github-personal/pangolin
1
0
Fork 0
mirror of https://github.com/outbackdingo/pangolin.git synced 2026-01-27 10:20:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1322 from fosrl/dev

Browse Source 
1.9.0
This commit is contained in:
Owen Schwartz
2025-08-24 10:31:23 -07:00
committed by GitHub
parent cb95f02912 be5a9a840c
commit e0b76ffebc
234 changed files with 17945 additions and 5331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@@ -28,3 +28,4 @@ LICENSE
CONTRIBUTING.md
dist
.git
config/

22
.github/dependabot.yml vendored
View File

@@ -38,3 +38,25 @@ updates:
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "gomod"
directory: "/install"
schedule:
interval: "daily"
groups:
dev-patch-updates:
dependency-type: "development"
update-types:
- "patch"
dev-minor-updates:
dependency-type: "development"
update-types:
- "minor"
prod-patch-updates:
dependency-type: "production"
update-types:
- "patch"
prod-minor-updates:
dependency-type: "production"
update-types:
- "minor"

2
.github/workflows/cicd.yml vendored
View File

@@ -30,7 +30,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.23.0
go-version: 1.24
- name: Update version in package.json
run: |

2
.github/workflows/linting.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
node-version: '22'
- name: Install dependencies
run: |

2
.github/workflows/test.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
- uses: actions/setup-node@v4
with:
node-version: '20'
node-version: '22'
- name: Copy config file
run: cp config/config.example.yml config/config.yml

9
.gitignore vendored
View File

@@ -26,6 +26,10 @@ next-env.d.ts
migrations
tsconfig.tsbuildinfo
config/config.yml
config/postgres
config/postgres*
config/openapi.yaml
config/key
dist
.dist
installer
@@ -34,4 +38,9 @@ bin
.secrets
test_event.json
.idea/
public/branding
server/db/index.ts
server/build.ts
postgres/
dynamic/
certificates/

2
.nvmrc
View File

@@ -1 +1 @@
20
22

4
CONTRIBUTING.md
View File

@@ -4,7 +4,7 @@ Contributions are welcome!
Please see the contribution and local development guide on the docs page before getting started:
https://docs.fossorial.io/development
https://docs.digpangolin.com/development/contributing
### Licensing Considerations
@@ -17,4 +17,4 @@ By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.
```
```

17
Dockerfile.pg → Dockerfile
View File

@@ -1,21 +1,26 @@
FROM node:20-alpine AS builder
FROM node:22-alpine AS builder
WORKDIR /app
ARG BUILD=oss
ARG DATABASE=sqlite
# COPY package.json package-lock.json ./
COPY package*.json ./
RUN npm ci
COPY . .
RUN echo 'export * from "./pg";' > server/db/index.ts
RUN echo "export * from \"./$DATABASE\";" > server/db/index.ts
RUN npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init
RUN echo "export const build = \"$BUILD\" as any;" > server/build.ts
RUN npm run build:pg
RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema.ts --out init; fi
RUN npm run build:$DATABASE
RUN npm run build:cli
FROM node:20-alpine AS runner
FROM node:22-alpine AS runner
WORKDIR /app
@@ -38,4 +43,4 @@ COPY server/db/names.json ./dist/names.json
COPY public ./public
CMD ["npm", "run", "start:pg"]
CMD ["npm", "run", "start"]

2
Dockerfile.dev
View File

@@ -1,4 +1,4 @@
FROM node:20-alpine
FROM node:22-alpine
WORKDIR /app

41
Dockerfile.sqlite
View File

@@ -1,41 +0,0 @@
FROM node:20-alpine AS builder
WORKDIR /app
# COPY package.json package-lock.json ./
COPY package*.json ./
RUN npm ci
COPY . .
RUN echo 'export * from "./sqlite";' > server/db/index.ts
RUN npx drizzle-kit generate --dialect sqlite --schema ./server/db/sqlite/schema.ts --out init
RUN npm run build:sqlite
RUN npm run build:cli
FROM node:20-alpine AS runner
WORKDIR /app
# Curl used for the health checks
RUN apk add --no-cache curl
# COPY package.json package-lock.json ./
COPY package*.json ./
RUN npm ci --omit=dev && npm cache clean --force
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/init ./dist/init
COPY ./cli/wrapper.sh /usr/local/bin/pangctl
RUN chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
COPY server/db/names.json ./dist/names.json
COPY public ./public
CMD ["npm", "run", "start:sqlite"]

12
Makefile
View File

@@ -5,10 +5,10 @@ build-release:
echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
exit 1; \
fi
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest -f Dockerfile.sqlite --push .
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) -f Dockerfile.sqlite --push .
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg --push .
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) -f Dockerfile.pg --push .
docker buildx build --build-arg DATABASE=sqlite --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest --push .
docker buildx build --build-arg DATABASE=sqlite --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) --push .
docker buildx build --build-arg DATABASE=pg --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest --push .
docker buildx build --build-arg DATABASE=pg --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) --push .
build-arm:
docker buildx build --platform linux/arm64 -t fosrl/pangolin:latest .
@@ -17,10 +17,10 @@ build-x86:
docker buildx build --platform linux/amd64 -t fosrl/pangolin:latest .
build-sqlite:
docker build -t fosrl/pangolin:latest -f Dockerfile.sqlite .
docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
build-pg:
docker build -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg .
docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
test:
docker run -it -p 3000:3000 -p 3001:3001 -p 3002:3002 -v ./config:/app/config fosrl/pangolin:latest

6
README.md
View File

@@ -20,7 +20,7 @@ _Pangolin tunnels your services to the internet so you can access anything from
Website
</a>
<span> | </span>
<a href="https://docs.fossorial.io/Getting%20Started/quick-install">
<a href="https://docs.digpangolin.com/self-host/quick-install">
Install Guide
</a>
<span> | </span>
@@ -104,7 +104,7 @@ Pangolin is a self-hosted tunneled reverse proxy server with identity and access
### Fully Self Hosted
Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.fossorial.io/Getting%20Started/quick-install) to get started.
Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.digpangolin.com/self-host/quick-install) to get started.
> Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can get a [**VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**](https://my.racknerd.com/aff.php?aff=13788&pid=912). That's a great deal!
@@ -139,7 +139,7 @@ Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license.
## Contributions
Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22).
Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22). Also take a look through the freature requests in Discussions - any are available and some are marked as a good first issue.
Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices.

72
cli/commands/resetUserSecurityKeys.ts Normal file
View File

@@ -0,0 +1,72 @@
import { CommandModule } from "yargs";
import { db, users, securityKeys } from "@server/db";
import { eq } from "drizzle-orm";
type ResetUserSecurityKeysArgs = {
email: string;
};
export const resetUserSecurityKeys: CommandModule<
{},
ResetUserSecurityKeysArgs
> = {
command: "reset-user-security-keys",
describe:
"Reset a user's security keys (passkeys) by deleting all their webauthn credentials",
builder: (yargs) => {
return yargs.option("email", {
type: "string",
demandOption: true,
describe: "User email address"
});
},
handler: async (argv: { email: string }) => {
try {
const { email } = argv;
console.log(`Looking for user with email: ${email}`);
// Find the user by email
const [user] = await db
.select()
.from(users)
.where(eq(users.email, email))
.limit(1);
if (!user) {
console.error(`User with email '${email}' not found`);
process.exit(1);
}
console.log(`Found user: ${user.email} (ID: ${user.userId})`);
// Check if user has any security keys
const userSecurityKeys = await db
.select()
.from(securityKeys)
.where(eq(securityKeys.userId, user.userId));
if (userSecurityKeys.length === 0) {
console.log(`User '${email}' has no security keys to reset`);
process.exit(0);
}
console.log(
`Found ${userSecurityKeys.length} security key(s) for user '${email}'`
);
// Delete all security keys for the user
await db
.delete(securityKeys)
.where(eq(securityKeys.userId, user.userId));
console.log(`Successfully reset security keys for user '${email}'`);
console.log(`Deleted ${userSecurityKeys.length} security key(s)`);
process.exit(0);
} catch (error) {
console.error("Error:", error);
process.exit(1);
}
}
};

4
cli/commands/setAdminCredentials.ts
View File

@@ -32,7 +32,9 @@ export const setAdminCredentials: CommandModule<{}, SetAdminCredentialsArgs> = {
},
handler: async (argv: { email: string; password: string }) => {
try {
const { email, password } = argv;
const { password } = argv;
let { email } = argv;
email = email.trim().toLowerCase();
const parsed = passwordSchema.safeParse(password);

2
cli/index.ts
View File

@@ -3,9 +3,11 @@
import yargs from "yargs";
import { hideBin } from "yargs/helpers";
import { setAdminCredentials } from "@cli/commands/setAdminCredentials";
import { resetUserSecurityKeys } from "@cli/commands/resetUserSecurityKeys";
yargs(hideBin(process.argv))
.scriptName("pangctl")
.command(setAdminCredentials)
.command(resetUserSecurityKeys)
.demandCommand()
.help().argv;

52
config/config.example.yml
View File

@@ -1,48 +1,28 @@
# To see all available options, please visit the docs:
# https://docs.fossorial.io/Pangolin/Configuration/config
# https://docs.digpangolin.com/self-host/advanced/config-file
app:
dashboard_url: "http://localhost:3002"
log_level: "info"
save_logs: false
dashboard_url: http://localhost:3002
log_level: debug
domains:
domain1:
base_domain: "example.com"
cert_resolver: "letsencrypt"
domain1:
base_domain: example.com
server:
external_port: 3000
internal_port: 3001
next_port: 3002
internal_hostname: "pangolin"
session_cookie_name: "p_session_token"
resource_access_token_param: "p_token"
secret: "your_secret_key_here"
resource_access_token_headers:
id: "P-Access-Token-Id"
token: "P-Access-Token"
resource_session_request_param: "p_session_request"
traefik:
http_entrypoint: "web"
https_entrypoint: "websecure"
secret: my_secret_key
gerbil:
start_port: 51820
base_endpoint: "localhost"
block_size: 24
site_block_size: 30
subnet_group: 100.89.137.0/20
use_subdomain: true
base_endpoint: example.com
rate_limits:
global:
window_minutes: 1
max_requests: 500
orgs:
block_size: 24
subnet_group: 100.90.137.0/20
flags:
require_email_verification: false
disable_signup_without_invite: true
disable_user_create_org: true
allow_raw_resources: true
require_email_verification: false
disable_signup_without_invite: true
disable_user_create_org: true
allow_raw_resources: true
enable_integration_api: true
enable_clients: true

BIN
config/db/db.sqlite.bak
View File

Binary file not shown.

53
config/traefik/dynamic_config.yml Normal file
View File

@@ -0,0 +1,53 @@
http:
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
routers:
# HTTP to HTTPS redirect router
main-app-router-redirect:
rule: "Host(`{{.DashboardDomain}}`)"
service: next-service
entryPoints:
- web
middlewares:
- redirect-to-https
# Next.js router (handles everything except API and WebSocket paths)
next-router:
rule: "Host(`{{.DashboardDomain}}`) && !PathPrefix(`/api/v1`)"
service: next-service
entryPoints:
- websecure
tls:
certResolver: letsencrypt
# API router (handles /api/v1 paths)
api-router:
rule: "Host(`{{.DashboardDomain}}`) && PathPrefix(`/api/v1`)"
service: api-service
entryPoints:
- websecure
tls:
certResolver: letsencrypt
# WebSocket router
ws-router:
rule: "Host(`{{.DashboardDomain}}`)"
service: api-service
entryPoints:
- websecure
tls:
certResolver: letsencrypt
services:
next-service:
loadBalancer:
servers:
- url: "http://pangolin:3002" # Next.js server
api-service:
loadBalancer:
servers:
- url: "http://pangolin:3000" # API/WebSocket server

34
config/traefik/traefik_config.yml Normal file
View File

@@ -0,0 +1,34 @@
api:
insecure: true
dashboard: true
providers:
file:
directory: "/var/dynamic"
watch: true
experimental:
plugins:
badger:
moduleName: "github.com/fosrl/badger"
version: "v1.2.0"
log:
level: "DEBUG"
format: "common"
maxSize: 100
maxBackups: 3
maxAge: 3
compress: true
entryPoints:
web:
address: ":80"
websecure:
address: ":9443"
transport:
respondingTimeouts:
readTimeout: "30m"
serversTransport:
insecureSkipVerify: true

5
docker-compose.example.yml
View File

@@ -22,8 +22,7 @@ services:
command:
- --reachableAt=http://gerbil:3003
- --generateAndSaveKeyTo=/var/config/key
- --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
- --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
- --remoteConfig=http://pangolin:3001/api/v1/
volumes:
- ./config/:/var/config
cap_add:
@@ -36,7 +35,7 @@ services:
- 80:80 # Port for traefik because of the network_mode
traefik:
image: traefik:v3.4.0
image: traefik:v3.5
container_name: traefik
restart: unless-stopped
network_mode: service:gerbil # Ports appear on the gerbil service

4
docker-compose.pg.yml
View File

@@ -7,6 +7,8 @@ services:
POSTGRES_DB: postgres # Default database name
POSTGRES_USER: postgres # Default user
POSTGRES_PASSWORD: password # Default password (change for production!)
volumes:
- ./config/postgres:/var/lib/postgresql/data
ports:
- "5432:5432" # Map host port 5432 to container port 5432
restart: no
restart: no

32
docker-compose.t.yml Normal file
View File

@@ -0,0 +1,32 @@
name: pangolin
services:
gerbil:
image: gerbil
container_name: gerbil
network_mode: host
restart: unless-stopped
command:
- --reachableAt=http://localhost:3003
- --generateAndSaveKeyTo=/var/config/key
- --remoteConfig=http://localhost:3001/api/v1/
- --sni-port=443
volumes:
- ./config/:/var/config
cap_add:
- NET_ADMIN
- SYS_MODULE
traefik:
image: docker.io/traefik:v3.4.1
container_name: traefik
restart: unless-stopped
network_mode: host
command:
- --configFile=/etc/traefik/traefik_config.yml
volumes:
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
- ./certificates:/var/certificates:ro
- ./dynamic:/var/dynamic:ro

3
docker-compose.yml
View File

@@ -9,6 +9,7 @@ services:
- "3000:3000"
- "3001:3001"
- "3002:3002"
- "3003:3003"
environment:
- NODE_ENV=development
- ENVIRONMENT=dev
@@ -26,4 +27,4 @@ services:
- ./postcss.config.mjs:/app/postcss.config.mjs
- ./eslint.config.js:/app/eslint.config.js
- ./config:/app/config
restart: no
restart: no

2
esbuild.mjs
View File

@@ -64,7 +64,7 @@ esbuild
}),
],
sourcemap: true,
target: "node20",
target: "node22",
})
.then(() => {
console.log("Build completed successfully");

70
install/config.go
View File

@@ -37,15 +37,28 @@ type DynamicConfig struct {
} `yaml:"http"`
}
// ConfigValues holds the extracted configuration values
type ConfigValues struct {
// TraefikConfigValues holds the extracted configuration values
type TraefikConfigValues struct {
DashboardDomain string
LetsEncryptEmail string
BadgerVersion string
}
// AppConfig represents the app section of the config.yml
type AppConfig struct {
App struct {
DashboardURL string `yaml:"dashboard_url"`
LogLevel string `yaml:"log_level"`
} `yaml:"app"`
}
type AppConfigValues struct {
DashboardURL string
LogLevel string
}
// ReadTraefikConfig reads and extracts values from Traefik configuration files
func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues, error) {
func ReadTraefikConfig(mainConfigPath string) (*TraefikConfigValues, error) {
// Read main config file
mainConfigData, err := os.ReadFile(mainConfigPath)
if err != nil {
@@ -57,48 +70,33 @@ func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues,
return nil, fmt.Errorf("error parsing main config file: %w", err)
}
// Read dynamic config file
dynamicConfigData, err := os.ReadFile(dynamicConfigPath)
if err != nil {
return nil, fmt.Errorf("error reading dynamic config file: %w", err)
}
var dynamicConfig DynamicConfig
if err := yaml.Unmarshal(dynamicConfigData, &dynamicConfig); err != nil {
return nil, fmt.Errorf("error parsing dynamic config file: %w", err)
}
// Extract values
values := &ConfigValues{
values := &TraefikConfigValues{
BadgerVersion: mainConfig.Experimental.Plugins.Badger.Version,
LetsEncryptEmail: mainConfig.CertificatesResolvers.LetsEncrypt.Acme.Email,
}
// Extract DashboardDomain from router rules
// Look for it in the main router rules
for _, router := range dynamicConfig.HTTP.Routers {
if router.Rule != "" {
// Extract domain from Host(`mydomain.com`)
if domain := extractDomainFromRule(router.Rule); domain != "" {
values.DashboardDomain = domain
break
}
}
}
return values, nil
}
// extractDomainFromRule extracts the domain from a router rule
func extractDomainFromRule(rule string) string {
// Look for the Host(`mydomain.com`) pattern
if start := findPattern(rule, "Host(`"); start != -1 {
end := findPattern(rule[start:], "`)")
if end != -1 {
return rule[start+6 : start+end]
}
func ReadAppConfig(configPath string) (*AppConfigValues, error) {
// Read config file
configData, err := os.ReadFile(configPath)
if err != nil {
return nil, fmt.Errorf("error reading config file: %w", err)
}
return ""
var appConfig AppConfig
if err := yaml.Unmarshal(configData, &appConfig); err != nil {
return nil, fmt.Errorf("error parsing config file: %w", err)
}
values := &AppConfigValues{
DashboardURL: appConfig.App.DashboardURL,
LogLevel: appConfig.App.LogLevel,
}
return values, nil
}
// findPattern finds the start of a pattern in a string

18
install/config/config.yml
View File

@@ -1,6 +1,15 @@
# To see all available options, please visit the docs:
# https://docs.fossorial.io/Pangolin/Configuration/config
# https://docs.digpangolin.com/self-host/advanced/config-file
gerbil:
start_port: 51820
base_endpoint: "{{.DashboardDomain}}"
{{if .HybridMode}}
managed:
id: "{{.HybridId}}"
secret: "{{.HybridSecret}}"
{{else}}
app:
dashboard_url: "https://{{.DashboardDomain}}"
log_level: "info"
@@ -17,11 +26,6 @@ server:
methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
allowed_headers: ["X-CSRF-Token", "Content-Type"]
credentials: false
gerbil:
start_port: 51820
base_endpoint: "{{.DashboardDomain}}"
{{if .EnableEmail}}
email:
smtp_host: "{{.EmailSMTPHost}}"
@@ -30,9 +34,9 @@ email:
smtp_pass: "{{.EmailSMTPPass}}"
no_reply: "{{.EmailNoReply}}"
{{end}}
flags:
require_email_verification: {{.EnableEmail}}
disable_signup_without_invite: true
disable_user_create_org: false
allow_raw_resources: true
{{end}}

2
install/config/crowdsec/traefik_config.yml
View File

@@ -16,7 +16,7 @@ experimental:
version: "{{.BadgerVersion}}"
crowdsec: # CrowdSec plugin configuration added
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.4.2"
version: "v1.4.4"
log:
level: "INFO"

19
install/config/docker-compose.yml
View File

@@ -6,6 +6,8 @@ services:
restart: unless-stopped
volumes:
- ./config:/app/config
- pangolin-data:/var/certificates
- pangolin-data:/var/dynamic
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
interval: "10s"
@@ -22,8 +24,7 @@ services:
command:
- --reachableAt=http://gerbil:3003
- --generateAndSaveKeyTo=/var/config/key
- --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
- --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
- --remoteConfig=http://pangolin:3001/api/v1/
volumes:
- ./config/:/var/config
cap_add:
@@ -32,11 +33,11 @@ services:
ports:
- 51820:51820/udp
- 21820:21820/udp
- 443:443 # Port for traefik because of the network_mode
- 80:80 # Port for traefik because of the network_mode
- 443:{{if .HybridMode}}8443{{else}}443{{end}}
- 80:80
{{end}}
traefik:
image: docker.io/traefik:v3.4.1
image: docker.io/traefik:v3.5
container_name: traefik
restart: unless-stopped
{{if .InstallGerbil}}
@@ -55,9 +56,15 @@ services:
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
# Shared volume for certificates and dynamic config in file mode
- pangolin-data:/var/certificates:ro
- pangolin-data:/var/dynamic:ro
networks:
default:
driver: bridge
name: pangolin
enable_ipv6: true
{{if .EnableIPv6}} enable_ipv6: true{{end}}
volumes:
pangolin-data:

18
install/config/traefik/traefik_config.yml
View File

@@ -3,12 +3,17 @@ api:
dashboard: true
providers:
{{if not .HybridMode}}
http:
endpoint: "http://pangolin:3001/api/v1/traefik-config"
pollInterval: "5s"
file:
filename: "/etc/traefik/dynamic_config.yml"
{{else}}
file:
directory: "/var/dynamic"
watch: true
{{end}}
experimental:
plugins:
badger:
@@ -22,7 +27,7 @@ log:
maxBackups: 3
maxAge: 3
compress: true
{{if not .HybridMode}}
certificatesResolvers:
letsencrypt:
acme:
@@ -31,7 +36,7 @@ certificatesResolvers:
email: "{{.LetsEncryptEmail}}"
storage: "/letsencrypt/acme.json"
caServer: "https://acme-v02.api.letsencrypt.org/directory"
{{end}}
entryPoints:
web:
address: ":80"
@@ -40,9 +45,12 @@ entryPoints:
transport:
respondingTimeouts:
readTimeout: "30m"
http:
{{if not .HybridMode}} http:
tls:
certResolver: "letsencrypt"
certResolver: "letsencrypt"{{end}}
serversTransport:
insecureSkipVerify: true
ping:
entryPoint: "web"

332
install/containers.go Normal file
View File

@@ -0,0 +1,332 @@
package main
import (
"bytes"
"fmt"
"os"
"os/exec"
"os/user"
"runtime"
"strconv"
"strings"
"time"
)
func waitForContainer(containerName string, containerType SupportedContainer) error {
maxAttempts := 30
retryInterval := time.Second * 2
for attempt := 0; attempt < maxAttempts; attempt++ {
// Check if container is running
cmd := exec.Command(string(containerType), "container", "inspect", "-f", "{{.State.Running}}", containerName)
var out bytes.Buffer
cmd.Stdout = &out
if err := cmd.Run(); err != nil {
// If the container doesn't exist or there's another error, wait and retry
time.Sleep(retryInterval)
continue
}
isRunning := strings.TrimSpace(out.String()) == "true"
if isRunning {
return nil
}
// Container exists but isn't running yet, wait and retry
time.Sleep(retryInterval)
}
return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds()))
}
func installDocker() error {
// Detect Linux distribution
cmd := exec.Command("cat", "/etc/os-release")
output, err := cmd.Output()
if err != nil {
return fmt.Errorf("failed to detect Linux distribution: %v", err)
}
osRelease := string(output)
// Detect system architecture
archCmd := exec.Command("uname", "-m")
archOutput, err := archCmd.Output()
if err != nil {
return fmt.Errorf("failed to detect system architecture: %v", err)
}
arch := strings.TrimSpace(string(archOutput))
// Map architecture to Docker's architecture naming
var dockerArch string
switch arch {
case "x86_64":
dockerArch = "amd64"
case "aarch64":
dockerArch = "arm64"
default:
return fmt.Errorf("unsupported architecture: %s", arch)
}
var installCmd *exec.Cmd
switch {
case strings.Contains(osRelease, "ID=ubuntu"):
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
apt-get update &&
apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
apt-get update &&
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, dockerArch))
case strings.Contains(osRelease, "ID=debian"):
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
apt-get update &&
apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
apt-get update &&
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, dockerArch))
case strings.Contains(osRelease, "ID=fedora"):
// Detect Fedora version to handle DNF 5 changes
versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'")
versionOutput, err := versionCmd.Output()
var fedoraVersion int
if err == nil {
if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil {
fedoraVersion = v
}
}
// Use appropriate DNF syntax based on version
var repoCmd string
if fedoraVersion >= 41 {
// DNF 5 syntax for Fedora 41+
repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo"
} else {
// DNF 4 syntax for Fedora < 41
repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo"
}
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
dnf -y install dnf-plugins-core &&
%s &&
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, repoCmd))
case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"):
installCmd = exec.Command("bash", "-c", `
zypper install -y docker docker-compose &&
systemctl enable docker
`)
case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"):
installCmd = exec.Command("bash", "-c", `
dnf remove -y runc &&
dnf -y install yum-utils &&
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo &&
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin &&
systemctl enable docker
`)
case strings.Contains(osRelease, "ID=amzn"):
installCmd = exec.Command("bash", "-c", `
yum update -y &&
yum install -y docker &&
systemctl enable docker &&
usermod -a -G docker ec2-user
`)
default:
return fmt.Errorf("unsupported Linux distribution")
}
installCmd.Stdout = os.Stdout
installCmd.Stderr = os.Stderr
return installCmd.Run()
}
func startDockerService() error {
if runtime.GOOS == "linux" {
cmd := exec.Command("systemctl", "enable", "--now", "docker")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
return cmd.Run()
} else if runtime.GOOS == "darwin" {
// On macOS, Docker is usually started via the Docker Desktop application
fmt.Println("Please start Docker Desktop manually on macOS.")
return nil
}
return fmt.Errorf("unsupported operating system for starting Docker service")
}
func isDockerInstalled() bool {
return isContainerInstalled("docker")
}
func isPodmanInstalled() bool {
return isContainerInstalled("podman") && isContainerInstalled("podman-compose")
}
func isContainerInstalled(container string) bool {
cmd := exec.Command(container, "--version")
if err := cmd.Run(); err != nil {
return false
}
return true
}
func isUserInDockerGroup() bool {
if runtime.GOOS == "darwin" {
// Docker group is not applicable on macOS
// So we assume that the user can run Docker commands
return true
}
if os.Geteuid() == 0 {
return true // Root user can run Docker commands anyway
}
// Check if the current user is in the docker group
if dockerGroup, err := user.LookupGroup("docker"); err == nil {
if currentUser, err := user.Current(); err == nil {
if currentUserGroupIds, err := currentUser.GroupIds(); err == nil {
for _, groupId := range currentUserGroupIds {
if groupId == dockerGroup.Gid {
return true
}
}
}
}
}
// Eventually, if any of the checks fail, we assume the user cannot run Docker commands
return false
}
// isDockerRunning checks if the Docker daemon is running by using the `docker info` command.
func isDockerRunning() bool {
cmd := exec.Command("docker", "info")
if err := cmd.Run(); err != nil {
return false
}
return true
}
// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied
func executeDockerComposeCommandWithArgs(args ...string) error {
var cmd *exec.Cmd
var useNewStyle bool
if !isDockerInstalled() {
return fmt.Errorf("docker is not installed")
}
checkCmd := exec.Command("docker", "compose", "version")
if err := checkCmd.Run(); err == nil {
useNewStyle = true
} else {
checkCmd = exec.Command("docker-compose", "version")
if err := checkCmd.Run(); err == nil {
useNewStyle = false
} else {
return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available")
}
}
if useNewStyle {
cmd = exec.Command("docker", append([]string{"compose"}, args...)...)
} else {
cmd = exec.Command("docker-compose", args...)
}
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
return cmd.Run()
}
// pullContainers pulls the containers using the appropriate command.
func pullContainers(containerType SupportedContainer) error {
fmt.Println("Pulling the container images...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "pull"); err != nil {
return fmt.Errorf("failed to pull the containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil {
return fmt.Errorf("failed to pull the containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// startContainers starts the containers using the appropriate command.
func startContainers(containerType SupportedContainer) error {
fmt.Println("Starting containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
return fmt.Errorf("failed start containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
return fmt.Errorf("failed to start containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// stopContainers stops the containers using the appropriate command.
func stopContainers(containerType SupportedContainer) error {
fmt.Println("Stopping containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "down"); err != nil {
return fmt.Errorf("failed to stop containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil {
return fmt.Errorf("failed to stop containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// restartContainer restarts a specific container using the appropriate command.
func restartContainer(container string, containerType SupportedContainer) error {
fmt.Println("Restarting containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "restart"); err != nil {
return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil {
return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}

6
install/go.mod
View File

@@ -1,10 +1,10 @@
module installer
go 1.23.0
go 1.24
require (
golang.org/x/term v0.28.0
golang.org/x/term v0.33.0
gopkg.in/yaml.v3 v3.0.1
)
require golang.org/x/sys v0.29.0 // indirect
require golang.org/x/sys v0.34.0 // indirect

8
install/go.sum
View File

@@ -1,7 +1,7 @@
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

74
install/input.go Normal file
View File

@@ -0,0 +1,74 @@
package main
import (
"bufio"
"fmt"
"strings"
"syscall"
"golang.org/x/term"
)
func readString(reader *bufio.Reader, prompt string, defaultValue string) string {
if defaultValue != "" {
fmt.Printf("%s (default: %s): ", prompt, defaultValue)
} else {
fmt.Print(prompt + ": ")
}
input, _ := reader.ReadString('\n')
input = strings.TrimSpace(input)
if input == "" {
return defaultValue
}
return input
}
func readStringNoDefault(reader *bufio.Reader, prompt string) string {
fmt.Print(prompt + ": ")
input, _ := reader.ReadString('\n')
return strings.TrimSpace(input)
}
func readPassword(prompt string, reader *bufio.Reader) string {
if term.IsTerminal(int(syscall.Stdin)) {
fmt.Print(prompt + ": ")
// Read password without echo if we're in a terminal
password, err := term.ReadPassword(int(syscall.Stdin))
fmt.Println() // Add a newline since ReadPassword doesn't add one
if err != nil {
return ""
}
input := strings.TrimSpace(string(password))
if input == "" {
return readPassword(prompt, reader)
}
return input
} else {
// Fallback to reading from stdin if not in a terminal
return readString(reader, prompt, "")
}
}
func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
defaultStr := "no"
if defaultValue {
defaultStr = "yes"
}
input := readString(reader, prompt+" (yes/no)", defaultStr)
return strings.ToLower(input) == "yes"
}
func readBoolNoDefault(reader *bufio.Reader, prompt string) bool {
input := readStringNoDefault(reader, prompt+" (yes/no)")
return strings.ToLower(input) == "yes"
}
func readInt(reader *bufio.Reader, prompt string, defaultValue int) int {
input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue))
if input == "" {
return defaultValue
}
value := defaultValue
fmt.Sscanf(input, "%d", &value)
return value
}

1
install/input.txt
View File

@@ -1,6 +1,7 @@
docker
example.com
pangolin.example.com
yes
admin@example.com
yes
admin@example.com

847
install/main.go
View File

@@ -10,17 +10,12 @@ import (
"math/rand"
"os"
"os/exec"
"os/user"
"path/filepath"
"runtime"
"strconv"
"strings"
"syscall"
"text/template"
"time"
"net"
"golang.org/x/term"
)
// DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD
@@ -40,6 +35,7 @@ type Config struct {
BadgerVersion string
BaseDomain string
DashboardDomain string
EnableIPv6 bool
LetsEncryptEmail string
EnableEmail bool
EmailSMTPHost string
@@ -51,6 +47,9 @@ type Config struct {
TraefikBouncerKey string
DoCrowdsecInstall bool
Secret string
HybridMode bool
HybridId string
HybridSecret string
}
type SupportedContainer string
@@ -66,28 +65,178 @@ func main() {
fmt.Println("Welcome to the Pangolin installer!")
fmt.Println("This installer will help you set up Pangolin on your server.")
fmt.Println("")
fmt.Println("Please make sure you have the following prerequisites:")
fmt.Println("\nPlease make sure you have the following prerequisites:")
fmt.Println("- Open TCP ports 80 and 443 and UDP ports 51820 and 21820 on your VPS and firewall.")
fmt.Println("- Point your domain to the VPS IP with A records.")
fmt.Println("")
fmt.Println("http://docs.fossorial.io/Getting%20Started/dns-networking")
fmt.Println("")
fmt.Println("Lets get started!")
fmt.Println("")
fmt.Println("\nLets get started!")
if os.Geteuid() == 0 { // WE NEED TO BE SUDO TO CHECK THIS
for _, p := range []int{80, 443} {
if err := checkPortsAvailable(p); err != nil {
fmt.Fprintln(os.Stderr, err)
for _, p := range []int{80, 443} {
if err := checkPortsAvailable(p); err != nil {
fmt.Fprintln(os.Stderr, err)
fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly")
os.Exit(1)
}
}
fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly")
os.Exit(1)
}
}
}
reader := bufio.NewReader(os.Stdin)
var config Config
// check if there is already a config file
if _, err := os.Stat("config/config.yml"); err != nil {
config = collectUserInput(reader)
loadVersions(&config)
config.DoCrowdsecInstall = false
config.Secret = generateRandomSecretKey()
fmt.Println("\n=== Generating Configuration Files ===")
// If the secret and id are not generated then generate them
if config.HybridMode && (config.HybridId == "" || config.HybridSecret == "") {
// fmt.Println("Requesting hybrid credentials from cloud...")
credentials, err := requestHybridCredentials()
if err != nil {
fmt.Printf("Error requesting hybrid credentials: %v\n", err)
fmt.Println("Please obtain credentials manually from the dashboard and run the installer again.")
os.Exit(1)
}
config.HybridId = credentials.RemoteExitNodeId
config.HybridSecret = credentials.Secret
fmt.Printf("Your managed credentials have been obtained successfully.\n")
fmt.Printf(" ID: %s\n", config.HybridId)
fmt.Printf(" Secret: %s\n", config.HybridSecret)
fmt.Println("Take these to the Pangolin dashboard https://pangolin.fossorial.io to adopt your node.")
readBool(reader, "Have you adopted your node?", true)
}
if err := createConfigFiles(config); err != nil {
fmt.Printf("Error creating config files: %v\n", err)
os.Exit(1)
}
moveFile("config/docker-compose.yml", "docker-compose.yml")
fmt.Println("\nConfiguration files created successfully!")
fmt.Println("\n=== Starting installation ===")
if readBool(reader, "Would you like to install and start the containers?", true) {
config.InstallationContainerType = podmanOrDocker(reader)
if !isDockerInstalled() && runtime.GOOS == "linux" && config.InstallationContainerType == Docker {
if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
installDocker()
// try to start docker service but ignore errors
if err := startDockerService(); err != nil {
fmt.Println("Error starting Docker service:", err)
} else {
fmt.Println("Docker service started successfully!")
}
// wait 10 seconds for docker to start checking if docker is running every 2 seconds
fmt.Println("Waiting for Docker to start...")
for i := 0; i < 5; i++ {
if isDockerRunning() {
fmt.Println("Docker is running!")
break
}
fmt.Println("Docker is not running yet, waiting...")
time.Sleep(2 * time.Second)
}
if !isDockerRunning() {
fmt.Println("Docker is still not running after 10 seconds. Please check the installation.")
os.Exit(1)
}
fmt.Println("Docker installed successfully!")
}
}
if err := pullContainers(config.InstallationContainerType); err != nil {
fmt.Println("Error: ", err)
return
}
if err := startContainers(config.InstallationContainerType); err != nil {
fmt.Println("Error: ", err)
return
}
}
} else {
fmt.Println("Looks like you already installed Pangolin!")
}
if !checkIsCrowdsecInstalledInCompose() && !checkIsPangolinInstalledWithHybrid() {
fmt.Println("\n=== CrowdSec Install ===")
// check if crowdsec is installed
if readBool(reader, "Would you like to install CrowdSec?", false) {
fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.")
// BUG: crowdsec installation will be skipped if the user chooses to install on the first installation.
if readBool(reader, "Are you willing to manage CrowdSec?", false) {
if config.DashboardDomain == "" {
traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml")
if err != nil {
fmt.Printf("Error reading config: %v\n", err)
return
}
appConfig, err := ReadAppConfig("config/config.yml")
if err != nil {
fmt.Printf("Error reading config: %v\n", err)
return
}
config.DashboardDomain = appConfig.DashboardURL
config.LetsEncryptEmail = traefikConfig.LetsEncryptEmail
config.BadgerVersion = traefikConfig.BadgerVersion
// print the values and check if they are right
fmt.Println("Detected values:")
fmt.Printf("Dashboard Domain: %s\n", config.DashboardDomain)
fmt.Printf("Let's Encrypt Email: %s\n", config.LetsEncryptEmail)
fmt.Printf("Badger Version: %s\n", config.BadgerVersion)
if !readBool(reader, "Are these values correct?", true) {
config = collectUserInput(reader)
}
}
config.DoCrowdsecInstall = true
installCrowdsec(config)
}
}
}
if !config.HybridMode {
// Setup Token Section
fmt.Println("\n=== Setup Token ===")
// Check if containers were started during this installation
containersStarted := false
if (isDockerInstalled() && config.InstallationContainerType == Docker) ||
(isPodmanInstalled() && config.InstallationContainerType == Podman) {
// Try to fetch and display the token if containers are running
containersStarted = true
printSetupToken(config.InstallationContainerType, config.DashboardDomain)
}
// If containers weren't started or token wasn't found, show instructions
if !containersStarted {
showSetupTokenInstructions(config.InstallationContainerType, config.DashboardDomain)
}
}
fmt.Println("\nInstallation complete!")
if !config.HybridMode && !checkIsPangolinInstalledWithHybrid() {
fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
}
}
func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
inputContainer := readString(reader, "Would you like to run Pangolin as Docker or Podman containers?", "docker")
chosenContainer := Docker
@@ -151,161 +300,7 @@ func main() {
os.Exit(1)
}
var config Config
config.InstallationContainerType = chosenContainer
// check if there is already a config file
if _, err := os.Stat("config/config.yml"); err != nil {
config = collectUserInput(reader)
loadVersions(&config)
config.DoCrowdsecInstall = false
config.Secret = generateRandomSecretKey()
if err := createConfigFiles(config); err != nil {
fmt.Printf("Error creating config files: %v\n", err)
os.Exit(1)
}
moveFile("config/docker-compose.yml", "docker-compose.yml")
if !isDockerInstalled() && runtime.GOOS == "linux" && chosenContainer == Docker {
if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
installDocker()
// try to start docker service but ignore errors
if err := startDockerService(); err != nil {
fmt.Println("Error starting Docker service:", err)
} else {
fmt.Println("Docker service started successfully!")
}
// wait 10 seconds for docker to start checking if docker is running every 2 seconds
fmt.Println("Waiting for Docker to start...")
for i := 0; i < 5; i++ {
if isDockerRunning() {
fmt.Println("Docker is running!")
break
}
fmt.Println("Docker is not running yet, waiting...")
time.Sleep(2 * time.Second)
}
if !isDockerRunning() {
fmt.Println("Docker is still not running after 10 seconds. Please check the installation.")
os.Exit(1)
}
fmt.Println("Docker installed successfully!")
}
}
fmt.Println("\n=== Starting installation ===")
if (isDockerInstalled() && chosenContainer == Docker) ||
(isPodmanInstalled() && chosenContainer == Podman) {
if readBool(reader, "Would you like to install and start the containers?", true) {
if err := pullContainers(chosenContainer); err != nil {
fmt.Println("Error: ", err)
return
}
if err := startContainers(chosenContainer); err != nil {
fmt.Println("Error: ", err)
return
}
}
}
} else {
fmt.Println("Looks like you already installed, so I am going to do the setup...")
}
if !checkIsCrowdsecInstalledInCompose() {
fmt.Println("\n=== CrowdSec Install ===")
// check if crowdsec is installed
if readBool(reader, "Would you like to install CrowdSec?", false) {
fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.")
// BUG: crowdsec installation will be skipped if the user chooses to install on the first installation.
if readBool(reader, "Are you willing to manage CrowdSec?", false) {
if config.DashboardDomain == "" {
traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml", "config/traefik/dynamic_config.yml")
if err != nil {
fmt.Printf("Error reading config: %v\n", err)
return
}
config.DashboardDomain = traefikConfig.DashboardDomain
config.LetsEncryptEmail = traefikConfig.LetsEncryptEmail
config.BadgerVersion = traefikConfig.BadgerVersion
// print the values and check if they are right
fmt.Println("Detected values:")
fmt.Printf("Dashboard Domain: %s\n", config.DashboardDomain)
fmt.Printf("Let's Encrypt Email: %s\n", config.LetsEncryptEmail)
fmt.Printf("Badger Version: %s\n", config.BadgerVersion)
if !readBool(reader, "Are these values correct?", true) {
config = collectUserInput(reader)
}
}
config.DoCrowdsecInstall = true
installCrowdsec(config)
}
}
}
fmt.Println("Installation complete!")
fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
}
func readString(reader *bufio.Reader, prompt string, defaultValue string) string {
if defaultValue != "" {
fmt.Printf("%s (default: %s): ", prompt, defaultValue)
} else {
fmt.Print(prompt + ": ")
}
input, _ := reader.ReadString('\n')
input = strings.TrimSpace(input)
if input == "" {
return defaultValue
}
return input
}
func readPassword(prompt string, reader *bufio.Reader) string {
if term.IsTerminal(int(syscall.Stdin)) {
fmt.Print(prompt + ": ")
// Read password without echo if we're in a terminal
password, err := term.ReadPassword(int(syscall.Stdin))
fmt.Println() // Add a newline since ReadPassword doesn't add one
if err != nil {
return ""
}
input := strings.TrimSpace(string(password))
if input == "" {
return readPassword(prompt, reader)
}
return input
} else {
// Fallback to reading from stdin if not in a terminal
return readString(reader, prompt, "")
}
}
func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
defaultStr := "no"
if defaultValue {
defaultStr = "yes"
}
input := readString(reader, prompt+" (yes/no)", defaultStr)
return strings.ToLower(input) == "yes"
}
func readInt(reader *bufio.Reader, prompt string, defaultValue int) int {
input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue))
if input == "" {
return defaultValue
}
value := defaultValue
fmt.Sscanf(input, "%d", &value)
return value
return chosenContainer
}
func collectUserInput(reader *bufio.Reader) Config {
@@ -313,36 +308,73 @@ func collectUserInput(reader *bufio.Reader) Config {
// Basic configuration
fmt.Println("\n=== Basic Configuration ===")
config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain)
config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
// Email configuration
fmt.Println("\n=== Email Configuration ===")
config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
if config.EnableEmail {
config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
for {
response := readString(reader, "Do you want to install Pangolin as a cloud-managed (beta) node? (yes/no)", "")
if strings.EqualFold(response, "yes") || strings.EqualFold(response, "y") {
config.HybridMode = true
break
} else if strings.EqualFold(response, "no") || strings.EqualFold(response, "n") {
config.HybridMode = false
break
}
fmt.Println("Please answer 'yes' or 'no'")
}
// Validate required fields
if config.BaseDomain == "" {
fmt.Println("Error: Domain name is required")
os.Exit(1)
if config.HybridMode {
alreadyHaveCreds := readBool(reader, "Do you already have credentials from the dashboard? If not, we will create them later", false)
if alreadyHaveCreds {
config.HybridId = readString(reader, "Enter your ID", "")
config.HybridSecret = readString(reader, "Enter your secret", "")
}
config.DashboardDomain = readString(reader, "The public addressable IP address for this node or a domain pointing to it", "")
config.InstallGerbil = true
} else {
config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
// Set default dashboard domain after base domain is collected
defaultDashboardDomain := ""
if config.BaseDomain != "" {
defaultDashboardDomain = "pangolin." + config.BaseDomain
}
config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
// Email configuration
fmt.Println("\n=== Email Configuration ===")
config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
if config.EnableEmail {
config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
}
// Validate required fields
if config.BaseDomain == "" {
fmt.Println("Error: Domain name is required")
os.Exit(1)
}
if config.LetsEncryptEmail == "" {
fmt.Println("Error: Let's Encrypt email is required")
os.Exit(1)
}
}
// Advanced configuration
fmt.Println("\n=== Advanced Configuration ===")
config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true)
if config.DashboardDomain == "" {
fmt.Println("Error: Dashboard Domain name is required")
os.Exit(1)
}
if config.LetsEncryptEmail == "" {
fmt.Println("Error: Let's Encrypt email is required")
os.Exit(1)
}
return config
}
@@ -372,6 +404,11 @@ func createConfigFiles(config Config) error {
return nil
}
// the hybrid does not need the dynamic config
if config.HybridMode && strings.Contains(path, "dynamic_config.yml") {
return nil
}
// skip .DS_Store
if strings.Contains(path, ".DS_Store") {
return nil
@@ -423,297 +460,6 @@ func createConfigFiles(config Config) error {
return nil
}
func installDocker() error {
// Detect Linux distribution
cmd := exec.Command("cat", "/etc/os-release")
output, err := cmd.Output()
if err != nil {
return fmt.Errorf("failed to detect Linux distribution: %v", err)
}
osRelease := string(output)
// Detect system architecture
archCmd := exec.Command("uname", "-m")
archOutput, err := archCmd.Output()
if err != nil {
return fmt.Errorf("failed to detect system architecture: %v", err)
}
arch := strings.TrimSpace(string(archOutput))
// Map architecture to Docker's architecture naming
var dockerArch string
switch arch {
case "x86_64":
dockerArch = "amd64"
case "aarch64":
dockerArch = "arm64"
default:
return fmt.Errorf("unsupported architecture: %s", arch)
}
var installCmd *exec.Cmd
switch {
case strings.Contains(osRelease, "ID=ubuntu"):
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
apt-get update &&
apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
apt-get update &&
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, dockerArch))
case strings.Contains(osRelease, "ID=debian"):
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
apt-get update &&
apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
apt-get update &&
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, dockerArch))
case strings.Contains(osRelease, "ID=fedora"):
// Detect Fedora version to handle DNF 5 changes
versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'")
versionOutput, err := versionCmd.Output()
var fedoraVersion int
if err == nil {
if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil {
fedoraVersion = v
}
}
// Use appropriate DNF syntax based on version
var repoCmd string
if fedoraVersion >= 41 {
// DNF 5 syntax for Fedora 41+
repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo"
} else {
// DNF 4 syntax for Fedora < 41
repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo"
}
installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
dnf -y install dnf-plugins-core &&
%s &&
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
`, repoCmd))
case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"):
installCmd = exec.Command("bash", "-c", `
zypper install -y docker docker-compose &&
systemctl enable docker
`)
case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"):
installCmd = exec.Command("bash", "-c", `
dnf remove -y runc &&
dnf -y install yum-utils &&
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo &&
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin &&
systemctl enable docker
`)
case strings.Contains(osRelease, "ID=amzn"):
installCmd = exec.Command("bash", "-c", `
yum update -y &&
yum install -y docker &&
systemctl enable docker &&
usermod -a -G docker ec2-user
`)
default:
return fmt.Errorf("unsupported Linux distribution")
}
installCmd.Stdout = os.Stdout
installCmd.Stderr = os.Stderr
return installCmd.Run()
}
func startDockerService() error {
if runtime.GOOS == "linux" {
cmd := exec.Command("systemctl", "enable", "--now", "docker")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
return cmd.Run()
} else if runtime.GOOS == "darwin" {
// On macOS, Docker is usually started via the Docker Desktop application
fmt.Println("Please start Docker Desktop manually on macOS.")
return nil
}
return fmt.Errorf("unsupported operating system for starting Docker service")
}
func isDockerInstalled() bool {
return isContainerInstalled("docker")
}
func isPodmanInstalled() bool {
return isContainerInstalled("podman") && isContainerInstalled("podman-compose")
}
func isContainerInstalled(container string) bool {
cmd := exec.Command(container, "--version")
if err := cmd.Run(); err != nil {
return false
}
return true
}
func isUserInDockerGroup() bool {
if runtime.GOOS == "darwin" {
// Docker group is not applicable on macOS
// So we assume that the user can run Docker commands
return true
}
if os.Geteuid() == 0 {
return true // Root user can run Docker commands anyway
}
// Check if the current user is in the docker group
if dockerGroup, err := user.LookupGroup("docker"); err == nil {
if currentUser, err := user.Current(); err == nil {
if currentUserGroupIds, err := currentUser.GroupIds(); err == nil {
for _, groupId := range currentUserGroupIds {
if groupId == dockerGroup.Gid {
return true
}
}
}
}
}
// Eventually, if any of the checks fail, we assume the user cannot run Docker commands
return false
}
// isDockerRunning checks if the Docker daemon is running by using the `docker info` command.
func isDockerRunning() bool {
cmd := exec.Command("docker", "info")
if err := cmd.Run(); err != nil {
return false
}
return true
}
// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied
func executeDockerComposeCommandWithArgs(args ...string) error {
var cmd *exec.Cmd
var useNewStyle bool
if !isDockerInstalled() {
return fmt.Errorf("docker is not installed")
}
checkCmd := exec.Command("docker", "compose", "version")
if err := checkCmd.Run(); err == nil {
useNewStyle = true
} else {
checkCmd = exec.Command("docker-compose", "version")
if err := checkCmd.Run(); err == nil {
useNewStyle = false
} else {
return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available")
}
}
if useNewStyle {
cmd = exec.Command("docker", append([]string{"compose"}, args...)...)
} else {
cmd = exec.Command("docker-compose", args...)
}
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
return cmd.Run()
}
// pullContainers pulls the containers using the appropriate command.
func pullContainers(containerType SupportedContainer) error {
fmt.Println("Pulling the container images...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "pull"); err != nil {
return fmt.Errorf("failed to pull the containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil {
return fmt.Errorf("failed to pull the containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// startContainers starts the containers using the appropriate command.
func startContainers(containerType SupportedContainer) error {
fmt.Println("Starting containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
return fmt.Errorf("failed start containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
return fmt.Errorf("failed to start containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// stopContainers stops the containers using the appropriate command.
func stopContainers(containerType SupportedContainer) error {
fmt.Println("Stopping containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "down"); err != nil {
return fmt.Errorf("failed to stop containers: %v", err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil {
return fmt.Errorf("failed to stop containers: %v", err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
// restartContainer restarts a specific container using the appropriate command.
func restartContainer(container string, containerType SupportedContainer) error {
fmt.Println("Restarting containers...")
if containerType == Podman {
if err := run("podman-compose", "-f", "docker-compose.yml", "restart"); err != nil {
return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
}
return nil
}
if containerType == Docker {
if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil {
return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
}
return nil
}
return fmt.Errorf("Unsupported container type: %s", containerType)
}
func copyFile(src, dst string) error {
source, err := os.Open(src)
if err != nil {
@@ -739,32 +485,89 @@ func moveFile(src, dst string) error {
return os.Remove(src)
}
func waitForContainer(containerName string, containerType SupportedContainer) error {
maxAttempts := 30
retryInterval := time.Second * 2
func printSetupToken(containerType SupportedContainer, dashboardDomain string) {
fmt.Println("Waiting for Pangolin to generate setup token...")
for attempt := 0; attempt < maxAttempts; attempt++ {
// Check if container is running
cmd := exec.Command(string(containerType), "container", "inspect", "-f", "{{.State.Running}}", containerName)
var out bytes.Buffer
cmd.Stdout = &out
if err := cmd.Run(); err != nil {
// If the container doesn't exist or there's another error, wait and retry
time.Sleep(retryInterval)
continue
}
isRunning := strings.TrimSpace(out.String()) == "true"
if isRunning {
return nil
}
// Container exists but isn't running yet, wait and retry
time.Sleep(retryInterval)
// Wait for Pangolin to be healthy
if err := waitForContainer("pangolin", containerType); err != nil {
fmt.Println("Warning: Pangolin container did not become healthy in time.")
return
}
return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds()))
// Give a moment for the setup token to be generated
time.Sleep(2 * time.Second)
// Fetch logs
var cmd *exec.Cmd
if containerType == Docker {
cmd = exec.Command("docker", "logs", "pangolin")
} else {
cmd = exec.Command("podman", "logs", "pangolin")
}
output, err := cmd.Output()
if err != nil {
fmt.Println("Warning: Could not fetch Pangolin logs to find setup token.")
return
}
// Parse for setup token
lines := strings.Split(string(output), "\n")
for i, line := range lines {
if strings.Contains(line, "=== SETUP TOKEN GENERATED ===") || strings.Contains(line, "=== SETUP TOKEN EXISTS ===") {
// Look for "Token: ..." in the next few lines
for j := i + 1; j < i+5 && j < len(lines); j++ {
trimmedLine := strings.TrimSpace(lines[j])
if strings.Contains(trimmedLine, "Token:") {
// Extract token after "Token:"
tokenStart := strings.Index(trimmedLine, "Token:")
if tokenStart != -1 {
token := strings.TrimSpace(trimmedLine[tokenStart+6:])
fmt.Printf("Setup token: %s\n", token)
fmt.Println("")
fmt.Println("This token is required to register the first admin account in the web UI at:")
fmt.Printf("https://%s/auth/initial-setup\n", dashboardDomain)
fmt.Println("")
fmt.Println("Save this token securely. It will be invalid after the first admin is created.")
return
}
}
}
}
}
fmt.Println("Warning: Could not find a setup token in Pangolin logs.")
}
func showSetupTokenInstructions(containerType SupportedContainer, dashboardDomain string) {
fmt.Println("\n=== Setup Token Instructions ===")
fmt.Println("To get your setup token, you need to:")
fmt.Println("")
fmt.Println("1. Start the containers:")
if containerType == Docker {
fmt.Println(" docker-compose up -d")
} else {
fmt.Println(" podman-compose up -d")
}
fmt.Println("")
fmt.Println("2. Wait for the Pangolin container to start and generate the token")
fmt.Println("")
fmt.Println("3. Check the container logs for the setup token:")
if containerType == Docker {
fmt.Println(" docker logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
} else {
fmt.Println(" podman logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
}
fmt.Println("")
fmt.Println("4. Look for output like:")
fmt.Println(" === SETUP TOKEN GENERATED ===")
fmt.Println(" Token: [your-token-here]")
fmt.Println(" Use this token on the initial setup page")
fmt.Println("")
fmt.Println("5. Use the token to complete initial setup at:")
fmt.Printf(" https://%s/auth/initial-setup\n", dashboardDomain)
fmt.Println("")
fmt.Println("The setup token is required to register the first admin account.")
fmt.Println("Save it securely - it will be invalid after the first admin is created.")
fmt.Println("================================")
}
func generateRandomSecretKey() string {
@@ -806,3 +609,19 @@ func checkPortsAvailable(port int) error {
}
return nil
}
func checkIsPangolinInstalledWithHybrid() bool {
// Check if config/config.yml exists and contains hybrid section
if _, err := os.Stat("config/config.yml"); err != nil {
return false
}
// Read config file to check for hybrid section
content, err := os.ReadFile("config/config.yml")
if err != nil {
return false
}
// Check for hybrid section
return bytes.Contains(content, []byte("managed:"))
}

