealth")
-    hcUnhealthyThreshold: integer("hcUnhealthyThreshold").default(1)
+            .$type<"unknown" | "healthy" | "unhealthy">()
-});
+            .default("unknown"), // "unknown", "healthy", "unhealthy"
        hcTlsServerName: text("hcTlsServerName"),
        hcHealthyThreshold: integer("hcHealthyThreshold").default(1),
        hcUnhealthyThreshold: integer("hcUnhealthyThreshold").default(1)
    },
    (t) => [index("idx_targethealthcheck_targetid").on(t.targetId)]
 );
 export const exitNodes = pgTable("exitNodes", {
    exitNodeId: serial("exitNodeId").primaryKey(),
@@ -406,43 +442,74 @@ export const networks = pgTable("networks", {
        .notNull()
 });
-export const siteNetworks = pgTable("siteNetworks", {
+export const siteNetworks = pgTable(
-    siteId: integer("siteId")
+    "siteNetworks",
-        .notNull()
+    {
-        .references(() => sites.siteId, {
+        siteId: integer("siteId")
-            onDelete: "cascade"
+            .notNull()
-        }),
+            .references(() => sites.siteId, {
-    networkId: integer("networkId")
+                onDelete: "cascade"
-        .notNull()
+            }),
-        .references(() => networks.networkId, { onDelete: "cascade" })
+        networkId: integer("networkId")
-});
+            .notNull()
            .references(() => networks.networkId, { onDelete: "cascade" })
    },
    (t) => [
        index("idx_sitenetworks_siteid").on(t.siteId),
        index("idx_sitenetworks_networkid").on(t.networkId)
    ]
 );
-export const clientSiteResources = pgTable("clientSiteResources", {
+export const clientSiteResources = pgTable(
-    clientId: integer("clientId")
+    "clientSiteResources",
-        .notNull()
+    {
-        .references(() => clients.clientId, { onDelete: "cascade" }),
+        clientId: integer("clientId")
-    siteResourceId: integer("siteResourceId")
+            .notNull()
-        .notNull()
+            .references(() => clients.clientId, { onDelete: "cascade" }),
-        .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
+        siteResourceId: integer("siteResourceId")
-});
+            .notNull()
            .references(() => siteResources.siteResourceId, {
                onDelete: "cascade"
            })
    },
    (t) => [
        index("idx_clientsiteresources_clientid").on(t.clientId),
        index("idx_clientsiteresources_siteresourceid").on(t.siteResourceId)
    ]
 );
-export const roleSiteResources = pgTable("roleSiteResources", {
+export const roleSiteResources = pgTable(
-    roleId: integer("roleId")
+    "roleSiteResources",
-        .notNull()
+    {
-        .references(() => roles.roleId, { onDelete: "cascade" }),
+        roleId: integer("roleId")
-    siteResourceId: integer("siteResourceId")
+            .notNull()
-        .notNull()
+            .references(() => roles.roleId, { onDelete: "cascade" }),
-        .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
+        siteResourceId: integer("siteResourceId")
-});
+            .notNull()
            .references(() => siteResources.siteResourceId, {
                onDelete: "cascade"
            })
    },
    (t) => [index("idx_rolesiteresources_siteresourceid").on(t.siteResourceId)]
 );
-export const userSiteResources = pgTable("userSiteResources", {
+export const userSiteResources = pgTable(
-    userId: varchar("userId")
+    "userSiteResources",
-        .notNull()
+    {
-        .references(() => users.userId, { onDelete: "cascade" }),
+        userId: varchar("userId")
-    siteResourceId: integer("siteResourceId")
+            .notNull()
-        .notNull()
+            .references(() => users.userId, { onDelete: "cascade" }),
-        .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
+        siteResourceId: integer("siteResourceId")
-});
+            .notNull()
            .references(() => siteResources.siteResourceId, {
                onDelete: "cascade"
            })
    },
    (t) => [
        index("idx_usersiteresources_userid").on(t.userId),
        index("idx_usersiteresources_siteresourceid").on(t.siteResourceId)
    ]
 );
 export const users = pgTable("user", {
    userId: varchar("id").primaryKey(),
@@ -467,15 +534,19 @@ export const users = pgTable("user", {
    locale: varchar("locale")
 });
-export const newts = pgTable("newt", {
+export const newts = pgTable(
-    newtId: varchar("id").primaryKey(),
+    "newt",
-    secretHash: varchar("secretHash").notNull(),
+    {
-    dateCreated: varchar("dateCreated").notNull(),
+        newtId: varchar("id").primaryKey(),
-    version: varchar("version"),
+        secretHash: varchar("secretHash").notNull(),
-    siteId: integer("siteId").references(() => sites.siteId, {
+        dateCreated: varchar("dateCreated").notNull(),
-        onDelete: "cascade"
+        version: varchar("version"),
-    })
+        siteId: integer("siteId").references(() => sites.siteId, {
-});
+            onDelete: "cascade"
        })
    },
    (t) => [index("idx_newt_siteid").on(t.siteId)]
 );
 export const twoFactorBackupCodes = pgTable("twoFactorBackupCodes", {
    codeId: serial("id").primaryKey(),
@@ -576,29 +647,49 @@ export const userOrgRoles = pgTable(
    (t) => [unique().on(t.userId, t.orgId, t.roleId)]
 );
-export const roleActions = pgTable("roleActions", {
+export const roleActions = pgTable(
-    roleId: integer("roleId")
+    "roleActions",
-        .notNull()
+    {
-        .references(() => roles.roleId, { onDelete: "cascade" }),
+        roleId: integer("roleId")
-    actionId: varchar("actionId")
+            .notNull()
-        .notNull()
+            .references(() => roles.roleId, { onDelete: "cascade" }),
-        .references(() => actions.actionId, { onDelete: "cascade" }),
+        actionId: varchar("actionId")
-    orgId: varchar("orgId")
+            .notNull()
-        .notNull()
+            .references(() => actions.actionId, { onDelete: "cascade" }),
-        .references(() => orgs.orgId, { onDelete: "cascade" })
+        orgId: varchar("orgId")
-});
+            .notNull()
            .references(() => orgs.orgId, { onDelete: "cascade" })
    },
    (t) => [
        index("idx_roleActions_roleId_orgId_actionId").on(
            t.roleId,
            t.orgId,
            t.actionId
        )
    ]
 );
-export const userActions = pgTable("userActions", {
+export const userActions = pgTable(
-    userId: varchar("userId")
+    "userActions",
-        .notNull()
+    {
-        .references(() => users.userId, { onDelete: "cascade" }),
+        userId: varchar("userId")
-    actionId: varchar("actionId")
+            .notNull()
-        .notNull()
+            .references(() => users.userId, { onDelete: "cascade" }),
-        .references(() => actions.actionId, { onDelete: "cascade" }),
+        actionId: varchar("actionId")
-    orgId: varchar("orgId")
+            .notNull()
-        .notNull()
+            .references(() => actions.actionId, { onDelete: "cascade" }),
-        .references(() => orgs.orgId, { onDelete: "cascade" })
+        orgId: varchar("orgId")
-});
+            .notNull()
            .references(() => orgs.orgId, { onDelete: "cascade" })
    },
    (t) => [
        index("idx_userActions_userId_orgId_actionId").on(
            t.userId,
            t.orgId,
            t.actionId
        )
    ]
 );
 export const roleSites = pgTable("roleSites", {
    roleId: integer("roleId")
@@ -1004,40 +1095,44 @@ export const idpOrg = pgTable("idpOrg", {
    orgMapping: varchar("orgMapping")
 });
-export const clients = pgTable("clients", {
+export const clients = pgTable(
-    clientId: serial("clientId").primaryKey(),
+    "clients",
-    orgId: varchar("orgId")
+    {
-        .references(() => orgs.orgId, {
+        clientId: serial("clientId").primaryKey(),
        orgId: varchar("orgId")
            .references(() => orgs.orgId, {
                onDelete: "cascade"
            })
            .notNull(),
        exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
            onDelete: "set null"
        }),
        userId: text("userId").references(() => users.userId, {
            // optionally tied to a user and in this case delete when the user deletes
            onDelete: "cascade"
-        })
+        }),
-        .notNull(),
+        niceId: varchar("niceId").notNull(),
-    exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+        olmId: text("olmId"), // to lock it to a specific olm optionally
-        onDelete: "set null"
+        name: varchar("name").notNull(),
-    }),
+        pubKey: varchar("pubKey"),
-    userId: text("userId").references(() => users.userId, {
+        subnet: varchar("subnet").notNull(),
-        // optionally tied to a user and in this case delete when the user deletes
+        megabytesIn: real("bytesIn"),
-        onDelete: "cascade"
+        megabytesOut: real("bytesOut"),
-    }),
+        lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
-    niceId: varchar("niceId").notNull(),
+        lastPing: integer("lastPing"),
-    olmId: text("olmId"), // to lock it to a specific olm optionally
+        type: varchar("type").notNull(), // "olm"
-    name: varchar("name").notNull(),
+        online: boolean("online").notNull().default(false),
-    pubKey: varchar("pubKey"),
+        // endpoint: varchar("endpoint"),
-    subnet: varchar("subnet").notNull(),
+        lastHolePunch: integer("lastHolePunch"),
-    megabytesIn: real("bytesIn"),
+        maxConnections: integer("maxConnections"),
-    megabytesOut: real("bytesOut"),
+        archived: boolean("archived").notNull().default(false),
-    lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
+        blocked: boolean("blocked").notNull().default(false),
-    lastPing: integer("lastPing"),
+        approvalState: varchar("approvalState").$type<
-    type: varchar("type").notNull(), // "olm"
+            "pending" | "approved" | "denied"
-    online: boolean("online").notNull().default(false),
+        >()
-    // endpoint: varchar("endpoint"),
+    },
-    lastHolePunch: integer("lastHolePunch"),
+    (t) => [index("idx_clients_userid").on(t.userId)]
-    maxConnections: integer("maxConnections"),
+);
    archived: boolean("archived").notNull().default(false),
    blocked: boolean("blocked").notNull().default(false),
    approvalState: varchar("approvalState").$type<
        "pending" | "approved" | "denied"
    >()
 });
 export const clientSitesAssociationsCache = pgTable(
    "clientSitesAssociationsCache",
@@ -1049,7 +1144,11 @@ export const clientSitesAssociationsCache = pgTable(
        isJitMode: boolean("isJitMode").notNull().default(false),
        endpoint: varchar("endpoint"),
        publicKey: varchar("publicKey") // this will act as the session's public key for hole punching so we can track when it changes
-    }
+    },
    (t) => [
        primaryKey({ columns: [t.clientId, t.siteId] }),
        index("idx_clientsitesassociationscache_siteid").on(t.siteId)
    ]
 );
 export const clientSiteResourcesAssociationsCache = pgTable(
@@ -1058,7 +1157,14 @@ export const clientSiteResourcesAssociationsCache = pgTable(
        clientId: integer("clientId") // not a foreign key here so after its deleted the rebuild function can delete it and send the message
            .notNull(),
        siteResourceId: integer("siteResourceId").notNull()
-    }
+    },
    (t) => [
        primaryKey({ columns: [t.clientId, t.siteResourceId] }),
        index("idx_clientSiteResourcesAssociationsCache_siteResourceId").on(
            t.siteResourceId,
            t.clientId
        )
    ]
 );
 export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
@@ -1071,23 +1177,27 @@ export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
    collectedAt: integer("collectedAt").notNull()
 });
-export const olms = pgTable("olms", {
+export const olms = pgTable(
-    olmId: varchar("id").primaryKey(),
+    "olms",
-    secretHash: varchar("secretHash").notNull(),
+    {
-    dateCreated: varchar("dateCreated").notNull(),
+        olmId: varchar("id").primaryKey(),
-    version: text("version"),
+        secretHash: varchar("secretHash").notNull(),
-    agent: text("agent"),
+        dateCreated: varchar("dateCreated").notNull(),
-    name: varchar("name"),
+        version: text("version"),
-    clientId: integer("clientId").references(() => clients.clientId, {
+        agent: text("agent"),
-        // we will switch this depending on the current org it wants to connect to
+        name: varchar("name"),
-        onDelete: "set null"
+        clientId: integer("clientId").references(() => clients.clientId, {
-    }),
+            // we will switch this depending on the current org it wants to connect to
-    userId: text("userId").references(() => users.userId, {
+            onDelete: "set null"
-        // optionally tied to a user and in this case delete when the user deletes
+        }),
-        onDelete: "cascade"
+        userId: text("userId").references(() => users.userId, {
-    }),
+            // optionally tied to a user and in this case delete when the user deletes
-    archived: boolean("archived").notNull().default(false)
+            onDelete: "cascade"
-});
+        }),
        archived: boolean("archived").notNull().default(false)
    },
    (t) => [index("idx_olms_clientid").on(t.clientId)]
 );
 export const currentFingerprint = pgTable("currentFingerprint", {
    fingerprintId: serial("id").primaryKey(),
--- a/server/index.ts
+++ b/server/index.ts
@@ -24,6 +24,7 @@ import license from "#dynamic/license/license";
 import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
 import { initAcmeCertSync } from "#dynamic/lib/acmeCertSync";
 import { fetchServerIp } from "@server/lib/serverIpService";
 import { startRebuildQueueProcessor } from "@server/lib/rebuildClientAssociations";
 async function startServers() {
    await setHostMeta();
@@ -41,6 +42,7 @@ async function startServers() {
    initLogCleanupInterval();
    initAcmeCertSync();
    startRebuildQueueProcessor();
    // Start all servers
    const apiServer = createApiServer();
--- a/server/lib/blueprints/applyNewtDockerBlueprint.ts
+++ b/server/lib/blueprints/applyNewtDockerBlueprint.ts
@@ -71,10 +71,7 @@ export async function applyNewtDockerBlueprint(
    let skippedKeys: string[] = [];
    try {
-        // Some Newt clients can report null/undefined containers when Docker
+        const blueprint = processContainerLabels(containers);
        // labels are unavailable. Treat that as an empty blueprint payload.
        const safeContainers = Array.isArray(containers) ? containers : [];
        const blueprint = processContainerLabels(safeContainers);
        logger.debug(
            `Received Docker blueprint with ${Object.keys(blueprint["proxy-resources"]).length} proxy, ${Object.keys(blueprint["client-resources"]).length} client resource(s)`
--- a/server/lib/blueprints/publicResources.ts
+++ b/server/lib/blueprints/publicResources.ts
@@ -945,45 +945,7 @@ export async function updatePublicResources(
                }
            } else {
                // INLINE POLICY MODE: sync rules into policy-level table
-                let inlinePolicyId = resource!.defaultResourcePolicyId;
+                const inlinePolicyId = resource!.defaultResourcePolicyId!;
                // Targets-only updates skip the auth/policy update branch above,
                // so pre-1.19 resources can still have no inline policy linked.
                if (!inlinePolicyId) {
                    const [adminRole] = await trx
                        .select()
                        .from(roles)
                        .where(
                            and(eq(roles.isAdmin, true), eq(roles.orgId, orgId))
                        )
                        .limit(1);
                    if (!adminRole) {
                        throw new Error(`Admin role not found`);
                    }
                    inlinePolicyId = await ensureInlinePolicy(
                        existingResource.defaultResourcePolicyId,
                        orgId,
                        resourceNiceId,
                        adminRole.roleId,
                        trx
                    );
                    [resource] = await trx
                        .update(resources)
                        .set({
                            resourcePolicyId: null,
                            defaultResourcePolicyId: inlinePolicyId
                        })
                        .where(
                            eq(
                                resources.resourceId,
                                existingResource.resourceId
                            )
                        )
                        .returning();
                }
                // Clear the old resource-level rules table
                await trx
--- a/server/lib/rebuildClientAssociations.ts
+++ b/server/lib/rebuildClientAssociations.ts
@@ -8,6 +8,7 @@ import {
    exitNodes,
    newts,
    olms,
    primaryDb,
    roleSiteResources,
    Site,
    SiteResource,
@@ -20,10 +21,10 @@ import {
 } from "@server/db";
 import { and, count, eq, inArray, ne } from "drizzle-orm";
-import { deletePeer as newtDeletePeer } from "@server/routers/newt/peers";
+import { deletePeersBatch as newtDeletePeersBatch } from "@server/routers/newt/peers";
 import {
-    initPeerAddHandshake,
+    initPeerAddHandshakeBatch,
-    deletePeer as olmDeletePeer
+    deletePeersBatch as olmDeletePeersBatch
 } from "@server/routers/olm/peers";
 import { sendToExitNode } from "#dynamic/lib/exitNodes";
 import logger from "@server/logger";
@@ -34,12 +35,13 @@ import {
    parseEndpoint
 } from "@server/lib/ip";
 import {
-    addPeerData,
+    addPeerDataBatch,
-    addTargets as addSubnetProxyTargets,
+    addTargetsBatch as addSubnetProxyTargetsBatch,
-    removePeerData,
+    removePeerDataBatch,
-    removeTargets as removeSubnetProxyTargets
+    removeTargetsBatch as removeSubnetProxyTargetsBatch
 } from "@server/routers/client/targets";
 import { lockManager } from "#dynamic/lib/lock";
 import { rebuildQueue } from "#dynamic/lib/rebuildQueue";
 // TTL for rebuild-association locks. These functions can fan out into many
 // peer/proxy updates, so give them a generous window.
