diff --git a/.cursor/rules/Button-loading-state.mdc b/.cursor/rules/Button-loading-state.mdc
new file mode 100644
index 000000000..351380ddd
--- /dev/null
+++ b/.cursor/rules/Button-loading-state.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+When adding submit buttons, don't change the text of the button during the loading state. Text should stay static and you should use the loading prop on the button.
diff --git a/.cursor/rules/Components.mdc b/.cursor/rules/Components.mdc
new file mode 100644
index 000000000..671eb9b10
--- /dev/null
+++ b/.cursor/rules/Components.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+When creating UI for popup dialogs or modals, use the Credenza componennt. This component is mobile responsive and works on desktop and wraps the dialog component and sheet into one.
diff --git a/.cursor/rules/Migrations.mdc b/.cursor/rules/Migrations.mdc
new file mode 100644
index 000000000..d9562b4e1
--- /dev/null
+++ b/.cursor/rules/Migrations.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+Don't write or edit migrations in `server/setup` unless specificall instructed to do so.
diff --git a/.cursor/rules/TypeScript-rules.mdc b/.cursor/rules/TypeScript-rules.mdc
new file mode 100644
index 000000000..0b0a4ba28
--- /dev/null
+++ b/.cursor/rules/TypeScript-rules.mdc
@@ -0,0 +1,7 @@
+---
+alwaysApply: true
+---
+
+When writing TypeScript:
+
+Prefer to use types instead of interfaces.
diff --git a/.cursor/rules/Use-React-form-and-Zod-schemas.mdc b/.cursor/rules/Use-React-form-and-Zod-schemas.mdc
new file mode 100644
index 000000000..1dc5c33aa
--- /dev/null
+++ b/.cursor/rules/Use-React-form-and-Zod-schemas.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+When creating forms, use React form for validation and use Zod schemas.
diff --git a/.dockerignore b/.dockerignore
index d4f63d635..0a0e2e238 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,3 +34,5 @@ build.ts
tsconfig.json
Dockerfile*
drizzle.config.ts
+allowedDevOrigins.json
+scratch/
diff --git a/.github/ISSUE_TEMPLATE/1.bug_report.yml b/.github/ISSUE_TEMPLATE/1.bug_report.yml
index 41dbe7bf8..c94560875 100644
--- a/.github/ISSUE_TEMPLATE/1.bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1.bug_report.yml
@@ -14,12 +14,13 @@ body:
label: Environment
description: Please fill out the relevant details below for your environment.
value: |
- - OS Type & Version: (e.g., Ubuntu 22.04)
+ - OS Type & Version:
- Pangolin Version:
+ - Edition (Community or Enterprise):
- Gerbil Version:
- Traefik Version:
- Newt Version:
- - Olm Version: (if applicable)
+ - Client Version:
validations:
required: true
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 685be384c..b3dc38d09 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,52 +1,42 @@
version: 2
+
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
+ open-pull-requests-limit: 1
groups:
- dev-patch-updates:
- dependency-type: "development"
- update-types:
- - "patch"
- dev-minor-updates:
- dependency-type: "development"
- update-types:
- - "minor"
- prod-patch-updates:
- dependency-type: "production"
- update-types:
- - "patch"
- prod-minor-updates:
- dependency-type: "production"
- update-types:
- - "minor"
-
+ npm-dependencies:
+ patterns:
+ - "*"
+
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
+ open-pull-requests-limit: 1
groups:
- patch-updates:
- update-types:
- - "patch"
- minor-updates:
- update-types:
- - "minor"
+ docker-dependencies:
+ patterns:
+ - "*"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
+ open-pull-requests-limit: 1
+ groups:
+ github-actions-dependencies:
+ patterns:
+ - "*"
- package-ecosystem: "gomod"
directory: "/install"
schedule:
interval: "daily"
+ open-pull-requests-limit: 1
groups:
- patch-updates:
- update-types:
- - "patch"
- minor-updates:
- update-types:
- - "minor"
+ go-install-dependencies:
+ patterns:
+ - "*"
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index 2b8b5a5e2..09d2986e9 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -62,7 +62,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Monitor storage space
run: |
@@ -134,7 +134,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Monitor storage space
run: |
@@ -201,7 +201,7 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Log in to Docker Hub
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
@@ -256,7 +256,7 @@ jobs:
steps:
- name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Extract tag name
id: get-tag
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index ba60e6337..09b5270b0 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 970cd0dc9..3f64d913f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -62,7 +62,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Build Docker image sqlite
run: make dev-build-sqlite
@@ -71,7 +71,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Build Docker image pg
run: make dev-build-pg
diff --git a/.gitignore b/.gitignore
index 004f95c18..24736b8d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,9 +17,9 @@ yarn-error.log*
*.tsbuildinfo
next-env.d.ts
*.db
-*.sqlite
+*.sqlite*
!Dockerfile.sqlite
-*.sqlite3
+*.sqlite3*
*.log
.machinelogs*.json
*-audit.json
@@ -54,3 +54,5 @@ hydrateSaas.ts
CLAUDE.md
drizzle.config.ts
server/setup/migrations.ts
+solo.yml
+allowedDevOrigins.json
\ No newline at end of file
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 5092cb6c1..a7da2a1cc 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -18,5 +18,8 @@
"[json]": {
"editor.defaultFormatter": "esbenp.prettier-vscode"
},
- "editor.formatOnSave": true
+ "editor.formatOnSave": true,
+ "cSpell.words": [
+ "nessicary"
+ ]
}
\ No newline at end of file
diff --git a/README.md b/README.md
index 562b35d40..ab857350e 100644
--- a/README.md
+++ b/README.md
@@ -107,7 +107,7 @@ the docs to illustrate some basic ideas.
## Licensing
-Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
+Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
## Contributions
diff --git a/cli/commands/setServerAdmin.ts b/cli/commands/setServerAdmin.ts
new file mode 100644
index 000000000..0cab8cc9f
--- /dev/null
+++ b/cli/commands/setServerAdmin.ts
@@ -0,0 +1,85 @@
+import { CommandModule } from "yargs";
+import { db, users } from "@server/db";
+import { eq } from "drizzle-orm";
+
+type SetServerAdminArgs = {
+ email: string;
+ remove: boolean;
+};
+
+export const setServerAdmin: CommandModule<{}, SetServerAdminArgs> = {
+ command: "set-server-admin",
+ describe: "Add or remove server admin by email address",
+ builder: (yargs) => {
+ return yargs
+ .option("email", {
+ type: "string",
+ demandOption: true,
+ describe: "User email address"
+ })
+ .option("remove", {
+ type: "boolean",
+ default: false,
+ describe: "Remove server admin status from the user"
+ });
+ },
+ handler: async (argv: SetServerAdminArgs) => {
+ try {
+ const email = argv.email.trim().toLowerCase();
+
+ const [user] = await db
+ .select()
+ .from(users)
+ .where(eq(users.email, email))
+ .limit(1);
+
+ if (!user) {
+ console.error(`User with email '${email}' not found`);
+ process.exit(1);
+ }
+
+ if (argv.remove) {
+ if (!user.serverAdmin) {
+ console.log(`User '${email}' is not a server admin`);
+ process.exit(0);
+ }
+
+ const serverAdmins = await db
+ .select()
+ .from(users)
+ .where(eq(users.serverAdmin, true));
+
+ if (serverAdmins.length <= 1) {
+ console.error(
+ "Cannot remove server admin: at least one server admin must exist"
+ );
+ process.exit(1);
+ }
+
+ await db
+ .update(users)
+ .set({ serverAdmin: false })
+ .where(eq(users.userId, user.userId));
+
+ console.log(`Server admin status removed from user '${email}'`);
+ process.exit(0);
+ }
+
+ if (user.serverAdmin) {
+ console.log(`User '${email}' is already a server admin`);
+ process.exit(0);
+ }
+
+ await db
+ .update(users)
+ .set({ serverAdmin: true })
+ .where(eq(users.userId, user.userId));
+
+ console.log(`User '${email}' has been marked as a server admin`);
+ process.exit(0);
+ } catch (error) {
+ console.error("Error:", error);
+ process.exit(1);
+ }
+ }
+};
diff --git a/cli/index.ts b/cli/index.ts
index 19585bc6f..cfa65625c 100644
--- a/cli/index.ts
+++ b/cli/index.ts
@@ -11,6 +11,7 @@ import { deleteClient } from "./commands/deleteClient";
import { generateOrgCaKeys } from "./commands/generateOrgCaKeys";
import { clearCertificates } from "./commands/clearCertificates";
import { disableUser2fa } from "./commands/disableUser2fa";
+import { setServerAdmin } from "./commands/setServerAdmin";
yargs(hideBin(process.argv))
.scriptName("pangctl")
@@ -23,5 +24,6 @@ yargs(hideBin(process.argv))
.command(generateOrgCaKeys)
.command(clearCertificates)
.command(disableUser2fa)
+ .command(setServerAdmin)
.demandCommand()
.help().argv;
diff --git a/docker-compose.drizzle.yml b/compose.drizzle.yaml
similarity index 100%
rename from docker-compose.drizzle.yml
rename to compose.drizzle.yaml
diff --git a/docker-compose.example.yml b/compose.example.yaml
similarity index 100%
rename from docker-compose.example.yml
rename to compose.example.yaml
diff --git a/docker-compose.mailpit.yml b/compose.mailpit.yaml
similarity index 100%
rename from docker-compose.mailpit.yml
rename to compose.mailpit.yaml
diff --git a/docker-compose.pgr.yml b/compose.pgr.yaml
similarity index 100%
rename from docker-compose.pgr.yml
rename to compose.pgr.yaml
diff --git a/docker-compose.yml b/compose.yaml
similarity index 100%
rename from docker-compose.yml
rename to compose.yaml
diff --git a/config/traefik/traefik_config.yml b/config/traefik/traefik_config.yml
index 0709b4611..d1d093976 100644
--- a/config/traefik/traefik_config.yml
+++ b/config/traefik/traefik_config.yml
@@ -1,54 +1,47 @@
api:
insecure: true
dashboard: true
-
providers:
http:
- endpoint: "http://pangolin:3001/api/v1/traefik-config"
- pollInterval: "5s"
+ endpoint: http://pangolin:3001/api/v1/traefik-config
+ pollInterval: 5s
file:
- filename: "/etc/traefik/dynamic_config.yml"
-
+ filename: /etc/traefik/dynamic_config.yml
experimental:
plugins:
badger:
- moduleName: "github.com/fosrl/badger"
- version: "{{.BadgerVersion}}"
-
+ moduleName: github.com/fosrl/badger
+ version: v1.4.1
log:
- level: "INFO"
- format: "common"
+ level: INFO
+ format: common
maxSize: 100
maxBackups: 3
maxAge: 3
compress: true
-
certificatesResolvers:
letsencrypt:
acme:
httpChallenge:
entryPoint: web
- email: "{{.LetsEncryptEmail}}"
- storage: "/letsencrypt/acme.json"
- caServer: "https://acme-v02.api.letsencrypt.org/directory"
-
+ email: '{{.LetsEncryptEmail}}'
+ storage: /letsencrypt/acme.json
+ caServer: https://acme-v02.api.letsencrypt.org/directory
entryPoints:
web:
- address: ":80"
+ address: ':80'
websecure:
- address: ":443"
+ address: ':443'
transport:
respondingTimeouts:
- readTimeout: "30m"
+ readTimeout: 30m
http:
tls:
- certResolver: "letsencrypt"
+ certResolver: letsencrypt
encodedCharacters:
allowEncodedSlash: true
allowEncodedQuestionMark: true
-
serversTransport:
insecureSkipVerify: true
-
ping:
- entryPoint: "web"
+ entryPoint: web
diff --git a/install/config/config.yml b/install/config/config.yml
index 85dbc944f..f64190fec 100644
--- a/install/config/config.yml
+++ b/install/config/config.yml
@@ -38,7 +38,5 @@ flags:
disable_user_create_org: false
allow_raw_resources: true
-{{if .IsPostgreSQL}}
-postgres:
- connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin
-{{end}}
+{{if .IsPostgreSQL}}postgres:
+ connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin{{end}}
diff --git a/install/config/docker-compose.yml b/install/config/docker-compose.yml
index fe6a41644..96b15ce47 100644
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -7,23 +7,17 @@ services:
deploy:
resources:
limits:
- memory: 1g
+ memory: 2g
reservations:
- memory: 256m
-{{if or .IsPostgreSQL .IsRedis}}
- depends_on:
- {{if .IsPostgreSQL}}
- postgres:
- condition: service_healthy
- {{end}}
- {{if .IsRedis}}
- redis:
- condition: service_healthy
- {{end}}
+ memory: 512m
+ {{if or .IsPostgreSQL .IsRedis}}depends_on:
+ {{if .IsPostgreSQL}}postgres:
+ condition: service_healthy{{end}}
+ {{if .IsRedis}}redis:
+ condition: service_healthy{{end}}
networks:
- default
- - backend
-{{end}}
+ - backend{{end}}
volumes:
- ./config:/app/config
healthcheck:
@@ -31,8 +25,8 @@ services:
interval: "10s"
timeout: "10s"
retries: 15
-{{if .InstallGerbil}}
- gerbil:
+
+ {{if .InstallGerbil}}gerbil:
image: docker.io/fosrl/gerbil:{{.GerbilVersion}}
container_name: gerbil
restart: unless-stopped
@@ -53,17 +47,16 @@ services:
- 21820:21820/udp
- 443:443
- 443:443/udp # For http3 QUIC if desired
- - 80:80
-{{end}}
+ - 80:80{{end}}
+
traefik:
image: docker.io/traefik:v3.6
container_name: traefik
restart: unless-stopped
-{{if .InstallGerbil}} network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
+ {{if .InstallGerbil}}network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
ports:
- 443:443
- - 80:80
-{{end}}
+ - 80:80{{end}}
depends_on:
pangolin:
condition: service_healthy
@@ -74,8 +67,7 @@ services:
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
-{{if .IsPostgreSQL}}
- postgres:
+ {{if .IsPostgreSQL}}postgres:
image: postgres:18
container_name: postgres
restart: unless-stopped
@@ -91,11 +83,9 @@ services:
timeout: 5s
retries: 5
networks:
- - backend
-{{end}}
+ - backend{{end}}
-{{if .IsRedis}}
- redis:
+ {{if .IsRedis}}redis:
image: redis:8-trixie
container_name: redis
restart: unless-stopped
@@ -113,17 +103,14 @@ services:
retries: 3
start_period: 10s
networks:
- - backend
-{{end}}
+ - backend{{end}}
networks:
default:
driver: bridge
name: pangolin_frontend
{{if .EnableIPv6}} enable_ipv6: true{{end}}
-{{if or .IsPostgreSQL .IsRedis}}
- backend:
+{{if or .IsPostgreSQL .IsRedis}} backend:
driver: bridge
name: pangolin_backend
- internal: true
-{{end}}
+ internal: true{{end}}
diff --git a/install/config/privateConfig.yml b/install/config/privateConfig.yml
index 58a4c9435..1afe55c1c 100644
--- a/install/config/privateConfig.yml
+++ b/install/config/privateConfig.yml
@@ -1,6 +1,4 @@
-{{if .IsRedis}}
-redis:
+{{if .IsRedis}}redis:
host: "redis"
port: 6379
- password: "{{.IsRedisPass}}"
-{{end}}
+ password: "{{.IsRedisPass}}"{{end}}
diff --git a/install/go.mod b/install/go.mod
index 7f50d4e9e..69dc9e5fc 100644
--- a/install/go.mod
+++ b/install/go.mod
@@ -5,7 +5,7 @@ go 1.25.0
require (
github.com/charmbracelet/huh v1.0.0
github.com/charmbracelet/lipgloss v1.1.0
- golang.org/x/term v0.43.0
+ golang.org/x/term v0.44.0
gopkg.in/yaml.v3 v3.0.1
)
@@ -33,6 +33,6 @@ require (
github.com/rivo/uniseg v0.4.7 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
golang.org/x/sync v0.15.0 // indirect
- golang.org/x/sys v0.44.0 // indirect
+ golang.org/x/sys v0.46.0 // indirect
golang.org/x/text v0.23.0 // indirect
)
diff --git a/install/go.sum b/install/go.sum
index 7ed97929f..704142a64 100644
--- a/install/go.sum
+++ b/install/go.sum
@@ -69,10 +69,10 @@ golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
-golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
-golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
+golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
+golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
+golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
diff --git a/install/main.go b/install/main.go
index 5687f6f5d..001f09a52 100644
--- a/install/main.go
+++ b/install/main.go
@@ -71,9 +71,12 @@ const (
Undefined SupportedContainer = "undefined"
)
+var redisFlag *bool
+
func main() {
crowdsecFlag := flag.Bool("crowdsec", false, "Enable the CrowdSec installation prompt")
+ redisFlag = flag.Bool("redis", false, "Install Redis as cacheing solution. Required for HA. Not required for the Enterprise version.")
flag.Parse()
// print a banner about prerequisites - opening port 80, 443, 51820, and 21820 on the VPS and firewall and pointing your domain to the VPS IP with a records. Docs are at http://localhost:3000/Getting%20Started/dns-networking
@@ -491,13 +494,13 @@ func collectUserInput() Config {
config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
if config.IsEnterprise {
- config.IsRedis = readBool("Do you want to run the Redis containers locally? Required for HA.")
- if config.IsRedis {
+ if *redisFlag {
+ config.IsRedis = true
config.IsRedisPass = readPassword("Enter a unique password for the Redis service.")
}
}
- config.IsPostgreSQL = readBool("Do you want to run the PostgreSQL containers locally? Otherwise, default to the local SQLite database only.", false)
+ config.IsPostgreSQL = readBool("Do you want to use PostgreSQL (not recommended for most users)?", false)
if config.IsPostgreSQL {
config.IsPostgreSQLPass = readPassword("Enter a unique password for the PostgreSQL pangolin user.")
}
@@ -544,7 +547,7 @@ func collectUserInput() Config {
fmt.Println("\n=== Advanced Configuration ===")
config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
- config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ADN databases for blocking functionality?", true)
+ config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ASN databases for blocking functionality?", true)
if config.DashboardDomain == "" {
fmt.Println("Error: Dashboard Domain name is required")
diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index 108229942..9add9e04d 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -66,9 +66,15 @@
"local": "Локална",
"edit": "Редактиране",
"siteConfirmDelete": "Потвърждение на изтриване на сайта",
+ "siteConfirmDeleteAndResources": "Потвърдете изтриването на сайта и ресурсите",
"siteDelete": "Изтриване на сайта",
+ "siteDeleteAndResources": "Изтриване на сайта и ресурсите",
"siteMessageRemove": "След премахване, сайтът вече няма да бъде достъпен. Всички цели, свързани със сайта, също ще бъдат премахнати.",
+ "siteMessageRemoveAndResources": "Това ще изтрие окончателно всички публични и частни ресурси, свързани с този сайт, дори ако ресурсът е асоцииран и с други сайтове.",
"siteQuestionRemove": "Сигурни ли сте, че искате да премахнете сайта от организацията?",
+ "siteQuestionRemoveAndResources": "Наистина ли желаете да изтриете този сайт и всички свързани ресурси?",
+ "sitesTableDeleteSite": "Изтриване на сайта",
+ "sitesTableDeleteSiteAndResources": "Изтриване на сайта и ресурсите",
"siteManageSites": "Управление на сайтове",
"siteDescription": "Създайте и управлявайте сайтове, за да осигурите свързаност със частни мрежи",
"sitesBannerTitle": "Свържете се с мрежа.",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Вижте частни ресурси",
"siteInstallNewt": "Инсталирайте Newt",
"siteInstallNewtDescription": "Пуснете Newt на вашата система",
+ "siteInstallKubernetesDocsDescription": "За повече и актуална информация относно инсталацията на Kubernetes, вижте docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "За инструкции за инсталиране на Advantech модем, вижте docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "WireGuard конфигурация",
"WgConfigurationDescription": "Използвайте следната конфигурация, за да се свържете с мрежата",
"operatingSystem": "Операционна система",
@@ -115,6 +123,16 @@
"siteUpdated": "Сайтът е обновен",
"siteUpdatedDescription": "Сайтът е актуализиран.",
"siteGeneralDescription": "Конфигурирайте общи настройки за този сайт",
+ "siteRestartTitle": "Рестартирайте Сайта",
+ "siteRestartDescription": "Рестартирайте WireGuard тунела за този сайт. Това ще прекъсне връзката за кратко.",
+ "siteRestartBody": "Използвайте това, ако тунелът на сайта не функционира правилно и искате да принудите повторно свързване без да рестартирате хоста.",
+ "siteRestartButton": "Рестартирайте Сайта",
+ "siteRestartDialogMessage": "Сигурни ли сте, че искате да рестартирате WireGuard тунела за {name}? Сайтът ще изгуби връзка за кратко.",
+ "siteRestartWarning": "Сайтът ще се изключи за кратко, докато тунелът се рестартира.",
+ "siteRestarted": "Сайтът е рестартиран",
+ "siteRestartedDescription": "WireGuard тунелът е рестартиран.",
+ "siteErrorRestart": "Неуспешно рестартиране на сайта",
+ "siteErrorRestartDescription": "Възникна грешка при рестартирането на сайта.",
"siteSettingDescription": "Конфигурирайте настройките на сайта",
"siteResourcesTab": "Ресурси",
"siteResourcesNoneOnSite": "Този сайт все още няма публични или частни ресурси.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Ще можете да виждате това само веднъж. Уверете се да го копирате на сигурно място.",
"siteInfo": "Информация за сайта",
"status": "Статус",
- "shareTitle": "Управление на връзки за споделяне",
+ "shareTitle": "Управление на споделими връзки",
"shareDescription": "Създайте споделими връзки, за да предоставите временен или постоянен достъп до прокси ресурсите",
- "shareSearch": "Търсене на връзки за споделяне...",
- "shareCreate": "Създайте връзка за споделяне",
+ "shareSearch": "Търсене на споделими връзки...",
+ "shareCreate": "Създаване на споделима връзка",
"shareErrorDelete": "Неуспешно изтриване на връзката",
"shareErrorDeleteMessage": "Възникна грешка при изтриване на връзката",
"shareDeleted": "Връзката беше изтрита",
"shareDeletedDescription": "Връзката беше премахната",
- "shareDelete": "Изтрийте споделената връзка",
- "shareDeleteConfirm": "Потвърдете изтриването на споделената връзка",
+ "shareDelete": "Изтриване на споделима връзка",
+ "shareDeleteConfirm": "Потвърдете изтриването на споделима връзка",
"shareQuestionRemove": "Сигурни ли сте, че искате да изтриете тази споделена връзка?",
"shareMessageRemove": "След изтриване връзката вече няма да работи и всеки, който я използва, ще загуби достъп до ресурса.",
"shareTokenDescription": "Достъпният токен може да бъде предаван по два начина: като параметър или в хедърите на заявките. Те трябва да бъдат предавани от клиента при всяка заявка за удостоверен достъп.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Възникна грешка при създаването на връзката за споделяне",
"shareCreateDescription": "Всеки с тази връзка може да получи достъп до ресурса",
"shareTitleOptional": "Заглавие (по избор)",
+ "sharePathOptional": "Път (по избор)",
+ "sharePathDescription": "След удостоверяване, линкът ще препрати потребителите на този път.",
"expireIn": "Изтече",
"neverExpire": "Никога не изтича",
"shareExpireDescription": "Времето на изтичане е колко дълго връзката ще бъде използваема и ще предоставя достъп до ресурса. След това време, връзката няма да работи и потребителите, които са я използвали, ще загубят достъп до ресурса.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Моля, изберете ресурс",
"proxyResourceTitle": "Управление на обществени ресурси",
"proxyResourceDescription": "Създайте и управлявайте ресурси, които са общодостъпни чрез уеб браузър.",
- "proxyResourcesBannerTitle": "Публичен достъп чрез уеб.",
- "proxyResourcesBannerDescription": "Публичните ресурси са HTTPS или TCP/UDP проксита, достъпни за всеки в интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват софтуер от страна на клиента и могат да включват издентити и контексто-осъзнати политики за достъп.",
+ "publicResourcesBannerTitle": "Публичен достъп през Интернет",
+ "publicResourcesBannerDescription": "Публичните ресурси са HTTPS проксита, достъпни за всеки в Интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват клиентски софтуер и могат да включват издентити и контексто-осъзнати политики за достъп.",
"clientResourceTitle": "Управление на частни ресурси",
"clientResourceDescription": "Създайте и управлявайте ресурси, които са достъпни само чрез свързан клиент.",
"privateResourcesBannerTitle": "Достъп до частни ресурси с нулево доверие.",
@@ -208,11 +228,37 @@
"resourcesSearch": "Търсене на ресурси...",
"resourceAdd": "Добавете ресурс",
"resourceErrorDelte": "Грешка при изтриване на ресурс",
+ "resourcePoliciesBannerTitle": "Повторно използване на Удостоверяване и Правила за Достъп",
+ "resourcePoliciesBannerDescription": "Споделените ресурсни политики ви позволяват да дефинирате методи за удостоверяване и правила за достъп веднъж, след което ги прикачвате към множество публични ресурси. Когато актуализирате политика, всеки свързан ресурс автоматично унаследява промените.",
+ "resourcePoliciesBannerButtonText": "Научете Повече",
+ "resourcePoliciesTitle": "Управление на публични ресурсни политики",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ресурси",
+ "resourcePoliciesAttachedResources": "{count} ресурс(а)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} other {# ресурси}}",
+ "resourcePoliciesAttachedResourcesEmpty": "няма ресурси",
+ "resourcePoliciesDescription": "Създайте и управлявайте политики за удостоверяване за контролиране на достъпа до вашите публични ресурси",
+ "resourcePoliciesSearch": "Търсене на политики...",
+ "resourcePoliciesAdd": "Добавяне на политика",
+ "resourcePoliciesDefaultBadgeText": "Стандартна политика",
+ "resourcePoliciesCreate": "Създаване на публична ресурсна политика",
+ "resourcePoliciesCreateDescription": "Следвайте стъпките по-долу, за да създадете нова политика",
+ "resourcePolicyName": "Име на политика",
+ "resourcePolicyNameDescription": "Дайте на тази политика име, за да я идентифицирате в цялото ви ресурси",
+ "resourcePolicyNamePlaceholder": "например Политика за вътрешен достъп",
+ "resourcePoliciesSeeAll": "Вижте всички политики",
+ "resourcePolicyAuthMethodAdd": "Добавяне на метод за идентификация",
+ "resourcePolicyOtpEmailAdd": "Добавяне на имейли за еднократна парола",
+ "resourcePolicyRulesAdd": "Добавяне на правила",
+ "resourcePolicyAuthMethodsDescription": "Позволете достъп до ресурси чрез допълнителни методи за идентификация",
+ "resourcePolicyUsersRolesDescription": "Конфигурирайте потребителите и ролите, които могат да посетят свързаните ресурси",