110
install/quickStart.go Normal file
View File

@@ -0,0 +1,110 @@
package main
import (
"bytes"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"time"
)
const (
FRONTEND_SECRET_KEY = "af4e4785-7e09-11f0-b93a-74563c4e2a7e"
// CLOUD_API_URL = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start"
CLOUD_API_URL = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start"
)
// HybridCredentials represents the response from the cloud API
type HybridCredentials struct {
RemoteExitNodeId string `json:"remoteExitNodeId"`
Secret string `json:"secret"`
}
// APIResponse represents the full response structure from the cloud API
type APIResponse struct {
Data HybridCredentials `json:"data"`
}
// RequestPayload represents the request body structure
type RequestPayload struct {
Token string `json:"token"`
}
func generateValidationToken() string {
timestamp := time.Now().UnixMilli()
data := fmt.Sprintf("%s|%d", FRONTEND_SECRET_KEY, timestamp)
obfuscated := make([]byte, len(data))
for i, char := range []byte(data) {
obfuscated[i] = char + 5
}
return base64.StdEncoding.EncodeToString(obfuscated)
}
// requestHybridCredentials makes an HTTP POST request to the cloud API
// to get hybrid credentials (ID and secret)
func requestHybridCredentials() (*HybridCredentials, error) {
// Generate validation token
token := generateValidationToken()
// Create request payload
payload := RequestPayload{
Token: token,
}
// Marshal payload to JSON
jsonData, err := json.Marshal(payload)
if err != nil {
return nil, fmt.Errorf("failed to marshal request payload: %v", err)
}
// Create HTTP request
req, err := http.NewRequest("POST", CLOUD_API_URL, bytes.NewBuffer(jsonData))
if err != nil {
return nil, fmt.Errorf("failed to create HTTP request: %v", err)
}
// Set headers
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-CSRF-Token", "x-csrf-protection")
// Create HTTP client with timeout
client := &http.Client{
Timeout: 30 * time.Second,
}
// Make the request
resp, err := client.Do(req)
if err != nil {
return nil, fmt.Errorf("failed to make HTTP request: %v", err)
}
defer resp.Body.Close()
// Check response status
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("API request failed with status code: %d", resp.StatusCode)
}
// Read response body for debugging
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response body: %v", err)
}
// Print the raw JSON response for debugging
// fmt.Printf("Raw JSON response: %s\n", string(body))
// Parse response
var apiResponse APIResponse
if err := json.Unmarshal(body, &apiResponse); err != nil {
return nil, fmt.Errorf("failed to decode API response: %v", err)
}
// Validate response data
if apiResponse.Data.RemoteExitNodeId == "" || apiResponse.Data.Secret == "" {
return nil, fmt.Errorf("invalid response: missing remoteExitNodeId or secret")
}
return &apiResponse.Data, nil
}

1454
messages/bg-BG.json Normal file
View File

File diff suppressed because it is too large Load Diff

308
messages/cs-CZ.json
View File

@@ -10,8 +10,8 @@
"setupErrorIdentifier": "ID organizace je již použito. Zvolte prosím jiné.",
"componentsErrorNoMemberCreate": "Zatím nejste členem žádné organizace. Abyste mohli začít, vytvořte si organizaci.",
"componentsErrorNoMember": "Zatím nejste členem žádných organizací.",
"welcome": "Welcome!",
"welcomeTo": "Welcome to",
"welcome": "Vítejte!",
"welcomeTo": "Vítejte v",
"componentsCreateOrg": "Vytvořte organizaci",
"componentsMember": "Jste členem {count, plural, =0 {0 organizací} one {1 organizace} other {# organizací}}.",
"componentsInvalidKey": "Byly nalezeny neplatné nebo propadlé licenční klíče. Pokud chcete nadále používat všechny funkce, postupujte podle licenčních podmínek.",
@@ -62,91 +62,93 @@
"method": "Způsob",
"siteMethodDescription": "Tímto způsobem budete vystavovat spojení.",
"siteLearnNewt": "Naučte se, jak nainstalovat Newt na svůj systém",
"siteSeeConfigOnce": "You will only be able to see the configuration once.",
"siteLoadWGConfig": "Loading WireGuard configuration...",
"siteDocker": "Expand for Docker Deployment Details",
"toggle": "Toggle",
"siteSeeConfigOnce": "Konfiguraci uvidíte pouze jednou.",
"siteLoadWGConfig": "Načítání konfigurace WireGuard...",
"siteDocker": "Rozbalit pro detaily nasazení v Dockeru",
"toggle": "Přepínač",
"dockerCompose": "Docker Compose",
"dockerRun": "Docker Run",
"siteLearnLocal": "Local sites do not tunnel, learn more",
"siteConfirmCopy": "I have copied the config",
"searchSitesProgress": "Search sites...",
"siteAdd": "Add Site",
"siteInstallNewt": "Install Newt",
"siteInstallNewtDescription": "Get Newt running on your system",
"WgConfiguration": "WireGuard Configuration",
"WgConfigurationDescription": "Use the following configuration to connect to your network",
"operatingSystem": "Operating System",
"commands": "Commands",
"recommended": "Recommended",
"siteNewtDescription": "For the best user experience, use Newt. It uses WireGuard under the hood and allows you to address your private resources by their LAN address on your private network from within the Pangolin dashboard.",
"siteRunsInDocker": "Runs in Docker",
"siteRunsInShell": "Runs in shell on macOS, Linux, and Windows",
"siteErrorDelete": "Error deleting site",
"siteErrorUpdate": "Failed to update site",
"siteErrorUpdateDescription": "An error occurred while updating the site.",
"siteUpdated": "Site updated",
"siteUpdatedDescription": "The site has been updated.",
"siteGeneralDescription": "Configure the general settings for this site",
"siteSettingDescription": "Configure the settings on your site",
"siteSetting": "{siteName} Settings",
"siteNewtTunnel": "Newt Tunnel (Recommended)",
"siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.",
"siteWg": "Basic WireGuard",
"siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
"siteLocalDescription": "Local resources only. No tunneling.",
"siteSeeAll": "See All Sites",
"siteTunnelDescription": "Determine how you want to connect to your site",
"siteNewtCredentials": "Newt Credentials",
"siteNewtCredentialsDescription": "This is how Newt will authenticate with the server",
"siteCredentialsSave": "Save Your Credentials",
"siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
"siteInfo": "Site Information",
"status": "Status",
"shareTitle": "Manage Share Links",
"shareDescription": "Create shareable links to grant temporary or permanent access to your resources",
"shareSearch": "Search share links...",
"shareCreate": "Create Share Link",
"shareErrorDelete": "Failed to delete link",
"shareErrorDeleteMessage": "An error occurred deleting link",
"shareDeleted": "Link deleted",
"shareDeletedDescription": "The link has been deleted",
"shareTokenDescription": "Your access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.",
"accessToken": "Access Token",
"usageExamples": "Usage Examples",
"tokenId": "Token ID",
"requestHeades": "Request Headers",
"queryParameter": "Query Parameter",
"importantNote": "Important Note",
"shareImportantDescription": "For security reasons, using headers is recommended over query parameters when possible, as query parameters may be logged in server logs or browser history.",
"siteLearnLocal": "Místní lokality se netunelují, dozvědět se více",
"siteConfirmCopy": "Konfiguraci jsem zkopíroval",
"searchSitesProgress": "Hledat lokality...",
"siteAdd": "Přidat lokalitu",
"siteInstallNewt": "Nainstalovat Newt",
"siteInstallNewtDescription": "Spustit Newt na vašem systému",
"WgConfiguration": "Konfigurace WireGuard",
"WgConfigurationDescription": "Použijte následující konfiguraci pro připojení k vaší síti",
"operatingSystem": "Operační systém",
"commands": "Příkazy",
"recommended": "Doporučeno",
"siteNewtDescription": "Ideálně použijte Newt, který využívá WireGuard a umožňuje adresovat vaše soukromé zdroje pomocí jejich LAN adresy ve vaší privátní síti přímo z dashboardu Pangolin.",
"siteRunsInDocker": "Běží v Dockeru",
"siteRunsInShell": "Běží v shellu na macOS, Linuxu a Windows",
"siteErrorDelete": "Chyba při odstraňování lokality",
"siteErrorUpdate": "Nepodařilo se upravit lokalitu",
"siteErrorUpdateDescription": "Při úpravě lokality došlo k chybě.",
"siteUpdated": "Lokalita upravena",
"siteUpdatedDescription": "Lokalita byla upravena.",
"siteGeneralDescription": "Upravte obecná nastavení pro tuto lokalitu",
"siteSettingDescription": "Upravte nastavení vaší lokality",
"siteSetting": "Nastavení {siteName}",
"siteNewtTunnel": "Tunel Newt (doporučeno)",
"siteNewtTunnelDescription": "Nejjednodušší způsob, jak vytvořit vstupní bod do vaší sítě. Žádné další nastavení.",
"siteWg": "Základní WireGuard",
"siteWgDescription": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT.",
"siteWgDescriptionSaas": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT. FUNGUJE POUZE NA SELF-HOSTED SERVERECH",
"siteLocalDescription": "Pouze lokální zdroje. Žádný tunel.",
"siteLocalDescriptionSaas": "Pouze lokální zdroje. Žádný tunel. FUNGUJE POUZE NA SELF-HOSTED SERVERECH",
"siteSeeAll": "Zobrazit všechny lokality",
"siteTunnelDescription": "Určete jak se chcete připojit k vaší lokalitě",
"siteNewtCredentials": "Přihlašovací údaje Newt",
"siteNewtCredentialsDescription": "Tímto způsobem se bude Newt autentizovat na serveru",
"siteCredentialsSave": "Uložit přihlašovací údaje",
"siteCredentialsSaveDescription": "Toto nastavení uvidíte pouze jednou. Ujistěte se, že jej zkopírujete na bezpečné místo.",
"siteInfo": "Údaje o lokalitě",
"status": "Stav",
"shareTitle": "Spravovat sdílení odkazů",
"shareDescription": "Vytvořte odkazy, abyste udělili dočasný nebo trvalý přístup k vašim zdrojům",
"shareSearch": "Hledat sdílené odkazy...",
"shareCreate": "Vytvořit odkaz",
"shareErrorDelete": "Nepodařilo se odstranit odkaz",
"shareErrorDeleteMessage": "Došlo k chybě při odstraňování odkazu",
"shareDeleted": "Odkaz odstraněn",
"shareDeletedDescription": "Odkaz byl odstraněn",
"shareTokenDescription": "Váš přístupový token může být předán dvěma způsoby: jako parametr dotazu nebo v záhlaví požadavku. Tyto údaje musí být předány klientem v každé žádosti o ověřený přístup.",
"accessToken": "Přístupový token",
"usageExamples": "Příklady použití",
"tokenId": "ID tokenu",
"requestHeades": "Hlavičky požadavku",
"queryParameter": "Parametry dotazu",
"importantNote": "Důležité upozornění",
"shareImportantDescription": "Z bezpečnostních důvodů je doporučeno používat raději hlavičky než parametry dotazu pokud je to možné, protože parametry dotazu mohou být zaznamenány v logu serveru nebo v historii prohlížeče.",
"token": "Token",
"shareTokenSecurety": "Keep your access token secure. Do not share it in publicly accessible areas or client-side code.",
"shareErrorFetchResource": "Failed to fetch resources",
"shareErrorFetchResourceDescription": "An error occurred while fetching the resources",
"shareErrorCreate": "Failed to create share link",
"shareErrorCreateDescription": "An error occurred while creating the share link",
"shareCreateDescription": "Anyone with this link can access the resource",
"shareTitleOptional": "Title (optional)",
"expireIn": "Expire In",
"neverExpire": "Never expire",
"shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.",
"shareSeeOnce": "You will only be able to see this linkonce. Make sure to copy it.",
"shareAccessHint": "Anyone with this link can access the resource. Share it with care.",
"shareTokenUsage": "See Access Token Usage",
"createLink": "Create Link",
"resourcesNotFound": "No resources found",
"resourceSearch": "Search resources",
"openMenu": "Open menu",
"resource": "Resource",
"title": "Title",
"created": "Created",
"expires": "Expires",
"never": "Never",
"shareErrorSelectResource": "Please select a resource",
"resourceTitle": "Manage Resources",
"resourceDescription": "Create secure proxies to your private applications",
"resourcesSearch": "Search resources...",
"resourceAdd": "Add Resource",
"shareTokenSecurety": "Uchovejte přístupový token v bezpečí. Nesdílejte jej na veřejně přístupných místěch nebo v kódu na straně klienta.",
"shareErrorFetchResource": "Nepodařilo se načíst zdroje",
"shareErrorFetchResourceDescription": "Při načítání zdrojů došlo k chybě",
"shareErrorCreate": "Nepodařilo se vytvořit odkaz",
"shareErrorCreateDescription": "Při vytváření odkazu došlo k chybě",
"shareCreateDescription": "Kdokoliv s tímto odkazem může přistupovat ke zdroji",
"shareTitleOptional": "Název (volitelné)",
"expireIn": "Platnost vyprší za",
"neverExpire": "Nikdy nevyprší",
"shareExpireDescription": "Doba platnosti určuje, jak dlouho bude odkaz použitelný a bude poskytovat přístup ke zdroji. Po této době odkaz již nebude fungovat a uživatelé kteří tento odkaz používali ztratí přístup ke zdroji.",
"shareSeeOnce": "Tento odkaz uvidíte pouze jednou. Ujistěte se, že jste jej zkopírovali.",
"shareAccessHint": "Kdokoli s tímto odkazem může přistupovat ke zdroji. Sdílejte jej s rozvahou.",
"shareTokenUsage": "Zobrazit využití přístupového tokenu",
"createLink": "Vytvořit odkaz",
"resourcesNotFound": "Nebyly nalezeny žádné zdroje",
"resourceSearch": "Vyhledat zdroje",
"openMenu": "Otevřít nabídku",
"resource": "Zdroj",
"title": "Název",
"created": "Vytvořeno",
"expires": "Vyprší",
"never": "Nikdy",
"shareErrorSelectResource": "Zvolte prosím zdroj",
"resourceTitle": "Spravovat zdroje",
"resourceDescription": "Vytvořte bezpečné proxy služby pro přístup k privátním aplikacím",
"resourcesSearch": "Prohledat zdroje...",
"resourceAdd": "Přidat zdroj",
"resourceErrorDelte": "Error deleting resource",
"authentication": "Authentication",
"protected": "Protected",
@@ -166,7 +168,7 @@
"siteSelect": "Select site",
"siteSearch": "Search site",
"siteNotFound": "No site found.",
"siteSelectionDescription": "This site will provide connectivity to the resource.",
"siteSelectionDescription": "This site will provide connectivity to the target.",
"resourceType": "Resource Type",
"resourceTypeDescription": "Determine how you want to access your resource",
"resourceHTTPSSettings": "HTTPS Settings",
@@ -197,6 +199,7 @@
"general": "General",
"generalSettings": "General Settings",
"proxy": "Proxy",
"internal": "Internal",
"rules": "Rules",
"resourceSettingDescription": "Configure the settings on your resource",
"resourceSetting": "{resourceName} Settings",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.",
"targetTlsSubmit": "Save Settings",
"targets": "Targets Configuration",
"targetsDescription": "Set up targets to route traffic to your services",
"targetsDescription": "Set up targets to route traffic to your backend services",
"targetStickySessions": "Enable Sticky Sessions",
"targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.",
"methodSelect": "Select method",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN must be exactly 6 digits",
"pincodeRequirementsChars": "PIN must only contain numbers",
"passwordRequirementsLength": "Password must be at least 1 character long",
"passwordRequirementsTitle": "Password requirements:",
"passwordRequirementLength": "At least 8 characters long",
"passwordRequirementUppercase": "At least one uppercase letter",
"passwordRequirementLowercase": "At least one lowercase letter",
"passwordRequirementNumber": "At least one number",
"passwordRequirementSpecial": "At least one special character",
"passwordRequirementsMet": "✓ Password meets all requirements",
"passwordStrength": "Password strength",
"passwordStrengthWeak": "Weak",
"passwordStrengthMedium": "Medium",
"passwordStrengthStrong": "Strong",
"passwordRequirements": "Requirements:",
"passwordRequirementLengthText": "8+ characters",
"passwordRequirementUppercaseText": "Uppercase letter (A-Z)",
"passwordRequirementLowercaseText": "Lowercase letter (a-z)",
"passwordRequirementNumberText": "Number (0-9)",
"passwordRequirementSpecialText": "Special character (!@#$%...)",
"passwordsDoNotMatch": "Passwords do not match",
"otpEmailRequirementsLength": "OTP must be at least 1 character long",
"otpEmailSent": "OTP Sent",
"otpEmailSentDescription": "An OTP has been sent to your email",
@@ -952,6 +973,7 @@
"logoutError": "Error logging out",
"signingAs": "Signed in as",
"serverAdmin": "Server Admin",
"managedSelfhosted": "Managed Self-Hosted",
"otpEnable": "Enable Two-factor",
"otpDisable": "Disable Two-factor",
"logout": "Log Out",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Delete Site",
"actionGetSite": "Get Site",
"actionListSites": "List Sites",
"setupToken": "Setup Token",
"setupTokenDescription": "Enter the setup token from the server console.",
"setupTokenRequired": "Setup token is required",
"actionUpdateSite": "Update Site",
"actionListSiteRoles": "List Allowed Site Roles",
"actionCreateResource": "Create Resource",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Delete IDP Org Policy",
"actionListIdpOrgs": "List IDP Orgs",
"actionUpdateIdpOrg": "Update IDP Org",
"actionCreateClient": "Create Client",
"actionDeleteClient": "Delete Client",
"actionUpdateClient": "Update Client",
"actionListClients": "List Clients",
"actionGetClient": "Get Client",
"noneSelected": "None selected",
"orgNotFound2": "No organizations found.",
"searchProgress": "Search...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.",
"remoteSubnets": "Remote Subnets",
"enterCidrRange": "Enter CIDR range",
"remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.",
"remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.",
"resourceEnableProxy": "Enable Public Proxy",
"resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.",
"externalProxyEnabled": "External Proxy Enabled"
"externalProxyEnabled": "External Proxy Enabled",
"addNewTarget": "Add New Target",
"targetsList": "Targets List",
"targetErrorDuplicateTargetFound": "Duplicate target found",
"httpMethod": "HTTP Method",
"selectHttpMethod": "Select HTTP method",
"domainPickerSubdomainLabel": "Subdomain",
"domainPickerBaseDomainLabel": "Base Domain",
"domainPickerSearchDomains": "Search domains...",
"domainPickerNoDomainsFound": "No domains found",
"domainPickerLoadingDomains": "Loading domains...",
"domainPickerSelectBaseDomain": "Select base domain...",
"domainPickerNotAvailableForCname": "Not available for CNAME domains",
"domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.",
"domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.",
"domainPickerFreeDomains": "Free Domains",
"domainPickerSearchForAvailableDomains": "Search for available domains",
"resourceDomain": "Domain",
"resourceEditDomain": "Edit Domain",
"siteName": "Site Name",
"proxyPort": "Port",
"resourcesTableProxyResources": "Proxy Resources",
"resourcesTableClientResources": "Client Resources",
"resourcesTableNoProxyResourcesFound": "No proxy resources found.",
"resourcesTableNoInternalResourcesFound": "No internal resources found.",
"resourcesTableDestination": "Destination",
"resourcesTableTheseResourcesForUseWith": "These resources are for use with",
"resourcesTableClients": "Clients",
"resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.",
"editInternalResourceDialogEditClientResource": "Edit Client Resource",
"editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.",
"editInternalResourceDialogResourceProperties": "Resource Properties",
"editInternalResourceDialogName": "Name",
"editInternalResourceDialogProtocol": "Protocol",
"editInternalResourceDialogSitePort": "Site Port",
"editInternalResourceDialogTargetConfiguration": "Target Configuration",
"editInternalResourceDialogDestinationIP": "Destination IP",
"editInternalResourceDialogDestinationPort": "Destination Port",
"editInternalResourceDialogCancel": "Cancel",
"editInternalResourceDialogSaveResource": "Save Resource",
"editInternalResourceDialogSuccess": "Success",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully",
"editInternalResourceDialogError": "Error",
"editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource",
"editInternalResourceDialogNameRequired": "Name is required",
"editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
"editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
"editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
"editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
"editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
"createInternalResourceDialogNoSitesAvailable": "No Sites Available",
"createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.",
"createInternalResourceDialogClose": "Close",
"createInternalResourceDialogCreateClientResource": "Create Client Resource",
"createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.",
"createInternalResourceDialogResourceProperties": "Resource Properties",
"createInternalResourceDialogName": "Name",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Select site...",
"createInternalResourceDialogSearchSites": "Search sites...",
"createInternalResourceDialogNoSitesFound": "No sites found.",
"createInternalResourceDialogProtocol": "Protocol",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Site Port",
"createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
"createInternalResourceDialogTargetConfiguration": "Target Configuration",
"createInternalResourceDialogDestinationIP": "Destination IP",
"createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.",
"createInternalResourceDialogDestinationPort": "Destination Port",
"createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
"createInternalResourceDialogCancel": "Cancel",
"createInternalResourceDialogCreateResource": "Create Resource",
"createInternalResourceDialogSuccess": "Success",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully",
"createInternalResourceDialogError": "Error",
"createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource",
"createInternalResourceDialogNameRequired": "Name is required",
"createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
"createInternalResourceDialogPleaseSelectSite": "Please select a site",
"createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
"createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
"createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
"createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
"siteConfiguration": "Configuration",
"siteAcceptClientConnections": "Accept Client Connections",
"siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.",
"siteAddress": "Site Address",
"siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.",
"autoLoginExternalIdp": "Auto Login with External IDP",
"autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.",
"selectIdp": "Select IDP",
"selectIdpPlaceholder": "Choose an IDP...",
"selectIdpRequired": "Please select an IDP when auto login is enabled.",
"autoLoginTitle": "Redirecting",
"autoLoginDescription": "Redirecting you to the external identity provider for authentication.",
"autoLoginProcessing": "Preparing authentication...",
"autoLoginRedirecting": "Redirecting to login...",
"autoLoginError": "Auto Login Error",
"autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.",
"autoLoginErrorGeneratingUrl": "Failed to generate authentication URL."
}

