From 9c1e3f260068226f5e20d748998a5b45fc37e79f Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Thu, 28 Jul 2022 19:00:21 +0200
Subject: [PATCH] Make title/name on web pages configurable (#52)

---
 gui/apply-nginx                    | 52 +++++++++++++++++++++++-----
 gui/main.go                        | 55 ++++++++++++++++++++++++------
 gui/templates/base.tmpl            |  4 +--
 gui/templates/partials/nav.tmpl    |  2 +-
 gui/templates/views/dashboard.tmpl |  2 +-
 gui/templates/views/list.tmpl      |  2 +-
 gui/templates/views/manage.tmpl    | 10 ++++--
 gui/templates/views/show.tmpl      |  2 +-
 install                            |  9 +++--
 static/502.html                    |  4 +--
 static/certs/index.html            | 12 +++----
 static/cps/index.html              | 32 ++++++++---------
 static/index.html                  | 12 +++----
 static/rate-limits.html            |  8 ++---
 static/terms/v1.html               |  6 ++--
 15 files changed, 146 insertions(+), 66 deletions(-)

diff --git a/gui/apply-nginx b/gui/apply-nginx
index 65bdc57..c4d4754 100755
--- a/gui/apply-nginx
+++ b/gui/apply-nginx
@@ -2,19 +2,53 @@
 
 set -e
 
+sed -i -e "s|<title>.*</title>|<title>$PKI_WEB_TITLE</title>|g" 502.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" 502.html
+
 PKI_ROOT_DN=$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -subject | sed -e "s/subject= //")
-sed -i -e "s|\[PKI_ROOT_DN\]|$PKI_ROOT_DN|g" certs/index.html
+sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" certs/index.html
 PKI_ROOT_VALIDITY="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
-sed -i -e "s|\[PKI_ROOT_VALIDITY\]|$PKI_ROOT_VALIDITY|g" certs/index.html
+sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" certs/index.html
 PKI_INT_DN=$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -subject | sed -e "s/subject= //")
-sed -i -e "s|\[PKI_INT_DN\]|$PKI_INT_DN|g" certs/index.html
+sed -i -e "s|<\!-- BEGIN PKI_INT_DN -->.*<\!-- END PKI_INT_DN -->|<\!-- BEGIN PKI_INT_DN -->$PKI_INT_DN<\!-- END PKI_INT_DN -->|g" certs/index.html
 PKI_INT_VALIDITY="$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
-sed -i -e "s|\[PKI_INT_VALIDITY\]|$PKI_INT_VALIDITY|g" certs/index.html
+sed -i -e "s|<\!-- BEGIN PKI_INT_VALIDITY -->.*<\!-- END PKI_INT_VALIDITY -->|<\!-- BEGIN PKI_INT_VALIDITY -->$PKI_INT_VALIDITY<\!-- END PKI_INT_VALIDITY -->|g" certs/index.html
 