@@ -167,11 +169,32 @@ export async function rebuildClientAssociationsFromSiteResource(
        subnet: string | null;
    }[];
 }> {
-    return await lockManager.withLock(
+    try {
-        `rebuild-client-associations:site-resource:${siteResource.siteResourceId}`,
+        return await lockManager.withLock(
-        () => rebuildClientAssociationsFromSiteResourceImpl(siteResource, trx),
+            `rebuild-client-associations:site-resource:${siteResource.siteResourceId}`,
-        REBUILD_ASSOCIATIONS_LOCK_TTL_MS
+            () =>
-    );
+                rebuildClientAssociationsFromSiteResourceImpl(
                    siteResource,
                    trx
                ),
            REBUILD_ASSOCIATIONS_LOCK_TTL_MS
        );
    } catch (err: any) {
        if (
            typeof err?.message === "string" &&
            err.message.startsWith("Failed to acquire lock")
        ) {
            logger.warn(
                `rebuildClientAssociations: could not acquire lock for site resource ${siteResource.siteResourceId}, queuing for deferred processing`
            );
            await rebuildQueue.enqueue({
                type: "site-resource",
                id: siteResource.siteResourceId
            });
            return { mergedAllClients: [] };
        }
        throw err;
    }
 }
 async function rebuildClientAssociationsFromSiteResourceImpl(
@@ -536,6 +559,28 @@ async function handleMessagesForSiteClients(
    const newtJobs: Promise<any>[] = [];
    const olmJobs: Promise<any>[] = [];
    const exitNodeJobs: Promise<any>[] = [];
    const newtPeerDeletes: {
        siteId: number;
        publicKey: string;
        newtId: string;
    }[] = [];
    const olmPeerDeletes: {
        clientId: number;
        siteId: number;
        publicKey: string;
        olmId: string;
    }[] = [];
    const olmPeerAddHandshakes: {
        clientId: number;
        peer: {
            siteId: number;
            exitNode: {
                publicKey: string;
                endpoint: string;
            };
        };
        olmId: string;
    }[] = [];
    // Combine all clients that need processing (those being added or removed)
    const clientsToProcess = new Map<
@@ -584,6 +629,21 @@ async function handleMessagesForSiteClients(
        }
    }
    // Batch-fetch all olm IDs for the clients we need to process
    const clientIdsToProcess = Array.from(clientsToProcess.keys());
    const olmRows =
        clientIdsToProcess.length > 0
            ? await trx
                  .select({ olmId: olms.olmId, clientId: olms.clientId })
                  .from(olms)
                  .where(inArray(olms.clientId, clientIdsToProcess))
            : [];
    const olmByClientId = new Map<number, string>(
        olmRows
            .filter((r) => r.clientId !== null)
            .map((r) => [r.clientId as number, r.olmId])
    );
    for (const client of clientsToProcess.values()) {
        // UPDATE THE NEWT
        if (!client.subnet || !client.pubKey) {
@@ -600,14 +660,8 @@ async function handleMessagesForSiteClients(
            continue;
        }
-        const [olm] = await trx
+        const olmId = olmByClientId.get(client.clientId);
-            .select({
+        if (!olmId) {
                olmId: olms.olmId
            })
            .from(olms)
            .where(eq(olms.clientId, client.clientId))
            .limit(1);
        if (!olm) {
            logger.warn(
                `Olm not found for client ${client.clientId} so cannot add/delete peers`
            );
@@ -615,15 +669,17 @@ async function handleMessagesForSiteClients(
        }
        if (isDelete) {
-            newtJobs.push(newtDeletePeer(siteId, client.pubKey, newt.newtId));
+            newtPeerDeletes.push({
-            olmJobs.push(
+                siteId,
-                olmDeletePeer(
+                publicKey: client.pubKey,
-                    client.clientId,
+                newtId: newt.newtId
-                    siteId,
+            });
-                    site.publicKey,
+            olmPeerDeletes.push({
-                    olm.olmId
+                clientId: client.clientId,
-                )
+                siteId,
-            );
+                publicKey: site.publicKey,
                olmId
            });
        }
        if (isAdd) {
@@ -635,23 +691,34 @@ async function handleMessagesForSiteClients(
                continue;
            }
-            await initPeerAddHandshake(
+            olmPeerAddHandshakes.push({
-                // this will kick off the add peer process for the client
+                clientId: client.clientId,
-                client.clientId,
+                peer: {
                {
                    siteId,
                    exitNode: {
                        publicKey: exitNode.publicKey,
                        endpoint: exitNode.endpoint
                    }
                },
-                olm.olmId
+                olmId
-            );
+            });
        }
        exitNodeJobs.push(updateClientSiteDestinations(client, trx));
    }
    if (newtPeerDeletes.length > 0) {
        newtJobs.push(newtDeletePeersBatch(newtPeerDeletes));
    }
    if (olmPeerDeletes.length > 0) {
        olmJobs.push(olmDeletePeersBatch(olmPeerDeletes));
    }
    if (olmPeerAddHandshakes.length > 0) {
        olmJobs.push(initPeerAddHandshakeBatch(olmPeerAddHandshakes));
    }
    Promise.all(exitNodeJobs).catch((error) => {
        logger.error(
            `rebuildClientAssociations: Error updating client site destinations for site ${site.siteId}:`,
@@ -844,24 +911,28 @@ async function handleSubnetProxyTargetUpdates(
                if (targetsToAdd) {
                    proxyJobs.push(
-                        addSubnetProxyTargets(
+                        addSubnetProxyTargetsBatch([
-                            newt.newtId,
+                            {
-                            targetsToAdd,
+                                newtId: newt.newtId,
-                            newt.version
+                                targets: targetsToAdd,
-                        )
+                                version: newt.version
                            }
                        ])
                    );
                }
-                for (const client of addedClients) {
+                olmJobs.push(
-                    olmJobs.push(
+                    addPeerDataBatch(
-                        addPeerData(
+                        addedClients.map((client) => ({
-                            client.clientId,
+                            clientId: client.clientId,
                            siteId,
-                            generateRemoteSubnets([siteResource]),
+                            remoteSubnets: generateRemoteSubnets([
-                            generateAliasConfig([siteResource])
+                                siteResource
-                        )
+                            ]),
-                    );
+                            aliases: generateAliasConfig([siteResource])
-                }
+                        }))
                    )
                );
            }
        }
@@ -881,14 +952,23 @@ async function handleSubnetProxyTargetUpdates(
                if (targetsToRemove) {
                    proxyJobs.push(
-                        removeSubnetProxyTargets(
+                        removeSubnetProxyTargetsBatch([
-                            newt.newtId,
+                            {
-                            targetsToRemove,
+                                newtId: newt.newtId,
-                            newt.version
+                                targets: targetsToRemove,
-                        )
+                                version: newt.version
                            }
                        ])
                    );
                }
                const peerDataRemovals: {
                    clientId: number;
                    siteId: number;
                    remoteSubnets: string[];
                    aliases: ReturnType<typeof generateAliasConfig>;
                }[] = [];
                for (const client of removedClients) {
                    if (!siteResource.destination) {
                        continue;
@@ -936,14 +1016,16 @@ async function handleSubnetProxyTargetUpdates(
                            ? []
                            : generateRemoteSubnets([siteResource]);
-                    olmJobs.push(
+                    peerDataRemovals.push({
-                        removePeerData(
+                        clientId: client.clientId,
-                            client.clientId,
+                        siteId,
-                            siteId,
+                        remoteSubnets: remoteSubnetsToRemove,
-                            remoteSubnetsToRemove,
+                        aliases: generateAliasConfig([siteResource])
-                            generateAliasConfig([siteResource])
+                    });
-                        )
+                }
-                    );
+
                if (peerDataRemovals.length > 0) {
                    olmJobs.push(removePeerDataBatch(peerDataRemovals));
                }
            }
        }
@@ -956,11 +1038,28 @@ export async function rebuildClientAssociationsFromClient(
    client: Client,
    trx: Transaction | typeof db = db
 ): Promise<void> {
-    return await lockManager.withLock(
+    try {
-        `rebuild-client-associations:client:${client.clientId}`,
+        return await lockManager.withLock(
-        () => rebuildClientAssociationsFromClientImpl(client, trx),
+            `rebuild-client-associations:client:${client.clientId}`,
-        REBUILD_ASSOCIATIONS_LOCK_TTL_MS
+            () => rebuildClientAssociationsFromClientImpl(client, trx),
-    );
+            REBUILD_ASSOCIATIONS_LOCK_TTL_MS
        );
    } catch (err: any) {
        if (
            typeof err?.message === "string" &&
            err.message.startsWith("Failed to acquire lock")
        ) {
            logger.warn(
                `rebuildClientAssociations: could not acquire lock for client ${client.clientId}, queuing for deferred processing`
            );
            await rebuildQueue.enqueue({
                type: "client",
                id: client.clientId
            });
            return;
        }
        throw err;
    }
 }
 async function rebuildClientAssociationsFromClientImpl(
@@ -1237,6 +1336,28 @@ async function handleMessagesForClientSites(
    const newtJobs: Promise<any>[] = [];
    const olmJobs: Promise<any>[] = [];
    const exitNodeJobs: Promise<any>[] = [];
    const newtPeerDeletes: {
        siteId: number;
        publicKey: string;
        newtId: string;
    }[] = [];
    const olmPeerDeletes: {
        clientId: number;
        siteId: number;
        publicKey: string;
        olmId: string;
    }[] = [];
    const olmPeerAddHandshakes: {
        clientId: number;
        peer: {
            siteId: number;
            exitNode: {
                publicKey: string;
                endpoint: string;
            };
        };
        olmId: string;
    }[] = [];
    const totalSitesOnClient = await trx
        .select({ count: count(clientSitesAssociationsCache.siteId) })
@@ -1268,19 +1389,19 @@ async function handleMessagesForClientSites(
        if (isRemove) {
            // Remove peer from newt
-            newtJobs.push(
+            newtPeerDeletes.push({
-                newtDeletePeer(site.siteId, client.pubKey, newt.newtId)
+                siteId: site.siteId,
-            );
+                publicKey: client.pubKey,
                newtId: newt.newtId
            });
            try {
                // Remove peer from olm
-                olmJobs.push(
+                olmPeerDeletes.push({
-                    olmDeletePeer(
+                    clientId: client.clientId,
-                        client.clientId,
+                    siteId: site.siteId,
-                        site.siteId,
+                    publicKey: site.publicKey,
-                        site.publicKey,
+                    olmId
-                        olmId
+                });
                    )
                );
            } catch (error) {
                // if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
                if (
@@ -1312,10 +1433,9 @@ async function handleMessagesForClientSites(
                continue;
            }
-            await initPeerAddHandshake(
+            olmPeerAddHandshakes.push({
-                // this will kick off the add peer process for the client
+                clientId: client.clientId,
-                client.clientId,
+                peer: {
                {
                    siteId: site.siteId,
                    exitNode: {
                        publicKey: exitNode.publicKey,
@@ -1323,7 +1443,7 @@ async function handleMessagesForClientSites(
                    }
                },
                olmId
-            );
+            });
        }
        // Update exit node destinations
@@ -1339,6 +1459,18 @@ async function handleMessagesForClientSites(
        );
    }
    if (newtPeerDeletes.length > 0) {
        newtJobs.push(newtDeletePeersBatch(newtPeerDeletes));
    }
    if (olmPeerDeletes.length > 0) {
        olmJobs.push(olmDeletePeersBatch(olmPeerDeletes));
    }
    if (olmPeerAddHandshakes.length > 0) {
        olmJobs.push(initPeerAddHandshakeBatch(olmPeerAddHandshakes));
    }
    Promise.all(exitNodeJobs).catch((error) => {
        logger.error(
            `rebuildClientAssociations: Error updating client site destinations for client ${client.clientId}:`,
@@ -1437,6 +1569,20 @@ async function handleMessagesForClientResources(
                continue;
            }
            const targetsToAddBatch: {
                newtId: string;
                targets: NonNullable<
                    Awaited<ReturnType<typeof generateSubnetProxyTargetV2>>
                >;
                version: string | null;
            }[] = [];
            const peerDataAdds: {
                clientId: number;
                siteId: number;
                remoteSubnets: string[];
                aliases: ReturnType<typeof generateAliasConfig>;
            }[] = [];
            for (const resource of resources) {
                const targets = await generateSubnetProxyTargetV2(resource, [
                    {
@@ -1447,25 +1593,21 @@ async function handleMessagesForClientResources(
                ]);
                if (targets) {
-                    proxyJobs.push(
+                    targetsToAddBatch.push({
-                        addSubnetProxyTargets(
+                        newtId: newt.newtId,
-                            newt.newtId,
+                        targets,
-                            targets,
+                        version: newt.version
-                            newt.version
+                    });
                        )
                    );
                }
                try {
                    // Add peer data to olm
-                    olmJobs.push(
+                    peerDataAdds.push({
-                        addPeerData(
+                        clientId: client.clientId,
-                            client.clientId,
+                        siteId,
-                            siteId,
+                        remoteSubnets: generateRemoteSubnets([resource]),
-                            generateRemoteSubnets([resource]),
+                        aliases: generateAliasConfig([resource])
-                            generateAliasConfig([resource])
+                    });
                        )
                    );
                } catch (error) {
                    // if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
                    if (
@@ -1480,6 +1622,14 @@ async function handleMessagesForClientResources(
                    }
                }
            }
            if (targetsToAddBatch.length > 0) {
                proxyJobs.push(addSubnetProxyTargetsBatch(targetsToAddBatch));
            }
            if (peerDataAdds.length > 0) {
                olmJobs.push(addPeerDataBatch(peerDataAdds));
            }
        }
    }
@@ -1546,6 +1696,20 @@ async function handleMessagesForClientResources(
                continue;
            }
            const targetsToRemoveBatch: {
                newtId: string;
                targets: NonNullable<
                    Awaited<ReturnType<typeof generateSubnetProxyTargetV2>>
                >;
                version: string | null;
            }[] = [];
            const peerDataRemovals: {
                clientId: number;
                siteId: number;
                remoteSubnets: string[];
                aliases: ReturnType<typeof generateAliasConfig>;
            }[] = [];
            for (const resource of resources) {
                const targets = await generateSubnetProxyTargetV2(resource, [
                    {
@@ -1556,13 +1720,11 @@ async function handleMessagesForClientResources(
                ]);
                if (targets) {
-                    proxyJobs.push(
+                    targetsToRemoveBatch.push({
-                        removeSubnetProxyTargets(
+                        newtId: newt.newtId,
-                            newt.newtId,
+                        targets,
-                            targets,
+                        version: newt.version
-                            newt.version
+                    });
                        )
                    );
                }
                try {
@@ -1613,14 +1775,12 @@ async function handleMessagesForClientResources(
                            : generateRemoteSubnets([resource]);
                    // Remove peer data from olm
-                    olmJobs.push(
+                    peerDataRemovals.push({
-                        removePeerData(
+                        clientId: client.clientId,
-                            client.clientId,
+                        siteId,
-                            siteId,
+                        remoteSubnets: remoteSubnetsToRemove,
-                            remoteSubnetsToRemove,
+                        aliases: generateAliasConfig([resource])
-                            generateAliasConfig([resource])
+                    });
                        )
                    );
                } catch (error) {
                    // if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
                    if (
@@ -1635,6 +1795,16 @@ async function handleMessagesForClientResources(
                    }
                }
            }
            if (targetsToRemoveBatch.length > 0) {
                proxyJobs.push(
                    removeSubnetProxyTargetsBatch(targetsToRemoveBatch)
                );
            }
            if (peerDataRemovals.length > 0) {
                olmJobs.push(removePeerDataBatch(peerDataRemovals));
            }
        }
    }
@@ -1888,7 +2058,15 @@ export async function cleanupSiteAssociations(
    for (const client of allClients) {
        // Tell each olm to drop the site's WireGuard peer.
        if (site.publicKey) {
-            jobs.push(olmDeletePeer(client.clientId, siteId, site.publicKey));
+            jobs.push(
                olmDeletePeersBatch([
                    {
                        clientId: client.clientId,
                        siteId,
                        publicKey: site.publicKey
                    }
                ])
            );
        }
        // Recompute and push updated relay destinations (now excluding this site).
@@ -1906,3 +2084,47 @@ export async function cleanupSiteAssociations(
    logger.debug(`cleanupSiteAssociations: DONE siteId=${siteId}`);
 }
 /**
 * Start the background rebuild queue processor. This should be called once
 * during server startup. Only one server instance at a time will actively
 * consume the queue (enforced via a distributed Redis lock); all other
 * instances will poll and wait until the lock becomes available.