+ "rulesResourcePolicyDescription": "Конфигурирайте правилата за контрол на достъп до ресурси, свързани с тази политика",
"authentication": "Удостоверяване",
"protected": "Защита",
"notProtected": "Не защитен",
"resourceMessageRemove": "След като се премахне, ресурсът няма повече да бъде достъпен. Всички цели, свързани с ресурса, също ще бъдат премахнати.",
"resourceQuestionRemove": "Сигурни ли сте, че искате да премахнете ресурса от организацията?",
+ "resourcePolicyMessageRemove": "След премахването, политиката за ресурс няма да бъде повече достъпна. Всички ресурси, свързани с ресурса, ще бъдат нерешени и оставени без идентификация.",
+ "resourcePolicyQuestionRemove": "Сигурни ли сте, че искате да премахнете политиката за ресурс от организацията?",
"resourceHTTP": "HTTPS ресурс",
"resourceHTTPDescription": "Прокси заявки чрез HTTPS, използвайки напълно квалифицирано име на домейн.",
"resourceRaw": "Суров TCP/UDP ресурс",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Получавайте заявки чрез суров TCP/UDP с използване на портен номер. Изисква се сайтовете да се свързват към отдалечен възел.",
"resourceCreate": "Създайте ресурс",
"resourceCreateDescription": "Следвайте стъпките по-долу, за да създадете нов ресурс",
+ "resourceCreateGeneralDescription": "Конфигуриране на основните настройки на ресурса, включително име и тип",
"resourceSeeAll": "Вижте всички ресурси",
- "resourceInfo": "Информация за ресурса",
+ "resourceCreateGeneral": "Основни параметри",
"resourceNameDescription": "Това е дисплейното име на ресурса.",
"siteSelect": "Изберете сайт",
"siteSearch": "Търсене на сайт",
@@ -231,12 +278,15 @@
"noCountryFound": "Не е намерена държава.",
"siteSelectionDescription": "Този сайт ще осигури свързаност до целта.",
"resourceType": "Тип ресурс",
- "resourceTypeDescription": "Определете как да се достъпи ресурсът",
+ "resourceTypeDescription": "Това контролира протокола на ресурса и как той ще се визуализира в браузъра. Това не може да бъде променено по-късно.",
+ "resourceDomainDescription": "Ресурсът ще се обслужва на това напълно квалифицирано име на домейн.",
"resourceHTTPSSettings": "HTTPS настройки",
"resourceHTTPSSettingsDescription": "Конфигурирайте как ресурсът ще бъде достъпен по HTTPS",
+ "resourcePortDescription": "Външен порт на инстанцията или възела на Панголиин, където ресурсът ще бъде достъпен.",
"domainType": "Тип домейн",
"subdomain": "Субдомейн",
"baseDomain": "Базов домейн",
+ "configure": "Конфигуриране",
"subdomnainDescription": "Поддомейнът, където ресурсът ще бъде достъпен.",
"resourceRawSettings": "TCP/UDP настройки",
"resourceRawSettingsDescription": "Конфигурирайте как ресурсът ще бъде достъпен чрез TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Назад",
"cancel": "Отмяна",
"resourceConfig": "Конфигурационни фрагменти",
- "resourceConfigDescription": "Копирайте и поставете тези конфигурационни отрязъци, за да настроите TCP/UDP ресурса",
+ "resourceConfigDescription": "Копирайте и поставете тези фрагменти от конфигурация за настройка на TCP/UDP ресурса.",
"resourceAddEntrypoints": "Traefik: Добавете Входни точки",
"resourceExposePorts": "Gerbil: Изложете портове в Docker Compose",
"resourceLearnRaw": "Научете как да конфигурирате TCP/UDP ресурси",
"resourceBack": "Назад към ресурсите",
"resourceGoTo": "Отидете към ресурса",
+ "resourcePolicyDelete": "Изтриване на политика за ресурс",
+ "resourcePolicyDeleteConfirm": "Потвърдете изтриване на политика за ресурс",
"resourceDelete": "Изтрийте ресурс",
"resourceDeleteConfirm": "Потвърдете изтриване на ресурс",
+ "labelDelete": "Изтриване на етикета",
+ "labelAdd": "Добавяне на етикет",
+ "labelCreateSuccessMessage": "Етикетът е създаден успешно",
+ "labelDuplicateError": "Дублиран етикет",
+ "labelDuplicateErrorDescription": "Етикет с това име вече съществува.",
+ "labelEditSuccessMessage": "Етикетът е променен успешно",
+ "labelNameField": "Име на етикет",
+ "labelColorField": "Цвят на етикет",
+ "labelPlaceholder": "Пр.: homelab",
+ "labelCreate": "Създаване на етикет",
+ "createLabelDialogTitle": "Създаване на етикет",
+ "createLabelDialogDescription": "Създайте нов етикет, който може да се прикачи към тази организация",
+ "labelEdit": "Редактиране на етикет",
+ "editLabelDialogTitle": "Актуализиране на етикет",
+ "editLabelDialogDescription": "Редактирайте нов етикет, който може да се прикачи към тази организация",
+ "labelDeleteConfirm": "Потвърдете изтриването на етикета",
+ "labelErrorDelete": "Неуспешно изтриване на етикета",
+ "labelMessageRemove": "Това действие е постоянно. Всички сайтове, ресурси и клиенти, маркирани с този етикет, ще бъдат отмаркирани.",
+ "labelQuestionRemove": "Сигурни ли сте, че искате да премахнете етикета от организацията?",
"visibility": "Видимост",
"enabled": "Активиран",
"disabled": "Деактивиран",
@@ -265,6 +336,8 @@
"rules": "Правила",
"resourceSettingDescription": "Конфигурирайте настройките на ресурса",
"resourceSetting": "Настройки на {resourceName}",
+ "resourcePolicySettingDescription": "Конфигурирайте настройките на тази публична ресурсна политика",
+ "resourcePolicySetting": "Настройки за {policyName}",
"alwaysAllow": "Заобикаляне на Ауторизацията",
"alwaysDeny": "Блокиране на Достъпа",
"passToAuth": "Прехвърляне към удостоверяване",
@@ -671,7 +744,7 @@
"targetSubmit": "Добавяне на цел",
"targetNoOne": "Този ресурс няма цели. Добавете цел, за да конфигурирате къде да се изпращат заявките към бекенда.",
"targetNoOneDescription": "Добавянето на повече от една цел ще активира натоварването на баланса.",
- "targetsSubmit": "Запазване на целите",
+ "targetsSubmit": "Запази Настройки",
"addTarget": "Добавете цел",
"proxyMultiSiteRoundRobinNodeHelp": "Роунд Робин маршрутизирането няма да работи между сайтове, които не са свързани към един и същ възел, но автоматичното превключване ще работи.",
"targetErrorInvalidIp": "Невалиден IP адрес",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Дубликат на правило",
"rulesErrorDuplicateDescription": "Правило с тези настройки вече съществува",
"rulesErrorInvalidIpAddressRange": "Невалиден CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Моля, въведете валидна стойност на CIDR",
- "rulesErrorInvalidUrl": "Невалиден URL път",
- "rulesErrorInvalidUrlDescription": "Моля, въведете валидна стойност за URL път",
- "rulesErrorInvalidIpAddress": "Невалиден IP",
- "rulesErrorInvalidIpAddressDescription": "Моля, въведете валиден IP адрес",
+ "rulesErrorInvalidIpAddressRangeDescription": "Въведете валиден CIDR диапазон (напр., 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Невалиден път",
+ "rulesErrorInvalidUrlDescription": "Въведете валиден път на URL или шаблон (напр., /api/*).",
+ "rulesErrorInvalidIpAddress": "Невалиден IP адрес",
+ "rulesErrorInvalidIpAddressDescription": "Въведете валиден IPv4 или IPv6 адрес.",
"rulesErrorUpdate": "Неуспешно актуализиране на правилата",
"rulesErrorUpdateDescription": "Възникна грешка при актуализиране на правилата",
"rulesUpdated": "Активиране на правилата",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Въведете IP адрес (напр. 103.21.244.12)",
"rulesMatchUrl": "Въведете URL път или модел (напр. /api/v1/todos или /api/v1/*)",
"rulesErrorInvalidPriority": "Невалиден приоритет",
- "rulesErrorInvalidPriorityDescription": "Моля, въведете валиден приоритет",
- "rulesErrorDuplicatePriority": "Дублирани приоритети",
- "rulesErrorDuplicatePriorityDescription": "Моля, въведете уникални приоритети",
+ "rulesErrorInvalidPriorityDescription": "Въведете цяло число 1 или по-голямо.",
+ "rulesErrorDuplicatePriority": "Дублирания на приоритети",
+ "rulesErrorDuplicatePriorityDescription": "Всяко правило трябва да има уникален номер на приоритет.",
+ "rulesErrorValidation": "Невалидни правила",
+ "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Изберете валиден тип съвпадение (път, IP, CIDR, държава, регион или ASN).",
+ "rulesErrorValueRequired": "Въведете стойност за това правило.",
+ "rulesErrorInvalidCountry": "Невалидна държава",
+ "rulesErrorInvalidCountryDescription": "Изберете валидна държава.",
+ "rulesErrorInvalidAsn": "Невалиден ASN",
+ "rulesErrorInvalidAsnDescription": "Въведете валиден ASN (напр., AS15169).",
"ruleUpdated": "Правилата са актуализирани",
"ruleUpdatedDescription": "Правилата бяха успешно актуализирани",
"ruleErrorUpdate": "Операцията не бе успешна",
"ruleErrorUpdateDescription": "Възникна грешка по време на операцията за запис",
"rulesPriority": "Приоритет",
+ "rulesReorderDragHandle": "Плъзнете за преаранжиране на приоритети на правилата",
"rulesAction": "Действие",
"rulesMatchType": "Тип на съвпадение",
"value": "Стойност",
@@ -744,9 +826,60 @@
"rulesResource": "Конфигурация на правилата за ресурси",
"rulesResourceDescription": "Конфигурирайте правила за контролиране на достъпа до ресурса",
"ruleSubmit": "Добави правило",
- "rulesNoOne": "Няма правила. Добавете правило чрез формуляра.",
+ "rulesNoOne": "Все още няма правила.",
"rulesOrder": "Правилата се оценяват по приоритет в нарастващ ред.",
"rulesSubmit": "Запазване на правилата",
+ "policyErrorCreate": "Грешка при създаване на политика",
+ "policyErrorCreateDescription": "Възникна грешка при създаването на политиката",
+ "policyErrorCreateMessageDescription": "Възникна неочаквана грешка",
+ "policyErrorUpdate": "Грешка при актуализиране на политика",
+ "policyErrorUpdateDescription": "Възникна грешка при актуализиране на политиката",
+ "policyErrorUpdateMessageDescription": "Възникна неочаквана грешка",
+ "policyCreatedSuccess": "Политиката за ресурс е създадена успешно",
+ "policyUpdatedSuccess": "Политиката за ресурс е актуализирана успешно",
+ "authMethodsSave": "Запази Настройки",
+ "policyAuthStackTitle": "Удостоверяване",
+ "policyAuthStackDescription": "Контролирайте кои методи за удостоверяване са необходими за достъп до този ресурс",
+ "policyAuthOrLogicTitle": "Множество активни методи за удостоверяване",
+ "policyAuthOrLogicBanner": "Посетителите могат да се удостоверяват чрез който и да е от активните методи по-долу. Не е необходимо да преминават през всичките.",
+ "policyAuthMethodActive": "Активен",
+ "policyAuthMethodOff": "Изключено",
+ "policyAuthSsoTitle": "Платформено SSO",
+ "policyAuthSsoDescription": "Изисква вход чрез удостоверител на вашата организация",
+ "policyAuthSsoSummary": "{idp} · {users} потребители, {roles} роли",
+ "policyAuthSsoDefaultIdp": "По подразбиране удостоверител",
+ "policyAuthAddDefaultIdentityProvider": "Добавете удостоверител по подразбиране",
+ "policyAuthOtherMethodsTitle": "Други Методи",
+ "policyAuthOtherMethodsDescription": "Опционални методи, които посетителите могат да използват вместо или заедно с платформния SSO",
+ "policyAuthPasscodeTitle": "Парола",
+ "policyAuthPasscodeDescription": "Изисква споделена алфанумерична парола за достъп до ресурса",
+ "policyAuthPasscodeSummary": "Зададена парола",
+ "policyAuthPincodeTitle": "ПИН код",
+ "policyAuthPincodeDescription": "Кратък цифров код, необходим за достъп до ресурса",
+ "policyAuthPincodeSummary": "Зададен 6-цифрен ПИН код",
+ "policyAuthEmailTitle": "Списък с имейл адреси",
+ "policyAuthEmailDescription": "Позволете изброените имейл адреси с еднократни пароли",
+ "policyAuthEmailSummary": "{count} адреси са позволени",
+ "policyAuthEmailOtpCallout": "Активирането на списъка с имейл адреси изпраща еднократна парола на имейла на посетителя при влизане.",
+ "policyAuthHeaderAuthTitle": "Базово удостоверяване чрез заглавие",
+ "policyAuthHeaderAuthDescription": "Валидирайте собствено HTTP заглавие и стойност при всяка заявка",
+ "policyAuthHeaderAuthSummary": "Конфигурирано заглавие",
+ "policyAuthHeaderName": "Име на заглавието",
+ "policyAuthHeaderValue": "Очаквана стойност",
+ "policyAuthSetPasscode": "Задайте парола",
+ "policyAuthSetPincode": "Задайте ПИН код",
+ "policyAuthSetEmailWhitelist": "Задайте списък с имейли",
+ "policyAuthSetHeaderAuth": "Задайте базово удостоверяване чрез заглавие",
+ "policyAccessRulesTitle": "Правила за достъп",
+ "policyAccessRulesEnableDescription": "Когато е включено, правилата се оценяват в низходящ ред, докато едно не се оцени като вярно.",
+ "policyAccessRulesFirstMatch": "Правилата се оценяват от горе надолу. Първото съвпадащо правило определя резултата.",
+ "policyAccessRulesHowItWorks": "Правилата съпоставят заявки по път, IP адрес, местоположение или друг критерий. Всяко правило прилага действие: заобикаля удостоверяване, блокира достъп или преминава към удостоверяване. Ако няма съвпадение, трафикът продължава към удостоверяване.",
+ "policyAccessRulesFallthroughOff": "Когато правилата са изключени, целият трафик преминава към удостоверяване.",
+ "policyAccessRulesFallthroughOn": "Когато няма съвпадение, трафикът преминава към удостоверяване.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Запазете правилата",
"resourceErrorCreate": "Грешка при създаване на ресурс",
"resourceErrorCreateDescription": "Възникна грешка при създаването на ресурса",
"resourceErrorCreateMessage": "Грешка при създаване на ресурс:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Възникна грешка при актуализиране на ресурса",
"access": "Достъп",
"accessControl": "Контрол на достъпа",
- "shareLink": "{resource} Сподели връзка",
+ "shareLink": "{resource} Споделима връзка",
"resourceSelect": "Изберете ресурс",
- "shareLinks": "Споделени връзки",
+ "shareLinks": "Споделими връзки",
"share": "Споделени връзки",
"shareDescription2": "Създайте връзки за достъп до ресурси. Връзките предоставят временен или неограничен достъп до вашия ресурс. Можете да конфигурирате продължителността на изтичане на връзката, когато я създавате.",
"shareEasyCreate": "Лесно за създаване и споделяне",
@@ -810,6 +943,17 @@
"pincodeAdd": "Добави ПИН код",
"pincodeRemove": "Премахни ПИН код",
"resourceAuthMethods": "Методи за автентикация",
+ "resourcePolicyAuthMethodsEmpty": "Няма метод за идентификация",
+ "resourcePolicyOtpEmpty": "Без еднократна парола",
+ "resourcePolicyReadOnly": "Тази политика е само за четене",
+ "resourcePolicyReadOnlyDescription": "Тази политика за ресурс се споделя между множество ресурси, не можете да я редактирате на тази страница.",
+ "editSharedPolicy": "Редактирай споделена политика",
+ "resourcePolicyTypeSave": "Запазете типа на ресурс",
+ "resourcePolicySelect": "Изберете политика за ресурс",
+ "resourcePolicySelectError": "Изберете политика за ресурс",
+ "resourcePolicyNotFound": "Политиката не е намерена",
+ "resourcePolicySearch": "Търсене на политики",
+ "resourcePolicyRulesEmpty": "Няма правила за идентификация",
"resourceAuthMethodsDescriptions": "Позволете достъп до ресурса чрез допълнителни методи за автентикация",
"resourceAuthSettingsSave": "Запазено успешно",
"resourceAuthSettingsSaveDescription": "Настройките за автентикация са запазени успешно",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Задай ПИН код",
"resourcePincodeSetupTitleDescription": "Задайте ПИН код, за да защитите този ресурс",
"resourceRoleDescription": "Администраторите винаги могат да имат достъп до този ресурс.",
+ "resourcePolicySelectTitle": "Политика за достъп до ресурс",
+ "resourcePolicySelectDescription": "Изберете типа на политиката за ресурс за идентификация",
+ "resourcePolicyTypeLabel": "Тип политика",
+ "resourcePolicyLabel": "Ресурсна политика",
+ "resourcePolicyInline": "Инлайн Политика за Ресурс",
+ "resourcePolicyInlineDescription": "Политика за достъп, ограничена само до този ресурс",
+ "resourcePolicyShared": "Споделена Политика за Ресурс",
+ "resourcePolicySharedDescription": "Този ресурс използва споделена политика.",
+ "sharedPolicy": "Споделена политика",
+ "sharedPolicyNoneDescription": "Този ресурс има своя собствена политика.",
+ "resourceSharedPolicyOwnDescription": "Този ресурс има свои собствени контроли за удостоверяване и правила за достъп.",
+ "resourceSharedPolicyInheritedDescription": "Този ресурс наследява от {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Този ресурс използва споделена политика. Някои настройки на удостоверяване могат да се редактират на този ресурс, за да се добавят към политиката. За да промените основната политика, трябва да редактирате {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Този ресурс използва споделена политика. Някои правила за достъп могат да се редактират на този ресурс. За да промените основната политика, трябва да редактирате {policyName}.",
"resourceUsersRoles": "Контроли за достъп",
"resourceUsersRolesDescription": "Конфигурирайте кои потребители и роли могат да посещават този ресурс",
"resourceUsersRolesSubmit": "Запазване на управлението на достъп.",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Видимост",
"resourceVisibilityTitleDescription": "Напълно активирайте или деактивирайте видимостта на ресурса",
"resourceGeneral": "Общи настройки",
- "resourceGeneralDescription": "Конфигурирайте общите настройки за този ресурс",
+ "resourceGeneralDescription": "Конфигурирайте име, адрес и политика за достъп за този ресурс.",
+ "resourceGeneralDetailsSubsection": "Подробности за ресурса",
+ "resourceGeneralDetailsSubsectionDescription": "Задайте показвано име, идентификатор и публично достъпен домейн за този ресурс.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Задайте показвано име, идентификатор и публичен порт за този ресурс.",
+ "resourceGeneralPublicAddressSubsection": "Публичен Адрес",
+ "resourceGeneralPublicAddressSubsectionDescription": "Конфигурирайте как потребителите достигат до този ресурс.",
+ "resourceGeneralAuthenticationAccessSubsection": "Удостоверяване и Достъп",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Изберете дали този ресурс използва собствена политика или наследява от споделена политика.",
"resourceEnable": "Активирайте ресурс",
"resourceTransfer": "Прехвърлете ресурс",
"resourceTransferDescription": "Прехвърлете този ресурс към различен сайт",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Имаше проблем със свързването към {name}. Моля, свържете се с вашия администратор.",
"idpErrorNotFound": "Не е намерен идентификационен доставчик",
"inviteInvalid": "Невалидна покана",
+ "labels": "Етикети",
+ "orgLabelsDescription": "Управление на етикети в тази организация.",
+ "addLabels": "Добавяне на етикети",
+ "siteLabelsTab": "Етикети",
+ "siteLabelsDescription": "Управление на етикети, свързани с този сайт.",
+ "labelsNotFound": "Не са намерени етикети.",
+ "labelsEmptyCreateHint": "Започнете да пишете горе, за да създадете етикет.",
+ "labelSearch": "Търсене на етикети",
+ "labelSearchOrCreate": "Търсене или създаване на етикет",
+ "accessLabelFilterCount": "{count, plural, one {# етикет} other {# етикети}}",
+ "labelOverflowCount": "+{count, plural, one {# етикет} other {# етикети}}",
+ "accessLabelFilterClear": "Изчисти филтрите за етикети",
+ "accessFilterClear": "Изчистване на филтри",
+ "selectColor": "Изберете цвят",
+ "createNewLabel": "Създайте нов организационен етикет \"{label}\"",
"inviteInvalidDescription": "Линкът към поканата е невалиден.",
"inviteErrorWrongUser": "Поканата не е за този потребител",
"inviteErrorUserNotExists": "Потребителят не съществува. Моля, създайте акаунт първо.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Приложи Чернова",
"actionListBlueprints": "Списък с планове.",
"actionGetBlueprint": "Вземи план.",
+ "actionCreateOrgWideLauncherView": "Създайте Изглед на Стартирача за Цялата Организация",
"setupToken": "Конфигурация на токен",
"setupTokenDescription": "Въведете конфигурационния токен от сървърната конзола.",
"setupTokenRequired": "Необходим е конфигурационен токен",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Ресурси",
"sidebarProxyResources": "Публично",
"sidebarClientResources": "Частно",
+ "sidebarPolicies": "Споделени политики",
+ "sidebarResourcePolicies": "Публични ресурси",
"sidebarAccessControl": "Контрол на достъпа",
"sidebarLogsAndAnalytics": "Дневници и анализи",
"sidebarTeam": "Екип",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Администратор",
"sidebarInvitations": "Покани",
"sidebarRoles": "Роли",
- "sidebarShareableLinks": "Връзки",
+ "sidebarShareableLinks": "Споделими връзки",
"sidebarApiKeys": "API ключове",
"sidebarProvisioning": "Осигуряване",
"sidebarSettings": "Настройки",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Сайт {id}",
"standaloneHcFilterResourceIdFallback": "Ресурс {id}",
"blueprints": "Чертежи",
- "blueprintsDescription": "Прилагайте декларативни конфигурации и преглеждайте предишни изпълнения",
+ "blueprintsLog": "Регистър на скицописи",
+ "blueprintsDescription": "Прегледайте съществуващите blueprint приложения и резултатите им или приложете нов blueprint",
"blueprintAdd": "Добави Чертеж",
"blueprintGoBack": "Виж всички Чертежи",
"blueprintCreate": "Създай Чертеж",
@@ -1575,7 +1759,17 @@
"contents": "Съдържание",
"parsedContents": "Парсирано съдържание (само за четене)",
"enableDockerSocket": "Активиране на Docker Чернова",
- "enableDockerSocketDescription": "Активиране на Docker Socket маркировка за изтегляне на етикети на чернова. Пътят на гнездото трябва да бъде предоставен на Newt.",
+ "enableDockerSocketDescription": "Активирайте изтегляне с етикети на Docker Socket за скицописи. Пътят на гнездото трябва да бъде предоставен на конектора на сайта. Прочетете как работи това в документацията.",
+ "newtAutoUpdate": "Активиране на автоматично обновяване на сайта",
+ "newtAutoUpdateDescription": "Когато е активирана, свързочният възел на сайта автоматично ще изтегли последната версия и ще се рестартира сам. Това може да бъде преодоляно на ниво сайт.",
+ "siteAutoUpdate": "Автоматично обновяване на сайта",
+ "siteAutoUpdateLabel": "Активиране на автоматично обновяване",
+ "siteAutoUpdateDescription": "Когато е активирана, конекторът на този сайт автоматично ще изтегли последната версия и ще се рестартира сам.",
+ "siteAutoUpdateOrgDefault": "По подразбиране за организацията: {state}",
+ "siteAutoUpdateOverriding": "Преодоляване на настройката на организацията",
+ "siteAutoUpdateResetToOrg": "Възстановяване към организацията по подразбиране",
+ "siteAutoUpdateEnabled": "активиран",
+ "siteAutoUpdateDisabled": "деактивиран",
"viewDockerContainers": "Преглед на Docker контейнери",
"containersIn": "Контейнери в {siteName}",
"selectContainerDescription": "Изберете контейнер, който да ползвате като име на хост за целта. Натиснете порт, за да ползвате порт",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Сертификат",
"certificateStatusAutoRefreshHint": "Състоянието се опреснява автоматично.",
"loading": "Зареждане",
+ "loadingEllipsis": "Зареждане...",
"loadingAnalytics": "Зареждане на анализи",
"restart": "Рестарт",
"domains": "Домейни",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Настройката на профила завърши успешно! Добре дошли в Pangolin!",
"documentation": "Документация",
"saveAllSettings": "Запазване на всички настройки",
- "saveResourceTargets": "Запазване на целеви ресурси.",
- "saveResourceHttp": "Запазване на прокси настройките.",
- "saveProxyProtocol": "Запазване на настройките на прокси протокола.",
+ "saveResourceTargets": "Запази Настройки",
+ "saveResourceHttp": "Запази Настройки",
+ "saveProxyProtocol": "Запази Настройки",
"settingsUpdated": "Настройките са обновени",
"settingsUpdatedDescription": "Настройките са успешно актуализирани.",
"settingsErrorUpdate": "Неуспешно обновяване на настройките",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Управлявайте абонамента си за платени самостоятелно хоствани лицензионни ключове",
"billingCurrentKeys": "Текущи ключове",
"billingModifyCurrentPlan": "Промяна на текущия план",
+ "billingManageLicenseSubscriptionDescription": "Управление на вашия абонамент за платени самообслужвани лицензионни ключове и изтегляне на фактури.",
"billingConfirmUpgrade": "Потвърдете повишаването",
"billingConfirmDowngrade": "Потвърдете понижението",
"billingConfirmUpgradeDescription": "Предстои ви да повишите плана си. Прегледайте новите ограничения и цени по-долу.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Мрежа",
"addressDescription": "Вътрешният адрес на клиента. Трябва да пада в подмрежата на организацията.",
"selectSites": "Избор на сайтове",
+ "selectLabels": "Изберете етикети",
"sitesDescription": "Клиентът ще има връзка с избраните сайтове",
"clientInstallOlm": "Инсталиране на Olm",
"clientInstallOlmDescription": "Конфигурирайте Olm да работи на вашата система",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Неизвестен",
"healthCheck": "Проверка на здравето",
"configureHealthCheck": "Конфигуриране на проверка на здравето",
- "configureHealthCheckDescription": "Настройте мониторинг на здравето за {target}",
+ "configureHealthCheckDescription": "Настройте мониторинг за вашия ресурс, за да се уверите, че винаги е на разположение",
"enableHealthChecks": "Разрешаване на проверки на здравето",
"healthCheckDisabledStateDescription": "Когато е деактивиран, сайтът не изпълнява проверки и състоянието се счита за неизвестно.",
"enableHealthChecksDescription": "Мониторинг на здравето на тази цел. Можете да наблюдавате различен краен пункт от целта, ако е необходимо.",
"healthScheme": "Метод",
"healthSelectScheme": "Избор на метод",
- "healthCheckPortInvalid": "Портът за проверка на състоянието трябва да е между 1 и 65535",
+ "healthCheckPortInvalid": "Портът трябва да бъде между 1 и 65535",
"healthCheckPath": "Път",
"healthHostname": "IP / Хост",
"healthPort": "Порт",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Времето е в секунди",
"requireDeviceApproval": "Изискват одобрение на устройства",
"requireDeviceApprovalDescription": "Потребители с тази роля трябва да имат нови устройства одобрени от администратор преди да могат да се свържат и да имат достъп до ресурси.",