260
messages/de-DE.json
View File

@@ -1,5 +1,5 @@
{
"setupCreate": "Erstelle eine Organisation, Site und Ressourcen",
"setupCreate": "Erstelle eine Organisation, einen Standort und Ressourcen",
"setupNewOrg": "Neue Organisation",
"setupCreateOrg": "Organisation erstellen",
"setupCreateResources": "Ressource erstellen",
@@ -16,7 +16,7 @@
"componentsMember": "Du bist Mitglied von {count, plural, =0 {keiner Organisation} one {einer Organisation} other {# Organisationen}}.",
"componentsInvalidKey": "Ungültige oder abgelaufene Lizenzschlüssel erkannt. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
"dismiss": "Verwerfen",
"componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Sites, die das Lizenzlimit der {maxSites} Sites überschreiten. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
"componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Standorte, was das Lizenzlimit von {maxSites} Standorten überschreitet. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
"componentsSupporterMessage": "Vielen Dank für die Unterstützung von Pangolin als {tier}!",
"inviteErrorNotValid": "Es tut uns leid, aber es sieht so aus, als wäre die Einladung, auf die du zugreifen möchtest, entweder nicht angenommen worden oder nicht mehr gültig.",
"inviteErrorUser": "Es tut uns leid, aber es scheint, als sei die Einladung, auf die du zugreifen möchtest, nicht für diesen Benutzer bestimmt.",
@@ -38,25 +38,25 @@
"name": "Name",
"online": "Online",
"offline": "Offline",
"site": "Seite",
"site": "Standort",
"dataIn": "Daten eingehend",
"dataOut": "Daten ausgehend",
"connectionType": "Verbindungstyp",
"tunnelType": "Tunneltyp",
"local": "Lokal",
"edit": "Bearbeiten",
"siteConfirmDelete": "Site löschen bestätigen",
"siteDelete": "Site löschen",
"siteMessageRemove": "Sobald diese Seite entfernt ist, wird sie nicht mehr zugänglich sein. Alle Ressourcen und Ziele, die mit der Site verbunden sind, werden ebenfalls entfernt.",
"siteMessageConfirm": "Um zu bestätigen, gib den Namen der Site ein.",
"siteQuestionRemove": "Bist du sicher, dass Sie die Site {selectedSite} aus der Organisation entfernt werden soll?",
"siteManageSites": "Sites verwalten",
"siteConfirmDelete": "Standort löschen bestätigen",
"siteDelete": "Standort löschen",
"siteMessageRemove": "Sobald dieser Standort entfernt ist, wird er nicht mehr zugänglich sein. Alle Ressourcen und Ziele, die mit diesem Standort verbunden sind, werden ebenfalls entfernt.",
"siteMessageConfirm": "Um zu bestätigen, gib den Namen des Standortes unten ein.",
"siteQuestionRemove": "Bist du sicher, dass der Standort {selectedSite} aus der Organisation entfernt werden soll?",
"siteManageSites": "Standorte verwalten",
"siteDescription": "Verbindung zum Netzwerk durch sichere Tunnel erlauben",
"siteCreate": "Site erstellen",
"siteCreateDescription2": "Folge den nachfolgenden Schritten, um eine neue Site zu erstellen und zu verbinden",
"siteCreateDescription": "Erstelle eine neue Site, um Ressourcen zu verbinden",
"siteCreate": "Standort erstellen",
"siteCreateDescription2": "Folge den nachfolgenden Schritten, um einen neuen Standort zu erstellen und zu verbinden",
"siteCreateDescription": "Erstelle einen neuen Standort, um Ressourcen zu verbinden",
"close": "Schließen",
"siteErrorCreate": "Fehler beim Erstellen der Site",
"siteErrorCreate": "Fehler beim Erstellen des Standortes",
"siteErrorCreateKeyPair": "Schlüsselpaar oder Standardwerte nicht gefunden",
"siteErrorCreateDefaults": "Standardwerte der Site nicht gefunden",
"method": "Methode",
@@ -70,8 +70,8 @@
"dockerRun": "Docker Run",
"siteLearnLocal": "Mehr Infos zu lokalen Sites",
"siteConfirmCopy": "Ich habe die Konfiguration kopiert",
"searchSitesProgress": "Sites durchsuchen...",
"siteAdd": "Site hinzufügen",
"searchSitesProgress": "Standorte durchsuchen...",
"siteAdd": "Standort hinzufügen",
"siteInstallNewt": "Newt installieren",
"siteInstallNewtDescription": "Installiere Newt auf deinem System.",
"WgConfiguration": "WireGuard Konfiguration",
@@ -82,26 +82,28 @@
"siteNewtDescription": "Nutze Newt für die beste Benutzererfahrung. Newt verwendet WireGuard as Basis und erlaubt Ihnen, Ihre privaten Ressourcen über ihre LAN-Adresse in Ihrem privaten Netzwerk aus dem Pangolin-Dashboard heraus zu adressieren.",
"siteRunsInDocker": "Läuft in Docker",
"siteRunsInShell": "Läuft in der Konsole auf macOS, Linux und Windows",
"siteErrorDelete": "Fehler beim Löschen der Site",
"siteErrorUpdate": "Fehler beim Aktualisieren der Site",
"siteErrorUpdateDescription": "Beim Aktualisieren der Site ist ein Fehler aufgetreten.",
"siteUpdated": "Site aktualisiert",
"siteUpdatedDescription": "Die Site wurde aktualisiert.",
"siteGeneralDescription": "Allgemeine Einstellungen für diese Site konfigurieren",
"siteSettingDescription": "Konfigurieren der Site Einstellungen",
"siteErrorDelete": "Fehler beim Löschen des Standortes",
"siteErrorUpdate": "Fehler beim Aktualisieren des Standortes",
"siteErrorUpdateDescription": "Beim Aktualisieren des Standortes ist ein Fehler aufgetreten.",
"siteUpdated": "Standort aktualisiert",
"siteUpdatedDescription": "Der Standort wurde aktualisiert.",
"siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren",
"siteSettingDescription": "Konfigurieren der Standort Einstellungen",
"siteSetting": "{siteName} Einstellungen",
"siteNewtTunnel": "Newt-Tunnel (empfohlen)",
"siteNewtTunnelDescription": "Einfachster Weg, einen Zugriffspunkt zu deinem Netzwerk zu erstellen. Keine zusätzliche Einrichtung erforderlich.",
"siteWg": "Einfacher WireGuard Tunnel",
"siteWgDescription": "Verwende jeden WireGuard-Client, um einen Tunnel einzurichten. Manuelles NAT-Setup erforderlich.",
"siteWgDescriptionSaas": "Verwenden Sie jeden WireGuard-Client, um einen Tunnel zu erstellen. Manuelles NAT-Setup erforderlich. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN",
"siteLocalDescription": "Nur lokale Ressourcen. Kein Tunneling.",
"siteSeeAll": "Alle Sites anzeigen",
"siteTunnelDescription": "Lege fest, wie du dich mit deiner Site verbinden möchtest",
"siteLocalDescriptionSaas": "Nur lokale Ressourcen. Keine Tunneldurchführung. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN",
"siteSeeAll": "Alle Standorte anzeigen",
"siteTunnelDescription": "Lege fest, wie du dich mit deinem Standort verbinden möchtest",
"siteNewtCredentials": "Neue Newt Zugangsdaten",
"siteNewtCredentialsDescription": "So wird sich Newt mit dem Server authentifizieren",
"siteCredentialsSave": "Ihre Zugangsdaten speichern",
"siteCredentialsSaveDescription": "Du kannst das nur einmal sehen. Stelle sicher, dass du es an einen sicheren Ort kopierst.",
"siteInfo": "Site-Informationen",
"siteInfo": "Standort-Informationen",
"status": "Status",
"shareTitle": "Links zum Teilen verwalten",
"shareDescription": "Erstellen Sie teilbare Links, um temporären oder permanenten Zugriff auf Ihre Ressourcen zu gewähren",
@@ -163,10 +165,10 @@
"resourceSeeAll": "Alle Ressourcen anzeigen",
"resourceInfo": "Ressourcen-Informationen",
"resourceNameDescription": "Dies ist der Anzeigename für die Ressource.",
"siteSelect": "Site auswählen",
"siteSearch": "Website durchsuchen",
"siteNotFound": "Keine Site gefunden.",
"siteSelectionDescription": "Diese Seite wird die Verbindung zu der Ressource herstellen.",
"siteSelect": "Standort auswählen",
"siteSearch": "Standorte durchsuchen",
"siteNotFound": "Keinen Standort gefunden.",
"siteSelectionDescription": "Dieser Standort wird die Verbindung zum Ziel herstellen.",
"resourceType": "Ressourcentyp",
"resourceTypeDescription": "Legen Sie fest, wie Sie auf Ihre Ressource zugreifen möchten",
"resourceHTTPSSettings": "HTTPS-Einstellungen",
@@ -197,6 +199,7 @@
"general": "Allgemein",
"generalSettings": "Allgemeine Einstellungen",
"proxy": "Proxy",
"internal": "Intern",
"rules": "Regeln",
"resourceSettingDescription": "Konfigurieren Sie die Einstellungen Ihrer Ressource",
"resourceSetting": "{resourceName} Einstellungen",
@@ -302,7 +305,7 @@
"userQuestionRemove": "Sind Sie sicher, dass Sie {selectedUser} dauerhaft vom Server löschen möchten?",
"licenseKey": "Lizenzschlüssel",
"valid": "Gültig",
"numberOfSites": "Anzahl der Sites",
"numberOfSites": "Anzahl der Standorte",
"licenseKeySearch": "Lizenzschlüssel suchen...",
"licenseKeyAdd": "Lizenzschlüssel hinzufügen",
"type": "Typ",
@@ -342,16 +345,16 @@
"licensedNot": "Nicht lizenziert",
"hostId": "Host-ID",
"licenseReckeckAll": "Überprüfe alle Schlüssel",
"licenseSiteUsage": "Website-Nutzung",
"licenseSiteUsageDecsription": "Sehen Sie sich die Anzahl der Sites an, die diese Lizenz verwenden.",
"licenseNoSiteLimit": "Die Anzahl der Sites, die einen nicht lizenzierten Host verwenden, ist unbegrenzt.",
"licenseSiteUsage": "Standort-Nutzung",
"licenseSiteUsageDecsription": "Sehen Sie sich die Anzahl der Standorte an, die diese Lizenz verwenden.",
"licenseNoSiteLimit": "Die Anzahl der Standorte, die einen nicht lizenzierten Host verwenden, ist unbegrenzt.",
"licensePurchase": "Lizenz kaufen",
"licensePurchaseSites": "Zusätzliche Seiten kaufen",
"licenseSitesUsedMax": "{usedSites} der {maxSites} Seiten verwendet",
"licenseSitesUsed": "{count, plural, =0 {# Seiten} one {# Seite} other {# Seiten}} im System.",
"licensePurchaseSites": "Zusätzliche Standorte kaufen\n",
"licenseSitesUsedMax": "{usedSites} von {maxSites} Standorten verwendet",
"licenseSitesUsed": "{count, plural, =0 {# Standorte} one {# Standort} other {# Standorte}} im System.",
"licensePurchaseDescription": "Wähle aus, für wieviele Seiten du möchtest {selectedMode, select, license {kaufe eine Lizenz. Du kannst später immer weitere Seiten hinzufügen.} other {Füge zu deiner bestehenden Lizenz hinzu.}}",
"licenseFee": "Lizenzgebühr",
"licensePriceSite": "Preis pro Seite",
"licensePriceSite": "Preis pro Standort",
"total": "Gesamt",
"licenseContinuePayment": "Weiter zur Zahlung",
"pricingPage": "Preisseite",
@@ -467,7 +470,7 @@
"targetErrorDuplicate": "Doppeltes Ziel",
"targetErrorDuplicateDescription": "Ein Ziel mit diesen Einstellungen existiert bereits",
"targetWireGuardErrorInvalidIp": "Ungültige Ziel-IP",
"targetWireGuardErrorInvalidIpDescription": "Die Ziel-IP muss innerhalb des Site-Subnets liegen",
"targetWireGuardErrorInvalidIpDescription": "Die Ziel-IP muss innerhalb des Standort-Subnets liegen",
"targetsUpdated": "Ziele aktualisiert",
"targetsUpdatedDescription": "Ziele und Einstellungen erfolgreich aktualisiert",
"targetsErrorUpdate": "Fehler beim Aktualisieren der Ziele",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "Der zu verwendende TLS-Servername für SNI. Leer lassen, um den Standard zu verwenden.",
"targetTlsSubmit": "Einstellungen speichern",
"targets": "Ziel-Konfiguration",
"targetsDescription": "Richten Sie Ziele ein, um Datenverkehr zu Ihren Diensten zu leiten",
"targetsDescription": "Richten Sie Ziele ein, um Datenverkehr zu Ihren Backend-Diensten zu leiten",
"targetStickySessions": "Sticky Sessions aktivieren",
"targetStickySessionsDescription": "Verbindungen für die gesamte Sitzung auf demselben Backend-Ziel halten.",
"methodSelect": "Methode auswählen",
@@ -558,8 +561,8 @@
"resourceErrorCreateDescription": "Beim Erstellen der Ressource ist ein Fehler aufgetreten",
"resourceErrorCreateMessage": "Fehler beim Erstellen der Ressource:",
"resourceErrorCreateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten",
"sitesErrorFetch": "Fehler beim Abrufen der Sites",
"sitesErrorFetchDescription": "Beim Abrufen der Sites ist ein Fehler aufgetreten",
"sitesErrorFetch": "Fehler beim Abrufen der Standorte",
"sitesErrorFetchDescription": "Beim Abrufen der Standorte ist ein Fehler aufgetreten",
"domainsErrorFetch": "Fehler beim Abrufen der Domains",
"domainsErrorFetchDescription": "Beim Abrufen der Domains ist ein Fehler aufgetreten",
"none": "Keine",
@@ -677,10 +680,10 @@
"resourceGeneralDescription": "Konfigurieren Sie die allgemeinen Einstellungen für diese Ressource",
"resourceEnable": "Ressource aktivieren",
"resourceTransfer": "Ressource übertragen",
"resourceTransferDescription": "Diese Ressource auf eine andere Site übertragen",
"resourceTransferDescription": "Diese Ressource auf einen anderen Standort übertragen",
"resourceTransferSubmit": "Ressource übertragen",
"siteDestination": "Zielsite",
"searchSites": "Sites durchsuchen",
"siteDestination": "Zielort",
"searchSites": "Standorte durchsuchen",
"accessRoleCreate": "Rolle erstellen",
"accessRoleCreateDescription": "Erstellen Sie eine neue Rolle, um Benutzer zu gruppieren und ihre Berechtigungen zu verwalten.",
"accessRoleCreateSubmit": "Rolle erstellen",
@@ -700,7 +703,7 @@
"accessRoleRemovedDescription": "Die Rolle wurde erfolgreich entfernt.",
"accessRoleRequiredRemove": "Bevor Sie diese Rolle löschen, wählen Sie bitte eine neue Rolle aus, zu der die bestehenden Mitglieder übertragen werden sollen.",
"manage": "Verwalten",
"sitesNotFound": "Keine Sites gefunden.",
"sitesNotFound": "Keine Standorte gefunden.",
"pangolinServerAdmin": "Server-Admin - Pangolin",
"licenseTierProfessional": "Professional Lizenz",
"licenseTierEnterprise": "Enterprise Lizenz",
@@ -708,10 +711,10 @@
"licensed": "Lizenziert",
"yes": "Ja",
"no": "Nein",
"sitesAdditional": "Zusätzliche Sites",
"sitesAdditional": "Zusätzliche Standorte",
"licenseKeys": "Lizenzschlüssel",
"sitestCountDecrease": "Anzahl der Sites verringern",
"sitestCountIncrease": "Anzahl der Sites erhöhen",
"sitestCountDecrease": "Anzahl der Standorte verringern",
"sitestCountIncrease": "Anzahl der Standorte erhöhen",
"idpManage": "Identitätsanbieter verwalten",
"idpManageDescription": "Identitätsanbieter im System anzeigen und verwalten",
"idpDeletedDescription": "Identitätsanbieter erfolgreich gelöscht",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN muss genau 6 Ziffern lang sein",
"pincodeRequirementsChars": "PIN darf nur Zahlen enthalten",
"passwordRequirementsLength": "Passwort muss mindestens 1 Zeichen lang sein",
"passwordRequirementsTitle": "Passwortanforderungen:",
"passwordRequirementLength": "Mindestens 8 Zeichen lang",
"passwordRequirementUppercase": "Mindestens ein Großbuchstabe",
"passwordRequirementLowercase": "Mindestens ein Kleinbuchstabe",
"passwordRequirementNumber": "Mindestens eine Zahl",
"passwordRequirementSpecial": "Mindestens ein Sonderzeichen",
"passwordRequirementsMet": "✓ Passwort erfüllt alle Anforderungen",
"passwordStrength": "Passwortstärke",
"passwordStrengthWeak": "Schwach",
"passwordStrengthMedium": "Mittel",
"passwordStrengthStrong": "Stark",
"passwordRequirements": "Anforderungen:",
"passwordRequirementLengthText": "8+ Zeichen",
"passwordRequirementUppercaseText": "Großbuchstabe (A-Z)",
"passwordRequirementLowercaseText": "Kleinbuchstabe (a-z)",
"passwordRequirementNumberText": "Zahl (0-9)",
"passwordRequirementSpecialText": "Sonderzeichen (!@#$%...)",
"passwordsDoNotMatch": "Passwörter stimmen nicht überein",
"otpEmailRequirementsLength": "OTP muss mindestens 1 Zeichen lang sein",
"otpEmailSent": "OTP gesendet",
"otpEmailSentDescription": "Ein OTP wurde an Ihre E-Mail gesendet",
@@ -952,6 +973,7 @@
"logoutError": "Fehler beim Abmelden",
"signingAs": "Angemeldet als",
"serverAdmin": "Server-Administrator",
"managedSelfhosted": "Verwaltetes Selbsthosted",
"otpEnable": "Zwei-Faktor aktivieren",
"otpDisable": "Zwei-Faktor deaktivieren",
"logout": "Abmelden",
@@ -963,12 +985,15 @@
"actionGetUser": "Benutzer abrufen",
"actionGetOrgUser": "Organisationsbenutzer abrufen",
"actionListOrgDomains": "Organisationsdomänen auflisten",
"actionCreateSite": "Site erstellen",
"actionDeleteSite": "Site löschen",
"actionGetSite": "Site abrufen",
"actionListSites": "Sites auflisten",
"actionUpdateSite": "Site aktualisieren",
"actionListSiteRoles": "Erlaubte Site-Rollen auflisten",
"actionCreateSite": "Standort erstellen",
"actionDeleteSite": "Standort löschen",
"actionGetSite": "Standort abrufen",
"actionListSites": "Standorte auflisten",
"setupToken": "Setup-Token",
"setupTokenDescription": "Geben Sie das Setup-Token von der Serverkonsole ein.",
"setupTokenRequired": "Setup-Token ist erforderlich",
"actionUpdateSite": "Standorte aktualisieren",
"actionListSiteRoles": "Erlaubte Standort-Rollen auflisten",
"actionCreateResource": "Ressource erstellen",
"actionDeleteResource": "Ressource löschen",
"actionGetResource": "Ressource abrufen",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "IDP-Organisationsrichtlinie löschen",
"actionListIdpOrgs": "IDP-Organisationen auflisten",
"actionUpdateIdpOrg": "IDP-Organisation aktualisieren",
"actionCreateClient": "Kunde erstellen",
"actionDeleteClient": "Kunde löschen",
"actionUpdateClient": "Kunde aktualisieren",
"actionListClients": "Kunden auflisten",
"actionGetClient": "Kunde holen",
"noneSelected": "Keine ausgewählt",
"orgNotFound2": "Keine Organisationen gefunden.",
"searchProgress": "Suche...",
@@ -1073,7 +1103,7 @@
"language": "Sprache",
"verificationCodeRequired": "Code ist erforderlich",
"userErrorNoUpdate": "Kein Benutzer zum Aktualisieren",
"siteErrorNoUpdate": "Keine Site zum Aktualisieren",
"siteErrorNoUpdate": "Keine Standorte zum Aktualisieren",
"resourceErrorNoUpdate": "Keine Ressource zum Aktualisieren",
"authErrorNoUpdate": "Keine Auth-Informationen zum Aktualisieren",
"orgErrorNoUpdate": "Keine Organisation zum Aktualisieren",
@@ -1081,7 +1111,7 @@
"apiKeysErrorNoUpdate": "Kein API-Schlüssel zum Aktualisieren",
"sidebarOverview": "Übersicht",
"sidebarHome": "Zuhause",
"sidebarSites": "Seiten",
"sidebarSites": "Standorte",
"sidebarResources": "Ressourcen",
"sidebarAccessControl": "Zugriffskontrolle",
"sidebarUsers": "Benutzer",
@@ -1280,21 +1310,21 @@
"and": "und",
"privacyPolicy": "Datenschutzrichtlinie"
},
"siteRequired": "Site ist erforderlich.",
"siteRequired": "Standort ist erforderlich.",
"olmTunnel": "Olm Tunnel",
"olmTunnelDescription": "Nutzen Sie Olm für die Kundenverbindung",
"errorCreatingClient": "Fehler beim Erstellen des Clients",
"clientDefaultsNotFound": "Kundenvorgaben nicht gefunden",
"createClient": "Client erstellen",
"createClientDescription": "Erstellen Sie einen neuen Client für die Verbindung zu Ihren Sites.",
"createClientDescription": "Erstellen Sie einen neuen Client für die Verbindung zu Ihren Standorten.",
"seeAllClients": "Alle Clients anzeigen",
"clientInformation": "Kundeninformationen",
"clientNamePlaceholder": "Kundenname",
"address": "Adresse",
"subnetPlaceholder": "Subnetz",
"addressDescription": "Die Adresse, die dieser Client für die Verbindung verwenden wird.",
"selectSites": "Sites auswählen",
"sitesDescription": "Der Client wird zu den ausgewählten Sites eine Verbindung haben.",
"selectSites": "Standorte auswählen",
"sitesDescription": "Der Client wird zu den ausgewählten Standorten eine Verbindung haben.",
"clientInstallOlm": "Olm installieren",
"clientInstallOlmDescription": "Olm auf Ihrem System zum Laufen bringen",
"clientOlmCredentials": "Olm-Zugangsdaten",
@@ -1309,14 +1339,116 @@
"clientUpdatedDescription": "Der Client wurde aktualisiert.",
"clientUpdateFailed": "Fehler beim Aktualisieren des Clients",
"clientUpdateError": "Beim Aktualisieren des Clients ist ein Fehler aufgetreten.",
"sitesFetchFailed": "Fehler beim Abrufen von Sites",
"sitesFetchError": "Beim Abrufen von Sites ist ein Fehler aufgetreten.",
"sitesFetchFailed": "Fehler beim Abrufen von Standorten",
"sitesFetchError": "Beim Abrufen von Standorten ist ein Fehler aufgetreten.",
"olmErrorFetchReleases": "Beim Abrufen von Olm-Veröffentlichungen ist ein Fehler aufgetreten.",
"olmErrorFetchLatest": "Beim Abrufen der neuesten Olm-Veröffentlichung ist ein Fehler aufgetreten.",
"remoteSubnets": "Remote-Subnetze",
"enterCidrRange": "Geben Sie den CIDR-Bereich ein",
"remoteSubnetsDescription": "Fügen Sie CIDR-Bereiche hinzu, die aus der Ferne auf diese Site zugreifen können. Verwenden Sie das Format wie 10.0.0.0/24 oder 192.168.1.0/24.",
"remoteSubnetsDescription": "Fügen Sie CIDR-Bereiche hinzu, die über Clients von dieser Site aus remote zugänglich sind. Verwenden Sie ein Format wie 10.0.0.0/24. Dies gilt NUR für die VPN-Client-Konnektivität.",
"resourceEnableProxy": "Öffentlichen Proxy aktivieren",
"resourceEnableProxyDescription": "Ermöglichen Sie öffentliches Proxieren zu dieser Ressource. Dies ermöglicht den Zugriff auf die Ressource von außerhalb des Netzwerks durch die Cloud über einen offenen Port. Erfordert Traefik-Config.",
"externalProxyEnabled": "Externer Proxy aktiviert"
"externalProxyEnabled": "Externer Proxy aktiviert",
"addNewTarget": "Neues Ziel hinzufügen",
"targetsList": "Ziel-Liste",
"targetErrorDuplicateTargetFound": "Doppeltes Ziel gefunden",
"httpMethod": "HTTP-Methode",
"selectHttpMethod": "HTTP-Methode auswählen",
"domainPickerSubdomainLabel": "Subdomain",
"domainPickerBaseDomainLabel": "Basisdomäne",
"domainPickerSearchDomains": "Domains suchen...",
"domainPickerNoDomainsFound": "Keine Domains gefunden",
"domainPickerLoadingDomains": "Domains werden geladen...",
"domainPickerSelectBaseDomain": "Basisdomäne auswählen...",
"domainPickerNotAvailableForCname": "Für CNAME-Domains nicht verfügbar",
"domainPickerEnterSubdomainOrLeaveBlank": "Geben Sie eine Subdomain ein oder lassen Sie das Feld leer, um die Basisdomäne zu verwenden.",
"domainPickerEnterSubdomainToSearch": "Geben Sie eine Subdomain ein, um verfügbare freie Domains zu suchen und auszuwählen.",
"domainPickerFreeDomains": "Freie Domains",
"domainPickerSearchForAvailableDomains": "Verfügbare Domains suchen",
"resourceDomain": "Domain",
"resourceEditDomain": "Domain bearbeiten",
"siteName": "Site-Name",
"proxyPort": "Port",
"resourcesTableProxyResources": "Proxy-Ressourcen",
"resourcesTableClientResources": "Client-Ressourcen",
"resourcesTableNoProxyResourcesFound": "Keine Proxy-Ressourcen gefunden.",
"resourcesTableNoInternalResourcesFound": "Keine internen Ressourcen gefunden.",
"resourcesTableDestination": "Ziel",
"resourcesTableTheseResourcesForUseWith": "Diese Ressourcen sind zur Verwendung mit",
"resourcesTableClients": "Kunden",
"resourcesTableAndOnlyAccessibleInternally": "und sind nur intern zugänglich, wenn mit einem Client verbunden.",
"editInternalResourceDialogEditClientResource": "Client-Ressource bearbeiten",
"editInternalResourceDialogUpdateResourceProperties": "Aktualisieren Sie die Ressourceneigenschaften und die Zielkonfiguration für {resourceName}.",
"editInternalResourceDialogResourceProperties": "Ressourceneigenschaften",
"editInternalResourceDialogName": "Name",
"editInternalResourceDialogProtocol": "Protokoll",
"editInternalResourceDialogSitePort": "Site-Port",
"editInternalResourceDialogTargetConfiguration": "Zielkonfiguration",
"editInternalResourceDialogDestinationIP": "Ziel-IP",
"editInternalResourceDialogDestinationPort": "Ziel-Port",
"editInternalResourceDialogCancel": "Abbrechen",
"editInternalResourceDialogSaveResource": "Ressource speichern",
"editInternalResourceDialogSuccess": "Erfolg",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Interne Ressource erfolgreich aktualisiert",
"editInternalResourceDialogError": "Fehler",
"editInternalResourceDialogFailedToUpdateInternalResource": "Interne Ressource konnte nicht aktualisiert werden",
"editInternalResourceDialogNameRequired": "Name ist erforderlich",
"editInternalResourceDialogNameMaxLength": "Der Name darf nicht länger als 255 Zeichen sein",
"editInternalResourceDialogProxyPortMin": "Proxy-Port muss mindestens 1 sein",
"editInternalResourceDialogProxyPortMax": "Proxy-Port muss kleiner als 65536 sein",
"editInternalResourceDialogInvalidIPAddressFormat": "Ungültiges IP-Adressformat",
"editInternalResourceDialogDestinationPortMin": "Ziel-Port muss mindestens 1 sein",
"editInternalResourceDialogDestinationPortMax": "Ziel-Port muss kleiner als 65536 sein",
"createInternalResourceDialogNoSitesAvailable": "Keine Sites verfügbar",
"createInternalResourceDialogNoSitesAvailableDescription": "Sie müssen mindestens eine Newt-Site mit einem konfigurierten Subnetz haben, um interne Ressourcen zu erstellen.",
"createInternalResourceDialogClose": "Schließen",
"createInternalResourceDialogCreateClientResource": "Ressource erstellen",
"createInternalResourceDialogCreateClientResourceDescription": "Erstellen Sie eine neue Ressource, die für Clients zugänglich ist, die mit der ausgewählten Site verbunden sind.",
"createInternalResourceDialogResourceProperties": "Ressourceneigenschaften",
"createInternalResourceDialogName": "Name",
"createInternalResourceDialogSite": "Standort",
"createInternalResourceDialogSelectSite": "Standort auswählen...",
"createInternalResourceDialogSearchSites": "Sites durchsuchen...",
"createInternalResourceDialogNoSitesFound": "Keine Standorte gefunden.",
"createInternalResourceDialogProtocol": "Protokoll",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Site-Port",
"createInternalResourceDialogSitePortDescription": "Verwenden Sie diesen Port, um bei Verbindung mit einem Client auf die Ressource an der Site zuzugreifen.",
"createInternalResourceDialogTargetConfiguration": "Zielkonfiguration",
"createInternalResourceDialogDestinationIP": "Ziel-IP",
"createInternalResourceDialogDestinationIPDescription": "Die IP-Adresse der Ressource im Netzwerkstandort der Site.",
"createInternalResourceDialogDestinationPort": "Ziel-Port",
"createInternalResourceDialogDestinationPortDescription": "Der Port auf der Ziel-IP, unter dem die Ressource zugänglich ist.",
"createInternalResourceDialogCancel": "Abbrechen",
"createInternalResourceDialogCreateResource": "Ressource erstellen",
"createInternalResourceDialogSuccess": "Erfolg",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Interne Ressource erfolgreich erstellt",
"createInternalResourceDialogError": "Fehler",
"createInternalResourceDialogFailedToCreateInternalResource": "Interne Ressource konnte nicht erstellt werden",
"createInternalResourceDialogNameRequired": "Name ist erforderlich",
"createInternalResourceDialogNameMaxLength": "Der Name darf nicht länger als 255 Zeichen sein",
"createInternalResourceDialogPleaseSelectSite": "Bitte wählen Sie eine Site aus",
"createInternalResourceDialogProxyPortMin": "Proxy-Port muss mindestens 1 sein",
"createInternalResourceDialogProxyPortMax": "Proxy-Port muss kleiner als 65536 sein",
"createInternalResourceDialogInvalidIPAddressFormat": "Ungültiges IP-Adressformat",
"createInternalResourceDialogDestinationPortMin": "Ziel-Port muss mindestens 1 sein",
"createInternalResourceDialogDestinationPortMax": "Ziel-Port muss kleiner als 65536 sein",
"siteConfiguration": "Konfiguration",
"siteAcceptClientConnections": "Clientverbindungen akzeptieren",
"siteAcceptClientConnectionsDescription": "Erlauben Sie anderen Geräten, über diese Newt-Instanz mit Clients als Gateway zu verbinden.",
"siteAddress": "Site-Adresse",
"siteAddressDescription": "Geben Sie die IP-Adresse des Hosts an, mit dem sich die Clients verbinden sollen. Dies ist die interne Adresse der Site im Pangolin-Netzwerk, die von Clients angesprochen werden muss. Muss innerhalb des Unternehmens-Subnetzes liegen.",
"autoLoginExternalIdp": "Automatische Anmeldung mit externem IDP",
"autoLoginExternalIdpDescription": "Leiten Sie den Benutzer sofort zur Authentifizierung an den externen IDP weiter.",
"selectIdp": "IDP auswählen",
"selectIdpPlaceholder": "Wählen Sie einen IDP...",
"selectIdpRequired": "Bitte wählen Sie einen IDP aus, wenn automatische Anmeldung aktiviert ist.",
"autoLoginTitle": "Weiterleitung",
"autoLoginDescription": "Sie werden zum externen Identitätsanbieter zur Authentifizierung weitergeleitet.",
"autoLoginProcessing": "Authentifizierung vorbereiten...",
"autoLoginRedirecting": "Weiterleitung zur Anmeldung...",
"autoLoginError": "Fehler bei der automatischen Anmeldung",
"autoLoginErrorNoRedirectUrl": "Keine Weiterleitungs-URL vom Identitätsanbieter erhalten.",
"autoLoginErrorGeneratingUrl": "Fehler beim Generieren der Authentifizierungs-URL."
}

140
messages/en-US.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.",
"siteWg": "Basic WireGuard",
"siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
"siteWgDescriptionSaas": "Use any WireGuard client to establish a tunnel. Manual NAT setup required. ONLY WORKS ON SELF HOSTED NODES",
"siteLocalDescription": "Local resources only. No tunneling.",
"siteLocalDescriptionSaas": "Local resources only. No tunneling. ONLY WORKS ON SELF HOSTED NODES",
"siteSeeAll": "See All Sites",
"siteTunnelDescription": "Determine how you want to connect to your site",
"siteNewtCredentials": "Newt Credentials",
@@ -166,7 +168,7 @@
"siteSelect": "Select site",
"siteSearch": "Search site",
"siteNotFound": "No site found.",
"siteSelectionDescription": "This site will provide connectivity to the resource.",
"siteSelectionDescription": "This site will provide connectivity to the target.",
"resourceType": "Resource Type",
"resourceTypeDescription": "Determine how you want to access your resource",
"resourceHTTPSSettings": "HTTPS Settings",
@@ -197,6 +199,7 @@
"general": "General",
"generalSettings": "General Settings",
"proxy": "Proxy",
"internal": "Internal",
"rules": "Rules",
"resourceSettingDescription": "Configure the settings on your resource",
"resourceSetting": "{resourceName} Settings",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.",
"targetTlsSubmit": "Save Settings",
"targets": "Targets Configuration",
"targetsDescription": "Set up targets to route traffic to your services",
"targetsDescription": "Set up targets to route traffic to your backend services",
"targetStickySessions": "Enable Sticky Sessions",
"targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.",
"methodSelect": "Select method",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN must be exactly 6 digits",
"pincodeRequirementsChars": "PIN must only contain numbers",
"passwordRequirementsLength": "Password must be at least 1 character long",
"passwordRequirementsTitle": "Password requirements:",
"passwordRequirementLength": "At least 8 characters long",
"passwordRequirementUppercase": "At least one uppercase letter",
"passwordRequirementLowercase": "At least one lowercase letter",
"passwordRequirementNumber": "At least one number",
"passwordRequirementSpecial": "At least one special character",
"passwordRequirementsMet": "✓ Password meets all requirements",
"passwordStrength": "Password strength",
"passwordStrengthWeak": "Weak",
"passwordStrengthMedium": "Medium",
"passwordStrengthStrong": "Strong",
"passwordRequirements": "Requirements:",
"passwordRequirementLengthText": "8+ characters",
"passwordRequirementUppercaseText": "Uppercase letter (A-Z)",
"passwordRequirementLowercaseText": "Lowercase letter (a-z)",
"passwordRequirementNumberText": "Number (0-9)",
"passwordRequirementSpecialText": "Special character (!@#$%...)",
"passwordsDoNotMatch": "Passwords do not match",
"otpEmailRequirementsLength": "OTP must be at least 1 character long",
"otpEmailSent": "OTP Sent",
"otpEmailSentDescription": "An OTP has been sent to your email",
@@ -952,6 +973,7 @@
"logoutError": "Error logging out",
"signingAs": "Signed in as",
"serverAdmin": "Server Admin",
"managedSelfhosted": "Managed Self-Hosted",
"otpEnable": "Enable Two-factor",
"otpDisable": "Disable Two-factor",
"logout": "Log Out",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Delete Site",
"actionGetSite": "Get Site",
"actionListSites": "List Sites",
"setupToken": "Setup Token",
"setupTokenDescription": "Enter the setup token from the server console.",
"setupTokenRequired": "Setup token is required",
"actionUpdateSite": "Update Site",
"actionListSiteRoles": "List Allowed Site Roles",
"actionCreateResource": "Create Resource",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Delete IDP Org Policy",
"actionListIdpOrgs": "List IDP Orgs",
"actionUpdateIdpOrg": "Update IDP Org",
"actionCreateClient": "Create Client",
"actionDeleteClient": "Delete Client",
"actionUpdateClient": "Update Client",
"actionListClients": "List Clients",
"actionGetClient": "Get Client",
"noneSelected": "None selected",
"orgNotFound2": "No organizations found.",
"searchProgress": "Search...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.",
"remoteSubnets": "Remote Subnets",
"enterCidrRange": "Enter CIDR range",
"remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.",
"remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.",
"resourceEnableProxy": "Enable Public Proxy",
"resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.",
"externalProxyEnabled": "External Proxy Enabled"
"externalProxyEnabled": "External Proxy Enabled",
"addNewTarget": "Add New Target",
"targetsList": "Targets List",
"targetErrorDuplicateTargetFound": "Duplicate target found",
"httpMethod": "HTTP Method",
"selectHttpMethod": "Select HTTP method",
"domainPickerSubdomainLabel": "Subdomain",
"domainPickerBaseDomainLabel": "Base Domain",
"domainPickerSearchDomains": "Search domains...",
"domainPickerNoDomainsFound": "No domains found",
"domainPickerLoadingDomains": "Loading domains...",
"domainPickerSelectBaseDomain": "Select base domain...",
"domainPickerNotAvailableForCname": "Not available for CNAME domains",
"domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.",
"domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.",
"domainPickerFreeDomains": "Free Domains",
"domainPickerSearchForAvailableDomains": "Search for available domains",
"resourceDomain": "Domain",
"resourceEditDomain": "Edit Domain",
"siteName": "Site Name",
"proxyPort": "Port",
"resourcesTableProxyResources": "Proxy Resources",
"resourcesTableClientResources": "Client Resources",
"resourcesTableNoProxyResourcesFound": "No proxy resources found.",
"resourcesTableNoInternalResourcesFound": "No internal resources found.",
"resourcesTableDestination": "Destination",
"resourcesTableTheseResourcesForUseWith": "These resources are for use with",
"resourcesTableClients": "Clients",
"resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.",
"editInternalResourceDialogEditClientResource": "Edit Client Resource",
"editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.",
"editInternalResourceDialogResourceProperties": "Resource Properties",
"editInternalResourceDialogName": "Name",
"editInternalResourceDialogProtocol": "Protocol",
"editInternalResourceDialogSitePort": "Site Port",
"editInternalResourceDialogTargetConfiguration": "Target Configuration",
"editInternalResourceDialogDestinationIP": "Destination IP",
"editInternalResourceDialogDestinationPort": "Destination Port",
"editInternalResourceDialogCancel": "Cancel",
"editInternalResourceDialogSaveResource": "Save Resource",
"editInternalResourceDialogSuccess": "Success",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully",
"editInternalResourceDialogError": "Error",
"editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource",
"editInternalResourceDialogNameRequired": "Name is required",
"editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
"editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
"editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
"editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
"editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
"createInternalResourceDialogNoSitesAvailable": "No Sites Available",
"createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.",
"createInternalResourceDialogClose": "Close",
"createInternalResourceDialogCreateClientResource": "Create Client Resource",
"createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.",
"createInternalResourceDialogResourceProperties": "Resource Properties",
"createInternalResourceDialogName": "Name",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Select site...",
"createInternalResourceDialogSearchSites": "Search sites...",
"createInternalResourceDialogNoSitesFound": "No sites found.",
"createInternalResourceDialogProtocol": "Protocol",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Site Port",
"createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
"createInternalResourceDialogTargetConfiguration": "Target Configuration",
"createInternalResourceDialogDestinationIP": "Destination IP",
"createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.",
"createInternalResourceDialogDestinationPort": "Destination Port",
"createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
"createInternalResourceDialogCancel": "Cancel",
"createInternalResourceDialogCreateResource": "Create Resource",
"createInternalResourceDialogSuccess": "Success",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully",
"createInternalResourceDialogError": "Error",
"createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource",
"createInternalResourceDialogNameRequired": "Name is required",
"createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
"createInternalResourceDialogPleaseSelectSite": "Please select a site",
"createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
"createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
"createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
"createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
"siteConfiguration": "Configuration",
"siteAcceptClientConnections": "Accept Client Connections",
"siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.",
"siteAddress": "Site Address",
"siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.",
"autoLoginExternalIdp": "Auto Login with External IDP",
"autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.",
"selectIdp": "Select IDP",
"selectIdpPlaceholder": "Choose an IDP...",
"selectIdpRequired": "Please select an IDP when auto login is enabled.",
"autoLoginTitle": "Redirecting",
"autoLoginDescription": "Redirecting you to the external identity provider for authentication.",
"autoLoginProcessing": "Preparing authentication...",
"autoLoginRedirecting": "Redirecting to login...",
"autoLoginError": "Auto Login Error",
"autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.",
"autoLoginErrorGeneratingUrl": "Failed to generate authentication URL."
}

138
messages/es-ES.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "La forma más fácil de crear un punto de entrada en tu red. Sin configuración adicional.",
"siteWg": "Wirex Guardia Básica",
"siteWgDescription": "Utilice cualquier cliente Wirex Guard para establecer un túnel. Se requiere una configuración manual de NAT.",
"siteWgDescriptionSaas": "Utilice cualquier cliente de WireGuard para establecer un túnel. Se requiere configuración manual de NAT. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS",
"siteLocalDescription": "Solo recursos locales. Sin túneles.",
"siteLocalDescriptionSaas": "Solo recursos locales. Sin túneles. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS",
"siteSeeAll": "Ver todos los sitios",
"siteTunnelDescription": "Determina cómo quieres conectarte a tu sitio",
"siteNewtCredentials": "Credenciales nuevas",
@@ -166,7 +168,7 @@
"siteSelect": "Seleccionar sitio",
"siteSearch": "Buscar sitio",
"siteNotFound": "Sitio no encontrado.",
"siteSelectionDescription": "Este sitio proporcionará conectividad al recurso.",
"siteSelectionDescription": "Este sitio proporcionará conectividad al objetivo.",
"resourceType": "Tipo de recurso",
"resourceTypeDescription": "Determina cómo quieres acceder a tu recurso",
"resourceHTTPSSettings": "Configuración HTTPS",
@@ -197,6 +199,7 @@
"general": "General",
"generalSettings": "Configuración General",
"proxy": "Proxy",
"internal": "Interno",
"rules": "Reglas",
"resourceSettingDescription": "Configure la configuración de su recurso",
"resourceSetting": "Ajustes {resourceName}",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "El PIN debe tener exactamente 6 dígitos",
"pincodeRequirementsChars": "El PIN sólo debe contener números",
"passwordRequirementsLength": "La contraseña debe tener al menos 1 carácter",
"passwordRequirementsTitle": "Requisitos de la contraseña:",
"passwordRequirementLength": "Al menos 8 caracteres de largo",
"passwordRequirementUppercase": "Al menos una letra mayúscula",
"passwordRequirementLowercase": "Al menos una letra minúscula",
"passwordRequirementNumber": "Al menos un número",
"passwordRequirementSpecial": "Al menos un carácter especial",
"passwordRequirementsMet": "✓ La contraseña cumple con todos los requisitos",
"passwordStrength": "Seguridad de la contraseña",
"passwordStrengthWeak": "Débil",
"passwordStrengthMedium": "Media",
"passwordStrengthStrong": "Fuerte",
"passwordRequirements": "Requisitos:",
"passwordRequirementLengthText": "8+ caracteres",
"passwordRequirementUppercaseText": "Letra mayúscula (A-Z)",
"passwordRequirementLowercaseText": "Letra minúscula (a-z)",
"passwordRequirementNumberText": "Número (0-9)",
"passwordRequirementSpecialText": "Caracter especial (!@#$%...)",
"passwordsDoNotMatch": "Las contraseñas no coinciden",
"otpEmailRequirementsLength": "OTP debe tener al menos 1 carácter",
"otpEmailSent": "OTP enviado",
"otpEmailSentDescription": "Un OTP ha sido enviado a tu correo electrónico",
@@ -952,6 +973,7 @@
"logoutError": "Error al cerrar sesión",
"signingAs": "Conectado como",
"serverAdmin": "Admin Servidor",
"managedSelfhosted": "Autogestionado",
"otpEnable": "Activar doble factor",
"otpDisable": "Desactivar doble factor",
"logout": "Cerrar sesión",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Eliminar sitio",
"actionGetSite": "Obtener sitio",
"actionListSites": "Listar sitios",
"setupToken": "Configuración de token",
"setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.",
"setupTokenRequired": "Se requiere el token de configuración",
"actionUpdateSite": "Actualizar sitio",
"actionListSiteRoles": "Lista de roles permitidos del sitio",
"actionCreateResource": "Crear Recurso",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Eliminar política de IDP Org",
"actionListIdpOrgs": "Listar Orgs IDP",
"actionUpdateIdpOrg": "Actualizar IDP Org",
"actionCreateClient": "Crear cliente",
"actionDeleteClient": "Eliminar cliente",
"actionUpdateClient": "Actualizar cliente",
"actionListClients": "Listar clientes",
"actionGetClient": "Obtener cliente",
"noneSelected": "Ninguno seleccionado",
"orgNotFound2": "No se encontraron organizaciones.",
"searchProgress": "Buscar...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Se ha producido un error al recuperar la última versión de Olm.",
"remoteSubnets": "Subredes remotas",
"enterCidrRange": "Ingresa el rango CIDR",
"remoteSubnetsDescription": "Agregue rangos CIDR que puedan acceder a este sitio de forma remota. Use un formato como 10.0.0.0/24 o 192.168.1.0/24.",
"remoteSubnetsDescription": "Agregue rangos CIDR que se puedan acceder desde este sitio de forma remota usando clientes. Utilice el formato como 10.0.0.0/24. Esto SOLO se aplica a la conectividad del cliente VPN.",
"resourceEnableProxy": "Habilitar proxy público",
"resourceEnableProxyDescription": "Habilite el proxy público para este recurso. Esto permite el acceso al recurso desde fuera de la red a través de la nube en un puerto abierto. Requiere configuración de Traefik.",
"externalProxyEnabled": "Proxy externo habilitado"
"externalProxyEnabled": "Proxy externo habilitado",
"addNewTarget": "Agregar nuevo destino",
"targetsList": "Lista de destinos",
"targetErrorDuplicateTargetFound": "Se encontró un destino duplicado",
"httpMethod": "Método HTTP",
"selectHttpMethod": "Seleccionar método HTTP",
"domainPickerSubdomainLabel": "Subdominio",
"domainPickerBaseDomainLabel": "Dominio base",
"domainPickerSearchDomains": "Buscar dominios...",
"domainPickerNoDomainsFound": "No se encontraron dominios",
"domainPickerLoadingDomains": "Cargando dominios...",
"domainPickerSelectBaseDomain": "Seleccionar dominio base...",
"domainPickerNotAvailableForCname": "No disponible para dominios CNAME",
"domainPickerEnterSubdomainOrLeaveBlank": "Ingrese subdominio o deje en blanco para usar dominio base.",
"domainPickerEnterSubdomainToSearch": "Ingrese un subdominio para buscar y seleccionar entre dominios gratuitos disponibles.",
"domainPickerFreeDomains": "Dominios gratuitos",
"domainPickerSearchForAvailableDomains": "Buscar dominios disponibles",
"resourceDomain": "Dominio",
"resourceEditDomain": "Editar dominio",
"siteName": "Nombre del sitio",
"proxyPort": "Puerto",
"resourcesTableProxyResources": "Recursos de proxy",
"resourcesTableClientResources": "Recursos del cliente",
"resourcesTableNoProxyResourcesFound": "No se encontraron recursos de proxy.",
"resourcesTableNoInternalResourcesFound": "No se encontraron recursos internos.",
"resourcesTableDestination": "Destino",
"resourcesTableTheseResourcesForUseWith": "Estos recursos son para uso con",
"resourcesTableClients": "Clientes",
"resourcesTableAndOnlyAccessibleInternally": "y solo son accesibles internamente cuando se conectan con un cliente.",
"editInternalResourceDialogEditClientResource": "Editar recurso del cliente",
"editInternalResourceDialogUpdateResourceProperties": "Actualizar las propiedades del recurso y la configuración del objetivo para {resourceName}.",
"editInternalResourceDialogResourceProperties": "Propiedades del recurso",
"editInternalResourceDialogName": "Nombre",
"editInternalResourceDialogProtocol": "Protocolo",
"editInternalResourceDialogSitePort": "Puerto del sitio",
"editInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
"editInternalResourceDialogDestinationIP": "IP de destino",
"editInternalResourceDialogDestinationPort": "Puerto de destino",
"editInternalResourceDialogCancel": "Cancelar",
"editInternalResourceDialogSaveResource": "Guardar recurso",
"editInternalResourceDialogSuccess": "Éxito",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Recurso interno actualizado con éxito",
"editInternalResourceDialogError": "Error",
"editInternalResourceDialogFailedToUpdateInternalResource": "Error al actualizar el recurso interno",
"editInternalResourceDialogNameRequired": "El nombre es requerido",
"editInternalResourceDialogNameMaxLength": "El nombre no debe tener más de 255 caracteres",
"editInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1",
"editInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido",
"editInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1",
"editInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536",
"createInternalResourceDialogNoSitesAvailable": "No hay sitios disponibles",
"createInternalResourceDialogNoSitesAvailableDescription": "Necesita tener al menos un sitio de Newt con una subred configurada para crear recursos internos.",
"createInternalResourceDialogClose": "Cerrar",
"createInternalResourceDialogCreateClientResource": "Crear recurso del cliente",
"createInternalResourceDialogCreateClientResourceDescription": "Crear un nuevo recurso que será accesible para los clientes conectados al sitio seleccionado.",
"createInternalResourceDialogResourceProperties": "Propiedades del recurso",
"createInternalResourceDialogName": "Nombre",
"createInternalResourceDialogSite": "Sitio",
"createInternalResourceDialogSelectSite": "Seleccionar sitio...",
"createInternalResourceDialogSearchSites": "Buscar sitios...",
"createInternalResourceDialogNoSitesFound": "Sitios no encontrados.",
"createInternalResourceDialogProtocol": "Protocolo",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Puerto del sitio",
"createInternalResourceDialogSitePortDescription": "Use este puerto para acceder al recurso en el sitio cuando se conecta con un cliente.",
"createInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
"createInternalResourceDialogDestinationIP": "IP de destino",
"createInternalResourceDialogDestinationIPDescription": "La dirección IP del recurso en la red del sitio.",
"createInternalResourceDialogDestinationPort": "Puerto de destino",
"createInternalResourceDialogDestinationPortDescription": "El puerto en la IP de destino donde el recurso es accesible.",
"createInternalResourceDialogCancel": "Cancelar",
"createInternalResourceDialogCreateResource": "Crear recurso",
"createInternalResourceDialogSuccess": "Éxito",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Recurso interno creado con éxito",
"createInternalResourceDialogError": "Error",
"createInternalResourceDialogFailedToCreateInternalResource": "Error al crear recurso interno",
"createInternalResourceDialogNameRequired": "El nombre es requerido",
"createInternalResourceDialogNameMaxLength": "El nombre debe ser menor de 255 caracteres",
"createInternalResourceDialogPleaseSelectSite": "Por favor seleccione un sitio",
"createInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1",
"createInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido",
"createInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1",
"createInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536",
"siteConfiguration": "Configuración",
"siteAcceptClientConnections": "Aceptar conexiones de clientes",
"siteAcceptClientConnectionsDescription": "Permitir que otros dispositivos se conecten a través de esta instancia Newt como una puerta de enlace utilizando clientes.",
"siteAddress": "Dirección del sitio",
"siteAddressDescription": "Especifique la dirección IP del host que los clientes deben usar para conectarse. Esta es la dirección interna del sitio en la red de Pangolín para que los clientes dirijan. Debe estar dentro de la subred de la organización.",
"autoLoginExternalIdp": "Inicio de sesión automático con IDP externo",
"autoLoginExternalIdpDescription": "Redirigir inmediatamente al usuario al IDP externo para autenticación.",
"selectIdp": "Seleccionar IDP",
"selectIdpPlaceholder": "Elegir un IDP...",
"selectIdpRequired": "Por favor seleccione un IDP cuando el inicio de sesión automático esté habilitado.",
"autoLoginTitle": "Redirigiendo",
"autoLoginDescription": "Te estamos redirigiendo al proveedor de identidad externo para autenticación.",
"autoLoginProcessing": "Preparando autenticación...",
"autoLoginRedirecting": "Redirigiendo al inicio de sesión...",
"autoLoginError": "Error de inicio de sesión automático",
"autoLoginErrorNoRedirectUrl": "No se recibió URL de redirección del proveedor de identidad.",
"autoLoginErrorGeneratingUrl": "Error al generar URL de autenticación."
}

140
messages/fr-FR.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "La façon la plus simple de créer un point d'entrée dans votre réseau. Pas de configuration supplémentaire.",
"siteWg": "WireGuard basique",
"siteWgDescription": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise.",
"siteWgDescriptionSaas": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES",
"siteLocalDescription": "Ressources locales seulement. Pas de tunneling.",
"siteLocalDescriptionSaas": "Ressources locales uniquement. Pas de tunneling. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES",
"siteSeeAll": "Voir tous les sites",
"siteTunnelDescription": "Déterminez comment vous voulez vous connecter à votre site",
"siteNewtCredentials": "Identifiants Newt",
@@ -166,7 +168,7 @@
"siteSelect": "Sélectionner un site",
"siteSearch": "Chercher un site",
"siteNotFound": "Aucun site trouvé.",
"siteSelectionDescription": "Ce site fournira la connectivité à la ressource.",
"siteSelectionDescription": "Ce site fournira la connectivité à la cible.",
"resourceType": "Type de ressource",
"resourceTypeDescription": "Déterminer comment vous voulez accéder à votre ressource",
"resourceHTTPSSettings": "Paramètres HTTPS",
@@ -197,6 +199,7 @@
"general": "Généraux",
"generalSettings": "Paramètres généraux",
"proxy": "Proxy",
"internal": "Interne",
"rules": "Règles",
"resourceSettingDescription": "Configurer les paramètres de votre ressource",
"resourceSetting": "Réglages {resourceName}",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "Le nom de serveur TLS à utiliser pour SNI. Laissez vide pour utiliser la valeur par défaut.",
"targetTlsSubmit": "Enregistrer les paramètres",
"targets": "Configuration des cibles",
"targetsDescription": "Configurez les cibles pour router le trafic vers vos services",
"targetsDescription": "Configurez les cibles pour router le trafic vers vos services.",
"targetStickySessions": "Activer les sessions persistantes",
"targetStickySessionsDescription": "Maintenir les connexions sur la même cible backend pendant toute leur session.",
"methodSelect": "Sélectionner la méthode",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "Le code PIN doit comporter exactement 6 chiffres",
"pincodeRequirementsChars": "Le code PIN ne doit contenir que des chiffres",
"passwordRequirementsLength": "Le mot de passe doit comporter au moins 1 caractère",
"passwordRequirementsTitle": "Exigences relatives au mot de passe :",
"passwordRequirementLength": "Au moins 8 caractères",
"passwordRequirementUppercase": "Au moins une lettre majuscule",
"passwordRequirementLowercase": "Au moins une lettre minuscule",
"passwordRequirementNumber": "Au moins un chiffre",
"passwordRequirementSpecial": "Au moins un caractère spécial",
"passwordRequirementsMet": "✓ Le mot de passe répond à toutes les exigences",
"passwordStrength": "Solidité du mot de passe",
"passwordStrengthWeak": "Faible",
"passwordStrengthMedium": "Moyen",
"passwordStrengthStrong": "Fort",
"passwordRequirements": "Exigences :",
"passwordRequirementLengthText": "8+ caractères",
"passwordRequirementUppercaseText": "Lettre majuscule (A-Z)",
"passwordRequirementLowercaseText": "Lettre minuscule (a-z)",
"passwordRequirementNumberText": "Nombre (0-9)",
"passwordRequirementSpecialText": "Caractère spécial (!@#$%...)",
"passwordsDoNotMatch": "Les mots de passe ne correspondent pas",
"otpEmailRequirementsLength": "L'OTP doit comporter au moins 1 caractère",
"otpEmailSent": "OTP envoyé",
"otpEmailSentDescription": "Un OTP a été envoyé à votre e-mail",
@@ -952,6 +973,7 @@
"logoutError": "Erreur lors de la déconnexion",
"signingAs": "Connecté en tant que",
"serverAdmin": "Admin Serveur",
"managedSelfhosted": "Gestion autonome",
"otpEnable": "Activer l'authentification à deux facteurs",
"otpDisable": "Désactiver l'authentification à deux facteurs",
"logout": "Déconnexion",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Supprimer un site",
"actionGetSite": "Obtenir un site",
"actionListSites": "Lister les sites",
"setupToken": "Jeton de configuration",
"setupTokenDescription": "Entrez le jeton de configuration depuis la console du serveur.",
"setupTokenRequired": "Le jeton de configuration est requis.",
"actionUpdateSite": "Mettre à jour un site",
"actionListSiteRoles": "Lister les rôles autorisés du site",
"actionCreateResource": "Créer une ressource",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Supprimer une politique d'organisation IDP",
"actionListIdpOrgs": "Lister les organisations IDP",
"actionUpdateIdpOrg": "Mettre à jour une organisation IDP",
"actionCreateClient": "Créer un client",
"actionDeleteClient": "Supprimer le client",
"actionUpdateClient": "Mettre à jour le client",
"actionListClients": "Liste des clients",
"actionGetClient": "Obtenir le client",
"noneSelected": "Aucune sélection",
"orgNotFound2": "Aucune organisation trouvée.",
"searchProgress": "Rechercher...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Une erreur s'est produite lors de la récupération de la dernière version d'Olm.",
"remoteSubnets": "Sous-réseaux distants",
"enterCidrRange": "Entrez la plage CIDR",
"remoteSubnetsDescription": "Ajoutez des plages CIDR pouvant accéder à ce site à distance. Utilisez le format comme 10.0.0.0/24 ou 192.168.1.0/24.",
"remoteSubnetsDescription": "Ajoutez des plages CIDR accessibles à distance depuis ce site à l'aide de clients. Utilisez le format comme 10.0.0.0/24. Cela s'applique UNIQUEMENT à la connectivité des clients VPN.",
"resourceEnableProxy": "Activer le proxy public",
"resourceEnableProxyDescription": "Activez le proxy public vers cette ressource. Cela permet d'accéder à la ressource depuis l'extérieur du réseau via le cloud sur un port ouvert. Nécessite la configuration de Traefik.",
"externalProxyEnabled": "Proxy externe activé"
"externalProxyEnabled": "Proxy externe activé",
"addNewTarget": "Ajouter une nouvelle cible",
"targetsList": "Liste des cibles",
"targetErrorDuplicateTargetFound": "Cible en double trouvée",
"httpMethod": "Méthode HTTP",
"selectHttpMethod": "Sélectionnez la méthode HTTP",
"domainPickerSubdomainLabel": "Sous-domaine",
"domainPickerBaseDomainLabel": "Domaine de base",
"domainPickerSearchDomains": "Rechercher des domaines...",
"domainPickerNoDomainsFound": "Aucun domaine trouvé",
"domainPickerLoadingDomains": "Chargement des domaines...",
"domainPickerSelectBaseDomain": "Sélectionnez le domaine de base...",
"domainPickerNotAvailableForCname": "Non disponible pour les domaines CNAME",
"domainPickerEnterSubdomainOrLeaveBlank": "Entrez un sous-domaine ou laissez vide pour utiliser le domaine de base.",
"domainPickerEnterSubdomainToSearch": "Entrez un sous-domaine pour rechercher et sélectionner parmi les domaines gratuits disponibles.",
"domainPickerFreeDomains": "Domaines gratuits",
"domainPickerSearchForAvailableDomains": "Rechercher des domaines disponibles",
"resourceDomain": "Domaine",
"resourceEditDomain": "Modifier le domaine",
"siteName": "Nom du site",
"proxyPort": "Port",
"resourcesTableProxyResources": "Ressources proxy",
"resourcesTableClientResources": "Ressources client",
"resourcesTableNoProxyResourcesFound": "Aucune ressource proxy trouvée.",
"resourcesTableNoInternalResourcesFound": "Aucune ressource interne trouvée.",
"resourcesTableDestination": "Destination",
"resourcesTableTheseResourcesForUseWith": "Ces ressources sont à utiliser avec",
"resourcesTableClients": "Clients",
"resourcesTableAndOnlyAccessibleInternally": "et sont uniquement accessibles en interne lorsqu'elles sont connectées avec un client.",
"editInternalResourceDialogEditClientResource": "Modifier la ressource client",
"editInternalResourceDialogUpdateResourceProperties": "Mettez à jour les propriétés de la ressource et la configuration de la cible pour {resourceName}.",
"editInternalResourceDialogResourceProperties": "Propriétés de la ressource",
"editInternalResourceDialogName": "Nom",
"editInternalResourceDialogProtocol": "Protocole",
"editInternalResourceDialogSitePort": "Port du site",
"editInternalResourceDialogTargetConfiguration": "Configuration de la cible",
"editInternalResourceDialogDestinationIP": "IP de destination",
"editInternalResourceDialogDestinationPort": "Port de destination",
"editInternalResourceDialogCancel": "Abandonner",
"editInternalResourceDialogSaveResource": "Enregistrer la ressource",
"editInternalResourceDialogSuccess": "Succès",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Ressource interne mise à jour avec succès",
"editInternalResourceDialogError": "Erreur",
"editInternalResourceDialogFailedToUpdateInternalResource": "Échec de la mise à jour de la ressource interne",
"editInternalResourceDialogNameRequired": "Le nom est requis",
"editInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères",
"editInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1",
"editInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide",
"editInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1",
"editInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536",
"createInternalResourceDialogNoSitesAvailable": "Aucun site disponible",
"createInternalResourceDialogNoSitesAvailableDescription": "Vous devez avoir au moins un site Newt avec un sous-réseau configuré pour créer des ressources internes.",
"createInternalResourceDialogClose": "Fermer",
"createInternalResourceDialogCreateClientResource": "Créer une ressource client",
"createInternalResourceDialogCreateClientResourceDescription": "Créez une ressource accessible aux clients connectés au site sélectionné.",
"createInternalResourceDialogResourceProperties": "Propriétés de la ressource",
"createInternalResourceDialogName": "Nom",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Sélectionner un site...",
"createInternalResourceDialogSearchSites": "Rechercher des sites...",
"createInternalResourceDialogNoSitesFound": "Aucun site trouvé.",
"createInternalResourceDialogProtocol": "Protocole",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Port du site",
"createInternalResourceDialogSitePortDescription": "Utilisez ce port pour accéder à la ressource sur le site lors de la connexion avec un client.",
"createInternalResourceDialogTargetConfiguration": "Configuration de la cible",
"createInternalResourceDialogDestinationIP": "IP de destination",
"createInternalResourceDialogDestinationIPDescription": "L'adresse IP de la ressource sur le réseau du site.",
"createInternalResourceDialogDestinationPort": "Port de destination",
"createInternalResourceDialogDestinationPortDescription": "Le port sur l'IP de destination où la ressource est accessible.",
"createInternalResourceDialogCancel": "Abandonner",
"createInternalResourceDialogCreateResource": "Créer une ressource",
"createInternalResourceDialogSuccess": "Succès",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Ressource interne créée avec succès",
"createInternalResourceDialogError": "Erreur",
"createInternalResourceDialogFailedToCreateInternalResource": "Échec de la création de la ressource interne",
"createInternalResourceDialogNameRequired": "Le nom est requis",
"createInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères",
"createInternalResourceDialogPleaseSelectSite": "Veuillez sélectionner un site",
"createInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1",
"createInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide",
"createInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1",
"createInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536",
"siteConfiguration": "Configuration",
"siteAcceptClientConnections": "Accepter les connexions client",
"siteAcceptClientConnectionsDescription": "Permet à d'autres appareils de se connecter via cette instance de Newt en tant que passerelle utilisant des clients.",
"siteAddress": "Adresse du site",
"siteAddressDescription": "Spécifiez l'adresse IP de l'hôte pour que les clients puissent s'y connecter. C'est l'adresse interne du site dans le réseau Pangolin pour que les clients puissent s'adresser. Doit être dans le sous-réseau de l'organisation.",
"autoLoginExternalIdp": "Connexion automatique avec IDP externe",
"autoLoginExternalIdpDescription": "Rediriger immédiatement l'utilisateur vers l'IDP externe pour l'authentification.",
"selectIdp": "Sélectionner l'IDP",
"selectIdpPlaceholder": "Choisissez un IDP...",
"selectIdpRequired": "Veuillez sélectionner un IDP lorsque la connexion automatique est activée.",
"autoLoginTitle": "Redirection",
"autoLoginDescription": "Redirection vers le fournisseur d'identité externe pour l'authentification.",
"autoLoginProcessing": "Préparation de l'authentification...",
"autoLoginRedirecting": "Redirection vers la connexion...",
"autoLoginError": "Erreur de connexion automatique",
"autoLoginErrorNoRedirectUrl": "Aucune URL de redirection reçue du fournisseur d'identité.",
"autoLoginErrorGeneratingUrl": "Échec de la génération de l'URL d'authentification."
}