 */
 export function startRebuildQueueProcessor(): void {
    rebuildQueue.startProcessing({
        onSiteResource: async (siteResourceId: number) => {
            const [siteResource] = await primaryDb
                .select()
                .from(siteResources)
                .where(eq(siteResources.siteResourceId, siteResourceId));
            if (!siteResource) {
                logger.warn(
                    `Rebuild queue: site resource ${siteResourceId} not found, skipping`
                );
                return;
            }
            await rebuildClientAssociationsFromSiteResource(
                siteResource,
                primaryDb
            );
        },
        onClient: async (clientId: number) => {
            const [client] = await primaryDb
                .select()
                .from(clients)
                .where(eq(clients.clientId, clientId));
            if (!client) {
                logger.warn(
                    `Rebuild queue: client ${clientId} not found, skipping`
                );
                return;
            }
            await rebuildClientAssociationsFromClient(client, primaryDb);
        }
    });
 }
--- a/server/lib/rebuildQueue.ts
+++ b/server/lib/rebuildQueue.ts
@@ -0,0 +1,23 @@
 export type RebuildJobType = "site-resource" | "client";
 export interface RebuildJob {
    type: RebuildJobType;
    id: number;
 }
 export interface RebuildJobHandlers {
    onSiteResource(siteResourceId: number): Promise<void>;
    onClient(clientId: number): Promise<void>;
 }
 export interface RebuildQueueManager {
    enqueue(job: RebuildJob): Promise<void>;
    startProcessing(handlers: RebuildJobHandlers): void;
 }
 class NoopRebuildQueue implements RebuildQueueManager {
    async enqueue(_job: RebuildJob): Promise<void> {}
    startProcessing(_handlers: RebuildJobHandlers): void {}
 }
 export const rebuildQueue: RebuildQueueManager = new NoopRebuildQueue();
--- a/server/lib/traefik/TraefikConfigManager.ts
+++ b/server/lib/traefik/TraefikConfigManager.ts
@@ -511,12 +511,6 @@ export class TraefikConfigManager {
        let traefikConfig;
        try {
            const currentExitNode = await getCurrentExitNodeId();
            const maintenancePort = config.getRawConfig().server.next_port;
            const maintenanceHost =
                config.getRawConfig().server.internal_hostname;
            const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
            // logger.debug(`Fetching traefik config for exit node: ${currentExitNode}`);
            traefikConfig = await getTraefikConfig(
                // this is called by the local exit node to get its own config
@@ -527,8 +521,7 @@ export class TraefikConfigManager {
                build == "saas"
                    ? false
                    : config.getRawConfig().traefik.allow_raw_resources, // dont allow raw resources on saas otherwise use config
-                pangolinUIUrl, // generate maintenance pages on cloud and hybrid
+                build != "oss" // generate browser gateway targets on cloud and enterprise
                pangolinUIUrl // generate browser gateway targets on cloud and hybrid
            );
            const domains = new Set<string>();
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -44,8 +44,8 @@ export async function getTraefikConfig(
    filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
    generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
    allowRawResources = true,
-    maintenancePageUiUrl: string | null = null, // UNUSED BUT USED IN PRIVATE
+    allowMaintenancePage = true, // UNUSED BUT USED IN PRIVATE
-    browserGatewayUiUrl: string | null = null // UNUSED BUT USED IN PRIVATE
+    allowBrowserGatewayResources = true
 ): Promise<any> {
    // Get resources with their targets and sites in a single optimized query
    // Start from sites on this exit node, then join to targets and resources
--- a/server/private/lib/rebuildQueue.ts
+++ b/server/private/lib/rebuildQueue.ts
@@ -0,0 +1,198 @@
 /*
 * This file is part of a proprietary work.
 *
 * Copyright (c) 2025-2026 Fossorial, Inc.
 * All rights reserved.
 *
 * This file is licensed under the Fossorial Commercial License.
 * You may not use this file except in compliance with the License.
 * Unauthorized use, copying, modification, or distribution is strictly prohibited.
 *
 * This file is not licensed under the AGPLv3.
 */
 import { redis } from "#private/lib/redis";
 import { lockManager } from "#dynamic/lib/lock";
 import logger from "@server/logger";
 export type RebuildJobType = "site-resource" | "client";
 export interface RebuildJob {
    type: RebuildJobType;
    id: number;
 }
 export interface RebuildJobHandlers {
    onSiteResource(siteResourceId: number): Promise<void>;
    onClient(clientId: number): Promise<void>;
 }
 // Redis list holding pending rebuild jobs (RPUSH to enqueue, LPOP to dequeue — FIFO order).
 const QUEUE_KEY = "rebuild-client-associations:queue";
 const QUEUED_SET_KEY = "rebuild-client-associations:queued";
 // Distributed lock that serialises queue consumption to a single server instance
 // at a time. TTL is generous enough to cover a full batch of expensive rebuilds.
 const PROCESSOR_LOCK_KEY = "rebuild-client-associations:processor";
 // Each rebuild can take up to REBUILD_ASSOCIATIONS_LOCK_TTL_MS (120 s) per
 // resource. Allow BATCH_SIZE resources per processor-lock acquisition, plus a
 // small buffer.
 const BATCH_SIZE = 5;
 const PROCESSOR_LOCK_TTL_MS = 120000 * BATCH_SIZE + 30000; // ~630 s
 const POLL_INTERVAL_MS = 500;
 class RedisRebuildQueue {
    private processingStarted = false;
    async enqueue(job: RebuildJob): Promise<void> {
        if (!redis || redis.status !== "ready") {
            logger.warn(
                `Rebuild queue: Redis not available — rebuild for ${job.type}:${job.id} will not be retried`
            );
            return;
        }
        try {
            const dedupeKey = `${job.type}:${job.id}`;
            const added = await redis.sadd(QUEUED_SET_KEY, dedupeKey);
            if (added === 0) {
                logger.debug(
                    `Rebuild queue: skipped duplicate queued job ${job.type}:${job.id}`
                );
                return;
            }
            await redis.rpush(QUEUE_KEY, JSON.stringify(job));
            logger.debug(
                `Rebuild queue: enqueued ${job.type}:${job.id} (queue position: tail)`
            );
        } catch (err) {
            await redis
                .srem(QUEUED_SET_KEY, `${job.type}:${job.id}`)
                .catch((cleanupErr) =>
                    logger.warn(
                        `Rebuild queue: failed to cleanup dedupe key for ${job.type}:${job.id} after enqueue failure:`,
                        cleanupErr
                    )
                );
            logger.error(
                `Rebuild queue: failed to enqueue ${job.type}:${job.id}:`,
                err
            );
        }
    }
    startProcessing(handlers: RebuildJobHandlers): void {
        if (this.processingStarted) return;
        this.processingStarted = true;
        this.processLoop(handlers).catch((err) => {
            logger.error("Rebuild queue processor loop crashed:", err);
        });
        logger.info("Rebuild queue processor started");
    }
    private async processLoop(handlers: RebuildJobHandlers): Promise<void> {
        while (true) {
            try {
                await this.tryProcessBatch(handlers);
            } catch (err) {
                logger.error(
                    "Rebuild queue: unhandled error in process loop:",
                    err
                );
            }
            await new Promise((resolve) =>
                setTimeout(resolve, POLL_INTERVAL_MS)
            );
        }
    }
    private async tryProcessBatch(handlers: RebuildJobHandlers): Promise<void> {
        if (!redis || redis.status !== "ready") return;
        // Peek before acquiring the processor lock to avoid unnecessary Redis
        // round-trips and lock contention when the queue is idle.
        const queueLength = await redis.llen(QUEUE_KEY).catch(() => 0);
        if (queueLength === 0) return;
        try {
            await lockManager.withLock(
                PROCESSOR_LOCK_KEY,
                async () => {
                    for (let i = 0; i < BATCH_SIZE; i++) {
                        if (!redis || redis.status !== "ready") break;
                        const payload = await redis.lpop(QUEUE_KEY);
                        if (payload === null) break; // queue drained
                        let job: RebuildJob;
                        try {
                            job = JSON.parse(payload) as RebuildJob;
                        } catch {
                            logger.error(
                                `Rebuild queue: could not parse job payload, discarding: ${payload}`
                            );
                            continue;
                        }
                        // Remove from dedupe set once dequeued so the same job
                        // can be re-queued while this one is in progress.
                        await redis
                            .srem(QUEUED_SET_KEY, `${job.type}:${job.id}`)
                            .catch((cleanupErr) =>
                                logger.warn(
                                    `Rebuild queue: failed to remove dedupe key for ${job.type}:${job.id} on dequeue:`,
                                    cleanupErr
                                )
                            );
                        logger.debug(
                            `Rebuild queue: processing ${job.type}:${job.id}`
                        );
                        try {
                            if (job.type === "site-resource") {
                                await handlers.onSiteResource(job.id);
                            } else if (job.type === "client") {
                                await handlers.onClient(job.id);
                            } else {
                                logger.warn(
                                    `Rebuild queue: unknown job type "${(job as any).type}", discarding`
                                );
                            }
                            logger.debug(
                                `Rebuild queue: completed ${job.type}:${job.id}`
                            );
                        } catch (err) {
                            logger.error(
                                `Rebuild queue: job ${job.type}:${job.id} threw an error:`,
                                err
                            );
                        }
                    }
                },
                PROCESSOR_LOCK_TTL_MS
            );
        } catch (err: any) {
            if (
                typeof err?.message === "string" &&
                err.message.startsWith("Failed to acquire lock")
            ) {
                // Another server instance currently holds the processor lock and
                // is consuming the queue — nothing to do this cycle.
                logger.debug(
                    "Rebuild queue: processor lock held by another instance, skipping this cycle"
                );
            } else {
                throw err;
            }
        }
    }
 }
 export const rebuildQueue: RedisRebuildQueue = new RedisRebuildQueue();
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -84,8 +84,8 @@ export async function getTraefikConfig(
    filterOutNamespaceDomains = false,
    generateLoginPageRouters = false,
    allowRawResources = true,
-    maintenancePageUiUrl: string | null = null,
+    allowMaintenancePage = true,
-    browserGatewayUiUrl: string | null = null
+    allowBrowserGatewayResources = true
 ): Promise<any> {
    // Get resources with their targets and sites in a single optimized query
    // Start from sites on this exit node, then join to targets and resources
@@ -317,7 +317,7 @@ export async function getTraefikConfig(
        BrowserGatewayResourceEntry
    >();
-    if (browserGatewayUiUrl) {
+    if (allowBrowserGatewayResources) {
        for (const row of resourcesWithTargetsAndSites) {
            if (!["ssh", "vnc", "rdp"].includes(row.mode)) {
                continue;
@@ -630,11 +630,10 @@ export async function getTraefikConfig(
                }
            }
-            if (showMaintenancePage && maintenancePageUiUrl) {
+            if (showMaintenancePage && allowMaintenancePage) {
                const maintenanceServiceName = `${key}-maintenance-service`;
                const maintenanceRouterName = `${key}-maintenance-router`;
                const rewriteMiddlewareName = `${key}-maintenance-rewrite`;
                const maintenanceHeadersMiddlewareName = `${key}-maintenance-headers`;
                const entrypointHttp =
                    config.getRawConfig().traefik.http_entrypoint;
@@ -647,11 +646,15 @@ export async function getTraefikConfig(
                    ? `*.${domainParts.slice(1).join(".")}`
                    : fullDomain;
                const maintenancePort = config.getRawConfig().server.next_port;
                const maintenanceHost =
                    config.getRawConfig().server.internal_hostname;
                config_output.http.services[maintenanceServiceName] = {
                    loadBalancer: {
                        servers: [
                            {
-                                url: maintenancePageUiUrl
+                                url: `http://${maintenanceHost}:${maintenancePort}`
                            }
                        ],
                        passHostHeader: true
@@ -670,26 +673,12 @@ export async function getTraefikConfig(
                    }
                };
                config_output.http.middlewares[
                    maintenanceHeadersMiddlewareName
                ] = {
                    headers: {
                        customRequestHeaders: {
                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
                            "p-host": fullDomain
                        }
                    }
                };
                config_output.http.routers[maintenanceRouterName] = {
                    entryPoints: [
                        resource.ssl ? entrypointHttps : entrypointHttp
                    ],
                    service: maintenanceServiceName,
-                    middlewares: [
+                    middlewares: [rewriteMiddlewareName],
                        rewriteMiddlewareName,
                        maintenanceHeadersMiddlewareName
                    ],
                    rule: rule,
                    priority: 2000,
                    ...(resource.ssl ? { tls } : {})
@@ -702,7 +691,6 @@ export async function getTraefikConfig(
                            resource.ssl ? entrypointHttps : entrypointHttp
                        ],
                        service: maintenanceServiceName,
                        middlewares: [maintenanceHeadersMiddlewareName],
                        rule: `${rule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`)) `,
                        priority: 2001,
                        ...(resource.ssl ? { tls } : {})
@@ -1039,7 +1027,7 @@ export async function getTraefikConfig(
        }
    }
-    if (browserGatewayUiUrl) {
+    if (allowBrowserGatewayResources) {
        // Generate Traefik config for browser gateway resources
        const browserGatewayPort = 39999;
        for (const [, bgResource] of browserGatewayResourcesMap.entries()) {
@@ -1131,17 +1119,20 @@ export async function getTraefikConfig(
                }
            }
-            if (showBgMaintenancePage && maintenancePageUiUrl) {
+            if (showBgMaintenancePage && allowMaintenancePage) {
                const bgMaintenanceServiceName = `bg-r${bgResource.resourceId}-maintenance-service`;
                const bgMaintenanceRouterName = `bg-r${bgResource.resourceId}-maintenance-router`;
                const bgRewriteMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-rewrite`;
                const bgMaintenanceHeadersMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-headers`;
                const entrypointHttp =
                    config.getRawConfig().traefik.http_entrypoint;
                const entrypointHttps =
                    config.getRawConfig().traefik.https_entrypoint;
                const maintenancePort = config.getRawConfig().server.next_port;
                const maintenanceHost =
                    config.getRawConfig().server.internal_hostname;
                if (!config_output.http.services)
                    config_output.http.services = {};
                if (!config_output.http.middlewares)
@@ -1153,7 +1144,7 @@ export async function getTraefikConfig(
                    loadBalancer: {
                        servers: [
                            {
-                                url: maintenancePageUiUrl
+                                url: `http://${maintenanceHost}:${maintenancePort}`
                            }
                        ],
                        passHostHeader: true
@@ -1167,26 +1158,12 @@ export async function getTraefikConfig(
                    }
                };
                config_output.http.middlewares![
                    bgMaintenanceHeadersMiddlewareName
                ] = {
                    headers: {
                        customRequestHeaders: {
                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
                            "p-host": fullDomain
                        }
                    }
                };
                config_output.http.routers![bgMaintenanceRouterName] = {
                    entryPoints: [
                        bgResource.ssl ? entrypointHttps : entrypointHttp
                    ],
                    service: bgMaintenanceServiceName,
-                    middlewares: [
+                    middlewares: [bgRewriteMiddlewareName],
                        bgRewriteMiddlewareName,
                        bgMaintenanceHeadersMiddlewareName
                    ],
                    rule: hostRule,
                    priority: 2000,
                    ...(bgResource.ssl ? { tls } : {})
@@ -1199,7 +1176,6 @@ export async function getTraefikConfig(
                        bgResource.ssl ? entrypointHttps : entrypointHttp
                    ],
                    service: bgMaintenanceServiceName,
                    middlewares: [bgMaintenanceHeadersMiddlewareName],
                    rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                    priority: 2001,
                    ...(bgResource.ssl ? { tls } : {})
@@ -1258,8 +1234,9 @@ export async function getTraefikConfig(
            // The primary type is used for the path rewrite (e.g. /rdp), mirroring
            // how the maintenance page rewrites everything to /maintenance-screen.
            const primaryType = typeMap.keys().next().value as string;
            const internalHost = config.getRawConfig().server.internal_hostname;
            const internalPort = config.getRawConfig().server.next_port;
            const uiRewriteMiddlewareName = `bg-r${bgResource.resourceId}-ui-rewrite`;
            const uiHeadersMiddlewareName = `bg-r${bgResource.resourceId}-ui-headers`;
            const entrypoint = bgResource.ssl
                ? config.getRawConfig().traefik.https_entrypoint
                : config.getRawConfig().traefik.http_entrypoint;
@@ -1275,33 +1252,22 @@ export async function getTraefikConfig(
                }
            };
            config_output.http.middlewares![uiHeadersMiddlewareName] = {
                headers: {
                    customRequestHeaders: {
                        Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
                        "p-host": fullDomain
                    }
                }
            };
            config_output.http.services![bgUiServiceName] = {
                loadBalancer: {
                    servers: [
                        {
-                            url: browserGatewayUiUrl
+                            url: `http://${internalHost}:${internalPort}`
                        }
                    ]
                }
            };
-            // Assets router at higher priority so /_next files load without rewrite.