- "sshAccess": "SSH достъп",
+ "sshSettings": "Настройки за SSH",
+ "sshAccess": "SSH Достъп",
+ "rdpSettings": "Настройки за RDP",
+ "vncSettings": "Настройки за VNC",
+ "sshServer": "SSH сървър",
+ "rdpServer": "RDP сървър",
+ "vncServer": "VNC сървър",
+ "sshServerDescription": "Настройте метода на идентификация, местоположението на демона и дестинацията на сървъра",
+ "rdpServerDescription": "Конфигуриране на дестинацията и порта на RDP сървъра",
+ "vncServerDescription": "Конфигуриране на дестинацията и порта на VNC сървъра",
+ "sshServerMode": "Режим",
+ "sshServerModeStandard": "Стандартен SSH сървър",
+ "sshServerModePangolin": "Панголиин SSH",
+ "sshServerModeStandardDescription": "Насочва командите към мрежата до SSH сървър, като например OpenSSH.",
+ "sshServerModeNative": "Нативен SSH сървър",
+ "sshServerModeNativeDescription": "Изпълнява команди директно на хоста чрез конектора на сайта. Не е необходима мрежова конфигурация.",
+ "sshAuthenticationMethod": "Метод на идентификация",
+ "sshAuthMethodManual": "Ръчна идентификация",
+ "sshAuthMethodManualDescription": "Изисква съществуващи идентификационни данни за хоста. Пропуска автоматичното осигуряване.",
+ "sshAuthMethodAutomated": "Автоматично осигуряване",
+ "sshAuthMethodAutomatedDescription": "Създава автоматично потребители, групи и sudo разрешения на хоста.",
+ "sshAuthDaemonLocation": "Местоположение на демона за идентификация",
+ "sshDaemonLocationSiteDescription": "Изпълнява се локално на машината, която хоства конектора на сайта.",
+ "sshDaemonLocationRemote": "На отдалечен хост",
+ "sshDaemonLocationRemoteDescription": "Изпълнява се на отделна целева машина в същата мрежа.",
+ "sshDaemonDisclaimer": "Уверете се, че вашата целева хост машина е правилно конфигурирана за изпълнение на демона за идентификация преди завършване на тази настройка, в противен случай осигуряването ще се провали.",
+ "sshDaemonPort": "Порт на демона",
+ "sshServerDestination": "Дестинация на сървъра",
+ "sshServerDestinationDescription": "Конфигурирайте дестинацията на SSH сървъра",
+ "destination": "Дестинация",
+ "destinationRequired": "Дестинацията е необходима.",
+ "domainRequired": "Домейнът е необходим.",
+ "proxyPortRequired": "Портът е необходим.",
+ "invalidPathConfiguration": "Невалидна конфигурация на пътя.",
+ "invalidRewritePathConfiguration": "Невалидна конфигурация на пренаписване на пътя.",
+ "bgTargetMultiSiteDisclaimer": "Избиране на множество сайтове позволява устойчиво маршрутизиране и сокетно превключване за висока наличност.",
"roleAllowSsh": "Разреши SSH",
"roleAllowSshAllow": "Разреши",
"roleAllowSshDisallow": "Забрани",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.",
"sshSudo": "Разреши sudo",
"sshSudoCommands": "Sudo команди",
- "sshSudoCommandsDescription": "Списък, разделен със запетаи, с команди, които потребителят е позволено да изпълнява с sudo.",
+ "sshSudoCommandsDescription": "Списък с команди, които потребителят има право да изпълнява със sudo, разделени със запетаи, интервали или нови редове. Необходимо е да се използват абсолютни пътища.",
"sshCreateHomeDir": "Създай начална директория",
"sshUnixGroups": "Unix групи",
- "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.",
+ "sshUnixGroupsDescription": "Unix групи, за добавяне на потребителя на целевия хост, разделени със запетаи, интервали или нови редове.",
+ "roleTextFieldPlaceholder": "Въведете стойности или пуснете .txt или .csv файл",
+ "roleTextImportTitle": "Импортиране от файл",
+ "roleTextImportDescription": "Импортиране на {fileName} в {fieldLabel}.",
+ "roleTextImportSkipHeader": "Пропускане на първи ред (заглавие)",
+ "roleTextImportOverride": "Заместване на съществуващите",
+ "roleTextImportAppend": "Добавяне към съществуващите",
+ "roleTextImportMode": "Режим на импортиране",
+ "roleTextImportPreview": "Преглед",
+ "roleTextImportItemCount": "{count, plural, =0 {Няма артикули за импортиране} one {1 артикул за импортиране} other {# артикули за импортиране}}",
+ "roleTextImportTotalCount": "{existing} съществуващи + {imported} импортирани = {total} общо",
+ "roleTextImportConfirm": "Импортиране",
+ "roleTextImportInvalidFile": "Неподдържан тип файл",
+ "roleTextImportInvalidFileDescription": "Само .txt и .csv файлове са поддържани.",
+ "roleTextImportEmpty": "Няма намерени елементи във файла",
+ "roleTextImportEmptyDescription": "Файлът не съдържа подлежащи на импортиране елементи.",
"retryAttempts": "Опити за повторно",
"expectedResponseCodes": "Очаквани кодове за отговор",
"expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.",
@@ -2049,8 +2296,9 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Метод",
- "editInternalResourceDialogEnableSsl": "Активирайте TLS",
+ "editInternalResourceDialogEnableSsl": "Активиране на TLS",
"editInternalResourceDialogEnableSslDescription": "Активирайте SSL/TLS криптиране за сигурни HTTPS връзки към целта.",
"editInternalResourceDialogDestination": "Дестинация",
"editInternalResourceDialogDestinationHostDescription": "IP адресът или името на хоста на ресурса в мрежата на сайта.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Сайт",
"selectSite": "Изберете сайт...",
"multiSitesSelectorSitesCount": "{count, plural, one {# сайт} other {# сайтове}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# етикет} other {# етикета}}",
"noSitesFound": "Не са намерени сайтове.",
"createInternalResourceDialogProtocol": "Протокол",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,15 +2347,17 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Метод",
"createInternalResourceDialogScheme": "Метод",
- "createInternalResourceDialogEnableSsl": "Активирайте TLS",
+ "createInternalResourceDialogEnableSsl": "Активиране на TLS",
"createInternalResourceDialogEnableSslDescription": "Активирайте SSL/TLS криптиране за сигурни HTTPS връзки към целта.",
"createInternalResourceDialogDestination": "Дестинация",
"createInternalResourceDialogDestinationHostDescription": "IP адресът или името на хоста на ресурса в мрежата на сайта.",
"createInternalResourceDialogDestinationCidrDescription": "CIDR диапазонът на ресурса в мрежата на сайта.",
"createInternalResourceDialogAlias": "Псевдоним",
"createInternalResourceDialogAliasDescription": "По избор вътрешен DNS псевдоним за този ресурс.",
+ "internalResourceAliasLocalWarning": "Синоними с окончание .local могат да причинят проблеми с резолюцията поради mDNS в някои мрежи.",
"internalResourceDownstreamSchemeRequired": "Методът е задължителен за HTTP ресурси",
"internalResourceHttpPortRequired": "Портът към целта е задължителен за HTTP ресурси",
"siteConfiguration": "Конфигурация",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Отдалечени възли",
"remoteExitNodeId": "ID.",
"remoteExitNodeSecretKey": "Секретен ключ.",
+ "remoteExitNodeNetworkingTitle": "Настройки на Мрежата",
+ "remoteExitNodeNetworkingDescription": "Настройте как този отдалечен край маршрутизира трафика и кои сайтове предпочитат да се свържат чрез него. Усъвършенствани функции за използване при конфигурации на бекаул мрежи.",
+ "remoteExitNodeNetworkingSave": "Запазване на Настройките",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Настройките на мрежата са успешно запазени",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Настройките на мрежата бяха успешно обновени.",
+ "remoteExitNodeNetworkingSaveError": "Неуспешно запазване на мрежовите настройки",
+ "remoteExitNodeNetworkingSubnetsTitle": "Отдалечени Подмрежи",
+ "remoteExitNodeNetworkingSubnetsDescription": "Определете CIDR диапазоните, които този отдалечен край ще маршрутизира трафика към. Въведете валиден CIDR (e.g. 10.0.0.0/8) и натиснете Enter, за да добавите.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Добавете CIDR диапазон (напр. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Неуспешно зареждане на подмрежи",
+ "remoteExitNodeNetworkingLabelsTitle": "Етикети за Предпочитания",
+ "remoteExitNodeNetworkingLabelsDescription": "Сайтове с тези етикети ще бъдат принудени да се свържат чрез този отдалечен край.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Изберете етикети...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Търсене на етикети...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Неуспешно зареждане на етикети",
"remoteExitNodeCreate": {
"title": "Създаване на отдалечен възел.",
"description": "Създайте нов самохостнал отдалечен ретранслатор и прокси сървърен възел.",
@@ -2233,7 +2499,7 @@
"description": "По-надежден и по-нисък поддръжка на Самостоятелно-хостван Панголиин сървър с допълнителни екстри",
"introTitle": "Управлявано Самостоятелно-хостван Панголиин",
"introDescription": "е опция за внедряване, предназначена за хора, които искат простота и допълнителна надеждност, като същевременно запазят данните си частни и самостоятелно-хоствани.",
- "introDetail": "С тази опция все още управлявате свой собствен Панголиин възел - вашите тунели, TLS терминатора и трафик остават на вашия сървър. Разликата е, че управлението и мониторингът се обработват чрез нашия облачен панел за контрол, който отключва редица предимства:",
+ "introDetail": "С тази опция все още управлявате свой собствен възел на Панголиин - вашите тунели, SSL прекратяване и трафик остават на вашия сървър. Разликата е, че управлението и мониторингът се обработват чрез нашия облачен панел, който отключва редица предимства:",
"benefitSimplerOperations": {
"title": "По-прости операции",
"description": "Няма нужда да управлявате свой собствен имейл сървър или да настройвате сложни аларми. Ще получите проверки и предупреждения при прекъсване от самото начало."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC доставчик",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC доставчик",
"subnet": "Подмрежа",
+ "utilitySubnet": "Мрежа на Помощни Подмрежи",
"subnetDescription": "Подмрежата за конфигурацията на мрежата на тази организация.",
"customDomain": "Персонализиран домейн.",
"authPage": "Страници за автентификация.",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Липсва идентификатор на организация или домейн",
"loadingDNSRecords": "Зареждане на DNS записи...",
"olmUpdateAvailableInfo": "Налична е актуализирана версия на Olm. Моля, актуализирайте до най-новата версия за най-добро преживяване.",
+ "updateAvailableInfo": "На разположение е обновена версия. Моля, обновете до най-новата версия за най-добър опит.",
"client": "Клиент",
"proxyProtocol": "Настройки на прокси протокол",
"proxyProtocolDescription": "Конфигурирайте Proxy Protocol, за да запазите IP адресите на клиентите за TCP услуги.",
"enableProxyProtocol": "Активирайте прокси протокола",
"proxyProtocolInfo": "Запазете IP адресите на клиентите за TCP бекендове",
"proxyProtocolVersion": "Версия на прокси протокола",
- "version1": "Версия 1 (Препоръчително)",
+ "version1": "Версия 1 (Препоръчана)",
"version2": "Версия 2",
- "versionDescription": "Версия 1 е текстово-базирана и широко поддържана. Версия 2 е бърна и по-ефективна, но по-малко съвместима.",
+ "version1Description": "Текстово-базирана и широко поддържана. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
+ "version2Description": "Двоична и по-ефективна, но по-малко съвместима. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
"warning": "Предупреждение",
"proxyProtocolWarning": "Вашето бекенд приложение трябва да бъде конфигурирано да приема прокси протоколни връзки. Ако вашият бекенд не поддържа прокси протокол, активирането му ще прекъсне всички връзки. Уверете се, че сте конфигурирали вашия бекенд да се доверява на заглавията на прокси протокола от Traefik.",
"restarting": "Рестартиране...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Въведете потвърждение.",
"blueprintViewDetails": "Подробности.",
"defaultIdentityProvider": "По подразбиране доставчик на идентичност.",
- "defaultIdentityProviderDescription": "Когато е избран основен доставчик на идентичност, потребителят ще бъде автоматично пренасочен към доставчика за удостоверяване.",
+ "defaultIdentityProviderDescription": "Потребителят автоматично ще бъде пренасочен към този удостоверител за удостоверяване.",
"editInternalResourceDialogNetworkSettings": "Мрежови настройки.",
"editInternalResourceDialogAccessPolicy": "Политика за достъп.",
"editInternalResourceDialogAddRoles": "Добавяне на роли.",
@@ -2937,11 +3206,12 @@
"learnMore": "Научете повече.",
"backToHome": "Връщане към началната страница.",
"needToSignInToOrg": "Трябва ли да използвате доставчика на идентичност на организацията си?",
- "maintenanceMode": "Режим на поддръжка.",
+ "maintenanceMode": "Страница за поддръжка",
"maintenanceModeDescription": "Показване на страницата за поддръжка на посетители.",
"maintenanceModeType": "Тип режим на поддръжка.",
"showMaintenancePage": "Показване на страницата за поддръжка на посетители.",
"enableMaintenanceMode": "Активиране на режим на поддръжка.",
+ "enableMaintenanceModeDescription": "При включване, посетителите ще виждат страница за поддръжка вместо вашия ресурс.",
"automatic": "Автоматично.",
"automaticModeDescription": "Показване на страницата за поддръжка само когато всички целеви подсистеми са неработоспособни или в лошо състояние. Вашият ресурс продължава да работи нормално, докато поне един целеви подсистемен елемент е в здравия диапазон.",
"forced": "Наложително.",
@@ -2949,6 +3219,8 @@
"warning:": "Предупреждение:",
"forcedeModeWarning": "Целият трафик ще бъде пренасочен към страницата за поддръжка. Вашите подсистемни ресурси няма да получат никакви заявки.",
"pageTitle": "Заглавие на страницата.",
+ "maintenancePageContentSubsection": "Съдържание на страницата",
+ "maintenancePageContentSubsectionDescription": "Персонализирайте съдържанието, показвано на страницата за поддръжка",
"pageTitleDescription": "Основното заглавие, показвано на страницата за поддръжка.",
"maintenancePageMessage": "Съобщение за поддръжка.",
"maintenancePageMessagePlaceholder": "Ще се върнем скоро! Нашият сайт понастоящем е в процес на планирана поддръжка.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Прогнозно завършване:",
"createInternalResourceDialogDestinationRequired": "Дестинацията е задължителна.",
"available": "Налично",
+ "disabledResourceDescription": "Когато е деактивиран, ресурсът ще бъде недостъпен от всеки.",
"archived": "Архивирано",
"noArchivedDevices": "Не са намерени архивирани устройства.",
"deviceArchived": "Устройството е архивирано.",
@@ -3136,7 +3409,7 @@
"httpDestNamePlaceholder": "Моята HTTP дестинация",
"httpDestUrlLabel": "Дестинация URL",
"httpDestUrlErrorHttpRequired": "URL адресът трябва да използва http или https",
- "httpDestUrlErrorHttpsRequired": "HTTPS е необходимо за облачни инсталации",
+ "httpDestUrlErrorHttpsRequired": "SSL е необходимо за облачни инсталации",
"httpDestUrlErrorInvalid": "Въведете валиден URL (напр. https://example.com/webhook)",
"httpDestAuthTitle": "Удостоверяване",
"httpDestAuthDescription": "Изберете как заявленията ви се удостоверяват.",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Сигурни ли сте, че искате да отвържете този доставчик на самоличност от тази организация?",
"idpUnassociateDescription": "Всички потребители, свързани с този доставчик на самоличност, ще бъдат премахнати от тази организация, но доставчика на самоличност ще продължи да съществува за други свързани организации.",
"idpUnassociateConfirm": "Потвърдете отвързване на доставчика на самоличност",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "ИЗТРИВАНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
+ "idpUnassociateAndRemoveMeFromOrg": "ОДЕЛЯНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
"idpUnassociateWarning": "Това не може да бъде отменено за тази организация.",
"idpUnassociatedDescription": "Доставчика на самоличност е успешно отвързан от тази организация",
"idpUnassociateMenu": "Отвързване",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Бял списък на имейли",
"memberPortalResourceDisabled": "Ресурсът е деактивиран",
"memberPortalShowingResources": "Показва {start}-{end} от {total} ресурси",
+ "resourceLauncherTitle": "Стартер за Ресурси",
+ "resourceLauncherDescription": "Преглеждайте детайлите на ресурса и ги стартирайте от едно място",
+ "resourceLauncherSearchPlaceholder": "Търсете във всички сайтове...",
+ "resourceLauncherDefaultView": "По Подразбиране",
+ "resourceLauncherSaveView": "Запазете Изгледа",
+ "resourceLauncherSaveToCurrentView": "Запазете в Текущ Изглед",
+ "resourceLauncherResetView": "Нулирайте Изгледа",
+ "resourceLauncherSaveAsNewView": "Запазете като Нов Изглед",
+ "resourceLauncherSaveAsNewViewDescription": "Дайте име на този изглед, за да запазите текущите си филтри и оформление.",
+ "resourceLauncherSaveForEveryone": "Запазете за Всеки",
+ "resourceLauncherSaveForEveryoneDescription": "Споделете този изглед с всички членове на организацията. Когато е изключено, изгледът е видим само за вас.",
+ "resourceLauncherMakePersonal": "Направи Личен",
+ "resourceLauncherFilter": "Филтър",
+ "resourceLauncherSort": "Сортиране",
+ "resourceLauncherSortAscending": "Сортиране възходящо",
+ "resourceLauncherSortDescending": "Сортиране низходящо",
+ "resourceLauncherSettings": "Настройки",
+ "resourceLauncherGroupBy": "Групирай По",
+ "resourceLauncherGroupBySite": "Сайт",
+ "resourceLauncherGroupByLabel": "Етикет",
+ "resourceLauncherLayout": "Оформление",
+ "resourceLauncherLayoutGrid": "Мрежа",
+ "resourceLauncherLayoutList": "Списък",
+ "resourceLauncherShowLabels": "Показване на Етикети",
+ "resourceLauncherShowSiteTags": "Показване на Тагове на Сайт",
+ "resourceLauncherShowRecents": "Показване на Последни",
+ "resourceLauncherDeleteView": "Изтриване на Изглед",
+ "resourceLauncherViewAsAdmin": "Вижте като Админ",
+ "resourceLauncherResourceDetailsDescription": "Вижте детайлите за този ресурс.",
+ "resourceLauncherUnlabeled": "Без Етикет",
+ "resourceLauncherNoSite": "Няма Сайт",
+ "resourceLauncherNoResourcesInGroup": "Няма ресурси в тази група",
+ "resourceLauncherEmptyStateTitle": "Няма Налични Ресурси",
+ "resourceLauncherEmptyStateDescription": "Все още нямате достъп до никакви ресурси. Свържете се с вашия администратор, за да поискате достъп.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Няма Намерени Ресурси",
+ "resourceLauncherEmptyStateNoResultsDescription": "Никакви ресурси не съвпадат с текущото ви търсене или филтри. Опитайте да ги коригирате, за да намерите това, което търсите.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Никакви ресурси не съвпадат с \"{query}\". Опитайте да коригирате търсенето или да изтриете филтри, за да видите всички ресурси.",
+ "resourceLauncherCopiedToClipboard": "Копирано в клипборда",
+ "resourceLauncherCopiedAccessDescription": "Достъпът до ресурса е копиран на вашия клипборд.",
+ "resourceLauncherViewNamePlaceholder": "Име на Изгледа",
+ "resourceLauncherViewNameLabel": "Име на Изгледа",
+ "resourceLauncherViewSaved": "Изгледът е запазен",
+ "resourceLauncherViewSavedDescription": "Вашият изглед на стартер е запазен.",
+ "resourceLauncherViewSaveFailed": "Неуспешно запазване на изгледа",
+ "resourceLauncherViewSaveFailedDescription": "Не можеше да се запази изгледът на стартер. Моля, опитайте отново.",
+ "resourceLauncherViewDeleted": "Изгледът е изтрит",
+ "resourceLauncherViewDeletedDescription": "Изгледът на стартер е изтрит.",
+ "resourceLauncherViewDeleteFailed": "Неуспешно изтриване на изгледа",
+ "resourceLauncherViewDeleteFailedDescription": "Не можахте да изтриете изгледа на стартер. Моля, опитайте отново.",
"memberPortalPrevious": "Предишен",
- "memberPortalNext": "Следващ"
+ "memberPortalNext": "Следващ",
+ "httpSettings": "HTTP настройки",
+ "tcpSettings": "TCP настройки",
+ "udpSettings": "UDP настройки",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Установяване на защитена връзка…",
+ "sshConnecting": "Свързване…",
+ "sshInitializing": "Инициализиране…",
+ "sshSignInTitle": "Вход в SSH",
+ "sshSignInDescription": "Въведете вашите SSH данни за свързване",
+ "sshPasswordTab": "Парола",
+ "sshPrivateKeyTab": "Частен ключ",
+ "sshPrivateKeyField": "Частен ключ",
+ "sshPrivateKeyDisclaimer": "Частният ви ключ не се съхранява или видима за Панголиин. Като алтернатива, можете да използвате краткотрайни сертификати за безпроблемна автентикация с вашата съществуваща идентичност в Панголиин.",
+ "sshLearnMore": "Научете повече",
+ "sshPrivateKeyFile": "Файл с частен ключ",
+ "sshAuthenticate": "Свързване",
+ "sshTerminate": "Прекратяване",
+ "sshPoweredBy": "Подпомогнато от",
+ "sshErrorNoTarget": "Няма посочена цел",
+ "sshErrorWebSocket": "Неуспешно създаване на WebSocket връзка",
+ "sshErrorAuthFailed": "Неуспешна идентификация",
+ "sshErrorConnectionClosed": "Връзката е затворена преди завършване на идентификацията",
+ "sitePangolinSshDescription": "Позволете SSH достъп до ресурси на този сайт. Това може да бъде променено по-късно.",
+ "browserGatewayNoResourceForDomain": "Не е намерен ресурс за този домейн",
+ "browserGatewayNoTarget": "Няма цел",
+ "browserGatewayConnect": "Свързване",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Неуспешно подписване на SSH ключ за PAM push удостоверяване. Вписахте ли се като потребител?",
+ "sshTerminalError": "Грешка: {error}",
+ "sshConnectionClosedCode": "Връзката е затворена (код {code})",
+ "sshPrivateKeyPlaceholder": "-----НАЧАЛО НА OPENSSH ЧАСТЕН КЛЮЧ-----",
+ "sshPrivateKeyRequired": "Изисква се частен ключ",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Въведете VNC данните си за връзка",
+ "vncUsernameOptional": "Потребителско име (по избор)",
+ "vncPasswordOptional": "Парола (по избор)",
+ "vncNoResourceTarget": "Не е налична цел за ресурса",
+ "vncFailedToLoadNovnc": "Неуспешно зареждане на noVNC",
+ "vncAuthFailedStatus": "Статус {status}",
+ "vncPasteClipboard": "Поставяне на клепач",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Вписване в Отдалечен Работен Плот",
+ "rdpSignInDescription": "Въведете данните за вашата Windows, за да се свържете",
+ "rdpLoadingModule": "Зареждане на модул...",
+ "rdpFailedToLoadModule": "Неуспешно зареждане на RDP модул",
+ "rdpNotReady": "Не е готов",
+ "rdpModuleInitializing": "RDP модулът все още се инициализира",
+ "rdpDownloadingFiles": "Изтегляне на {count} файл/файлове от отдалечено...",
+ "rdpDownloadFailed": "Изтеглянето е неуспешно: {fileName}",
+ "rdpUploaded": "Качено: {fileName}",
+ "rdpNoConnectionTarget": "Няма налична цел за свързване",
+ "rdpConnectionFailed": "Връзката неуспешна",
+ "rdpFit": "Напасване",
+ "rdpFull": "Пълен",
+ "rdpReal": "Реален",
+ "rdpMeta": "Мета",
+ "rdpUploadFiles": "Качване на файловете",
+ "rdpFilesReadyToPaste": "Файлове готови за поставяне",
+ "rdpFilesReadyToPasteDescription": "{count} файл(ове) копирани в отдалечения клипборд — натиснете Ctrl+V на отдалечения работен плот за поставяне.",
+ "rdpUploadFailed": "Качването неуспешно",
+ "rdpUnicodeKeyboardMode": "Режим на unicode клавиатура",
+ "sessionToolbarShow": "Показване на лентата с инструменти",
+ "sessionToolbarHide": "Скриване на лентата с инструменти"
}
diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index 7c118ff29..ba5203938 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -66,9 +66,15 @@
"local": "Místní",
"edit": "Upravit",
"siteConfirmDelete": "Potvrdit odstranění lokality",
+ "siteConfirmDeleteAndResources": "Potvrdit odstranění lokality a zdrojů",
"siteDelete": "Odstranění lokality",
+ "siteDeleteAndResources": "Odstranit lokalitu a zdroje",
"siteMessageRemove": "Po odstranění webu již nebude přístupný. Všechny cíle spojené s webem budou také odstraněny.",
+ "siteMessageRemoveAndResources": "Toto trvale odstraní všechny veřejné a soukromé zdroje spojené s touto lokalitou, i když je zdroj také přiřazen k jiným lokalitám.",
"siteQuestionRemove": "Jste si jisti, že chcete odstranit tuto stránku z organizace?",
+ "siteQuestionRemoveAndResources": "Opravdu chcete odstranit tuto lokalitu a všechny přidružené zdroje?",
+ "sitesTableDeleteSite": "Odstranění lokality",
+ "sitesTableDeleteSiteAndResources": "Odstranit lokalitu a zdroje",
"siteManageSites": "Správa lokalit",
"siteDescription": "Vytvořte a spravujte stránky pro povolení připojení k soukromým sítím",
"sitesBannerTitle": "Připojit jakoukoli síť",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Zobrazit soukromé zdroje",
"siteInstallNewt": "Nainstalovat Newt",
"siteInstallNewtDescription": "Spustit Newt na vašem systému",
+ "siteInstallKubernetesDocsDescription": "Pro více aktuálních informací o instalaci Kubernetes navštivte docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Pro pokyny k instalaci modemu Advantech navštivte docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Konfigurace WireGuard",
"WgConfigurationDescription": "K připojení k síti použijte následující konfiguraci",
"operatingSystem": "Operační systém",
@@ -115,6 +123,16 @@
"siteUpdated": "Lokalita upravena",
"siteUpdatedDescription": "Lokalita byla upravena.",
"siteGeneralDescription": "Upravte obecná nastavení pro tuto lokalitu",
+ "siteRestartTitle": "Restartovat lokalitu",
+ "siteRestartDescription": "Restartujte tunel WireGuard pro tuto lokalitu. To krátce přeruší konektivitu.",
+ "siteRestartBody": "Použijte to, pokud tunel lokality nefunguje správně a chcete vynutit opětovné připojení bez restartování hostitele.",
+ "siteRestartButton": "Restartovat lokalitu",
+ "siteRestartDialogMessage": "Opravdu chcete restartovat WireGuard tunel pro {name}? Lokalita krátce ztratí konektivitu.",
+ "siteRestartWarning": "Lokalita bude krátce odpojena, zatímco se tunel restartuje.",
+ "siteRestarted": "Lokalita restartována",