-sed -i -e "s|\[PKI_COMPANY_NAME\]|$PKI_DEFAULT_O|g" cps/index.html
-sed -i -e "s|\[PKI_ROOT_DN\]|$PKI_ROOT_DN|g" cps/index.html
+sed -i -e "s|<title>.*</title>|<title>Certificates \| $PKI_WEB_TITLE</title>|g" certs/index.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" certs/index.html
+
+sed -i -e "s|<\!-- BEGIN PKI_COMPANY_NAME -->.*<\!-- END PKI_COMPANY_NAME -->|<\!-- BEGIN PKI_COMPANY_NAME -->$PKI_DEFAULT_O<\!-- END PKI_COMPANY_NAME -->|g" cps/index.html
+sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" cps/index.html
 PKI_ROOT_FINGERPRINT="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -fingerprint | sed -e "s/.*=//" | sed -e "s/.\{21\}/&\\\n/g")"
-sed -i -e "s|\[PKI_ROOT_FINGERPRINT\]|$PKI_ROOT_FINGERPRINT|g" cps/index.html
-sed -i -e "s|\[PKI_ROOT_VALIDITY\]|$PKI_ROOT_VALIDITY|g" cps/index.html
+sed -i -e "s|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->.*<\!-- END PKI_ROOT_FINGERPRINT -->|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->$PKI_ROOT_FINGERPRINT<\!-- END PKI_ROOT_FINGERPRINT -->|g" cps/index.html
+sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" cps/index.html
+
+sed -i -e "s|<title>.*</title>|<title>CPS \| $PKI_WEB_TITLE</title>|g" cps/index.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" cps/index.html
+
+sed -i -e "s|<\!-- BEGIN LABCA_CPS_LOCATION -->.*<\!-- END LABCA_CPS_LOCATION -->|<\!-- BEGIN LABCA_CPS_LOCATION --><a class=\"public\" href=\"http://$PKI_FQDN/cps/\">http://$PKI_FQDN/cps/</a><\!-- END LABCA_CPS_LOCATION -->|g" cps/index.html
+sed -i -e "s|<\!-- BEGIN LABCA_CERTS_LOCATION -->.*<\!-- END LABCA_CERTS_LOCATION -->|<\!-- BEGIN LABCA_CERTS_LOCATION --><a class=\"public\" href=\"http://$PKI_FQDN/certs/\">http://$PKI_FQDN/certs/</a><\!-- END LABCA_CERTS_LOCATION -->|g" cps/index.html
+
+sed -i -e "s|<title>.*</title>|<title>$PKI_WEB_TITLE</title>|g" index.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" index.html
+if [ "$PKI_WEB_TITLE" == "LabCA" ]; then
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X1 -->.*<\!-- END WEBTITLE_X1 -->|<\!-- BEGIN WEBTITLE_X1 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X1 -->|g" index.html
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->this $PKI_WEB_TITLE instance<\!-- END WEBTITLE_X2 -->|g" index.html
+else
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X1 -->.*<\!-- END WEBTITLE_X1 -->|<\!-- BEGIN WEBTITLE_X1 -->$PKI_WEB_TITLE is running LabCA, which<\!-- END WEBTITLE_X1 -->|g" index.html
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X2 -->|g" index.html
+fi
+
+sed -i -e "s|<title>.*</title>|<title>Rate Limits \| $PKI_WEB_TITLE</title>|g" rate-limits.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" rate-limits.html
+if [ "$PKI_WEB_TITLE" == "LabCA" ]; then
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->this $PKI_WEB_TITLE instance<\!-- END WEBTITLE_X2 -->|g" rate-limits.html
+else
+    sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X2 -->|g" rate-limits.html
+fi
+
+sed -i -e "s|<\!-- BEGIN PKI_COMPANY_NAME -->.*<\!-- END PKI_COMPANY_NAME -->|<\!-- BEGIN PKI_COMPANY_NAME -->$PKI_DEFAULT_O<\!-- END PKI_COMPANY_NAME -->|g" terms/v1.html
+
+sed -i -e "s|<title>.*</title>|<title>Terms \| $PKI_WEB_TITLE</title>|g" terms/v1.html
+sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" terms/v1.html
 
-sed -i -e "s|\[PKI_COMPANY_NAME\]|$PKI_DEFAULT_O|g" terms/v1.html
diff --git a/gui/main.go b/gui/main.go
index d1282f7..9d994c4 100644
--- a/gui/main.go
+++ b/gui/main.go
@@ -54,6 +54,7 @@ var (
 	sessionStore    *sessions.CookieStore
 	tmpls           *templates.Templates
 	version         string
+	webTitle        string
 	dbConn          string
 	dbType          string
 	isDev           bool
@@ -152,6 +153,7 @@ func (reg *User) Validate(isNew bool, isChange bool) bool {
 type SetupConfig struct {
 	Fqdn             string
 	Organization     string
+	WebTitle         string
 	DNS              string
 	DomainMode       string
 	LockdownDomains  string
@@ -505,6 +507,7 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 	cfg := &SetupConfig{
 		Fqdn:             r.Form.Get("fqdn"),
 		Organization:     r.Form.Get("organization"),
+		WebTitle:         r.Form.Get("webtitle"),
 		DNS:              r.Form.Get("dns"),
 		DomainMode:       r.Form.Get("domain_mode"),
 		LockdownDomains:  r.Form.Get("lockdown_domains"),
@@ -532,6 +535,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 			viper.Set("labca.organization", cfg.Organization)
 		}
 
+		if cfg.WebTitle != viper.GetString("labca.web_title") {
+			delta = true
+			viper.Set("labca.web_title", cfg.WebTitle)
+		}
+
 		matched, err := regexp.MatchString(":\\d+$", cfg.DNS)
 		if err == nil && !matched {
 			cfg.DNS += ":53"
@@ -570,6 +578,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 		if delta {
 			viper.WriteConfig()
 