+            // Assets router at higher priority so /_next files load without rewrite
            // Do NOT apply the path-rewrite middleware here — static assets must
            // keep their original path; only the host headers are needed.
            config_output.http.routers![
                `bg-r${bgResource.resourceId}-assets-router`
            ] = {
                entryPoints: [entrypoint],
-                middlewares: [...routerMiddlewares, uiHeadersMiddlewareName],
+                middlewares: routerMiddlewares,
                service: bgUiServiceName,
                rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                priority: 101,
@@ -1313,11 +1279,7 @@ export async function getTraefikConfig(
                `bg-r${bgResource.resourceId}-ui-router`
            ] = {
                entryPoints: [entrypoint],
-                middlewares: [
+                middlewares: [...routerMiddlewares, uiRewriteMiddlewareName],
                    ...routerMiddlewares,
                    uiRewriteMiddlewareName,
                    uiHeadersMiddlewareName
                ],
                service: bgUiServiceName,
                rule: hostRule,
                priority: 100,
@@ -1350,6 +1312,10 @@ export async function getTraefikConfig(
            const siteResourceRouterName = `${srKey}-router`;
            const siteResourceRewriteMiddlewareName = `${srKey}-rewrite`;
            const maintenancePort = config.getRawConfig().server.next_port;
            const maintenanceHost =
                config.getRawConfig().server.internal_hostname;
            if (!config_output.http.routers) {
                config_output.http.routers = {};
            }
@@ -1365,7 +1331,7 @@ export async function getTraefikConfig(
                loadBalancer: {
                    servers: [
                        {
-                            url: maintenancePageUiUrl
+                            url: `http://${maintenanceHost}:${maintenancePort}`
                        }
                    ],
                    passHostHeader: true
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -612,7 +612,7 @@ authenticated.post(
    verifyValidSubscription(tierMatrix.advancedPrivateResources),
    verifyOrgAccess,
    verifyLimits,
-    // verifyUserHasAction(ActionsEnum.signSshKey), // this check happens inside of the function now
+    verifyUserHasAction(ActionsEnum.signSshKey),
    // logActionAudit(ActionsEnum.signSshKey), // it is handled inside of the function below so we can include more metadata
    ssh.signSshKey
 );
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -277,8 +277,6 @@ hybridRouter.get(
            );
        }
        const pangolinUIUrl = config.getRawConfig().app.dashboard_url; // points to the dashboard to serve from there
        try {
            const traefikConfig = await getTraefikConfig(
                remoteExitNode.exitNodeId,
@@ -286,8 +284,8 @@ hybridRouter.get(
                true, // But don't allow domain namespace resources
                false, // Dont include login pages,
                true, // allow raw resources
-                pangolinUIUrl, // dont generate maintenance page
+                false, // dont generate maintenance page
-                pangolinUIUrl // generate browser gateway targets
+                false // dont generate browser gateway targets
            );
            return response(res, {
--- a/server/private/routers/ssh/signSshKey.ts
+++ b/server/private/routers/ssh/signSshKey.ts
@@ -20,8 +20,6 @@ import {
    logsDb,
    newts,
    roles,
    roleActions,
    rolePolicies,
    roleResources,
    roleSiteResources,
    resources,
@@ -42,7 +40,7 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
-import { and, eq, inArray, isNull, or } from "drizzle-orm";
+import { and, eq, inArray, or } from "drizzle-orm";
 import { canUserAccessResource } from "@server/auth/canUserAccessResource";
 import { canUserAccessSiteResource } from "@server/auth/canUserAccessSiteResource";
 import { signPublicKey, getOrgCAKeys } from "@server/lib/sshCA";
@@ -142,27 +140,6 @@ export async function signSshKey(
            );
        }
        const roleActionPermission = await db
            .select({ roleId: roleActions.roleId })
            .from(roleActions)
            .where(
                and(
                    eq(roleActions.actionId, ActionsEnum.signSshKey),
                    inArray(roleActions.roleId, roleIds),
                    eq(roleActions.orgId, orgId)
                )
            )
            .limit(1);
        if (roleActionPermission.length === 0) {
            return next(
                createHttpError(
                    HttpCode.FORBIDDEN,
                    "User does not have permission perform this action"
                )
            );
        }
        const isLicensed = await isLicensedOrSubscribed(
            orgId,
            tierMatrix.advancedPrivateResources
@@ -458,106 +435,50 @@ export async function signSshKey(
                usernameToUse = userOrg.pamUsername;
            }
-            type RoleSshMeta = {
+            const roleRows =
-                roleId: number;
+                type === "private"
-                sshSudoCommands: string | null;
+                    ? await db
-                sshUnixGroups: string | null;
+                          .select({
-                sshCreateHomeDir: boolean | null;
+                              sshSudoCommands: roles.sshSudoCommands,
-                sshSudoMode: string | null;
+                              sshUnixGroups: roles.sshUnixGroups,
-            };
+                              sshCreateHomeDir: roles.sshCreateHomeDir,
-
+                              sshSudoMode: roles.sshSudoMode
-            let roleRows: RoleSshMeta[] = [];
+                          })
-
+                          .from(roles)
-            if (type === "private") {
+                          .innerJoin(
-                roleRows = await db
+                              roleSiteResources,
-                    .select({
+                              eq(roleSiteResources.roleId, roles.roleId)
-                        roleId: roles.roleId,
+                          )
-                        sshSudoCommands: roles.sshSudoCommands,
+                          .where(
-                        sshUnixGroups: roles.sshUnixGroups,
+                              and(
-                        sshCreateHomeDir: roles.sshCreateHomeDir,
+                                  inArray(roles.roleId, roleIds),
-                        sshSudoMode: roles.sshSudoMode
+                                  eq(
-                    })
+                                      roleSiteResources.siteResourceId,
-                    .from(roles)
+                                      (resource as SiteResource).siteResourceId
-                    .innerJoin(
+                                  )
-                        roleSiteResources,
+                              )
-                        eq(roleSiteResources.roleId, roles.roleId)
+                          )
-                    )
+                    : await db
-                    .where(
+                          .select({
-                        and(
+                              sshSudoCommands: roles.sshSudoCommands,
-                            inArray(roles.roleId, roleIds),
+                              sshUnixGroups: roles.sshUnixGroups,
-                            eq(
+                              sshCreateHomeDir: roles.sshCreateHomeDir,
-                                roleSiteResources.siteResourceId,
+                              sshSudoMode: roles.sshSudoMode
-                                (resource as SiteResource).siteResourceId
+                          })
-                            )
+                          .from(roles)
-                        )
+                          .innerJoin(
-                    );
+                              roleResources,
-            } else {
+                              eq(roleResources.roleId, roles.roleId)
-                const publicResourceId = (resource as Resource).resourceId;
+                          )
-                const [directRoleRows, policyRoleRows] = await Promise.all([
+                          .where(
-                    db
+                              and(
-                        .select({
+                                  inArray(roles.roleId, roleIds),
-                            roleId: roles.roleId,
+                                  eq(
-                            sshSudoCommands: roles.sshSudoCommands,
+                                      roleResources.resourceId,
-                            sshUnixGroups: roles.sshUnixGroups,
+                                      (resource as Resource).resourceId
-                            sshCreateHomeDir: roles.sshCreateHomeDir,
+                                  )
-                            sshSudoMode: roles.sshSudoMode
+                              )
-                        })
+                          );
                        .from(roles)
                        .innerJoin(
                            roleResources,
                            eq(roleResources.roleId, roles.roleId)
                        )
                        .where(
                            and(
                                inArray(roles.roleId, roleIds),
                                eq(roleResources.resourceId, publicResourceId)
                            )
                        ),
                    db
                        .select({
                            roleId: roles.roleId,
                            sshSudoCommands: roles.sshSudoCommands,
                            sshUnixGroups: roles.sshUnixGroups,
                            sshCreateHomeDir: roles.sshCreateHomeDir,
                            sshSudoMode: roles.sshSudoMode
                        })
                        .from(roles)
                        .innerJoin(
                            rolePolicies,
                            eq(rolePolicies.roleId, roles.roleId)
                        )
                        .innerJoin(
                            resources,
                            or(
                                eq(
                                    resources.resourcePolicyId,
                                    rolePolicies.resourcePolicyId
                                ),
                                and(
                                    isNull(resources.resourcePolicyId),
                                    eq(
                                        resources.defaultResourcePolicyId,
                                        rolePolicies.resourcePolicyId
                                    )
                                )
                            )
                        )
                        .where(
                            and(
                                inArray(roles.roleId, roleIds),
                                eq(resources.resourceId, publicResourceId)
                            )
                        )
                ]);
                const uniqueByRoleId = new Map<number, RoleSshMeta>();
                for (const row of [...directRoleRows, ...policyRoleRows]) {
                    if (!uniqueByRoleId.has(row.roleId)) {
                        uniqueByRoleId.set(row.roleId, row);
                    }
                }
                roleRows = Array.from(uniqueByRoleId.values());
            }
            const parsedSudoCommands: string[] = [];
            const parsedGroupsSet = new Set<string>();
@@ -644,6 +565,14 @@ export async function signSshKey(
                messageIds.push(message.messageId);
                const agentHost = siteAgentHostMap.get(siteId);
                if (!agentHost) {
                    return next(
                        createHttpError(
                            HttpCode.INTERNAL_SERVER_ERROR,
                            `Unable to determine agent host for site ${siteId}`
                        )
                    );
                }
                await sendToClient(newt.newtId, {
                    type: `newt/pam/connection`,
--- a/server/private/routers/ws/ws.ts
+++ b/server/private/routers/ws/ws.ts
@@ -38,6 +38,7 @@ import { messageHandlers } from "@server/routers/ws/messageHandlers";
 import { messageHandlers as privateMessageHandlers } from "#private/routers/ws/messageHandlers";
 import {
    AuthenticatedWebSocket,
    BatchSendMessage,
    ClientType,
    WSMessage,
    TokenPayload,
@@ -187,6 +188,8 @@ const wss: WebSocketServer = new WebSocketServer({ noServer: true });
 // Generate unique node ID for this instance
 const NODE_ID = uuidv4();
 const REDIS_CHANNEL = "websocket_messages";
 const REDIS_DIRECT_BATCH_SIZE = 250;
 const REDIS_DIRECT_FLUSH_INTERVAL_MS = 10;
 // Client tracking map (local to this node)
 const connectedClients: Map<string, AuthenticatedWebSocket[]> = new Map();
@@ -197,6 +200,15 @@ const clientConfigVersions: Map<string, number> = new Map();
 // Recovery tracking
 let isRedisRecoveryInProgress = false;
 interface RedisDirectBatchEntry {
    targetClientId: string;
    message: WSMessage;
    resolve: () => void;
 }
 let pendingRedisDirectMessages: RedisDirectBatchEntry[] = [];
 let redisDirectFlushTimer: NodeJS.Timeout | null = null;
 // Helper to get map key
 const getClientMapKey = (clientId: string) => clientId;
@@ -207,6 +219,78 @@ const getNodeConnectionsKey = (nodeId: string, clientId: string) =>
 const getConfigVersionKey = (clientId: string) =>
    `ws:configVersion:${clientId}`;
 const clearRedisDirectFlushTimer = (): void => {
    if (redisDirectFlushTimer) {
        clearTimeout(redisDirectFlushTimer);
        redisDirectFlushTimer = null;
    }
 };
 const publishDirectBatch = async (
    entries: RedisDirectBatchEntry[]
 ): Promise<void> => {
    const redisMessage: RedisMessage = {
        type: "direct-batch",
        messages: entries.map((entry) => ({
            targetClientId: entry.targetClientId,
            message: entry.message
        })),
        fromNodeId: NODE_ID
    };
    await redisManager.publish(REDIS_CHANNEL, JSON.stringify(redisMessage));
 };
 const flushPendingRedisDirectMessages = async (): Promise<void> => {
    clearRedisDirectFlushTimer();
    if (pendingRedisDirectMessages.length === 0) {
        return;
    }
    const entries = pendingRedisDirectMessages;
    pendingRedisDirectMessages = [];
    if (!redisManager.isRedisEnabled()) {
        entries.forEach((entry) => entry.resolve());
        return;
    }
    for (let i = 0; i < entries.length; i += REDIS_DIRECT_BATCH_SIZE) {
        const batch = entries.slice(i, i + REDIS_DIRECT_BATCH_SIZE);
        try {
            await publishDirectBatch(batch);
        } catch (error) {
            logger.error(
                "Failed to send batched direct messages via Redis, messages may be lost:",
                error
            );
        } finally {
            batch.forEach((entry) => entry.resolve());
        }
    }
 };
 const enqueueRedisDirectMessage = async (
    targetClientId: string,
    message: WSMessage
 ): Promise<void> => {
    await new Promise<void>((resolve) => {
        pendingRedisDirectMessages.push({ targetClientId, message, resolve });
        if (pendingRedisDirectMessages.length >= REDIS_DIRECT_BATCH_SIZE) {
            void flushPendingRedisDirectMessages();
            return;
        }
        if (!redisDirectFlushTimer) {
            redisDirectFlushTimer = setTimeout(() => {
                void flushPendingRedisDirectMessages();
            }, REDIS_DIRECT_FLUSH_INTERVAL_MS);
        }
    });
 };
 // Initialize Redis subscription for cross-node messaging
 const initializeRedisSubscription = async (): Promise<void> => {
    if (!redisManager.isRedisEnabled()) return;
@@ -227,7 +311,16 @@ const initializeRedisSubscription = async (): Promise<void> => {
                    // Send to specific client on this node
                    await sendToClientLocal(
                        redisMessage.targetClientId,
-                        redisMessage.message
+                        redisMessage.message,
                        {},
                        redisMessage.message.configVersion
                    );
                } else if (
                    redisMessage.type === "direct-batch" &&
                    redisMessage.messages
                ) {
                    await sendRedisDirectBatchToLocalClients(
                        redisMessage.messages
                    );
                } else if (redisMessage.type === "broadcast") {
                    // Broadcast to all clients on this node except excluded
@@ -503,7 +596,8 @@ const incrementClientConfigVersion = async (
 const sendToClientLocal = async (
    clientId: string,
    message: WSMessage,
-    options: SendMessageOptions = {}
+    options: SendMessageOptions = {},
    preResolvedConfigVersion?: number
 ): Promise<boolean> => {
    const mapKey = getClientMapKey(clientId);
    const clients = connectedClients.get(mapKey);
@@ -512,7 +606,8 @@ const sendToClientLocal = async (
    }
    // Handle config version
-    const configVersion = await getClientConfigVersion(clientId);
+    const configVersion =
        preResolvedConfigVersion ?? (await getClientConfigVersion(clientId));
    // Add config version to message
    const messageWithVersion = {
@@ -545,6 +640,20 @@ const sendToClientLocal = async (
    return true;
 };
 const sendRedisDirectBatchToLocalClients = async (
    entries: { targetClientId: string; message: WSMessage }[]
 ): Promise<void> => {
    const jobs = entries.map((entry) =>
        sendToClientLocal(
            entry.targetClientId,
            entry.message,
            {},
            entry.message.configVersion
        )
    );
    await Promise.all(jobs);
 };
 const broadcastToAllExceptLocal = async (
    message: WSMessage,
    excludeClientId?: string,
@@ -607,23 +716,13 @@ const sendToClient = async (
    // Only send via Redis if the client is not connected locally and Redis is enabled
    if (!localSent && redisManager.isRedisEnabled()) {
        try {
-            const redisMessage: RedisMessage = {
+            await enqueueRedisDirectMessage(clientId, {
-                type: "direct",
+                ...message,
-                targetClientId: clientId,
+                configVersion
-                message: {
+            });
                    ...message,
                    configVersion
                },
                fromNodeId: NODE_ID
            };
            await redisManager.publish(
                REDIS_CHANNEL,
                JSON.stringify(redisMessage)
            );
        } catch (error) {
            logger.error(
-                "Failed to send message via Redis, message may be lost:",
+                "Failed to queue batched direct message for Redis delivery, message may be lost:",
                error
            );
            // Continue execution - local delivery already attempted
@@ -638,6 +737,76 @@ const sendToClient = async (
    return localSent;
 };
 const sendToClientsBatch = async (
    entries: BatchSendMessage[]
 ): Promise<void> => {
    if (entries.length === 0) {
        return;
    }
    const remoteEntries: { targetClientId: string; message: WSMessage }[] = [];
    for (const entry of entries) {
        const options = entry.options || {};
        const { clientId, message } = entry;
        let configVersion = await getClientConfigVersion(clientId);
        if (options.incrementConfigVersion) {
            configVersion = await incrementClientConfigVersion(clientId);
        }
        logger.debug(
            `sendToClientsBatch: Message type ${message.type} queued for clientId ${clientId} (new configVersion: ${configVersion})`
        );
        const localSent = await sendToClientLocal(
            clientId,
            message,
            options,
            configVersion
        );
        if (!localSent && redisManager.isRedisEnabled()) {
            remoteEntries.push({
                targetClientId: clientId,
                message: {
                    ...message,
                    configVersion
                }
            });
        } else if (!localSent && !redisManager.isRedisEnabled()) {
            logger.debug(
                `Could not deliver batch message to ${clientId} - not connected locally and Redis unavailable`
            );
        }
    }
    if (!redisManager.isRedisEnabled() || remoteEntries.length === 0) {
        return;
    }
    for (let i = 0; i < remoteEntries.length; i += REDIS_DIRECT_BATCH_SIZE) {
        const messages = remoteEntries.slice(i, i + REDIS_DIRECT_BATCH_SIZE);
        try {
            const redisMessage: RedisMessage = {
                type: "direct-batch",
                messages,
                fromNodeId: NODE_ID
            };
            await redisManager.publish(
                REDIS_CHANNEL,
                JSON.stringify(redisMessage)
            );
        } catch (error) {
            logger.error(
                "Failed to send explicit direct batch via Redis, messages may be lost:",
                error
            );
        }
    }
 };
 const broadcastToAllExcept = async (
    message: WSMessage,
    excludeClientId?: string,
@@ -1109,6 +1278,8 @@ const disconnectClient = async (clientId: string): Promise<boolean> => {
 // Cleanup function for graceful shutdown
 const cleanup = async (): Promise<void> => {
    try {
        await flushPendingRedisDirectMessages();
        // Close all WebSocket connections
        connectedClients.forEach((clients) => {
            clients.forEach((client) => {
@@ -1139,6 +1310,7 @@ export {
    router,
    handleWSUpgrade,
    sendToClient,
    sendToClientsBatch,
    broadcastToAllExcept,
    connectedClients,
    hasActiveConnections,
--- a/server/routers/client/targets.ts
+++ b/server/routers/client/targets.ts
@@ -1,4 +1,4 @@
-import { sendToClient } from "#dynamic/routers/ws";
+import { sendToClient, sendToClientsBatch } from "#dynamic/routers/ws";