+ "siteRestartedDescription": "Tunel WireGuard byl restartován.",
+ "siteErrorRestart": "Nepodařilo se restartovat lokalitu",
+ "siteErrorRestartDescription": "Při restartování lokality došlo k chybě.",
"siteSettingDescription": "Konfigurace nastavení na webu",
"siteResourcesTab": "Zdroje",
"siteResourcesNoneOnSite": "Tento web zatím nemá veřejné ani soukromé zdroje.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Toto nastavení uvidíte pouze jednou. Ujistěte se, že jej zkopírujete na bezpečné místo.",
"siteInfo": "Údaje o lokalitě",
"status": "Stav",
- "shareTitle": "Spravovat sdílení odkazů",
+ "shareTitle": "Spravovat sdílné odkazy",
"shareDescription": "Vytvořit sdílitelné odkazy pro udělení dočasného nebo trvalého přístupu ke zdrojům proxy",
- "shareSearch": "Hledat sdílené odkazy...",
- "shareCreate": "Vytvořit odkaz",
+ "shareSearch": "Hledat sdílné odkazy...",
+ "shareCreate": "Vytvořit sdílný odkaz",
"shareErrorDelete": "Nepodařilo se odstranit odkaz",
"shareErrorDeleteMessage": "Došlo k chybě při odstraňování odkazu",
"shareDeleted": "Odkaz odstraněn",
"shareDeletedDescription": "Odkaz byl odstraněn",
- "shareDelete": "Smazat odkaz ke sdílení",
- "shareDeleteConfirm": "Potvrdit smazání odkazu ke sdílení",
+ "shareDelete": "Odstranit sdílný odkaz",
+ "shareDeleteConfirm": "Potvrdit odstranění sdílného odkazu",
"shareQuestionRemove": "Jste si jisti, že chcete smazat tento odkaz ke sdílení?",
"shareMessageRemove": "Jakmile bude smazán, odkaz přestane fungovat a všichni, kdo jej používají, ztratí přístup k prostředku.",
"shareTokenDescription": "Přístupový token může být předán dvěma způsoby: jako parametr dotazu nebo v záhlaví požadavku. Tyto údaje musí být předány klientovi na každé žádosti o ověřený přístup.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Při vytváření odkazu došlo k chybě",
"shareCreateDescription": "Kdokoliv s tímto odkazem může přistupovat ke zdroji",
"shareTitleOptional": "Název (volitelné)",
+ "sharePathOptional": "Cesta (volitelně)",
+ "sharePathDescription": "Odkaz přesměruje uživatele na tuto cestu po autentikaci.",
"expireIn": "Platnost vyprší za",
"neverExpire": "Nikdy nevyprší",
"shareExpireDescription": "Doba platnosti určuje, jak dlouho bude odkaz použitelný a bude poskytovat přístup ke zdroji. Po této době odkaz již nebude fungovat a uživatelé kteří tento odkaz používali ztratí přístup ke zdroji.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Zvolte prosím zdroj",
"proxyResourceTitle": "Spravovat veřejné zdroje",
"proxyResourceDescription": "Vytváření a správa zdrojů, které jsou veřejně přístupné prostřednictvím webového prohlížeče",
- "proxyResourcesBannerTitle": "Veřejný přístup založený na webu",
- "proxyResourcesBannerDescription": "Veřejné prostředky jsou HTTPS nebo TCP/UDP proxy, které jsou přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
+ "publicResourcesBannerTitle": "Webové Veřejné Přístupy",
+ "publicResourcesBannerDescription": "Veřejné prostředky jsou HTTPS proxy přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
"clientResourceTitle": "Spravovat soukromé zdroje",
"clientResourceDescription": "Vytváření a správa zdrojů, které jsou přístupné pouze prostřednictvím připojeného klienta",
"privateResourcesBannerTitle": "Zero-Trust soukromý přístup",
@@ -208,11 +228,37 @@
"resourcesSearch": "Prohledat zdroje...",
"resourceAdd": "Přidat zdroj",
"resourceErrorDelte": "Chyba při odstraňování zdroje",
+ "resourcePoliciesBannerTitle": "Opětovné použití pravidel pro autentifikaci a přístup",
+ "resourcePoliciesBannerDescription": "Sdílené politiky zdrojů vám umožňují definovat metody autentifikace a přístupová pravidla jednou, poté je připojit k více veřejným zdrojům. Při aktualizaci politiky každý propojený zdroj automaticky dědí změnu.",
+ "resourcePoliciesBannerButtonText": "Zjistit více",
+ "resourcePoliciesTitle": "Správa Veřejných Zásad Zdrojů",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Zdroje",
+ "resourcePoliciesAttachedResources": "{count} zdroj(e/ů)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zdroj} few {# zdroje} many {# zdrojů} other {# zdrojů}}",
+ "resourcePoliciesAttachedResourcesEmpty": "žádné zdroje",
+ "resourcePoliciesDescription": "Vytvořte a spravujte zásady autentifikace pro řízení přístupu k vašim veřejným zdrojům",
+ "resourcePoliciesSearch": "Hledat zásady...",
+ "resourcePoliciesAdd": "Přidat zásadu",
+ "resourcePoliciesDefaultBadgeText": "Výchozí zásada",
+ "resourcePoliciesCreate": "Vytvořit Veřejnou Zásadu Zdroje",
+ "resourcePoliciesCreateDescription": "Postupujte podle následujících kroků k vytvoření nové zásady",
+ "resourcePolicyName": "Název zásady",
+ "resourcePolicyNameDescription": "Pojmenujte tuto zásadu, aby byla rozpoznatelná napříč vašimi zdroji",
+ "resourcePolicyNamePlaceholder": "např. Zásada interního přístupu",
+ "resourcePoliciesSeeAll": "Zobrazit všechny zásady",
+ "resourcePolicyAuthMethodAdd": "Přidat metodu ověřování",
+ "resourcePolicyOtpEmailAdd": "Přidat OTP emaily",
+ "resourcePolicyRulesAdd": "Přidat pravidla",
+ "resourcePolicyAuthMethodsDescription": "Povolit přístup ke zdrojům prostřednictvím dodatečných metod ověřování",
+ "resourcePolicyUsersRolesDescription": "Nakonfigurujte, kteří uživatelé a role mohou navštívit připojené zdroje",
+ "rulesResourcePolicyDescription": "Nakonfigurujte pravidla k řízení přístupu ke zdrojům spojeným s touto zásadou",
"authentication": "Autentifikace",
"protected": "Chráněno",
"notProtected": "Nechráněno",
"resourceMessageRemove": "Jakmile zdroj odstraníte, nebude dostupný. Všechny související služby a cíle budou také odstraněny.",
"resourceQuestionRemove": "Jste si jisti, že chcete odstranit zdroj z organizace?",
+ "resourcePolicyMessageRemove": "Jakmile je zásada odstraněna, ke zdroji již nebude možný přístup. Všechny související zdroje budou odpojeny a zůstanou bez ověření.",
+ "resourcePolicyQuestionRemove": "Jste si jisti, že chcete odstranit zásadu zdroje z organizace?",
"resourceHTTP": "Zdroj HTTPS",
"resourceHTTPDescription": "Proxy požadavky přes HTTPS pomocí plně kvalifikovaného názvu domény.",
"resourceRaw": "Surový TCP/UDP zdroj",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy požadavky na syrové TCP/UDP pomocí čísla portu. Vyžaduje připojení stránek ke vzdálenému uzlu.",
"resourceCreate": "Vytvořit zdroj",
"resourceCreateDescription": "Postupujte podle níže uvedených kroků, abyste vytvořili a připojili nový zdroj",
+ "resourceCreateGeneralDescription": "Konfigurace základních nastavení zdroje včetně názvu a typu",
"resourceSeeAll": "Zobrazit všechny zdroje",
- "resourceInfo": "Informace o zdroji",
+ "resourceCreateGeneral": "Obecné",
"resourceNameDescription": "Toto je zobrazovaný název zdroje.",
"siteSelect": "Vybrat lokalitu",
"siteSearch": "Hledat lokalitu",
@@ -231,12 +278,15 @@
"noCountryFound": "Nebyla nalezena žádná země.",
"siteSelectionDescription": "Tato lokalita poskytne připojení k cíli.",
"resourceType": "Typ zdroje",
- "resourceTypeDescription": "Určete, jak přistupovat ke zdroji",
+ "resourceTypeDescription": "Toto určuje protokol zdroje a jak bude zobrazen v prohlížeči. Později to nelze změnit.",
+ "resourceDomainDescription": "Zdroji bude obsluhován tento plně kvalifikovaný doménový název.",
"resourceHTTPSSettings": "Nastavení HTTPS",
"resourceHTTPSSettingsDescription": "Nakonfigurujte, jak bude dokument přístupný přes HTTPS",
+ "resourcePortDescription": "Externí port na instanci nebo uzlu Pangolin, kde bude zdroj dostupný.",
"domainType": "Typ domény",
"subdomain": "Subdoména",
"baseDomain": "Základní doména",
+ "configure": "Konfigurovat",
"subdomnainDescription": "Subdoména, kde bude zdroj přístupný.",
"resourceRawSettings": "Nastavení TCP/UDP",
"resourceRawSettingsDescription": "Nakonfigurujte, jak bude dokument přístupný přes TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Zpět",
"cancel": "Zrušit",
"resourceConfig": "Konfigurační snippety",
- "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační textové bloky pro nastavení TCP/UDP zdroje",
+ "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační úryvky pro nastavení TCP/UDP zdroje.",
"resourceAddEntrypoints": "Traefik: Přidat vstupní body",
"resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
"resourceLearnRaw": "Naučte se konfigurovat zdroje TCP/UDP",
"resourceBack": "Zpět na zdroje",
"resourceGoTo": "Přejít na dokument",
+ "resourcePolicyDelete": "Smazat zásadu zdroje",
+ "resourcePolicyDeleteConfirm": "Potvrdit smazání zásady zdroje",
"resourceDelete": "Odstranit dokument",
"resourceDeleteConfirm": "Potvrdit odstranění dokumentu",
+ "labelDelete": "Smazat štítek",
+ "labelAdd": "Přidat štítek",
+ "labelCreateSuccessMessage": "Štítek byl úspěšně vytvořen",
+ "labelDuplicateError": "Duplikátní štítek",
+ "labelDuplicateErrorDescription": "Štítek s tímto názvem již existuje.",
+ "labelEditSuccessMessage": "Štítek byl úspěšně změněn",
+ "labelNameField": "Název štítku",
+ "labelColorField": "Barva štítku",
+ "labelPlaceholder": "Př. domací laboratoř",
+ "labelCreate": "Vytvořit štítek",
+ "createLabelDialogTitle": "Vytvořit štítek",
+ "createLabelDialogDescription": "Vytvořte nový štítek, který může být přiřazen této organizaci",
+ "labelEdit": "Upravit štítek",
+ "editLabelDialogTitle": "Aktualizovat štítek",
+ "editLabelDialogDescription": "Upravte nový štítek, který může být přiřazen této organizaci",
+ "labelDeleteConfirm": "Potvrdit smazání štítku",
+ "labelErrorDelete": "Nepodařilo se smazat štítek",
+ "labelMessageRemove": "Tato akce je trvalá. Všechny weby, zdroje a klienti označeni tímto štítkem budou neoznačeni.",
+ "labelQuestionRemove": "Jste si jisti, že chcete odebrat štítek z organizace?",
"visibility": "Viditelnost",
"enabled": "Povoleno",
"disabled": "Zakázáno",
@@ -265,6 +336,8 @@
"rules": "Pravidla",
"resourceSettingDescription": "Konfigurace nastavení na zdroji",
"resourceSetting": "Nastavení {resourceName}",
+ "resourcePolicySettingDescription": "Konfigurujte nastavení této veřejné zásady zdrojů",
+ "resourcePolicySetting": "Nastavení {policyName}",
"alwaysAllow": "Obejít Auth",
"alwaysDeny": "Blokovat přístup",
"passToAuth": "Předat k ověření",
@@ -671,7 +744,7 @@
"targetSubmit": "Add Target",
"targetNoOne": "Tento zdroj nemá žádné cíle. Přidejte cíl pro konfiguraci kam poslat žádosti na backend.",
"targetNoOneDescription": "Přidáním více než jednoho cíle se umožní vyvážení zatížení.",
- "targetsSubmit": "Uložit cíle",
+ "targetsSubmit": "Uložit Nastavení",
"addTarget": "Add Target",
"proxyMultiSiteRoundRobinNodeHelp": "Round robin routing nebude fungovat mezi lokalitami, které nejsou připojeny ke stejnému uzlu, ale failover bude fungovat.",
"targetErrorInvalidIp": "Neplatná IP adresa",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Duplikovat pravidlo",
"rulesErrorDuplicateDescription": "Pravidlo s těmito nastaveními již existuje",
"rulesErrorInvalidIpAddressRange": "Neplatný CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Zadejte prosím platnou hodnotu CIDR",
- "rulesErrorInvalidUrl": "Neplatná URL cesta",
- "rulesErrorInvalidUrlDescription": "Zadejte platnou hodnotu URL cesty",
+ "rulesErrorInvalidIpAddressRangeDescription": "Zadejte platný rozsah CIDR (např. 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Neplatná cesta",
+ "rulesErrorInvalidUrlDescription": "Zadejte platnou URL cestu nebo vzor (např. /api/*).",
"rulesErrorInvalidIpAddress": "Neplatná IP adresa",
- "rulesErrorInvalidIpAddressDescription": "Zadejte prosím platnou IP adresu",
+ "rulesErrorInvalidIpAddressDescription": "Zadejte platnou IPv4 nebo IPv6 adresu.",
"rulesErrorUpdate": "Aktualizace pravidel se nezdařila",
"rulesErrorUpdateDescription": "Při aktualizaci pravidel došlo k chybě",
"rulesUpdated": "Povolit pravidla",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "Zadejte adresu ve formátu CIDR (např. 103.21.244.0/22)",
"rulesMatchIpAddress": "Zadejte IP adresu (např. 103.21.244.12)",
"rulesMatchUrl": "Zadejte URL cestu nebo vzor (např. /api/v1/todos nebo /api/v1/*)",
- "rulesErrorInvalidPriority": "Neplatná Priorita",
- "rulesErrorInvalidPriorityDescription": "Zadejte prosím platnou prioritu",
- "rulesErrorDuplicatePriority": "Duplikovat priority",
- "rulesErrorDuplicatePriorityDescription": "Zadejte prosím unikátní priority",
+ "rulesErrorInvalidPriority": "Neplatná priorita",
+ "rulesErrorInvalidPriorityDescription": "Zadejte celé číslo 1 nebo vyšší.",
+ "rulesErrorDuplicatePriority": "Duplicitní priority",
+ "rulesErrorDuplicatePriorityDescription": "Každé pravidlo musí mít unikátní číslo priority.",
+ "rulesErrorValidation": "Neplatná pravidla",
+ "rulesErrorValidationRuleDescription": "Pravidlo {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Vyberte platný typ shody (cesta, IP, CIDR, země, oblast nebo ASN).",
+ "rulesErrorValueRequired": "Zadejte hodnotu pro toto pravidlo.",
+ "rulesErrorInvalidCountry": "Neplatná země",
+ "rulesErrorInvalidCountryDescription": "Vyberte platnou zemi.",
+ "rulesErrorInvalidAsn": "Neplatný ASN",
+ "rulesErrorInvalidAsnDescription": "Zadejte platný ASN (např. AS15169).",
"ruleUpdated": "Pravidla byla aktualizována",
"ruleUpdatedDescription": "Pravidla byla úspěšně aktualizována",
"ruleErrorUpdate": "Operace selhala",
"ruleErrorUpdateDescription": "Při ukládání došlo k chybě",
"rulesPriority": "Priorita",
+ "rulesReorderDragHandle": "Přetažením změňte prioritu pravidel",
"rulesAction": "Akce",
"rulesMatchType": "Typ shody",
"value": "Hodnota",
@@ -744,9 +826,60 @@
"rulesResource": "Konfigurace pravidel zdroje",
"rulesResourceDescription": "Nastavit pravidla pro kontrolu přístupu ke zdroji",
"ruleSubmit": "Přidat pravidlo",
- "rulesNoOne": "Žádná pravidla. Přidejte pravidlo pomocí formuláře.",
+ "rulesNoOne": "Žádná pravidla zatím nejsou.",
"rulesOrder": "Pravidla jsou hodnocena podle priority vzestupně.",
"rulesSubmit": "Uložit pravidla",
+ "policyErrorCreate": "Chyba při vytváření zásady",
+ "policyErrorCreateDescription": "Při vytváření zásady došlo k chybě",
+ "policyErrorCreateMessageDescription": "Došlo k neočekávané chybě",
+ "policyErrorUpdate": "Chyba při aktualizaci zásady",
+ "policyErrorUpdateDescription": "Při aktualizaci zásady došlo k chybě",
+ "policyErrorUpdateMessageDescription": "Došlo k neočekávané chybě",
+ "policyCreatedSuccess": "Zásada zdroje byla úspěšně vytvořena",
+ "policyUpdatedSuccess": "Zásada zdroje byla úspěšně aktualizována",
+ "authMethodsSave": "Uložit nastavení",
+ "policyAuthStackTitle": "Autentifikace",
+ "policyAuthStackDescription": "Určete, které metody autentifikace jsou požadovány pro přístup k tomuto zdroji",
+ "policyAuthOrLogicTitle": "Více metod autentifikace je aktivních",
+ "policyAuthOrLogicBanner": "Návštěvníci mohou použít jakoukoli aktivní metodu uvedenou níže. Nemusí splnit všechny z nich.",
+ "policyAuthMethodActive": "Aktivní",
+ "policyAuthMethodOff": "Vypnuto",
+ "policyAuthSsoTitle": "Platformové SSO",
+ "policyAuthSsoDescription": "Požadujte přihlášení prostřednictvím identifikačního poskytovatele vaší organizace",
+ "policyAuthSsoSummary": "{idp} · {users} uživatelé, {roles} role",
+ "policyAuthSsoDefaultIdp": "Výchozí poskytovatel",
+ "policyAuthAddDefaultIdentityProvider": "Přidat výchozího identifikačního poskytovatele",
+ "policyAuthOtherMethodsTitle": "Ostatní metody",
+ "policyAuthOtherMethodsDescription": "Volitelné metody, které návštěvníci mohou použít místo nebo vedle platformového SSO",
+ "policyAuthPasscodeTitle": "Heslo",
+ "policyAuthPasscodeDescription": "Vyžadovat sdílené alfanumerické heslo pro přístup ke zdroji",
+ "policyAuthPasscodeSummary": "Sada hesel",
+ "policyAuthPincodeTitle": "PIN Kód",
+ "policyAuthPincodeDescription": "Krátký číselný kód vyžadován pro přístup ke zdroji",
+ "policyAuthPincodeSummary": "Nastaven 6místný PIN",
+ "policyAuthEmailTitle": "Email Whitelist",
+ "policyAuthEmailDescription": "Povolit vybraným emailovým adresám s jednorázovými hesly",
+ "policyAuthEmailSummary": "Povoleno {count} adres(y)",
+ "policyAuthEmailOtpCallout": "Povolení seznamu povolených e-mailů odešle jednorázové heslo na e-mail návštěvníka při přihlášení.",
+ "policyAuthHeaderAuthTitle": "Základní Ověření Záhlaví",
+ "policyAuthHeaderAuthDescription": "Ověřit vlastní HTTP hlavičku názvu a hodnoty při každém požadavku",
+ "policyAuthHeaderAuthSummary": "Nastaveno hlavička",
+ "policyAuthHeaderName": "Název hlavičky",
+ "policyAuthHeaderValue": "Očekávaná hodnota",
+ "policyAuthSetPasscode": "Nastavit přístupový kód",
+ "policyAuthSetPincode": "Nastavit PIN kód",
+ "policyAuthSetEmailWhitelist": "Nastavit e-mailový whitelist",
+ "policyAuthSetHeaderAuth": "Nastavit základní autentizaci hlavičkou",
+ "policyAccessRulesTitle": "Pravidla Přístupu",
+ "policyAccessRulesEnableDescription": "Když je povoleno, pravidla jsou hodnocena sestupně, dokud jedno není vyhodnoceno jako pravda.",
+ "policyAccessRulesFirstMatch": "Pravidla jsou vyhodnocována shora dolů. První odpovídající pravidlo určuje výsledek.",
+ "policyAccessRulesHowItWorks": "Pravidla odpovídají požadavkům podle cesty, IP adresy, lokace nebo jiného kritéria. Každé pravidlo aplikuje akci: obejít autentizaci, zablokovat přístup nebo předat k autentizaci. Pokud žádné neodpovídá, provoz pokračuje k autentizaci.",
+ "policyAccessRulesFallthroughOff": "Když jsou pravidla zakázána, veškerý provoz přechází k autentizaci.",
+ "policyAccessRulesFallthroughOn": "Když žádné pravidlo neodpovídá, provoz přechází k autentizaci.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Uložit pravidla",
"resourceErrorCreate": "Chyba při vytváření zdroje",
"resourceErrorCreateDescription": "Při vytváření zdroje došlo k chybě",
"resourceErrorCreateMessage": "Chyba při vytváření zdroje:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Došlo k chybě při aktualizaci zdroje",
"access": "Přístup",
"accessControl": "Kontrola přístupu",
- "shareLink": "{resource} Sdílet odkaz",
+ "shareLink": "{resource} Sdílný odkaz",
"resourceSelect": "Vyberte zdroj",
- "shareLinks": "Sdílet odkazy",
+ "shareLinks": "Sdíletelné odkazy",
"share": "Sdílené odkazy",
"shareDescription2": "Vytvořte sdílitelné odkazy na zdroje. Odkazy poskytují dočasný nebo neomezený přístup k vašemu zdroji. Můžete nakonfigurovat dobu vypršení platnosti odkazu při jeho vytvoření.",
"shareEasyCreate": "Snadné vytváření a sdílení",
@@ -810,6 +943,17 @@
"pincodeAdd": "Přidat PIN kód",
"pincodeRemove": "Odstranit PIN kód",
"resourceAuthMethods": "Metody ověřování",
+ "resourcePolicyAuthMethodsEmpty": "Žádná metoda ověřování",
+ "resourcePolicyOtpEmpty": "Žádné jednorázové hesla",
+ "resourcePolicyReadOnly": "Tato zásada je pouze ke čtení",
+ "resourcePolicyReadOnlyDescription": "Tato zásada zdroje je sdílena mezi více zdroji, nelze ji upravovat na této stránce.",
+ "editSharedPolicy": "Upravit sdílenou zásadu",
+ "resourcePolicyTypeSave": "Uložit typ zdroje",
+ "resourcePolicySelect": "Vybrat zásadu zdroje",
+ "resourcePolicySelectError": "Vyberte zásadu zdroje",
+ "resourcePolicyNotFound": "Zásada nenalezena",
+ "resourcePolicySearch": "Hledat zásady",
+ "resourcePolicyRulesEmpty": "Žádná pravidla ověřování",
"resourceAuthMethodsDescriptions": "Povolit přístup ke zdroji pomocí dodatečných metod autorizace",
"resourceAuthSettingsSave": "Úspěšně uloženo",
"resourceAuthSettingsSaveDescription": "Nastavení ověřování bylo uloženo",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Nastavit anonymní kód",
"resourcePincodeSetupTitleDescription": "Nastavit pincode pro ochranu tohoto zdroje",
"resourceRoleDescription": "Administrátoři mají vždy přístup k tomuto zdroji.",
+ "resourcePolicySelectTitle": "Zásada přístupu ke zdrojům",
+ "resourcePolicySelectDescription": "Vyberte typ zásady zdroje ověřování",
+ "resourcePolicyTypeLabel": "Typ zásady zdroje",
+ "resourcePolicyLabel": "Zásada zdroje",
+ "resourcePolicyInline": "Inline Zásada Zdroje",
+ "resourcePolicyInlineDescription": "Zásada přístupu se zaměřením pouze na tento zdroj",
+ "resourcePolicyShared": "Sdílená Zásada Zdroje",
+ "resourcePolicySharedDescription": "Tento zdroj používá sdílenou zásadu.",
+ "sharedPolicy": "Sdílená Zásada",
+ "sharedPolicyNoneDescription": "Tento zdroj má vlastní zásadu.",
+ "resourceSharedPolicyOwnDescription": "Tento zdroj má vlastní ovládání autentifikace a přístupových pravidel.",
+ "resourceSharedPolicyInheritedDescription": "Tento zdroj dědí ze {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Tento zdroj používá sdílenou politiku. Některá nastavení autentizace lze upravit na tomto zdroji k doplnění politiky. Pro úpravu základní politiky musíte upravit {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Tento zdroj používá sdílenou politiku. Některá přístupová pravidla lze upravit na tomto zdroji. Chcete-li změnit základní politiku, musíte upravit {policyName}.",
"resourceUsersRoles": "Kontrola přístupu",
"resourceUsersRolesDescription": "Nastavení, kteří uživatelé a role mohou navštívit tento zdroj",
"resourceUsersRolesSubmit": "Uložit přístupové řízení",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Viditelnost",
"resourceVisibilityTitleDescription": "Zcela povolit nebo zakázat viditelnost zdrojů",
"resourceGeneral": "Obecná nastavení",
- "resourceGeneralDescription": "Konfigurace obecných nastavení tohoto zdroje",
+ "resourceGeneralDescription": "Nakonfigurujte název, adresu a přístupovou politiku pro tento zdroj.",
+ "resourceGeneralDetailsSubsection": "Detaily zdroje",
+ "resourceGeneralDetailsSubsectionDescription": "Nastavte zobrazovaný název, identifikátor a veřejně dostupnou doménu pro tento zdroj.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Nastavte zobrazovaný název, identifikátor a veřejný port pro tento zdroj.",
+ "resourceGeneralPublicAddressSubsection": "Veřejná Adresa",
+ "resourceGeneralPublicAddressSubsectionDescription": "Nakonfigurujte, jak uživatelé dosáhnou tento zdroj.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autentizace & Přístup",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Vyberte, zda tento zdroj používá vlastní politiku, nebo dědí od sdílené politiky.",
"resourceEnable": "Povolit dokument",
"resourceTransfer": "Přenos zdroje",
"resourceTransferDescription": "Přenést tento zdroj na jiný web",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Při připojování k {name}došlo k chybě. Obraťte se na správce.",
"idpErrorNotFound": "IdP nenalezen",
"inviteInvalid": "Neplatná pozvánka",
+ "labels": "Štítky",
+ "orgLabelsDescription": "Spravujte štítky v této organizaci.",
+ "addLabels": "Přidat štítky",
+ "siteLabelsTab": "Štítky",
+ "siteLabelsDescription": "Spravujte štítky přiřazené k této lokalitě.",
+ "labelsNotFound": "Nebyly nalezeny žádné štítky.",
+ "labelsEmptyCreateHint": "Začněte psát výše k vytvoření štítku.",
+ "labelSearch": "Hledat štítky",
+ "labelSearchOrCreate": "Hledání nebo vytvoření štítku",
+ "accessLabelFilterCount": "{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
+ "labelOverflowCount": "+{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
+ "accessLabelFilterClear": "Vymazat filtry štítků",
+ "accessFilterClear": "Vymazat filtry",
+ "selectColor": "Vybrat barvu",
+ "createNewLabel": "Vytvořit nový štítek organizace \"{label}\"",
"inviteInvalidDescription": "Odkaz pro pozvání je neplatný.",
"inviteErrorWrongUser": "Pozvat není pro tohoto uživatele",
"inviteErrorUserNotExists": "Uživatel neexistuje. Nejprve si vytvořte účet.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Použít plán",
"actionListBlueprints": "Seznam šablon",
"actionGetBlueprint": "Získat šablonu",
+ "actionCreateOrgWideLauncherView": "Vytvořit organizační pohled",
"setupToken": "Nastavit token",
"setupTokenDescription": "Zadejte nastavovací token z konzole serveru.",
"setupTokenRequired": "Je vyžadován token nastavení",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Zdroje",
"sidebarProxyResources": "Veřejnost",
"sidebarClientResources": "Soukromé",
+ "sidebarPolicies": "Sdílené Odkazy",
+ "sidebarResourcePolicies": "Veřejné Zdroje",
"sidebarAccessControl": "Kontrola přístupu",
"sidebarLogsAndAnalytics": "Logy & Analytika",
"sidebarTeam": "Tým",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Admin",
"sidebarInvitations": "Pozvánky",
"sidebarRoles": "Role",
- "sidebarShareableLinks": "Odkazy",
+ "sidebarShareableLinks": "Sdílené Odkazy",
"sidebarApiKeys": "API klíče",
"sidebarProvisioning": "Zajištění",
"sidebarSettings": "Nastavení",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Stránka {id}",
"standaloneHcFilterResourceIdFallback": "Zdroj {id}",
"blueprints": "Plány",
- "blueprintsDescription": "Použít deklarativní konfigurace a zobrazit předchozí běhy",
+ "blueprintsLog": "Protokol plánů",
+ "blueprintsDescription": "Zobrazit předchozí aplikace modrotisku a jejich výsledky nebo aplikovat nový modrotisk",
"blueprintAdd": "Přidat plán",
"blueprintGoBack": "Zobrazit všechny plány",
"blueprintCreate": "Vytvořit plán",
@@ -1575,7 +1759,17 @@
"contents": "Obsah",
"parsedContents": "Parsed content (Pouze pro čtení)",
"enableDockerSocket": "Povolit Docker plán",
- "enableDockerSocketDescription": "Povolte seškrábání štítků na Docker Socket pro popisky plánů. Nová cesta musí být k dispozici.",
+ "enableDockerSocketDescription": "Povolte seškrábání štítků pro Docker Socket pro štítky plánů. Před připojením na lokalitní konektor musí být uvedena cesta k soketu. Přečtěte si, jak to funguje v dokumentaci.",
+ "newtAutoUpdate": "Povolit automatickou aktualizaci stránek",
+ "newtAutoUpdateDescription": "Když je povoleno, konektory stránek automaticky stáhnou nejnovější verzi a restartují se. To lze přepsat na základě jednotlivých míst.",
+ "siteAutoUpdate": "Automatická aktualizace stránek",