140
messages/it-IT.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Modo più semplice per creare un entrypoint nella rete. Nessuna configurazione aggiuntiva.",
"siteWg": "WireGuard Base",
"siteWgDescription": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta.",
"siteWgDescriptionSaas": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta. FUNZIONA SOLO SU NODI AUTO-OSPITATI",
"siteLocalDescription": "Solo risorse locali. Nessun tunneling.",
"siteLocalDescriptionSaas": "Solo risorse locali. Nessun tunneling. FUNZIONA SOLO SU NODI AUTO-OSPITATI",
"siteSeeAll": "Vedi Tutti I Siti",
"siteTunnelDescription": "Determina come vuoi connetterti al tuo sito",
"siteNewtCredentials": "Credenziali Newt",
@@ -166,7 +168,7 @@
"siteSelect": "Seleziona sito",
"siteSearch": "Cerca sito",
"siteNotFound": "Nessun sito trovato.",
"siteSelectionDescription": "Questo sito fornirà connettività alla risorsa.",
"siteSelectionDescription": "Questo sito fornirà connettività all'obiettivo.",
"resourceType": "Tipo Di Risorsa",
"resourceTypeDescription": "Determina come vuoi accedere alla tua risorsa",
"resourceHTTPSSettings": "Impostazioni HTTPS",
@@ -197,6 +199,7 @@
"general": "Generale",
"generalSettings": "Impostazioni Generali",
"proxy": "Proxy",
"internal": "Interno",
"rules": "Regole",
"resourceSettingDescription": "Configura le impostazioni sulla tua risorsa",
"resourceSetting": "Impostazioni {resourceName}",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "Il Nome Server TLS da usare per SNI. Lascia vuoto per usare quello predefinito.",
"targetTlsSubmit": "Salva Impostazioni",
"targets": "Configurazione Target",
"targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi",
"targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi backend",
"targetStickySessions": "Abilita Sessioni Persistenti",
"targetStickySessionsDescription": "Mantieni le connessioni sullo stesso target backend per l'intera sessione.",
"methodSelect": "Seleziona metodo",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "Il PIN deve essere esattamente di 6 cifre",
"pincodeRequirementsChars": "Il PIN deve contenere solo numeri",
"passwordRequirementsLength": "La password deve essere lunga almeno 1 carattere",
"passwordRequirementsTitle": "Requisiti della password:",
"passwordRequirementLength": "Almeno 8 caratteri",
"passwordRequirementUppercase": "Almeno una lettera maiuscola",
"passwordRequirementLowercase": "Almeno una lettera minuscola",
"passwordRequirementNumber": "Almeno un numero",
"passwordRequirementSpecial": "Almeno un carattere speciale",
"passwordRequirementsMet": "✓ La password soddisfa tutti i requisiti",
"passwordStrength": "Forza della password",
"passwordStrengthWeak": "Debole",
"passwordStrengthMedium": "Media",
"passwordStrengthStrong": "Forte",
"passwordRequirements": "Requisiti:",
"passwordRequirementLengthText": "8+ caratteri",
"passwordRequirementUppercaseText": "Lettera maiuscola (A-Z)",
"passwordRequirementLowercaseText": "Lettera minuscola (a-z)",
"passwordRequirementNumberText": "Numero (0-9)",
"passwordRequirementSpecialText": "Carattere speciale (!@#$%...)",
"passwordsDoNotMatch": "Le password non coincidono",
"otpEmailRequirementsLength": "L'OTP deve essere lungo almeno 1 carattere",
"otpEmailSent": "OTP Inviato",
"otpEmailSentDescription": "Un OTP è stato inviato alla tua email",
@@ -952,6 +973,7 @@
"logoutError": "Errore durante il logout",
"signingAs": "Accesso come",
"serverAdmin": "Amministratore Server",
"managedSelfhosted": "Gestito Auto-Ospitato",
"otpEnable": "Abilita Autenticazione a Due Fattori",
"otpDisable": "Disabilita Autenticazione a Due Fattori",
"logout": "Disconnetti",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Elimina Sito",
"actionGetSite": "Ottieni Sito",
"actionListSites": "Elenca Siti",
"setupToken": "Configura Token",
"setupTokenDescription": "Inserisci il token di configurazione dalla console del server.",
"setupTokenRequired": "Il token di configurazione è richiesto",
"actionUpdateSite": "Aggiorna Sito",
"actionListSiteRoles": "Elenca Ruoli Sito Consentiti",
"actionCreateResource": "Crea Risorsa",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Elimina Politica Org IDP",
"actionListIdpOrgs": "Elenca Org IDP",
"actionUpdateIdpOrg": "Aggiorna Org IDP",
"actionCreateClient": "Crea Client",
"actionDeleteClient": "Elimina Client",
"actionUpdateClient": "Aggiorna Client",
"actionListClients": "Elenco Clienti",
"actionGetClient": "Ottieni Client",
"noneSelected": "Nessuna selezione",
"orgNotFound2": "Nessuna organizzazione trovata.",
"searchProgress": "Ricerca...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Si è verificato un errore durante il recupero dell'ultima versione di Olm.",
"remoteSubnets": "Sottoreti Remote",
"enterCidrRange": "Inserisci l'intervallo CIDR",
"remoteSubnetsDescription": "Aggiungi intervalli CIDR che possono accedere a questo sito da remoto. Usa il formato come 10.0.0.0/24 o 192.168.1.0/24.",
"remoteSubnetsDescription": "Aggiungi intervalli CIDR che possono essere accessibili da questo sito in remoto utilizzando i client. Usa il formato come 10.0.0.0/24. Questo si applica SOLO alla connettività del client VPN.",
"resourceEnableProxy": "Abilita Proxy Pubblico",
"resourceEnableProxyDescription": "Abilita il proxy pubblico a questa risorsa. Consente l'accesso alla risorsa dall'esterno della rete tramite il cloud su una porta aperta. Richiede la configurazione di Traefik.",
"externalProxyEnabled": "Proxy Esterno Abilitato"
"externalProxyEnabled": "Proxy Esterno Abilitato",
"addNewTarget": "Aggiungi Nuovo Target",
"targetsList": "Elenco dei Target",
"targetErrorDuplicateTargetFound": "Target duplicato trovato",
"httpMethod": "Metodo HTTP",
"selectHttpMethod": "Seleziona metodo HTTP",
"domainPickerSubdomainLabel": "Sottodominio",
"domainPickerBaseDomainLabel": "Dominio Base",
"domainPickerSearchDomains": "Cerca domini...",
"domainPickerNoDomainsFound": "Nessun dominio trovato",
"domainPickerLoadingDomains": "Caricamento domini...",
"domainPickerSelectBaseDomain": "Seleziona dominio base...",
"domainPickerNotAvailableForCname": "Non disponibile per i domini CNAME",
"domainPickerEnterSubdomainOrLeaveBlank": "Inserisci un sottodominio o lascia vuoto per utilizzare il dominio base.",
"domainPickerEnterSubdomainToSearch": "Inserisci un sottodominio per cercare e selezionare dai domini gratuiti disponibili.",
"domainPickerFreeDomains": "Domini Gratuiti",
"domainPickerSearchForAvailableDomains": "Cerca domini disponibili",
"resourceDomain": "Dominio",
"resourceEditDomain": "Modifica Dominio",
"siteName": "Nome del Sito",
"proxyPort": "Porta",
"resourcesTableProxyResources": "Risorse Proxy",
"resourcesTableClientResources": "Risorse Client",
"resourcesTableNoProxyResourcesFound": "Nessuna risorsa proxy trovata.",
"resourcesTableNoInternalResourcesFound": "Nessuna risorsa interna trovata.",
"resourcesTableDestination": "Destinazione",
"resourcesTableTheseResourcesForUseWith": "Queste risorse sono per uso con",
"resourcesTableClients": "Client",
"resourcesTableAndOnlyAccessibleInternally": "e sono accessibili solo internamente quando connessi con un client.",
"editInternalResourceDialogEditClientResource": "Modifica Risorsa Client",
"editInternalResourceDialogUpdateResourceProperties": "Aggiorna le proprietà della risorsa e la configurazione del target per {resourceName}.",
"editInternalResourceDialogResourceProperties": "Proprietà della Risorsa",
"editInternalResourceDialogName": "Nome",
"editInternalResourceDialogProtocol": "Protocollo",
"editInternalResourceDialogSitePort": "Porta del Sito",
"editInternalResourceDialogTargetConfiguration": "Configurazione Target",
"editInternalResourceDialogDestinationIP": "IP di Destinazione",
"editInternalResourceDialogDestinationPort": "Porta di Destinazione",
"editInternalResourceDialogCancel": "Annulla",
"editInternalResourceDialogSaveResource": "Salva Risorsa",
"editInternalResourceDialogSuccess": "Successo",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Risorsa interna aggiornata con successo",
"editInternalResourceDialogError": "Errore",
"editInternalResourceDialogFailedToUpdateInternalResource": "Impossibile aggiornare la risorsa interna",
"editInternalResourceDialogNameRequired": "Il nome è obbligatorio",
"editInternalResourceDialogNameMaxLength": "Il nome deve essere inferiore a 255 caratteri",
"editInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1",
"editInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido",
"editInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1",
"editInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536",
"createInternalResourceDialogNoSitesAvailable": "Nessun Sito Disponibile",
"createInternalResourceDialogNoSitesAvailableDescription": "Devi avere almeno un sito Newt con una subnet configurata per creare risorse interne.",
"createInternalResourceDialogClose": "Chiudi",
"createInternalResourceDialogCreateClientResource": "Crea Risorsa Client",
"createInternalResourceDialogCreateClientResourceDescription": "Crea una nuova risorsa che sarà accessibile ai client connessi al sito selezionato.",
"createInternalResourceDialogResourceProperties": "Proprietà della Risorsa",
"createInternalResourceDialogName": "Nome",
"createInternalResourceDialogSite": "Sito",
"createInternalResourceDialogSelectSite": "Seleziona sito...",
"createInternalResourceDialogSearchSites": "Cerca siti...",
"createInternalResourceDialogNoSitesFound": "Nessun sito trovato.",
"createInternalResourceDialogProtocol": "Protocollo",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Porta del Sito",
"createInternalResourceDialogSitePortDescription": "Usa questa porta per accedere alla risorsa nel sito quando sei connesso con un client.",
"createInternalResourceDialogTargetConfiguration": "Configurazione Target",
"createInternalResourceDialogDestinationIP": "IP di Destinazione",
"createInternalResourceDialogDestinationIPDescription": "L'indirizzo IP della risorsa sulla rete del sito.",
"createInternalResourceDialogDestinationPort": "Porta di Destinazione",
"createInternalResourceDialogDestinationPortDescription": "La porta sull'IP di destinazione dove la risorsa è accessibile.",
"createInternalResourceDialogCancel": "Annulla",
"createInternalResourceDialogCreateResource": "Crea Risorsa",
"createInternalResourceDialogSuccess": "Successo",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Risorsa interna creata con successo",
"createInternalResourceDialogError": "Errore",
"createInternalResourceDialogFailedToCreateInternalResource": "Impossibile creare la risorsa interna",
"createInternalResourceDialogNameRequired": "Il nome è obbligatorio",
"createInternalResourceDialogNameMaxLength": "Il nome non deve superare i 255 caratteri",
"createInternalResourceDialogPleaseSelectSite": "Si prega di selezionare un sito",
"createInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1",
"createInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido",
"createInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1",
"createInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536",
"siteConfiguration": "Configurazione",
"siteAcceptClientConnections": "Accetta Connessioni Client",
"siteAcceptClientConnectionsDescription": "Permetti ad altri dispositivi di connettersi attraverso questa istanza Newt come gateway utilizzando i client.",
"siteAddress": "Indirizzo del Sito",
"siteAddressDescription": "Specifica l'indirizzo IP dell'host a cui i client si collegano. Questo è l'indirizzo interno del sito nella rete Pangolin per indirizzare i client. Deve rientrare nella subnet dell'Organizzazione.",
"autoLoginExternalIdp": "Accesso Automatico con IDP Esterno",
"autoLoginExternalIdpDescription": "Reindirizzare immediatamente l'utente all'IDP esterno per l'autenticazione.",
"selectIdp": "Seleziona IDP",
"selectIdpPlaceholder": "Scegli un IDP...",
"selectIdpRequired": "Si prega di selezionare un IDP quando l'accesso automatico è abilitato.",
"autoLoginTitle": "Reindirizzamento",
"autoLoginDescription": "Reindirizzandoti al provider di identità esterno per l'autenticazione.",
"autoLoginProcessing": "Preparazione dell'autenticazione...",
"autoLoginRedirecting": "Reindirizzamento al login...",
"autoLoginError": "Errore di Accesso Automatico",
"autoLoginErrorNoRedirectUrl": "Nessun URL di reindirizzamento ricevuto dal provider di identità.",
"autoLoginErrorGeneratingUrl": "Impossibile generare l'URL di autenticazione."
}

236
messages/ko-KR.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "네트워크에 대한 진입점을 생성하는 가장 쉬운 방법입니다. 추가 설정이 필요 없습니다.",
"siteWg": "기본 WireGuard",
"siteWgDescription": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다.",
"siteWgDescriptionSaas": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다. 자체 호스팅 노드에서만 작동합니다.",
"siteLocalDescription": "로컬 리소스만 사용 가능합니다. 터널링이 없습니다.",
"siteLocalDescriptionSaas": "로컬 리소스만. 터널링 없음. 자체 호스팅 노드에서만 작동합니다.",
"siteSeeAll": "모든 사이트 보기",
"siteTunnelDescription": "사이트에 연결하는 방법을 결정하세요",
"siteNewtCredentials": "Newt 자격 증명",
@@ -166,7 +168,7 @@
"siteSelect": "사이트 선택",
"siteSearch": "사이트 검색",
"siteNotFound": "사이트를 찾을 수 없습니다.",
"siteSelectionDescription": "이 사이트는 리소스에 대한 연결을 제공합니다.",
"siteSelectionDescription": "이 사이트는 대상에 대한 연결을 제공합니다.",
"resourceType": "리소스 유형",
"resourceTypeDescription": "리소스에 접근하는 방법을 결정하세요",
"resourceHTTPSSettings": "HTTPS 설정",
@@ -197,6 +199,7 @@
"general": "일반",
"generalSettings": "일반 설정",
"proxy": "프록시",
"internal": "내부",
"rules": "규칙",
"resourceSettingDescription": "리소스의 설정을 구성하세요.",
"resourceSetting": "{resourceName} 설정",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "SNI에 사용할 TLS 서버 이름. 기본값을 사용하려면 비워 두십시오.",
"targetTlsSubmit": "설정 저장",
"targets": "대상 구성",
"targetsDescription": "서비스로 트래픽을 라우팅할 대상을 설정하십시오",
"targetsDescription": "사용자 백엔드 서비스로 트래픽을 라우팅할 대상을 설정하십시오.",
"targetStickySessions": "스티키 세션 활성화",
"targetStickySessionsDescription": "세션 전체 동안 동일한 백엔드 대상을 유지합니다.",
"methodSelect": "선택 방법",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN은 정확히 6자리여야 합니다",
"pincodeRequirementsChars": "PIN은 숫자만 포함해야 합니다.",
"passwordRequirementsLength": "비밀번호는 최소 1자 이상이어야 합니다",
"passwordRequirementsTitle": "비밀번호 요구사항:",
"passwordRequirementLength": "최소 8자 이상",
"passwordRequirementUppercase": "최소 대문자 하나",
"passwordRequirementLowercase": "최소 소문자 하나",
"passwordRequirementNumber": "최소 숫자 하나",
"passwordRequirementSpecial": "최소 특수 문자 하나",
"passwordRequirementsMet": "✓ 비밀번호가 모든 요구사항을 충족합니다.",
"passwordStrength": "비밀번호 강도",
"passwordStrengthWeak": "약함",
"passwordStrengthMedium": "보통",
"passwordStrengthStrong": "강함",
"passwordRequirements": "요구 사항:",
"passwordRequirementLengthText": "8자 이상",
"passwordRequirementUppercaseText": "대문자 (A-Z)",
"passwordRequirementLowercaseText": "소문자 (a-z)",
"passwordRequirementNumberText": "숫자 (0-9)",
"passwordRequirementSpecialText": "특수 문자 (!@#$%...)",
"passwordsDoNotMatch": "비밀번호가 일치하지 않습니다.",
"otpEmailRequirementsLength": "OTP는 최소 1자 이상이어야 합니다",
"otpEmailSent": "OTP 전송됨",
"otpEmailSentDescription": "OTP가 귀하의 이메일로 전송되었습니다.",
@@ -952,6 +973,7 @@
"logoutError": "로그아웃 중 오류 발생",
"signingAs": "로그인한 사용자",
"serverAdmin": "서버 관리자",
"managedSelfhosted": "관리 자체 호스팅",
"otpEnable": "이중 인증 활성화",
"otpDisable": "이중 인증 비활성화",
"logout": "로그 아웃",
@@ -967,6 +989,9 @@
"actionDeleteSite": "사이트 삭제",
"actionGetSite": "사이트 가져오기",
"actionListSites": "사이트 목록",
"setupToken": "설정 토큰",
"setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.",
"setupTokenRequired": "설정 토큰이 필요합니다",
"actionUpdateSite": "사이트 업데이트",
"actionListSiteRoles": "허용된 사이트 역할 목록",
"actionCreateResource": "리소스 생성",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "IDP 조직 정책 삭제",
"actionListIdpOrgs": "IDP 조직 목록",
"actionUpdateIdpOrg": "IDP 조직 업데이트",
"actionCreateClient": "클라이언트 생성",
"actionDeleteClient": "클라이언트 삭제",
"actionUpdateClient": "클라이언트 업데이트",
"actionListClients": "클라이언트 목록",
"actionGetClient": "클라이언트 가져오기",
"noneSelected": "선택된 항목 없음",
"orgNotFound2": "조직이 없습니다.",
"searchProgress": "검색...",
@@ -1093,7 +1123,7 @@
"sidebarAllUsers": "모든 사용자",
"sidebarIdentityProviders": "신원 공급자",
"sidebarLicense": "라이선스",
"sidebarClients": "Clients (Beta)",
"sidebarClients": "클라이언트 (Beta)",
"sidebarDomains": "도메인",
"enableDockerSocket": "Docker 소켓 활성화",
"enableDockerSocketDescription": "컨테이너 정보를 채우기 위해 Docker 소켓 검색을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
@@ -1161,7 +1191,7 @@
"selectDomainTypeCnameName": "단일 도메인 (CNAME)",
"selectDomainTypeCnameDescription": "단일 하위 도메인 또는 특정 도메인 항목에 사용됩니다.",
"selectDomainTypeWildcardName": "와일드카드 도메인",
"selectDomainTypeWildcardDescription": "This domain and its subdomains.",
"selectDomainTypeWildcardDescription": "이 도메인 및 그 하위 도메인.",
"domainDelegation": "단일 도메인",
"selectType": "유형 선택",
"actions": "작업",
@@ -1195,17 +1225,17 @@
"sidebarExpand": "확장하기",
"newtUpdateAvailable": "업데이트 가능",
"newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
"domainPickerEnterDomain": "Domain",
"domainPickerEnterDomain": "도메인",
"domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, 또는 그냥 myapp",
"domainPickerDescription": "Enter the full domain of the resource to see available options.",
"domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
"domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.",
"domainPickerDescriptionSaas": "전체 도메인, 서브도메인 또는 이름을 입력하여 사용 가능한 옵션을 확인하십시오.",
"domainPickerTabAll": "모두",
"domainPickerTabOrganization": "조직",
"domainPickerTabProvided": "제공 됨",
"domainPickerSortAsc": "A-Z",
"domainPickerSortDesc": "Z-A",
"domainPickerCheckingAvailability": "가용성을 확인 중...",
"domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.",
"domainPickerNoMatchingDomains": "일치하는 도메인을 찾을 수 없습니다. 다른 도메인을 시도하거나 조직의 도메인 설정을 확인하십시오.",
"domainPickerOrganizationDomains": "조직 도메인",
"domainPickerProvidedDomains": "제공된 도메인",
"domainPickerSubdomain": "서브도메인: {subdomain}",
@@ -1231,7 +1261,7 @@
"securityKeyRemoveSuccess": "보안 키가 성공적으로 제거되었습니다",
"securityKeyRemoveError": "보안 키 제거 실패",
"securityKeyLoadError": "보안 키를 불러오는 데 실패했습니다",
"securityKeyLogin": "Continue with security key",
"securityKeyLogin": "보안 키로 계속하기",
"securityKeyAuthError": "보안 키를 사용한 인증 실패",
"securityKeyRecommendation": "항상 계정에 액세스할 수 있도록 다른 장치에 백업 보안 키를 등록하세요.",
"registering": "등록 중...",
@@ -1265,7 +1295,7 @@
"createDomainName": "이름:",
"createDomainValue": "값:",
"createDomainCnameRecords": "CNAME 레코드",
"createDomainARecords": "A Records",
"createDomainARecords": "A 레코드",
"createDomainRecordNumber": "레코드 {number}",
"createDomainTxtRecords": "TXT 레코드",
"createDomainSaveTheseRecords": "이 레코드 저장",
@@ -1275,48 +1305,150 @@
"resourcePortRequired": "HTTP 리소스가 아닌 경우 포트 번호가 필요합니다",
"resourcePortNotAllowed": "HTTP 리소스에 대해 포트 번호를 설정하지 마세요",
"signUpTerms": {
"IAgreeToThe": "I agree to the",
"termsOfService": "terms of service",
"and": "and",
"privacyPolicy": "privacy policy"
"IAgreeToThe": "동의합니다",
"termsOfService": "서비스 약관",
"and": "",
"privacyPolicy": "개인 정보 보호 정책"
},
"siteRequired": "Site is required.",
"olmTunnel": "Olm Tunnel",
"olmTunnelDescription": "Use Olm for client connectivity",
"errorCreatingClient": "Error creating client",
"clientDefaultsNotFound": "Client defaults not found",
"createClient": "Create Client",
"createClientDescription": "Create a new client for connecting to your sites",
"seeAllClients": "See All Clients",
"clientInformation": "Client Information",
"clientNamePlaceholder": "Client name",
"address": "Address",
"subnetPlaceholder": "Subnet",
"addressDescription": "The address that this client will use for connectivity",
"selectSites": "Select sites",
"sitesDescription": "The client will have connectivity to the selected sites",
"clientInstallOlm": "Install Olm",
"clientInstallOlmDescription": "Get Olm running on your system",
"clientOlmCredentials": "Olm Credentials",
"clientOlmCredentialsDescription": "This is how Olm will authenticate with the server",
"olmEndpoint": "Olm Endpoint",
"siteRequired": "사이트가 필요합니다.",
"olmTunnel": "Olm 터널",
"olmTunnelDescription": "클라이언트 연결에 Olm 사용",
"errorCreatingClient": "클라이언트 생성 오류",
"clientDefaultsNotFound": "클라이언트 기본값을 찾을 수 없습니다.",
"createClient": "클라이언트 생성",
"createClientDescription": "사이트에 연결하기 위한 새 클라이언트를 생성하십시오.",
"seeAllClients": "모든 클라이언트 보기",
"clientInformation": "클라이언트 정보",
"clientNamePlaceholder": "클라이언트 이름",
"address": "주소",
"subnetPlaceholder": "서브넷",
"addressDescription": "이 클라이언트가 연결에 사용할 주소",
"selectSites": "사이트 선택",
"sitesDescription": "클라이언트는 선택한 사이트에 연결됩니다.",
"clientInstallOlm": "Olm 설치",
"clientInstallOlmDescription": "시스템에서 Olm을 실행하기",
"clientOlmCredentials": "Olm 자격 증명",
"clientOlmCredentialsDescription": "Olm이 서버와 인증하는 방법입니다.",
"olmEndpoint": "Olm 엔드포인트",
"olmId": "Olm ID",
"olmSecretKey": "Olm Secret Key",
"clientCredentialsSave": "Save Your Credentials",
"clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
"generalSettingsDescription": "Configure the general settings for this client",
"clientUpdated": "Client updated",
"clientUpdatedDescription": "The client has been updated.",
"clientUpdateFailed": "Failed to update client",
"clientUpdateError": "An error occurred while updating the client.",
"sitesFetchFailed": "Failed to fetch sites",
"sitesFetchError": "An error occurred while fetching sites.",
"olmErrorFetchReleases": "An error occurred while fetching Olm releases.",
"olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.",
"remoteSubnets": "Remote Subnets",
"enterCidrRange": "Enter CIDR range",
"remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.",
"resourceEnableProxy": "Enable Public Proxy",
"resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.",
"externalProxyEnabled": "External Proxy Enabled"
"olmSecretKey": "Olm 비밀 키",
"clientCredentialsSave": "자격 증명 저장",
"clientCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
"generalSettingsDescription": "이 클라이언트에 대한 일반 설정을 구성하세요.",
"clientUpdated": "클라이언트 업데이트됨",
"clientUpdatedDescription": "클라이언트가 업데이트되었습니다.",
"clientUpdateFailed": "클라이언트 업데이트 실패",
"clientUpdateError": "클라이언트 업데이트 중 오류가 발생했습니다.",
"sitesFetchFailed": "사이트 가져오기 실패",
"sitesFetchError": "사이트 가져오는 중 오류가 발생했습니다.",
"olmErrorFetchReleases": "Olm 릴리즈 가져오는 중 오류가 발생했습니다.",
"olmErrorFetchLatest": "최신 Olm 릴리즈 가져오는 중 오류가 발생했습니다.",
"remoteSubnets": "원격 서브넷",
"enterCidrRange": "CIDR 범위 입력",
"remoteSubnetsDescription": "이 사이트에서 원격으로 액세스할 수 있는 CIDR 범위를 추가하세요. 10.0.0.0/24와 같은 형식을 사용하세요. 이는 VPN 클라이언트 연결에만 적용됩니다.",
"resourceEnableProxy": "공개 프록시 사용",
"resourceEnableProxyDescription": "이 리소스에 대한 공개 프록시를 활성화하십시오. 이를 통해 네트워크 외부로부터 클라우드를 통해 열린 포트에서 리소스에 액세스할 수 있습니다. Traefik 구성이 필요합니다.",
"externalProxyEnabled": "외부 프록시 활성화됨",
"addNewTarget": "새 대상 추가",
"targetsList": "대상 목록",
"targetErrorDuplicateTargetFound": "중복 대상 발견",
"httpMethod": "HTTP 메소드",
"selectHttpMethod": "HTTP 메소드 선택",
"domainPickerSubdomainLabel": "서브도메인",
"domainPickerBaseDomainLabel": "기본 도메인",
"domainPickerSearchDomains": "도메인 검색...",
"domainPickerNoDomainsFound": "찾을 수 없는 도메인이 없습니다",
"domainPickerLoadingDomains": "도메인 로딩 중...",
"domainPickerSelectBaseDomain": "기본 도메인 선택...",
"domainPickerNotAvailableForCname": "CNAME 도메인에는 사용할 수 없습니다",
"domainPickerEnterSubdomainOrLeaveBlank": "서브도메인을 입력하거나 기본 도메인을 사용하려면 공백으로 두십시오.",
"domainPickerEnterSubdomainToSearch": "사용 가능한 무료 도메인에서 검색 및 선택할 서브도메인 입력.",
"domainPickerFreeDomains": "무료 도메인",
"domainPickerSearchForAvailableDomains": "사용 가능한 도메인 검색",
"resourceDomain": "도메인",
"resourceEditDomain": "도메인 수정",
"siteName": "사이트 이름",
"proxyPort": "포트",
"resourcesTableProxyResources": "프록시 리소스",
"resourcesTableClientResources": "클라이언트 리소스",
"resourcesTableNoProxyResourcesFound": "프록시 리소스를 찾을 수 없습니다.",
"resourcesTableNoInternalResourcesFound": "내부 리소스를 찾을 수 없습니다.",
"resourcesTableDestination": "대상지",
"resourcesTableTheseResourcesForUseWith": "이 리소스는 다음과 함께 사용하기 위한 것입니다.",
"resourcesTableClients": "클라이언트",
"resourcesTableAndOnlyAccessibleInternally": "클라이언트와 연결되었을 때만 내부적으로 접근 가능합니다.",
"editInternalResourceDialogEditClientResource": "클라이언트 리소스 수정",
"editInternalResourceDialogUpdateResourceProperties": "{resourceName}의 리소스 속성과 대상 구성을 업데이트하세요.",
"editInternalResourceDialogResourceProperties": "리소스 속성",
"editInternalResourceDialogName": "이름",
"editInternalResourceDialogProtocol": "프로토콜",
"editInternalResourceDialogSitePort": "사이트 포트",
"editInternalResourceDialogTargetConfiguration": "대상 구성",
"editInternalResourceDialogDestinationIP": "대상 IP",
"editInternalResourceDialogDestinationPort": "대상 IP의 포트",
"editInternalResourceDialogCancel": "취소",
"editInternalResourceDialogSaveResource": "리소스 저장",
"editInternalResourceDialogSuccess": "성공",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "내부 리소스가 성공적으로 업데이트되었습니다",
"editInternalResourceDialogError": "오류",
"editInternalResourceDialogFailedToUpdateInternalResource": "내부 리소스 업데이트 실패",
"editInternalResourceDialogNameRequired": "이름은 필수입니다.",
"editInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.",
"editInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.",
"editInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.",
"editInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식",
"editInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.",
"editInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.",
"createInternalResourceDialogNoSitesAvailable": "사용 가능한 사이트가 없습니다.",
"createInternalResourceDialogNoSitesAvailableDescription": "내부 리소스를 생성하려면 서브넷이 구성된 최소 하나의 Newt 사이트가 필요합니다.",
"createInternalResourceDialogClose": "닫기",
"createInternalResourceDialogCreateClientResource": "클라이언트 리소스 생성",
"createInternalResourceDialogCreateClientResourceDescription": "선택한 사이트에 연결된 클라이언트에 접근할 새 리소스를 생성합니다.",
"createInternalResourceDialogResourceProperties": "리소스 속성",
"createInternalResourceDialogName": "이름",
"createInternalResourceDialogSite": "사이트",
"createInternalResourceDialogSelectSite": "사이트 선택...",
"createInternalResourceDialogSearchSites": "사이트 검색...",
"createInternalResourceDialogNoSitesFound": "사이트를 찾을 수 없습니다.",
"createInternalResourceDialogProtocol": "프로토콜",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "사이트 포트",
"createInternalResourceDialogSitePortDescription": "사이트에 연결되었을 때 리소스에 접근하기 위해 이 포트를 사용합니다.",
"createInternalResourceDialogTargetConfiguration": "대상 설정",
"createInternalResourceDialogDestinationIP": "대상 IP",
"createInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 주소입니다.",
"createInternalResourceDialogDestinationPort": "대상 포트",
"createInternalResourceDialogDestinationPortDescription": "대상 IP에서 리소스에 접근할 수 있는 포트입니다.",
"createInternalResourceDialogCancel": "취소",
"createInternalResourceDialogCreateResource": "리소스 생성",
"createInternalResourceDialogSuccess": "성공",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "내부 리소스가 성공적으로 생성되었습니다.",
"createInternalResourceDialogError": "오류",
"createInternalResourceDialogFailedToCreateInternalResource": "내부 리소스 생성 실패",
"createInternalResourceDialogNameRequired": "이름은 필수입니다.",
"createInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.",
"createInternalResourceDialogPleaseSelectSite": "사이트를 선택하세요",
"createInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.",
"createInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.",
"createInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식",
"createInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.",
"createInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.",
"siteConfiguration": "설정",
"siteAcceptClientConnections": "클라이언트 연결 허용",
"siteAcceptClientConnectionsDescription": "이 Newt 인스턴스를 게이트웨이로 사용하여 다른 장치가 연결될 수 있도록 허용합니다.",
"siteAddress": "사이트 주소",
"siteAddressDescription": "클라이언트가 연결하기 위한 호스트의 IP 주소를 지정합니다. 이는 클라이언트가 주소를 지정하기 위한 Pangolin 네트워크의 사이트 내부 주소입니다. 조직 서브넷 내에 있어야 합니다.",
"autoLoginExternalIdp": "외부 IDP로 자동 로그인",
"autoLoginExternalIdpDescription": "인증을 위해 외부 IDP로 사용자를 즉시 리디렉션합니다.",
"selectIdp": "IDP 선택",
"selectIdpPlaceholder": "IDP 선택...",
"selectIdpRequired": "자동 로그인이 활성화된 경우 IDP를 선택하십시오.",
"autoLoginTitle": "리디렉션 중",
"autoLoginDescription": "인증을 위해 외부 ID 공급자로 리디렉션 중입니다.",
"autoLoginProcessing": "인증 준비 중...",
"autoLoginRedirecting": "로그인으로 리디렉션 중...",
"autoLoginError": "자동 로그인 오류",
"autoLoginErrorNoRedirectUrl": "ID 공급자로부터 리디렉션 URL을 받지 못했습니다.",
"autoLoginErrorGeneratingUrl": "인증 URL 생성 실패."
}

1454
messages/nb-NO.json Normal file
View File

File diff suppressed because it is too large Load Diff

140
messages/nl-NL.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Gemakkelijkste manier om een ingangspunt in uw netwerk te maken. Geen extra opzet.",
"siteWg": "Basis WireGuard",
"siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.",
"siteWgDescriptionSaas": "Gebruik elke WireGuard-client om een tunnel op te zetten. Handmatige NAT-instelling vereist. WERKT ALLEEN OP SELF HOSTED NODES",
"siteLocalDescription": "Alleen lokale bronnen. Geen tunneling.",
"siteLocalDescriptionSaas": "Alleen lokale bronnen. Geen tunneling. WERKT ALLEEN OP SELF HOSTED NODES",
"siteSeeAll": "Alle werkruimtes bekijken",
"siteTunnelDescription": "Bepaal hoe u verbinding wilt maken met uw site",
"siteNewtCredentials": "Nieuwste aanmeldgegevens",
@@ -166,7 +168,7 @@
"siteSelect": "Selecteer site",
"siteSearch": "Zoek site",
"siteNotFound": "Geen site gevonden.",
"siteSelectionDescription": "Deze site zal connectiviteit met de bron geven.",
"siteSelectionDescription": "Deze site zal connectiviteit met het doelwit bieden.",
"resourceType": "Type bron",
"resourceTypeDescription": "Bepaal hoe u toegang wilt krijgen tot uw bron",
"resourceHTTPSSettings": "HTTPS instellingen",
@@ -197,6 +199,7 @@
"general": "Algemeen",
"generalSettings": "Algemene instellingen",
"proxy": "Proxy",
"internal": "Intern",
"rules": "Regels",
"resourceSettingDescription": "Configureer de instellingen op uw bron",
"resourceSetting": "{resourceName} instellingen",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "De TLS servernaam om te gebruiken voor SNI. Laat leeg om de standaard te gebruiken.",
"targetTlsSubmit": "Instellingen opslaan",
"targets": "Doelstellingen configuratie",
"targetsDescription": "Stel doelen in om verkeer naar uw diensten te leiden",
"targetsDescription": "Stel doelen in om verkeer naar uw backend-services te leiden",
"targetStickySessions": "Sticky sessies inschakelen",
"targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.",
"methodSelect": "Selecteer methode",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "Pincode moet precies 6 cijfers zijn",
"pincodeRequirementsChars": "Pincode mag alleen cijfers bevatten",
"passwordRequirementsLength": "Wachtwoord moet ten minste 1 teken lang zijn",
"passwordRequirementsTitle": "Wachtwoordvereisten:",
"passwordRequirementLength": "Minstens 8 tekens lang",
"passwordRequirementUppercase": "Minstens één hoofdletter",
"passwordRequirementLowercase": "Minstens één kleine letter",
"passwordRequirementNumber": "Minstens één cijfer",
"passwordRequirementSpecial": "Minstens één speciaal teken",
"passwordRequirementsMet": "✓ Wachtwoord voldoet aan alle vereisten",
"passwordStrength": "Wachtwoord sterkte",
"passwordStrengthWeak": "Zwak",
"passwordStrengthMedium": "Gemiddeld",
"passwordStrengthStrong": "Sterk",
"passwordRequirements": "Vereisten:",
"passwordRequirementLengthText": "8+ tekens",
"passwordRequirementUppercaseText": "Hoofdletter (A-Z)",
"passwordRequirementLowercaseText": "Kleine letter (a-z)",
"passwordRequirementNumberText": "Cijfer (0-9)",
"passwordRequirementSpecialText": "Speciaal teken (!@#$%...)",
"passwordsDoNotMatch": "Wachtwoorden komen niet overeen",
"otpEmailRequirementsLength": "OTP moet minstens 1 teken lang zijn",
"otpEmailSent": "OTP verzonden",
"otpEmailSentDescription": "Een OTP is naar uw e-mail verzonden",
@@ -952,6 +973,7 @@
"logoutError": "Fout bij uitloggen",
"signingAs": "Ingelogd als",
"serverAdmin": "Server Beheerder",
"managedSelfhosted": "Beheerde Self-Hosted",
"otpEnable": "Twee-factor inschakelen",
"otpDisable": "Tweestapsverificatie uitschakelen",
"logout": "Log uit",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Site verwijderen",
"actionGetSite": "Site ophalen",
"actionListSites": "Sites weergeven",
"setupToken": "Setup Token",
"setupTokenDescription": "Voer het setup-token in vanaf de serverconsole.",
"setupTokenRequired": "Setup-token is vereist",
"actionUpdateSite": "Site bijwerken",
"actionListSiteRoles": "Toon toegestane sitenollen",
"actionCreateResource": "Bron maken",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Verwijder IDP Org Beleid",
"actionListIdpOrgs": "Toon IDP Orgs",
"actionUpdateIdpOrg": "IDP-org bijwerken",
"actionCreateClient": "Client aanmaken",
"actionDeleteClient": "Verwijder klant",
"actionUpdateClient": "Klant bijwerken",
"actionListClients": "Lijst klanten",
"actionGetClient": "Client ophalen",
"noneSelected": "Niet geselecteerd",
"orgNotFound2": "Geen organisaties gevonden.",
"searchProgress": "Zoeken...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Er is een fout opgetreden bij het ophalen van de nieuwste Olm release.",
"remoteSubnets": "Externe Subnets",
"enterCidrRange": "Voer CIDR-bereik in",
"remoteSubnetsDescription": "Voeg CIDR-bereiken toe die deze site op afstand kunnen openen. Gebruik een format zoals 10.0.0.0/24 of 192.168.1.0/24.",
"remoteSubnetsDescription": "Voeg CIDR-bereiken toe die vanaf deze site op afstand toegankelijk zijn met behulp van clients. Gebruik een formaat zoals 10.0.0.0/24. Dit geldt ALLEEN voor VPN-clientconnectiviteit.",
"resourceEnableProxy": "Openbare proxy inschakelen",
"resourceEnableProxyDescription": "Schakel publieke proxy in voor deze resource. Dit maakt toegang tot de resource mogelijk vanuit het netwerk via de cloud met een open poort. Vereist Traefik-configuratie.",
"externalProxyEnabled": "Externe Proxy Ingeschakeld"
"externalProxyEnabled": "Externe Proxy Ingeschakeld",
"addNewTarget": "Voeg nieuw doelwit toe",
"targetsList": "Lijst met doelen",
"targetErrorDuplicateTargetFound": "Dubbel doelwit gevonden",
"httpMethod": "HTTP-methode",
"selectHttpMethod": "Selecteer HTTP-methode",
"domainPickerSubdomainLabel": "Subdomein",
"domainPickerBaseDomainLabel": "Basisdomein",
"domainPickerSearchDomains": "Zoek domeinen...",
"domainPickerNoDomainsFound": "Geen domeinen gevonden",
"domainPickerLoadingDomains": "Domeinen laden...",
"domainPickerSelectBaseDomain": "Selecteer basisdomein...",
"domainPickerNotAvailableForCname": "Niet beschikbaar voor CNAME-domeinen",
"domainPickerEnterSubdomainOrLeaveBlank": "Voer een subdomein in of laat leeg om basisdomein te gebruiken.",
"domainPickerEnterSubdomainToSearch": "Voer een subdomein in om te zoeken en te selecteren uit beschikbare gratis domeinen.",
"domainPickerFreeDomains": "Gratis Domeinen",
"domainPickerSearchForAvailableDomains": "Zoek naar beschikbare domeinen",
"resourceDomain": "Domein",
"resourceEditDomain": "Domein bewerken",
"siteName": "Site Naam",
"proxyPort": "Poort",
"resourcesTableProxyResources": "Proxybronnen",
"resourcesTableClientResources": "Clientbronnen",
"resourcesTableNoProxyResourcesFound": "Geen proxybronnen gevonden.",
"resourcesTableNoInternalResourcesFound": "Geen interne bronnen gevonden.",
"resourcesTableDestination": "Bestemming",
"resourcesTableTheseResourcesForUseWith": "Deze bronnen zijn bedoeld voor gebruik met",
"resourcesTableClients": "Clienten",
"resourcesTableAndOnlyAccessibleInternally": "en zijn alleen intern toegankelijk wanneer verbonden met een client.",
"editInternalResourceDialogEditClientResource": "Bewerk clientbron",
"editInternalResourceDialogUpdateResourceProperties": "Werk de eigenschapen van de bron en doelconfiguratie bij voor {resourceName}.",
"editInternalResourceDialogResourceProperties": "Bron eigenschappen",
"editInternalResourceDialogName": "Naam",
"editInternalResourceDialogProtocol": "Protocol",
"editInternalResourceDialogSitePort": "Site Poort",
"editInternalResourceDialogTargetConfiguration": "Doelconfiguratie",
"editInternalResourceDialogDestinationIP": "Bestemming IP",
"editInternalResourceDialogDestinationPort": "Bestemmingspoort",
"editInternalResourceDialogCancel": "Annuleren",
"editInternalResourceDialogSaveResource": "Sla bron op",
"editInternalResourceDialogSuccess": "Succes",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Interne bron succesvol bijgewerkt",
"editInternalResourceDialogError": "Fout",
"editInternalResourceDialogFailedToUpdateInternalResource": "Het bijwerken van de interne bron is mislukt",
"editInternalResourceDialogNameRequired": "Naam is verplicht",
"editInternalResourceDialogNameMaxLength": "Naam mag niet langer zijn dan 255 tekens",
"editInternalResourceDialogProxyPortMin": "Proxy poort moet minstens 1 zijn",
"editInternalResourceDialogProxyPortMax": "Proxy poort moet minder dan 65536 zijn",
"editInternalResourceDialogInvalidIPAddressFormat": "Ongeldig IP-adresformaat",
"editInternalResourceDialogDestinationPortMin": "Bestemmingspoort moet minstens 1 zijn",
"editInternalResourceDialogDestinationPortMax": "Bestemmingspoort moet minder dan 65536 zijn",
"createInternalResourceDialogNoSitesAvailable": "Geen sites beschikbaar",
"createInternalResourceDialogNoSitesAvailableDescription": "U moet ten minste één Newt-site hebben met een geconfigureerd subnet om interne bronnen aan te maken.",
"createInternalResourceDialogClose": "Sluiten",
"createInternalResourceDialogCreateClientResource": "Maak clientbron",
"createInternalResourceDialogCreateClientResourceDescription": "Maak een nieuwe bron die toegankelijk zal zijn voor clients die verbonden zijn met de geselecteerde site.",
"createInternalResourceDialogResourceProperties": "Bron-eigenschappen",
"createInternalResourceDialogName": "Naam",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Selecteer site...",
"createInternalResourceDialogSearchSites": "Zoek sites...",
"createInternalResourceDialogNoSitesFound": "Geen sites gevonden.",
"createInternalResourceDialogProtocol": "Protocol",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Site Poort",
"createInternalResourceDialogSitePortDescription": "Gebruik deze poort om toegang te krijgen tot de bron op de site wanneer verbonden met een client.",
"createInternalResourceDialogTargetConfiguration": "Doelconfiguratie",
"createInternalResourceDialogDestinationIP": "Bestemming IP",
"createInternalResourceDialogDestinationIPDescription": "Het IP-adres van de bron op het netwerk van de site.",
"createInternalResourceDialogDestinationPort": "Bestemmingspoort",
"createInternalResourceDialogDestinationPortDescription": "De poort op het bestemmings-IP waar de bron toegankelijk is.",
"createInternalResourceDialogCancel": "Annuleren",
"createInternalResourceDialogCreateResource": "Bron aanmaken",
"createInternalResourceDialogSuccess": "Succes",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Interne bron succesvol aangemaakt",
"createInternalResourceDialogError": "Fout",
"createInternalResourceDialogFailedToCreateInternalResource": "Het aanmaken van de interne bron is mislukt",
"createInternalResourceDialogNameRequired": "Naam is verplicht",
"createInternalResourceDialogNameMaxLength": "Naam mag niet langer zijn dan 255 tekens",
"createInternalResourceDialogPleaseSelectSite": "Selecteer alstublieft een site",
"createInternalResourceDialogProxyPortMin": "Proxy poort moet minstens 1 zijn",
"createInternalResourceDialogProxyPortMax": "Proxy poort moet minder dan 65536 zijn",
"createInternalResourceDialogInvalidIPAddressFormat": "Ongeldig IP-adresformaat",
"createInternalResourceDialogDestinationPortMin": "Bestemmingspoort moet minstens 1 zijn",
"createInternalResourceDialogDestinationPortMax": "Bestemmingspoort moet minder dan 65536 zijn",
"siteConfiguration": "Configuratie",
"siteAcceptClientConnections": "Accepteer clientverbindingen",
"siteAcceptClientConnectionsDescription": "Sta toe dat andere apparaten verbinding maken via deze Newt-instantie als een gateway met behulp van clients.",
"siteAddress": "Siteadres",
"siteAddressDescription": "Specificeren het IP-adres van de host voor clients om verbinding mee te maken. Dit is het interne adres van de site in het Pangolin netwerk voor clients om te adresseren. Moet binnen het Organisatienetwerk vallen.",
"autoLoginExternalIdp": "Auto Login met Externe IDP",
"autoLoginExternalIdpDescription": "De gebruiker onmiddellijk doorsturen naar de externe IDP voor authenticatie.",
"selectIdp": "Selecteer IDP",
"selectIdpPlaceholder": "Kies een IDP...",
"selectIdpRequired": "Selecteer alstublieft een IDP wanneer automatisch inloggen is ingeschakeld.",
"autoLoginTitle": "Omleiden",
"autoLoginDescription": "Je wordt doorverwezen naar de externe identity provider voor authenticatie.",
"autoLoginProcessing": "Authenticatie voorbereiden...",
"autoLoginRedirecting": "Redirecting naar inloggen...",
"autoLoginError": "Auto Login Fout",
"autoLoginErrorNoRedirectUrl": "Geen redirect URL ontvangen van de identity provider.",
"autoLoginErrorGeneratingUrl": "Genereren van authenticatie-URL mislukt."
}