+			webTitle = viper.GetString("labca.web_title")
+			if webTitle == "" {
+				webTitle = "LabCA"
+			}
+
 			err := _applyConfig()
 			if err != nil {
 				res.Success = false
@@ -1113,6 +1126,11 @@ func _manageGet(w http.ResponseWriter, r *http.Request) {
 
 	manageData["Fqdn"] = viper.GetString("labca.fqdn")
 	manageData["Organization"] = viper.GetString("labca.organization")
+	if viper.Get("labca.web_title") == nil || viper.GetString("labca.web_title") == "" {
+		manageData["WebTitle"] = "LabCA"
+	} else {
+		manageData["WebTitle"] = viper.GetString("labca.web_title")
+	}
 	manageData["DNS"] = viper.GetString("labca.dns")
 	domainMode := viper.GetString("labca.domain_mode")
 	manageData["DomainMode"] = domainMode
@@ -1143,6 +1161,8 @@ func _manageGet(w http.ResponseWriter, r *http.Request) {
 	manageData["Name"] = viper.GetString("user.name")
 	manageData["Email"] = viper.GetString("user.email")
 
+	manageData["Title"] = "Manage"
+
 	render(w, r, "manage", manageData)
 }
 
@@ -1205,6 +1225,7 @@ func logsHandler(w http.ResponseWriter, r *http.Request) {
 		"Message": message,
 		"Data":    data,
 		"WsUrl":   wsurl,
+		"Title":   "Logs",
 	})
 }
 
@@ -1525,6 +1546,11 @@ func _applyConfig() error {
 	os.Setenv("PKI_ROOT_CERT_BASE", "data/root-ca")
 	os.Setenv("PKI_INT_CERT_BASE", "data/issuer/ca-int")
 	os.Setenv("PKI_DEFAULT_O", viper.GetString("labca.organization"))
+	if viper.GetString("labca.web_title") == "" {
+		os.Setenv("PKI_WEB_TITLE", "LabCA")
+	} else {
+		os.Setenv("PKI_WEB_TITLE", viper.GetString("labca.web_title"))
+	}
 	os.Setenv("PKI_DNS", viper.GetString("labca.dns"))
 	domain := viper.GetString("labca.fqdn")
 	os.Setenv("PKI_FQDN", domain)
@@ -2053,7 +2079,7 @@ func accountsHandler(w http.ResponseWriter, r *http.Request) {
 
 	Accounts, err := GetAccounts(w, r)
 	if err == nil {
-		render(w, r, "list:accounts", map[string]interface{}{"List": Accounts})
+        render(w, r, "list:accounts", map[string]interface{}{"List": Accounts, "Title": "ACME"})
 	}
 }
 
@@ -2072,7 +2098,7 @@ func accountHandler(w http.ResponseWriter, r *http.Request) {
 
 	AccountDetails, err := GetAccount(w, r, id)
 	if err == nil {
-		render(w, r, "show:accounts", map[string]interface{}{"Details": AccountDetails})
+		render(w, r, "show:accounts", map[string]interface{}{"Details": AccountDetails, "Title": "ACME"})
 	}
 }
 
@@ -2084,7 +2110,7 @@ func ordersHandler(w http.ResponseWriter, r *http.Request) {
 
 	Orders, err := GetOrders(w, r)
 	if err == nil {
-		render(w, r, "list:orders", map[string]interface{}{"List": Orders})
+		render(w, r, "list:orders", map[string]interface{}{"List": Orders, "Title": "ACME"})
 	}
 }
 
@@ -2103,7 +2129,7 @@ func orderHandler(w http.ResponseWriter, r *http.Request) {
 
 	OrderDetails, err := GetOrder(w, r, id)
 	if err == nil {
-		render(w, r, "show:orders", map[string]interface{}{"Details": OrderDetails})
+		render(w, r, "show:orders", map[string]interface{}{"Details": OrderDetails, "Title": "ACME"})
 	}
 }
 
@@ -2115,7 +2141,7 @@ func authzHandler(w http.ResponseWriter, r *http.Request) {
 
 	Authz, err := GetAuthz(w, r)
 	if err == nil {
-		render(w, r, "list:authz", map[string]interface{}{"List": Authz})
+		render(w, r, "list:authz", map[string]interface{}{"List": Authz, "Title": "ACME"})
 	}
 }
 
@@ -2130,7 +2156,7 @@ func authHandler(w http.ResponseWriter, r *http.Request) {
 
 	AuthDetails, err := GetAuth(w, r, id)
 	if err == nil {
-		render(w, r, "show:authz", map[string]interface{}{"Details": AuthDetails})
+		render(w, r, "show:authz", map[string]interface{}{"Details": AuthDetails, "Title": "ACME"})
 	}
 }
 
@@ -2142,7 +2168,7 @@ func challengesHandler(w http.ResponseWriter, r *http.Request) {
 