+ "siteAutoUpdateLabel": "Povolte automatickou aktualizaci",
+ "siteAutoUpdateDescription": "Když je povoleno, konektor této stránky automaticky stáhne nejnovější verzi a restartuje se sám.",
+ "siteAutoUpdateOrgDefault": "Výchozí organizace: {state}",
+ "siteAutoUpdateOverriding": "Přepsání nastavení organizace",
+ "siteAutoUpdateResetToOrg": "Obnovit na výchozí organizaci",
+ "siteAutoUpdateEnabled": "povoleno",
+ "siteAutoUpdateDisabled": "zakázáno",
"viewDockerContainers": "Zobrazit kontejnery Dockeru",
"containersIn": "Kontejnery v {siteName}",
"selectContainerDescription": "Vyberte jakýkoli kontejner pro použití jako název hostitele pro tento cíl. Klikněte na port pro použití portu.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certifikát",
"certificateStatusAutoRefreshHint": "Stav se automaticky obnovuje.",
"loading": "Načítání",
+ "loadingEllipsis": "Načítání...",
"loadingAnalytics": "Načítání analytiky",
"restart": "Restartovat",
"domains": "Domény",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Nastavení účtu dokončeno! Vítejte v Pangolinu!",
"documentation": "Dokumentace",
"saveAllSettings": "Uložit všechna nastavení",
- "saveResourceTargets": "Uložit cíle",
- "saveResourceHttp": "Uložit nastavení proxy",
- "saveProxyProtocol": "Uložit nastavení proxy protokolu",
+ "saveResourceTargets": "Uložit Nastavení",
+ "saveResourceHttp": "Uložit Nastavení",
+ "saveProxyProtocol": "Uložit Nastavení",
"settingsUpdated": "Nastavení aktualizováno",
"settingsUpdatedDescription": "Nastavení úspěšně aktualizována",
"settingsErrorUpdate": "Aktualizace nastavení se nezdařila",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Spravujte své předplatné za placené samohostované licenční klíče",
"billingCurrentKeys": "Aktuální klíče",
"billingModifyCurrentPlan": "Upravit aktuální tarif",
+ "billingManageLicenseSubscriptionDescription": "Spravujte své předplatné pro placené licence k samoobslužnému hostingu a stahujte faktury.",
"billingConfirmUpgrade": "Potvrdit aktualizaci",
"billingConfirmDowngrade": "Potvrdit downgrade",
"billingConfirmUpgradeDescription": "Chystáte se povýšit svůj tarif. Přečtěte si nové limity a ceny.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Podsíť",
"addressDescription": "Interní adresa klienta. Musí spadat do podsítě organizace.",
"selectSites": "Vyberte stránky",
+ "selectLabels": "Vyberte názvy",
"sitesDescription": "Klient bude mít připojení k vybraným webům",
"clientInstallOlm": "Nainstalovat Olm",
"clientInstallOlmDescription": "Stáhněte si Olm běžící ve vašem systému",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Neznámý",
"healthCheck": "Kontrola stavu",
"configureHealthCheck": "Konfigurace kontroly stavu",
- "configureHealthCheckDescription": "Nastavit sledování zdravotního stavu pro {target}",
+ "configureHealthCheckDescription": "Nastavte monitorování vašeho zdroje, abyste zajistili, že je vždy dostupný",
"enableHealthChecks": "Povolit kontrolu stavu",
"healthCheckDisabledStateDescription": "Pokud je zakázáno, web nebude provádět zdravotní kontroly a stav bude považován za neznámý.",
"enableHealthChecksDescription": "Sledujte zdraví tohoto cíle. V případě potřeby můžete sledovat jiný cílový bod, než je cíl.",
"healthScheme": "Způsob",
"healthSelectScheme": "Vybrat metodu",
- "healthCheckPortInvalid": "Přístav kontroly stavu musí být mezi 1 a 65535",
+ "healthCheckPortInvalid": "Port musí být mezi 1 a 65535",
"healthCheckPath": "Cesta",
"healthHostname": "IP / Hostitel",
"healthPort": "Přístav",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Čas je v sekundách",
"requireDeviceApproval": "Vyžadovat schválení zařízení",
"requireDeviceApprovalDescription": "Uživatelé s touto rolí potřebují nová zařízení schválená správcem, než se mohou připojit a přistupovat ke zdrojům.",
- "sshAccess": "SSH přístup",
+ "sshSettings": "Nastavení SSH",
+ "sshAccess": "SSH Přístup",
+ "rdpSettings": "Nastavení RDP",
+ "vncSettings": "Nastavení VNC",
+ "sshServer": "SSH server",
+ "rdpServer": "RDP server",
+ "vncServer": "VNC server",
+ "sshServerDescription": "Nastavit metodu ověřování, umístění démona a cíl serveru",
+ "rdpServerDescription": "Nakonfigurujte cíl a port serveru RDP",
+ "vncServerDescription": "Nakonfigurujte cíl a port serveru VNC",
+ "sshServerMode": "Režim",
+ "sshServerModeStandard": "Standardní SSH server",
+ "sshServerModePangolin": "SSH Pangolin",
+ "sshServerModeStandardDescription": "Příkazy zpracovávané po síti na SSH server jako např. OpenSSH.",
+ "sshServerModeNative": "Nativní SSH server",
+ "sshServerModeNativeDescription": "Příkazy se provádí přímo na hostiteli přes Konektor lokality. Nastavení sítě není vyžadováno.",
+ "sshAuthenticationMethod": "Metoda ověřování",
+ "sshAuthMethodManual": "Ruční ověřování",
+ "sshAuthMethodManualDescription": "Vyžaduje existující přihlašovací údaje hostitele. Obchází automatické zřizování.",
+ "sshAuthMethodAutomated": "Automatické zřizování",
+ "sshAuthMethodAutomatedDescription": "Automaticky vytváří uživatele, skupiny a oprávnění sudo na hostiteli.",
+ "sshAuthDaemonLocation": "Umístění ověřovacího démona",
+ "sshDaemonLocationSiteDescription": "Spouští se lokálně na počítači s konektorem stránky.",
+ "sshDaemonLocationRemote": "Na vzdáleném hostiteli",
+ "sshDaemonLocationRemoteDescription": "Spouští se na jiném cílovém počítači v téže síti.",
+ "sshDaemonDisclaimer": "Ujistěte se, že váš cílový hostitel je správně nakonfigurován k přímu spuštění ověřovacího démona, jinak zřizování selže.",
+ "sshDaemonPort": "Port démona",
+ "sshServerDestination": "Cíl serveru",
+ "sshServerDestinationDescription": "Nakonfigurujte cíl serveru SSH",
+ "destination": "Cíl",
+ "destinationRequired": "Destinace je vyžadována.",
+ "domainRequired": "Doména je vyžadována.",
+ "proxyPortRequired": "Port je vyžadován.",
+ "invalidPathConfiguration": "Neplatná konfigurace cesty.",
+ "invalidRewritePathConfiguration": "Neplatná konfigurace přepsat cesty.",
+ "bgTargetMultiSiteDisclaimer": "Výběr více lokalit umožňuje odolné směrování a převzetí služeb při selhání pro vysokou dostupnost.",
"roleAllowSsh": "Povolit SSH",
"roleAllowSshAllow": "Povolit",
"roleAllowSshDisallow": "Zakázat",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.",
"sshSudo": "Povolit sudo",
"sshSudoCommands": "Sudo příkazy",
- "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které může uživatel spouštět s sudo.",
+ "sshSudoCommandsDescription": "Seznam příkazů, které je uživateli povoleno spouštět se sudo, oddělený čárkami, mezerami, nebo novými řádky. Je třeba používat absolutní cesty.",
"sshCreateHomeDir": "Vytvořit domovský adresář",
"sshUnixGroups": "Unixové skupiny",
- "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.",
+ "sshUnixGroupsDescription": "Unixové skupiny, do kterých má být uživatel přidán na cílovém hostu, oddělené čárkami, mezerami, nebo novými řádky.",
+ "roleTextFieldPlaceholder": "Zadejte hodnoty nebo přetáhněte soubor .txt nebo .csv",
+ "roleTextImportTitle": "Importovat ze souboru",
+ "roleTextImportDescription": "Importuje se {fileName} do {fieldLabel}.",
+ "roleTextImportSkipHeader": "Přeskočit první řádek (záhlaví)",
+ "roleTextImportOverride": "Nahradit existující",
+ "roleTextImportAppend": "Přidat k existujícímu",
+ "roleTextImportMode": "Režim importu",
+ "roleTextImportPreview": "Náhled",
+ "roleTextImportItemCount": "{count, plural, =0 {Žádné položky k importu} one {1 položka k importu} few {# položky k importu} many {# položek k importu} other {# položek k importu}}",
+ "roleTextImportTotalCount": "{existing} existující + {imported} importované = {total} celkem",
+ "roleTextImportConfirm": "Importovat",
+ "roleTextImportInvalidFile": "Nepodporovaný typ souboru",
+ "roleTextImportInvalidFileDescription": "Podporovány jsou pouze soubory .txt a .csv.",
+ "roleTextImportEmpty": "V souboru nebyly nalezeny žádné položky",
+ "roleTextImportEmptyDescription": "Soubor neobsahuje žádné položky k importu.",
"retryAttempts": "Opakovat pokusy",
"expectedResponseCodes": "Očekávané kódy odezvy",
"expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.",
@@ -2049,8 +2296,9 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Schéma",
- "editInternalResourceDialogEnableSsl": "Povolit SSL",
+ "editInternalResourceDialogEnableSsl": "Povolit TLS",
"editInternalResourceDialogEnableSslDescription": "Povolit šifrování SSL/TLS pro zabezpečené HTTPS připojení k cíli.",
"editInternalResourceDialogDestination": "Místo určení",
"editInternalResourceDialogDestinationHostDescription": "IP adresa nebo název hostitele zdroje v síti webu.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Lokalita",
"selectSite": "Vybrat lokalitu...",
"multiSitesSelectorSitesCount": "{count, plural, one {# web} few {# weby} many {# webů} other {# weby}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# název} few {# názvy} many {# názvů} other {# názvů}}",
"noSitesFound": "Nebyly nalezeny žádné lokality.",
"createInternalResourceDialogProtocol": "Protokol",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,15 +2347,17 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Schéma",
"createInternalResourceDialogScheme": "Schéma",
- "createInternalResourceDialogEnableSsl": "Povolit SSL",
+ "createInternalResourceDialogEnableSsl": "Povolit TLS",
"createInternalResourceDialogEnableSslDescription": "Povolit šifrování SSL/TLS pro zabezpečené HTTPS připojení k cíli.",
"createInternalResourceDialogDestination": "Místo určení",
"createInternalResourceDialogDestinationHostDescription": "IP adresa nebo název hostitele zdroje v síti webu.",
"createInternalResourceDialogDestinationCidrDescription": "Rozsah zdrojů CIDR v síti webu.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Volitelný interní DNS alias pro tento dokument.",
+ "internalResourceAliasLocalWarning": "Aliasy končící na .local mohou způsobit problémy s vyřešením díky mDNS v některých sítích.",
"internalResourceDownstreamSchemeRequired": "HTTP metoda je vyžadována pro HTTP zdroje",
"internalResourceHttpPortRequired": "Přípoječný port je nutný pro HTTP zdroj",
"siteConfiguration": "Konfigurace",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Vzdálené uzly",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Tajný klíč",
+ "remoteExitNodeNetworkingTitle": "Nastavení sítě",
+ "remoteExitNodeNetworkingDescription": "Nastavte, jak tento vzdálený výstupní uzel směruje provoz a které lokality se mají připojit přes něj. Pokročilé funkce pro použití s konfiguracemi zpětné sítě.",
+ "remoteExitNodeNetworkingSave": "Uložit nastavení",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Nastavení sítě bylo úspěšně uloženo",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Nastavení sítě bylo úspěšně aktualizováno.",
+ "remoteExitNodeNetworkingSaveError": "Nepodařilo se uložit nastavení sítě",
+ "remoteExitNodeNetworkingSubnetsTitle": "Dálkové podsítě",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definujte rozsahy CIDR, ke kterým tento vzdálený výstupní uzel bude směrovat provoz. Zadejte platné CIDR (např. 10.0.0.0/8) a stiskněte Enter pro přidání.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Přidejte rozsah CIDR (např. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Nepodařilo se načíst podsítě",
+ "remoteExitNodeNetworkingLabelsTitle": "Názvy preferencí",
+ "remoteExitNodeNetworkingLabelsDescription": "Weby s těmito názvy budou nuceny připojit se tímto vzdáleným výstupním uzlem.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Vyberte názvy...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Hledat názvy...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Nepodařilo se načíst názvy",
"remoteExitNodeCreate": {
"title": "Vytvořit vzdálený uzel",
"description": "Vytvořte nový vlastní hostovaný vzdálený relační a proxy server uzel",
@@ -2233,7 +2499,7 @@
"description": "Spolehlivější a nízko udržovaný Pangolinův server s dalšími zvony a bičkami",
"introTitle": "Spravovaný Pangolin",
"introDescription": "je možnost nasazení určená pro lidi, kteří chtějí jednoduchost a spolehlivost při zachování soukromých a samoobslužných dat.",
- "introDetail": "Pomocí této volby stále provozujete vlastní uzel Pangolin - tunely, SSL terminály a provoz všech pobytů na vašem serveru. Rozdíl spočívá v tom, že řízení a monitorování se řeší prostřednictvím našeho cloudového panelu, který odemkne řadu výhod:",
+ "introDetail": "Pomocí této volby stále provozujete vlastní uzel Pangolin - vaše tunely, ukončení TLS a provoz zůstávají na vašem serveru. Rozdíl spočívá v tom, že správa a monitoring jsou řešeny prostřednictvím naší cloudové řídící desky, což odemyká řadu výhod:",
"benefitSimplerOperations": {
"title": "Jednoduchý provoz",
"description": "Není třeba spouštět svůj vlastní poštovní server nebo nastavit komplexní upozornění. Ze schránky dostanete upozornění na zdravotní kontrolu a výpadek."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Poskytovatel Google OAuth2/OIDC",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Podsíť",
+ "utilitySubnet": "Nástrojová podsíť",
"subnetDescription": "Podsíť pro konfiguraci sítě této organizace.",
"customDomain": "Vlastní doména",
"authPage": "Autentizační stránky",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Chybí ID organizace nebo domény",
"loadingDNSRecords": "Načítání DNS záznamů...",
"olmUpdateAvailableInfo": "Je k dispozici aktualizovaná verze Olm. Pro nejlepší zážitek prosím aktualizujte na nejnovější verzi.",
+ "updateAvailableInfo": "Je k dispozici aktualizovaná verze. Aktualizujte prosím na nejnovější verzi pro nejlepší zážitek.",
"client": "Zákazník",
"proxyProtocol": "Nastavení proxy protokolu",
"proxyProtocolDescription": "Konfigurace Proxy protokolu pro zachování klientských IP adres pro služby TCP.",
"enableProxyProtocol": "Povolit Proxy protokol",
"proxyProtocolInfo": "Zachovat IP adresu klienta pro TCP zálohy",
"proxyProtocolVersion": "Verze proxy protokolu",
- "version1": " Verze 1 (doporučeno)",
+ "version1": "Verze 1 (Doporučeno)",
"version2": "Verze 2",
- "versionDescription": "Verze 1 je textová a široce podporovaná. Verze 2 je binární a efektivnější, ale méně kompatibilní.",
+ "version1Description": "Textově založený a široce podporovaný. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
+ "version2Description": "Binární a efektivnější, ale méně kompatibilní. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
"warning": "Varování",
"proxyProtocolWarning": "Aplikace backend musí být nakonfigurována, aby mohla přijímat připojení k Proxy protokolu. Pokud vaše backend nepodporuje Proxy protokol, povolením tohoto protokolu dojde k přerušení všech připojení, takže toto povolíte pouze pokud víte, co děláte. Ujistěte se, že nastavíte svou backend a důvěřujte hlavičkám Proxy protokolu z Traefik.",
"restarting": "Restartování...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Zadejte potvrzení",
"blueprintViewDetails": "Detaily",
"defaultIdentityProvider": "Výchozí poskytovatel identity",
- "defaultIdentityProviderDescription": "Pokud je vybrán výchozí poskytovatel identity, uživatel bude automaticky přesměrován na poskytovatele pro ověření.",
+ "defaultIdentityProviderDescription": "Uživatel bude automaticky přesměrován na tohoto identifikačního poskytovatele pro autentifikaci.",
"editInternalResourceDialogNetworkSettings": "Nastavení sítě",
"editInternalResourceDialogAccessPolicy": "Přístupová politika",
"editInternalResourceDialogAddRoles": "Přidat role",
@@ -2937,11 +3206,12 @@
"learnMore": "Zjistit více",
"backToHome": "Zpět na domovskou stránku",
"needToSignInToOrg": "Potřebujete použít identitního poskytovatele vaší organizace?",
- "maintenanceMode": "Režim údržby",
+ "maintenanceMode": "Údržbová stránka",
"maintenanceModeDescription": "Zobrazit stránku údržby návštěvníkům",
"maintenanceModeType": "Typ režimu údržby",
"showMaintenancePage": "Zobrazit stránku údržby návštěvníkům",
"enableMaintenanceMode": "Povolit režim údržby",
+ "enableMaintenanceModeDescription": "Když je povoleno, návštěvníci uvidí údržbu místo vašeho zdroje.",
"automatic": "Automatické",
"automaticModeDescription": "Zobrazte stránku údržby pouze, když jsou všechny cílové servery uživatele nebo prostředku nefunkční nebo nezdravé. Vaše prostředky budou nadále fungovat normálně, pokud je alespoň jeden cíl v pořádku.",
"forced": "Nucené",
@@ -2949,6 +3219,8 @@
"warning:": "Varování:",
"forcedeModeWarning": "Veškerý provoz bude směrován na stránku údržby. Vaše prostředky backendu neobdrží žádné žádosti.",
"pageTitle": "Název stránky",
+ "maintenancePageContentSubsection": "Obsah Stránky",
+ "maintenancePageContentSubsectionDescription": "Přizpůsobte obsah zobrazovaný na stránce údržby",
"pageTitleDescription": "Hlavní titulek zobrazovaný na stránce údržby",
"maintenancePageMessage": "Zpráva údržby",
"maintenancePageMessagePlaceholder": "Vrátíme se brzy! Naše stránka právě prochází plánovanou údrbou.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Odhadované dokončení:",
"createInternalResourceDialogDestinationRequired": "Cíl je povinný",
"available": "Dostupné",
+ "disabledResourceDescription": "Když je deaktivován, zdroj bude nedostupný pro každého.",
"archived": "Archivováno",
"noArchivedDevices": "Nebyla nalezena žádná archivovaná zařízení",
"deviceArchived": "Zařízení archivováno",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Opravdu chcete odpojit tohoto poskytovatele identity od této organizace?",
"idpUnassociateDescription": "Všichni uživatelé spojení s tímto poskytovatelem identity budou odstraněni z této organizace, ale poskytovatel identity zůstane nadále existovat pro ostatní přidružené organizace.",
"idpUnassociateConfirm": "Potvrdit odpojení poskytovatele identity",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "SMAZAT A ODSTRANIT MĚ Z ORGANIZACE",
+ "idpUnassociateAndRemoveMeFromOrg": "ODPOJIT A ODSTRANIT MĚ Z ORGANIZACE",
"idpUnassociateWarning": "Toto nelze pro tuto organizaci vrátit.",
"idpUnassociatedDescription": "Poskytovatel identity byl úspěšně odpojen od této organizace",
"idpUnassociateMenu": "Odpojit",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Seznam povolených emailů",
"memberPortalResourceDisabled": "Zdroj je zakázán",
"memberPortalShowingResources": "Zobrazeny {start}-{end} z {total} zdrojů",
+ "resourceLauncherTitle": "Spouštěč zdrojů",
+ "resourceLauncherDescription": "Podívejte se na podrobnosti o zdrojích a spusťte je z jednoho místa",
+ "resourceLauncherSearchPlaceholder": "Hledat všechny lokality...",
+ "resourceLauncherDefaultView": "Výchozí",
+ "resourceLauncherSaveView": "Uložit pohled",
+ "resourceLauncherSaveToCurrentView": "Uložit do aktuálního pohledu",
+ "resourceLauncherResetView": "Obnovit pohled",
+ "resourceLauncherSaveAsNewView": "Uložit jako nový pohled",
+ "resourceLauncherSaveAsNewViewDescription": "Uložte tento pohled k uloženému filtrování a rozvržení.",
+ "resourceLauncherSaveForEveryone": "Uložit pro všechny",
+ "resourceLauncherSaveForEveryoneDescription": "Sdílejte tento pohled se všemi členy organizace. Pokud není zaškrtnuto, pohled je viditelný pouze vám.",
+ "resourceLauncherMakePersonal": "Udělat osobní",
+ "resourceLauncherFilter": "Filtr",
+ "resourceLauncherSort": "Řadit",
+ "resourceLauncherSortAscending": "Řadit vzestupně",
+ "resourceLauncherSortDescending": "Řadit sestupně",
+ "resourceLauncherSettings": "Nastavení",
+ "resourceLauncherGroupBy": "Seskupit podle",
+ "resourceLauncherGroupBySite": "Lokalita",
+ "resourceLauncherGroupByLabel": "Název",
+ "resourceLauncherLayout": "Rozvržení",
+ "resourceLauncherLayoutGrid": "Mřížka",
+ "resourceLauncherLayoutList": "Seznam",
+ "resourceLauncherShowLabels": "Zobrazit název",
+ "resourceLauncherShowSiteTags": "Zobrazit značky lokality",
+ "resourceLauncherShowRecents": "Zobrazit nedávné",
+ "resourceLauncherDeleteView": "Smazat pohled",
+ "resourceLauncherViewAsAdmin": "Zobrazit jako administrátor",
+ "resourceLauncherResourceDetailsDescription": "Podívejte se na podrobnosti o tomto zdroji.",
+ "resourceLauncherUnlabeled": "Bez nálepky",
+ "resourceLauncherNoSite": "Žádná lokalita",
+ "resourceLauncherNoResourcesInGroup": "V této skupině nejsou žádné zdroje",
+ "resourceLauncherEmptyStateTitle": "Žádné dostupné zdroje",
+ "resourceLauncherEmptyStateDescription": "Zatím nemáte přístup k žádným zdrojům. Kontaktujte svého administrátora, abyste požádali o přístup.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Nebyl nalezen žádný zdroj",
+ "resourceLauncherEmptyStateNoResultsDescription": "Žádný zdroj neodpovídá vašemu aktuálnímu vyhledávání nebo filtrům. Zkuste je upravit, abyste našli to, co hledáte.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Žádné zdroje neodpovídají \"{query}\". Zkuste upravit vyhledávání nebo vymazat filtry, abyste viděli všechny zdroje.",
+ "resourceLauncherCopiedToClipboard": "Zkopírováno do schránky",
+ "resourceLauncherCopiedAccessDescription": "Přístup ke zdroji byl zkopírován do vaší schránky.",
+ "resourceLauncherViewNamePlaceholder": "Název pohledu",
+ "resourceLauncherViewNameLabel": "Název pohledu",
+ "resourceLauncherViewSaved": "Pohled uložen",
+ "resourceLauncherViewSavedDescription": "Váš spouštěcí pohled byl uložen.",
+ "resourceLauncherViewSaveFailed": "Nepodařilo se uložit pohled",
+ "resourceLauncherViewSaveFailedDescription": "Nepodařilo se uložit spouštěcí pohled. Prosím zkuste to znovu.",
+ "resourceLauncherViewDeleted": "Pohled smazán",
+ "resourceLauncherViewDeletedDescription": "Spouštěcí pohled byl smazán.",
+ "resourceLauncherViewDeleteFailed": "Nepodařilo se smazat pohled",
+ "resourceLauncherViewDeleteFailedDescription": "Nepodařilo se smazat spouštěcí pohled. Prosím zkuste to znovu.",
"memberPortalPrevious": "Předchozí",
- "memberPortalNext": "Následující"
+ "memberPortalNext": "Následující",
+ "httpSettings": "Nastavení HTTP",
+ "tcpSettings": "Nastavení TCP",
+ "udpSettings": "Nastavení UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Zřizování bezpečného připojení…",
+ "sshConnecting": "Připojení…",
+ "sshInitializing": "Inicializace…",
+ "sshSignInTitle": "Přihlášení do SSH",
+ "sshSignInDescription": "Zadejte své údaje SSH pro připojení",
+ "sshPasswordTab": "Heslo",
+ "sshPrivateKeyTab": "Soukromý klíč",
+ "sshPrivateKeyField": "Soukromý klíč",
+ "sshPrivateKeyDisclaimer": "Váš soukromý klíč není ukládán ani viditelný pro Pangolin. Alternativně můžete použít krátkodobé certifikáty pro bezproblémové ověřování pomocí vaší stávající identity Pangolin.",
+ "sshLearnMore": "Přečtěte si více",
+ "sshPrivateKeyFile": "Soubor soukromého klíče",
+ "sshAuthenticate": "Připojit",
+ "sshTerminate": "Ukončit",
+ "sshPoweredBy": "Vytváří",
+ "sshErrorNoTarget": "Cíl nebyl určen",
+ "sshErrorWebSocket": "Chyba připojení WebSocketu",
+ "sshErrorAuthFailed": "Ověření selhalo",
+ "sshErrorConnectionClosed": "Připojení bylo uzavřeno před dokončením ověřování",
+ "sitePangolinSshDescription": "Povolte SSH přístup k zdrojům na tomto místě. Toto lze změnit později.",
+ "browserGatewayNoResourceForDomain": "Pro tuto doménu nebyl nalezen žádný zdroj",
+ "browserGatewayNoTarget": "Žádný cíl",
+ "browserGatewayConnect": "Připojit",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Nepodařilo se podepsat klíč SSH pro ověřování pomocí PAM push. Přihlásili jste se jako uživatel?",
+ "sshTerminalError": "Chyba: {error}",
+ "sshConnectionClosedCode": "Připojení bylo uzavřeno (kód {code})",
+ "sshPrivateKeyPlaceholder": "-----ZAČÁTEK SOUKROMÉHO KLÍČE OPENSSH-----",
+ "sshPrivateKeyRequired": "Je vyžadován soukromý klíč",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Zadejte své VNC přihlašovací údaje pro připojení",
+ "vncUsernameOptional": "Uživatelské jméno (nepovinné)",
+ "vncPasswordOptional": "Heslo (nepovinné)",
+ "vncNoResourceTarget": "Není k dispozici žádný cíl zdroje",
+ "vncFailedToLoadNovnc": "Nepodařilo se načíst noVNC",
+ "vncAuthFailedStatus": "Stav {status}",
+ "vncPasteClipboard": "Vložit schránku",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Přihlásit se k Vzdálené ploše",
+ "rdpSignInDescription": "Zadejte přihlašovací údaje pro Windows k připojení",
+ "rdpLoadingModule": "Načítá se modul...",
+ "rdpFailedToLoadModule": "Nepodařilo se načíst modul RDP",
+ "rdpNotReady": "Není připraveno",
+ "rdpModuleInitializing": "Modul RDP se stále inicializuje",
+ "rdpDownloadingFiles": "Stahuje se {count} soubor(y) z dálky...",
+ "rdpDownloadFailed": "Stažení se nezdařilo: {fileName}",
+ "rdpUploaded": "Nahráno: {fileName}",
+ "rdpNoConnectionTarget": "Žádný dostupný cíl připojení",
+ "rdpConnectionFailed": "Připojení se nezdařilo",
+ "rdpFit": "Přizpůsobit",
+ "rdpFull": "Celé",
+ "rdpReal": "Skutečný",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Nahrát soubory",
+ "rdpFilesReadyToPaste": "Soubory připravené ke vložení",
+ "rdpFilesReadyToPasteDescription": "{count} soubor(y) zkopírován(y) do vzdálené schránky — stiskněte Ctrl+V na vzdálené ploše pro vložení.",
+ "rdpUploadFailed": "Nahrání selhalo",
+ "rdpUnicodeKeyboardMode": "Režim Unicode klávesnice",
+ "sessionToolbarShow": "Zobrazit panel nástrojů",
+ "sessionToolbarHide": "Skrýt panel nástrojů"
}
diff --git a/messages/da-DK.json b/messages/da-DK.json
new file mode 100644
index 000000000..81a1177df
--- /dev/null
+++ b/messages/da-DK.json
@@ -0,0 +1,3687 @@
+{
+ "contactSalesEnable": "Kontakt salgsafdelingen for at aktivere denne funktion.",
+ "contactSalesBookDemo": "Book en demo",
+ "contactSalesOr": "eller",
+ "contactSalesContactUs": "kontakt os",
+ "setupCreate": "Opret organisationen, sitet og ressourcerne",