140
messages/pl-PL.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Łatwiejszy sposób na stworzenie punktu wejścia w sieci. Nie ma dodatkowej konfiguracji.",
"siteWg": "Podstawowy WireGuard",
"siteWgDescription": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana jest ręczna konfiguracja NAT.",
"siteWgDescriptionSaas": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana ręczna konfiguracja NAT. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH",
"siteLocalDescription": "Tylko lokalne zasoby. Brak tunelu.",
"siteLocalDescriptionSaas": "Tylko zasoby lokalne. Brak tunelowania. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH",
"siteSeeAll": "Zobacz wszystkie witryny",
"siteTunnelDescription": "Określ jak chcesz połączyć się ze swoją stroną",
"siteNewtCredentials": "Aktualne dane logowania",
@@ -166,7 +168,7 @@
"siteSelect": "Wybierz witrynę",
"siteSearch": "Szukaj witryny",
"siteNotFound": "Nie znaleziono witryny.",
"siteSelectionDescription": "Ta strona zapewni połączenie z zasobem.",
"siteSelectionDescription": "Ta strona zapewni połączenie z celem.",
"resourceType": "Typ zasobu",
"resourceTypeDescription": "Określ jak chcesz uzyskać dostęp do swojego zasobu",
"resourceHTTPSSettings": "Ustawienia HTTPS",
@@ -197,6 +199,7 @@
"general": "Ogólny",
"generalSettings": "Ustawienia ogólne",
"proxy": "Serwer pośredniczący",
"internal": "Wewętrzny",
"rules": "Regulamin",
"resourceSettingDescription": "Skonfiguruj ustawienia zasobu",
"resourceSetting": "Ustawienia {resourceName}",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "Nazwa serwera TLS do użycia dla SNI. Pozostaw puste, aby użyć domyślnej.",
"targetTlsSubmit": "Zapisz ustawienia",
"targets": "Konfiguracja celów",
"targetsDescription": "Skonfiguruj cele do kierowania ruchu do swoich usług",
"targetsDescription": "Skonfiguruj cele do kierowania ruchu do usług zaplecza",
"targetStickySessions": "Włącz sesje trwałe",
"targetStickySessionsDescription": "Utrzymuj połączenia na tym samym celu backendowym przez całą sesję.",
"methodSelect": "Wybierz metodę",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN musi składać się dokładnie z 6 cyfr",
"pincodeRequirementsChars": "PIN może zawierać tylko cyfry",
"passwordRequirementsLength": "Hasło musi mieć co najmniej 1 znak",
"passwordRequirementsTitle": "Wymagania dotyczące hasła:",
"passwordRequirementLength": "Przynajmniej 8 znaków długości",
"passwordRequirementUppercase": "Przynajmniej jedna wielka litera",
"passwordRequirementLowercase": "Przynajmniej jedna mała litera",
"passwordRequirementNumber": "Przynajmniej jedna cyfra",
"passwordRequirementSpecial": "Przynajmniej jeden znak specjalny",
"passwordRequirementsMet": "✓ Hasło spełnia wszystkie wymagania",
"passwordStrength": "Siła hasła",
"passwordStrengthWeak": "Słabe",
"passwordStrengthMedium": "Średnie",
"passwordStrengthStrong": "Silne",
"passwordRequirements": "Wymagania:",
"passwordRequirementLengthText": "8+ znaków",
"passwordRequirementUppercaseText": "Wielka litera (A-Z)",
"passwordRequirementLowercaseText": "Mała litera (a-z)",
"passwordRequirementNumberText": "Cyfra (0-9)",
"passwordRequirementSpecialText": "Znak specjalny (!@#$%...)",
"passwordsDoNotMatch": "Hasła nie są zgodne",
"otpEmailRequirementsLength": "Kod jednorazowy musi mieć co najmniej 1 znak",
"otpEmailSent": "Kod jednorazowy wysłany",
"otpEmailSentDescription": "Kod jednorazowy został wysłany na Twój e-mail",
@@ -952,6 +973,7 @@
"logoutError": "Błąd podczas wylogowywania",
"signingAs": "Zalogowany jako",
"serverAdmin": "Administrator serwera",
"managedSelfhosted": "Zarządzane Samodzielnie-Hostingowane",
"otpEnable": "Włącz uwierzytelnianie dwuskładnikowe",
"otpDisable": "Wyłącz uwierzytelnianie dwuskładnikowe",
"logout": "Wyloguj się",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Usuń witrynę",
"actionGetSite": "Pobierz witrynę",
"actionListSites": "Lista witryn",
"setupToken": "Skonfiguruj token",
"setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.",
"setupTokenRequired": "Wymagany jest token konfiguracji",
"actionUpdateSite": "Aktualizuj witrynę",
"actionListSiteRoles": "Lista dozwolonych ról witryny",
"actionCreateResource": "Utwórz zasób",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Usuń politykę organizacji IDP",
"actionListIdpOrgs": "Lista organizacji IDP",
"actionUpdateIdpOrg": "Aktualizuj organizację IDP",
"actionCreateClient": "Utwórz klienta",
"actionDeleteClient": "Usuń klienta",
"actionUpdateClient": "Aktualizuj klienta",
"actionListClients": "Lista klientów",
"actionGetClient": "Pobierz klienta",
"noneSelected": "Nie wybrano",
"orgNotFound2": "Nie znaleziono organizacji.",
"searchProgress": "Szukaj...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Wystąpił błąd podczas pobierania najnowszego wydania Olm.",
"remoteSubnets": "Zdalne Podsieci",
"enterCidrRange": "Wprowadź zakres CIDR",
"remoteSubnetsDescription": "Dodaj zakresy CIDR, które mo uzyskać zdalny dostęp do tej witryny. Użyj formatu takiego jak 10.0.0.0/24 lub 192.168.1.0/24.",
"remoteSubnetsDescription": "Dodaj zakresy CIDR, które można uzyskać zdalnie z tej strony za pomocą klientów. Użyj formatu jak 10.0.0.0/24. Dotyczy to WYŁĄCZNIE łączności klienta VPN.",
"resourceEnableProxy": "Włącz publiczny proxy",
"resourceEnableProxyDescription": "Włącz publiczne proxy dla tego zasobu. To umożliwia dostęp do zasobu spoza sieci przez chmurę na otwartym porcie. Wymaga konfiguracji Traefik.",
"externalProxyEnabled": "Zewnętrzny Proxy Włączony"
"externalProxyEnabled": "Zewnętrzny Proxy Włączony",
"addNewTarget": "Dodaj nowy cel",
"targetsList": "Lista celów",
"targetErrorDuplicateTargetFound": "Znaleziono duplikat celu",
"httpMethod": "Metoda HTTP",
"selectHttpMethod": "Wybierz metodę HTTP",
"domainPickerSubdomainLabel": "Poddomena",
"domainPickerBaseDomainLabel": "Domen bazowa",
"domainPickerSearchDomains": "Szukaj domen...",
"domainPickerNoDomainsFound": "Nie znaleziono domen",
"domainPickerLoadingDomains": "Ładowanie domen...",
"domainPickerSelectBaseDomain": "Wybierz domenę bazową...",
"domainPickerNotAvailableForCname": "Niedostępne dla domen CNAME",
"domainPickerEnterSubdomainOrLeaveBlank": "Wprowadź poddomenę lub pozostaw puste, aby użyć domeny bazowej.",
"domainPickerEnterSubdomainToSearch": "Wprowadź poddomenę, aby wyszukać i wybrać z dostępnych darmowych domen.",
"domainPickerFreeDomains": "Darmowe domeny",
"domainPickerSearchForAvailableDomains": "Szukaj dostępnych domen",
"resourceDomain": "Domena",
"resourceEditDomain": "Edytuj domenę",
"siteName": "Nazwa strony",
"proxyPort": "Port",
"resourcesTableProxyResources": "Zasoby proxy",
"resourcesTableClientResources": "Zasoby klienta",
"resourcesTableNoProxyResourcesFound": "Nie znaleziono zasobów proxy.",
"resourcesTableNoInternalResourcesFound": "Nie znaleziono wewnętrznych zasobów.",
"resourcesTableDestination": "Miejsce docelowe",
"resourcesTableTheseResourcesForUseWith": "Te zasoby są do użytku z",
"resourcesTableClients": "Klientami",
"resourcesTableAndOnlyAccessibleInternally": "i są dostępne tylko wewnętrznie po połączeniu z klientem.",
"editInternalResourceDialogEditClientResource": "Edytuj zasób klienta",
"editInternalResourceDialogUpdateResourceProperties": "Zaktualizuj właściwości zasobu i konfigurację celu dla {resourceName}.",
"editInternalResourceDialogResourceProperties": "Właściwości zasobów",
"editInternalResourceDialogName": "Nazwa",
"editInternalResourceDialogProtocol": "Protokół",
"editInternalResourceDialogSitePort": "Port witryny",
"editInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
"editInternalResourceDialogDestinationIP": "IP docelowe",
"editInternalResourceDialogDestinationPort": "Port docelowy",
"editInternalResourceDialogCancel": "Anuluj",
"editInternalResourceDialogSaveResource": "Zapisz zasób",
"editInternalResourceDialogSuccess": "Sukces",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Wewnętrzny zasób zaktualizowany pomyślnie",
"editInternalResourceDialogError": "Błąd",
"editInternalResourceDialogFailedToUpdateInternalResource": "Nie udało się zaktualizować wewnętrznego zasobu",
"editInternalResourceDialogNameRequired": "Nazwa jest wymagana",
"editInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków",
"editInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1",
"editInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP",
"editInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1",
"editInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536",
"createInternalResourceDialogNoSitesAvailable": "Brak dostępnych stron",
"createInternalResourceDialogNoSitesAvailableDescription": "Musisz mieć co najmniej jedną stronę Newt z skonfigurowanym podsiecią, aby tworzyć wewnętrzne zasoby.",
"createInternalResourceDialogClose": "Zamknij",
"createInternalResourceDialogCreateClientResource": "Utwórz zasób klienta",
"createInternalResourceDialogCreateClientResourceDescription": "Utwórz nowy zasób, który będzie dostępny dla klientów połączonych z wybraną stroną.",
"createInternalResourceDialogResourceProperties": "Właściwości zasobów",
"createInternalResourceDialogName": "Nazwa",
"createInternalResourceDialogSite": "Witryna",
"createInternalResourceDialogSelectSite": "Wybierz stronę...",
"createInternalResourceDialogSearchSites": "Szukaj stron...",
"createInternalResourceDialogNoSitesFound": "Nie znaleziono stron.",
"createInternalResourceDialogProtocol": "Protokół",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Port witryny",
"createInternalResourceDialogSitePortDescription": "Użyj tego portu, aby uzyskać dostęp do zasobu na stronie, gdy połączony z klientem.",
"createInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
"createInternalResourceDialogDestinationIP": "IP docelowe",
"createInternalResourceDialogDestinationIPDescription": "Adres IP zasobu w sieci strony.",
"createInternalResourceDialogDestinationPort": "Port docelowy",
"createInternalResourceDialogDestinationPortDescription": "Port na docelowym IP, gdzie zasób jest dostępny.",
"createInternalResourceDialogCancel": "Anuluj",
"createInternalResourceDialogCreateResource": "Utwórz zasób",
"createInternalResourceDialogSuccess": "Sukces",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Wewnętrzny zasób utworzony pomyślnie",
"createInternalResourceDialogError": "Błąd",
"createInternalResourceDialogFailedToCreateInternalResource": "Nie udało się utworzyć wewnętrznego zasobu",
"createInternalResourceDialogNameRequired": "Nazwa jest wymagana",
"createInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków",
"createInternalResourceDialogPleaseSelectSite": "Proszę wybrać stronę",
"createInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1",
"createInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP",
"createInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1",
"createInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536",
"siteConfiguration": "Konfiguracja",
"siteAcceptClientConnections": "Akceptuj połączenia klienta",
"siteAcceptClientConnectionsDescription": "Pozwól innym urządzeniom połączyć się przez tę instancję Newt jako bramę za pomocą klientów.",
"siteAddress": "Adres strony",
"siteAddressDescription": "Podaj adres IP hosta, do którego klienci będą się łączyć. Jest to wewnętrzny adres strony w sieci Pangolin dla klientów do adresowania. Musi zawierać się w podsieci organizacji.",
"autoLoginExternalIdp": "Automatyczny login z zewnętrznym IDP",
"autoLoginExternalIdpDescription": "Natychmiastowe przekierowanie użytkownika do zewnętrznego IDP w celu uwierzytelnienia.",
"selectIdp": "Wybierz IDP",
"selectIdpPlaceholder": "Wybierz IDP...",
"selectIdpRequired": "Proszę wybrać IDP, gdy aktywne jest automatyczne logowanie.",
"autoLoginTitle": "Przekierowywanie",
"autoLoginDescription": "Przekierowanie do zewnętrznego dostawcy tożsamości w celu uwierzytelnienia.",
"autoLoginProcessing": "Przygotowywanie uwierzytelniania...",
"autoLoginRedirecting": "Przekierowanie do logowania...",
"autoLoginError": "Błąd automatycznego logowania",
"autoLoginErrorNoRedirectUrl": "Nie otrzymano URL przekierowania od dostawcy tożsamości.",
"autoLoginErrorGeneratingUrl": "Nie udało się wygenerować URL uwierzytelniania."
}

140
messages/pt-PT.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "A maneira mais fácil de criar um ponto de entrada na sua rede. Nenhuma configuração extra.",
"siteWg": "WireGuard Básico",
"siteWgDescription": "Use qualquer cliente do WireGuard para estabelecer um túnel. Configuração manual NAT é necessária.",
"siteWgDescriptionSaas": "Use qualquer cliente WireGuard para estabelecer um túnel. Configuração manual NAT necessária. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS",
"siteLocalDescription": "Recursos locais apenas. Sem túneis.",
"siteLocalDescriptionSaas": "Apenas recursos locais. Sem tunelamento. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS",
"siteSeeAll": "Ver todos os sites",
"siteTunnelDescription": "Determine como você deseja se conectar ao seu site",
"siteNewtCredentials": "Credenciais Novas",
@@ -166,7 +168,7 @@
"siteSelect": "Selecionar site",
"siteSearch": "Procurar no site",
"siteNotFound": "Nenhum site encontrado.",
"siteSelectionDescription": "Este site fornecerá conectividade ao recurso.",
"siteSelectionDescription": "Este site fornecerá conectividade ao destino.",
"resourceType": "Tipo de Recurso",
"resourceTypeDescription": "Determine como você deseja acessar seu recurso",
"resourceHTTPSSettings": "Configurações de HTTPS",
@@ -197,6 +199,7 @@
"general": "Gerais",
"generalSettings": "Configurações Gerais",
"proxy": "Proxy",
"internal": "Interno",
"rules": "Regras",
"resourceSettingDescription": "Configure as configurações do seu recurso",
"resourceSetting": "Configurações do {resourceName}",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "O Nome do Servidor TLS para usar para SNI. Deixe vazio para usar o padrão.",
"targetTlsSubmit": "Salvar Configurações",
"targets": "Configuração de Alvos",
"targetsDescription": "Configure alvos para rotear tráfego para seus serviços",
"targetsDescription": "Configure alvos para rotear tráfego para seus serviços de backend",
"targetStickySessions": "Ativar Sessões Persistentes",
"targetStickySessionsDescription": "Manter conexões no mesmo alvo backend durante toda a sessão.",
"methodSelect": "Selecionar método",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "O PIN deve ter exatamente 6 dígitos",
"pincodeRequirementsChars": "O PIN deve conter apenas números",
"passwordRequirementsLength": "A palavra-passe deve ter pelo menos 1 caractere",
"passwordRequirementsTitle": "Requisitos de senha:",
"passwordRequirementLength": "Pelo menos 8 caracteres de comprimento",
"passwordRequirementUppercase": "Pelo menos uma letra maiúscula",
"passwordRequirementLowercase": "Pelo menos uma letra minúscula",
"passwordRequirementNumber": "Pelo menos um número",
"passwordRequirementSpecial": "Pelo menos um caractere especial",
"passwordRequirementsMet": "✓ Senha atende a todos os requisitos",
"passwordStrength": "Força da senha",
"passwordStrengthWeak": "Fraca",
"passwordStrengthMedium": "Média",
"passwordStrengthStrong": "Forte",
"passwordRequirements": "Requisitos:",
"passwordRequirementLengthText": "8+ caracteres",
"passwordRequirementUppercaseText": "Letra maiúscula (A-Z)",
"passwordRequirementLowercaseText": "Letra minúscula (a-z)",
"passwordRequirementNumberText": "Número (0-9)",
"passwordRequirementSpecialText": "Caractere especial (!@#$%...)",
"passwordsDoNotMatch": "As palavras-passe não correspondem",
"otpEmailRequirementsLength": "O OTP deve ter pelo menos 1 caractere",
"otpEmailSent": "OTP Enviado",
"otpEmailSentDescription": "Um OTP foi enviado para o seu email",
@@ -952,6 +973,7 @@
"logoutError": "Erro ao terminar sessão",
"signingAs": "Sessão iniciada como",
"serverAdmin": "Administrador do Servidor",
"managedSelfhosted": "Gerenciado Auto-Hospedado",
"otpEnable": "Ativar Autenticação de Dois Fatores",
"otpDisable": "Desativar Autenticação de Dois Fatores",
"logout": "Terminar Sessão",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Eliminar Site",
"actionGetSite": "Obter Site",
"actionListSites": "Listar Sites",
"setupToken": "Configuração do Token",
"setupTokenDescription": "Digite o token de configuração do console do servidor.",
"setupTokenRequired": "Token de configuração é necessário",
"actionUpdateSite": "Atualizar Site",
"actionListSiteRoles": "Listar Funções Permitidas do Site",
"actionCreateResource": "Criar Recurso",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Eliminar Política de Organização IDP",
"actionListIdpOrgs": "Listar Organizações IDP",
"actionUpdateIdpOrg": "Atualizar Organização IDP",
"actionCreateClient": "Criar Cliente",
"actionDeleteClient": "Excluir Cliente",
"actionUpdateClient": "Atualizar Cliente",
"actionListClients": "Listar Clientes",
"actionGetClient": "Obter Cliente",
"noneSelected": "Nenhum selecionado",
"orgNotFound2": "Nenhuma organização encontrada.",
"searchProgress": "Pesquisar...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "Ocorreu um erro ao buscar o lançamento mais recente do Olm.",
"remoteSubnets": "Sub-redes Remotas",
"enterCidrRange": "Insira o intervalo CIDR",
"remoteSubnetsDescription": "Adicione intervalos CIDR que podem acessar este site remotamente. Use o formato como 10.0.0.0/24 ou 192.168.1.0/24.",
"remoteSubnetsDescription": "Adicionar intervalos CIDR que podem ser acessados deste site remotamente usando clientes. Use um formato como 10.0.0.0/24. Isso SOMENTE se aplica à conectividade do cliente VPN.",
"resourceEnableProxy": "Ativar Proxy Público",
"resourceEnableProxyDescription": "Permite proxy público para este recurso. Isso permite o acesso ao recurso de fora da rede através da nuvem em uma porta aberta. Requer configuração do Traefik.",
"externalProxyEnabled": "Proxy Externo Habilitado"
"externalProxyEnabled": "Proxy Externo Habilitado",
"addNewTarget": "Adicionar Novo Alvo",
"targetsList": "Lista de Alvos",
"targetErrorDuplicateTargetFound": "Alvo duplicado encontrado",
"httpMethod": "Método HTTP",
"selectHttpMethod": "Selecionar método HTTP",
"domainPickerSubdomainLabel": "Subdomínio",
"domainPickerBaseDomainLabel": "Domínio Base",
"domainPickerSearchDomains": "Buscar domínios...",
"domainPickerNoDomainsFound": "Nenhum domínio encontrado",
"domainPickerLoadingDomains": "Carregando domínios...",
"domainPickerSelectBaseDomain": "Selecione o domínio base...",
"domainPickerNotAvailableForCname": "Não disponível para domínios CNAME",
"domainPickerEnterSubdomainOrLeaveBlank": "Digite um subdomínio ou deixe em branco para usar o domínio base.",
"domainPickerEnterSubdomainToSearch": "Digite um subdomínio para buscar e selecionar entre os domínios gratuitos disponíveis.",
"domainPickerFreeDomains": "Domínios Gratuitos",
"domainPickerSearchForAvailableDomains": "Pesquise por domínios disponíveis",
"resourceDomain": "Domínio",
"resourceEditDomain": "Editar Domínio",
"siteName": "Nome do Site",
"proxyPort": "Porta",
"resourcesTableProxyResources": "Recursos de Proxy",
"resourcesTableClientResources": "Recursos do Cliente",
"resourcesTableNoProxyResourcesFound": "Nenhum recurso de proxy encontrado.",
"resourcesTableNoInternalResourcesFound": "Nenhum recurso interno encontrado.",
"resourcesTableDestination": "Destino",
"resourcesTableTheseResourcesForUseWith": "Esses recursos são para uso com",
"resourcesTableClients": "Clientes",
"resourcesTableAndOnlyAccessibleInternally": "e são acessíveis apenas internamente quando conectados com um cliente.",
"editInternalResourceDialogEditClientResource": "Editar Recurso do Cliente",
"editInternalResourceDialogUpdateResourceProperties": "Atualize as propriedades do recurso e a configuração do alvo para {resourceName}.",
"editInternalResourceDialogResourceProperties": "Propriedades do Recurso",
"editInternalResourceDialogName": "Nome",
"editInternalResourceDialogProtocol": "Protocolo",
"editInternalResourceDialogSitePort": "Porta do Site",
"editInternalResourceDialogTargetConfiguration": "Configuração do Alvo",
"editInternalResourceDialogDestinationIP": "IP de Destino",
"editInternalResourceDialogDestinationPort": "Porta de Destino",
"editInternalResourceDialogCancel": "Cancelar",
"editInternalResourceDialogSaveResource": "Salvar Recurso",
"editInternalResourceDialogSuccess": "Sucesso",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Recurso interno atualizado com sucesso",
"editInternalResourceDialogError": "Erro",
"editInternalResourceDialogFailedToUpdateInternalResource": "Falha ao atualizar recurso interno",
"editInternalResourceDialogNameRequired": "Nome é obrigatório",
"editInternalResourceDialogNameMaxLength": "Nome deve ser inferior a 255 caracteres",
"editInternalResourceDialogProxyPortMin": "Porta de proxy deve ser pelo menos 1",
"editInternalResourceDialogProxyPortMax": "Porta de proxy deve ser inferior a 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Formato de endereço IP inválido",
"editInternalResourceDialogDestinationPortMin": "Porta de destino deve ser pelo menos 1",
"editInternalResourceDialogDestinationPortMax": "Porta de destino deve ser inferior a 65536",
"createInternalResourceDialogNoSitesAvailable": "Nenhum Site Disponível",
"createInternalResourceDialogNoSitesAvailableDescription": "Você precisa ter pelo menos um site Newt com uma sub-rede configurada para criar recursos internos.",
"createInternalResourceDialogClose": "Fechar",
"createInternalResourceDialogCreateClientResource": "Criar Recurso do Cliente",
"createInternalResourceDialogCreateClientResourceDescription": "Crie um novo recurso que estará acessível aos clientes conectados ao site selecionado.",
"createInternalResourceDialogResourceProperties": "Propriedades do Recurso",
"createInternalResourceDialogName": "Nome",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Selecionar site...",
"createInternalResourceDialogSearchSites": "Procurar sites...",
"createInternalResourceDialogNoSitesFound": "Nenhum site encontrado.",
"createInternalResourceDialogProtocol": "Protocolo",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Porta do Site",
"createInternalResourceDialogSitePortDescription": "Use esta porta para acessar o recurso no site quando conectado com um cliente.",
"createInternalResourceDialogTargetConfiguration": "Configuração do Alvo",
"createInternalResourceDialogDestinationIP": "IP de Destino",
"createInternalResourceDialogDestinationIPDescription": "O endereço IP do recurso na rede do site.",
"createInternalResourceDialogDestinationPort": "Porta de Destino",
"createInternalResourceDialogDestinationPortDescription": "A porta no IP de destino onde o recurso está acessível.",
"createInternalResourceDialogCancel": "Cancelar",
"createInternalResourceDialogCreateResource": "Criar Recurso",
"createInternalResourceDialogSuccess": "Sucesso",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Recurso interno criado com sucesso",
"createInternalResourceDialogError": "Erro",
"createInternalResourceDialogFailedToCreateInternalResource": "Falha ao criar recurso interno",
"createInternalResourceDialogNameRequired": "Nome é obrigatório",
"createInternalResourceDialogNameMaxLength": "Nome deve ser inferior a 255 caracteres",
"createInternalResourceDialogPleaseSelectSite": "Por favor, selecione um site",
"createInternalResourceDialogProxyPortMin": "Porta de proxy deve ser pelo menos 1",
"createInternalResourceDialogProxyPortMax": "Porta de proxy deve ser inferior a 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Formato de endereço IP inválido",
"createInternalResourceDialogDestinationPortMin": "Porta de destino deve ser pelo menos 1",
"createInternalResourceDialogDestinationPortMax": "Porta de destino deve ser inferior a 65536",
"siteConfiguration": "Configuração",
"siteAcceptClientConnections": "Aceitar Conexões de Clientes",
"siteAcceptClientConnectionsDescription": "Permitir que outros dispositivos se conectem através desta instância Newt como um gateway usando clientes.",
"siteAddress": "Endereço do Site",
"siteAddressDescription": "Especificar o endereço IP do host para que os clientes se conectem. Este é o endereço interno do site na rede Pangolin para os clientes endereçarem. Deve estar dentro da sub-rede da Organização.",
"autoLoginExternalIdp": "Login Automático com IDP Externo",
"autoLoginExternalIdpDescription": "Redirecionar imediatamente o usuário para o IDP externo para autenticação.",
"selectIdp": "Selecionar IDP",
"selectIdpPlaceholder": "Escolher um IDP...",
"selectIdpRequired": "Por favor, selecione um IDP quando o login automático estiver ativado.",
"autoLoginTitle": "Redirecionando",
"autoLoginDescription": "Redirecionando você para o provedor de identidade externo para autenticação.",
"autoLoginProcessing": "Preparando autenticação...",
"autoLoginRedirecting": "Redirecionando para login...",
"autoLoginError": "Erro de Login Automático",
"autoLoginErrorNoRedirectUrl": "Nenhum URL de redirecionamento recebido do provedor de identidade.",
"autoLoginErrorGeneratingUrl": "Falha ao gerar URL de autenticação."
}