 	Challenges, err := GetChallenges(w, r)
 	if err == nil {
-		render(w, r, "list:challenges", map[string]interface{}{"List": Challenges})
+		render(w, r, "list:challenges", map[string]interface{}{"List": Challenges, "Title": "ACME"})
 	}
 }
 
@@ -2161,7 +2187,7 @@ func challengeHandler(w http.ResponseWriter, r *http.Request) {
 
 	ChallengeDetails, err := GetChallenge(w, r, id)
 	if err == nil {
-		render(w, r, "show:challenges", map[string]interface{}{"Details": ChallengeDetails})
+		render(w, r, "show:challenges", map[string]interface{}{"Details": ChallengeDetails, "Title": "ACME"})
 	}
 }
 
@@ -2173,7 +2199,7 @@ func certificatesHandler(w http.ResponseWriter, r *http.Request) {
 
 	Certificates, err := GetCertificates(w, r)
 	if err == nil {
-		render(w, r, "list:certificates", map[string]interface{}{"List": Certificates})
+		render(w, r, "list:certificates", map[string]interface{}{"List": Certificates, "Title": "ACME"})
 	}
 }
 
@@ -2192,7 +2218,7 @@ func certificateHandler(w http.ResponseWriter, r *http.Request) {
 
 	CertificateDetails, err := GetCertificate(w, r, id, serial)
 	if err == nil {
-		render(w, r, "show:certificates", map[string]interface{}{"Details": CertificateDetails})
+		render(w, r, "show:certificates", map[string]interface{}{"Details": CertificateDetails, "Title": "ACME"})
 	}
 }
 
@@ -2425,6 +2451,10 @@ func render(w http.ResponseWriter, r *http.Request, view string, data map[string
 		data["Version"] = version
 	}
 
+	if webTitle != "" {
+		data["WebTitle"] = webTitle
+	}
+
 	b, err := tmpls.Render("base.tmpl", "views/"+viewSlice[0]+".tmpl", data)
 	if err != nil {
 		errorHandler(w, r, err, http.StatusInternalServerError)
@@ -2520,6 +2550,11 @@ func init() {
 
 	version = viper.GetString("version")
 
+	webTitle = viper.GetString("labca.web_title")
+	if webTitle == "" {
+		webTitle = "LabCA"
+	}
+
 	updateAvailable = false
 }
 
diff --git a/gui/templates/base.tmpl b/gui/templates/base.tmpl
index a2c07fb..aee98a8 100644
--- a/gui/templates/base.tmpl
+++ b/gui/templates/base.tmpl
@@ -7,7 +7,7 @@
     <meta name="description" content="LabCA is a private Certificate Authority for internal (intranet) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).">
     <meta name="keywords" content="LabCA PKI CA Certificate Authority ACME Boulder">
     <meta name="author" content="Arjan Hakkesteegt | Hakwerk IT B.V.">
-    <title>{{ block "title" . }}{{ if .Title }}{{ .Title }} | {{ end }}LabCA{{ end }}</title>
+    <title>{{ block "title" . }}{{ if .Title }}{{ .Title }} | {{ end }}{{ .WebTitle }}{{ end }}</title>
     {{ block "css" . }}{{ template "partials/css.tmpl" . }}{{ end }}
     <link rel="icon" type="image/png" href="static/img/fav-admin.png">
     {{ block "head" . }}{{ .Head }}{{ end }}
@@ -32,7 +32,7 @@
                         <small>{{ if .Version }}{{ .Version }}{{ end }}</small>
                     </div>
                     <div class="col-sm-6 footer text-muted text-right" id="footer">
-                        <small>Copyright &copy; 2018-2022 LabCA</small>
+                        <small>Copyright &copy; 2018-2022 <a href="https://lab-ca.net/">LabCA</a></small>
                     </div>
                 </div>
             </div>
diff --git a/gui/templates/partials/nav.tmpl b/gui/templates/partials/nav.tmpl
index 5bb1e57..2231d8b 100644
--- a/gui/templates/partials/nav.tmpl
+++ b/gui/templates/partials/nav.tmpl
@@ -7,7 +7,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/admin">{{ .WebTitle }}</a>
       </div>
 