+ "headerAuthCompatibilityInfo": "Aktivér dette for at fremtvinge et 401 Uautoriseret-svar, når der mangler et autentificeringstoken. Dette kræves for browsere eller specifikke HTTP-biblioteker, der ikke sender legitimationsoplysninger uden en serverchallenge.",
+ "headerAuthCompatibility": "Udvidet kompatibilitet",
+ "setupNewOrg": "Ny organisation",
+ "setupCreateOrg": "Opret organisation",
+ "setupCreateResources": "Opret ressourcer",
+ "setupOrgName": "Organisationsnavn",
+ "orgDisplayName": "Dette er organisationens visningsnavn.",
+ "orgId": "Organisations-ID",
+ "setupIdentifierMessage": "Dette er den unikke identifikator for organisationen.",
+ "setupErrorIdentifier": "Organisations-ID'et er allerede taget. Vælg venligst en anden.",
+ "componentsErrorNoMemberCreate": "Du er i øjeblikket ikke medlem af nogen organisationer. Opret en organisation for at komme i gang.",
+ "componentsErrorNoMember": "Du er i øjeblikket ikke medlem af nogen organisationer.",
+ "welcome": "Velkommen!",
+ "welcomeTo": "Velkommen til",
+ "componentsCreateOrg": "Opret en organisation",
+ "componentsMember": "Du er {count, plural, =0 {ikke medlem af nogen organisationer} one {medlem af en organisation} other {medlem af # organisationer}}.",
+ "componentsInvalidKey": "Ugyldig eller udløbet licensnøgle registreret. Følg licensvilkårene for fortsat at kunne bruge alle funktionerne.",
+ "dismiss": "Afvis",
+ "subscriptionViolationMessage": "Du er uden for grænsen for din nuværende plan. Ret problemet ved at fjerne sites, brugere eller andre ressourcer, så du igen er inden for din plan.",
+ "trialBannerMessage": "Din prøveperiode udløber om {countdown}. Opgrader for at bevare adgangen.",
+ "trialBannerExpired": "Din prøveperiode er udløbet. Opgrader nu for at gendanne adgangen.",
+ "billingTrialBannerTitle": "Prøveversion aktiv",
+ "billingTrialBannerDescription": "Du har i øjeblikket en gratis prøveversion på Business-niveauet. Når prøveperioden slutter, vil din konto automatisk gå tilbage til funktioner og begrænsninger på Basis-niveauet. Opgrader når som helst for at beholde adgang til de den nuværende plans funktioner.",
+ "billingTrialBannerUpgrade": "Opgrader nu",
+ "billingTrialBadge": "Prøveversion",
+ "trialActive": "Gratis prøveversion aktiv",
+ "trialExpired": "Prøveperioden er udløbet",
+ "trialHasEnded": "Din prøveperiode har afsluttet.",
+ "trialDaysRemaining": "{count, plural, one {# dag tilbage} other {# dage tilbage}}",
+ "trialDaysLeftShort": "{days}d tilbage af prøveperioden",
+ "trialGoToBilling": "Gå til faktureringssiden",
+ "subscriptionViolationViewBilling": "Vis fakturering",
+ "componentsLicenseViolation": "Licensbrud: Denne server bruger {usedSites} sites, hvilket overskrider den licenserede grænse på {maxSites} sites. Følg licensvilkårene for fortsat at kunne bruge alle funktionerne.",
+ "componentsSupporterMessage": "Tak fordi du støtter Pangolin som {tier}!",
+ "inviteErrorNotValid": "Beklager, men det ser ud som invitationen du prøver at bruge ikke er blevet accepteret eller ikke er gyldig længere.",
+ "inviteErrorUser": "Vi beklager, men det ser ud til, at invitationen, du prøver at få adgang til, ikke er til denne bruger.",
+ "inviteLoginUser": "Venligst tjek at du er loget ind som korrekt bruger.",
+ "inviteErrorNoUser": "Beklager, men det ser ud til, at invitationen du prøver at få adgang til, ikke er til en eksisterende bruger.",
+ "inviteCreateUser": "Opret venligst en konto først.",
+ "goHome": "Gå hjem",
+ "inviteLogInOtherUser": "Log ind som en anden bruger",
+ "createAnAccount": "Opret konto",
+ "inviteNotAccepted": "Invitationen ikke accepteret",
+ "authCreateAccount": "Opret en konto for at komme i gang",
+ "authNoAccount": "Har du ikke en konto?",
+ "email": "E-mail",
+ "password": "Adgangskode",
+ "confirmPassword": "Bekræft adgangskode",
+ "createAccount": "Opret konto",
+ "viewSettings": "Vis indstillinger",
+ "delete": "Slet",
+ "name": "Navn",
+ "online": "Online",
+ "offline": "Offline",
+ "site": "Websted",
+ "dataIn": "Data ind",
+ "dataOut": "Data ud",
+ "connectionType": "Forbindelsestype",
+ "tunnelType": "Tunneltype",
+ "local": "Lokal",
+ "edit": "Rediger",
+ "siteConfirmDelete": "Bekræft Sletning af Site",
+ "siteConfirmDeleteAndResources": "Bekræft sletning af sted og ressourcer",
+ "siteDelete": "Slet Site",
+ "siteDeleteAndResources": "Slet Sted og Ressourcer",
+ "siteMessageRemove": "Når sitet er fjernet, vil det ikke længere være tilgængeligt. Alle mål for sitet vil også blive fjernet.",
+ "siteMessageRemoveAndResources": "Dette vil permanent slette alle offentlige og private ressourcer knyttet til dette sted, selv hvis en ressource også er knyttet til andre steder.",
+ "siteQuestionRemove": "Er du sikker på at du vil fjerne sitet fra organisationen?",
+ "siteQuestionRemoveAndResources": "Er du sikker på, at du vil slette dette sted og alle tilknyttede ressourcer?",
+ "sitesTableDeleteSite": "Slet sted",
+ "sitesTableDeleteSiteAndResources": "Slet sted og ressourcer",
+ "siteManageSites": "Administrer Sites",
+ "siteDescription": "Oprette og administrer sites for at aktivere forbindelse til private netværk",
+ "sitesBannerTitle": "Opret forbindelse til alle netværk",
+ "sitesBannerDescription": "Et netværk er en forbindelse til et eksternt netværk som tillader Pangolin at give adgang til ressourcer, enten offentlige eller private, til brugere hvor som helst. Installer netværksconnectoren (Newt) hvor som helst du kan køre en binærfil eller container for at oprette forbindelsen.",
+ "sitesBannerButtonText": "Installer site",
+ "approvalsBannerTitle": "Godkend eller afvis adgang til enhed",
+ "approvalsBannerDescription": "Gennemgå og godkend eller afvis anmodninger om adgang fra brugere. Når enhedsgodkendelser er påkrævet, skal brugere have administratorgodkendelse, før deres enheder kan oprette forbindelse til organisationens ressourcer.",
+ "approvalsBannerButtonText": "Læs mere",
+ "siteCreate": "Opret site",
+ "siteCreateDescription2": "Følg trinene nedenfor for at oprette og opret forbindelse til et nyt site",
+ "siteCreateDescription": "Opret et nyt site for at forbinde til ressourcer",
+ "close": "Luk",
+ "siteErrorCreate": "Fejl ved oprettelse af site",
+ "siteErrorCreateKeyPair": "Nøglepar eller standardindstillinger for site ikke fundet",
+ "siteErrorCreateDefaults": "Standardindstillinger for site ikke fundet",
+ "method": "Metode",
+ "siteMethodDescription": "Sådan eksponerer du forbindelser.",
+ "siteLearnNewt": "Lær hvordan du installerer Newt på dit system",
+ "siteSeeConfigOnce": "Du kan kun se konfigurationen én gang.",
+ "siteLoadWGConfig": "Indlæser WireGuard-konfiguration...",
+ "siteDocker": "Udvid for detaljer om Docker-deployment",
+ "toggle": "Skift",
+ "dockerCompose": "Docker Compose",
+ "dockerRun": "Docker Run",
+ "siteLearnLocal": "Lokale sites tunnelerer ikke, læs mere",
+ "siteConfirmCopy": "Jeg har kopieret konfigurationen",
+ "searchSitesProgress": "Søger i sites...",
+ "siteAdd": "Tilføj site",
+ "sitesTableViewPublicResources": "Vis offentlige ressourcer",
+ "sitesTableViewPrivateResources": "Vis private ressourcer",
+ "siteInstallNewt": "Installer Newt",
+ "siteInstallNewtDescription": "Få Newt til at køre på dit system",
+ "siteInstallKubernetesDocsDescription": "For mere og opdateret information om Kubernetes-installation, se docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "For installationsvejledning til Advantech-modemmer, se docs.pangolin.net/manage/sites/install-advantech.",
+ "WgConfiguration": "WireGuard Konfiguration",
+ "WgConfigurationDescription": "Brug følgende konfiguration til at oprette forbindelse til netværket.",
+ "operatingSystem": "Operativsystem",
+ "commands": "Kommandoer",
+ "recommended": "Anbefalet",
+ "siteNewtDescription": "For den beste brugeroplevelsen, brug Newt. Den bruger WireGuard i bakgrunnen og lader dig adressere dine private ressourcer med deres LAN-adresse på dit private netværk fra Pangolin-dashbordet.",
+ "siteRunsInDocker": "Kører i Docker",
+ "siteRunsInShell": "Kører i shell på macOS, Linux og Windows",
+ "siteErrorDelete": "Fejl ved sletning af sitet",
+ "siteErrorUpdate": "Kunne ikke opdatere sitet",
+ "siteErrorUpdateDescription": "En fejl opstod under opdatering af sitet.",
+ "siteUpdated": "Site opdateret",
+ "siteUpdatedDescription": "Sitet er blevet opdateret.",
+ "siteGeneralDescription": "Konfigurer de generelle indstillinger for dette site",
+ "siteRestartTitle": "Genstart Site",
+ "siteRestartDescription": "Genstart WireGuard-tunnelen for dette site. Dette vil kortvarigt afbryde forbindelsen.",
+ "siteRestartBody": "Brug dette, hvis site-tunnelen ikke fungerer korrekt, og du vil tvinge en genforbindelse uden at genstarte værten.",
+ "siteRestartButton": "Genstart Site",
+ "siteRestartDialogMessage": "Er du sikker på, at du vil genstarte WireGuard-tunnelen for {name}? Sitet vil kortvarigt miste forbindelsen.",
+ "siteRestartWarning": "Sitet vil kortvarigt afbryde forbindelse, mens tunnelen genstarter.",
+ "siteRestarted": "Site genstartet",
+ "siteRestartedDescription": "WireGuard-tunnelen er blevet genstartet.",
+ "siteErrorRestart": "Kunne ikke genstarte site",
+ "siteErrorRestartDescription": "En fejl opstod, mens sitet blev genstartet.",
+ "siteSettingDescription": "Konfigurer indstillingerne for sitet",
+ "siteResourcesTab": "Ressourcer",
+ "siteResourcesNoneOnSite": "Dette site har endnu ingen offentlige eller private ressourcer.",
+ "siteResourcesSectionPublic": "Offentlige ressourcer",
+ "siteResourcesSectionPrivate": "Private ressourcer",
+ "siteResourcesSectionPublicDescription": "Ressourcer eksponert eksternt gennem domæner eller porte.",
+ "siteResourcesSectionPrivateDescription": "Ressourcer, der er tilgængelige på dit private netværk gennem sitet.",
+ "siteResourcesViewAllPublic": "Vis alle ressourcer",
+ "siteResourcesViewAllPrivate": "Vis alle ressourcer",
+ "siteResourcesDialogDescription": "Oversigt over offentlige og private ressourcer tilknyttet dette site.",
+ "siteResourcesShowMore": "Vis mere",
+ "siteResourcesPermissionDenied": "Du har ikke tilladelse til at liste disse ressourcer.",
+ "siteResourcesEmptyPublic": "Ingen offentlige ressourcer peger på dette site endnu.",
+ "siteResourcesEmptyPrivate": "Ingen private ressourcer er tilknyttet dette site endnu.",
+ "siteResourcesHowToAccess": "Hvordan få adgang",
+ "siteResourcesTargetsOnSite": "Mål på dette site",
+ "siteSetting": "{siteName} Indstillinger",
+ "siteNewtTunnel": "Newt-site (anbefalet)",
+ "siteNewtTunnelDescription": "Lekkeste måte at oprette et indgangspunkt til ethvert netværk. Ingen ekstra opsætning på.",
+ "siteWg": "Grunnleggende WireGuard",
+ "siteWgDescription": "Brug en hvilken som helst WireGuard-klient til at etablere en tunnel. Manuel NAT-opsætning er påkrævet.",
+ "siteWgDescriptionSaas": "Brug en hvilken som helst WireGuard-klient til at etablere en tunnel. Manuel NAT-opsætning er påkrævet. VIRKER KUN PÅ SELVHOSTEDE NODER",
+ "siteLocalDescription": "Kun lokale ressourcer. Ingen tunnelering.",
+ "siteLocalDescriptionSaas": "Lokale ressourcer. Ingen tunnelering. Kun tilgængelig på eksterne noder.",
+ "siteSeeAll": "Se alle sites",
+ "siteTunnelDescription": "Afgør, hvordan du vil oprette forbindelse til sitet",
+ "siteNewtCredentials": "Legitimationsoplysninger",
+ "siteNewtCredentialsDescription": "Sådan godkender sitet sig mod serveren",
+ "remoteNodeCredentialsDescription": "Sådan godkender den eksterne node sig mod serveren",
+ "siteCredentialsSave": "Gem brugeroplysninger",
+ "siteCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for at kopiere det til et sikkert sted.",
+ "siteInfo": "Områdeinformation",
+ "status": "Status",
+ "shareTitle": "Administrer delbare links",
+ "shareDescription": "Opret delbare links for at give midlertidig eller permanent adgang til proxyressourcer",
+ "shareSearch": "Søg delbare links...",
+ "shareCreate": "Opret delbar link",
+ "shareErrorDelete": "Kunne ikke slette linket",
+ "shareErrorDeleteMessage": "En fejl opstod ved sletning af link",
+ "shareDeleted": "Link slettet",
+ "shareDeletedDescription": "Linket er blevet slettet",
+ "shareDelete": "Slet delbar link",
+ "shareDeleteConfirm": "Bekræft sletning af delbar link",
+ "shareQuestionRemove": "Er du sikker på, at du vil slette dette delingslink?",
+ "shareMessageRemove": "Når linket er slettet, vil det ikke længere fungere, og alle, der bruger det, mister adgang til ressourcen.",
+ "shareTokenDescription": "Adgangstoken kan sendes på to måter: som en queryparameter eller i request-headers. Disse skal sendes fra klienten på hver forespørgsel om autentificeret adgang.",
+ "accessToken": "Adgangstoken",
+ "usageExamples": "Brukseksempler",
+ "tokenId": "Token-ID",
+ "requestHeades": "Request headers",
+ "queryParameter": "Forespørgselsparametre",
+ "importantNote": "Vigtig bemærkning",
+ "shareImportantDescription": "Af sikkerhedshensyn anbefales det at bruge headers frem for queryparametre der det er muligt, da queryparametre kan loges i serverlogs eller browserhistorik.",
+ "token": "Token",
+ "shareTokenSecurety": "Hold adgangstoken sikker. Ikke del den i offentlig tilgængelige sites eller klientsidekode.",
+ "shareErrorFetchResource": "Kunne ikke hente ressourcer",
+ "shareErrorFetchResourceDescription": "En fejl opstod under hentning af ressourcerne",
+ "shareErrorCreate": "Mislykkedes med at oprette delingslenke",
+ "shareErrorCreateDescription": "Det opstod en fejl ved oprettelse af delingslinket",
+ "shareCreateDescription": "Alle med denne linket får adgang til ressourcen",
+ "shareTitleOptional": "Titel (valgfrit)",
+ "sharePathOptional": "Sti (valgfrit)",
+ "sharePathDescription": "Linket vil videresende brugere til denne stien efter autentificering.",
+ "expireIn": "Udløber om",
+ "neverExpire": "Udløber aldrig",
+ "shareExpireDescription": "Udløbstid er hvor længe linket vil være brukbar og give adgang til ressourcen. Efter denne tiden vil linket ikke længere fungere, og brugere som brugte denne linket vil miste adgangen til ressourcen.",
+ "shareSeeOnce": "Du vil kun kunne se dette link én gang. Sørg for at kopiere det.",
+ "shareAccessHint": "Alle med denne linket kan få adgang til ressourcen. Del forsiktig.",
+ "shareTokenUsage": "Se brug af adgangstoken",
+ "createLink": "Opret link",
+ "resourcesNotFound": "Ingen ressourcer fundet",
+ "resourceSearch": "Søg i ressourcer",
+ "machineSearch": "Søg efter maskiner",
+ "machinesSearch": "Søg efter maskinklienter...",
+ "machineNotFound": "Ingen maskiner fundet",
+ "userDeviceSearch": "Søg efter brugerenheder",
+ "userDevicesSearch": "Søg efter brugerenheder...",
+ "openMenu": "Åbn menu",
+ "resource": "Ressource",
+ "title": "Titel",
+ "created": "Oprettet",
+ "expires": "Udløber",
+ "never": "Aldrig",
+ "shareErrorSelectResource": "Vælg venligst en ressource",
+ "proxyResourceTitle": "Administrer offentlige ressourcer",
+ "proxyResourceDescription": "Opret og administrer ressourcer som er offentlig tilgængelige via en browser",
+ "publicResourcesBannerTitle": "Web-baseret offentlig adgang",
+ "publicResourcesBannerDescription": "Offentlige ressourcer er HTTPS-proxyer som er tilgængelige for alle på internettet via en browser. I modsætning til private ressourcer, kræver de ikke klientsoftware og kan inkludere identitets- og kontekstsensitive adgangspolitikker.",
+ "clientResourceTitle": "Administrer private ressourcer",
+ "clientResourceDescription": "Oprette og administrer ressourcer som kun er tilgængelige via en tilsluttet klient",
+ "privateResourcesBannerTitle": "Zero-Trust privat adgang",
+ "privateResourcesBannerDescription": "Private ressourcer bruger Zero-Trust-sikkerhed og sikrer, at brugere og maskiner kun kan få adgang til ressourcer, du eksplicit giver tilladelse til. Tilslut brugerenheder eller maskinklienter for at få adgang til disse ressourcer via et sikkert virtuelt privat netværk.",
+ "resourcesSearch": "Søg i ressourcer...",
+ "resourceAdd": "Tilføj ressource",
+ "resourceErrorDelte": "Fejl ved sletning af ressource",
+ "resourcePoliciesBannerTitle": "Genbrug autentificering og adgangsregler",
+ "resourcePoliciesBannerDescription": "Delte ressourcepolitikker lader dig definere autentificeringsmetoder og adgangsregler én gang og derefter knytte dem til flere offentlige ressourcer. Når du opdaterer en politik, arver alle tilknyttede ressourcer automatisk ændringen.",
+ "resourcePoliciesBannerButtonText": "Læs mere",
+ "resourcePoliciesTitle": "Administrer offentlige ressourcepolitikker",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ressourcer",
+ "resourcePoliciesAttachedResources": "{count} ressource(er)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressource} other {# ressourcer}}",
+ "resourcePoliciesAttachedResourcesEmpty": "ingen ressourcer",
+ "resourcePoliciesDescription": "Opret og administrer autentiseringsretningslinjer for at kontrollere adgang til dine offentlige ressourcer",
+ "resourcePoliciesSearch": "Søg efter regler...",
+ "resourcePoliciesAdd": "Tilføj politik",
+ "resourcePoliciesDefaultBadgeText": "Standardpolitik",
+ "resourcePoliciesCreate": "Opret offentlig ressourcepolitik",
+ "resourcePoliciesCreateDescription": "Følg trinene nedenfor for at oprette en ny politik",
+ "resourcePolicyName": "Politiknavn",
+ "resourcePolicyNameDescription": "Give denne politiknavnet for at identifisere den på tværs af dine ressourcer",
+ "resourcePolicyNamePlaceholder": "f.eks. Intern Adgangspolitik",
+ "resourcePoliciesSeeAll": "Se Alle Politikker",
+ "resourcePolicyAuthMethodAdd": "Tilføj Autentificeringsmetode",
+ "resourcePolicyOtpEmailAdd": "Tilføj OTP-e-mails",
+ "resourcePolicyRulesAdd": "Tilføj Regler",
+ "resourcePolicyAuthMethodsDescription": "Tillad adgang til ressourcer via yderligere autentificeringsmetoder",
+ "resourcePolicyUsersRolesDescription": "Konfigurer hvilke brugere og roller, der kan besøge tilknyttede ressourcer",
+ "rulesResourcePolicyDescription": "Konfigurer regler for at kontrollere adgangen til ressourcer som er knyttet til denne politikken",
+ "authentication": "Autentificering",
+ "protected": "Beskyttet",
+ "notProtected": "Ikke beskyttet",
+ "resourceMessageRemove": "Når den er fjernet, vil ressourcen ikke længere være tilgængeligt. Alle mål knyttet til ressourcen vil også blive fjernet.",
+ "resourceQuestionRemove": "Er du sikker på at du vil fjerne ressourcen fra organisationen?",
+ "resourcePolicyMessageRemove": "Når ressourcepolitikken er fjernet, vil den ikke længere være tilgængelig. Alle tilknyttede ressourcer vil blive frakoblet og stå uden autentificering.",
+ "resourcePolicyQuestionRemove": "Er du sikker på at du vil fjerne ressourcepolitikken fra organisationen?",
+ "resourceHTTP": "HTTPS-ressource",
+ "resourceHTTPDescription": "Proxyforespørgsler over HTTPS ved at bruge et fuldt kvalificeret domænenavn.",
+ "resourceRaw": "Rå TCP/UDP-ressource",
+ "resourceRawDescription": "Proxyforespørgsler over rå TCP/UDP ved at bruge et portnummer.",
+ "resourceRawDescriptionCloud": "Proxyforespørgsler over rå TCP/UDP ved hjælp af et portnummer. Kræver, at sites opretter forbindelse til en ekstern node.",
+ "resourceCreate": "Opret ressource",
+ "resourceCreateDescription": "Følg trinene nedenfor for at oprette en ny ressource",
+ "resourceCreateGeneralDescription": "Konfigurer de grunnleggende ressourceindstillingerne inklusive navnet og typen",
+ "resourceSeeAll": "Se alle ressourcer",
+ "resourceCreateGeneral": "Generelt",
+ "resourceNameDescription": "Dette er visningsnavnet for ressourcen.",
+ "siteSelect": "Vælg site",
+ "siteSearch": "Søg i site",
+ "siteNotFound": "Ingen sites fundet.",
+ "selectCountry": "Vælg land",
+ "searchCountries": "Søg land...",
+ "noCountryFound": "Ingen land fundet.",
+ "siteSelectionDescription": "Dette site vil give forbindelse til målet.",
+ "resourceType": "Ressourcetype",
+ "resourceTypeDescription": "Dette styrer ressourceprotokolen, og hvordan den vises i browseren. Dette kan ikke ændres senere.",
+ "resourceDomainDescription": "Ressourcen vil blive serveret på dette fuldstændigt kvalificerede domænenavnet.",
+ "resourceHTTPSSettings": "HTTPS-indstillinger",
+ "resourceHTTPSSettingsDescription": "Konfigurer hvordan ressourcen skal nås over HTTPS",
+ "resourcePortDescription": "Den eksterne port på Pangolin-instansen eller noden, hvor ressourcen vil være tilgængelig.",
+ "domainType": "Domænetype",
+ "subdomain": "Underdomæne",
+ "baseDomain": "Basisdomæne",
+ "configure": "Konfigurer",
+ "subdomnainDescription": "Underdomænet hvor ressourcen vil være tilgængeligt.",
+ "resourceRawSettings": "TCP/UDP-indstillinger",
+ "resourceRawSettingsDescription": "Konfigurer hvordan ressourcen vil blive tilgængelig over TCP/UDP",
+ "protocol": "Protokol",
+ "protocolSelect": "Vælg en protokol",
+ "resourcePortNumber": "Portnummer",
+ "resourcePortNumberDescription": "Det eksterne portnummeret for proxyforespørgsler.",
+ "back": "Tilbage",
+ "cancel": "Annuller",
+ "resourceConfig": "Konfigurationsuddrag",
+ "resourceConfigDescription": "Kopiér og indsæt disse konfigurationsuddrag for at opsætte TCP/UDP-ressourcen.",
+ "resourceAddEntrypoints": "Traefik: Tilføj indgangspunkter",
+ "resourceExposePorts": "Gerbil: Eksponer Porte i Docker Compose",
+ "resourceLearnRaw": "Lær hvordan at konfigurere TCP/UDP-ressourcer",
+ "resourceBack": "Tilbage til ressourcer",
+ "resourceGoTo": "Gå til ressource",
+ "resourcePolicyDelete": "Slet Ressourcepolitik",
+ "resourcePolicyDeleteConfirm": "Bekræft sletning af ressourcepolitik",
+ "resourceDelete": "Slet ressource",
+ "resourceDeleteConfirm": "Bekræft sletning af ressource",
+ "labelDelete": "Slet etikett",
+ "labelAdd": "Tilføj etikett",
+ "labelCreateSuccessMessage": "Etikett oprettet med succes",
+ "labelDuplicateError": "Dupliker etikett",
+ "labelDuplicateErrorDescription": "En etikett med dette navnet findes allerede.",
+ "labelEditSuccessMessage": "Etikett ændret med succes",
+ "labelNameField": "Etikettnavn",
+ "labelColorField": "Etikettfarge",
+ "labelPlaceholder": "Eksempel: homelab",
+ "labelCreate": "Opret etikett",
+ "createLabelDialogTitle": "Opret etikett",
+ "createLabelDialogDescription": "Opret en ny etikett, der kan knyttes til denne organisation",
+ "labelEdit": "Rediger etikett",
+ "editLabelDialogTitle": "Opdater etikett",
+ "editLabelDialogDescription": "Rediger en ny etikett, der kan knyttes til denne organisation",
+ "labelDeleteConfirm": "Bekræft sletning af etikett",
+ "labelErrorDelete": "Kunne ikke slette etiket",
+ "labelMessageRemove": "Denne handling er permanent. Alle sites, ressourcer og klienter, der er taget med denne etiket, får fjernet etiketten.",
+ "labelQuestionRemove": "Er du sikker på at du vil fjerne etiketten fra organisationen?",
+ "visibility": "Synlighed",
+ "enabled": "Aktiveret",
+ "disabled": "Deaktiveret",
+ "general": "Generelt",
+ "generalSettings": "Generelle indstillinger",
+ "proxy": "Proxy",
+ "internal": "Intern",
+ "rules": "Regler",
+ "resourceSettingDescription": "Konfigurere indstillingerne på ressourcen",
+ "resourceSetting": "{resourceName} Indstillinger",
+ "resourcePolicySettingDescription": "Konfigurer indstillingerne for denne offentlige ressourcepolitik",
+ "resourcePolicySetting": "{policyName} Indstillinger",
+ "alwaysAllow": "Omgå autentificering",
+ "alwaysDeny": "Bloker adgang",
+ "passToAuth": "Send til autentificering",
+ "orgSettingsDescription": "Konfigurere organisationens indstillinger",
+ "orgGeneralSettings": "Organisationsindstillinger",
+ "orgGeneralSettingsDescription": "Administrer organisationens detaljer og konfiguration",
+ "saveGeneralSettings": "Gem generelle indstillinger",
+ "saveSettings": "Gem indstillinger",
+ "orgDangerZone": "Farezone",
+ "orgDangerZoneDescription": "Når du sletter denne organisation, er der ingen vej tilbage. Vær helt sikker.",
+ "orgDelete": "Slet organisation",
+ "orgDeleteConfirm": "Bekræft Sletning af Organisation",
+ "orgMessageRemove": "Denne handling er irreversibel og vil slette alle tilknyttede data.",
+ "orgMessageConfirm": "For at bekræfte, indtast venligst navnet på organisationen nedenfor.",
+ "orgQuestionRemove": "Er du sikker på at du vil fjerne organisationen?",
+ "orgUpdated": "Organisation opdateret",
+ "orgUpdatedDescription": "Organisationen er blevet opdateret.",
+ "orgErrorUpdate": "Kunne ikke opdatere organisationen",
+ "orgErrorUpdateMessage": "En fejl opstod under opdatering af organisationen.",
+ "orgErrorFetch": "Kunne ikke hente organisationer",
+ "orgErrorFetchMessage": "Det opstod en fejl under visning af organisationerne dine",
+ "orgErrorDelete": "Kunne ikke slette organisation",
+ "orgErrorDeleteMessage": "Det opstod en fejl under sletning af organisationen.",
+ "orgDeleted": "Organisation slettet",
+ "orgDeletedMessage": "Organisationen og tilhørende data er slettet.",
+ "deleteAccount": "Slet konto",
+ "deleteAccountDescription": "Slet din konto permanent, alle organisationer du ejer, og alle data i disse organisationer. Dette kan ikke fortrydes.",
+ "deleteAccountButton": "Slet konto",
+ "deleteAccountConfirmTitle": "Slet konto",
+ "deleteAccountConfirmMessage": "Dette vil slette din konto, alle organisationer du ejer og alle data i disse organisationer. Dette kan ikke fortrydes.",
+ "deleteAccountConfirmString": "Slet konto",
+ "deleteAccountSuccess": "Kontoen er slettet",
+ "deleteAccountSuccessMessage": "Din konto er slettet.",
+ "deleteAccountError": "Kunne ikke slette konto",
+ "deleteAccountPreviewAccount": "Din konto",
+ "deleteAccountPreviewOrgs": "Organisationer du ejer (og alle deres data)",
+ "orgMissing": "Organisations-ID Mangler",
+ "orgMissingMessage": "Kan ikke regenerere invitation uden en organisations-ID.",