 import { db, newts, olms } from "@server/db";
 import {
    Alias,
@@ -8,7 +8,7 @@ import {
 } from "@server/lib/ip";
 import { canCompress } from "@server/lib/clientVersionChecks";
 import logger from "@server/logger";
-import { eq } from "drizzle-orm";
+import { eq, inArray } from "drizzle-orm";
 import semver from "semver";
 const NEWT_V2_TARGETS_VERSION = ">=1.10.3";
@@ -59,6 +59,42 @@ export async function addTargets(
    );
 }
 export async function addTargetsBatch(
    entries: {
        newtId: string;
        targets: SubnetProxyTarget[] | SubnetProxyTargetV2[];
        version?: string | null;
    }[]
 ) {
    if (entries.length === 0) {
        return;
    }
    const resolved = await Promise.all(
        entries.map(async (entry) => ({
            ...entry,
            targets: await convertTargetsIfNecessary(
                entry.newtId,
                entry.targets
            )
        }))
    );
    await sendToClientsBatch(
        resolved.map((entry) => ({
            clientId: entry.newtId,
            message: {
                type: `newt/wg/targets/add`,
                data: entry.targets
            },
            options: {
                incrementConfigVersion: true,
                compress: canCompress(entry.version, "newt")
            }
        }))
    );
 }
 export async function removeTargets(
    newtId: string,
    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[],
@@ -76,6 +112,42 @@ export async function removeTargets(
    );
 }
 export async function removeTargetsBatch(
    entries: {
        newtId: string;
        targets: SubnetProxyTarget[] | SubnetProxyTargetV2[];
        version?: string | null;
    }[]
 ) {
    if (entries.length === 0) {
        return;
    }
    const resolved = await Promise.all(
        entries.map(async (entry) => ({
            ...entry,
            targets: await convertTargetsIfNecessary(
                entry.newtId,
                entry.targets
            )
        }))
    );
    await sendToClientsBatch(
        resolved.map((entry) => ({
            clientId: entry.newtId,
            message: {
                type: `newt/wg/targets/remove`,
                data: entry.targets
            },
            options: {
                incrementConfigVersion: true,
                compress: canCompress(entry.version, "newt")
            }
        }))
    );
 }
 export async function updateTargets(
    newtId: string,
    targets: {
@@ -201,6 +273,171 @@ export async function removePeerData(
    });
 }
 const resolveOlmTargets = async (
    entries: {
        clientId: number;
        olmId?: string;
        version?: string | null;
    }[]
 ) => {
    const unresolvedClientIds = entries
        .filter((entry) => !entry.olmId)
        .map((entry) => entry.clientId);
    const olmMap = new Map<number, { olmId: string; version: string | null }>();
    if (unresolvedClientIds.length > 0) {
        const olmRows = await db
            .select({
                clientId: olms.clientId,
                olmId: olms.olmId,
                version: olms.version
            })
            .from(olms)
            .where(inArray(olms.clientId, unresolvedClientIds));
        for (const row of olmRows) {
            if (row.clientId !== null) {
                olmMap.set(row.clientId, {
                    olmId: row.olmId,
                    version: row.version
                });
            }
        }
    }
    return entries
        .map((entry) => {
            if (entry.olmId) {
                return {
                    clientId: entry.clientId,
                    olmId: entry.olmId,
                    version: entry.version
                };
            }
            const resolved = olmMap.get(entry.clientId);
            if (!resolved) {
                return null;
            }
            return {
                clientId: entry.clientId,
                olmId: resolved.olmId,
                version: entry.version ?? resolved.version
            };
        })
        .filter((entry) => entry !== null);
 };
 export async function addPeerDataBatch(
    entries: {
        clientId: number;
        siteId: number;
        remoteSubnets: string[];
        aliases: Alias[];
        olmId?: string;
        version?: string | null;
    }[]
 ) {
    if (entries.length === 0) {
        return;
    }
    const resolvedTargets = await resolveOlmTargets(entries);
    if (resolvedTargets.length === 0) {
        return;
    }
    const payloads = entries
        .map((entry) => {
            const resolved = resolvedTargets.find(
                (target) => target.clientId === entry.clientId
            );
            if (!resolved) {
                return null;
            }
            return {
                clientId: resolved.olmId,
                message: {
                    type: `olm/wg/peer/data/add`,
                    data: {
                        siteId: entry.siteId,
                        remoteSubnets: entry.remoteSubnets,
                        aliases: entry.aliases
                    }
                },
                options: {
                    incrementConfigVersion: true,
                    compress: canCompress(resolved.version, "olm")
                }
            };
        })
        .filter((entry) => entry !== null);
    if (payloads.length === 0) {
        return;
    }
    await sendToClientsBatch(payloads);
 }
 export async function removePeerDataBatch(
    entries: {
        clientId: number;
        siteId: number;
        remoteSubnets: string[];
        aliases: Alias[];
        olmId?: string;
        version?: string | null;
    }[]
 ) {
    if (entries.length === 0) {
        return;
    }
    const resolvedTargets = await resolveOlmTargets(entries);
    if (resolvedTargets.length === 0) {
        return;
    }
    const payloads = entries
        .map((entry) => {
            const resolved = resolvedTargets.find(
                (target) => target.clientId === entry.clientId
            );
            if (!resolved) {
                return null;
            }
            return {
                clientId: resolved.olmId,
                message: {
                    type: `olm/wg/peer/data/remove`,
                    data: {
                        siteId: entry.siteId,
                        remoteSubnets: entry.remoteSubnets,
                        aliases: entry.aliases
                    }
                },
                options: {
                    incrementConfigVersion: true,
                    compress: canCompress(resolved.version, "olm")
                }
            };
        })
        .filter((entry) => entry !== null);
    if (payloads.length === 0) {
        return;
    }
    await sendToClientsBatch(payloads);
 }
 export async function updatePeerData(
    clientId: number,
    siteId: number,
--- a/server/routers/newt/handleNewtGetConfigMessage.ts
+++ b/server/routers/newt/handleNewtGetConfigMessage.ts
@@ -54,7 +54,7 @@ export const handleNewtGetConfigMessage: MessageHandler = async (context) => {
        // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly)
    }
-    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 12) {
+    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 5) {
        logger.warn(
            `Site last hole punch is too old; skipping this register. The site is failing to hole punch and identify its network address with the server. Can the site reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`
        );
--- a/server/routers/newt/peers.ts
+++ b/server/routers/newt/peers.ts
@@ -1,7 +1,7 @@
 import { db, Site } from "@server/db";
 import { newts, sites } from "@server/db";
 import { eq } from "drizzle-orm";
-import { sendToClient } from "#dynamic/routers/ws";
+import { sendToClient, sendToClientsBatch } from "#dynamic/routers/ws";
 import logger from "@server/logger";
 export async function addPeer(
@@ -36,10 +36,14 @@ export async function addPeer(
        newtId = newt.newtId;
    }
-    await sendToClient(newtId, {
+    await sendToClient(
-        type: "newt/wg/peer/add",
+        newtId,
-        data: peer
+        {
-    }, { incrementConfigVersion: true }).catch((error) => {
+            type: "newt/wg/peer/add",
            data: peer
        },
        { incrementConfigVersion: true }
    ).catch((error) => {
        logger.warn(`Error sending message:`, error);
    });
@@ -76,12 +80,16 @@ export async function deletePeer(
        newtId = newt.newtId;
    }
-    await sendToClient(newtId, {
+    await sendToClient(
-        type: "newt/wg/peer/remove",
+        newtId,
-        data: {
+        {
-            publicKey
+            type: "newt/wg/peer/remove",
-        }
+            data: {
-    }, { incrementConfigVersion: true }).catch((error) => {
+                publicKey
            }
        },
        { incrementConfigVersion: true }
    ).catch((error) => {
        logger.warn(`Error sending message:`, error);
    });
@@ -90,6 +98,35 @@ export async function deletePeer(
    return site;
 }
 export async function deletePeersBatch(
    peers: {
        siteId: number;
        publicKey: string;
        newtId: string;
    }[]
 ) {
    if (peers.length === 0) {
        return;
    }
    await sendToClientsBatch(
        peers.map((peer) => ({
            clientId: peer.newtId,
            message: {
                type: "newt/wg/peer/remove",
                data: {
                    publicKey: peer.publicKey
                }
            },
            options: { incrementConfigVersion: true }
        }))
    ).catch((error) => {
        logger.warn(`Error sending batched newt peer removals:`, error);
    });
    logger.info(`Deleted ${peers.length} peer(s) from newts (batch)`);
 }
 export async function updatePeer(
    siteId: number,
    publicKey: string,
@@ -122,13 +159,17 @@ export async function updatePeer(
        newtId = newt.newtId;
    }
-    await sendToClient(newtId, {
+    await sendToClient(
-        type: "newt/wg/peer/update",
+        newtId,
-        data: {
+        {
-            publicKey,
+            type: "newt/wg/peer/update",
-            ...peer
+            data: {
-        }
+                publicKey,
-    }, { incrementConfigVersion: true }).catch((error) => {
+                ...peer
            }
        },
        { incrementConfigVersion: true }
    ).catch((error) => {
        logger.warn(`Error sending message:`, error);
    });
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -348,7 +348,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
    // this prevents us from accepting a register from an olm that has not hole punched yet.
    // the olm will pump the register so we can keep checking
    // TODO: I still think there is a better way to do this rather than locking it out here but ???
-    if (now - (client.lastHolePunch || 0) > 12 && sitesCount > 0) {
+    if (now - (client.lastHolePunch || 0) > 5 && sitesCount > 0) {
        logger.warn(
            `[handleOlmRegisterMessage] Client last hole punch is too old and we have sites to send; skipping this register. The client is failing to hole punch and identify its network address with the server. Can the client reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`,
            { orgId: client.orgId, clientId: client.clientId }
--- a/server/routers/olm/peers.ts
+++ b/server/routers/olm/peers.ts
@@ -1,9 +1,9 @@
-import { sendToClient } from "#dynamic/routers/ws";
+import { sendToClient, sendToClientsBatch } from "#dynamic/routers/ws";
 import { clientSitesAssociationsCache, db, olms } from "@server/db";
 import { canCompress } from "@server/lib/clientVersionChecks";
 import config from "@server/lib/config";
 import logger from "@server/logger";
-import { and, eq } from "drizzle-orm";
+import { and, eq, inArray } from "drizzle-orm";
 import { Alias } from "yaml";
 export async function addPeer(
@@ -205,3 +205,150 @@ export async function initPeerAddHandshake(
        `Initiated peer add handshake for site ${peer.siteId} to olm ${olmId}`
    );
 }
 export async function deletePeersBatch(
    peers: {
        clientId: number;
        siteId: number;
        publicKey: string;
        olmId?: string;
        version?: string | null;
    }[]
 ) {
    if (peers.length === 0) {
        return;
    }
    const unresolvedClientIds = peers
        .filter((peer) => !peer.olmId)
        .map((peer) => peer.clientId);
    const olmByClientId = new Map<
        number,
        { olmId: string; version: string | null }
    >();
    if (unresolvedClientIds.length > 0) {
        const olmRows = await db
            .select({
                clientId: olms.clientId,
                olmId: olms.olmId,
                version: olms.version
            })
            .from(olms)
            .where(inArray(olms.clientId, unresolvedClientIds));
        for (const row of olmRows) {
            if (row.clientId !== null) {
                olmByClientId.set(row.clientId, {
                    olmId: row.olmId,
                    version: row.version
                });
            }
        }
    }
    const batchPayloads = peers
        .map((peer) => {
            const resolved = peer.olmId
                ? { olmId: peer.olmId, version: peer.version ?? null }
                : olmByClientId.get(peer.clientId);
            if (!resolved) {
                return null;
            }
            return {
                clientId: resolved.olmId,
                message: {
                    type: "olm/wg/peer/remove",
                    data: {
                        publicKey: peer.publicKey,
                        siteId: peer.siteId
                    }
                },
                options: {
                    incrementConfigVersion: true,
                    compress: canCompress(
                        peer.version ?? resolved.version,
                        "olm"
                    )
                }
            };
        })
        .filter((payload) => payload !== null);
    if (batchPayloads.length === 0) {
        return;
    }
    await sendToClientsBatch(batchPayloads).catch((error) => {
        logger.warn(`Error sending batched olm peer removals:`, error);
    });
    logger.info(`Deleted ${batchPayloads.length} peer(s) from olms (batch)`);
 }
 export async function initPeerAddHandshakeBatch(
    handshakes: {
        clientId: number;
        peer: {
            siteId: number;
            exitNode: {
                publicKey: string;
                endpoint: string;
            };
        };
        olmId: string;
        chainId?: string;
    }[]
 ) {
    if (handshakes.length === 0) {
        return;
    }
    await sendToClientsBatch(
        handshakes.map((item) => ({
            clientId: item.olmId,
            message: {
                type: "olm/wg/peer/holepunch/site/add",
                data: {
                    siteId: item.peer.siteId,
                    exitNode: {
                        publicKey: item.peer.exitNode.publicKey,
                        relayPort:
                            config.getRawConfig().gerbil.clients_start_port,
                        endpoint: item.peer.exitNode.endpoint
                    },
                    chainId: item.chainId
                }
            },
            options: { incrementConfigVersion: true }
        }))
    ).catch((error) => {
        logger.warn(`Error sending batched olm handshakes:`, error);
    });
    await Promise.all(
        handshakes.map((item) =>
            db
                .update(clientSitesAssociationsCache)
                .set({ isJitMode: false })
                .where(
                    and(
                        eq(
                            clientSitesAssociationsCache.clientId,
                            item.clientId
                        ),
                        eq(
                            clientSitesAssociationsCache.siteId,
                            item.peer.siteId
                        )
                    )
                )
        )
    );
    logger.info(
        `Initiated ${handshakes.length} peer add handshake(s) to olms (batch)`
    );
 }
--- a/server/routers/serverInfo/getServerInfo.ts
+++ b/server/routers/serverInfo/getServerInfo.ts
@@ -3,6 +3,7 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import config from "@server/lib/config";
 import { build } from "@server/build";
 import { APP_VERSION } from "@server/lib/consts";
 import license from "#dynamic/license/license";
@@ -21,6 +22,9 @@ export async function getServerInfo(
    next: NextFunction
 ): Promise<any> {
    try {
        const supporterData = config.getSupporterData();
        const supporterStatusValid = supporterData?.valid || false;
        let enterpriseLicenseValid = false;
        let enterpriseLicenseType: string | null = null;
@@ -37,7 +41,7 @@ export async function getServerInfo(
        return sendResponse<GetServerInfoResponse>(res, {
            data: {
                version: APP_VERSION,
-                supporterStatusValid: true,
+                supporterStatusValid,
                build,
                enterpriseLicenseValid,
                enterpriseLicenseType
--- a/server/routers/traefik/traefikConfigProvider.ts
+++ b/server/routers/traefik/traefikConfigProvider.ts
@@ -17,18 +17,13 @@ export async function traefikConfigProvider(
        // Get the current exit node name from config
        const currentExitNodeId = await getCurrentExitNodeId();
        const maintenancePort = config.getRawConfig().server.next_port;
        const maintenanceHost = config.getRawConfig().server.internal_hostname;
        const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
        const traefikConfig = await getTraefikConfig(
            currentExitNodeId,
            config.getRawConfig().traefik.site_types,
            build == "oss", // filter out the namespace domains in open source
            build != "oss", // generate the login pages on the cloud and and enterprise,
            config.getRawConfig().traefik.allow_raw_resources,
-            pangolinUIUrl,
+            build != "oss" // generate browser gateway resources on cloud and enterprise
            pangolinUIUrl
        );
        if (traefikConfig?.http?.middlewares) {
--- a/server/routers/ws/types.ts
+++ b/server/routers/ws/types.ts
@@ -76,12 +76,32 @@ export interface SendMessageOptions {
    compress?: boolean;
 }
-// Redis message type for cross-node communication
+export interface BatchSendMessage {
-export interface RedisMessage {
+    clientId: string;
    type: "direct" | "broadcast";
    targetClientId?: string;
    excludeClientId?: string;
    message: WSMessage;
    fromNodeId: string;
    options?: SendMessageOptions;
 }
 // Redis message types for cross-node communication
 export type RedisMessage =
    | {
          type: "direct";
          targetClientId: string;
          message: WSMessage;
          fromNodeId: string;
      }
    | {
          type: "direct-batch";
          messages: {
              targetClientId: string;
              message: WSMessage;
          }[];
          fromNodeId: string;
      }
    | {
          type: "broadcast";
          excludeClientId?: string;
          message: WSMessage;
          fromNodeId: string;
          options?: SendMessageOptions;
      };
--- a/server/routers/ws/ws.ts
+++ b/server/routers/ws/ws.ts
@@ -26,7 +26,8 @@ import {
    WebSocketRequest,
    WSMessage,
    AuthenticatedWebSocket,
-    SendMessageOptions
+    SendMessageOptions,
    BatchSendMessage
 } from "./types";
 import { validateSessionToken } from "@server/auth/sessions/app";
@@ -212,6 +213,20 @@ const sendToClient = async (
    return localSent;
 };
 const sendToClientsBatch = async (
    entries: BatchSendMessage[]
 ): Promise<void> => {
    if (entries.length === 0) {
        return;
    }
    await Promise.all(
        entries.map((entry) =>
            sendToClient(entry.clientId, entry.message, entry.options)
        )
    );
 };
 const broadcastToAllExcept = async (
    message: WSMessage,
    excludeClientId?: string,
@@ -552,6 +567,7 @@ export {
    router,
    handleWSUpgrade,
    sendToClient,
    sendToClientsBatch,
    broadcastToAllExcept,
    connectedClients,
    hasActiveConnections,
--- a/server/setup/migrationsSqlite.ts
+++ b/server/setup/migrationsSqlite.ts
@@ -44,7 +44,6 @@ import m38 from "./scriptsSqlite/1.18.0";
 import m39 from "./scriptsSqlite/1.18.3";
 import m40 from "./scriptsSqlite/1.18.4";
 import m41 from "./scriptsSqlite/1.19.0";
 import m42 from "./scriptsSqlite/1.19.1";
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -86,8 +85,7 @@ const migrations = [
    { version: "1.18.0", run: m38 },
    { version: "1.18.3", run: m39 },
    { version: "1.18.4", run: m40 },
-    { version: "1.19.0", run: m41 },
+    { version: "1.19.0", run: m41 }
    { version: "1.19.1", run: m42 }
    // Add new migrations here as they are created
 ] as const;
--- a/server/setup/scriptsSqlite/1.19.0.ts
+++ b/server/setup/scriptsSqlite/1.19.0.ts
@@ -228,7 +228,7 @@ export default async function migration() {
            ).run();
            db.prepare(
                `
-            UPDATE 'siteResources' SET "destination2" = "destination";
+            UPDATE 'siteResources' SET 'destination2' = 'destination';
                `
            ).run();
            db.prepare(
@@ -349,10 +349,10 @@ export default async function migration() {
            db.prepare(
                `
            UPDATE 'targets'
-            SET "mode" = COALESCE((
+            SET 'mode' = (
-                SELECT "mode" FROM 'resources'
+                SELECT 'mode' FROM 'resources'
-                WHERE "resources"."resourceId" = "targets"."resourceId"
+                WHERE 'resources'.'resourceId' = 'targets'.'resourceId'
-            ), 'http');
+            );
                `
            ).run();
            db.prepare(
@@ -680,6 +680,25 @@ export default async function migration() {
                    deleteResourceRules.run(resource.resourceId);
                    deleteResourceWhitelist.run(resource.resourceId);
                }