             <ul class="nav navbar-top-links navbar-right">
diff --git a/gui/templates/views/dashboard.tmpl b/gui/templates/views/dashboard.tmpl
index 0ee8d82..de97683 100644
--- a/gui/templates/views/dashboard.tmpl
+++ b/gui/templates/views/dashboard.tmpl
@@ -1,5 +1,5 @@
 {{ define "body" }}
-            <h3>LabCA</h3>
+            <h3></h3>
         </div>
     </div>
 
diff --git a/gui/templates/views/list.tmpl b/gui/templates/views/list.tmpl
index 0cf1e07..3b3630b 100644
--- a/gui/templates/views/list.tmpl
+++ b/gui/templates/views/list.tmpl
@@ -1,6 +1,6 @@
 {{ define "body" }}
 {{with .List}}
-        <h3>LabCA {{ .Title }}</h3>
+        <h3>{{ .Title }}</h3>
 
         <table class="table table-striped table-bordered table-hover datatable {{ .TableClass }}">
             <thead>
diff --git a/gui/templates/views/manage.tmpl b/gui/templates/views/manage.tmpl
index 9cd782c..31f9b71 100644
--- a/gui/templates/views/manage.tmpl
+++ b/gui/templates/views/manage.tmpl
@@ -1,5 +1,5 @@
 {{ define "body" }}
-    <h3>Manage LabCA</h3>
+    <h3>Manage</h3>
     <p>Here you can manage your LabCA instance. Be careful!</p>
 
 <ul class="nav nav-tabs nav-tabs-sticky">
@@ -140,10 +140,15 @@
         <span class="error config-error hidden" id="fqdn-error"></span>
       </div>
       <div class="form-group">
-        <label for="fqdn">Organization name:</label>
+        <label for="organization">Organization name:</label>
         <input class="form-control non-fluid" type="text" id="organization" name="organization" value="{{ .Organization }}" required>
         <span class="error config-error hidden" id="organization-error"></span>
       </div>
+      <div class="form-group">
+        <label for="webtitle">Title on web pages (e.g. 'Internal ACME CA'):</label>
+        <input class="form-control non-fluid" type="text" id="webtitle" name="webtitle" value="{{ .WebTitle }}">
+        <span class="error config-error hidden" id="webtitle-error"></span>
+      </div>
       <div class="form-group">
         <label for="dns">Internal DNS server to use:</label>
         <input class="form-control non-fluid" type="text" id="dns" name="dns" value="{{ .DNS }}" required>
@@ -504,6 +509,7 @@
                             action: $(evt.target).attr("id"),
                             fqdn: $("#fqdn").val(),
                             organization: $("#organization").val(),
+                            webtitle: $("#webtitle").val(),
                             dns: $("#dns").val(),
                             domain_mode: ($("#standard").prop('checked') ? 'standard' : ($("#whitelist").prop('checked') ? 'whitelist' : 'lockdown')),
                             lockdown_domains: $("#lockdown_domains").val(),
diff --git a/gui/templates/views/show.tmpl b/gui/templates/views/show.tmpl
index 20250c0..f917acc 100644
--- a/gui/templates/views/show.tmpl
+++ b/gui/templates/views/show.tmpl
@@ -1,6 +1,6 @@
 {{ define "body" }}
 {{ with .Details }}
-        <h3>LabCA {{ .Title }}</h3>
+        <h3>{{ .Title }}</h3>
 
         <table class="table table-striped table-bordered {{ .TableClass }}" id="details_table">
             <tbody>
diff --git a/install b/install
index e988b86..b3c1a8c 100755
--- a/install
+++ b/install
@@ -473,14 +473,19 @@ static_web() {
     mkdir -p crl
     [ -e cert ] || ln -s certs cert
     cp -rp $cloneDir/static/* .
-    sed -i -e "s|\[LABCA_CPS_LOCATION\]|http://$LABCA_FQDN/cps/|g" cps/index.html
-    sed -i -e "s|\[LABCA_CERTS_LOCATION\]|http://$LABCA_FQDN/certs/|g" cps/index.html
+    sed -i -e "s|<\!-- BEGIN LABCA_CPS_LOCATION -->.*<\!-- END LABCA_CPS_LOCATION -->|<\!-- BEGIN LABCA_CPS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/cps/\">http://$LABCA_FQDN/cps/</a><\!-- END LABCA_CPS_LOCATION -->|g" cps/index.html
+    sed -i -e "s|<\!-- BEGIN LABCA_CERTS_LOCATION -->.*<\!-- END LABCA_CERTS_LOCATION -->|<\!-- BEGIN LABCA_CERTS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/certs/\">http://$LABCA_FQDN/certs/</a><\!-- END LABCA_CERTS_LOCATION -->|g" cps/index.html
 
     local have_config=$(grep restarted $adminDir/data/config.json | grep true)
     if [ "$have_config" != "" ]; then
         export PKI_ROOT_CERT_BASE="$adminDir/data/root-ca"
         export PKI_INT_CERT_BASE="$adminDir/data/issuer/ca-int"
         export PKI_DEFAULT_O=$(grep organization $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
+        export PKI_FQDN=$LABCA_FQDN
+        export PKI_WEB_TITLE=$(grep web_title $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
+        if [ "$PKI_WEB_TITLE" == "" ]; then
+            export PKI_WEB_TITLE="LabCA"
+        fi
 