622
messages/ru-RU.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Простейший способ создать точку входа в вашу сеть. Дополнительная настройка не требуется.",
"siteWg": "Базовый WireGuard",
"siteWgDescription": "Используйте любой клиент WireGuard для открытия туннеля. Требуется ручная настройка NAT.",
"siteWgDescriptionSaas": "Используйте любой клиент WireGuard для создания туннеля. Требуется ручная настройка NAT. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ",
"siteLocalDescription": "Только локальные ресурсы. Без туннелирования.",
"siteLocalDescriptionSaas": "Только локальные ресурсы. Без туннелирования. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ",
"siteSeeAll": "Просмотреть все сайты",
"siteTunnelDescription": "Выберите способ подключения к вашему сайту",
"siteNewtCredentials": "Учётные данные Newt",
@@ -166,7 +168,7 @@
"siteSelect": "Выберите сайт",
"siteSearch": "Поиск сайта",
"siteNotFound": "Сайт не найден.",
"siteSelectionDescription": "Этот сайт обеспечит подключение к ресурсу.",
"siteSelectionDescription": "Этот сайт предоставит подключение к цели.",
"resourceType": "Тип ресурса",
"resourceTypeDescription": "Определите, как вы хотите получать доступ к вашему ресурсу",
"resourceHTTPSSettings": "Настройки HTTPS",
@@ -197,6 +199,7 @@
"general": "Общие",
"generalSettings": "Общие настройки",
"proxy": "Прокси",
"internal": "Внутренний",
"rules": "Правила",
"resourceSettingDescription": "Настройте параметры вашего ресурса",
"resourceSetting": "Настройки {resourceName}",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "Имя TLS сервера для использования в SNI. Оставьте пустым для использования по умолчанию.",
"targetTlsSubmit": "Сохранить настройки",
"targets": "Конфигурация целей",
"targetsDescription": "Настройте цели для маршрутизации трафика к вашим сервисам",
"targetsDescription": "Настройте цели для маршрутизации трафика к вашим бэкэнд сервисам",
"targetStickySessions": "Включить фиксированные сессии",
"targetStickySessionsDescription": "Сохранять соединения на одной и той же целевой точке в течение всей сессии.",
"methodSelect": "Выберите метод",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN должен состоять ровно из 6 цифр",
"pincodeRequirementsChars": "PIN должен содержать только цифры",
"passwordRequirementsLength": "Пароль должен быть не менее 1 символа",
"passwordRequirementsTitle": "Требования к паролю:",
"passwordRequirementLength": "Не менее 8 символов",
"passwordRequirementUppercase": "По крайней мере, одна заглавная буква",
"passwordRequirementLowercase": "По крайней мере, одна строчная буква",
"passwordRequirementNumber": "По крайней мере, одна цифра",
"passwordRequirementSpecial": "По крайней мере, один специальный символ",
"passwordRequirementsMet": "✓ Пароль соответствует всем требованиям",
"passwordStrength": "Сила пароля",
"passwordStrengthWeak": "Слабый",
"passwordStrengthMedium": "Средний",
"passwordStrengthStrong": "Сильный",
"passwordRequirements": "Требования:",
"passwordRequirementLengthText": "8+ символов",
"passwordRequirementUppercaseText": "Заглавная буква (A-Z)",
"passwordRequirementLowercaseText": "Строчная буква (a-z)",
"passwordRequirementNumberText": "Цифра (0-9)",
"passwordRequirementSpecialText": "Специальный символ (!@#$%...)",
"passwordsDoNotMatch": "Пароли не совпадают",
"otpEmailRequirementsLength": "OTP должен быть не менее 1 символа",
"otpEmailSent": "OTP отправлен",
"otpEmailSentDescription": "OTP был отправлен на ваш email",
@@ -925,74 +946,78 @@
"supportKeyInvalid": "Недействительный ключ",
"supportKeyInvalidDescription": "Ваш ключ поддержки недействителен.",
"supportKeyValid": "Действительный ключ",
"supportKeyValidDescription": "Your supporter key has been validated. Thank you for your support!",
"supportKeyErrorValidationDescription": "Failed to validate supporter key.",
"supportKey": "Support Development and Adopt a Pangolin!",
"supportKeyValidDescription": "Ваш ключ поддержки был проверен. Спасибо за поддержку!",
"supportKeyErrorValidationDescription": "Не удалось проверить ключ поддержки.",
"supportKey": "Поддержите разработку и усыновите Панголина!",
"supportKeyDescription": "Приобретите ключ поддержки, чтобы помочь нам продолжать разработку Pangolin для сообщества. Ваш вклад позволяет нам уделять больше времени поддержке и добавлению новых функций в приложение для всех. Мы никогда не будем использовать это для платного доступа к функциям. Это отдельно от любой коммерческой версии.",
"supportKeyPet": "You will also get to adopt and meet your very own pet Pangolin!",
"supportKeyPurchase": "Payments are processed via GitHub. Afterward, you can retrieve your key on",
"supportKeyPurchaseLink": "our website",
"supportKeyPurchase2": "and redeem it here.",
"supportKeyLearnMore": "Learn more.",
"supportKeyOptions": "Please select the option that best suits you.",
"supportKetOptionFull": "Full Supporter",
"forWholeServer": "For the whole server",
"lifetimePurchase": "Lifetime purchase",
"supporterStatus": "Supporter status",
"buy": "Buy",
"supportKeyOptionLimited": "Limited Supporter",
"forFiveUsers": "For 5 or less users",
"supportKeyRedeem": "Redeem Supporter Key",
"supportKeyHideSevenDays": "Hide for 7 days",
"supportKeyEnter": "Enter Supporter Key",
"supportKeyEnterDescription": "Meet your very own pet Pangolin!",
"githubUsername": "GitHub Username",
"supportKeyInput": "Supporter Key",
"supportKeyBuy": "Buy Supporter Key",
"logoutError": "Error logging out",
"signingAs": "Signed in as",
"serverAdmin": "Server Admin",
"otpEnable": "Enable Two-factor",
"otpDisable": "Disable Two-factor",
"logout": "Log Out",
"licenseTierProfessionalRequired": "Professional Edition Required",
"supportKeyPet": "Вы также сможете усыновить и встретить вашего собственного питомца Панголина!",
"supportKeyPurchase": "Платежи обрабатываются через GitHub. После этого вы сможете получить свой ключ на",
"supportKeyPurchaseLink": "нашем сайте",
"supportKeyPurchase2": "и активировать его здесь.",
"supportKeyLearnMore": "Узнать больше.",
"supportKeyOptions": "Пожалуйста, выберите подходящий вам вариант.",
"supportKetOptionFull": "Полная поддержка",
"forWholeServer": "За весь сервер",
"lifetimePurchase": "Пожизненная покупка",
"supporterStatus": "Статус поддержки",
"buy": "Купить",
"supportKeyOptionLimited": "Лимитированная поддержка",
"forFiveUsers": "За 5 или меньше пользователей",
"supportKeyRedeem": "Использовать ключ Поддержки",
"supportKeyHideSevenDays": "Скрыть на 7 дней",
"supportKeyEnter": "Введите ключ поддержки",
"supportKeyEnterDescription": "Встречайте своего питомца Панголина!",
"githubUsername": "Имя пользователя Github",
"supportKeyInput": "Ключ поддержки",
"supportKeyBuy": "Ключ поддержки",
"logoutError": "Ошибка при выходе",
"signingAs": "Вы вошли как",
"serverAdmin": "Администратор сервера",
"managedSelfhosted": "Управляемый с самовывоза",
"otpEnable": "Включить Двухфакторную Аутентификацию",
"otpDisable": "Отключить двухфакторную аутентификацию",
"logout": "Выйти",
"licenseTierProfessionalRequired": "Требуется профессиональная версия",
"licenseTierProfessionalRequiredDescription": "Эта функция доступна только в профессиональной версии.",
"actionGetOrg": "Get Organization",
"actionUpdateOrg": "Update Organization",
"actionUpdateUser": "Update User",
"actionGetUser": "Get User",
"actionGetOrgUser": "Get Organization User",
"actionListOrgDomains": "List Organization Domains",
"actionCreateSite": "Create Site",
"actionDeleteSite": "Delete Site",
"actionGetSite": "Get Site",
"actionListSites": "List Sites",
"actionUpdateSite": "Update Site",
"actionListSiteRoles": "List Allowed Site Roles",
"actionCreateResource": "Create Resource",
"actionDeleteResource": "Delete Resource",
"actionGetResource": "Get Resource",
"actionListResource": "List Resources",
"actionUpdateResource": "Update Resource",
"actionListResourceUsers": "List Resource Users",
"actionSetResourceUsers": "Set Resource Users",
"actionSetAllowedResourceRoles": "Set Allowed Resource Roles",
"actionListAllowedResourceRoles": "List Allowed Resource Roles",
"actionSetResourcePassword": "Set Resource Password",
"actionSetResourcePincode": "Set Resource Pincode",
"actionSetResourceEmailWhitelist": "Set Resource Email Whitelist",
"actionGetResourceEmailWhitelist": "Get Resource Email Whitelist",
"actionCreateTarget": "Create Target",
"actionDeleteTarget": "Delete Target",
"actionGetTarget": "Get Target",
"actionListTargets": "List Targets",
"actionUpdateTarget": "Update Target",
"actionCreateRole": "Create Role",
"actionDeleteRole": "Delete Role",
"actionGetRole": "Get Role",
"actionListRole": "List Roles",
"actionUpdateRole": "Update Role",
"actionListAllowedRoleResources": "List Allowed Role Resources",
"actionGetOrg": "Получить организацию",
"actionUpdateOrg": "Обновить организацию",
"actionUpdateUser": "Обновить пользователя",
"actionGetUser": "Получить пользователя",
"actionGetOrgUser": "Получить пользователя организации",
"actionListOrgDomains": "Список доменов организации",
"actionCreateSite": "Создать сайт",
"actionDeleteSite": "Удалить сайт",
"actionGetSite": "Получить сайт",
"actionListSites": "Список сайтов",
"setupToken": "Код настройки",
"setupTokenDescription": "Введите токен настройки из консоли сервера.",
"setupTokenRequired": "Токен настройки обязателен",
"actionUpdateSite": "Обновить сайт",
"actionListSiteRoles": "Список разрешенных ролей сайта",
"actionCreateResource": "Создать ресурс",
"actionDeleteResource": "Удалить ресурс",
"actionGetResource": "Получить ресурсы",
"actionListResource": "Список ресурсов",
"actionUpdateResource": "Обновить ресурс",
"actionListResourceUsers": "Список пользователей ресурсов",
"actionSetResourceUsers": "Список пользователей ресурсов",
"actionSetAllowedResourceRoles": "Набор разрешенных ролей ресурсов",
"actionListAllowedResourceRoles": "Список разрешенных ролей сайта",
"actionSetResourcePassword": "Задать пароль ресурса",
"actionSetResourcePincode": "Установить ПИН-код ресурса",
"actionSetResourceEmailWhitelist": "Настроить белый список ресурсов email",
"actionGetResourceEmailWhitelist": "Получить белый список ресурсов email",
"actionCreateTarget": "Создать цель",
"actionDeleteTarget": "Удалить цель",
"actionGetTarget": "Получить цель",
"actionListTargets": "Список целей",
"actionUpdateTarget": "Обновить цель",
"actionCreateRole": "Создать роль",
"actionDeleteRole": "Удалить роль",
"actionGetRole": "Получить Роль",
"actionListRole": "Список ролей",
"actionUpdateRole": "Обновить роль",
"actionListAllowedRoleResources": "Список разрешенных ролей сайта",
"actionInviteUser": "Пригласить пользователя",
"actionRemoveUser": "Удалить пользователя",
"actionListUsers": "Список пользователей",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Удалить политику IDP организации",
"actionListIdpOrgs": "Список организаций IDP",
"actionUpdateIdpOrg": "Обновить организацию IDP",
"actionCreateClient": "Создать Клиента",
"actionDeleteClient": "Удалить Клиента",
"actionUpdateClient": "Обновить Клиента",
"actionListClients": "Список Клиентов",
"actionGetClient": "Получить Клиента",
"noneSelected": "Ничего не выбрано",
"orgNotFound2": "Организации не найдены.",
"searchProgress": "Поиск...",
@@ -1093,8 +1123,8 @@
"sidebarAllUsers": "Все пользователи",
"sidebarIdentityProviders": "Поставщики удостоверений",
"sidebarLicense": "Лицензия",
"sidebarClients": "Clients (Beta)",
"sidebarDomains": "Domains",
"sidebarClients": "Клиенты (бета)",
"sidebarDomains": "Домены",
"enableDockerSocket": "Включить Docker Socket",
"enableDockerSocketDescription": "Включить обнаружение Docker Socket для заполнения информации о контейнерах. Путь к сокету должен быть предоставлен Newt.",
"enableDockerSocketLink": "Узнать больше",
@@ -1134,189 +1164,291 @@
"dark": "тёмная",
"system": "системная",
"theme": "Тема",
"subnetRequired": "Subnet is required",
"subnetRequired": "Требуется подсеть",
"initialSetupTitle": "Начальная настройка сервера",
"initialSetupDescription": "Создайте первоначальную учётную запись администратора сервера. Может существовать только один администратор сервера. Вы всегда можете изменить эти учётные данные позже.",
"createAdminAccount": "Создать учётную запись администратора",
"setupErrorCreateAdmin": "Произошла ошибка при создании учётной записи администратора сервера.",
"certificateStatus": "Certificate Status",
"loading": "Loading",
"restart": "Restart",
"domains": "Domains",
"domainsDescription": "Manage domains for your organization",
"domainsSearch": "Search domains...",
"domainAdd": "Add Domain",
"domainAddDescription": "Register a new domain with your organization",
"domainCreate": "Create Domain",
"domainCreatedDescription": "Domain created successfully",
"domainDeletedDescription": "Domain deleted successfully",
"domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
"domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
"domainMessageConfirm": "To confirm, please type the domain name below.",
"domainConfirmDelete": "Confirm Delete Domain",
"domainDelete": "Delete Domain",
"domain": "Domain",
"selectDomainTypeNsName": "Domain Delegation (NS)",
"selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.",
"selectDomainTypeCnameName": "Single Domain (CNAME)",
"selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.",
"selectDomainTypeWildcardName": "Wildcard Domain",
"selectDomainTypeWildcardDescription": "This domain and its subdomains.",
"domainDelegation": "Single Domain",
"selectType": "Select a type",
"actions": "Actions",
"refresh": "Refresh",
"refreshError": "Failed to refresh data",
"verified": "Verified",
"pending": "Pending",
"sidebarBilling": "Billing",
"billing": "Billing",
"orgBillingDescription": "Manage your billing information and subscriptions",
"certificateStatus": "Статус сертификата",
"loading": "Загрузка",
"restart": "Перезагрузка",
"domains": "Домены",
"domainsDescription": "Управление доменами для вашей организации",
"domainsSearch": "Поиск доменов...",
"domainAdd": "Добавить Домен",
"domainAddDescription": "Зарегистрировать новый домен в вашей организации",
"domainCreate": "Создать Домен",
"domainCreatedDescription": "Домен успешно создан",
"domainDeletedDescription": "Домен успешно удален",
"domainQuestionRemove": "Вы уверены, что хотите удалить домен {domain} из вашего аккаунта?",
"domainMessageRemove": "После удаления домен больше не будет связан с вашей учетной записью.",
"domainMessageConfirm": "Для подтверждения введите ниже имя домена.",
"domainConfirmDelete": "Подтвердить удаление домена",
"domainDelete": "Удалить Домен",
"domain": "Домен",
"selectDomainTypeNsName": "Делегация домена (NS)",
"selectDomainTypeNsDescription": "Этот домен и все его субдомены. Используйте это, когда вы хотите управлять всей доменной зоной.",
"selectDomainTypeCnameName": "Одиночный домен (CNAME)",
"selectDomainTypeCnameDescription": "Только этот конкретный домен. Используйте это для отдельных субдоменов или отдельных записей домена.",
"selectDomainTypeWildcardName": "Подставной домен",
"selectDomainTypeWildcardDescription": "Этот домен и его субдомены.",
"domainDelegation": "Единый домен",
"selectType": "Выберите тип",
"actions": "Действия",
"refresh": "Обновить",
"refreshError": "Не удалось обновить данные",
"verified": "Подтверждено",
"pending": "В ожидании",
"sidebarBilling": "Выставление счетов",
"billing": "Выставление счетов",
"orgBillingDescription": "Управляйте информацией о выставлении счетов и подписками",
"github": "GitHub",
"pangolinHosted": "Pangolin Hosted",
"fossorial": "Fossorial",
"completeAccountSetup": "Complete Account Setup",
"completeAccountSetupDescription": "Set your password to get started",
"accountSetupSent": "We'll send an account setup code to this email address.",
"accountSetupCode": "Setup Code",
"accountSetupCodeDescription": "Check your email for the setup code.",
"passwordCreate": "Create Password",
"passwordCreateConfirm": "Confirm Password",
"accountSetupSubmit": "Send Setup Code",
"completeSetup": "Complete Setup",
"accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
"documentation": "Documentation",
"saveAllSettings": "Save All Settings",
"settingsUpdated": "Settings updated",
"settingsUpdatedDescription": "All settings have been updated successfully",
"settingsErrorUpdate": "Failed to update settings",
"settingsErrorUpdateDescription": "An error occurred while updating settings",
"sidebarCollapse": "Collapse",
"sidebarExpand": "Expand",
"newtUpdateAvailable": "Update Available",
"newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
"domainPickerEnterDomain": "Domain",
"domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
"domainPickerDescription": "Enter the full domain of the resource to see available options.",
"domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
"domainPickerTabAll": "All",
"domainPickerTabOrganization": "Organization",
"domainPickerTabProvided": "Provided",
"domainPickerSortAsc": "A-Z",
"domainPickerSortDesc": "Z-A",
"domainPickerCheckingAvailability": "Checking availability...",
"domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.",
"domainPickerOrganizationDomains": "Organization Domains",
"domainPickerProvidedDomains": "Provided Domains",
"domainPickerSubdomain": "Subdomain: {subdomain}",
"domainPickerNamespace": "Namespace: {namespace}",
"domainPickerShowMore": "Show More",
"domainNotFound": "Domain Not Found",
"domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
"failed": "Failed",
"createNewOrgDescription": "Create a new organization",
"organization": "Organization",
"port": "Port",
"securityKeyManage": "Manage Security Keys",
"securityKeyDescription": "Add or remove security keys for passwordless authentication",
"securityKeyRegister": "Register New Security Key",
"securityKeyList": "Your Security Keys",
"securityKeyNone": "No security keys registered yet",
"securityKeyNameRequired": "Name is required",
"securityKeyRemove": "Remove",
"securityKeyLastUsed": "Last used: {date}",
"securityKeyNameLabel": "Security Key Name",
"securityKeyRegisterSuccess": "Security key registered successfully",
"securityKeyRegisterError": "Failed to register security key",
"securityKeyRemoveSuccess": "Security key removed successfully",
"securityKeyRemoveError": "Failed to remove security key",
"securityKeyLoadError": "Failed to load security keys",
"securityKeyLogin": "Continue with security key",
"securityKeyAuthError": "Failed to authenticate with security key",
"securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.",
"registering": "Registering...",
"securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.",
"securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.",
"securityKeyPermissionDenied": "Please allow access to your security key to continue signing in.",
"securityKeyRemovedTooQuickly": "Please keep your security key connected until the sign-in process completes.",
"securityKeyNotSupported": "Your security key may not be compatible. Please try a different security key.",
"securityKeyUnknownError": "There was a problem using your security key. Please try again.",
"twoFactorRequired": "Two-factor authentication is required to register a security key.",
"twoFactor": "Two-Factor Authentication",
"adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
"continueToApplication": "Continue to Application",
"securityKeyAdd": "Add Security Key",
"securityKeyRegisterTitle": "Register New Security Key",
"securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
"securityKeyTwoFactorRequired": "Two-Factor Authentication Required",
"securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key",
"securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key",
"securityKeyTwoFactorCode": "Two-Factor Code",
"securityKeyRemoveTitle": "Remove Security Key",
"securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"",
"securityKeyNoKeysRegistered": "No security keys registered",
"securityKeyNoKeysDescription": "Add a security key to enhance your account security",
"createDomainRequired": "Domain is required",
"createDomainAddDnsRecords": "Add DNS Records",
"createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.",
"createDomainNsRecords": "NS Records",
"createDomainRecord": "Record",
"createDomainType": "Type:",
"createDomainName": "Name:",
"createDomainValue": "Value:",
"createDomainCnameRecords": "CNAME Records",
"createDomainARecords": "A Records",
"createDomainRecordNumber": "Record {number}",
"createDomainTxtRecords": "TXT Records",
"createDomainSaveTheseRecords": "Save These Records",
"createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.",
"createDomainDnsPropagation": "DNS Propagation",
"createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.",
"resourcePortRequired": "Port number is required for non-HTTP resources",
"resourcePortNotAllowed": "Port number should not be set for HTTP resources",
"completeAccountSetup": "Завершите настройку аккаунта",
"completeAccountSetupDescription": "Установите ваш пароль, чтобы начать",
"accountSetupSent": "Мы отправим код для настройки аккаунта на этот email адрес.",
"accountSetupCode": "Код настройки",
"accountSetupCodeDescription": "Проверьте вашу почту для получения кода настройки.",
"passwordCreate": "Создать пароль",
"passwordCreateConfirm": "Подтвердите пароль",
"accountSetupSubmit": "Отправить код настройки",
"completeSetup": "Завершить настройку",
"accountSetupSuccess": "Настройка аккаунта завершена! Добро пожаловать в Pangolin!",
"documentation": "Документация",
"saveAllSettings": "Сохранить все настройки",
"settingsUpdated": "Настройки обновлены",
"settingsUpdatedDescription": "Все настройки успешно обновлены",
"settingsErrorUpdate": "Не удалось обновить настройки",
"settingsErrorUpdateDescription": "Произошла ошибка при обновлении настроек",
"sidebarCollapse": "Свернуть",
"sidebarExpand": "Развернуть",
"newtUpdateAvailable": "Доступно обновление",
"newtUpdateAvailableInfo": "Доступна новая версия Newt. Пожалуйста, обновитесь до последней версии для лучшего опыта.",
"domainPickerEnterDomain": "Домен",
"domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, или просто myapp",
"domainPickerDescription": "Введите полный домен ресурса, чтобы увидеть доступные опции.",
"domainPickerDescriptionSaas": "Введите полный домен, поддомен или просто имя, чтобы увидеть доступные опции",
"domainPickerTabAll": "Все",
"domainPickerTabOrganization": "Организация",
"domainPickerTabProvided": "Предоставлено",
"domainPickerSortAsc": "А",
"domainPickerSortDesc": "Я-А",
"domainPickerCheckingAvailability": "Проверка доступности...",
"domainPickerNoMatchingDomains": "Не найдены сопоставимые домены. Попробуйте другой домен или проверьте настройки доменов вашей организации.",
"domainPickerOrganizationDomains": "Домены организации",
"domainPickerProvidedDomains": "Предоставленные домены",
"domainPickerSubdomain": "Поддомен: {subdomain}",
"domainPickerNamespace": "Пространство имен: {namespace}",
"domainPickerShowMore": "Показать еще",
"domainNotFound": "Домен не найден",
"domainNotFoundDescription": "Этот ресурс отключен, так как домен больше не существует в нашей системе. Пожалуйста, установите новый домен для этого ресурса.",
"failed": "Ошибка",
"createNewOrgDescription": "Создать новую организацию",
"organization": "Организация",
"port": "Порт",
"securityKeyManage": "Управление ключами безопасности",
"securityKeyDescription": "Добавить или удалить ключи безопасности для аутентификации без пароля",
"securityKeyRegister": "Зарегистрировать новый ключ безопасности",
"securityKeyList": "Ваши ключи безопасности",
"securityKeyNone": "Ключи безопасности еще не зарегистрированы",
"securityKeyNameRequired": "Имя обязательно",
"securityKeyRemove": "Удалить",
"securityKeyLastUsed": "Последнее использование: {date}",
"securityKeyNameLabel": "Имя ключа безопасности",
"securityKeyRegisterSuccess": "Ключ безопасности успешно зарегистрирован",
"securityKeyRegisterError": "Не удалось зарегистрировать ключ безопасности",
"securityKeyRemoveSuccess": "Ключ безопасности успешно удален",
"securityKeyRemoveError": "Не удалось удалить ключ безопасности",
"securityKeyLoadError": "Не удалось загрузить ключи безопасности",
"securityKeyLogin": "Продолжить с ключом безопасности",
"securityKeyAuthError": "Не удалось аутентифицироваться с ключом безопасности",
"securityKeyRecommendation": "Зарегистрируйте резервный ключ безопасности на другом устройстве, чтобы всегда иметь доступ к вашему аккаунту.",
"registering": "Регистрация...",
"securityKeyPrompt": "Пожалуйста, подтвердите свою личность с использованием вашего ключа безопасности. Убедитесь, что ваш ключ безопасности подключен и готов.",
"securityKeyBrowserNotSupported": "Ваш браузер не поддерживает ключи безопасности. Пожалуйста, используйте современный браузер, такой как Chrome, Firefox или Safari.",
"securityKeyPermissionDenied": "Пожалуйста, разрешите доступ к вашему ключу безопасности, чтобы продолжить вход.",
"securityKeyRemovedTooQuickly": "Пожалуйста, держите ваш ключ безопасности подключенным, пока процесс входа не завершится.",
"securityKeyNotSupported": "Ваш ключ безопасности может быть несовместим. Попробуйте другой ключ безопасности.",
"securityKeyUnknownError": "Произошла проблема при использовании вашего ключа безопасности. Пожалуйста, попробуйте еще раз.",
"twoFactorRequired": "Для регистрации ключа безопасности требуется двухфакторная аутентификация.",
"twoFactor": "Двухфакторная аутентификация",
"adminEnabled2FaOnYourAccount": "Ваш администратор включил двухфакторную аутентификацию для {email}. Пожалуйста, завершите процесс настройки, чтобы продолжить.",
"continueToApplication": "Перейти к приложению",
"securityKeyAdd": "Добавить ключ безопасности",
"securityKeyRegisterTitle": "Регистрация нового ключа безопасности",
"securityKeyRegisterDescription": "Подключите свой ключ безопасности и введите имя для его идентификации",
"securityKeyTwoFactorRequired": "Требуется двухфакторная аутентификация",
"securityKeyTwoFactorDescription": "Пожалуйста, введите ваш код двухфакторной аутентификации для регистрации ключа безопасности",
"securityKeyTwoFactorRemoveDescription": "Пожалуйста, введите ваш код двухфакторной аутентификации для удаления ключа безопасности",
"securityKeyTwoFactorCode": "Код двухфакторной аутентификации",
"securityKeyRemoveTitle": "Удалить ключ безопасности",
"securityKeyRemoveDescription": "Введите ваш пароль для удаления ключа безопасности \"{name}\"",
"securityKeyNoKeysRegistered": "Ключи безопасности не зарегистрированы",
"securityKeyNoKeysDescription": "Добавьте ключ безопасности, чтобы повысить безопасность вашего аккаунта",
"createDomainRequired": "Домен обязателен",
"createDomainAddDnsRecords": "Добавить DNS записи",
"createDomainAddDnsRecordsDescription": "Добавьте следующие DNS записи у вашего провайдера доменных имен для завершения настройки.",
"createDomainNsRecords": "NS Записи",
"createDomainRecord": "Запись",
"createDomainType": "Тип:",
"createDomainName": "Имя:",
"createDomainValue": "Значение:",
"createDomainCnameRecords": "CNAME Записи",
"createDomainARecords": "A Записи",
"createDomainRecordNumber": "Запись {number}",
"createDomainTxtRecords": "TXT Записи",
"createDomainSaveTheseRecords": "Сохранить эти записи",
"createDomainSaveTheseRecordsDescription": "Обязательно сохраните эти DNS записи, так как вы их больше не увидите.",
"createDomainDnsPropagation": "Распространение DNS",
"createDomainDnsPropagationDescription": "Изменения DNS могут занять некоторое время для распространения через интернет. Это может занять от нескольких минут до 48 часов в зависимости от вашего DNS провайдера и настроек TTL.",
"resourcePortRequired": "Номер порта необходим для не-HTTP ресурсов",
"resourcePortNotAllowed": "Номер порта не должен быть установлен для HTTP ресурсов",
"signUpTerms": {
"IAgreeToThe": "I agree to the",
"termsOfService": "terms of service",
"and": "and",
"privacyPolicy": "privacy policy"
"IAgreeToThe": "Я согласен с",
"termsOfService": "условия использования",
"and": "и",
"privacyPolicy": "политика конфиденциальности"
},
"siteRequired": "Site is required.",
"olmTunnel": "Olm Tunnel",
"olmTunnelDescription": "Use Olm for client connectivity",
"errorCreatingClient": "Error creating client",
"clientDefaultsNotFound": "Client defaults not found",
"createClient": "Create Client",
"createClientDescription": "Create a new client for connecting to your sites",
"seeAllClients": "See All Clients",
"clientInformation": "Client Information",
"clientNamePlaceholder": "Client name",
"address": "Address",
"subnetPlaceholder": "Subnet",
"addressDescription": "The address that this client will use for connectivity",
"selectSites": "Select sites",
"sitesDescription": "The client will have connectivity to the selected sites",
"clientInstallOlm": "Install Olm",
"clientInstallOlmDescription": "Get Olm running on your system",
"clientOlmCredentials": "Olm Credentials",
"clientOlmCredentialsDescription": "This is how Olm will authenticate with the server",
"olmEndpoint": "Olm Endpoint",
"siteRequired": "Необходимо указать сайт.",
"olmTunnel": "Olm Туннель",
"olmTunnelDescription": "Используйте Olm для подключений клиентов",
"errorCreatingClient": "Ошибка при создании клиента",
"clientDefaultsNotFound": "Настройки клиента по умолчанию не найдены",
"createClient": "Создать клиента",
"createClientDescription": "Создайте нового клиента для подключения к вашим сайтам",
"seeAllClients": "Просмотреть всех клиентов",
"clientInformation": "Информация о клиенте",
"clientNamePlaceholder": "Имя клиента",
"address": "Адрес",
"subnetPlaceholder": "Подсеть",
"addressDescription": "Адрес, который этот клиент будет использовать для подключения",
"selectSites": "Выберите сайты",
"sitesDescription": "Клиент будет иметь подключение к выбранным сайтам",
"clientInstallOlm": "Установить Olm",
"clientInstallOlmDescription": "Запустите Olm на вашей системе",
"clientOlmCredentials": "Учётные данные Olm",
"clientOlmCredentialsDescription": "Так Olm будет аутентифицироваться через сервер",
"olmEndpoint": "Конечная точка Olm",
"olmId": "Olm ID",
"olmSecretKey": "Olm Secret Key",
"clientCredentialsSave": "Save Your Credentials",
"clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
"generalSettingsDescription": "Configure the general settings for this client",
"clientUpdated": "Client updated",
"clientUpdatedDescription": "The client has been updated.",
"clientUpdateFailed": "Failed to update client",
"clientUpdateError": "An error occurred while updating the client.",
"sitesFetchFailed": "Failed to fetch sites",
"sitesFetchError": "An error occurred while fetching sites.",
"olmErrorFetchReleases": "An error occurred while fetching Olm releases.",
"olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.",
"remoteSubnets": "Remote Subnets",
"enterCidrRange": "Enter CIDR range",
"remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.",
"resourceEnableProxy": "Enable Public Proxy",
"resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.",
"externalProxyEnabled": "External Proxy Enabled"
"olmSecretKey": "Секретный ключ Olm",
"clientCredentialsSave": "Сохраните ваши учётные данные",
"clientCredentialsSaveDescription": "Вы сможете увидеть их только один раз. Обязательно скопируйте в безопасное место.",
"generalSettingsDescription": "Настройте общие параметры для этого клиента",
"clientUpdated": "Клиент обновлен",
"clientUpdatedDescription": "Клиент был обновлён.",
"clientUpdateFailed": "Не удалось обновить клиента",
"clientUpdateError": "Произошла ошибка при обновлении клиента.",
"sitesFetchFailed": "Не удалось получить сайты",
"sitesFetchError": "Произошла ошибка при получении сайтов.",
"olmErrorFetchReleases": "Произошла ошибка при получении релизов Olm.",
"olmErrorFetchLatest": "Произошла ошибка при получении последнего релиза Olm.",
"remoteSubnets": "Удалённые подсети",
"enterCidrRange": "Введите диапазон CIDR",
"remoteSubnetsDescription": "Добавьте диапазоны адресов CIDR, которые можно получить из этого сайта удаленно, используя клиентов. Используйте формат 10.0.0.0/24. Это относится ТОЛЬКО к подключению через VPN клиентов.",
"resourceEnableProxy": "Включить публичный прокси",
"resourceEnableProxyDescription": "Включите публичное проксирование для этого ресурса. Это позволяет получить доступ к ресурсу извне сети через облако через открытый порт. Требуется конфигурация Traefik.",
"externalProxyEnabled": "Внешний прокси включен",
"addNewTarget": "Добавить новую цель",
"targetsList": "Список целей",
"targetErrorDuplicateTargetFound": "Обнаружена дублирующаяся цель",
"httpMethod": "HTTP метод",
"selectHttpMethod": "Выберите HTTP метод",
"domainPickerSubdomainLabel": "Поддомен",
"domainPickerBaseDomainLabel": "Основной домен",
"domainPickerSearchDomains": "Поиск доменов...",
"domainPickerNoDomainsFound": "Доменов не найдено",
"domainPickerLoadingDomains": "Загрузка доменов...",
"domainPickerSelectBaseDomain": "Выбор основного домена...",
"domainPickerNotAvailableForCname": "Не доступно для CNAME доменов",
"domainPickerEnterSubdomainOrLeaveBlank": "Введите поддомен или оставьте пустым для использования основного домена.",
"domainPickerEnterSubdomainToSearch": "Введите поддомен для поиска и выбора из доступных свободных доменов.",
"domainPickerFreeDomains": "Свободные домены",
"domainPickerSearchForAvailableDomains": "Поиск доступных доменов",
"resourceDomain": "Домен",
"resourceEditDomain": "Редактировать домен",
"siteName": "Имя сайта",
"proxyPort": "Порт",
"resourcesTableProxyResources": "Проксированные ресурсы",
"resourcesTableClientResources": "Клиентские ресурсы",
"resourcesTableNoProxyResourcesFound": "Проксированных ресурсов не найдено.",
"resourcesTableNoInternalResourcesFound": "Внутренних ресурсов не найдено.",
"resourcesTableDestination": "Пункт назначения",
"resourcesTableTheseResourcesForUseWith": "Эти ресурсы предназначены для использования с",
"resourcesTableClients": "Клиенты",
"resourcesTableAndOnlyAccessibleInternally": "и доступны только внутренне при подключении с клиентом.",
"editInternalResourceDialogEditClientResource": "Редактировать ресурс клиента",
"editInternalResourceDialogUpdateResourceProperties": "Обновите свойства ресурса и настройку цели для {resourceName}.",
"editInternalResourceDialogResourceProperties": "Свойства ресурса",
"editInternalResourceDialogName": "Имя",
"editInternalResourceDialogProtocol": "Протокол",
"editInternalResourceDialogSitePort": "Порт сайта",
"editInternalResourceDialogTargetConfiguration": "Настройка цели",
"editInternalResourceDialogDestinationIP": "Целевая IP",
"editInternalResourceDialogDestinationPort": "Целевой порт",
"editInternalResourceDialogCancel": "Отмена",
"editInternalResourceDialogSaveResource": "Сохранить ресурс",
"editInternalResourceDialogSuccess": "Успешно",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Внутренний ресурс успешно обновлен",
"editInternalResourceDialogError": "Ошибка",
"editInternalResourceDialogFailedToUpdateInternalResource": "Не удалось обновить внутренний ресурс",
"editInternalResourceDialogNameRequired": "Имя обязательно",
"editInternalResourceDialogNameMaxLength": "Имя не должно быть длиннее 255 символов",
"editInternalResourceDialogProxyPortMin": "Порт прокси должен быть не менее 1",
"editInternalResourceDialogProxyPortMax": "Порт прокси должен быть меньше 65536",
"editInternalResourceDialogInvalidIPAddressFormat": "Неверный формат IP адреса",
"editInternalResourceDialogDestinationPortMin": "Целевой порт должен быть не менее 1",
"editInternalResourceDialogDestinationPortMax": "Целевой порт должен быть меньше 65536",
"createInternalResourceDialogNoSitesAvailable": "Нет доступных сайтов",
"createInternalResourceDialogNoSitesAvailableDescription": "Вам необходимо иметь хотя бы один сайт Newt с настроенной подсетью для создания внутреннего ресурса.",
"createInternalResourceDialogClose": "Закрыть",
"createInternalResourceDialogCreateClientResource": "Создать ресурс клиента",
"createInternalResourceDialogCreateClientResourceDescription": "Создайте новый ресурс, который будет доступен клиентам, подключенным к выбранному сайту.",
"createInternalResourceDialogResourceProperties": "Свойства ресурса",
"createInternalResourceDialogName": "Имя",
"createInternalResourceDialogSite": "Сайт",
"createInternalResourceDialogSelectSite": "Выберите сайт...",
"createInternalResourceDialogSearchSites": "Поиск сайтов...",
"createInternalResourceDialogNoSitesFound": "Сайты не найдены.",
"createInternalResourceDialogProtocol": "Протокол",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Порт сайта",
"createInternalResourceDialogSitePortDescription": "Используйте этот порт для доступа к ресурсу на сайте при подключении с клиентом.",
"createInternalResourceDialogTargetConfiguration": "Настройка цели",
"createInternalResourceDialogDestinationIP": "Целевая IP",
"createInternalResourceDialogDestinationIPDescription": "IP-адрес ресурса в сети сайта.",
"createInternalResourceDialogDestinationPort": "Целевой порт",
"createInternalResourceDialogDestinationPortDescription": "Порт на IP-адресе назначения, где доступен ресурс.",
"createInternalResourceDialogCancel": "Отмена",
"createInternalResourceDialogCreateResource": "Создать ресурс",
"createInternalResourceDialogSuccess": "Успешно",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Внутренний ресурс успешно создан",
"createInternalResourceDialogError": "Ошибка",
"createInternalResourceDialogFailedToCreateInternalResource": "Не удалось создать внутренний ресурс",
"createInternalResourceDialogNameRequired": "Имя обязательно",
"createInternalResourceDialogNameMaxLength": "Имя должно содержать менее 255 символов",
"createInternalResourceDialogPleaseSelectSite": "Пожалуйста, выберите сайт",
"createInternalResourceDialogProxyPortMin": "Прокси-порт должен быть не менее 1",
"createInternalResourceDialogProxyPortMax": "Прокси-порт должен быть меньше 65536",
"createInternalResourceDialogInvalidIPAddressFormat": "Неверный формат IP-адреса",
"createInternalResourceDialogDestinationPortMin": "Целевой порт должен быть не менее 1",
"createInternalResourceDialogDestinationPortMax": "Целевой порт должен быть меньше 65536",
"siteConfiguration": "Конфигурация",
"siteAcceptClientConnections": "Принимать подключения клиентов",
"siteAcceptClientConnectionsDescription": "Разрешите другим устройствам подключаться через этот экземпляр Newt в качестве шлюза с использованием клиентов.",
"siteAddress": "Адрес сайта",
"siteAddressDescription": "Укажите IP-адрес хоста для подключения клиентов. Это внутренний адрес сайта в сети Pangolin для адресации клиентов. Должен находиться в пределах подсети организационного уровня.",
"autoLoginExternalIdp": "Автоматический вход с внешним провайдером",
"autoLoginExternalIdpDescription": "Немедленно перенаправьте пользователя к внешнему провайдеру для аутентификации.",
"selectIdp": "Выберите провайдера",
"selectIdpPlaceholder": "Выберите провайдера...",
"selectIdpRequired": "Пожалуйста, выберите провайдера, когда автоматический вход включен.",
"autoLoginTitle": "Перенаправление",
"autoLoginDescription": "Перенаправление вас к внешнему провайдеру для аутентификации.",
"autoLoginProcessing": "Подготовка аутентификации...",
"autoLoginRedirecting": "Перенаправление к входу...",
"autoLoginError": "Ошибка автоматического входа",
"autoLoginErrorNoRedirectUrl": "URL-адрес перенаправления не получен от провайдера удостоверения.",
"autoLoginErrorGeneratingUrl": "Не удалось сгенерировать URL-адрес аутентификации."
}

140
messages/tr-TR.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "Ağınıza giriş noktası oluşturmanın en kolay yolu. Ekstra kurulum gerekmez.",
"siteWg": "Temel WireGuard",
"siteWgDescription": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir.",
"siteWgDescriptionSaas": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR",
"siteLocalDescription": "Yalnızca yerel kaynaklar. Tünelleme yok.",
"siteLocalDescriptionSaas": "Yalnızca yerel kaynaklar. Tünel yok. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR",
"siteSeeAll": "Tüm Siteleri Gör",
"siteTunnelDescription": "Sitenize nasıl bağlanmak istediğinizi belirleyin",
"siteNewtCredentials": "Newt Kimlik Bilgileri",
@@ -166,7 +168,7 @@
"siteSelect": "Site seç",
"siteSearch": "Site ara",
"siteNotFound": "Herhangi bir site bulunamadı.",
"siteSelectionDescription": "Bu site, kaynağa bağlanabilirliği sağlayacaktır.",
"siteSelectionDescription": "Bu site hedefe bağlantı sağlayacaktır.",
"resourceType": "Kaynak Türü",
"resourceTypeDescription": "Kaynağınıza nasıl erişmek istediğinizi belirleyin",
"resourceHTTPSSettings": "HTTPS Ayarları",
@@ -197,6 +199,7 @@
"general": "Genel",
"generalSettings": "Genel Ayarlar",
"proxy": "Vekil Sunucu",
"internal": "Dahili",
"rules": "Kurallar",
"resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın",
"resourceSetting": "{resourceName} Ayarları",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "SNI için kullanılacak TLS Sunucu Adı'",
"targetTlsSubmit": "Ayarları Kaydet",
"targets": "Hedefler Konfigürasyonu",
"targetsDescription": "Trafiği hizmetlerinize yönlendirmek için hedefleri ayarlayın",
"targetsDescription": "Trafiği arka uç hizmetlerinize yönlendirmek için hedefleri ayarlayın",
"targetStickySessions": "Yapışkan Oturumları Etkinleştir",
"targetStickySessionsDescription": "Bağlantıları oturum süresince aynı arka uç hedef üzerinde tutun.",
"methodSelect": "Yöntemi Seç",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN kesinlikle 6 haneli olmalıdır",
"pincodeRequirementsChars": "PIN sadece numaralardan oluşmalıdır",
"passwordRequirementsLength": "Şifre en az 1 karakter uzunluğunda olmalıdır",
"passwordRequirementsTitle": "Şifre gereksinimleri:",
"passwordRequirementLength": "En az 8 karakter uzunluğunda",
"passwordRequirementUppercase": "En az bir büyük harf",
"passwordRequirementLowercase": "En az bir küçük harf",
"passwordRequirementNumber": "En az bir sayı",
"passwordRequirementSpecial": "En az bir özel karakter",
"passwordRequirementsMet": "✓ Şifre tüm gereksinimleri karşılıyor",
"passwordStrength": "Şifre gücü",
"passwordStrengthWeak": "Zayıf",
"passwordStrengthMedium": "Orta",
"passwordStrengthStrong": "Güçlü",
"passwordRequirements": "Gereksinimler:",
"passwordRequirementLengthText": "8+ karakter",
"passwordRequirementUppercaseText": "Büyük harf (A-Z)",
"passwordRequirementLowercaseText": "Küçük harf (a-z)",
"passwordRequirementNumberText": "Sayı (0-9)",
"passwordRequirementSpecialText": "Özel karakter (!@#$%...)",
"passwordsDoNotMatch": "Parolalar eşleşmiyor",
"otpEmailRequirementsLength": "OTP en az 1 karakter uzunluğunda olmalıdır",
"otpEmailSent": "OTP Gönderildi",
"otpEmailSentDescription": "E-posta adresinize bir OTP gönderildi",
@@ -952,6 +973,7 @@
"logoutError": ıkış yaparken hata",
"signingAs": "Olarak giriş yapıldı",
"serverAdmin": "Sunucu Yöneticisi",
"managedSelfhosted": "Yönetilen Self-Hosted",
"otpEnable": "İki faktörlü özelliğini etkinleştir",
"otpDisable": "İki faktörlü özelliğini devre dışı bırak",
"logout": ıkış Yap",
@@ -967,6 +989,9 @@
"actionDeleteSite": "Siteyi Sil",
"actionGetSite": "Siteyi Al",
"actionListSites": "Siteleri Listele",
"setupToken": "Kurulum Simgesi",
"setupTokenDescription": "Sunucu konsolundan kurulum simgesini girin.",
"setupTokenRequired": "Kurulum simgesi gerekli",
"actionUpdateSite": "Siteyi Güncelle",
"actionListSiteRoles": "İzin Verilen Site Rolleri Listele",
"actionCreateResource": "Kaynak Oluştur",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "Kimlik Sağlayıcı Organizasyon Politikasını Sil",
"actionListIdpOrgs": "Kimlik Sağlayıcı Organizasyonları Listele",
"actionUpdateIdpOrg": "Kimlik Sağlayıcı Organizasyonu Güncelle",
"actionCreateClient": "Müşteri Oluştur",
"actionDeleteClient": "Müşteri Sil",
"actionUpdateClient": "Müşteri Güncelle",
"actionListClients": "Müşterileri Listele",
"actionGetClient": "Müşteriyi Al",
"noneSelected": "Hiçbiri seçili değil",
"orgNotFound2": "Hiçbir organizasyon bulunamadı.",
"searchProgress": "Ara...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "En son Olm yayını alınırken bir hata oluştu.",
"remoteSubnets": "Uzak Alt Ağlar",
"enterCidrRange": "CIDR aralığını girin",
"remoteSubnetsDescription": "Bu siteye uzaktan erişebilecek CIDR aralıklarını ekleyin. 10.0.0.0/24 veya 192.168.1.0/24 gibi formatlar kullanın.",
"remoteSubnetsDescription": "Bu siteye uzaktan erişilebilen CIDR aralıklarını ekleyin. 10.0.0.0/24 formatını kullanın. Bu YALNIZCA VPN istemci bağlantıları için geçerlidir.",
"resourceEnableProxy": "Genel Proxy'i Etkinleştir",
"resourceEnableProxyDescription": "Bu kaynağa genel proxy erişimini etkinleştirin. Bu sayede ağ dışından açık bir port üzerinden kaynağa bulut aracılığıyla erişim sağlanır. Traefik yapılandırması gereklidir.",
"externalProxyEnabled": "Dış Proxy Etkinleştirildi"
"externalProxyEnabled": "Dış Proxy Etkinleştirildi",
"addNewTarget": "Yeni Hedef Ekle",
"targetsList": "Hedefler Listesi",
"targetErrorDuplicateTargetFound": "Yinelenen hedef bulundu",
"httpMethod": "HTTP Yöntemi",
"selectHttpMethod": "HTTP yöntemini seçin",
"domainPickerSubdomainLabel": "Alt Alan Adı",
"domainPickerBaseDomainLabel": "Temel Alan Adı",
"domainPickerSearchDomains": "Alan adlarını ara...",
"domainPickerNoDomainsFound": "Hiçbir alan adı bulunamadı",
"domainPickerLoadingDomains": "Alan adları yükleniyor...",
"domainPickerSelectBaseDomain": "Temel alan adını seçin...",
"domainPickerNotAvailableForCname": "CNAME alan adları için kullanılabilir değil",
"domainPickerEnterSubdomainOrLeaveBlank": "Alt alan adını girin veya temel alan adını kullanmak için boş bırakın.",
"domainPickerEnterSubdomainToSearch": "Mevcut ücretsiz alan adları arasından aramak ve seçmek için bir alt alan adı girin.",
"domainPickerFreeDomains": "Ücretsiz Alan Adları",
"domainPickerSearchForAvailableDomains": "Mevcut alan adlarını ara",
"resourceDomain": "Alan Adı",
"resourceEditDomain": "Alan Adını Düzenle",
"siteName": "Site Adı",
"proxyPort": "Bağlantı Noktası",
"resourcesTableProxyResources": "Proxy Kaynaklar",
"resourcesTableClientResources": "İstemci Kaynaklar",
"resourcesTableNoProxyResourcesFound": "Hiçbir proxy kaynağı bulunamadı.",
"resourcesTableNoInternalResourcesFound": "Hiçbir dahili kaynak bulunamadı.",
"resourcesTableDestination": "Hedef",
"resourcesTableTheseResourcesForUseWith": "Bu kaynaklar ile kullanılmak için",
"resourcesTableClients": "İstemciler",
"resourcesTableAndOnlyAccessibleInternally": "veyalnızca bir istemci ile bağlandığında dahili olarak erişilebilir.",
"editInternalResourceDialogEditClientResource": "İstemci Kaynağı Düzenleyin",
"editInternalResourceDialogUpdateResourceProperties": "{resourceName} için kaynak özelliklerini ve hedef yapılandırmasını güncelleyin.",
"editInternalResourceDialogResourceProperties": "Kaynak Özellikleri",
"editInternalResourceDialogName": "Ad",
"editInternalResourceDialogProtocol": "Protokol",
"editInternalResourceDialogSitePort": "Site Bağlantı Noktası",
"editInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
"editInternalResourceDialogDestinationIP": "Hedef IP",
"editInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası",
"editInternalResourceDialogCancel": "İptal",
"editInternalResourceDialogSaveResource": "Kaynağı Kaydet",
"editInternalResourceDialogSuccess": "Başarı",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Dahili kaynak başarıyla güncellendi",
"editInternalResourceDialogError": "Hata",
"editInternalResourceDialogFailedToUpdateInternalResource": "Dahili kaynak güncellenemedi",
"editInternalResourceDialogNameRequired": "Ad gerekli",
"editInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır",
"editInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır",
"editInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır",
"editInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı",
"editInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır",
"editInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır",
"createInternalResourceDialogNoSitesAvailable": "Site Bulunamadı",
"createInternalResourceDialogNoSitesAvailableDescription": "Dahili kaynak oluşturmak için en az bir Newt sitesine ve alt ağa sahip olmalısınız.",
"createInternalResourceDialogClose": "Kapat",
"createInternalResourceDialogCreateClientResource": "İstemci Kaynağı Oluştur",
"createInternalResourceDialogCreateClientResourceDescription": "Seçilen siteye bağlı istemciler için erişilebilir olacak yeni bir kaynak oluşturun.",
"createInternalResourceDialogResourceProperties": "Kaynak Özellikleri",
"createInternalResourceDialogName": "Ad",
"createInternalResourceDialogSite": "Site",
"createInternalResourceDialogSelectSite": "Site seç...",
"createInternalResourceDialogSearchSites": "Siteleri ara...",
"createInternalResourceDialogNoSitesFound": "Site bulunamadı.",
"createInternalResourceDialogProtocol": "Protokol",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "Site Bağlantı Noktası",
"createInternalResourceDialogSitePortDescription": "İstemci ile bağlanıldığında site üzerindeki kaynağa erişmek için bu bağlantı noktasını kullanın.",
"createInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
"createInternalResourceDialogDestinationIP": "Hedef IP",
"createInternalResourceDialogDestinationIPDescription": "Site ağındaki kaynağın IP adresi.",
"createInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası",
"createInternalResourceDialogDestinationPortDescription": "Kaynağa erişilebilecek hedef IP üzerindeki bağlantı noktası.",
"createInternalResourceDialogCancel": "İptal",
"createInternalResourceDialogCreateResource": "Kaynak Oluştur",
"createInternalResourceDialogSuccess": "Başarı",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "Dahili kaynak başarıyla oluşturuldu",
"createInternalResourceDialogError": "Hata",
"createInternalResourceDialogFailedToCreateInternalResource": "Dahili kaynak oluşturulamadı",
"createInternalResourceDialogNameRequired": "Ad gerekli",
"createInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır",
"createInternalResourceDialogPleaseSelectSite": "Lütfen bir site seçin",
"createInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır",
"createInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır",
"createInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı",
"createInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır",
"createInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır",
"siteConfiguration": "Yapılandırma",
"siteAcceptClientConnections": "İstemci Bağlantılarını Kabul Et",
"siteAcceptClientConnectionsDescription": "Bu Newt örneğini bir geçit olarak kullanarak diğer cihazların bağlanmasına izin verin.",
"siteAddress": "Site Adresi",
"siteAddressDescription": "İstemcilerin bağlanması için hostun IP adresini belirtin. Bu, Pangolin ağındaki sitenin iç adresidir ve istemciler için atlas olmalıdır. Org alt ağına düşmelidir.",
"autoLoginExternalIdp": "Harici IDP ile Otomatik Giriş",
"autoLoginExternalIdpDescription": "Kullanıcıyı kimlik doğrulama için otomatik olarak harici IDP'ye yönlendirin.",
"selectIdp": "IDP Seç",
"selectIdpPlaceholder": "IDP seçin...",
"selectIdpRequired": "Otomatik giriş etkinleştirildiğinde lütfen bir IDP seçin.",
"autoLoginTitle": "Yönlendiriliyor",
"autoLoginDescription": "Kimlik doğrulama için harici kimlik sağlayıcıya yönlendiriliyorsunuz.",
"autoLoginProcessing": "Kimlik doğrulama hazırlanıyor...",
"autoLoginRedirecting": "Girişe yönlendiriliyorsunuz...",
"autoLoginError": "Otomatik Giriş Hatası",
"autoLoginErrorNoRedirectUrl": "Kimlik sağlayıcıdan yönlendirme URL'si alınamadı.",
"autoLoginErrorGeneratingUrl": "Kimlik doğrulama URL'si oluşturulamadı."
}

140
messages/zh-CN.json
View File

@@ -94,7 +94,9 @@
"siteNewtTunnelDescription": "最简单的方式来连接到您的网络。不需要任何额外设置。",
"siteWg": "基本 WireGuard",
"siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。",
"siteWgDescriptionSaas": "使用任何WireGuard客户端建立隧道。需要手动配置NAT。仅适用于自托管节点。",
"siteLocalDescription": "仅限本地资源。不需要隧道。",
"siteLocalDescriptionSaas": "仅本地资源。无需隧道。仅适用于自托管节点。",
"siteSeeAll": "查看所有站点",
"siteTunnelDescription": "确定如何连接到您的网站",
"siteNewtCredentials": "Newt 凭据",
@@ -166,7 +168,7 @@
"siteSelect": "选择站点",
"siteSearch": "搜索站点",
"siteNotFound": "未找到站点。",
"siteSelectionDescription": "此站点将为资源提供连接。",
"siteSelectionDescription": "此站点将为目标提供连接。",
"resourceType": "资源类型",
"resourceTypeDescription": "确定如何访问您的资源",
"resourceHTTPSSettings": "HTTPS 设置",
@@ -197,6 +199,7 @@
"general": "概览",
"generalSettings": "常规设置",
"proxy": "代理服务器",
"internal": "内部设置",
"rules": "规则",
"resourceSettingDescription": "配置您资源上的设置",
"resourceSetting": "{resourceName} 设置",
@@ -490,7 +493,7 @@
"targetTlsSniDescription": "SNI使用的 TLS 服务器名称。留空使用默认值。",
"targetTlsSubmit": "保存设置",
"targets": "目标配置",
"targetsDescription": "设置目标来路由流量到您的服务",
"targetsDescription": "设置目标来路由流量到您的后端服务",
"targetStickySessions": "启用置顶会话",
"targetStickySessionsDescription": "将连接保持在同一个后端目标的整个会话中。",
"methodSelect": "选择方法",
@@ -833,6 +836,24 @@
"pincodeRequirementsLength": "PIN码必须是6位数字",
"pincodeRequirementsChars": "PIN 必须只包含数字",
"passwordRequirementsLength": "密码必须至少 1 个字符长",
"passwordRequirementsTitle": "密码要求:",
"passwordRequirementLength": "至少8个字符长",
"passwordRequirementUppercase": "至少一个大写字母",
"passwordRequirementLowercase": "至少一个小写字母",
"passwordRequirementNumber": "至少一个数字",
"passwordRequirementSpecial": "至少一个特殊字符",
"passwordRequirementsMet": "✓ 密码满足所有要求",
"passwordStrength": "密码强度",
"passwordStrengthWeak": "弱",
"passwordStrengthMedium": "中",
"passwordStrengthStrong": "强",
"passwordRequirements": "要求:",
"passwordRequirementLengthText": "8+ 个字符",
"passwordRequirementUppercaseText": "大写字母 (A-Z)",
"passwordRequirementLowercaseText": "小写字母 (a-z)",
"passwordRequirementNumberText": "数字 (0-9)",
"passwordRequirementSpecialText": "特殊字符 (!@#$%...)",
"passwordsDoNotMatch": "密码不匹配",
"otpEmailRequirementsLength": "OTP 必须至少 1 个字符长",
"otpEmailSent": "OTP 已发送",
"otpEmailSentDescription": "OTP 已经发送到您的电子邮件",
@@ -952,6 +973,7 @@
"logoutError": "注销错误",
"signingAs": "登录为",
"serverAdmin": "服务器管理员",
"managedSelfhosted": "托管自托管",
"otpEnable": "启用双因子认证",
"otpDisable": "禁用双因子认证",
"logout": "登出",
@@ -967,6 +989,9 @@
"actionDeleteSite": "删除站点",
"actionGetSite": "获取站点",
"actionListSites": "站点列表",
"setupToken": "设置令牌",
"setupTokenDescription": "从服务器控制台输入设置令牌。",
"setupTokenRequired": "需要设置令牌",
"actionUpdateSite": "更新站点",
"actionListSiteRoles": "允许站点角色列表",
"actionCreateResource": "创建资源",
@@ -1022,6 +1047,11 @@
"actionDeleteIdpOrg": "删除 IDP组织策略",
"actionListIdpOrgs": "列出 IDP组织",
"actionUpdateIdpOrg": "更新 IDP组织",
"actionCreateClient": "创建客户端",
"actionDeleteClient": "删除客户端",
"actionUpdateClient": "更新客户端",
"actionListClients": "列出客户端",
"actionGetClient": "获取客户端",
"noneSelected": "未选择",
"orgNotFound2": "未找到组织。",
"searchProgress": "搜索中...",
@@ -1315,8 +1345,110 @@
"olmErrorFetchLatest": "获取最新 Olm 发布版本时出错。",
"remoteSubnets": "远程子网",
"enterCidrRange": "输入 CIDR 范围",
"remoteSubnetsDescription": "添加远程访问站点的 CIDR 范围。使用格式如 10.0.0.0/24 或 192.168.1.0/24。",
"remoteSubnetsDescription": "添加可以通过客户端远程访问站点的CIDR范围。使用类似10.0.0.0/24的格式。这仅适用于VPN客户端连接。",
"resourceEnableProxy": "启用公共代理",
"resourceEnableProxyDescription": "启用到此资源的公共代理。这允许外部网络通过开放端口访问资源。需要 Traefik 配置。",
"externalProxyEnabled": "外部代理已启用"
"externalProxyEnabled": "外部代理已启用",
"addNewTarget": "添加新目标",
"targetsList": "目标列表",
"targetErrorDuplicateTargetFound": "找到重复的目标",
"httpMethod": "HTTP 方法",
"selectHttpMethod": "选择 HTTP 方法",
"domainPickerSubdomainLabel": "子域名",
"domainPickerBaseDomainLabel": "根域名",
"domainPickerSearchDomains": "搜索域名...",
"domainPickerNoDomainsFound": "未找到域名",
"domainPickerLoadingDomains": "加载域名...",
"domainPickerSelectBaseDomain": "选择根域名...",
"domainPickerNotAvailableForCname": "不适用于CNAME域",
"domainPickerEnterSubdomainOrLeaveBlank": "输入子域名或留空以使用根域名。",
"domainPickerEnterSubdomainToSearch": "输入一个子域名以搜索并从可用免费域名中选择。",
"domainPickerFreeDomains": "免费域名",
"domainPickerSearchForAvailableDomains": "搜索可用域名",
"resourceDomain": "域名",
"resourceEditDomain": "编辑域名",
"siteName": "站点名称",
"proxyPort": "端口",
"resourcesTableProxyResources": "代理资源",
"resourcesTableClientResources": "客户端资源",
"resourcesTableNoProxyResourcesFound": "未找到代理资源。",
"resourcesTableNoInternalResourcesFound": "未找到内部资源。",
"resourcesTableDestination": "目标",
"resourcesTableTheseResourcesForUseWith": "这些资源供...使用",
"resourcesTableClients": "客户端",
"resourcesTableAndOnlyAccessibleInternally": "且仅在与客户端连接时可内部访问。",
"editInternalResourceDialogEditClientResource": "编辑客户端资源",
"editInternalResourceDialogUpdateResourceProperties": "更新{resourceName}的资源属性和目标配置。",
"editInternalResourceDialogResourceProperties": "资源属性",
"editInternalResourceDialogName": "名称",
"editInternalResourceDialogProtocol": "协议",
"editInternalResourceDialogSitePort": "站点端口",
"editInternalResourceDialogTargetConfiguration": "目标配置",
"editInternalResourceDialogDestinationIP": "目标IP",
"editInternalResourceDialogDestinationPort": "目标端口",
"editInternalResourceDialogCancel": "取消",
"editInternalResourceDialogSaveResource": "保存资源",
"editInternalResourceDialogSuccess": "成功",
"editInternalResourceDialogInternalResourceUpdatedSuccessfully": "内部资源更新成功",
"editInternalResourceDialogError": "错误",
"editInternalResourceDialogFailedToUpdateInternalResource": "更新内部资源失败",
"editInternalResourceDialogNameRequired": "名称为必填项",
"editInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符",
"editInternalResourceDialogProxyPortMin": "代理端口必须至少为1",
"editInternalResourceDialogProxyPortMax": "代理端口必须小于65536",
"editInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式",
"editInternalResourceDialogDestinationPortMin": "目标端口必须至少为1",
"editInternalResourceDialogDestinationPortMax": "目标端口必须小于65536",
"createInternalResourceDialogNoSitesAvailable": "暂无可用站点",
"createInternalResourceDialogNoSitesAvailableDescription": "您需要至少配置一个子网的Newt站点来创建内部资源。",
"createInternalResourceDialogClose": "关闭",
"createInternalResourceDialogCreateClientResource": "创建客户端资源",
"createInternalResourceDialogCreateClientResourceDescription": "创建一个新资源,该资源将可供连接到所选站点的客户端访问。",
"createInternalResourceDialogResourceProperties": "资源属性",
"createInternalResourceDialogName": "名称",
"createInternalResourceDialogSite": "站点",
"createInternalResourceDialogSelectSite": "选择站点...",
"createInternalResourceDialogSearchSites": "搜索站点...",
"createInternalResourceDialogNoSitesFound": "未找到站点。",
"createInternalResourceDialogProtocol": "协议",
"createInternalResourceDialogTcp": "TCP",
"createInternalResourceDialogUdp": "UDP",
"createInternalResourceDialogSitePort": "站点端口",
"createInternalResourceDialogSitePortDescription": "使用此端口在连接到客户端时访问站点上的资源。",
"createInternalResourceDialogTargetConfiguration": "目标配置",
"createInternalResourceDialogDestinationIP": "目标IP",
"createInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP地址。",
"createInternalResourceDialogDestinationPort": "目标端口",
"createInternalResourceDialogDestinationPortDescription": "资源在目标IP上可访问的端口。",
"createInternalResourceDialogCancel": "取消",
"createInternalResourceDialogCreateResource": "创建资源",
"createInternalResourceDialogSuccess": "成功",
"createInternalResourceDialogInternalResourceCreatedSuccessfully": "内部资源创建成功",
"createInternalResourceDialogError": "错误",
"createInternalResourceDialogFailedToCreateInternalResource": "创建内部资源失败",
"createInternalResourceDialogNameRequired": "名称为必填项",
"createInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符",
"createInternalResourceDialogPleaseSelectSite": "请选择一个站点",
"createInternalResourceDialogProxyPortMin": "代理端口必须至少为1",
"createInternalResourceDialogProxyPortMax": "代理端口必须小于65536",
"createInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式",
"createInternalResourceDialogDestinationPortMin": "目标端口必须至少为1",
"createInternalResourceDialogDestinationPortMax": "目标端口必须小于65536",
"siteConfiguration": "配置",
"siteAcceptClientConnections": "接受客户端连接",
"siteAcceptClientConnectionsDescription": "允许其他设备通过此Newt实例使用客户端作为网关连接。",
"siteAddress": "站点地址",
"siteAddressDescription": "指定主机的IP地址以供客户端连接。这是Pangolin网络中站点的内部地址供客户端访问。必须在Org子网内。",
"autoLoginExternalIdp": "自动使用外部IDP登录",
"autoLoginExternalIdpDescription": "立即将用户重定向到外部IDP进行身份验证。",
"selectIdp": "选择IDP",
"selectIdpPlaceholder": "选择一个IDP...",
"selectIdpRequired": "在启用自动登录时请选择一个IDP。",
"autoLoginTitle": "重定向中",
"autoLoginDescription": "正在将您重定向到外部身份提供商进行身份验证。",
"autoLoginProcessing": "准备身份验证...",
"autoLoginRedirecting": "重定向到登录...",
"autoLoginError": "自动登录错误",
"autoLoginErrorNoRedirectUrl": "未从身份提供商收到重定向URL。",
"autoLoginErrorGeneratingUrl": "生成身份验证URL失败。"
}