+ "accessUsersManage": "Administrer brugere",
+ "accessUserManage": "Administrer brugere",
+ "accessUsersDescription": "Inviter og administrer brugere med adgang til denne organisation",
+ "accessUsersSearch": "Søg efter brugere...",
+ "accessUsersRoleFilterCount": "{count, plural, one {# rolle} other {# roller}}",
+ "accessUsersRoleFilterClear": "Fjern rollesøgefiltre",
+ "accessUserCreate": "Opret bruger",
+ "accessUserRemove": "Fjern bruger",
+ "username": "Brugernavn",
+ "identityProvider": "Identitetsudbyder",
+ "role": "Rolle",
+ "nameRequired": "Navn er påkrævet",
+ "accessRolesManage": "Administrer Roller",
+ "accessRolesDescription": "Opret og administrer roller for brugere i organisationen",
+ "accessRolesSearch": "Søg efter roller...",
+ "accessRolesAdd": "Tilføj rolle",
+ "accessRoleDelete": "Slet rolle",
+ "accessApprovalsManage": "Administrer godkendelser",
+ "accessApprovalsDescription": "Se og administrer ventende godkendelser for adgang til denne organisation",
+ "description": "Beskrivelse",
+ "inviteTitle": "Åbne invitationer",
+ "inviteDescription": "Administrer invitationer til andre brugere for at blive med i organisationen",
+ "inviteSearch": "Søg i invitationer...",
+ "minutes": "Minutter",
+ "hours": "Timer",
+ "days": "Dage",
+ "weeks": "Uger",
+ "months": "Måneder",
+ "years": "År",
+ "day": "{count, plural, one {én dag} other {# dage}}",
+ "apiKeysTitle": "API-nøgleinformation",
+ "apiKeysConfirmCopy2": "Du skal bekræfte at du har kopieret API-nøglen.",
+ "apiKeysErrorCreate": "Fejl ved oprettelse af API-nøgle",
+ "apiKeysErrorSetPermission": "Fejl ved indstilling af tilladelser",
+ "apiKeysCreate": "Generer API-nøgle",
+ "apiKeysCreateDescription": "Generer en ny API-nøgle for organisationen",
+ "apiKeysGeneralSettings": "Tilladelser",
+ "apiKeysGeneralSettingsDescription": "Find ud af, hvad denne API-nøgle kan gøre",
+ "apiKeysList": "Ny API-nøgle",
+ "apiKeysSave": "Gem API-nøgle",
+ "apiKeysSaveDescription": "Du vil kun kunne se dette én gang. Sørg for at kopiere det til et sikkert sted.",
+ "apiKeysInfo": "API-nøglen er:",
+ "apiKeysConfirmCopy": "Jeg har kopieret API-nøglen",
+ "generate": "Generér",
+ "done": "Færdig",
+ "apiKeysSeeAll": "Se alle API-nøgler",
+ "apiKeysPermissionsErrorLoadingActions": "Fejl ved indlæsning af API-nøglehandlinger",
+ "apiKeysPermissionsErrorUpdate": "Fejl ved indstilling af tilladelser",
+ "apiKeysPermissionsUpdated": "Tilladelser opdateret",
+ "apiKeysPermissionsUpdatedDescription": "Tilladelserne er blevet opdateret.",
+ "apiKeysPermissionsGeneralSettings": "Tilladelser",
+ "apiKeysPermissionsGeneralSettingsDescription": "Bestem, hvad denne API-nøgle kan gøre",
+ "apiKeysPermissionsSave": "Gem tilladelser",
+ "apiKeysPermissionsTitle": "Tilladelser",
+ "apiKeys": "API-nøgler",
+ "searchApiKeys": "Søg API-nøgler",
+ "apiKeysAdd": "Generer API-nøgle",
+ "apiKeysErrorDelete": "Fejl under sletning af API-nøgle",
+ "apiKeysErrorDeleteMessage": "Fejl ved sletning af API-nøgle",
+ "apiKeysQuestionRemove": "Er du sikker på at du vil fjerne API-nøglen fra organisationen?",
+ "apiKeysMessageRemove": "Når den er fjernet, vil API-nøglen ikke længere kunne bruges.",
+ "apiKeysDeleteConfirm": "Bekræft sletning af API-nøgle",
+ "apiKeysDelete": "Slet API-nøgle",
+ "apiKeysManage": "Administrer API-nøgler",
+ "apiKeysDescription": "API-nøgler bruges for at autentificere med integrasjons-API",
+ "provisioningKeysTitle": "Provisioneringsnøgle",
+ "provisioningKeysManage": "Administrer provisioneringsnøgler",
+ "provisioningKeysDescription": "Provisioneringsnøgler bruges til at godkende automatiseret site-provisionering for din organisation.",
+ "provisioningManage": "Provisionering",
+ "provisioningDescription": "Administrer provisioneringsnøgler og gennemgå ventende sites som venter på godkendelse.",
+ "pendingSites": "Ventende sites",
+ "siteApproveSuccess": "Med succes godkendelse af site",
+ "siteApproveError": "Fejl ved godkendelse af side",
+ "provisioningKeys": "Provisioneringsnøgler",
+ "searchProvisioningKeys": "Søg varer i provisioneringsnøgler...",
+ "provisioningKeysAdd": "Generer provisioneringsnøgle",
+ "provisioningKeysErrorDelete": "Fejl under sletning af provisioneringsnøgle",
+ "provisioningKeysErrorDeleteMessage": "Fejl under sletning af provisioneringsnøgle",
+ "provisioningKeysQuestionRemove": "Er du sikker på at du vil fjerne denne midlertidig nøglen fra organisationen?",
+ "provisioningKeysMessageRemove": "Når nøglen er fjernet, kan den ikke længere bruges til site-provisionering.",
+ "provisioningKeysDeleteConfirm": "Bekræft sletning af provisioneringsnøgle",
+ "provisioningKeysDelete": "Slet provisioneringsnøgle",
+ "provisioningKeysCreate": "Generer provisioneringsnøgle",
+ "provisioningKeysCreateDescription": "Generer en ny provisioneringsnøgle til organisationen",
+ "provisioningKeysSeeAll": "Se alle provisioneringsnøgler",
+ "provisioningKeysSave": "Gem den midlertidig nøglen",
+ "provisioningKeysSaveDescription": "Du kan kun se denne én gang. Kopiér det til et sikkert sted.",
+ "provisioningKeysErrorCreate": "Fejl under oprettelse af provisioneringsnøgle",
+ "provisioningKeysList": "Ny provisioneringsnøgle",
+ "provisioningKeysMaxBatchSize": "Maks størrelse på bunt",
+ "provisioningKeysUnlimitedBatchSize": "Ubegrænset mengde bunt (ingen begrænsning)",
+ "provisioningKeysMaxBatchUnlimited": "Ubegrænset",
+ "provisioningKeysMaxBatchSizeInvalid": "Angiv en gyldig sjakkstørrelse (1–1 000.000).",
+ "provisioningKeysValidUntil": "Gyldig til",
+ "provisioningKeysValidUntilHint": "Lad stå tomt for ingen udløb.",
+ "provisioningKeysValidUntilInvalid": "Angiv en gyldig dato og et gyldigt klokkeslæt.",
+ "provisioningKeysNumUsed": "Antal ganger brugt",
+ "provisioningKeysLastUsed": "Sidst brugt",
+ "provisioningKeysNoExpiry": "Ingen udløbsdato",
+ "provisioningKeysNeverUsed": "Aldrig",
+ "provisioningKeysEdit": "Rediger provisioneringsnøgle",
+ "provisioningKeysEditDescription": "Opdater maksimal størrelse for bunt og udløbstid for denne nøglen.",
+ "provisioningKeysApproveNewSites": "Godkend nye sites",
+ "provisioningKeysApproveNewSitesDescription": "Godkend automatisk sites som registrerer dig med denne nøglen.",
+ "provisioningKeysUpdateError": "Fejl under opdatering af provisioneringsnøgle",
+ "provisioningKeysUpdated": "Foreslå nøgle opdateret",
+ "provisioningKeysUpdatedDescription": "Dine ændringer er gemt.",
+ "provisioningKeysBannerTitle": "Provisioneringsnøgler til sites",
+ "provisioningKeysBannerDescription": "Generér en provisioneringsnøgle, og brug den med Newt-connectoren til automatisk oprettelse af sites ved første opstart — uden behov for separate legitimationsoplysninger til hvert site.",
+ "provisioningKeysBannerButtonText": "Læs mere",
+ "pendingSitesBannerTitle": "Ventende sites",
+ "pendingSitesBannerDescription": "Sites som opretter forbindelse ved brug af en provisioneringsnøgle vises her for vurdering.",
+ "pendingSitesBannerButtonText": "Læs mere",
+ "apiKeysSettings": "{apiKeyName} Indstillinger",
+ "userTitle": "Administrer alle brugere",
+ "userDescription": "Vis og administrer alle brugere i systemet",
+ "userAbount": "Om brugeradministration",
+ "userAbountDescription": "Denne tabel viser alle basisbrugerobjekter i systemet. Hver bruger kan tilhøre flere organisationer. Når du fjerner en bruger fra en organisation, slettes brugerens basisbrugerobjekt ikke – brugeren forbliver i systemet. For at fjerne en bruger helt fra systemet skal du slette basisbrugerobjektet med slet-handlingen i denne tabel.",
+ "userServer": "Serverbrugere",
+ "userSearch": "Søg serverbrugere...",
+ "userErrorDelete": "Fejl ved sletning af bruger",
+ "userDeleteConfirm": "Bekræft sletning af bruger",
+ "userDeleteServer": "Slet bruger fra server",
+ "userMessageRemove": "Brugeren vil blive fjernet fra alle organisationer og vil blive fuldstændigt fjernet fra serveren.",
+ "userQuestionRemove": "Er du sikker på at du vil slette brugeren permanent fra serveren?",
+ "licenseKey": "Licensnøgle",
+ "valid": "Gyldig",
+ "numberOfSites": "Antal sites",
+ "licenseKeySearch": "Søg licensnøgler...",
+ "licenseKeyAdd": "Tilføj licensnøgle",
+ "type": "Type",
+ "licenseKeyRequired": "Licensnøgle er påkrævet",
+ "licenseTermsAgree": "Du skal acceptere licensvilkårene",
+ "licenseErrorKeyLoad": "Fejl ved indlæsning af licensnøgler",
+ "licenseErrorKeyLoadDescription": "Det opstod en fejl ved indlæsning af licensnøgler.",
+ "licenseErrorKeyDelete": "Kunne ikke slette licensnøgle",
+ "licenseErrorKeyDeleteDescription": "Det opstod en fejl ved sletning af licensnøgle.",
+ "licenseKeyDeleted": "Licensnøgle slettet",
+ "licenseKeyDeletedDescription": "Licensnøglen er blevet slettet.",
+ "licenseErrorKeyActivate": "Aktivering af licensnøgle mislykkedes",
+ "licenseErrorKeyActivateDescription": "Det opstod en fejl under aktivering af licensnøglen.",
+ "licenseAbout": "Om Licensering",
+ "licenseBannerTitle": "Aktivér din enterprise-licens",
+ "licenseBannerDescription": "Lås op for virksomhedsfunktioner på din selvhostede Pangolin-instans. Køb en licensnøgle for at aktivere premium-funktioner, og indtast den nedenfor.",
+ "licenseBannerGetLicense": "Få en licens",
+ "licenseBannerViewDocs": "Vis dokumentation",
+ "communityEdition": "Community-udgave",
+ "licenseAboutDescription": "Dette er for virksomheds- og enterprise-brugere som bruger Pangolin i et kommercielt miljø. Hvis du bruger Pangolin til personlig brug, kan du ignorere denne sektionen.",
+ "licenseKeyActivated": "Licensnøgle aktiveret",
+ "licenseKeyActivatedDescription": "Licensnøglen er blevet aktiveret.",
+ "licenseErrorKeyRecheck": "En fejl opstod under bekræftelse af licensnøgler",
+ "licenseErrorKeyRecheckDescription": "Det opstod en fejl under bekræftelse af licensnøgler.",
+ "licenseErrorKeyRechecked": "Licensnøgler verificeret",
+ "licenseErrorKeyRecheckedDescription": "Alle licensnøgler er verificeret",
+ "licenseActivateKey": "Aktivér licensnøgle",
+ "licenseActivateKeyDescription": "Indtast en licensnøgle for at aktivere den.",
+ "licenseActivate": "Aktivér licens",
+ "licenseAgreement": "Ved at markere dette felt bekræfter du, at du har læst og accepterer de licensvilkår, der svarer til niveauet knyttet til din licensnøgle.",
+ "fossorialLicense": "Vis Fossorial kommerciel licens og abonnementsvilkår",
+ "licenseMessageRemove": "Dette vil fjerne licensnøglen og alle tilknyttede tilladelser givet af den.",
+ "licenseMessageConfirm": "For at bekræfte, indtast venligst licensnøglen nedenfor.",
+ "licenseQuestionRemove": "Er du sikker på at du vil slette licensnøglen?",
+ "licenseKeyDelete": "Slet Licensnøgle",
+ "licenseKeyDeleteConfirm": "Bekræft sletning af licensnøgle",
+ "licenseTitle": "Administrer licensstatus",
+ "licenseTitleDescription": "Se og administrer licensnøgler i systemet",
+ "licenseHost": "Hostlicens",
+ "licenseHostDescription": "Administrer hovedlicensnøglen for verten.",
+ "licensedNot": "Ikke licenseret",
+ "hostId": "Host-ID",
+ "licenseReckeckAll": "Bekræft alle nøgler",
+ "licenseSiteUsage": "Site Brug",
+ "licenseSiteUsageDecsription": "Vis antal sites som bruger denne licensen.",
+ "licenseNoSiteLimit": "Der er ingen grænse for antal sites, der bruger en ulicenseret host.",
+ "licensePurchase": "Køb licens",
+ "licensePurchaseSites": "Køb flere sites",
+ "licenseSitesUsedMax": "{usedSites} af {maxSites} sites brugt",
+ "licenseSitesUsed": "{count, plural, =0 {ingen sites} one {ét site} other {# sites}} i systemet.",
+ "licensePurchaseDescription": "Vælg hvor mange sites du vil {selectedMode, select, license {købe en licens for. Du kan altid tilføje flere sites senere.} other {tilføje din eksisterende licens.}}",
+ "licenseFee": "Licensafgift",
+ "licensePriceSite": "Pris per site",
+ "total": "I alt",
+ "licenseContinuePayment": "Fortsæt til betaling",
+ "pricingPage": "Prisoversigt",
+ "pricingPortal": "Se Købsportal",
+ "licensePricingPage": "For de mest opdaterede priser og rabatterne, venligst besøg",
+ "invite": "Invitationer",
+ "inviteRegenerate": "Regenerer invitationen",
+ "inviteRegenerateDescription": "Tilbagekald tidligere invitation og oprette en ny",
+ "inviteRemove": "Fjern invitation",
+ "inviteRemoveError": "Mislykkedes at fjerne invitation",
+ "inviteRemoveErrorDescription": "Det opstod en fejl under fjernelse af invitationen.",
+ "inviteRemoved": "Invitation fjernet",
+ "inviteRemovedDescription": "Invitationen for {email} er fjernet.",
+ "inviteQuestionRemove": "Er du sikker på at du vil fjerne invitationen?",
+ "inviteMessageRemove": "Når fjernet, vil denne invitationen ikke længere være gyldig. Du kan altid invitere brugeren igen senere.",
+ "inviteMessageConfirm": "For at bekræfte, indtast venligst invitationens e-mailadresse nedenfor.",
+ "inviteQuestionRegenerate": "Er du sikker på at du vil generere invitationen igen for {email}? Dette vil ugyldiggøre den forrige invitation.",
+ "inviteRemoveConfirm": "Bekræft fjernelse af invitation",
+ "inviteRegenerated": "Invitation fornyet",
+ "inviteSent": "En ny invitation er sendt til {email}.",
+ "inviteSentEmail": "Send e-mailnotifikation til brugeren",
+ "inviteGenerate": "En ny invitation er generert for {email}.",
+ "inviteDuplicateError": "Dupliker invitation",
+ "inviteDuplicateErrorDescription": "En invitation for denne bruger findes allerede.",
+ "inviteRateLimitError": "Anmodningsgrænse overskredet",
+ "inviteRateLimitErrorDescription": "Du har overskredet grænsen på 3 regenereringer pr. time. Prøv igen senere.",
+ "inviteRegenerateError": "Kunne ikke regenerere invitation",
+ "inviteRegenerateErrorDescription": "Det opstod en fejl under regenerering af invitationen.",
+ "inviteValidityPeriod": "Gyldighedsperiode",
+ "inviteValidityPeriodSelect": "Vælg gyldighetsperiode",
+ "inviteRegenerateMessage": "Invitationen er generert igen. Brugeren skal gå til linket nedenfor for at acceptere invitationen.",
+ "inviteRegenerateButton": "Regenerer",
+ "expiresAt": "Udløbstidspunkt",
+ "accessRoleUnknown": "Ukendt rolle",
+ "placeholder": "Pladsholder",
+ "userErrorOrgRemove": "En fejl opstod under fjernelse af bruger",
+ "userErrorOrgRemoveDescription": "Det opstod en fejl under fjernelse af brugeren.",
+ "userOrgRemoved": "Bruger fjernet",
+ "userOrgRemovedDescription": "Brugeren {email} er fjernet fra organisationen.",
+ "userQuestionOrgRemove": "Er du sikker på at du vil fjerne denne bruger fra organisationen?",
+ "userMessageOrgRemove": "Når denne bruger er fjernet, vil de ikke længere have adgang til organisationen. Du kan altid invitere dem igen senere, men de vil skulle acceptere invitationen igen.",
+ "userRemoveOrgConfirm": "Bekræft fjernelse af bruger",
+ "userRemoveOrg": "Fjern bruger fra organisation",
+ "userQuestionOrgRemoveSelf": "Er du sikker på at du vil fjerne dig selv fra denne organisation?",
+ "userMessageOrgRemoveSelf": "Du vil miste adgang umiddelbart. En administrator kan invitere dig tilbage senere, men du skal acceptere en ny invitation.",
+ "userRemoveOrgConfirmSelf": "Bekræft fjernelse af mig selv",
+ "userRemoveOrgSelf": "Fjern dig selv fra organisationen",
+ "userRemoveOrgSelfWarning": "Du vil miste adgangen til denne organisation umiddelbart.",
+ "userRemoveOrgConfirmPhraseSelf": "FJERN MIG SELV FRA ORG",
+ "users": "Brugere",
+ "accessRoleMember": "Medlem",
+ "accessRoleOwner": "Ejer",
+ "userConfirmed": "Bekræftet",
+ "idpNameInternal": "Intern",
+ "emailInvalid": "Ugyldig e-mailadresse",
+ "inviteValidityDuration": "Vælg venligst en varighed",
+ "accessRoleSelectPlease": "Vælg venligst en rolle",
+ "removeOwnAdminRoleConfirmTitle": "Fjern din administratoradgang?",
+ "removeOwnAdminRoleConfirmDescription": "Du vil ikke længere have administratorrettigheder i denne organisation efter gemning. En anden administrator kan gendanne adgang hvis nødvendig.",
+ "removeOwnAdminRoleConfirmButton": "Fjern min administratoradgang",
+ "removeOwnAdminRoleConfirmPhrase": "FJERN MIN ADMINISTRATORADGANG",
+ "ownerMustRetainAdminRole": "Organisationsejer skal beholde mindst én administratorrolle.",
+ "usernameRequired": "Brugernavn er påkrævet",
+ "idpSelectPlease": "Vælg venligst en identitetsudbyder",
+ "idpGenericOidc": "Generisk OAuth2/OIDC-udbyder.",
+ "accessRoleErrorFetch": "En fejl opstod under hentning af roller",
+ "accessRoleErrorFetchDescription": "En fejl opstod under hentning af rollene",
+ "idpErrorFetch": "En fejl opstod under hentning af identitetsudbydere",
+ "idpErrorFetchDescription": "En fejl opstod ved hentning af identitetsudbydere",
+ "userErrorExists": "Bruger findes allerede",
+ "userErrorExistsDescription": "Denne bruger er allerede medlem af organisationen.",
+ "inviteError": "Kunne ikke invitere bruger",
+ "inviteErrorDescription": "En fejl opstod under invitering af brugeren",
+ "userInvited": "Bruger inviteret",
+ "userInvitedDescription": "Brugeren er inviteret.",
+ "userErrorCreate": "Kunne ikke oprette bruger",
+ "userErrorCreateDescription": "Det opstod en fejl under oprettelse af brugeren",
+ "userCreated": "Bruger oprettet",
+ "userCreatedDescription": "Brugeren er blevet oprettet.",
+ "userTypeInternal": "Intern bruger",
+ "userTypeInternalDescription": "Inviter en bruger til at blive med direkte i organisationen.",
+ "userTypeExternal": "Ekstern bruger",
+ "userTypeExternalDescription": "Opret en bruger med en ekstern identitetsudbyder.",
+ "accessUserCreateDescription": "Følg stegene under for at oprette en ny bruger",
+ "userSeeAll": "Se alle brugere",
+ "userTypeTitle": "Brugertype",
+ "userTypeDescription": "Bestem hvordan du vil oprette brugeren",
+ "userSettings": "Brugerinformation",
+ "userSettingsDescription": "Indtast detaljerne for den nye brugeren",
+ "inviteEmailSent": "Send invitasjonsepost til bruger",
+ "inviteValid": "Gyldig for",
+ "selectDuration": "Vælg varighed",
+ "selectResource": "Vælg ressource",
+ "filterByResource": "Filtrer efter ressourcer",
+ "selectApprovalState": "Vælg godkendelsesstatus",
+ "filterByApprovalState": "Filtrer efter godkendelsesstatus",
+ "approvalListEmpty": "Ingen godkendelser",
+ "approvalState": "Godkendelses tilstand",
+ "approvalLoadMore": "Indlæs mere",
+ "loadingApprovals": "Indlæser godkendelser",
+ "approve": "Godkend",
+ "approved": "Godkendt",
+ "denied": "Afviste",
+ "deniedApproval": "Afvist godkendelse",
+ "all": "Alle",
+ "deny": "Afvis",
+ "viewDetails": "Vis detaljer",
+ "requestingNewDeviceApproval": "har anmodet om en ny enhed",
+ "resetFilters": "Nulstil filtre",
+ "totalBlocked": "Forespørgsler blokeret af Pangolin",
+ "totalRequests": "Totalt antal forespørgsler",
+ "requestsByCountry": "Forespørgsler fra land",
+ "requestsByDay": "Forespørgsler per dag",
+ "blocked": "Blokeret",
+ "allowed": "Tilladt",
+ "topCountries": "Flest land",
+ "accessRoleSelect": "Vælg rolle",
+ "inviteEmailSentDescription": "En e-mail er sendt til brugeren med adgangslinket nedenfor. De skal åbne linket for at acceptere invitationen.",
+ "inviteSentDescription": "Brugeren er blevet inviteret. De skal åbne linket nedenfor for at acceptere invitationen.",
+ "inviteExpiresIn": "Invitationen udløber om {days, plural, one {én dag} other {# dage}}.",
+ "idpTitle": "Identitetsudbyder",
+ "idpSelect": "Vælg identitetsudbyderen for den eksterne brugeren",
+ "idpNotConfigured": "Ingen identitetsudbydere er konfigureret. Venligst konfigurer en identitetsudbyder før du opretter eksterne brugere.",
+ "usernameUniq": "Dette skal matche det unikke brugernavn som findes i den valgte identitetsudbyder.",
+ "emailOptional": "E-mail (Valgfrit)",
+ "nameOptional": "Navn (valgfrit)",
+ "accessControls": "Adgangskontroller",
+ "userDescription2": "Administrer indstillingerne for denne bruger",
+ "accessRoleErrorAdd": "Kunne ikke tilføje bruger i rolle",
+ "accessRoleErrorAddDescription": "Det opstod en fejl under tildeling af brugeren til rollen.",
+ "userSaved": "Bruger gemt",
+ "userSavedDescription": "Brugeren er blevet opdateret.",
+ "autoProvisioned": "Automatisk provisioneret",
+ "autoProvisionSettings": "Autoprovisioneringsindstillinger",
+ "autoProvisionedDescription": "Tillad denne bruger at blive automatisk administrert af en identitetsudbyder",
+ "accessControlsDescription": "Administrer, hvad denne bruger kan få adgang til og gøre i organisationen",
+ "accessControlsSubmit": "Gem adgangskontroller",
+ "singleRolePerUserPlanNotice": "Din plan understøtter kun én rolle per bruger.",
+ "singleRolePerUserEditionNotice": "Denne udgaven understøtter kun én rolle per bruger.",
+ "roles": "Roller",
+ "accessUsersRoles": "Administrer brugere og roller",
+ "accessUsersRolesDescription": "Inviter brugere og legg dem til roller for at administrer adgang til organisationen",
+ "key": "Nøgle",
+ "createdAt": "Oprettet",
+ "proxyErrorInvalidHeader": "Ugyldig værdi for brugerdefineret host-header. Brug domænenavnformat, eller gem feltet tomt for at fjerne den brugerdefinerede host-header.",
+ "proxyErrorTls": "Ugyldig TLS-servernavn. Brug domænenavnformat, eller lad stå tomt for at fjerne TLS-servernavnet.",
+ "proxyEnableSSL": "Aktivér TLS",
+ "proxyEnableSSLDescription": "Aktivér SSL/TLS-kryptering for en sikker HTTPS-forbindelse til målene.",
+ "target": "Mål",
+ "configureTarget": "Konfigurer mål",
+ "targetErrorFetch": "Kunne ikke hente mål",
+ "targetErrorFetchDescription": "Det opstod en fejl under hentning af mål",
+ "siteErrorFetch": "Kunne ikke hente ressource",
+ "siteErrorFetchDescription": "Det opstod en fejl under hentning af ressource",
+ "targetErrorDuplicate": "Dupliker mål",
+ "targetErrorDuplicateDescription": "Et mål med disse indstillingerne findes allerede",
+ "targetWireGuardErrorInvalidIp": "Ugyldig mål-IP",
+ "targetWireGuardErrorInvalidIpDescription": "Mål-IP skal være i sitets subnet.",
+ "targetsUpdated": "Mål opdateret",
+ "targetsUpdatedDescription": "Mål og indstillinger opdateret med succes",
+ "targetsErrorUpdate": "Mislykkedes at opdatere mål",
+ "targetsErrorUpdateDescription": "En fejl opstod under opdatering af mål",
+ "targetTlsUpdate": "TLS-indstillinger opdateret",
+ "targetTlsUpdateDescription": "TLS-indstillinger er blevet opdateret",
+ "targetErrorTlsUpdate": "Mislykkedes under opdatering af TLS-indstillinger",
+ "targetErrorTlsUpdateDescription": "Det opstod en fejl under opdatering af TLS-indstillinger",
+ "proxyUpdated": "Proxyindstillinger opdateret",
+ "proxyUpdatedDescription": "Proxy indstillinger er blevet opdateret",
+ "proxyErrorUpdate": "En fejl opstod under opdatering af proxyindstillinger",
+ "proxyErrorUpdateDescription": "En fejl opstod under opdatering af proxyindstillinger",
+ "targetAddr": "Vært",
+ "targetPort": "Port",
+ "targetProtocol": "Protokol",
+ "targetTlsSettings": "Sikker forbindelseskonfiguration",
+ "targetTlsSettingsDescription": "Konfigurer SSL/TLS-indstillinger for ressourcen",
+ "targetTlsSettingsAdvanced": "Avanserte TLS-indstillinger",
+ "targetTlsSni": "TLS servernavn",
+ "targetTlsSniDescription": "TLS-servernavnet som skal bruges for SNI. Lad stå tomt for at bruge standardverdien.",
+ "targetTlsSubmit": "Gem indstillinger",
+ "targets": "Målkonfiguration",
+ "targetsDescription": "Opsæt mål for routetrafik til backendtjenesterne",
+ "targetStickySessions": "Aktivér sticky sessions",
+ "targetStickySessionsDescription": "Behold forbindelser på samme backend-mål gennem hele sessionen.",
+ "methodSelect": "Vælg metode",
+ "targetSubmit": "Tilføj mål",
+ "targetNoOne": "Denne ressource har ikke nogen mål. Tilføj et mål for at konfigurere hvor du vil sende forespørgsler til backend.",
+ "targetNoOneDescription": "AT tilføje mere enn ét mål ovenfor vil aktivere load balancing.",
+ "targetsSubmit": "Gem indstillinger",
+ "addTarget": "Tilføj mål",
+ "proxyMultiSiteRoundRobinNodeHelp": "Round-robin-routing vil ikke fungere mellem steder der ikke er forbundet til samme node, men failover vil fungere.",
+ "targetErrorInvalidIp": "Ugyldig IP-adresse",
+ "targetErrorInvalidIpDescription": "Indtast en gyldig IP-adresse eller hostnavn",
+ "targetErrorInvalidPort": "Ugyldig port",
+ "targetErrorInvalidPortDescription": "Indtast venligst et gyldig portnummer",
+ "targetErrorNoSite": "Intet site valgt",
+ "targetErrorNoSiteDescription": "Vælg et site for målet",
+ "targetTargetsCleared": "Mål ryddet",
+ "targetTargetsClearedDescription": "Alle mål er blevet fjernet fra denne ressource",
+ "targetCreated": "Mål oprettet",
+ "targetCreatedDescription": "Målet er blevet oprettet",
+ "targetErrorCreate": "Kunne ikke oprette målet",
+ "targetErrorCreateDescription": "Det opstod en fejl under oprettelse af målet",
+ "tlsServerName": "TLS servernavn",
+ "tlsServerNameDescription": "Servernavnet som skal bruges for SNI",
+ "save": "Gem",
+ "proxyAdditional": "Yderligere Proxyindstillinger",
+ "proxyAdditionalDescription": "Konfigurer hvordan ressourcen håndterer proxy-indstillingerne",
+ "proxyCustomHeader": "Tilpasset host-header",
+ "proxyCustomHeaderDescription": "Host-header som skal settes ved videresendelse af forespørgsler. Lad stå tom for at bruge standardinnstillingen.",
+ "proxyAdditionalSubmit": "Gem proxyindstillinger",
+ "subnetMaskErrorInvalid": "Ugyldig subnetmaske. Skal være mellem 0 og 32.",
+ "ipAddressErrorInvalidFormat": "Ugyldig IP-adresseformat",
+ "ipAddressErrorInvalidOctet": "Ugyldig IP-adresse-oktet",
+ "path": "Sti",
+ "matchPath": "Match sti",
+ "ipAddressRange": "IP-område",
+ "rulesErrorFetch": "Kunne ikke hente regler",
+ "rulesErrorFetchDescription": "Det opstod en fejl under hentning af regler",
+ "rulesErrorDuplicate": "Duplikeret regel",
+ "rulesErrorDuplicateDescription": "En regel med disse indstillingerne findes allerede",