         $adminDir/apply-nginx
     fi
diff --git a/static/502.html b/static/502.html
index 96e299a..3af2405 100644
--- a/static/502.html
+++ b/static/502.html
@@ -29,7 +29,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/admin"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
             <ul class="nav navbar-top-links navbar-right">
@@ -118,7 +118,7 @@
                         <small></small>
                     </div>
                     <div class="col-sm-6 footer text-muted text-right" id="footer">
-                        <small>Copyright &copy; 2018-2022 LabCA</small>
+                        <small>Copyright &copy; 2018-2022 <a href="https://lab-ca.net/">LabCA</a></small>
                     </div>
                 </div>
             </div>
diff --git a/static/certs/index.html b/static/certs/index.html
index 1bfa6cc..f704ad4 100644
--- a/static/certs/index.html
+++ b/static/certs/index.html
@@ -27,7 +27,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
       <ul class="nav navbar-top-links navbar-right">
@@ -67,23 +67,23 @@
             <tbody>
               <tr>
                 <td>Root CA</td>
-                <td>[PKI_ROOT_DN]</td>
+                <td><!-- BEGIN PKI_ROOT_DN -->PKI_ROOT_DN<!-- END PKI_ROOT_DN --></td>
                 <td><a class="public" href="root-ca.der">root-ca.der</a></td>
                 <td><a class="public" href="root-ca.pem">root-ca.pem</a></td>
-                <td>[PKI_ROOT_VALIDITY]</td>
+                <td><!-- BEGIN PKI_ROOT_VALIDITY -->PKI_ROOT_VALIDITY<!-- END PKI_ROOT_VALIDITY --></td>
               </tr>
               <tr>
                 <td>Issuing CA</td>
-                <td>[PKI_INT_DN]</td>
+                <td><!-- BEGIN PKI_INT_DN -->PKI_INT_DN<!-- END PKI_INT_DN --></td>
                 <td><a class="public" href="ca-int.der">ca-int.der</a></td>
                 <td><a class="public" href="ca-int.pem">ca-int.pem</a></td>
-                <td>[PKI_INT_VALIDITY]</td>
+                <td><!-- BEGIN PKI_INT_VALIDITY -->PKI_INT_VALIDITY<!-- END PKI_INT_VALIDITY --></td>
               </tr>
             </tbody>
           </table>
 
           <p>
-            To trust the certificates provided by LabCA, all your client devices should install the root certificate in their
+            To trust the certificates provided by <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->, all your client devices should install the root certificate in their
             <b>Trusted Root Certification Authorities</b> store. You may choose to download the format best suited for your
             Operating System: DER format for Windows machines or PEM format for Linux/unix machines and Android phones.
           </p>
diff --git a/static/cps/index.html b/static/cps/index.html
index 31d7c49..86d6e4d 100644
--- a/static/cps/index.html
+++ b/static/cps/index.html
@@ -27,7 +27,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
       <ul class="nav navbar-top-links navbar-right">
@@ -59,7 +59,7 @@
           <p>
             This Certification Practice Statement ("CPS") document outlines the certification services practices for this
             particular instance running the LabCA software. PKI (Public Key Infrastructure) services include, but are not limited to, issuing, managing,
-            validating, revoking, and renewing Certificates. The services are provided for [PKI_COMPANY_NAME] internal use only.
+            validating, revoking, and renewing Certificates. The services are provided for <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> internal use only.
           </p>
           <p>The following Certification Authorities are covered under this CPS:</p>
           <table class="table table-striped table-bordered">
@@ -71,9 +71,9 @@
             </tr></thead>
             <tbody><tr>
               <td>Root CA</td>
-              <td>[PKI_ROOT_DN]</td>
-              <td>[PKI_ROOT_FINGERPRINT]</td>
-              <td>[PKI_ROOT_VALIDITY]</td>
+              <td><!-- BEGIN PKI_ROOT_DN -->PKI_ROOT_DN<!-- END PKI_ROOT_DN --></td>
+              <td><!-- BEGIN PKI_ROOT_FINGERPRINT -->PKI_ROOT_FINGERPRINT<!-- END PKI_ROOT_FINGERPRINT --></td>
+              <td><!-- BEGIN PKI_ROOT_VALIDITY -->PKI_ROOT_VALIDITY<!-- END PKI_ROOT_VALIDITY --></td>
             </tr></tbody>
           </table>
           <p>
@@ -91,29 +91,29 @@
           </p>
 