799
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

14
package.json
View File

@@ -21,8 +21,7 @@
"db:clear-migrations": "rm -rf server/migrations",
"build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
"build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
"start:sqlite": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
"start:pg": "DB_TYPE=pg NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
"start": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
"email": "email dev --dir server/emails/templates --port 3005",
"build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
},
@@ -52,9 +51,9 @@
"@radix-ui/react-tooltip": "^1.2.8",
"@react-email/components": "0.5.0",
"@react-email/render": "^1.2.0",
"@react-email/tailwind": "1.2.2",
"@simplewebauthn/browser": "^13.1.0",
"@simplewebauthn/server": "^9.0.3",
"@react-email/tailwind": "1.2.2",
"@tailwindcss/forms": "^0.5.10",
"@tanstack/react-table": "8.21.3",
"arctic": "^3.7.0",
@@ -72,7 +71,7 @@
"drizzle-orm": "0.44.4",
"eslint": "9.33.0",
"eslint-config-next": "15.4.6",
"express": "4.21.2",
"express": "5.1.0",
"express-rate-limit": "8.0.1",
"glob": "11.0.3",
"helmet": "8.1.0",
@@ -93,6 +92,7 @@
"npm": "^11.5.2",
"oslo": "1.2.1",
"pg": "^8.16.2",
"posthog-node": "^5.7.0",
"qrcode.react": "4.2.0",
"react": "19.1.1",
"react-dom": "19.1.1",
@@ -109,9 +109,9 @@
"winston": "3.17.0",
"winston-daily-rotate-file": "5.0.0",
"ws": "8.18.3",
"yargs": "18.0.0",
"zod": "3.25.76",
"zod-validation-error": "3.5.2",
"yargs": "18.0.0"
"zod-validation-error": "3.5.2"
},
"devDependencies": {
"@dotenvx/dotenvx": "1.49.0",
@@ -121,7 +121,7 @@
"@types/cookie-parser": "1.4.9",
"@types/cors": "2.8.19",
"@types/crypto-js": "^4.2.2",
"@types/express": "5.0.0",
"@types/express": "5.0.3",
"@types/express-session": "^1.18.2",
"@types/jmespath": "^0.15.2",
"@types/js-yaml": "4.0.9",

5
server/auth/actions.ts
View File

@@ -69,6 +69,11 @@ export enum ActionsEnum {
deleteResourceRule = "deleteResourceRule",
listResourceRules = "listResourceRules",
updateResourceRule = "updateResourceRule",
createSiteResource = "createSiteResource",
deleteSiteResource = "deleteSiteResource",
getSiteResource = "getSiteResource",
listSiteResources = "listSiteResources",
updateSiteResource = "updateSiteResource",
createClient = "createClient",
deleteClient = "deleteClient",
updateClient = "updateClient",

4
server/auth/sessions/app.ts
View File

@@ -24,8 +24,8 @@ export const SESSION_COOKIE_EXPIRES =
60 *
60 *
config.getRawConfig().server.dashboard_session_length_hours;
export const COOKIE_DOMAIN =
"." + new URL(config.getRawConfig().app.dashboard_url).hostname;
export const COOKIE_DOMAIN = config.getRawConfig().app.dashboard_url ?
"." + new URL(config.getRawConfig().app.dashboard_url!).hostname : undefined;
export function generateSessionToken(): string {
const bytes = new Uint8Array(20);

26
server/auth/sessions/resource.ts
View File

@@ -4,6 +4,9 @@ import { resourceSessions, ResourceSession } from "@server/db";
import { db } from "@server/db";
import { eq, and } from "drizzle-orm";
import config from "@server/lib/config";
import axios from "axios";
import logger from "@server/logger";
import { tokenManager } from "@server/lib/tokenManager";
export const SESSION_COOKIE_NAME =
config.getRawConfig().server.session_cookie_name;
@@ -62,6 +65,29 @@ export async function validateResourceSessionToken(
token: string,
resourceId: number
): Promise<ResourceSessionValidationResult> {
if (config.isManagedMode()) {
try {
const response = await axios.post(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/session/validate`, {
token: token
}, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error validating resource session token in hybrid mode:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error validating resource session token in hybrid mode:", error);
}
return { resourceSession: null };
}
}
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(token))
);

56
server/db/pg/schema.ts
View File

@@ -23,7 +23,8 @@ export const domains = pgTable("domains", {
export const orgs = pgTable("orgs", {
orgId: varchar("orgId").primaryKey(),
name: varchar("name").notNull(),
subnet: varchar("subnet")
subnet: varchar("subnet"),
createdAt: text("createdAt")
});
export const orgDomains = pgTable("orgDomains", {
@@ -65,11 +66,6 @@ export const sites = pgTable("sites", {
export const resources = pgTable("resources", {
resourceId: serial("resourceId").primaryKey(),
siteId: integer("siteId")
.references(() => sites.siteId, {
onDelete: "cascade"
})
.notNull(),
orgId: varchar("orgId")
.references(() => orgs.orgId, {
onDelete: "cascade"
@@ -96,6 +92,9 @@ export const resources = pgTable("resources", {
tlsServerName: varchar("tlsServerName"),
setHostHeader: varchar("setHostHeader"),
enableProxy: boolean("enableProxy").default(true),
skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
onDelete: "cascade"
}),
});
export const targets = pgTable("targets", {
@@ -105,6 +104,11 @@ export const targets = pgTable("targets", {
onDelete: "cascade"
})
.notNull(),
siteId: integer("siteId")
.references(() => sites.siteId, {
onDelete: "cascade"
})
.notNull(),
ip: varchar("ip").notNull(),
method: varchar("method"),
port: integer("port").notNull(),
@@ -120,7 +124,26 @@ export const exitNodes = pgTable("exitNodes", {
publicKey: varchar("publicKey").notNull(),
listenPort: integer("listenPort").notNull(),
reachableAt: varchar("reachableAt"),
maxConnections: integer("maxConnections")
maxConnections: integer("maxConnections"),
online: boolean("online").notNull().default(false),
lastPing: integer("lastPing"),
type: text("type").default("gerbil") // gerbil, remoteExitNode
});
export const siteResources = pgTable("siteResources", { // this is for the clients
siteResourceId: serial("siteResourceId").primaryKey(),
siteId: integer("siteId")
.notNull()
.references(() => sites.siteId, { onDelete: "cascade" }),
orgId: varchar("orgId")
.notNull()
.references(() => orgs.orgId, { onDelete: "cascade" }),
name: varchar("name").notNull(),
protocol: varchar("protocol").notNull(),
proxyPort: integer("proxyPort").notNull(),
destinationPort: integer("destinationPort").notNull(),
destinationIp: varchar("destinationIp").notNull(),
enabled: boolean("enabled").notNull().default(true),
});
export const users = pgTable("user", {
@@ -512,10 +535,10 @@ export const clients = pgTable("clients", {
megabytesIn: real("bytesIn"),
megabytesOut: real("bytesOut"),
lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
lastPing: varchar("lastPing"),
lastPing: integer("lastPing"),
type: varchar("type").notNull(), // "olm"
online: boolean("online").notNull().default(false),
endpoint: varchar("endpoint"),
// endpoint: varchar("endpoint"),
lastHolePunch: integer("lastHolePunch"),
maxConnections: integer("maxConnections")
});
@@ -527,13 +550,15 @@ export const clientSites = pgTable("clientSites", {
siteId: integer("siteId")
.notNull()
.references(() => sites.siteId, { onDelete: "cascade" }),
isRelayed: boolean("isRelayed").notNull().default(false)
isRelayed: boolean("isRelayed").notNull().default(false),
endpoint: varchar("endpoint")
});
export const olms = pgTable("olms", {
olmId: varchar("id").primaryKey(),
secretHash: varchar("secretHash").notNull(),
dateCreated: varchar("dateCreated").notNull(),
version: text("version"),
clientId: integer("clientId").references(() => clients.clientId, {
onDelete: "cascade"
})
@@ -591,6 +616,14 @@ export const webauthnChallenge = pgTable("webauthnChallenge", {
expiresAt: bigint("expiresAt", { mode: "number" }).notNull() // Unix timestamp
});
export const setupTokens = pgTable("setupTokens", {
tokenId: varchar("tokenId").primaryKey(),
token: varchar("token").notNull(),
used: boolean("used").notNull().default(false),
dateCreated: varchar("dateCreated").notNull(),
dateUsed: varchar("dateUsed")
});
export type Org = InferSelectModel<typeof orgs>;
export type User = InferSelectModel<typeof users>;
export type Site = InferSelectModel<typeof sites>;
@@ -636,3 +669,6 @@ export type OlmSession = InferSelectModel<typeof olmSessions>;
export type UserClient = InferSelectModel<typeof userClients>;
export type RoleClient = InferSelectModel<typeof roleClients>;
export type OrgDomains = InferSelectModel<typeof orgDomains>;
export type SiteResource = InferSelectModel<typeof siteResources>;
export type SetupToken = InferSelectModel<typeof setupTokens>;
export type HostMeta = InferSelectModel<typeof hostMeta>;

277
server/db/queries/verifySessionQueries.ts Normal file
View File

@@ -0,0 +1,277 @@
import { db } from "@server/db";
import {
Resource,
ResourcePassword,
ResourcePincode,
ResourceRule,
resourcePassword,
resourcePincode,
resourceRules,
resources,
roleResources,
sessions,
userOrgs,
userResources,
users
} from "@server/db";
import { and, eq } from "drizzle-orm";
import axios from "axios";
import config from "@server/lib/config";
import logger from "@server/logger";
import { tokenManager } from "@server/lib/tokenManager";
export type ResourceWithAuth = {
resource: Resource | null;
pincode: ResourcePincode | null;
password: ResourcePassword | null;
};
export type UserSessionWithUser = {
session: any;
user: any;
};
/**
* Get resource by domain with pincode and password information
*/
export async function getResourceByDomain(
domain: string
): Promise<ResourceWithAuth | null> {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/domain/${domain}`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return null;
}
}
const [result] = await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.where(eq(resources.fullDomain, domain))
.limit(1);
if (!result) {
return null;
}
return {
resource: result.resources,
pincode: result.resourcePincode,
password: result.resourcePassword
};
}
/**
* Get user session with user information
*/
export async function getUserSessionWithUser(
userSessionId: string
): Promise<UserSessionWithUser | null> {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/session/${userSessionId}`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return null;
}
}
const [res] = await db
.select()
.from(sessions)
.leftJoin(users, eq(users.userId, sessions.userId))
.where(eq(sessions.sessionId, userSessionId));
if (!res) {
return null;
}
return {
session: res.session,
user: res.user
};
}
/**
* Get user organization role
*/
export async function getUserOrgRole(userId: string, orgId: string) {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return null;
}
}
const userOrgRole = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, userId),
eq(userOrgs.orgId, orgId)
)
)
.limit(1);
return userOrgRole.length > 0 ? userOrgRole[0] : null;
}
/**
* Check if role has access to resource
*/
export async function getRoleResourceAccess(resourceId: number, roleId: number) {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return null;
}
}
const roleResourceAccess = await db
.select()
.from(roleResources)
.where(
and(
eq(roleResources.resourceId, resourceId),
eq(roleResources.roleId, roleId)
)
)
.limit(1);
return roleResourceAccess.length > 0 ? roleResourceAccess[0] : null;
}
/**
* Check if user has direct access to resource
*/
export async function getUserResourceAccess(userId: string, resourceId: number) {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return null;
}
}
const userResourceAccess = await db
.select()
.from(userResources)
.where(
and(
eq(userResources.userId, userId),
eq(userResources.resourceId, resourceId)
)
)
.limit(1);
return userResourceAccess.length > 0 ? userResourceAccess[0] : null;
}
/**
* Get resource rules for a given resource
*/
export async function getResourceRules(resourceId: number): Promise<ResourceRule[]> {
if (config.isManagedMode()) {
try {
const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`, await tokenManager.getAuthHeader());
return response.data.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error fetching config in verify session:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching config in verify session:", error);
}
return [];
}
}
const rules = await db
.select()
.from(resourceRules)
.where(eq(resourceRules.resourceId, resourceId));
return rules;
}

66
server/db/sqlite/schema.ts
View File

@@ -16,7 +16,8 @@ export const domains = sqliteTable("domains", {
export const orgs = sqliteTable("orgs", {
orgId: text("orgId").primaryKey(),
name: text("name").notNull(),
subnet: text("subnet")
subnet: text("subnet"),
createdAt: text("createdAt")
});
export const userDomains = sqliteTable("userDomains", {
@@ -66,16 +67,11 @@ export const sites = sqliteTable("sites", {
dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
.notNull()
.default(true),
remoteSubnets: text("remoteSubnets"), // comma-separated list of subnets that this site can access
remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access
});
export const resources = sqliteTable("resources", {
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
siteId: integer("siteId")
.references(() => sites.siteId, {
onDelete: "cascade"
})
.notNull(),
orgId: text("orgId")
.references(() => orgs.orgId, {
onDelete: "cascade"
@@ -108,6 +104,9 @@ export const resources = sqliteTable("resources", {
tlsServerName: text("tlsServerName"),
setHostHeader: text("setHostHeader"),
enableProxy: integer("enableProxy", { mode: "boolean" }).default(true),
skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
onDelete: "cascade"
}),
});
export const targets = sqliteTable("targets", {
@@ -117,6 +116,11 @@ export const targets = sqliteTable("targets", {
onDelete: "cascade"
})
.notNull(),
siteId: integer("siteId")
.references(() => sites.siteId, {
onDelete: "cascade"
})
.notNull(),
ip: text("ip").notNull(),
method: text("method"),
port: integer("port").notNull(),
@@ -132,7 +136,26 @@ export const exitNodes = sqliteTable("exitNodes", {
publicKey: text("publicKey").notNull(),
listenPort: integer("listenPort").notNull(),
reachableAt: text("reachableAt"), // this is the internal address of the gerbil http server for command control
maxConnections: integer("maxConnections")
maxConnections: integer("maxConnections"),
online: integer("online", { mode: "boolean" }).notNull().default(false),
lastPing: integer("lastPing"),
type: text("type").default("gerbil") // gerbil, remoteExitNode
});
export const siteResources = sqliteTable("siteResources", { // this is for the clients
siteResourceId: integer("siteResourceId").primaryKey({ autoIncrement: true }),
siteId: integer("siteId")
.notNull()
.references(() => sites.siteId, { onDelete: "cascade" }),
orgId: text("orgId")
.notNull()
.references(() => orgs.orgId, { onDelete: "cascade" }),
name: text("name").notNull(),
protocol: text("protocol").notNull(),
proxyPort: integer("proxyPort").notNull(),
destinationPort: integer("destinationPort").notNull(),
destinationIp: text("destinationIp").notNull(),
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
});
export const users = sqliteTable("user", {
@@ -165,9 +188,11 @@ export const users = sqliteTable("user", {
export const securityKeys = sqliteTable("webauthnCredentials", {
credentialId: text("credentialId").primaryKey(),
userId: text("userId").notNull().references(() => users.userId, {
onDelete: "cascade"
}),
userId: text("userId")
.notNull()
.references(() => users.userId, {
onDelete: "cascade"
}),
publicKey: text("publicKey").notNull(),
signCount: integer("signCount").notNull(),
transports: text("transports"),
@@ -186,6 +211,14 @@ export const webauthnChallenge = sqliteTable("webauthnChallenge", {
expiresAt: integer("expiresAt").notNull() // Unix timestamp
});
export const setupTokens = sqliteTable("setupTokens", {
tokenId: text("tokenId").primaryKey(),
token: text("token").notNull(),
used: integer("used", { mode: "boolean" }).notNull().default(false),
dateCreated: text("dateCreated").notNull(),
dateUsed: text("dateUsed")
});
export const newts = sqliteTable("newt", {
newtId: text("id").primaryKey(),
secretHash: text("secretHash").notNull(),
@@ -212,10 +245,10 @@ export const clients = sqliteTable("clients", {
megabytesIn: integer("bytesIn"),
megabytesOut: integer("bytesOut"),
lastBandwidthUpdate: text("lastBandwidthUpdate"),
lastPing: text("lastPing"),
lastPing: integer("lastPing"),
type: text("type").notNull(), // "olm"
online: integer("online", { mode: "boolean" }).notNull().default(false),
endpoint: text("endpoint"),
// endpoint: text("endpoint"),
lastHolePunch: integer("lastHolePunch")
});
@@ -226,13 +259,15 @@ export const clientSites = sqliteTable("clientSites", {
siteId: integer("siteId")
.notNull()
.references(() => sites.siteId, { onDelete: "cascade" }),
isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false)
isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false),
endpoint: text("endpoint")
});
export const olms = sqliteTable("olms", {
olmId: text("id").primaryKey(),
secretHash: text("secretHash").notNull(),
dateCreated: text("dateCreated").notNull(),
version: text("version"),
clientId: integer("clientId").references(() => clients.clientId, {
onDelete: "cascade"
})
@@ -677,4 +712,7 @@ export type Idp = InferSelectModel<typeof idp>;
export type ApiKey = InferSelectModel<typeof apiKeys>;
export type ApiKeyAction = InferSelectModel<typeof apiKeyActions>;
export type ApiKeyOrg = InferSelectModel<typeof apiKeyOrg>;
export type SiteResource = InferSelectModel<typeof siteResources>;
export type OrgDomains = InferSelectModel<typeof orgDomains>;
export type SetupToken = InferSelectModel<typeof setupTokens>;
export type HostMeta = InferSelectModel<typeof hostMeta>;

5
server/emails/index.ts
View File

@@ -6,6 +6,11 @@ import logger from "@server/logger";
import SMTPTransport from "nodemailer/lib/smtp-transport";
function createEmailClient() {
if (config.isManagedMode()) {
// LETS NOT WORRY ABOUT EMAILS IN HYBRID
return;
}
const emailConfig = config.getRawConfig().email;
if (!emailConfig) {
logger.warn(

2
server/emails/templates/WelcomeQuickStart.tsx
View File

@@ -88,7 +88,7 @@ export const WelcomeQuickStart = ({
To learn how to use Newt, including more
installation methods, visit the{" "}
<a
href="https://docs.fossorial.io"
href="https://docs.digpangolin.com/manage/sites/install-site"
className="underline"
>
docs

151
server/hybridServer.ts Normal file
View File

@@ -0,0 +1,151 @@
import logger from "@server/logger";
import config from "@server/lib/config";
import { createWebSocketClient } from "./routers/ws/client";
import { addPeer, deletePeer } from "./routers/gerbil/peers";
import { db, exitNodes } from "./db";
import { TraefikConfigManager } from "./lib/traefikConfig";
import { tokenManager } from "./lib/tokenManager";
import { APP_VERSION } from "./lib/consts";
import axios from "axios";
export async function createHybridClientServer() {
logger.info("Starting hybrid client server...");
// Start the token manager
await tokenManager.start();
const token = await tokenManager.getToken();
const monitor = new TraefikConfigManager();
await monitor.start();
// Create client
const client = createWebSocketClient(
token,
config.getRawConfig().managed!.endpoint!,
{
reconnectInterval: 5000,
pingInterval: 30000,
pingTimeout: 10000
}
);
// Register message handlers
client.registerHandler("remoteExitNode/peers/add", async (message) => {
const { publicKey, allowedIps } = message.data;
// TODO: we are getting the exit node twice here
// NOTE: there should only be one gerbil registered so...
const [exitNode] = await db.select().from(exitNodes).limit(1);
await addPeer(exitNode.exitNodeId, {
publicKey: publicKey,
allowedIps: allowedIps || []
});
});
client.registerHandler("remoteExitNode/peers/remove", async (message) => {
const { publicKey } = message.data;
// TODO: we are getting the exit node twice here
// NOTE: there should only be one gerbil registered so...
const [exitNode] = await db.select().from(exitNodes).limit(1);
await deletePeer(exitNode.exitNodeId, publicKey);
});
// /update-proxy-mapping
client.registerHandler("remoteExitNode/update-proxy-mapping", async (message) => {
try {
const [exitNode] = await db.select().from(exitNodes).limit(1);
if (!exitNode) {
logger.error("No exit node found for proxy mapping update");
return;
}
const response = await axios.post(`${exitNode.endpoint}/update-proxy-mapping`, message.data);
logger.info(`Successfully updated proxy mapping: ${response.status}`);
} catch (error) {
// pull data out of the axios error to log
if (axios.isAxiosError(error)) {
logger.error("Error updating proxy mapping:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error updating proxy mapping:", error);
}
}
});
// /update-destinations
client.registerHandler("remoteExitNode/update-destinations", async (message) => {
try {
const [exitNode] = await db.select().from(exitNodes).limit(1);
if (!exitNode) {
logger.error("No exit node found for destinations update");
return;
}
const response = await axios.post(`${exitNode.endpoint}/update-destinations`, message.data);
logger.info(`Successfully updated destinations: ${response.status}`);
} catch (error) {
// pull data out of the axios error to log
if (axios.isAxiosError(error)) {
logger.error("Error updating destinations:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error updating destinations:", error);
}
}
});
client.registerHandler("remoteExitNode/traefik/reload", async (message) => {
await monitor.HandleTraefikConfig();
});
// Listen to connection events
client.on("connect", () => {
logger.info("Connected to WebSocket server");
client.sendMessage("remoteExitNode/register", {
remoteExitNodeVersion: APP_VERSION
});
});
client.on("disconnect", () => {
logger.info("Disconnected from WebSocket server");
});
client.on("message", (message) => {
logger.info(
`Received message: ${message.type} ${JSON.stringify(message.data)}`
);
});
// Connect to the server
try {
await client.connect();
logger.info("Connection initiated");
} catch (error) {
logger.error("Failed to connect:", error);
}
// Store the ping interval stop function for cleanup if needed
const stopPingInterval = client.sendMessageInterval(
"remoteExitNode/ping",
{ timestamp: Date.now() / 1000 },
60000
); // send every minute
// Return client and cleanup function for potential use
return { client, stopPingInterval };
}

24
server/index.ts
View File

@@ -7,16 +7,35 @@ import { createNextServer } from "./nextServer";
import { createInternalServer } from "./internalServer";
import { ApiKey, ApiKeyOrg, Session, User, UserOrg } from "@server/db";
import { createIntegrationApiServer } from "./integrationApiServer";
import { createHybridClientServer } from "./hybridServer";
import config from "@server/lib/config";
import { setHostMeta } from "@server/lib/hostMeta";
import { initTelemetryClient } from "./lib/telemetry.js";
import { TraefikConfigManager } from "./lib/traefikConfig.js";
async function startServers() {
await setHostMeta();
await config.initServer();
await runSetupFunctions();
initTelemetryClient();
// Start all servers
const apiServer = createApiServer();
const internalServer = createInternalServer();
const nextServer = await createNextServer();
let hybridClientServer;
let nextServer;
if (config.isManagedMode()) {
hybridClientServer = await createHybridClientServer();
} else {
nextServer = await createNextServer();
if (config.getRawConfig().traefik.file_mode) {
const monitor = new TraefikConfigManager();
await monitor.start();
}
}
let integrationServer;
if (config.getRawConfig().flags?.enable_integration_api) {
@@ -27,7 +46,8 @@ async function startServers() {
apiServer,
nextServer,
internalServer,
integrationServer
integrationServer,
hybridClientServer
};
}

20
server/lib/config.ts
View File

@@ -30,12 +30,6 @@ export class Config {
throw new Error(`Invalid configuration file: ${errors}`);
}
if (process.env.APP_BASE_DOMAIN) {
console.log(
"WARNING: You're using deprecated environment variables. Transition to the configuration file. https://docs.fossorial.io/"
);
}
if (
// @ts-ignore
parsedConfig.users ||
@@ -102,16 +96,18 @@ export class Config {
if (!this.rawConfig) {
throw new Error("Config not loaded. Call load() first.");
}
license.setServerSecret(this.rawConfig.server.secret);
if (this.rawConfig.managed) {
// LETS NOT WORRY ABOUT THE SERVER SECRET WHEN MANAGED
return;
}
license.setServerSecret(this.rawConfig.server.secret!);
await this.checkKeyStatus();
}
private async checkKeyStatus() {
const licenseStatus = await license.check();
if (
!licenseStatus.isHostLicensed
) {
if (!licenseStatus.isHostLicensed) {
this.checkSupporterKey();
}
}
@@ -153,6 +149,10 @@ export class Config {
return false;
}
public isManagedMode() {
return typeof this.rawConfig?.managed === "object";
}
public async checkSupporterKey() {
const [key] = await db.select().from(supporterKey).limit(1);

2
server/lib/consts.ts
View File

@@ -2,7 +2,7 @@ import path from "path";
import { fileURLToPath } from "url";
// This is a placeholder value replaced by the build process
export const APP_VERSION = "1.8.0";
export const APP_VERSION = "1.9.0";
export const __FILENAME = fileURLToPath(import.meta.url);
export const __DIRNAME = path.dirname(__FILENAME);

86
server/lib/exitNodeComms.ts Normal file
View File

@@ -0,0 +1,86 @@
import axios from "axios";
import logger from "@server/logger";
import { ExitNode } from "@server/db";
interface ExitNodeRequest {
remoteType: string;
localPath: string;
method?: "POST" | "DELETE" | "GET" | "PUT";
data?: any;
queryParams?: Record<string, string>;
}
/**
* Sends a request to an exit node, handling both remote and local exit nodes
* @param exitNode The exit node to send the request to
* @param request The request configuration
* @returns Promise<any> Response data for local nodes, undefined for remote nodes
*/
export async function sendToExitNode(
exitNode: ExitNode,
request: ExitNodeRequest
): Promise<any> {
if (!exitNode.reachableAt) {
throw new Error(
`Exit node with ID ${exitNode.exitNodeId} is not reachable`
);
}
// Handle local exit node with HTTP API
const method = request.method || "POST";
let url = `${exitNode.reachableAt}${request.localPath}`;
// Add query parameters if provided
if (request.queryParams) {
const params = new URLSearchParams(request.queryParams);
url += `?${params.toString()}`;
}
try {
let response;
switch (method) {
case "POST":
response = await axios.post(url, request.data, {
headers: {
"Content-Type": "application/json"
}
});
break;
case "DELETE":
response = await axios.delete(url);
break;
case "GET":
response = await axios.get(url);
break;
case "PUT":
response = await axios.put(url, request.data, {
headers: {
"Content-Type": "application/json"
}
});
break;
default:
throw new Error(`Unsupported HTTP method: ${method}`);
}
logger.info(`Exit node request successful:`, {
method,
url,
status: response.data.status
});
return response.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error(
`Error making ${method} request (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}`
);
} else {
logger.error(
`Error making ${method} request for exit node at ${exitNode.reachableAt}: ${error}`
);
}
throw error;
}
}

59
server/lib/exitNodes/exitNodes.ts Normal file
View File

@@ -0,0 +1,59 @@
import { db, exitNodes } from "@server/db";
import logger from "@server/logger";
import { ExitNodePingResult } from "@server/routers/newt";
import { eq } from "drizzle-orm";
export async function verifyExitNodeOrgAccess(
exitNodeId: number,
orgId: string
) {
const [exitNode] = await db
.select()
.from(exitNodes)
.where(eq(exitNodes.exitNodeId, exitNodeId));
// For any other type, deny access
return { hasAccess: true, exitNode };
}
export async function listExitNodes(orgId: string, filterOnline = false) {
// TODO: pick which nodes to send and ping better than just all of them that are not remote
const allExitNodes = await db
.select({
exitNodeId: exitNodes.exitNodeId,
name: exitNodes.name,
address: exitNodes.address,
endpoint: exitNodes.endpoint,
publicKey: exitNodes.publicKey,
listenPort: exitNodes.listenPort,
reachableAt: exitNodes.reachableAt,
maxConnections: exitNodes.maxConnections,
online: exitNodes.online,
lastPing: exitNodes.lastPing,
type: exitNodes.type
})
.from(exitNodes);
// Filter the nodes. If there are NO remoteExitNodes then do nothing. If there are then remove all of the non-remoteExitNodes
if (allExitNodes.length === 0) {
logger.warn("No exit nodes found!");
return [];
}
return allExitNodes;
}
export function selectBestExitNode(
pingResults: ExitNodePingResult[]
): ExitNodePingResult | null {
if (!pingResults || pingResults.length === 0) {
logger.warn("No ping results provided");
return null;
}
return pingResults[0];
}
export async function checkExitNodeOrg(exitNodeId: number, orgId: string) {
return false;
}

2
server/lib/exitNodes/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from "./exitNodes";
export * from "./shared";

30
server/lib/exitNodes/shared.ts Normal file
View File

@@ -0,0 +1,30 @@
import { db, exitNodes } from "@server/db";
import config from "@server/lib/config";
import { findNextAvailableCidr } from "@server/lib/ip";
export async function getNextAvailableSubnet(): Promise<string> {
// Get all existing subnets from routes table
const existingAddresses = await db
.select({
address: exitNodes.address
})
.from(exitNodes);
const addresses = existingAddresses.map((a) => a.address);
let subnet = findNextAvailableCidr(
addresses,
config.getRawConfig().gerbil.block_size,
config.getRawConfig().gerbil.subnet_group
);
if (!subnet) {
throw new Error("No available subnets remaining in space");
}
// replace the last octet with 1
subnet =
subnet.split(".").slice(0, 3).join(".") +
".1" +
"/" +
subnet.split("/")[1];
return subnet;
}

13
server/setup/setHostMeta.ts → server/lib/hostMeta.ts
View File

@@ -1,7 +1,9 @@
import { db } from "@server/db";
import { db, HostMeta } from "@server/db";
import { hostMeta } from "@server/db";
import { v4 as uuidv4 } from "uuid";
let gotHostMeta: HostMeta | undefined;
export async function setHostMeta() {
const [existing] = await db.select().from(hostMeta).limit(1);
@@ -15,3 +17,12 @@ export async function setHostMeta() {
.insert(hostMeta)
.values({ hostMetaId: id, createdAt: new Date().getTime() });
}
export async function getHostMeta() {
if (gotHostMeta) {
return gotHostMeta;
}
const [meta] = await db.select().from(hostMeta).limit(1);
gotHostMeta = meta;
return meta;
}

1
server/lib/index.ts
View File

@@ -1 +1,2 @@
export * from "./response";
export { tokenManager, TokenManager } from "./tokenManager";

103
server/lib/readConfigFile.ts
View File

@@ -3,7 +3,6 @@ import yaml from "js-yaml";
import { configFilePath1, configFilePath2 } from "./consts";
import { z } from "zod";
import stoi from "./stoi";
import { build } from "@server/build";
const portSchema = z.number().positive().gt(0).lte(65535);
@@ -17,16 +16,38 @@ export const configSchema = z
dashboard_url: z
.string()
.url()
.optional()
.pipe(z.string().url())
.transform((url) => url.toLowerCase()),
.transform((url) => url.toLowerCase())
.optional(),
log_level: z
.enum(["debug", "info", "warn", "error"])
.optional()
.default("info"),
save_logs: z.boolean().optional().default(false),
log_failed_attempts: z.boolean().optional().default(false)
log_failed_attempts: z.boolean().optional().default(false),
telemetry: z
.object({
anonymous_usage: z.boolean().optional().default(true)
})
.optional()
.default({})
}).optional().default({
log_level: "info",
save_logs: false,
log_failed_attempts: false,
telemetry: {
anonymous_usage: true
}
}),
managed: z
.object({
name: z.string().optional(),
id: z.string().optional(),
secret: z.string().optional(),
endpoint: z.string().optional().default("https://pangolin.fossorial.io"),
redirect_endpoint: z.string().optional()
})
.optional(),
domains: z
.record(
z.string(),
@@ -43,7 +64,7 @@ export const configSchema = z
server: z.object({
integration_port: portSchema
.optional()
.default(3003)
.default(3004)
.transform(stoi)
.pipe(portSchema.optional()),
external_port: portSchema
@@ -108,9 +129,25 @@ export const configSchema = z
trust_proxy: z.number().int().gte(0).optional().default(1),
secret: z
.string()
.optional()
.transform(getEnvOrYaml("SERVER_SECRET"))
.pipe(z.string().min(8))
.optional()
}).optional().default({
integration_port: 3003,
external_port: 3000,
internal_port: 3001,
next_port: 3002,
internal_hostname: "pangolin",
session_cookie_name: "p_session_token",
resource_access_token_param: "p_token",
resource_access_token_headers: {
id: "P-Access-Token-Id",
token: "P-Access-Token"
},
resource_session_request_param: "resource_session_request_param",
dashboard_session_length_hours: 720,
resource_session_length_hours: 720,
trust_proxy: 1
}),
postgres: z
.object({
@@ -130,7 +167,20 @@ export const configSchema = z
https_entrypoint: z.string().optional().default("websecure"),
additional_middlewares: z.array(z.string()).optional(),
cert_resolver: z.string().optional().default("letsencrypt"),
prefer_wildcard_cert: z.boolean().optional().default(false)
prefer_wildcard_cert: z.boolean().optional().default(false),
certificates_path: z.string().default("/var/certificates"),
monitor_interval: z.number().default(5000),
dynamic_cert_config_path: z
.string()
.optional()
.default("/var/dynamic/cert_config.yml"),
dynamic_router_config_path: z
.string()
.optional()
.default("/var/dynamic/router_config.yml"),
static_domains: z.array(z.string()).optional().default([]),
site_types: z.array(z.string()).optional().default(["newt", "wireguard", "local"]),
file_mode: z.boolean().optional().default(false)
})
.optional()
.default({}),
@@ -213,7 +263,10 @@ export const configSchema = z
smtp_host: z.string().optional(),
smtp_port: portSchema.optional(),
smtp_user: z.string().optional(),
smtp_pass: z.string().optional().transform(getEnvOrYaml("EMAIL_SMTP_PASS")),
smtp_pass: z
.string()
.optional()
.transform(getEnvOrYaml("EMAIL_SMTP_PASS")),
smtp_secure: z.boolean().optional(),
smtp_tls_reject_unauthorized: z.boolean().optional(),
no_reply: z.string().email().optional()
@@ -229,7 +282,7 @@ export const configSchema = z
disable_local_sites: z.boolean().optional(),
disable_basic_wireguard_sites: z.boolean().optional(),
disable_config_managed_domains: z.boolean().optional(),
enable_clients: z.boolean().optional().default(true),
enable_clients: z.boolean().optional().default(true)
})
.optional(),
dns: z
@@ -252,6 +305,10 @@ export const configSchema = z
if (data.flags?.disable_config_managed_domains) {
return true;
}
// If hybrid is defined, domains are not required
if (data.managed) {
return true;
}
if (keys.length === 0) {
return false;
}
@@ -260,6 +317,32 @@ export const configSchema = z
{
message: "At least one domain must be defined"
}
)
.refine(
(data) => {
// If hybrid is defined, server secret is not required
if (data.managed) {
return true;
}
// If hybrid is not defined, server secret must be defined
return data.server?.secret !== undefined && data.server.secret.length > 0;
},
{
message: "Server secret must be defined"
}
)
.refine(
(data) => {
// If hybrid is defined, dashboard_url is not required
if (data.managed) {
return true;
}
// If hybrid is not defined, dashboard_url must be defined
return data.app.dashboard_url !== undefined && data.app.dashboard_url.length > 0;
},
{
message: "Dashboard URL must be defined"
}
);
export function readConfigFile() {
@@ -287,7 +370,7 @@ export function readConfigFile() {
if (!environment) {
throw new Error(
"No configuration file found. Please create one. https://docs.fossorial.io/"
"No configuration file found. Please create one. https://docs.digpangolin.com/self-host/advanced/config-file"
);
}

78
server/lib/remoteCertificates/certificates.ts Normal file
View File

@@ -0,0 +1,78 @@
import axios from "axios";
import { tokenManager } from "../tokenManager";
import logger from "@server/logger";
import config from "../config";
/**
* Get valid certificates for the specified domains
*/
export async function getValidCertificatesForDomainsHybrid(domains: Set<string>): Promise<
Array<{
id: number;
domain: string;
certFile: string | null;
keyFile: string | null;
expiresAt: Date | null;
updatedAt?: Date | null;
}>
> {
if (domains.size === 0) {
return [];
}
const domainArray = Array.from(domains);
try {
const response = await axios.get(
`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/certificates/domains`,
{
params: {
domains: domainArray
},
headers: (await tokenManager.getAuthHeader()).headers
}
);
if (response.status !== 200) {
logger.error(
`Failed to fetch certificates for domains: ${response.status} ${response.statusText}`,
{ responseData: response.data, domains: domainArray }
);
return [];
}
// logger.debug(
// `Successfully retrieved ${response.data.data?.length || 0} certificates for ${domainArray.length} domains`
// );
return response.data.data;
} catch (error) {
// pull data out of the axios error to log
if (axios.isAxiosError(error)) {
logger.error("Error getting certificates:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error getting certificates:", error);
}
return [];
}
}
export async function getValidCertificatesForDomains(domains: Set<string>): Promise<
Array<{
id: number;
domain: string;
certFile: string | null;
keyFile: string | null;
expiresAt: Date | null;
updatedAt?: Date | null;
}>
> {
return []; // stub
}

1
server/lib/remoteCertificates/index.ts Normal file
View File

@@ -0,0 +1 @@
export * from "./certificates";

73
server/lib/remoteProxy.ts Normal file
View File

@@ -0,0 +1,73 @@
import { Request, Response, NextFunction } from "express";
import { Router } from "express";
import axios from "axios";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import config from "@server/lib/config";
import { tokenManager } from "./tokenManager";
/**
* Proxy function that forwards requests to the remote cloud server
*/
export const proxyToRemote = async (
req: Request,
res: Response,
next: NextFunction,
endpoint: string
): Promise<any> => {
try {
const remoteUrl = `${config.getRawConfig().managed?.endpoint?.replace(/\/$/, '')}/api/v1/${endpoint}`;
logger.debug(`Proxying request to remote server: ${remoteUrl}`);
// Forward the request to the remote server
const response = await axios({
method: req.method as any,
url: remoteUrl,
data: req.body,
headers: {
'Content-Type': 'application/json',
...(await tokenManager.getAuthHeader()).headers
},
params: req.query,
timeout: 30000, // 30 second timeout
validateStatus: () => true // Don't throw on non-2xx status codes
});
logger.debug(`Proxy response: ${JSON.stringify(response.data)}`);
// Forward the response status and data
return res.status(response.status).json(response.data);
} catch (error) {
logger.error("Error proxying request to remote server:", error);
if (axios.isAxiosError(error)) {
if (error.code === 'ECONNREFUSED' || error.code === 'ENOTFOUND') {
return next(
createHttpError(
HttpCode.SERVICE_UNAVAILABLE,
"Remote server is unavailable"
)
);
}
if (error.code === 'ECONNABORTED') {
return next(
createHttpError(
HttpCode.REQUEST_TIMEOUT,
"Request to remote server timed out"
)
);
}
}
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error communicating with remote server"
)
);
}
};