                // remove not null/default from sso, applyRules, and emailWhitelistEnabled in preparation for resource policies
                db.prepare(`ALTER TABLE 'resources' DROP COLUMN 'sso';`).run();
                db.prepare(
                    `ALTER TABLE 'resources' ADD COLUMN 'sso' integer;`
                ).run();
                db.prepare(
                    `ALTER TABLE 'resources' DROP COLUMN 'applyRules';`
                ).run();
                db.prepare(
                    `ALTER TABLE 'resources' ADD COLUMN 'applyRules' integer;`
                ).run();
                db.prepare(
                    `ALTER TABLE 'resources' DROP COLUMN 'emailWhitelistEnabled';`
                ).run();
                db.prepare(
                    `ALTER TABLE 'resources' ADD COLUMN 'emailWhitelistEnabled' integer;`
                ).run();
            });
            migrateInlinePolicies();
@@ -688,29 +707,6 @@ export default async function migration() {
            );
        }
        // add one more transaction
        db.transaction(() => {
            // remove not null/default from sso, applyRules, and emailWhitelistEnabled in preparation for resource policies
            db.prepare(`ALTER TABLE 'resources' DROP COLUMN 'sso';`).run();
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'sso' integer;`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' DROP COLUMN 'applyRules';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'applyRules' integer;`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' DROP COLUMN 'emailWhitelistEnabled';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'emailWhitelistEnabled' integer;`
            ).run();
        })();
        console.log("Migrated database");
    } catch (e) {
        console.log("Failed to migrate db:", e);
--- a/server/setup/scriptsSqlite/1.19.1.ts
+++ b/server/setup/scriptsSqlite/1.19.1.ts
@@ -1,59 +0,0 @@
 import { APP_PATH, __DIRNAME } from "@server/lib/consts";
 import Database from "better-sqlite3";
 import path from "path";
 const version = "1.19.1";
 export default async function migration() {
    console.log(`Running setup script ${version}...`);
    const location = path.join(APP_PATH, "db", "db.sqlite");
    const db = new Database(location);
    try {
        db.transaction(() => {
            // remove not null/default from sso, applyRules, and emailWhitelistEnabled in preparation for resource policies
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'sso2' integer;`
            ).run();
            db.prepare(`UPDATE 'resources' SET "sso2" = "sso";`).run();
            db.prepare(`ALTER TABLE 'resources' DROP COLUMN 'sso';`).run();
            db.prepare(
                `ALTER TABLE 'resources' RENAME COLUMN 'sso2' TO 'sso';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'applyRules2' integer;`
            ).run();
            db.prepare(
                `UPDATE 'resources' SET "applyRules2" = "applyRules";`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' DROP COLUMN 'applyRules';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' RENAME COLUMN 'applyRules2' TO 'applyRules';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' ADD COLUMN 'emailWhitelistEnabled2' integer;`
            ).run();
            db.prepare(
                `UPDATE 'resources' SET "emailWhitelistEnabled2" = "emailWhitelistEnabled";`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' DROP COLUMN 'emailWhitelistEnabled';`
            ).run();
            db.prepare(
                `ALTER TABLE 'resources' RENAME COLUMN 'emailWhitelistEnabled2' TO 'emailWhitelistEnabled';`
            ).run();
        })();
        console.log("Migrated database");
    } catch (e) {
        console.log("Failed to migrate db:", e);
        throw e;
    }
    console.log(`${version} migration complete`);
 }
--- a/src/app/[orgId]/settings/(private)/labels/page.tsx
+++ b/src/app/[orgId]/settings/(private)/labels/page.tsx
@@ -3,9 +3,7 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { ListOrgLabelsResponse } from "@server/routers/labels/types";
 import { AxiosResponse } from "axios";
 import OrgLabelsTable from "@app/components/OrgLabelsTable";
 import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import type { Metadata } from "next";
 import { getTranslations } from "next-intl/server";
@@ -51,8 +49,6 @@ export default async function LabelsPage({ params, searchParams }: Props) {
                description={t("orgLabelsDescription")}
            />
            <PaidFeaturesAlert tiers={tierMatrix.labels} />
            <OrgLabelsTable
                labels={labels}
                orgId={orgId}
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -43,7 +43,6 @@ import { usePaidStatus } from "@app/hooks/usePaidStatus";
 import { tierMatrix, TierFeature } from "@server/lib/billing/tierMatrix";
 import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
 import { ExternalLink } from "lucide-react";
 import { env } from "process";
 // Schema for general organization settings
 const GeneralFormSchema = z.object({
@@ -166,7 +165,6 @@ function DeleteForm({ org }: SectionFormProps) {
 function GeneralSectionForm({ org }: SectionFormProps) {
    const { updateOrg } = useOrgContext();
    const { env } = useEnvContext();
    const form = useForm({
        resolver: zodResolver(
            GeneralFormSchema.pick({
@@ -267,42 +265,36 @@ function GeneralSectionForm({ org }: SectionFormProps) {
                            <PaidFeaturesAlert
                                tiers={tierMatrix.newtAutoUpdate}
                            />
-                            {!env.flags.disableEnterpriseFeatures && (
+                            <FormField
-                                <FormField
+                                control={form.control}
-                                    control={form.control}
+                                name="settingsEnableGlobalNewtAutoUpdate"
-                                    name="settingsEnableGlobalNewtAutoUpdate"
+                                render={({ field }) => (
-                                    render={({ field }) => (
+                                    <FormItem>
-                                        <FormItem>
+                                        <FormControl>
-                                            <FormControl>
+                                            <SwitchInput
-                                                <SwitchInput
+                                                id="settings-enable-global-newt-auto-update"
-                                                    id="settings-enable-global-newt-auto-update"
+                                                label={t("newtAutoUpdate")}
-                                                    label={t("newtAutoUpdate")}
+                                                checked={field.value}
-                                                    checked={field.value}
+                                                onCheckedChange={field.onChange}
-                                                    onCheckedChange={
+                                                disabled={!hasAutoUpdateFeature}
-                                                        field.onChange
+                                            />
-                                                    }
+                                        </FormControl>
-                                                    disabled={
+                                        <FormDescription>
-                                                        !hasAutoUpdateFeature
+                                            {t("newtAutoUpdateDescription")}{" "}
-                                                    }
+                                            <a
-                                                />
+                                                href="https://docs.pangolin.net/manage/sites/auto-update"
-                                            </FormControl>
+                                                target="_blank"
-                                            <FormDescription>
+                                                rel="noopener noreferrer"
-                                                {t("newtAutoUpdateDescription")}{" "}
+                                                className="text-primary hover:underline inline-flex items-center gap-1"
-                                                <a
+                                            >
-                                                    href="https://docs.pangolin.net/manage/sites/auto-update"
+                                                {t("learnMore")}
-                                                    target="_blank"
+                                                <ExternalLink className="size-3.5 shrink-0" />
-                                                    rel="noopener noreferrer"
+                                            </a>
-                                                    className="text-primary hover:underline inline-flex items-center gap-1"
+                                        </FormDescription>
-                                                >
+                                        <FormMessage />
-                                                    {t("learnMore")}
+                                    </FormItem>
-                                                    <ExternalLink className="size-3.5 shrink-0" />
+                                )}
-                                                </a>
+                            />
                                            </FormDescription>
                                            <FormMessage />
                                        </FormItem>
                                    )}
                                />
                            )}
                        </form>
                    </Form>
                </SettingsSectionForm>
--- a/src/app/[orgId]/settings/resources/public/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/public/[niceId]/general/page.tsx
@@ -19,14 +19,14 @@ import {
    SettingsSectionBody,
    SettingsSectionDescription,
    SettingsSectionFooter,
    SettingsFormCell,
    SettingsFormGrid,
    SettingsSectionForm,
    SettingsSectionHeader,
    SettingsSectionTitle,
    SettingsSubsectionDescription,
    SettingsSubsectionHeader,
-    SettingsSubsectionTitle,
+    SettingsSubsectionTitle
    SettingsFormCell
 } from "@app/components/Settings";
 import { SwitchInput } from "@app/components/SwitchInput";
 import { useEnvContext } from "@app/hooks/useEnvContext";
@@ -70,7 +70,7 @@ export default function GeneralForm() {
    const api = createApiClient({ env });
-    const hasResourcePolicies =
+    const showResourcePolicy =
        build !== "oss" &&
        isPaidUser(tierMatrix[TierFeature.ResourcePolicies]);
@@ -86,7 +86,7 @@ export default function GeneralForm() {
        ...orgQueries.resourcePolicy({
            resourcePolicyId: selectedSharedPolicyId!
        }),
-        enabled: hasResourcePolicies && selectedSharedPolicyId !== null
+        enabled: showResourcePolicy && selectedSharedPolicyId !== null
    });
    const [resourceFullDomain, setResourceFullDomain] = useState(
@@ -153,10 +153,11 @@ export default function GeneralForm() {
        let resourcePolicyId: number | null | undefined;
-        if (!["tcp", "udp"].includes(resource.mode)) {
+        if (
-            if (hasResourcePolicies || selectedSharedPolicyId === null) {
+            showResourcePolicy &&
-                resourcePolicyId = selectedSharedPolicyId;
+            !["tcp", "udp"].includes(resource.mode)
-            }
+        ) {
            resourcePolicyId = selectedSharedPolicyId;
        }
        const res = await api
@@ -296,6 +297,28 @@ export default function GeneralForm() {
                                            />
                                        </SettingsFormCell>
                                        <SettingsFormCell span="full">
                                            <SettingsSubsectionHeader>
                                                <SettingsSubsectionTitle>
                                                    {t(
                                                        "resourceGeneralDetailsSubsection"
                                                    )}
                                                </SettingsSubsectionTitle>
                                                <SettingsSubsectionDescription>
                                                    {t(
                                                        [
                                                            "tcp",
                                                            "udp",
                                                        ].includes(
                                                            resource.mode
                                                        )
                                                            ? "resourceGeneralDetailsSubsectionPortDescription"
                                                            : "resourceGeneralDetailsSubsectionDescription"
                                                    )}
                                                </SettingsSubsectionDescription>
                                            </SettingsSubsectionHeader>
                                        </SettingsFormCell>
                                        <SettingsFormCell span="half">
                                            <FormField
                                                control={form.control}
@@ -453,9 +476,10 @@ export default function GeneralForm() {
                                                </div>
                                            </SettingsFormCell>
                                        )}
-                                        { !["tcp", "udp"].includes(
+                                        {showResourcePolicy &&
                                            !["tcp", "udp"].includes(
                                                resource.mode
-                                            ) && !env.flags.disableEnterpriseFeatures && (
+                                            ) && (
                                            <>
                                                <SettingsFormCell span="full">
                                                    <SettingsSubsectionHeader>
--- a/src/app/[orgId]/settings/resources/public/[niceId]/maintenance/page.tsx
+++ b/src/app/[orgId]/settings/resources/public/[niceId]/maintenance/page.tsx
@@ -169,27 +169,20 @@ export default function ResourceMaintenancePage() {
        {
            id: "automatic",
            title: `${t("automatic")} (${t("recommended")})`,
-            description: t("automaticModeDescription")
+            description: t("automaticModeDescription"),
            disabled: isMaintenanceDisabled
        },
        {
            id: "forced",
            title: t("forced"),
-            description: t("forcedModeDescription")
+            description: t("forcedModeDescription"),
            disabled: isMaintenanceDisabled
        }
    ];
    return (
-        <>
+        <SettingsContainer>
-            <PaidFeaturesAlert tiers={tierMatrix.maintencePage} />
+            <SettingsSection>
            <div
                className={
                    isMaintenanceDisabled
                        ? "pointer-events-none opacity-50"
                        : undefined
                }
            >
                <SettingsContainer>
                    <SettingsSection>
                <SettingsSectionHeader>
                    <SettingsSectionTitle>
                        {t("maintenanceMode")}
@@ -200,6 +193,7 @@ export default function ResourceMaintenancePage() {
                </SettingsSectionHeader>
                <SettingsSectionBody>
                    <PaidFeaturesAlert tiers={tierMatrix.maintencePage} />
                    <SettingsSectionForm variant="half">
                        <Form {...maintenanceForm}>
                            <form
@@ -211,33 +205,46 @@ export default function ResourceMaintenancePage() {
                                        <FormField
                                            control={maintenanceForm.control}
                                            name="maintenanceModeEnabled"
-                                            render={({ field }) => (
+                                            render={({ field }) => {
-                                                <FormItem>
+                                                const isDisabled = !isPaidUser(
-                                                    <FormControl>
+                                                    tierMatrix.maintencePage
-                                                        <SwitchInput
+                                                );
-                                                            id="enable-maintenance"
+
-                                                            checked={
+                                                return (
-                                                                field.value
+                                                    <FormItem>
-                                                            }
+                                                        <FormControl>
-                                                            label={t(
+                                                            <SwitchInput
-                                                                "enableMaintenanceMode"
+                                                                id="enable-maintenance"
-                                                            )}
+                                                                checked={
-                                                            description={t(
+                                                                    field.value
-                                                                "enableMaintenanceModeDescription"
+                                                                }
-                                                            )}
+                                                                label={t(
-                                                            onCheckedChange={(
+                                                                    "enableMaintenanceMode"
-                                                                val
+                                                                )}
-                                                            ) => {
+                                                                description={t(
-                                                                maintenanceForm.setValue(
+                                                                    "enableMaintenanceModeDescription"
-                                                                    "maintenanceModeEnabled",
+                                                                )}
                                                                disabled={
                                                                    isDisabled
                                                                }
                                                                onCheckedChange={(
                                                                    val
-                                                                );
+                                                                ) => {
-                                                            }}
+                                                                    if (
-                                                        />
+                                                                        !isDisabled
-                                                    </FormControl>
+                                                                    ) {
-                                                    <FormMessage />
+                                                                        maintenanceForm.setValue(
-                                                </FormItem>
+                                                                            "maintenanceModeEnabled",
-                                            )}
+                                                                            val
                                                                        );
                                                                    }
                                                                }}
                                                            />
                                                        </FormControl>
                                                        <FormMessage />
                                                    </FormItem>
                                                );
                                            }}
                                        />
                                    </SettingsFormCell>
@@ -322,6 +329,11 @@ export default function ResourceMaintenancePage() {
                                                            <FormControl>
                                                                <Input
                                                                    {...field}
                                                                    disabled={
                                                                        !isPaidUser(
                                                                            tierMatrix.maintencePage
                                                                        )
                                                                    }
                                                                    placeholder="We'll be back soon!"