           <p class="caption"><strong>2. Publication and Repository</strong></p>
-          <p>This CPS is published at <a class="public" href="[LABCA_CPS_LOCATION]">[LABCA_CPS_LOCATION]</a></p>
+          <p>This CPS is published at <!-- BEGIN LABCA_CPS_LOCATION --><a class="public" href="[LABCA_CPS_LOCATION]">[LABCA_CPS_LOCATION]</a><!-- END LABCA_CPS_LOCATION --></p>
           <p>
             Records of root and intermediate certificates, including those that have been revoked, are available at
-            <a class="public" href="[LABCA_CERTS_LOCATION]">[LABCA_CERTS_LOCATION]</a>
+            <!-- BEGIN LABCA_CERTS_LOCATION --><a class="public" href="[LABCA_CERTS_LOCATION]">[LABCA_CERTS_LOCATION]</a><!-- END LABCA_CERTS_LOCATION -->
           </p>
           <p>
-            LabCA certificates contain URLs to locations where certificate-related information is published, including
+            <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates contain URLs to locations where certificate-related information is published, including
             revocation information via OCSP and/or CRLs.
           </p>
 
           <p class="caption"><strong>3. Identification and Authentication</strong></p>
           <p>
-            LabCA certificates include a "Subject" field which identifies the subject entity (i.e. organization or domain). The
+            <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates include a "Subject" field which identifies the subject entity (i.e. organization or domain). The
             subject entity is identified using a distinguished name.
           </p>
           <p>
-            LabCA certificates include an "Issuer" field which identifies the issuing entity. The issuing entity is identified
+            <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates include an "Issuer" field which identifies the issuing entity. The issuing entity is identified
             using a distinguished name.
           </p>
 
           <p class="caption"><strong>4. Certificate Life-Cycle Operational Requirements</strong></p>
           <p>
-            Anyone associated with [PKI_COMPANY_NAME] may submit an application for a certificate via the ACME protocol. Issuance
+            Anyone associated with <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> may submit an application for a certificate via the ACME protocol. Issuance
             will depend on proper validation and compliance with this PKI's policies. End-entity certificates are made available
             to Subscribers via the ACME protocol as soon after issuance as reasonably possible.
           </p>
@@ -134,17 +134,17 @@
           <p>Certificate revocation permanently ends the certificate's operational period prior to its stated validity period.</p>
 
           <p class="caption"><strong>5. Facilities, Management, and Operational Controls</strong></p>
-          <p>Operating this PKI is under full responsibility of [PKI_COMPANY_NAME].</p>
+          <p>Operating this PKI is under full responsibility of <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->.</p>
 
           <p class="caption"><strong>6. Technical Security Controls</strong></p>
           <p>
-            LabCA is <strong>not</strong> using a Hardware Security Module (HSM) for storing CA private keys. LabCA is intended
-            to be used in a lab or intranet environment with sufficient protection against bad actors. It may not be used as
-            publicly accessible PKI instance.
+            <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> is <strong>not</strong> using a Hardware Security Module (HSM) for storing CA private keys.
+            <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> is intended to be used in a lab or intranet environment with sufficient protection against
+            bad actors. It may not be used as publicly accessible PKI instance.
           </p>
 
           <p class="caption"><strong>7. Certificate, CRL, and OCSP Profile</strong></p>
-          <p>Any requirements or policies regarding Certificates, CRLs and OCSP are at full discretion of [PKI_COMPANY_NAME].</p>
+          <p>Any requirements or policies regarding Certificates, CRLs and OCSP are at full discretion of <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->.</p>
 
           <p class="caption"><strong>8. Compliance audit</strong></p>
           <p>Not applicable.</p>
diff --git a/static/index.html b/static/index.html
index e244430..8e428b5 100644
--- a/static/index.html
+++ b/static/index.html
@@ -27,7 +27,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
       <ul class="nav navbar-top-links navbar-right">
@@ -54,18 +54,18 @@
     <div id="page-wrapper">
       <div class="row">
         <div class="col-lg-12">
-          <h1 class="page-header">LabCA</h1>
+          <h1 class="page-header"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></h1>
 