304
server/lib/telemetry.ts Normal file
View File

@@ -0,0 +1,304 @@
import { PostHog } from "posthog-node";
import config from "./config";
import { getHostMeta } from "./hostMeta";
import logger from "@server/logger";
import { apiKeys, db, roles } from "@server/db";
import { sites, users, orgs, resources, clients, idp } from "@server/db";
import { eq, count, notInArray } from "drizzle-orm";
import { APP_VERSION } from "./consts";
import crypto from "crypto";
import { UserType } from "@server/types/UserTypes";
import { build } from "@server/build";
class TelemetryClient {
private client: PostHog | null = null;
private enabled: boolean;
private intervalId: NodeJS.Timeout | null = null;
constructor() {
const enabled = config.getRawConfig().app.telemetry.anonymous_usage;
this.enabled = enabled;
const dev = process.env.ENVIRONMENT !== "prod";
if (dev) {
return;
}
if (build !== "oss") {
return;
}
if (this.enabled) {
this.client = new PostHog(
"phc_QYuATSSZt6onzssWcYJbXLzQwnunIpdGGDTYhzK3VjX",
{
host: "https://digpangolin.com/relay-O7yI"
}
);
process.on("exit", () => {
this.client?.shutdown();
});
this.sendStartupEvents().catch((err) => {
logger.error("Failed to send startup telemetry:", err);
});
this.startAnalyticsInterval();
logger.info(
"Pangolin now gathers anonymous usage data to help us better understand how the software is used and guide future improvements and feature development. You can find more details, including instructions for opting out of this anonymous data collection, at: https://docs.digpangolin.com/telemetry"
);
} else if (!this.enabled) {
logger.info(
"Analytics usage statistics collection is disabled. If you enable this, you can help us make Pangolin better for everyone. Learn more at: https://docs.digpangolin.com/telemetry"
);
}
}
private startAnalyticsInterval() {
this.intervalId = setInterval(
() => {
this.collectAndSendAnalytics().catch((err) => {
logger.error("Failed to collect analytics:", err);
});
},
6 * 60 * 60 * 1000
);
this.collectAndSendAnalytics().catch((err) => {
logger.error("Failed to collect initial analytics:", err);
});
}
private anon(value: string): string {
return crypto
.createHash("sha256")
.update(value.toLowerCase())
.digest("hex");
}
private async getSystemStats() {
try {
const [sitesCount] = await db
.select({ count: count() })
.from(sites);
const [usersCount] = await db
.select({ count: count() })
.from(users);
const [usersInternalCount] = await db
.select({ count: count() })
.from(users)
.where(eq(users.type, UserType.Internal));
const [usersOidcCount] = await db
.select({ count: count() })
.from(users)
.where(eq(users.type, UserType.OIDC));
const [orgsCount] = await db.select({ count: count() }).from(orgs);
const [resourcesCount] = await db
.select({ count: count() })
.from(resources);
const [clientsCount] = await db
.select({ count: count() })
.from(clients);
const [idpCount] = await db.select({ count: count() }).from(idp);
const [onlineSitesCount] = await db
.select({ count: count() })
.from(sites)
.where(eq(sites.online, true));
const [numApiKeys] = await db
.select({ count: count() })
.from(apiKeys);
const [customRoles] = await db
.select({ count: count() })
.from(roles)
.where(notInArray(roles.name, ["Admin", "Member"]));
const adminUsers = await db
.select({ email: users.email })
.from(users)
.where(eq(users.serverAdmin, true));
const resourceDetails = await db
.select({
name: resources.name,
sso: resources.sso,
protocol: resources.protocol,
http: resources.http
})
.from(resources);
const siteDetails = await db
.select({
siteName: sites.name,
megabytesIn: sites.megabytesIn,
megabytesOut: sites.megabytesOut,
type: sites.type,
online: sites.online
})
.from(sites);
const supporterKey = config.getSupporterData();
return {
numSites: sitesCount.count,
numUsers: usersCount.count,
numUsersInternal: usersInternalCount.count,
numUsersOidc: usersOidcCount.count,
numOrganizations: orgsCount.count,
numResources: resourcesCount.count,
numClients: clientsCount.count,
numIdentityProviders: idpCount.count,
numSitesOnline: onlineSitesCount.count,
resources: resourceDetails,
adminUsers: adminUsers.map((u) => u.email),
sites: siteDetails,
appVersion: APP_VERSION,
numApiKeys: numApiKeys.count,
numCustomRoles: customRoles.count,
supporterStatus: {
valid: supporterKey?.valid || false,
tier: supporterKey?.tier || "None",
githubUsername: supporterKey?.githubUsername || null
}
};
} catch (error) {
logger.error("Failed to collect system stats:", error);
throw error;
}
}
private async sendStartupEvents() {
if (!this.enabled || !this.client) return;
const hostMeta = await getHostMeta();
if (!hostMeta) return;
const stats = await this.getSystemStats();
this.client.capture({
distinctId: hostMeta.hostMetaId,
event: "supporter_status",
properties: {
valid: stats.supporterStatus.valid,
tier: stats.supporterStatus.tier,
github_username: stats.supporterStatus.githubUsername
? this.anon(stats.supporterStatus.githubUsername)
: "None"
}
});
this.client.capture({
distinctId: hostMeta.hostMetaId,
event: "host_startup",
properties: {
host_id: hostMeta.hostMetaId,
app_version: stats.appVersion,
install_timestamp: hostMeta.createdAt
}
});
for (const email of stats.adminUsers) {
// There should only be on admin user, but just in case
if (email) {
this.client.capture({
distinctId: this.anon(email),
event: "admin_user",
properties: {
host_id: hostMeta.hostMetaId,
app_version: stats.appVersion,
hashed_email: this.anon(email)
}
});
}
}
}
private async collectAndSendAnalytics() {
if (!this.enabled || !this.client) return;
try {
const hostMeta = await getHostMeta();
if (!hostMeta) {
logger.warn(
"Telemetry: Host meta not found, skipping analytics"
);
return;
}
const stats = await this.getSystemStats();
this.client.capture({
distinctId: hostMeta.hostMetaId,
event: "system_analytics",
properties: {
app_version: stats.appVersion,
num_sites: stats.numSites,
num_users: stats.numUsers,
num_users_internal: stats.numUsersInternal,
num_users_oidc: stats.numUsersOidc,
num_organizations: stats.numOrganizations,
num_resources: stats.numResources,
num_clients: stats.numClients,
num_identity_providers: stats.numIdentityProviders,
num_sites_online: stats.numSitesOnline,
resources: stats.resources.map((r) => ({
name: this.anon(r.name),
sso_enabled: r.sso,
protocol: r.protocol,
http_enabled: r.http
})),
sites: stats.sites.map((s) => ({
site_name: this.anon(s.siteName),
megabytes_in: s.megabytesIn,
megabytes_out: s.megabytesOut,
type: s.type,
online: s.online
})),
num_api_keys: stats.numApiKeys,
num_custom_roles: stats.numCustomRoles
}
});
} catch (error) {
logger.error("Failed to send analytics:", error);
}
}
async sendTelemetry(eventName: string, properties: Record<string, any>) {
if (!this.enabled || !this.client) return;
const hostMeta = await getHostMeta();
if (!hostMeta) {
logger.warn("Telemetry: Host meta not found, skipping telemetry");
return;
}
this.client.groupIdentify({
groupType: "host_id",
groupKey: hostMeta.hostMetaId,
properties
});
}
shutdown() {
if (this.intervalId) {
clearInterval(this.intervalId);
this.intervalId = null;
}
if (this.enabled && this.client) {
this.client.shutdown();
}
}
}
let telemetryClient!: TelemetryClient;
export function initTelemetryClient() {
if (!telemetryClient) {
telemetryClient = new TelemetryClient();
}
return telemetryClient;
}
export default telemetryClient;

274
server/lib/tokenManager.ts Normal file
View File

@@ -0,0 +1,274 @@
import axios from "axios";
import config from "@server/lib/config";
import logger from "@server/logger";
export interface TokenResponse {
success: boolean;
message?: string;
data: {
token: string;
};
}
/**
* Token Manager - Handles automatic token refresh for hybrid server authentication
*
* Usage throughout the application:
* ```typescript
* import { tokenManager } from "@server/lib/tokenManager";
*
* // Get the current valid token
* const token = await tokenManager.getToken();
*
* // Force refresh if needed
* await tokenManager.refreshToken();
* ```
*
* The token manager automatically refreshes tokens every 24 hours by default
* and is started once in the privateHybridServer.ts file.
*/
export class TokenManager {
private token: string | null = null;
private refreshInterval: NodeJS.Timeout | null = null;
private isRefreshing: boolean = false;
private refreshIntervalMs: number;
private retryInterval: NodeJS.Timeout | null = null;
private retryIntervalMs: number;
private tokenAvailablePromise: Promise<void> | null = null;
private tokenAvailableResolve: (() => void) | null = null;
constructor(refreshIntervalMs: number = 24 * 60 * 60 * 1000, retryIntervalMs: number = 5000) {
// Default to 24 hours for refresh, 5 seconds for retry
this.refreshIntervalMs = refreshIntervalMs;
this.retryIntervalMs = retryIntervalMs;
this.setupTokenAvailablePromise();
}
/**
* Set up promise that resolves when token becomes available
*/
private setupTokenAvailablePromise(): void {
this.tokenAvailablePromise = new Promise((resolve) => {
this.tokenAvailableResolve = resolve;
});
}
/**
* Resolve the token available promise
*/
private resolveTokenAvailable(): void {
if (this.tokenAvailableResolve) {
this.tokenAvailableResolve();
this.tokenAvailableResolve = null;
}
}
/**
* Start the token manager - gets initial token and sets up refresh interval
* If initial token fetch fails, keeps retrying every few seconds until successful
*/
async start(): Promise<void> {
logger.info("Starting token manager...");
try {
await this.refreshToken();
this.setupRefreshInterval();
this.resolveTokenAvailable();
logger.info("Token manager started successfully");
} catch (error) {
logger.warn(`Failed to get initial token, will retry in ${this.retryIntervalMs / 1000} seconds:`, error);
this.setupRetryInterval();
}
}
/**
* Set up retry interval for initial token acquisition
*/
private setupRetryInterval(): void {
if (this.retryInterval) {
clearInterval(this.retryInterval);
}
this.retryInterval = setInterval(async () => {
try {
logger.debug("Retrying initial token acquisition");
await this.refreshToken();
this.setupRefreshInterval();
this.clearRetryInterval();
this.resolveTokenAvailable();
logger.info("Token manager started successfully after retry");
} catch (error) {
logger.debug("Token acquisition retry failed, will try again");
}
}, this.retryIntervalMs);
}
/**
* Clear retry interval
*/
private clearRetryInterval(): void {
if (this.retryInterval) {
clearInterval(this.retryInterval);
this.retryInterval = null;
}
}
/**
* Stop the token manager and clear all intervals
*/
stop(): void {
if (this.refreshInterval) {
clearInterval(this.refreshInterval);
this.refreshInterval = null;
}
this.clearRetryInterval();
logger.info("Token manager stopped");
}
/**
* Get the current valid token
*/
// TODO: WE SHOULD NOT BE GETTING A TOKEN EVERY TIME WE REQUEST IT
async getToken(): Promise<string> {
// If we don't have a token yet, wait for it to become available
if (!this.token && this.tokenAvailablePromise) {
await this.tokenAvailablePromise;
}
if (!this.token) {
if (this.isRefreshing) {
// Wait for current refresh to complete
await this.waitForRefresh();
} else {
throw new Error("No valid token available");
}
}
if (!this.token) {
throw new Error("No valid token available");
}
return this.token;
}
async getAuthHeader() {
return {
headers: {
Authorization: `Bearer ${await this.getToken()}`,
"X-CSRF-Token": "x-csrf-protection",
}
};
}
/**
* Force refresh the token
*/
async refreshToken(): Promise<void> {
if (this.isRefreshing) {
await this.waitForRefresh();
return;
}
this.isRefreshing = true;
try {
const hybridConfig = config.getRawConfig().managed;
if (
!hybridConfig?.id ||
!hybridConfig?.secret ||
!hybridConfig?.endpoint
) {
throw new Error("Hybrid configuration is not defined");
}
const tokenEndpoint = `${hybridConfig.endpoint}/api/v1/auth/remoteExitNode/get-token`;
const tokenData = {
remoteExitNodeId: hybridConfig.id,
secret: hybridConfig.secret
};
logger.debug("Requesting new token from server");
const response = await axios.post<TokenResponse>(
tokenEndpoint,
tokenData,
{
headers: {
"Content-Type": "application/json",
"X-CSRF-Token": "x-csrf-protection"
},
timeout: 10000 // 10 second timeout
}
);
if (!response.data.success) {
throw new Error(
`Failed to get token: ${response.data.message}`
);
}
if (!response.data.data.token) {
throw new Error("Received empty token from server");
}
this.token = response.data.data.token;
logger.debug("Token refreshed successfully");
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error("Error updating proxy mapping:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error updating proxy mapping:", error);
}
throw new Error("Failed to refresh token");
} finally {
this.isRefreshing = false;
}
}
/**
* Set up automatic token refresh interval
*/
private setupRefreshInterval(): void {
if (this.refreshInterval) {
clearInterval(this.refreshInterval);
}
this.refreshInterval = setInterval(async () => {
try {
logger.debug("Auto-refreshing token");
await this.refreshToken();
} catch (error) {
logger.error("Failed to auto-refresh token:", error);
}
}, this.refreshIntervalMs);
}
/**
* Wait for current refresh operation to complete
*/
private async waitForRefresh(): Promise<void> {
return new Promise((resolve) => {
const checkInterval = setInterval(() => {
if (!this.isRefreshing) {
clearInterval(checkInterval);
resolve();
}
}, 100);
});
}
}
// Export a singleton instance for use throughout the application
export const tokenManager = new TokenManager();

907
server/lib/traefikConfig.ts Normal file
View File

@@ -0,0 +1,907 @@
import * as fs from "fs";
import * as path from "path";
import config from "@server/lib/config";
import logger from "@server/logger";
import * as yaml from "js-yaml";
import axios from "axios";
import { db, exitNodes } from "@server/db";
import { eq } from "drizzle-orm";
import { tokenManager } from "./tokenManager";
import {
getCurrentExitNodeId,
getTraefikConfig
} from "@server/routers/traefik";
import {
getValidCertificatesForDomains,
getValidCertificatesForDomainsHybrid
} from "./remoteCertificates";
export class TraefikConfigManager {
private intervalId: NodeJS.Timeout | null = null;
private isRunning = false;
private activeDomains = new Set<string>();
private timeoutId: NodeJS.Timeout | null = null;
private lastCertificateFetch: Date | null = null;
private lastKnownDomains = new Set<string>();
private lastLocalCertificateState = new Map<
string,
{
exists: boolean;
lastModified: Date | null;
expiresAt: Date | null;
}
>();
constructor() {}
/**
* Start monitoring certificates
*/
private scheduleNextExecution(): void {
const intervalMs = config.getRawConfig().traefik.monitor_interval;
const now = Date.now();
const nextExecution = Math.ceil(now / intervalMs) * intervalMs;
const delay = nextExecution - now;
this.timeoutId = setTimeout(async () => {
try {
await this.HandleTraefikConfig();
} catch (error) {
logger.error("Error during certificate monitoring:", error);
}
if (this.isRunning) {
this.scheduleNextExecution(); // Schedule the next execution
}
}, delay);
}
async start(): Promise<void> {
if (this.isRunning) {
logger.info("Certificate monitor is already running");
return;
}
this.isRunning = true;
logger.info(`Starting certificate monitor for exit node`);
// Ensure certificates directory exists
await this.ensureDirectoryExists(
config.getRawConfig().traefik.certificates_path
);
// Initialize local certificate state
this.lastLocalCertificateState = await this.scanLocalCertificateState();
logger.info(
`Found ${this.lastLocalCertificateState.size} existing certificate directories`
);
// Run initial check
await this.HandleTraefikConfig();
// Start synchronized scheduling
this.scheduleNextExecution();
logger.info(
`Certificate monitor started with synchronized ${
config.getRawConfig().traefik.monitor_interval
}ms interval`
);
}
/**
* Stop monitoring certificates
*/
stop(): void {
if (!this.isRunning) {
logger.info("Certificate monitor is not running");
return;
}
if (this.intervalId) {
clearInterval(this.intervalId);
this.intervalId = null;
}
this.isRunning = false;
logger.info("Certificate monitor stopped");
}
/**
* Scan local certificate directories to build current state
*/
private async scanLocalCertificateState(): Promise<
Map<
string,
{
exists: boolean;
lastModified: Date | null;
expiresAt: Date | null;
}
>
> {
const state = new Map();
const certsPath = config.getRawConfig().traefik.certificates_path;
try {
if (!fs.existsSync(certsPath)) {
return state;
}
const certDirs = fs.readdirSync(certsPath, { withFileTypes: true });
for (const dirent of certDirs) {
if (!dirent.isDirectory()) continue;
const domain = dirent.name;
const domainDir = path.join(certsPath, domain);
const certPath = path.join(domainDir, "cert.pem");
const keyPath = path.join(domainDir, "key.pem");
const lastUpdatePath = path.join(domainDir, ".last_update");
const certExists = await this.fileExists(certPath);
const keyExists = await this.fileExists(keyPath);
const lastUpdateExists = await this.fileExists(lastUpdatePath);
let lastModified: Date | null = null;
const expiresAt: Date | null = null;
if (lastUpdateExists) {
try {
const lastUpdateStr = fs
.readFileSync(lastUpdatePath, "utf8")
.trim();
lastModified = new Date(lastUpdateStr);
} catch {
// If we can't read the last update, fall back to file stats
try {
const stats = fs.statSync(certPath);
lastModified = stats.mtime;
} catch {
lastModified = null;
}
}
}
state.set(domain, {
exists: certExists && keyExists,
lastModified,
expiresAt
});
}
} catch (error) {
logger.error("Error scanning local certificate state:", error);
}
return state;
}
/**
* Check if we need to fetch certificates from remote
*/
private shouldFetchCertificates(currentDomains: Set<string>): boolean {
// Always fetch on first run
if (!this.lastCertificateFetch) {
return true;
}
// Fetch if it's been more than 24 hours (for renewals)
const dayInMs = 24 * 60 * 60 * 1000;
const timeSinceLastFetch =
Date.now() - this.lastCertificateFetch.getTime();
if (timeSinceLastFetch > dayInMs) {
logger.info("Fetching certificates due to 24-hour renewal check");
return true;
}
// Fetch if domains have changed
if (
this.lastKnownDomains.size !== currentDomains.size ||
!Array.from(this.lastKnownDomains).every((domain) =>
currentDomains.has(domain)
)
) {
logger.info("Fetching certificates due to domain changes");
return true;
}
// Check if any local certificates are missing or appear to be outdated
for (const domain of currentDomains) {
const localState = this.lastLocalCertificateState.get(domain);
if (!localState || !localState.exists) {
logger.info(
`Fetching certificates due to missing local cert for ${domain}`
);
return true;
}
// Check if certificate is expiring soon (within 30 days)
if (localState.expiresAt) {
const daysUntilExpiry =
(localState.expiresAt.getTime() - Date.now()) /
(1000 * 60 * 60 * 24);
if (daysUntilExpiry < 30) {
logger.info(
`Fetching certificates due to upcoming expiry for ${domain} (${Math.round(daysUntilExpiry)} days remaining)`
);
return true;
}
}
}
return false;
}
/**
* Main monitoring logic
*/
lastActiveDomains: Set<string> = new Set();
public async HandleTraefikConfig(): Promise<void> {
try {
// Get all active domains for this exit node via HTTP call
const getTraefikConfig = await this.getTraefikConfig();
if (!getTraefikConfig) {
logger.error(
"Failed to fetch active domains from traefik config"
);
return;
}
const { domains, traefikConfig } = getTraefikConfig;
// Add static domains from config
// const staticDomains = [config.getRawConfig().app.dashboard_url];
// staticDomains.forEach((domain) => domains.add(domain));
// Log if domains changed
if (
this.lastActiveDomains.size !== domains.size ||
!Array.from(this.lastActiveDomains).every((domain) =>
domains.has(domain)
)
) {
logger.info(
`Active domains changed for exit node: ${Array.from(domains).join(", ")}`
);
this.lastActiveDomains = new Set(domains);
}
// Scan current local certificate state
this.lastLocalCertificateState =
await this.scanLocalCertificateState();
// Only fetch certificates if needed (domain changes, missing certs, or daily renewal check)
let validCertificates: Array<{
id: number;
domain: string;
certFile: string | null;
keyFile: string | null;
expiresAt: Date | null;
updatedAt?: Date | null;
}> = [];
if (this.shouldFetchCertificates(domains)) {
// Get valid certificates for active domains
if (config.isManagedMode()) {
validCertificates =
await getValidCertificatesForDomainsHybrid(domains);
} else {
validCertificates =
await getValidCertificatesForDomains(domains);
}
this.lastCertificateFetch = new Date();
this.lastKnownDomains = new Set(domains);
logger.info(
`Fetched ${validCertificates.length} certificates from remote`
);
// Download and decrypt new certificates
await this.processValidCertificates(validCertificates);
} else {
const timeSinceLastFetch = this.lastCertificateFetch
? Math.round(
(Date.now() - this.lastCertificateFetch.getTime()) /
(1000 * 60)
)
: 0;
// logger.debug(
// `Skipping certificate fetch - no changes detected and within 24-hour window (last fetch: ${timeSinceLastFetch} minutes ago)`
// );
// Still need to ensure config is up to date with existing certificates
await this.updateDynamicConfigFromLocalCerts(domains);
}
// Clean up certificates for domains no longer in use
await this.cleanupUnusedCertificates(domains);
// wait 1 second for traefik to pick up the new certificates
await new Promise((resolve) => setTimeout(resolve, 500));
// Write traefik config as YAML to a second dynamic config file if changed
await this.writeTraefikDynamicConfig(traefikConfig);
// Send domains to SNI proxy
try {
let exitNode;
if (config.getRawConfig().gerbil.exit_node_name) {
const exitNodeName =
config.getRawConfig().gerbil.exit_node_name!;
[exitNode] = await db
.select()
.from(exitNodes)
.where(eq(exitNodes.name, exitNodeName))
.limit(1);
} else {
[exitNode] = await db.select().from(exitNodes).limit(1);
}
if (exitNode) {
try {
await axios.post(
`${exitNode.reachableAt}/update-local-snis`,
{ fullDomains: Array.from(domains) },
{ headers: { "Content-Type": "application/json" } }
);
} catch (error) {
// pull data out of the axios error to log
if (axios.isAxiosError(error)) {
logger.error("Error updating local SNI:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error updating local SNI:", error);
}
}
} else {
logger.error(
"No exit node found. Has gerbil registered yet?"
);
}
} catch (err) {
logger.error("Failed to post domains to SNI proxy:", err);
}
// Update active domains tracking
this.activeDomains = domains;
} catch (error) {
logger.error("Error in traefik config monitoring cycle:", error);
}
}
/**
* Get all domains currently in use from traefik config API
*/
private async getTraefikConfig(): Promise<{
domains: Set<string>;
traefikConfig: any;
} | null> {
let traefikConfig;
try {
if (config.isManagedMode()) {
const resp = await axios.get(
`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/traefik-config`,
await tokenManager.getAuthHeader()
);
if (resp.status !== 200) {
logger.error(
`Failed to fetch traefik config: ${resp.status} ${resp.statusText}`,
{ responseData: resp.data }
);
return null;
}
traefikConfig = resp.data.data;
} else {
const currentExitNode = await getCurrentExitNodeId();
traefikConfig = await getTraefikConfig(
currentExitNode,
config.getRawConfig().traefik.site_types
);
}
const domains = new Set<string>();
if (traefikConfig?.http?.routers) {
for (const router of Object.values<any>(
traefikConfig.http.routers
)) {
if (router.rule && typeof router.rule === "string") {
// Match Host(`domain`)
const match = router.rule.match(/Host\(`([^`]+)`\)/);
if (match && match[1]) {
domains.add(match[1]);
}
}
}
}
// logger.debug(
// `Successfully retrieved traefik config: ${JSON.stringify(traefikConfig)}`
// );
const badgerMiddlewareName = "badger";
if (traefikConfig?.http?.middlewares) {
traefikConfig.http.middlewares[badgerMiddlewareName] = {
plugin: {
[badgerMiddlewareName]: {
apiBaseUrl: new URL(
"/api/v1",
`http://${
config.getRawConfig().server
.internal_hostname
}:${config.getRawConfig().server.internal_port}`
).href,
userSessionCookieName:
config.getRawConfig().server
.session_cookie_name,
// deprecated
accessTokenQueryParam:
config.getRawConfig().server
.resource_access_token_param,
resourceSessionRequestParam:
config.getRawConfig().server
.resource_session_request_param
}
}
};
}
return { domains, traefikConfig };
} catch (error) {
// pull data out of the axios error to log
if (axios.isAxiosError(error)) {
logger.error("Error fetching traefik config:", {
message: error.message,
code: error.code,
status: error.response?.status,
statusText: error.response?.statusText,
url: error.config?.url,
method: error.config?.method
});
} else {
logger.error("Error fetching traefik config:", error);
}
return null;
}
}
/**
* Write traefik config as YAML to a second dynamic config file if changed
*/
private async writeTraefikDynamicConfig(traefikConfig: any): Promise<void> {
const traefikDynamicConfigPath =
config.getRawConfig().traefik.dynamic_router_config_path;
let shouldWrite = false;
let oldJson = "";
if (fs.existsSync(traefikDynamicConfigPath)) {
try {
const oldContent = fs.readFileSync(
traefikDynamicConfigPath,
"utf8"
);
// Try to parse as YAML then JSON.stringify for comparison
const oldObj = yaml.load(oldContent);
oldJson = JSON.stringify(oldObj);
} catch {
oldJson = "";
}
}
const newJson = JSON.stringify(traefikConfig);
if (oldJson !== newJson) {
shouldWrite = true;
}
if (shouldWrite) {
try {
fs.writeFileSync(
traefikDynamicConfigPath,
yaml.dump(traefikConfig, { noRefs: true }),
"utf8"
);
logger.info("Traefik dynamic config updated");
} catch (err) {
logger.error("Failed to write traefik dynamic config:", err);
}
}
}
/**
* Update dynamic config from existing local certificates without fetching from remote
*/
private async updateDynamicConfigFromLocalCerts(
domains: Set<string>
): Promise<void> {
const dynamicConfigPath =
config.getRawConfig().traefik.dynamic_cert_config_path;
// Load existing dynamic config if it exists, otherwise initialize
let dynamicConfig: any = { tls: { certificates: [] } };
if (fs.existsSync(dynamicConfigPath)) {
try {
const fileContent = fs.readFileSync(dynamicConfigPath, "utf8");
dynamicConfig = yaml.load(fileContent) || dynamicConfig;
if (!dynamicConfig.tls)
dynamicConfig.tls = { certificates: [] };
if (!Array.isArray(dynamicConfig.tls.certificates)) {
dynamicConfig.tls.certificates = [];
}
} catch (err) {
logger.error("Failed to load existing dynamic config:", err);
}
}
// Keep a copy of the original config for comparison
const originalConfigYaml = yaml.dump(dynamicConfig, { noRefs: true });
// Clear existing certificates and rebuild from local state
dynamicConfig.tls.certificates = [];
for (const domain of domains) {
const localState = this.lastLocalCertificateState.get(domain);
if (localState && localState.exists) {
const domainDir = path.join(
config.getRawConfig().traefik.certificates_path,
domain
);
const certPath = path.join(domainDir, "cert.pem");
const keyPath = path.join(domainDir, "key.pem");
const certEntry = {
certFile: certPath,
keyFile: keyPath
};
dynamicConfig.tls.certificates.push(certEntry);
}
}
// Only write the config if it has changed
const newConfigYaml = yaml.dump(dynamicConfig, { noRefs: true });
if (newConfigYaml !== originalConfigYaml) {
fs.writeFileSync(dynamicConfigPath, newConfigYaml, "utf8");
logger.info("Dynamic cert config updated from local certificates");
}
}
/**
* Process valid certificates - download and decrypt them
*/
private async processValidCertificates(
validCertificates: Array<{
id: number;
domain: string;
certFile: string | null;
keyFile: string | null;
expiresAt: Date | null;
updatedAt?: Date | null;
}>
): Promise<void> {
const dynamicConfigPath =
config.getRawConfig().traefik.dynamic_cert_config_path;
// Load existing dynamic config if it exists, otherwise initialize
let dynamicConfig: any = { tls: { certificates: [] } };
if (fs.existsSync(dynamicConfigPath)) {
try {
const fileContent = fs.readFileSync(dynamicConfigPath, "utf8");
dynamicConfig = yaml.load(fileContent) || dynamicConfig;
if (!dynamicConfig.tls)
dynamicConfig.tls = { certificates: [] };
if (!Array.isArray(dynamicConfig.tls.certificates)) {
dynamicConfig.tls.certificates = [];
}
} catch (err) {
logger.error("Failed to load existing dynamic config:", err);
}
}
// Keep a copy of the original config for comparison
const originalConfigYaml = yaml.dump(dynamicConfig, { noRefs: true });
for (const cert of validCertificates) {
try {
if (!cert.certFile || !cert.keyFile) {
logger.warn(
`Certificate for domain ${cert.domain} is missing cert or key file`
);
continue;
}
const domainDir = path.join(
config.getRawConfig().traefik.certificates_path,
cert.domain
);
await this.ensureDirectoryExists(domainDir);
const certPath = path.join(domainDir, "cert.pem");
const keyPath = path.join(domainDir, "key.pem");
const lastUpdatePath = path.join(domainDir, ".last_update");
// Check if we need to update the certificate
const shouldUpdate = await this.shouldUpdateCertificate(
cert,
certPath,
keyPath,
lastUpdatePath
);
if (shouldUpdate) {
logger.info(
`Processing certificate for domain: ${cert.domain}`
);
fs.writeFileSync(certPath, cert.certFile, "utf8");
fs.writeFileSync(keyPath, cert.keyFile, "utf8");
// Set appropriate permissions (readable by owner only for key file)
fs.chmodSync(certPath, 0o644);
fs.chmodSync(keyPath, 0o600);
// Write/update .last_update file with current timestamp
fs.writeFileSync(
lastUpdatePath,
new Date().toISOString(),
"utf8"
);
logger.info(
`Certificate updated for domain: ${cert.domain}`
);
// Update local state tracking
this.lastLocalCertificateState.set(cert.domain, {
exists: true,
lastModified: new Date(),
expiresAt: cert.expiresAt
});
}
// Always ensure the config entry exists and is up to date
const certEntry = {
certFile: certPath,
keyFile: keyPath
};
// Remove any existing entry for this cert/key path
dynamicConfig.tls.certificates =
dynamicConfig.tls.certificates.filter(
(entry: any) =>
entry.certFile !== certEntry.certFile ||
entry.keyFile !== certEntry.keyFile
);
dynamicConfig.tls.certificates.push(certEntry);
} catch (error) {
logger.error(
`Error processing certificate for domain ${cert.domain}:`,
error
);
}
}
// Only write the config if it has changed
const newConfigYaml = yaml.dump(dynamicConfig, { noRefs: true });
if (newConfigYaml !== originalConfigYaml) {
fs.writeFileSync(dynamicConfigPath, newConfigYaml, "utf8");
logger.info("Dynamic cert config updated");
}
}
/**
* Check if certificate should be updated
*/
private async shouldUpdateCertificate(
cert: {
id: number;
domain: string;
expiresAt: Date | null;
updatedAt?: Date | null;
},
certPath: string,
keyPath: string,
lastUpdatePath: string
): Promise<boolean> {
try {
// If files don't exist, we need to create them
const certExists = await this.fileExists(certPath);
const keyExists = await this.fileExists(keyPath);
const lastUpdateExists = await this.fileExists(lastUpdatePath);
if (!certExists || !keyExists || !lastUpdateExists) {
return true;
}
// Read last update time from .last_update file
let lastUpdateTime: Date | null = null;
try {
const lastUpdateStr = fs
.readFileSync(lastUpdatePath, "utf8")
.trim();
lastUpdateTime = new Date(lastUpdateStr);
} catch {
lastUpdateTime = null;
}
// Use updatedAt from cert, fallback to expiresAt if not present
const dbUpdateTime = cert.updatedAt ?? cert.expiresAt;
if (!dbUpdateTime) {
// If no update time in DB, always update
return true;
}
// If DB updatedAt is newer than last update file, update
if (!lastUpdateTime || dbUpdateTime > lastUpdateTime) {
return true;
}
return false;
} catch (error) {
logger.error(
`Error checking certificate update status for ${cert.domain}:`,
error
);
return true; // When in doubt, update
}
}
/**
* Clean up certificates for domains no longer in use
*/
private async cleanupUnusedCertificates(
currentActiveDomains: Set<string>
): Promise<void> {
try {
const certsPath = config.getRawConfig().traefik.certificates_path;
const dynamicConfigPath =
config.getRawConfig().traefik.dynamic_cert_config_path;
// Load existing dynamic config if it exists
let dynamicConfig: any = { tls: { certificates: [] } };
if (fs.existsSync(dynamicConfigPath)) {
try {
const fileContent = fs.readFileSync(
dynamicConfigPath,
"utf8"
);
dynamicConfig = yaml.load(fileContent) || dynamicConfig;
if (!dynamicConfig.tls)
dynamicConfig.tls = { certificates: [] };
if (!Array.isArray(dynamicConfig.tls.certificates)) {
dynamicConfig.tls.certificates = [];
}
} catch (err) {
logger.error(
"Failed to load existing dynamic config:",
err
);
}
}
const certDirs = fs.readdirSync(certsPath, {
withFileTypes: true
});
let configChanged = false;
for (const dirent of certDirs) {
if (!dirent.isDirectory()) continue;
const dirName = dirent.name;
// Only delete if NO current domain is exactly the same or ends with `.${dirName}`
const shouldDelete = !Array.from(currentActiveDomains).some(
(domain) =>
domain === dirName || domain.endsWith(`.${dirName}`)
);
if (shouldDelete) {
const domainDir = path.join(certsPath, dirName);
logger.info(
`Cleaning up unused certificate directory: ${dirName}`
);
fs.rmSync(domainDir, { recursive: true, force: true });
// Remove from local state tracking
this.lastLocalCertificateState.delete(dirName);
// Remove from dynamic config
const certFilePath = path.join(
domainDir,
"cert.pem"
);
const keyFilePath = path.join(
domainDir,
"key.pem"
);
const before = dynamicConfig.tls.certificates.length;
dynamicConfig.tls.certificates =
dynamicConfig.tls.certificates.filter(
(entry: any) =>
entry.certFile !== certFilePath &&
entry.keyFile !== keyFilePath
);
if (dynamicConfig.tls.certificates.length !== before) {
configChanged = true;
}
}
}
if (configChanged) {
try {
fs.writeFileSync(
dynamicConfigPath,
yaml.dump(dynamicConfig, { noRefs: true }),
"utf8"
);
logger.info("Dynamic config updated after cleanup");
} catch (err) {
logger.error(
"Failed to update dynamic config after cleanup:",
err
);
}
}
} catch (error) {
logger.error("Error during certificate cleanup:", error);
}
}
/**
* Ensure directory exists
*/
private async ensureDirectoryExists(dirPath: string): Promise<void> {
try {
fs.mkdirSync(dirPath, { recursive: true });
} catch (error) {
logger.error(`Error creating directory ${dirPath}:`, error);
throw error;
}
}
/**
* Check if file exists
*/
private async fileExists(filePath: string): Promise<boolean> {
try {
fs.accessSync(filePath);
return true;
} catch {
return false;
}
}
/**
* Force a certificate refresh regardless of cache state
*/
public async forceCertificateRefresh(): Promise<void> {
logger.info("Forcing certificate refresh");
this.lastCertificateFetch = null;
this.lastKnownDomains = new Set();
await this.HandleTraefikConfig();
}
/**
* Get current status
*/
getStatus(): {
isRunning: boolean;
activeDomains: string[];
monitorInterval: number;
lastCertificateFetch: Date | null;
localCertificateCount: number;
} {
return {
isRunning: this.isRunning,
activeDomains: Array.from(this.activeDomains),
monitorInterval:
config.getRawConfig().traefik.monitor_interval || 5000,
lastCertificateFetch: this.lastCertificateFetch,
localCertificateCount: this.lastLocalCertificateState.size
};
}
}

2
server/license/license.ts
View File

@@ -5,7 +5,7 @@ import NodeCache from "node-cache";
import { validateJWT } from "./licenseJwt";
import { count, eq } from "drizzle-orm";
import moment from "moment";
import { setHostMeta } from "@server/setup/setHostMeta";
import { setHostMeta } from "@server/lib/hostMeta";
import { encrypt, decrypt } from "@server/lib/crypto";
const keyTypes = ["HOST", "SITES"] as const;

1
server/logger.ts
View File

@@ -3,6 +3,7 @@ import config from "@server/lib/config";
import * as winston from "winston";
import path from "path";
import { APP_PATH } from "./lib/consts";
import telemetryClient from "./lib/telemetry";
const hformat = winston.format.printf(
({ level, label, message, timestamp, stack, ...metadata }) => {

1
server/middlewares/index.ts
View File

@@ -27,3 +27,4 @@ export * from "./verifyApiKeyAccess";
export * from "./verifyDomainAccess";
export * from "./verifyClientsEnabled";
export * from "./verifyUserIsOrgOwner";
export * from "./verifySiteResourceAccess";

1
server/middlewares/integration/index.ts
View File

@@ -10,3 +10,4 @@ export * from "./verifyApiKeySetResourceUsers";
export * from "./verifyAccessTokenAccess";
export * from "./verifyApiKeyIsRoot";
export * from "./verifyApiKeyApiKeyAccess";
export * from "./verifyApiKeyClientAccess";

5
server/middlewares/integration/verifyApiKeyApiKeyAccess.ts
View File

@@ -35,6 +35,11 @@ export async function verifyApiKeyApiKeyAccess(
);
}
if (callerApiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
const [callerApiKeyOrg] = await db
.select()
.from(apiKeyOrg)

91
server/middlewares/integration/verifyApiKeyClientAccess.ts Normal file
View File

@@ -0,0 +1,91 @@
import { Request, Response, NextFunction } from "express";
import { clients, db } from "@server/db";
import { apiKeyOrg } from "@server/db";
import { and, eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifyApiKeyClientAccess(
req: Request,
res: Response,
next: NextFunction
) {
try {
const apiKey = req.apiKey;
const clientId = parseInt(
req.params.clientId || req.body.clientId || req.query.clientId
);
if (!apiKey) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
);
}
if (isNaN(clientId)) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invalid client ID")
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
const client = await db
.select()
.from(clients)
.where(eq(clients.clientId, clientId))
.limit(1);
if (client.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Client with ID ${clientId} not found`
)
);
}
if (!client[0].orgId) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
`Client with ID ${clientId} does not have an organization ID`
)
);
}
if (!req.apiKeyOrg) {
const apiKeyOrgRes = await db
.select()
.from(apiKeyOrg)
.where(
and(
eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
eq(apiKeyOrg.orgId, client[0].orgId)
)
);
req.apiKeyOrg = apiKeyOrgRes[0];
}
if (!req.apiKeyOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Key does not have access to this organization"
)
);
}
return next();
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error verifying site access"
)
);
}
}

5
server/middlewares/integration/verifyApiKeyOrgAccess.ts
View File

@@ -27,6 +27,11 @@ export async function verifyApiKeyOrgAccess(
);
}
if (req.apiKey?.isRoot) {
// Root keys can access any key in any org
return next();
}
if (!req.apiKeyOrg) {
const apiKeyOrgRes = await db
.select()

5
server/middlewares/integration/verifyApiKeyResourceAccess.ts
View File

@@ -37,6 +37,11 @@ export async function verifyApiKeyResourceAccess(
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
if (!resource.orgId) {
return next(
createHttpError(

5
server/middlewares/integration/verifyApiKeyRoleAccess.ts
View File

@@ -45,6 +45,11 @@ export async function verifyApiKeyRoleAccess(
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
const orgIds = new Set(rolesData.map((role) => role.orgId));
for (const role of rolesData) {

5
server/middlewares/integration/verifyApiKeySetResourceUsers.ts
View File

@@ -32,6 +32,11 @@ export async function verifyApiKeySetResourceUsers(
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
if (userIds.length === 0) {
return next();
}

10
server/middlewares/integration/verifyApiKeySiteAccess.ts
View File

@@ -1,9 +1,6 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import {
sites,
apiKeyOrg
} from "@server/db";
import { sites, apiKeyOrg } from "@server/db";
import { and, eq, or } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
@@ -31,6 +28,11 @@ export async function verifyApiKeySiteAccess(
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
const site = await db
.select()
.from(sites)

5
server/middlewares/integration/verifyApiKeyTargetAccess.ts
View File

@@ -66,6 +66,11 @@ export async function verifyApiKeyTargetAccess(
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
if (!resource.orgId) {
return next(
createHttpError(

5
server/middlewares/integration/verifyApiKeyUserAccess.ts
View File

@@ -27,6 +27,11 @@ export async function verifyApiKeyUserAccess(
);
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
if (!req.apiKeyOrg || !req.apiKeyOrg.orgId) {
return next(
createHttpError(

62
server/middlewares/verifySiteResourceAccess.ts Normal file
View File

@@ -0,0 +1,62 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { siteResources } from "@server/db";
import { eq, and } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import logger from "@server/logger";
export async function verifySiteResourceAccess(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const siteResourceId = parseInt(req.params.siteResourceId);
const siteId = parseInt(req.params.siteId);
const orgId = req.params.orgId;
if (!siteResourceId || !siteId || !orgId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Missing required parameters"
)
);
}
// Check if the site resource exists and belongs to the specified site and org
const [siteResource] = await db
.select()
.from(siteResources)
.where(and(
eq(siteResources.siteResourceId, siteResourceId),
eq(siteResources.siteId, siteId),
eq(siteResources.orgId, orgId)
))
.limit(1);
if (!siteResource) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
"Site resource not found"
)
);
}
// Attach the siteResource to the request for use in the next middleware/route
// @ts-ignore - Extending Request type
req.siteResource = siteResource;
next();
} catch (error) {
logger.error("Error verifying site resource access:", error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error verifying site resource access"
)
);
}
}

2
server/nextServer.ts
View File

@@ -15,7 +15,7 @@ export async function createNextServer() {
const nextServer = express();
nextServer.all("*", (req, res) => {
nextServer.all("/{*splat}", (req, res) => {
const parsedUrl = parse(req.url!, true);
return handle(req, res, parsedUrl);
});

9
server/routers/apiKeys/createRootApiKey.ts
View File

@@ -63,15 +63,6 @@ export async function createRootApiKey(
lastChars,
isRoot: true
});
const allOrgs = await trx.select().from(orgs);
for (const org of allOrgs) {
await trx.insert(apiKeyOrg).values({
apiKeyId,
orgId: org.orgId
});
}
});
try {

1
server/routers/auth/index.ts
View File

@@ -10,6 +10,7 @@ export * from "./resetPassword";
export * from "./requestPasswordReset";
export * from "./setServerAdmin";
export * from "./initialSetupComplete";
export * from "./validateSetupToken";
export * from "./changePassword";
export * from "./checkResourceSession";
export * from "./securityKey";

6
server/routers/auth/securityKey.ts
View File

@@ -36,16 +36,16 @@ import { verifyTotpCode } from "@server/auth/totp";
// The RP ID is the domain name of your application
const rpID = (() => {
const url = new URL(config.getRawConfig().app.dashboard_url);
const url = config.getRawConfig().app.dashboard_url ? new URL(config.getRawConfig().app.dashboard_url!) : undefined;
// For localhost, we must use 'localhost' without port
if (url.hostname === 'localhost') {
if (url?.hostname === 'localhost' || !url) {
return 'localhost';
}
return url.hostname;
})();
const rpName = "Pangolin";
const origin = config.getRawConfig().app.dashboard_url;
const origin = config.getRawConfig().app.dashboard_url || "localhost";
// Database-based challenge storage (replaces in-memory storage)
// Challenges are stored in the webauthnChallenge table with automatic expiration

59
server/routers/auth/setServerAdmin.ts
View File

@@ -8,14 +8,15 @@ import logger from "@server/logger";
import { hashPassword } from "@server/auth/password";
import { passwordSchema } from "@server/auth/passwordSchema";
import { response } from "@server/lib";
import { db, users } from "@server/db";
import { eq } from "drizzle-orm";
import { db, users, setupTokens } from "@server/db";
import { eq, and } from "drizzle-orm";
import { UserType } from "@server/types/UserTypes";
import moment from "moment";
export const bodySchema = z.object({
email: z.string().toLowerCase().email(),
password: passwordSchema
password: passwordSchema,
setupToken: z.string().min(1, "Setup token is required")
});
export type SetServerAdminBody = z.infer<typeof bodySchema>;
@@ -39,7 +40,27 @@ export async function setServerAdmin(
);
}
const { email, password } = parsedBody.data;
const { email, password, setupToken } = parsedBody.data;
// Validate setup token
const [validToken] = await db
.select()
.from(setupTokens)
.where(
and(
eq(setupTokens.token, setupToken),
eq(setupTokens.used, false)
)
);
if (!validToken) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Invalid or expired setup token"
)
);
}
const [existing] = await db
.select()
@@ -58,15 +79,27 @@ export async function setServerAdmin(
const passwordHash = await hashPassword(password);
const userId = generateId(15);
await db.insert(users).values({
userId: userId,
email: email,
type: UserType.Internal,
username: email,
passwordHash,
dateCreated: moment().toISOString(),
serverAdmin: true,
emailVerified: true
await db.transaction(async (trx) => {
// Mark the token as used
await trx
.update(setupTokens)
.set({
used: true,
dateUsed: moment().toISOString()
})
.where(eq(setupTokens.tokenId, validToken.tokenId));
// Create the server admin user
await trx.insert(users).values({
userId: userId,
email: email,
type: UserType.Internal,
username: email,
passwordHash,
dateCreated: moment().toISOString(),
serverAdmin: true,
emailVerified: true
});
});
return response<SetServerAdminResponse>(res, {

84
server/routers/auth/validateSetupToken.ts Normal file
View File

@@ -0,0 +1,84 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db, setupTokens } from "@server/db";
import { eq, and } from "drizzle-orm";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
const validateSetupTokenSchema = z
.object({
token: z.string().min(1, "Token is required")
})
.strict();
export type ValidateSetupTokenResponse = {
valid: boolean;
message: string;
};
export async function validateSetupToken(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = validateSetupTokenSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { token } = parsedBody.data;
// Find the token in the database
const [setupToken] = await db
.select()
.from(setupTokens)
.where(
and(
eq(setupTokens.token, token),
eq(setupTokens.used, false)
)
);
if (!setupToken) {
return response<ValidateSetupTokenResponse>(res, {
data: {
valid: false,
message: "Invalid or expired setup token"
},
success: true,
error: false,
message: "Token validation completed",
status: HttpCode.OK
});
}
return response<ValidateSetupTokenResponse>(res, {
data: {
valid: true,
message: "Setup token is valid"
},
success: true,
error: false,
message: "Token validation completed",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to validate setup token"
)
);
}
}

10
server/routers/badger/exchangeSession.ts
View File

@@ -52,20 +52,26 @@ export async function exchangeSession(
try {
const { requestToken, host, requestIp } = parsedBody.data;
let cleanHost = host;
// if the host ends with :port
if (cleanHost.match(/:[0-9]{1,5}$/)) {
const matched = ''+cleanHost.match(/:[0-9]{1,5}$/);
cleanHost = cleanHost.slice(0, -1*matched.length);
}
const clientIp = requestIp?.split(":")[0];
const [resource] = await db
.select()
.from(resources)
.where(eq(resources.fullDomain, host))
.where(eq(resources.fullDomain, cleanHost))
.limit(1);
if (!resource) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Resource with host ${host} not found`
`Resource with host ${cleanHost} not found`
)
);
}

Some files were not shown because too many files have changed in this diff Show More