                                                                />
                                                            </FormControl>
@@ -353,6 +365,11 @@ export default function ResourceMaintenancePage() {
                                                                <Textarea
                                                                    {...field}
                                                                    rows={4}
                                                                    disabled={
                                                                        !isPaidUser(
                                                                            tierMatrix.maintencePage
                                                                        )
                                                                    }
                                                                    placeholder={t(
                                                                        "maintenancePageMessagePlaceholder"
                                                                    )}
@@ -385,6 +402,11 @@ export default function ResourceMaintenancePage() {
                                                            <FormControl>
                                                                <Input
                                                                    {...field}
                                                                    disabled={
                                                                        !isPaidUser(
                                                                            tierMatrix.maintencePage
                                                                        )
                                                                    }
                                                                    placeholder={t(
                                                                        "maintenanceTime"
                                                                    )}
@@ -408,19 +430,20 @@ export default function ResourceMaintenancePage() {
                    </SettingsSectionForm>
                </SettingsSectionBody>
-                        <SettingsSectionFooter>
+                <SettingsSectionFooter>
-                            <Button
+                    <Button
-                                type="submit"
+                        type="submit"
-                                loading={maintenanceSaveLoading}
+                        loading={maintenanceSaveLoading}
-                                disabled={maintenanceSaveLoading}
+                        disabled={
-                                form="maintenance-settings-form"
+                            maintenanceSaveLoading ||
-                            >
+                            !isPaidUser(tierMatrix.maintencePage)
-                                {t("saveSettings")}
+                        }
-                            </Button>
+                        form="maintenance-settings-form"
-                        </SettingsSectionFooter>
+                    >
-                    </SettingsSection>
+                        {t("saveSettings")}
-                </SettingsContainer>
+                    </Button>
-            </div>
+                </SettingsSectionFooter>
-        </>
+            </SettingsSection>
        </SettingsContainer>
    );
 }
--- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
@@ -253,87 +253,85 @@ export default function GeneralPage() {
                                <PaidFeaturesAlert
                                    tiers={tierMatrix.newtAutoUpdate}
                                />
-                                {site &&
+                                {site && site.type === "newt" && (
-                                    site.type === "newt" &&
+                                    <FormField
-                                    !env.flags.disableEnterpriseFeatures && (
+                                        control={form.control}
-                                        <FormField
+                                        name="autoUpdateEnabled"
-                                            control={form.control}
+                                        render={({ field }) => {
-                                            name="autoUpdateEnabled"
+                                            const isOverriding = form.watch(
-                                            render={({ field }) => {
+                                                "autoUpdateOverrideOrg"
-                                                const isOverriding = form.watch(
+                                            );
-                                                    "autoUpdateOverrideOrg"
+                                            return (
-                                                );
+                                                <FormItem>
-                                                return (
+                                                    <FormControl>
-                                                    <FormItem>
+                                                        <div className="">
-                                                        <FormControl>
+                                                            <SwitchInput
-                                                            <div className="">
+                                                                id="auto-update-enabled"
-                                                                <SwitchInput
+                                                                label={t(
-                                                                    id="auto-update-enabled"
+                                                                    "siteAutoUpdateLabel"
-                                                                    label={t(
+                                                                )}
-                                                                        "siteAutoUpdateLabel"
+                                                                checked={
-                                                                    )}
+                                                                    field.value
-                                                                    checked={
+                                                                }
-                                                                        field.value
+                                                                onCheckedChange={(
-                                                                    }
+                                                                    checked
-                                                                    onCheckedChange={(
+                                                                ) => {
                                                                    field.onChange(
                                                                        checked
-                                                                    ) => {
+                                                                    );
-                                                                        field.onChange(
+                                                                    form.setValue(
-                                                                            checked
+                                                                        "autoUpdateOverrideOrg",
-                                                                        );
+                                                                        true
                                                                    );
                                                                }}
                                                                disabled={
                                                                    !hasAutoUpdateFeature
                                                                }
                                                            />
                                                            {isOverriding && (
                                                                <ButtonUI
                                                                    type="button"
                                                                    variant="link"
                                                                    size="sm"
                                                                    className="text-sm text-muted-foreground px-0"
                                                                    onClick={() => {
                                                                        form.setValue(
                                                                            "autoUpdateOverrideOrg",
-                                                                            true
+                                                                            false
                                                                        );
                                                                        form.setValue(
                                                                            "autoUpdateEnabled",
                                                                            orgAutoUpdate
                                                                        );
                                                                    }}
-                                                                    disabled={
+                                                                >
-                                                                        !hasAutoUpdateFeature
+                                                                    {t(
-                                                                    }
+                                                                        "siteAutoUpdateResetToOrg"
-                                                                />
+                                                                    )}
-                                                                {isOverriding && (
+                                                                </ButtonUI>
-                                                                    <ButtonUI
+                                                            )}
-                                                                        type="button"
+                                                        </div>
-                                                                        variant="link"
+                                                    </FormControl>
-                                                                        size="sm"
+                                                    <FormDescription>
-                                                                        className="text-sm text-muted-foreground px-0"
+                                                        {t(
-                                                                        onClick={() => {
+                                                            "siteAutoUpdateDescription"
-                                                                            form.setValue(
+                                                        )}{" "}
-                                                                                "autoUpdateOverrideOrg",
+                                                        <a
-                                                                                false
+                                                            href="https://docs.pangolin.net/manage/sites/auto-update"
-                                                                            );
+                                                            target="_blank"
-                                                                            form.setValue(
+                                                            rel="noopener noreferrer"
-                                                                                "autoUpdateEnabled",
+                                                            className="text-primary hover:underline inline-flex items-center gap-1"
-                                                                                orgAutoUpdate
+                                                        >
-                                                                            );
+                                                            {t("learnMore")}
-                                                                        }}
+                                                            <ExternalLink className="size-3.5 shrink-0" />
-                                                                    >
+                                                        </a>
-                                                                        {t(
+                                                    </FormDescription>
-                                                                            "siteAutoUpdateResetToOrg"
+                                                    <FormMessage />
-                                                                        )}
+                                                </FormItem>
-                                                                    </ButtonUI>
+                                            );
-                                                                )}
+                                        }}
-                                                            </div>
+                                    />
-                                                        </FormControl>
+                                )}
                                                        <FormDescription>
                                                            {t(
                                                                "siteAutoUpdateDescription"
                                                            )}{" "}
                                                            <a
                                                                href="https://docs.pangolin.net/manage/sites/auto-update"
                                                                target="_blank"
                                                                rel="noopener noreferrer"
                                                                className="text-primary hover:underline inline-flex items-center gap-1"
                                                            >
                                                                {t("learnMore")}
                                                                <ExternalLink className="size-3.5 shrink-0" />
                                                            </a>
                                                        </FormDescription>
                                                        <FormMessage />
                                                    </FormItem>
                                                );
                                            }}
                                        />
                                    )}
                            </form>
                        </Form>
                    </SettingsSectionForm>
--- a/src/app/[orgId]/settings/sites/create/page.tsx
+++ b/src/app/[orgId]/settings/sites/create/page.tsx
@@ -23,7 +23,7 @@ import {
 } from "@app/components/ui/form";
 import HeaderTitle from "@app/components/SettingsSectionTitle";
 import { z } from "zod";
-import { useEffect, useState } from "react";
+import { createElement, useEffect, useState } from "react";
 import { useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Input } from "@app/components/ui/input";
@@ -37,6 +37,15 @@ import {
    InfoSections,
    InfoSectionTitle
 } from "@app/components/InfoSection";
 import {
    FaApple,
    FaCubes,
    FaDocker,
    FaFreebsd,
    FaWindows
 } from "react-icons/fa";
 import { SiNixos, SiKubernetes } from "react-icons/si";
 import { Checkbox, CheckboxWithLabel } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { generateKeypair } from "../[niceId]/wireguardConfig";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
@@ -561,7 +570,7 @@ export default function Page() {
                                                            </Button>
                                                        </SettingsFormCell>
                                                        {showAdvancedSettings && (
-                                                            <SettingsFormCell span="half">
+                                                            <SettingsFormCell span="quarter">
                                                                <FormField
                                                                    control={
                                                                        form.control
--- a/src/app/admin/license/page.tsx
+++ b/src/app/admin/license/page.tsx
@@ -42,14 +42,7 @@ import {
    SettingsSectionFooter
 } from "@app/components/Settings";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import {
+import { ArrowRight, Check, ExternalLink, Heart, InfoIcon, TicketCheck } from "lucide-react";
    ArrowRight,
    Check,
    ExternalLink,
    Heart,
    InfoIcon,
    TicketCheck
 } from "lucide-react";
 import Link from "next/link";
 import DismissableBanner from "@app/components/DismissableBanner";
 import CopyTextBox from "@app/components/CopyTextBox";
@@ -57,7 +50,7 @@ import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { SitePriceCalculator } from "@app/components/SitePriceCalculator";
 import { Checkbox } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useTranslations } from "next-intl";
 const ENTERPRISE_DOCS_URL =
@@ -89,7 +82,7 @@ export default function LicensePage() {
    const [isActivatingLicense, setIsActivatingLicense] = useState(false);
    const [isDeletingLicense, setIsDeletingLicense] = useState(false);
    const [isRecheckingLicense, setIsRecheckingLicense] = useState(false);
-    // const { supporterStatus } = useSupporterStatusContext();
+    const { supporterStatus } = useSupporterStatusContext();
    const t = useTranslations();
@@ -354,7 +347,9 @@ export default function LicensePage() {
                    storageKey="license-banner-dismissed"
                    version={1}
                    title={t("licenseBannerTitle")}
-                    titleIcon={<TicketCheck className="w-5 h-5 text-primary" />}
+                    titleIcon={
                        <TicketCheck className="w-5 h-5 text-primary" />
                    }
                    description={t("licenseBannerDescription")}
                >
                    <Link
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -68,15 +68,15 @@ export default async function RootLayout({
    const env = pullEnv();
    const locale = await getLocale();
-    // const supporterData = {
+    const supporterData = {
-    //     visible: true
+        visible: true
-    // } as any;
+    } as any;
-    // const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
+    const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
-    //     "supporter-key/visible"
+        "supporter-key/visible"
-    // );
+    );
-    // supporterData.visible = res.data.data.visible;
+    supporterData.visible = res.data.data.visible;
-    // supporterData.tier = res.data.data.tier;
+    supporterData.tier = res.data.data.tier;
    let licenseStatus: GetLicenseStatusResponse;
    if (build === "enterprise") {
@@ -127,20 +127,20 @@ export default async function RootLayout({
                                    <LicenseStatusProvider
                                        licenseStatus={licenseStatus}
                                    >
-                                        {/* <SupportStatusProvider
+                                        <SupportStatusProvider
                                            supporterStatus={supporterData}
-                                        > */}
+                                        >
-                                        {/* Main content */}
+                                            {/* Main content */}
-                                        <div className="h-full flex flex-col">
+                                            <div className="h-full flex flex-col">
-                                            <div className="flex-1 overflow-auto">
+                                                <div className="flex-1 overflow-auto">
-                                                <SplashImage>
+                                                    <SplashImage>
                                                        <LicenseViolation />
                                                        {children}
                                                    </SplashImage>
                                                    <LicenseViolation />
-                                                    {children}
+                                                </div>
                                                </SplashImage>
                                                <LicenseViolation />
                                            </div>
-                                        </div>
+                                        </SupportStatusProvider>
                                        {/* </SupportStatusProvider> */}
                                    </LicenseStatusProvider>
                                    <Toaster />
                                </TanstackQueryProvider>
--- a/src/app/maintenance-screen/page.tsx
+++ b/src/app/maintenance-screen/page.tsx
@@ -28,7 +28,7 @@ export default async function MaintenanceScreen() {
    try {
        const headersList = await headers();
-        const host = headersList.get("p-host") || headersList.get("host") || "";
+        const host = headersList.get("host") || "";
        const hostname = host.split(":")[0];
        const res = await priv.get<AxiosResponse<GetMaintenanceInfoResponse>>(
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -156,11 +156,10 @@ export const orgNavSections = (
                  ]
                : []),
            // PaidFeaturesAlert
-            ...(!env?.flags.disableEnterpriseFeatures &&
+            ...((build === "oss" && !env?.flags.disableEnterpriseFeatures) ||
-            (build === "saas" ||
+            build === "saas" ||
-                env?.app.identityProviderMode === "org" ||
+            env?.app.identityProviderMode === "org" ||
-                (env?.app.identityProviderMode === undefined &&
+            (env?.app.identityProviderMode === undefined && build !== "oss")
                    build !== "oss"))
                ? [
                      {
                          title: "sidebarIdentityProviders",
@@ -260,7 +259,7 @@ export const orgNavSections = (
                        href: "/{orgId}/settings/api-keys",
                        icon: <KeyRound className="size-4 flex-none" />
                    },
-                    ...(!env?.flags.disableEnterpriseFeatures
+                    ...(build !== "oss"
                        ? [
                              {
                                  title: "labels",
--- a/src/app/ssh/page.tsx
+++ b/src/app/ssh/page.tsx
@@ -3,7 +3,7 @@ import { priv } from "@app/lib/api";
 import { generateBrowserGatewayMetadata } from "@app/lib/browserGatewayMetadata";
 import { getBrowserTargetForRequest } from "@app/lib/getBrowserTargetForRequest";
 import { loadOrgLoginPageBranding } from "@app/lib/loadOrgLoginPageBranding";
-import axios, { AxiosResponse } from "axios";
+import { AxiosResponse } from "axios";
 import { GetBrowserTargetResponse } from "@server/routers/browserGatewayTarget";
 import SshClient from "./SshClient";
 import crypto from "crypto";
@@ -152,12 +152,8 @@ export default async function SshPage() {
            await waitForRoundTripCompletion(messageIds, cookieHeader);
        } catch (err) {
            console.error("Error signing SSH key:", err);
-            if (axios.isAxiosError(err) && err.response?.status === 403) {
+            const detail = err instanceof Error ? err.message : String(err);
-                error = t("accessDeniedDescription");
+            error = `${t("sshErrorSignKeyFailed")}: ${detail}`;
            } else {
                const detail = err instanceof Error ? err.message : String(err);
                error = `${t("sshErrorSignKeyFailed")}: ${detail}`;
            }
        }
    }
--- a/src/components/AuthPageFooterNotices.tsx
+++ b/src/components/AuthPageFooterNotices.tsx
@@ -1,24 +1,24 @@
 "use client";
-// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useTranslations } from "next-intl";
 import { build } from "@server/build";
 export default function AuthPageFooterNotices() {
    const t = useTranslations();
-    // const { supporterStatus } = useSupporterStatusContext();
+    const { supporterStatus } = useSupporterStatusContext();
    const { isUnlocked, licenseStatus } = useLicenseStatusContext();
    return (
        <>
-            {/* {supporterStatus?.visible && (
+            {supporterStatus?.visible && (
                <div className="text-center mt-2">
                    <span className="text-sm text-muted-foreground opacity-50">
                        {t("noSupportKey")}
                    </span>
                </div>
-            )} */}
+            )}
            {build === "enterprise" && !isUnlocked() ? (
                <div className="text-center mt-2">
                    <span className="text-sm font-medium text-muted-foreground">
--- a/src/components/OrgLabelsTable.tsx
+++ b/src/components/OrgLabelsTable.tsx
@@ -12,7 +12,14 @@ import { useNavigationContext } from "@app/hooks/useNavigationContext";
 import { toast } from "@app/hooks/useToast";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { type PaginationState } from "@tanstack/react-table";
-import { ArrowRight, MoreHorizontal } from "lucide-react";
+import {
    ArrowDown01Icon,
    ArrowUp10Icon,
    ChevronsUpDownIcon,
    MoreHorizontal,
    PencilIcon,
    PencilLineIcon
 } from "lucide-react";
 import { useTranslations } from "next-intl";
 import { usePathname, useRouter } from "next/navigation";
 import { useActionState, useMemo, useState, useTransition } from "react";
@@ -102,7 +109,7 @@ export default function OrgLabelsTable({
                cell: ({ row }) => (
                    <div className="flex items-center gap-1.5 group">
                        <div
-                            className="size-2 rounded-full bg-(--color) flex-none"
+                            className="size-2.5 rounded-full bg-(--color) flex-none"
                            style={{
                                // @ts-expect-error css color
                                "--color": row.original.color
@@ -118,40 +125,34 @@ export default function OrgLabelsTable({
                enableHiding: false,
                header: () => <span className="p-3"></span>,
                cell: ({ row }) => (
-                    <div className="flex items-center gap-2 justify-end">
+                    <DropdownMenu>
-                        <DropdownMenu>
+                        <DropdownMenuTrigger asChild>
-                            <DropdownMenuTrigger asChild>
+                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                <span className="sr-only">{t("openMenu")}</span>
-                                    <span className="sr-only">
+                                <MoreHorizontal className="h-4 w-4" />
-                                        {t("openMenu")}
+                            </Button>
-                                    </span>
+                        </DropdownMenuTrigger>
-                                    <MoreHorizontal className="h-4 w-4" />
+                        <DropdownMenuContent align="end">
-                                </Button>
+                            <DropdownMenuItem
-                            </DropdownMenuTrigger>
+                                onClick={() => {
-                            <DropdownMenuContent align="end">
+                                    setSelectedLabel(row.original);
-                                <DropdownMenuItem
+                                    setIsEditModalOpen(true);
-                                    onClick={() => {
+                                }}
-                                        setSelectedLabel(row.original);
+                            >
-                                        setIsDeleteModalOpen(true);
+                                {t("edit")}
-                                    }}
+                            </DropdownMenuItem>
-                                >
+                            <DropdownMenuItem
-                                    <span className="text-red-500">
+                                onClick={() => {
-                                        {t("delete")}
+                                    setSelectedLabel(row.original);
-                                    </span>
+                                    setIsDeleteModalOpen(true);
-                                </DropdownMenuItem>
+                                }}
-                            </DropdownMenuContent>
+                            >
-                        </DropdownMenu>
+                                <span className="text-red-500">
-                        <Button
+                                    {t("delete")}
-                            variant="outline"
+                                </span>
-                            onClick={() => {
+                            </DropdownMenuItem>
-                                setSelectedLabel(row.original);
+                        </DropdownMenuContent>
-                                setIsEditModalOpen(true);
+                    </DropdownMenu>
                            }}
                        >
                            {t("edit")}
                            <ArrowRight className="ml-2 w-4 h-4" />
                        </Button>
                    </div>
                )
            }
        ],
--- a/src/components/SupporterMessage.tsx
+++ b/src/components/SupporterMessage.tsx
@@ -9,34 +9,33 @@ export default function SupporterMessage({ tier }: { tier: string }) {
    const t = useTranslations();
    return (
-        <></>
+        <div className="relative flex items-center space-x-2 whitespace-nowrap group">
-        // <div className="relative flex items-center space-x-2 whitespace-nowrap group">
+            <span
-        //     <span
+                className="cursor-pointer"
-        //         className="cursor-pointer"
+                onClick={(e) => {
-        //         onClick={(e) => {
+                    // Get the bounding box of the element
-        //             // Get the bounding box of the element
+                    const rect = (
-        //             const rect = (
+                        e.target as HTMLElement
-        //                 e.target as HTMLElement
+                    ).getBoundingClientRect();
        //             ).getBoundingClientRect();
-        //             // Trigger confetti centered on the word "Pangolin"
+                    // Trigger confetti centered on the word "Pangolin"
-        //             confetti({
+                    confetti({
-        //                 particleCount: 100,
+                        particleCount: 100,
-        //                 spread: 70,
+                        spread: 70,
-        //                 origin: {
+                        origin: {
-        //                     x: (rect.left + rect.width / 2) / window.innerWidth,
+                            x: (rect.left + rect.width / 2) / window.innerWidth,
-        //                     y: rect.top / window.innerHeight
+                            y: rect.top / window.innerHeight
-        //                 },
+                        },
-        //                 colors: ["#FFA500", "#FF4500", "#FFD700"]
+                        colors: ["#FFA500", "#FF4500", "#FFD700"]
-        //             });
+                    });
-        //         }}
+                }}
-        //     >
+            >
-        //         Pangolin
+                Pangolin
-        //     </span>
+            </span>
-        //     <Star className="w-3 h-3" />
+            <Star className="w-3 h-3" />
-        //     <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
+            <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
-        //         {t("componentsSupporterMessage", { tier: tier })}
+                {t("componentsSupporterMessage", { tier: tier })}
-        //     </div>
+            </div>
-        // </div>
+        </div>
    );
 }
--- a/src/components/SupporterStatus.tsx
+++ b/src/components/SupporterStatus.tsx
@@ -3,7 +3,7 @@
 // THIS IS DEPRECATED AND IS NO LONGER SHOWED TO THE USER WITH THE DISCONTINUATION
 // OF THE SUPPORTER PROGRAM. IT MAY BE REMOVED IN A FUTURE UPDATE.
-// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useState, useTransition } from "react";
 import {
    Tooltip,
@@ -58,134 +58,134 @@ interface SupporterStatusProps {
 export default function SupporterStatus({
    isCollapsed = false
 }: SupporterStatusProps) {
-    // const { supporterStatus, updateSupporterStatus } =
+    const { supporterStatus, updateSupporterStatus } =
-    //     useSupporterStatusContext();
+        useSupporterStatusContext();
-    // const [supportOpen, setSupportOpen] = useState(false);
+    const [supportOpen, setSupportOpen] = useState(false);
-    // const [keyOpen, setKeyOpen] = useState(false);
+    const [keyOpen, setKeyOpen] = useState(false);
-    // const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
+    const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
-    // const { env } = useEnvContext();
+    const { env } = useEnvContext();
-    // const api = createApiClient({ env });
+    const api = createApiClient({ env });
-    // const t = useTranslations();
+    const t = useTranslations();
-    // const formSchema = z.object({
+    const formSchema = z.object({
-    //     githubUsername: z.string().nonempty({
+        githubUsername: z.string().nonempty({
-    //         error: "GitHub username is required"
+            error: "GitHub username is required"
-    //     }),
+        }),
-    //     key: z.string().nonempty({
+        key: z.string().nonempty({
-    //         error: "Supporter key is required"
+            error: "Supporter key is required"
-    //     })
+        })
-    // });
+    });
-    // const form = useForm({
+    const form = useForm({
-    //     resolver: zodResolver(formSchema),
+        resolver: zodResolver(formSchema),
-    //     defaultValues: {
+        defaultValues: {
-    //         githubUsername: "",
+            githubUsername: "",
-    //         key: ""
+            key: ""
-    //     }
+        }
-    // });
+    });
-    // async function hide() {
+    async function hide() {
-    //     await api.post("/supporter-key/hide");
+        await api.post("/supporter-key/hide");
-    //     updateSupporterStatus({
+        updateSupporterStatus({
-    //         visible: false
+            visible: false
-    //     });
+        });
-    // }
+    }
-    // async function onSubmit(values: z.infer<typeof formSchema>) {
+    async function onSubmit(values: z.infer<typeof formSchema>) {
-    //     try {
+        try {
-    //         const res = await api.post<
+            const res = await api.post<
-    //             AxiosResponse<ValidateSupporterKeyResponse>
+                AxiosResponse<ValidateSupporterKeyResponse>
-    //         >("/supporter-key/validate", {
+            >("/supporter-key/validate", {
-    //             githubUsername: values.githubUsername,
+                githubUsername: values.githubUsername,
-    //             key: values.key
+                key: values.key
-    //         });
+            });
-    //         const data = res.data.data;
+            const data = res.data.data;
-    //         if (!data || !data.valid) {
+            if (!data || !data.valid) {
-    //             toast({
+                toast({
-    //                 variant: "destructive",
+                    variant: "destructive",
-    //                 title: t("supportKeyInvalid"),
+                    title: t("supportKeyInvalid"),
-    //                 description: t("supportKeyInvalidDescription")
+                    description: t("supportKeyInvalidDescription")
-    //             });
+                });
-    //             return;
+                return;
-    //         }
+            }
-    //         // Trigger the toast
+            // Trigger the toast
-    //         toast({
+            toast({
-    //             variant: "default",
+                variant: "default",
-    //             title: t("supportKeyValid"),
+                title: t("supportKeyValid"),
-    //             description: t("supportKeyValidDescription")
+                description: t("supportKeyValidDescription")
-    //         });
+            });
-    //         // Fireworks-style confetti
+            // Fireworks-style confetti
-    //         const duration = 5 * 1000; // 5 seconds
+            const duration = 5 * 1000; // 5 seconds
-    //         const animationEnd = Date.now() + duration;
+            const animationEnd = Date.now() + duration;
-    //         const defaults = {
+            const defaults = {
-    //             startVelocity: 30,
+                startVelocity: 30,
-    //             spread: 360,
+                spread: 360,
-    //             ticks: 60,
+                ticks: 60,
-    //             zIndex: 0,
+                zIndex: 0,
-    //             colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
+                colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
-    //         };
+            };
-    //         function randomInRange(min: number, max: number) {
+            function randomInRange(min: number, max: number) {
-    //             return Math.random() * (max - min) + min;
+                return Math.random() * (max - min) + min;
-    //         }
+            }
-    //         const interval = setInterval(() => {
+            const interval = setInterval(() => {
-    //             const timeLeft = animationEnd - Date.now();
+                const timeLeft = animationEnd - Date.now();
-    //             if (timeLeft <= 0) {
+                if (timeLeft <= 0) {
-    //                 clearInterval(interval);
+                    clearInterval(interval);
-    //                 return;
+                    return;
-    //             }
+                }
-    //             const particleCount = 50 * (timeLeft / duration);
+                const particleCount = 50 * (timeLeft / duration);
-    //             // Launch confetti from two random horizontal positions
+                // Launch confetti from two random horizontal positions
-    //             confetti({
+                confetti({
-    //                 ...defaults,
+                    ...defaults,
-    //                 particleCount,
+                    particleCount,
-    //                 origin: {
+                    origin: {
-    //                     x: randomInRange(0.1, 0.3),
+                        x: randomInRange(0.1, 0.3),
-    //                     y: Math.random() - 0.2
+                        y: Math.random() - 0.2
-    //                 }
+                    }
-    //             });
+                });
-    //             confetti({
+                confetti({
-    //                 ...defaults,
+                    ...defaults,
-    //                 particleCount,
+                    particleCount,
-    //                 origin: {
+                    origin: {
-    //                     x: randomInRange(0.7, 0.9),
+                        x: randomInRange(0.7, 0.9),
-    //                     y: Math.random() - 0.2
+                        y: Math.random() - 0.2
-    //                 }
+                    }
-    //             });
+                });
-    //         }, 250);
+            }, 250);
-    //         setPurchaseOptionsOpen(false);
+            setPurchaseOptionsOpen(false);
-    //         setKeyOpen(false);
+            setKeyOpen(false);
-    //         updateSupporterStatus({
+            updateSupporterStatus({
-    //             visible: false
+                visible: false
-    //         });
+            });
-    //     } catch (error) {
+        } catch (error) {
-    //         toast({
+            toast({
-    //             variant: "destructive",
+                variant: "destructive",
-    //             title: t("error"),
+                title: t("error"),
-    //             description: formatAxiosError(
+                description: formatAxiosError(
-    //                 error,
+                    error,
-    //                 t("supportKeyErrorValidationDescription")
+                    t("supportKeyErrorValidationDescription")
-    //             )
+                )
-    //         });
+            });
-    //         return;
+            return;
-    //     }
+        }
-    // }
+    }
    return (
        <>
-            {/* <Credenza
+            <Credenza
                open={purchaseOptionsOpen}
                onOpenChange={(val) => {
                    setPurchaseOptionsOpen(val);
@@ -469,7 +469,7 @@ export default function SupporterStatus({
                        {t("supportKeyBuy")}
                    </Button>
                )
-            ) : null} */}
+            ) : null}
        </>
    );
 }
--- a/src/components/newt-install-commands.tsx
+++ b/src/components/newt-install-commands.tsx
@@ -20,7 +20,6 @@ import {
 } from "react-icons/fa";
 import { ExternalLink } from "lucide-react";
 import { SiKubernetes, SiNixos } from "react-icons/si";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 export type CommandItem = string | { title: string; command: string };
@@ -51,12 +50,9 @@ export function NewtSiteInstallCommands({
    version = "latest"
 }: NewtSiteInstallCommandsProps) {
    const t = useTranslations();
    const { env } = useEnvContext();
    const [acceptClients, setAcceptClients] = useState(true);
-    const [allowPangolinSsh, setAllowPangolinSsh] = useState(
+    const [allowPangolinSsh, setAllowPangolinSsh] = useState(true);
        !env.flags.disableEnterpriseFeatures
    );
    const [platform, setPlatform] = useState<Platform>("linux");
    const [architecture, setArchitecture] = useState(
        () => getArchitectures(platform)[0]
@@ -75,11 +71,7 @@ export function NewtSiteInstallCommands({
        : "";
    const disableSshFlag =
-        supportsSshOption &&
+        supportsSshOption && !allowPangolinSsh ? " --disable-ssh" : "";
        !allowPangolinSsh &&
        !env.flags.disableEnterpriseFeatures
            ? " --disable-ssh"
            : "";
    const runAsRootPrefix =
        supportsSshOption && allowPangolinSsh ? "sudo " : "";
@@ -139,6 +131,7 @@ Restart=always
 RestartSec=2
 UMask=0077
 NoNewPrivileges=true
 PrivateTmp=true
 [Install]
@@ -313,29 +306,27 @@ WantedBy=default.target`
                        >
                            {t("siteAcceptClientConnectionsDescription")}
                        </p>
-                        {supportsSshOption &&
+                        {supportsSshOption && (
-                            !env.flags.disableEnterpriseFeatures && (
+                            <>
-                                <>
+                                <div className="flex items-center space-x-2 mb-2 mt-2">
-                                    <div className="flex items-center space-x-2 mb-2 mt-2">
+                                    <CheckboxWithLabel
-                                        <CheckboxWithLabel
+                                        id="allowPangolinSsh"
-                                            id="allowPangolinSsh"
+                                        checked={allowPangolinSsh}
-                                            checked={allowPangolinSsh}
+                                        onCheckedChange={(checked) => {
-                                            onCheckedChange={(checked) => {
+                                            const value = checked as boolean;
-                                                const value =
+                                            setAllowPangolinSsh(value);
-                                                    checked as boolean;
+                                        }}
-                                                setAllowPangolinSsh(value);
+                                        label="Allow Pangolin SSH"
-                                            }}
+                                    />
-                                            label="Allow Pangolin SSH"
+                                </div>
-                                        />
+                                <p
-                                    </div>
+                                    id="allowPangolinSsh-desc"
-                                    <p
+                                    className="text-sm text-muted-foreground"
-                                        id="allowPangolinSsh-desc"
+                                >
-                                        className="text-sm text-muted-foreground"
+                                    {t("sitePangolinSshDescription")}
-                                    >
+                                </p>
-                                        {t("sitePangolinSshDescription")}
+                            </>
-                                    </p>
+                        )}
                                </>
                            )}
                    </div>
                )}
--- a/src/components/resource-policy/EditPolicyForm.tsx
+++ b/src/components/resource-policy/EditPolicyForm.tsx
@@ -73,9 +73,7 @@ export function EditPolicyForm({
    }
    const policyTiers = tierMatrix[TierFeature.ResourcePolicies];
-    const isInlinePolicy = hidePolicyNameForm && resourceId === undefined;
+    const isDisabled = !isPaidUser(policyTiers);
    const showPaidAlert = !isInlinePolicy;
    const isDisabled = showPaidAlert && !isPaidUser(policyTiers);
    const effectiveReadonly = readonly || isDisabled;
    const authSection = (
@@ -102,7 +100,7 @@ export function EditPolicyForm({
    if (section === "general") {
        return (
            <>
-                {showPaidAlert && <PaidFeaturesAlert tiers={policyTiers} />}
+                <PaidFeaturesAlert tiers={policyTiers} />
                <div
                    className={
                        isDisabled
@@ -119,7 +117,7 @@ export function EditPolicyForm({
    if (section === "authentication") {
        return (
            <>
-                {showPaidAlert && <PaidFeaturesAlert tiers={policyTiers} />}
+                <PaidFeaturesAlert tiers={policyTiers} />
                <div
                    className={
                        isDisabled
@@ -136,7 +134,7 @@ export function EditPolicyForm({
    if (section === "rules") {
        return (
            <>
-                {showPaidAlert && <PaidFeaturesAlert tiers={policyTiers} />}
+                <PaidFeaturesAlert tiers={policyTiers} />
                <div
                    className={
                        isDisabled
@@ -152,7 +150,7 @@ export function EditPolicyForm({
    return (
        <>
-            {showPaidAlert && <PaidFeaturesAlert tiers={policyTiers} />}
+            <PaidFeaturesAlert tiers={policyTiers} />
            <div
                className={
                    isDisabled ? "pointer-events-none opacity-50" : undefined
--- a/src/lib/getBrowserTargetForRequest.ts
+++ b/src/lib/getBrowserTargetForRequest.ts
@@ -6,7 +6,7 @@ import { cache } from "react";
 export const getBrowserTargetForRequest = cache(async () => {
    const headersList = await headers();
-    const host = headersList.get("p-host") || headersList.get("host") || "";
+    const host = headersList.get("host") || "";
    const hostname = host.split(":")[0];
    try {
Author	SHA1	Message	Date
Owen	42983a3add	Add drizzle indexes to match db	2026-06-21 17:43:39 -04:00
Owen	ad3eddbc08	Batch get olm ids	2026-06-21 17:34:46 -04:00
Owen Schwartz	9c1ecc3796	Merge pull request #3294 from fosrl/copilot/add-batching-mechanism-to-rebuild-client-associati Batch Redis websocket fan-out and deduplicate queued rebuild jobs	2026-06-21 14:20:56 -07:00
Owen	64595f5875	Add batch messaging functions to rebuild function	2026-06-21 17:20:07 -04:00
copilot-swe-agent[bot]	b66140bfd2	refactor: tighten ws batch typing and queue cleanup logging	2026-06-16 22:50:03 +00:00
copilot-swe-agent[bot]	45158ff45b	feat: batch redis ws direct messages and dedupe rebuild queue jobs	2026-06-16 22:46:12 +00:00
Owen	06fb3685e4	Add queue	2026-06-11 12:25:57 -07:00