           <p>
-            LabCA is a private CA (Certificate Authority) for use inside an organization, i.e. for creating HTTPS/SSL certificates
+            <!-- BEGIN WEBTITLE_X1 -->LabCA<!-- END WEBTITLE_X1 --> is a private CA (Certificate Authority) for use inside an organization, i.e. for creating HTTPS/SSL certificates
             for machines that cannot be reached via the open internet. It is based on Let's Encrypt&trade; code for ACMEv2
             (Automated Certificate Management Environment) so all modern
-            LE clients should work. LabCA should <b>not</b> be used on the open internet, please use the official
+            LE clients should work.<br/>LabCA <b>should NOT</b> be used on the open internet, please use the official
             <a class="public" href="https://letsencrypt.org/">Let's Encrypt&trade; <i class="fa fa-external-link fa-fw ext-link"></i>
             </a> instance for that.
           </p>
           <p>
-            To trust the certificates provided by LabCA, all your client devices should install the root certificate in their
+            To trust the certificates provided by <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->, all your client devices should install the root certificate in their
             <b>Trusted Root Certification Authorities</b> store. You may choose to download the format best suited for your
             Operating System: DER format for Windows machines or PEM format for Linux/unix machines and Android phones:<br/>
             <a class="public" href="certs/root-ca.der">Windows (.der) format</a>&nbsp;|&nbsp;
@@ -73,7 +73,7 @@
           </p>
           <br/>
           <h4>More information</h4>
-          <p>Additional information about this LabCA instance can be found on these pages:<br/>
+          <p>Additional information about <!-- BEGIN WEBTITLE_X2 -->this LabCA instance<!-- END WEBTITLE_X2 --> can be found on these pages:<br/>
             <a class="public" href="terms/v1">Terms</a> - the Usage Terms<br/>
             <a class="public" href="cps/">CPS</a> - the Certification Practice Statement
           </p>
diff --git a/static/rate-limits.html b/static/rate-limits.html
index 164c69a..6bb9c07 100644
--- a/static/rate-limits.html
+++ b/static/rate-limits.html
@@ -8,7 +8,7 @@
   <meta name="keywords" content="LabCA PKI CA Certificate Authority ACME Boulder">
   <meta name="author" content="Arjan Hakkesteegt">
 
-  <title>LabCA</title>
+  <title>Rate Limits | LabCA</title>
 
   <link href="css/bootstrap.min.css" rel="stylesheet">
   <link href="css/sb-admin-2.min.css" rel="stylesheet">
@@ -27,7 +27,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
       <ul class="nav navbar-top-links navbar-right">
@@ -59,10 +59,10 @@
           <h1 class="page-header">Rate Limits</h1>
 
           <p>
-            It is unlikely that you hit the rate limit mechanism for your selected domain, as it is set to allow 10,000 certificates in LabCA.
+            It is unlikely that you hit the rate limit mechanism for your selected domain, as it is set to allow 10,000 certificates in <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->.
           </p>
           <p>
-            If your LabCA instance is set up to (also) allow official domains (not recommended), then for the other domains the main limit is
+            If <!-- BEGIN WEBTITLE_X2 -->this LabCA instance<!-- END WEBTITLE_X2 --> is set up to (also) allow official domains (not recommended), then for the other domains the main limit is
             <b>Certificates per Registered Domain</b>: 5 per 24 hours. As per the
             <a class="public" href="https://letsencrypt.org/docs/rate-limits/">Let's Encrypt&trade; rate limits page <i class="fa fa-external-link fa-fw ext-link"></i></a>,
             a registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance,
diff --git a/static/terms/v1.html b/static/terms/v1.html
index 37174f5..0a32b2d 100644
--- a/static/terms/v1.html
+++ b/static/terms/v1.html
@@ -27,7 +27,7 @@
           <span class="icon-bar"></span>
           <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/">LabCA</a>
+        <a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
       </div>
 
       <ul class="nav navbar-top-links navbar-right">
@@ -69,8 +69,8 @@
                 be, the subject of your certificate;</li>
             <li>all information in your certificate regarding you or your domain name is accurate, current, reliable,
                 complete, and not misleading;</li>
-            <li>your certificate is only used inside [PKI_COMPANY_NAME] and according to any and all policies of
-                [PKI_COMPANY_NAME];</li>
+            <li>your certificate is only used inside <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> and according to any and all policies of
+                <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->;</li>
             <li>your certificate is not used in any way to deceive.</li>
         </ul>
         <p>The contents of your certificates will be based on the information you or your ACME client software sends to this