+ "rulesErrorInvalidIpAddressRange": "Ugyldig CIDR",
+ "rulesErrorInvalidIpAddressRangeDescription": "Indtast et gyldig CIDR-site (f.eks. 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Ugyldig sti",
+ "rulesErrorInvalidUrlDescription": "Indtast en gyldig URL-sti eller et mønster (f.eks., /api/*).",
+ "rulesErrorInvalidIpAddress": "Ugyldig IP-adresse",
+ "rulesErrorInvalidIpAddressDescription": "Indtast en gyldig IPv4 eller IPv6 adresse.",
+ "rulesErrorUpdate": "Kunne ikke opdatere regler",
+ "rulesErrorUpdateDescription": "Det opstod en fejl under opdatering af regler",
+ "rulesUpdated": "Aktivér Regler",
+ "rulesUpdatedDescription": "Regelevalueringen er blevet opdateret",
+ "rulesMatchIpAddressRangeDescription": "Angiv en adresse i CIDR-format (f.eks., 103.21.244.0/22)",
+ "rulesMatchIpAddress": "Angiv en IP-adresse (f.eks. 103.21.244.12)",
+ "rulesMatchUrl": "Indtast en URL-sti eller et mønster (f.eks. /api/v1/todos eller /api/v1/*)",
+ "rulesErrorInvalidPriority": "Ugyldig prioritet",
+ "rulesErrorInvalidPriorityDescription": "Indtast et heltall på 1 eller højere.",
+ "rulesErrorDuplicatePriority": "Duplikerede prioriteter",
+ "rulesErrorDuplicatePriorityDescription": "Hver regel skal have et unikt prioritetstall.",
+ "rulesErrorValidation": "Ugyldige regler",
+ "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Vælg en gyldig matchtype (sti, IP, CIDR, land, region eller ASN).",
+ "rulesErrorValueRequired": "Indtast en værdi for denne reglen.",
+ "rulesErrorInvalidCountry": "Ugyldig land",
+ "rulesErrorInvalidCountryDescription": "Vælg et gyldig land.",
+ "rulesErrorInvalidAsn": "Ugyldig ASN",
+ "rulesErrorInvalidAsnDescription": "Indtast en gyldig ASN (f.eks., AS15169).",
+ "ruleUpdated": "Regler opdateret",
+ "ruleUpdatedDescription": "Reglerne er opdateret",
+ "ruleErrorUpdate": "Operation mislykkedes",
+ "ruleErrorUpdateDescription": "En fejl opstod under gemmehandlingen",
+ "rulesPriority": "Prioritet",
+ "rulesReorderDragHandle": "Dra for at omorganisere regelprioriteringen",
+ "rulesAction": "Handling",
+ "rulesMatchType": "Matchtype",
+ "value": "Værdi",
+ "rulesAbout": "Om regler",
+ "rulesAboutDescription": "Regler giver mulighed til at kontrollere adgangen til ressourcen baseret på et sett af kriterier. Du kan oprette regler for at tillade eller afvise adgang baseret på IP-adresse eller URL-sti.",
+ "rulesActions": "Handlinger",
+ "rulesActionAlwaysAllow": "Tillad altid: Omgå alle autentiserings metoder",
+ "rulesActionAlwaysDeny": "Afvis altid: Bloker alle forespørgsler; ingen autentificering kan forsøges",
+ "rulesActionPassToAuth": "Send til autentificering: Tillad, at autentificeringsmetoder kan forsøges",
+ "rulesMatchCriteria": "Matchende kriterier",
+ "rulesMatchCriteriaIpAddress": "Match en specifik IP-adresse",
+ "rulesMatchCriteriaIpAddressRange": "Match et IP-adresseområde i CIDR-notation",
+ "rulesMatchCriteriaUrl": "Match en URL-sti eller et mønster",
+ "rulesEnable": "Aktivér regler",
+ "rulesEnableDescription": "Aktivér eller deaktivér regelevaluering for denne ressource",
+ "rulesResource": "Konfiguration af ressourceregler",
+ "rulesResourceDescription": "Konfigurer regler for at kontrollere adgang til ressourcen",
+ "ruleSubmit": "Tilføj regel",
+ "rulesNoOne": "Ingen regler endnu.",
+ "rulesOrder": "Regler evalueres efter prioritet i stigende rækkefølge.",
+ "rulesSubmit": "Gem regler",
+ "policyErrorCreate": "Fejl ved oprettelse af politik",
+ "policyErrorCreateDescription": "Det opstod en fejl under oprettelse af politikken",
+ "policyErrorCreateMessageDescription": "En uventet fejl opstod",
+ "policyErrorUpdate": "Fejl ved opdatering af politik",
+ "policyErrorUpdateDescription": "Det opstod en fejl ved opdatering af politikken",
+ "policyErrorUpdateMessageDescription": "En uventet fejl opstod",
+ "policyCreatedSuccess": "Ressourcepolitikken blev oprettet med succes",
+ "policyUpdatedSuccess": "Ressourcepolitikken blev opdateret med succes",
+ "authMethodsSave": "Gem indstillinger",
+ "policyAuthStackTitle": "Autentificering",
+ "policyAuthStackDescription": "Kontroller hvilke autentificeringsmetoder som kræves for at få adgang til denne ressource",
+ "policyAuthOrLogicTitle": "Flere autentificeringsmetoder aktive",
+ "policyAuthOrLogicBanner": "Besøgende kan autentificere sig med en hvilken som helst af de aktive metoder nedenfor. De behøver ikke at fuldføre dem alle.",
+ "policyAuthMethodActive": "Aktiv",
+ "policyAuthMethodOff": "Af",
+ "policyAuthSsoTitle": "Platform-SSO",
+ "policyAuthSsoDescription": "Kræv påloging gennem din organisations identitetsudbyder",
+ "policyAuthSsoSummary": "{idp} · {users} brugere, {roles} roller",
+ "policyAuthSsoDefaultIdp": "Standardudbyder",
+ "policyAuthAddDefaultIdentityProvider": "Tilføj standardidentitetsudbyder",
+ "policyAuthOtherMethodsTitle": "Andre metoder",
+ "policyAuthOtherMethodsDescription": "Valgfrie metoder, som besøgende kan bruge i stedet for eller ud over platform-SSO",
+ "policyAuthPasscodeTitle": "Adgangskode",
+ "policyAuthPasscodeDescription": "Kræv en delt alfanumerisk adgangskode for at få adgang til ressourcen",
+ "policyAuthPasscodeSummary": "Adgangskode sat",
+ "policyAuthPincodeTitle": "PIN-kode",
+ "policyAuthPincodeDescription": "En kort numerisk kode kræves for at få adgang til ressourcen",
+ "policyAuthPincodeSummary": "6-sifret PIN sat",
+ "policyAuthEmailTitle": "E-mail hviteliste",
+ "policyAuthEmailDescription": "Tillad angivne e-mailadresser med engangskode",
+ "policyAuthEmailSummary": "{count} adresser tilladt",
+ "policyAuthEmailOtpCallout": "Aktivering af e-mail hviteliste sender en engangskode til den besøgendes e-mail ved login.",
+ "policyAuthHeaderAuthTitle": "Grunnleggende Header Autentificering",
+ "policyAuthHeaderAuthDescription": "Bekræft et tilpasset HTTP-headernavn og værdi ved hver forespørgsel",
+ "policyAuthHeaderAuthSummary": "Header konfigureret",
+ "policyAuthHeaderName": "Headernavn",
+ "policyAuthHeaderValue": "Forventet værdi",
+ "policyAuthSetPasscode": "Angiv adgangskode",
+ "policyAuthSetPincode": "Sett PIN-kode",
+ "policyAuthSetEmailWhitelist": "Angiv e-mail hviteliste",
+ "policyAuthSetHeaderAuth": "Sett grunnleggende Header Autentificering",
+ "policyAccessRulesTitle": "Adgangsregler",
+ "policyAccessRulesEnableDescription": "Når aktiveret, bliver regler evalueret i faldende rækkefølge til en evaluerer til sann.",
+ "policyAccessRulesFirstMatch": "Regler evalueres oppefra og ned. Den første matchende regel bestemmer resultatet.",
+ "policyAccessRulesHowItWorks": "Regler matcher forespørgsler efter sti, IP-adresse, placering eller andre kriterier. Hver regel anvender en handling: omgå autentificering, blokere adgang, eller sende til autentificering. Hvis ingen regler matcher, fortsetter trafikken til autentificering.",
+ "policyAccessRulesFallthroughOff": "Når regler er deaktiveret, går all trafik gennem til autentificering.",
+ "policyAccessRulesFallthroughOn": "Når ingen regler matcher, fortsetter trafikken til autentificering.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Gem Regler",
+ "resourceErrorCreate": "Fejl under oprettelse af ressource",
+ "resourceErrorCreateDescription": "Det opstod en fejl under oprettelse af ressourcen",
+ "resourceErrorCreateMessage": "Fejl ved oprettelse af ressource:",
+ "resourceErrorCreateMessageDescription": "En uventet fejl opstod",
+ "sitesErrorFetch": "Fejl ved hentning af sites",
+ "sitesErrorFetchDescription": "En fejl opstod ved hentning af områdene",
+ "domainsErrorFetch": "Kunne ikke hente domæner",
+ "domainsErrorFetchDescription": "Der opstod en fejl under hentning af domænerne",
+ "none": "Ingen",
+ "unknown": "Ukendt",
+ "resources": "Ressourcer",
+ "resourcesDescription": "Ressourcer er proxyer til applikationer, der kører på det private netværk. Opret en ressource for enhver HTTP/HTTPS- eller rå TCP/UDP-tjeneste på dit private netværk. Hver ressource skal kobles til et site for at aktivere privat og sikker forbindelse gennem en krypteret WireGuard-tunnel.",
+ "resourcesWireGuardConnect": "Sikker forbindelse med WireGuard-kryptering",
+ "resourcesMultipleAuthenticationMethods": "Konfigurer flere autentificeringsmetoder",
+ "resourcesUsersRolesAccess": "Bruger- og rollebaseret adgangskontrol",
+ "resourcesErrorUpdate": "Mislykkedes at slå af/på ressource",
+ "resourcesErrorUpdateDescription": "En fejl opstod under opdatering af ressourcen",
+ "access": "Adgang",
+ "accessControl": "Adgangskontrol",
+ "shareLink": "{resource} Delbart link",
+ "resourceSelect": "Vælg ressource",
+ "shareLinks": "Delbare links",
+ "share": "Delbare links",
+ "shareDescription2": "Opret delbare links til ressourcer. Links giver midlertidig eller ubegrænset adgang til din ressource. Du kan konfigurere udløbsvarigheden på linket når du opretter en.",
+ "shareEasyCreate": "Enkelt at oprette og dele",
+ "shareConfigurableExpirationDuration": "Konfigurerbar udløbsvarighed",
+ "shareSecureAndRevocable": "Sikker og kan tilbagekaldes",
+ "nameMin": "Navn skal være mindst {len} tegn.",
+ "nameMax": "Navn kan ikke være længere enn {len} tegn.",
+ "sitesConfirmCopy": "Venligst bekræft at du har kopieret konfigurationen.",
+ "unknownCommand": "Ukjent kommando",
+ "newtErrorFetchReleases": "Mislykkedes at hente utgivelsesinfo: {err}",
+ "newtErrorFetchLatest": "Fejl ved hentning af seneste utgivelse: {err}",
+ "newtEndpoint": "Endpoint",
+ "newtId": "ID",
+ "newtSecretKey": "Sikkerhedsnøgle",
+ "newtVersion": "Version",
+ "architecture": "Arkitektur",
+ "sites": "Websteder",
+ "siteWgAnyClients": "Brug hvilken som helst WireGuard klient til at oprette forbindelse til. Du skal adressere interne ressourcer ved hjælp af peer IP.",
+ "siteWgCompatibleAllClients": "Kompatibel med alle WireGuard-klienter",
+ "siteWgManualConfigurationRequired": "Manuel konfiguration påkrævet",
+ "userErrorNotAdminOrOwner": "Bruger er ikke administrator eller ejer",
+ "pangolinSettings": "Indstillinger - Pangolin",
+ "accessRoleYour": "Din rolle:",
+ "accessRoleSelect2": "Vælg roller",
+ "accessUserSelect": "Vælg brugere",
+ "otpEmailEnter": "Indtast én e-mail",
+ "otpEmailEnterDescription": "Trykk enter for at tilføje en e-mail efter at have tastet den ind i tekstfeltet.",
+ "otpEmailErrorInvalid": "Ugyldig e-mailadresse. Wildcardet (*) skal være hele lokaldelen.",
+ "otpEmailSmtpRequired": "SMTP påkrævet",
+ "otpEmailSmtpRequiredDescription": "SMTP skal være aktiveret på serveren for at bruge engangskode-autentificering.",
+ "otpEmailTitle": "Engangskode",
+ "otpEmailTitleDescription": "Kræv e-mailbaseret autentificering for ressourceadgang",
+ "otpEmailWhitelist": "E-mailwhitelist",
+ "otpEmailWhitelistList": "Whitelistede e-mails",
+ "otpEmailWhitelistListDescription": "Kun brugere med disse e-mailadresser får adgang til denne ressource. De bliver bedt om at indtaste en engangskode sendt til deres e-mail. Wildcards (*@example.com) kan bruges til at tillade enhver e-mailadresse fra et domæne.",
+ "otpEmailWhitelistSave": "Gem whitelist",
+ "passwordAdd": "Tilføj adgangskode",
+ "passwordRemove": "Fjern adgangskode",
+ "pincodeAdd": "Tilføj PIN-kode",
+ "pincodeRemove": "Fjern PIN-kode",
+ "resourceAuthMethods": "Autentificeringsmetoder",
+ "resourcePolicyAuthMethodsEmpty": "Ingen autentificeringsmetode",
+ "resourcePolicyOtpEmpty": "Ingen engangskode",
+ "resourcePolicyReadOnly": "Denne politikken er kun læsebar",
+ "resourcePolicyReadOnlyDescription": "Denne ressourcereglen deles på tværs af flere ressourcer, du kan ikke redigere den på denne side.",
+ "editSharedPolicy": "Rediger Delte Rekvireringer",
+ "resourcePolicyTypeSave": "Gem Ressourcetype",
+ "resourcePolicySelect": "Vælg ressourcepolitik",
+ "resourcePolicySelectError": "Vælg en ressourceregel",
+ "resourcePolicyNotFound": "Politik ikke fundet",
+ "resourcePolicySearch": "Søg efter regler",
+ "resourcePolicyRulesEmpty": "Ingen autentificeringsregler",
+ "resourceAuthMethodsDescriptions": "Tillad adgang til ressourcen via yderligere autentificeringsmetoder",
+ "resourceAuthSettingsSave": "Gemt med succes",
+ "resourceAuthSettingsSaveDescription": "Autentificeringsindstillinger er gemt",
+ "resourceErrorAuthFetch": "Kunne ikke hente data",
+ "resourceErrorAuthFetchDescription": "Det opstod en fejl ved hentning af data",
+ "resourceErrorPasswordRemove": "Fejl ved fjernelse af adgangskode for ressource",
+ "resourceErrorPasswordRemoveDescription": "Det opstod en fejl ved fjernelse af ressourceadgangskoden",
+ "resourceErrorPasswordSetup": "Fejl ved indstilling af ressourceadgangskode",
+ "resourceErrorPasswordSetupDescription": "Det opstod en fejl ved indstilling af ressourceadgangskoden",
+ "resourceErrorPincodeRemove": "Fejl ved fjernelse af ressource-PIN-koden",
+ "resourceErrorPincodeRemoveDescription": "Det opstod en fejl under fjernelse af ressource-pinkoden",
+ "resourceErrorPincodeSetup": "Fejl ved indstilling af ressource-PIN-kode",
+ "resourceErrorPincodeSetupDescription": "Det opstod en fejl under indstilling af ressourcens PIN-kode",
+ "resourceErrorUsersRolesSave": "Kunne ikke sette roller",
+ "resourceErrorUsersRolesSaveDescription": "En fejl opstod ved indstilling af rollene",
+ "resourceErrorWhitelistSave": "Mislykkedes at gem whitelist",
+ "resourceErrorWhitelistSaveDescription": "Det opstod en fejl under lagring af whitelisten",
+ "resourcePasswordSubmit": "Aktivér adgangskodebeskyttelse",
+ "resourcePasswordProtection": "Adgangskodebeskyttelse {status}",
+ "resourcePasswordRemove": "Ressourceadgangskode fjernet",
+ "resourcePasswordRemoveDescription": "Fjernelse af ressourceadgangskoden var med succes",
+ "resourcePasswordSetup": "Ressourceadgangskode sat",
+ "resourcePasswordSetupDescription": "Ressourceadgangskoden er blevet sat",
+ "resourcePasswordSetupTitle": "Angiv adgangskode",
+ "resourcePasswordSetupTitleDescription": "Sett et adgangskode for at beskytte denne ressource",
+ "resourcePincode": "PIN-kode",
+ "resourcePincodeSubmit": "Aktivér PIN-kodebeskyttelse",
+ "resourcePincodeProtection": "PIN-kodebeskyttelse {status}",
+ "resourcePincodeRemove": "Ressource PIN-kode fjernet",
+ "resourcePincodeRemoveDescription": "Ressourceadgangskoden blev fjernet",
+ "resourcePincodeSetup": "Ressource PIN-kode sat",
+ "resourcePincodeSetupDescription": "Ressource PIN-kode er sat med succes",
+ "resourcePincodeSetupTitle": "Angiv PIN-kode",
+ "resourcePincodeSetupTitleDescription": "Sett en PIN-kode for at beskytte denne ressource",
+ "resourceRoleDescription": "Administratorer har altid adgang til denne ressource.",
+ "resourcePolicySelectTitle": "Ressourceadgangspolitik",
+ "resourcePolicySelectDescription": "Vælg politiktype for autentificering",
+ "resourcePolicyTypeLabel": "Politiktype",
+ "resourcePolicyLabel": "Ressourcepolitik",
+ "resourcePolicyInline": "Inline ressourceregler",
+ "resourcePolicyInlineDescription": "Adgangspolitik som kun er gyldig for denne ressource",
+ "resourcePolicyShared": "Delte ressourceregler",
+ "resourcePolicySharedDescription": "Denne ressource bruger en delt politik.",
+ "sharedPolicy": "Delt politik",
+ "sharedPolicyNoneDescription": "Denne ressource har sin egen politik.",
+ "resourceSharedPolicyOwnDescription": "Denne ressource har sine egne autentiserings- og adgangskontroller.",
+ "resourceSharedPolicyInheritedDescription": "Denne ressource arver fra {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Denne ressource bruger en delt politik. Nogen autentificeringsindstillinger kan redigeres på denne ressource for at tilføje politikken. For at ændre den underliggende politikken, skal du redigere {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Denne ressource bruger en delt politik. Nogen adgangsregler kan redigeres på denne ressource. For at ændre den underliggende politikken, skal du redigere {policyName}.",
+ "resourceUsersRoles": "Adgangskontroller",
+ "resourceUsersRolesDescription": "Konfigurer hvilke brugere og roller som har adgang til denne ressource",
+ "resourceUsersRolesSubmit": "Gem adgangskontroller",
+ "resourceWhitelistSave": "Gem med succes",
+ "resourceWhitelistSaveDescription": "Whitelist-indstillinger er gemt",
+ "ssoUse": "Brug platform-SSO",
+ "ssoUseDescription": "Eksisterende brugere behøver kun at loge på én gang for alle ressourcer som har dette aktiveret.",
+ "proxyErrorInvalidPort": "Ugyldig portnummer",
+ "subdomainErrorInvalid": "Ugyldig underdomæne",
+ "domainErrorFetch": "Fejl ved hentning af domæner",
+ "domainErrorFetchDescription": "Der opstod en fejl ved hentning af domænerne",
+ "resourceErrorUpdate": "Mislykkedes at opdatere ressource",
+ "resourceErrorUpdateDescription": "Det opstod en fejl under opdatering af ressourcen",
+ "resourceUpdated": "Ressource opdateret",
+ "resourceUpdatedDescription": "Ressourcen er opdateret med succes",
+ "resourceErrorTransfer": "Kunne ikke overføre ressource",
+ "resourceErrorTransferDescription": "En fejl opstod under overføring af ressourcen",
+ "resourceTransferred": "Ressource overført",
+ "resourceTransferredDescription": "Ressourcen er overført med succes.",
+ "resourceErrorToggle": "Mislykkedes at veksle ressource",
+ "resourceErrorToggleDescription": "Det opstod en fejl ved opdatering af ressourcen",
+ "resourceVisibilityTitle": "Synlighed",
+ "resourceVisibilityTitleDescription": "Fuldstændigt aktivér eller deaktivér ressourcesynlighed",
+ "resourceGeneral": "Generelle indstillinger",
+ "resourceGeneralDescription": "Konfigurer navn, adresse og adgangspolitik for denne ressource.",
+ "resourceGeneralDetailsSubsection": "Ressourcedetaljer",
+ "resourceGeneralDetailsSubsectionDescription": "Angiv visningsnavn, identifikator og offentligt tilgængelig domæne for denne ressource.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Angiv visningsnavn, identifikator og offentlig port for denne ressource.",
+ "resourceGeneralPublicAddressSubsection": "Offentlig adresse",
+ "resourceGeneralPublicAddressSubsectionDescription": "Konfigurer hvordan brugere får adgang til denne ressource.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autentificering og adgang",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Vælg om denne ressource bruger sin egen politik eller arver fra en delt politik.",
+ "resourceEnable": "Aktivér ressource",
+ "resourceTransfer": "Overfør Ressource",
+ "resourceTransferDescription": "Overfør denne ressource til et andet site",
+ "resourceTransferSubmit": "Overfør ressource",
+ "siteDestination": "Destinasjonsområde",
+ "searchSites": "Søg i sites",
+ "countries": "Land",
+ "accessRoleCreate": "Opret rolle",
+ "accessRoleCreateDescription": "Opret en ny rolle for at gruppere brugere og administrer deres tilladelser.",
+ "accessRoleEdit": "Rediger rolle",
+ "accessRoleEditDescription": "Rediger rolleinformation.",
+ "accessRoleCreateSubmit": "Opret rolle",
+ "accessRoleCreated": "Rolle oprettet",
+ "accessRoleCreatedDescription": "Rollen er med succes oprettet.",
+ "accessRoleErrorCreate": "Kunne ikke oprette rolle",
+ "accessRoleErrorCreateDescription": "Det opstod en fejl under oprettelse af rollen.",
+ "accessRoleUpdateSubmit": "Opdater rolle",
+ "accessRoleUpdated": "Rollen opdateret",
+ "accessRoleUpdatedDescription": "Rollen er blevet opdateret.",
+ "accessApprovalUpdated": "Godkendelse behandlet",
+ "accessApprovalApprovedDescription": "Sett godkendelsesanmodning om at acceptere.",
+ "accessApprovalDeniedDescription": "Sett godkendelsesanmodning om at afvise.",
+ "accessRoleErrorUpdate": "Kunne ikke opdatere rolle",
+ "accessRoleErrorUpdateDescription": "Det opstod en fejl under opdatering af rollen.",
+ "accessApprovalErrorUpdate": "Kunne ikke administrer godkendelse",
+ "accessApprovalErrorUpdateDescription": "Det opstod en fejl under behandling af godkendelsen.",
+ "accessRoleErrorNewRequired": "Ny rolle kræves",
+ "accessRoleErrorRemove": "Kunne ikke fjerne rolle",
+ "accessRoleErrorRemoveDescription": "Det opstod en fejl under fjernelse af rollen.",
+ "accessRoleName": "Rollenavn",
+ "accessRoleQuestionRemove": "Du er ved at slette rollen `{name}`. Du kan ikke fortryde denne handling.",
+ "accessRoleRemove": "Fjern Rolle",
+ "accessRoleRemoveDescription": "Fjern en rolle fra organisationen",
+ "accessRoleRemoveSubmit": "Fjern Rolle",
+ "accessRoleRemoved": "Rolle fjernet",
+ "accessRoleRemovedDescription": "Rollen er med succes fjernet.",
+ "accessRoleRequiredRemove": "Før du sletter denne rolle, vælg venligst en ny rolle at overføre eksisterende medlemmer til.",
+ "network": "Netværk",
+ "manage": "Administrer",
+ "sitesNotFound": "Ingen sites fundet.",
+ "pangolinServerAdmin": "Serveradmin - Pangolin",
+ "licenseTierProfessional": "Professionel licens",
+ "licenseTierEnterprise": "Enterprise-licens",
+ "licenseTierPersonal": "Personlig licens",
+ "licensed": "Licenseret",
+ "yes": "Ja",
+ "no": "Nej",
+ "sitesAdditional": "Yderligere sites",
+ "licenseKeys": "Licensnøgler",
+ "sitestCountDecrease": "Reducer antal sites",
+ "sitestCountIncrease": "Øk antal sites",
+ "idpManage": "Administrer Identitetsudbydere",
+ "idpManageDescription": "Vis og administrer identitetsudbydere i systemet",
+ "idpGlobalModeBanner": "Identitetsudbydere (IdPs) per organisation er deaktiveret på denne serveren. Den bruger globale IdP (delt på tværs af alle organisationer). Administrer globale IdP'er i adminpanelet. For at aktivere IdP per organisation, rediger serverkonfigurationen og sett IdP-tilstand til org. Se dokumentasjonen. Hvis du vil fortsætte at bruge globale IdPs og få denne til at forsvinne fra organisationens indstillinger, sat eksplicit tilstanden til global i konfigurationen.",
+ "idpGlobalModeBannerUpgradeRequired": "Identitetsudbydere (IdP'er) pr. organisation er deaktiveret på denne server. Den bruger globale IdP'er (delt på tværs af alle organisationer). Administrer globale IdP'er i administrationspanelet. For at bruge identitetsudbydere pr. organisation skal du opgradere til Enterprise-udgaven.",
+ "idpGlobalModeBannerLicenseRequired": "Identitetsudbydere (IdPs) per organisation er deaktiveret på denne serveren. Den bruger globale IdPs (delt på tværs af alle organisationer). Administrer globale IdPs i administrationspanelet. For at bruge identitetsudbydere per organisation, kræves en Enterprise-licens.",
+ "idpDeletedDescription": "Identitetsudbyder slettet med succes",
+ "idpOidc": "OAuth2/OIDC",
+ "idpQuestionRemove": "Er du sikker på at du vil slette identitetsudbyder permanent?",
+ "idpMessageRemove": "Dette vil fjerne identitetsudbyderen og alle tilhørende konfigurationer. Brugere, der autentificerer sig via denne udbyder, vil ikke længere kunne logge ind.",
+ "idpMessageConfirm": "For at bekræfte, indtast venligst navnet på identitetsudbyderen nedenfor.",
+ "idpConfirmDelete": "Bekræft Sletning af Identitetsudbyder",
+ "idpDelete": "Slet identitetsudbyder",
+ "idp": "Identitetsudbydere",
+ "idpSearch": "Søg identitetsudbydere...",
+ "idpAdd": "Tilføj Identitetsudbyder",
+ "idpClientIdRequired": "Klient-ID er påkrævet.",
+ "idpClientSecretRequired": "Klienthemmelighed er påkrævet.",
+ "idpErrorAuthUrlInvalid": "Autentiserings-URL skal være en gyldig URL.",
+ "idpErrorTokenUrlInvalid": "Token-URL skal være en gyldig URL.",
+ "idpPathRequired": "Identifikatorbane er påkrævet.",
+ "idpScopeRequired": "Scopes kræves.",
+ "idpOidcDescription": "Konfigurer en OpenID Connect identitetsudbyder",
+ "idpCreatedDescription": "Identitetsudbyder oprettet med succes.",
+ "idpCreate": "Opret identitetsudbyder",
+ "idpCreateDescription": "Konfigurer en ny identitetsudbyder for brugerautentificering",
+ "idpSeeAll": "Se alle identitetsudbydere",
+ "idpSettingsDescription": "Konfigurer grunnleggende information for din identitetsudbyder",
+ "idpDisplayName": "Et visningsnavn for denne identitetsudbyder",
+ "idpAutoProvisionUsers": "Automatisk brugerprovisionering",
+ "idpAutoProvisionUsersDescription": "Når aktiveret, oprettes brugere automatisk i systemet ved første login, med mulighed til at tildele brugere til roller og organisationer.",
+ "idpAutoProvisionConfigureAfterCreate": "Du kan konfigurere autoprovisioneringsindstillingerne når identitetsudbyderen er oprettet.",
+ "licenseBadge": "EE",
+ "idpType": "Udbydertype",
+ "idpTypeDescription": "Vælg typen identitetsudbyder du ønsker at konfigurere",
+ "idpOidcConfigure": "OAuth2/OIDC-konfiguration",
+ "idpOidcConfigureDescription": "Konfigurer OAuth2/OIDC-leverandørens endpoints og legitimationsoplysninger",
+ "idpClientId": "Klient-ID",
+ "idpClientIdDescription": "OAuth2 klient-ID fra identitetsudbyderen",
+ "idpClientSecret": "Klienthemmelighed",
+ "idpClientSecretDescription": "Klient-hemmeligheten med OAuth2 fra identitetsudbyderen",
+ "idpAuthUrl": "Autorisations-URL",
+ "idpAuthUrlDescription": "OAuth2 autorisasjonsendepunkt URL",
+ "idpTokenUrl": "Token-URL",
+ "idpTokenUrlDescription": "OAuth2-tokenendepunkt-URL",
+ "idpOidcConfigureAlert": "Viktig information",
+ "idpOidcConfigureAlertDescription": "Efter at du har oprettet identitetsudbyderen, skal du konfigurere callback-URL'en i identitetsudbyderens indstillinger. Callback-URL vil blive tilføjet efter med succes oprettelse.",
+ "idpToken": "Token-konfiguration",
+ "idpTokenDescription": "Konfigurer hvordan brugerinformation trekkes ud fra ID-tokenet",
+ "idpJmespathAbout": "Om JMESPath",
+ "idpJmespathAboutDescription": "Stierne nedenfor bruger JMESPath-syntaks for at hente ud verdier fra ID-tokenet.",
+ "idpJmespathAboutDescriptionLink": "Læs mere om JMESPath",
+ "idpJmespathLabel": "Identifikatorsti",
+ "idpJmespathLabelDescription": "Stien til brugeridentifikatoren i ID-tokenet",
+ "idpJmespathEmailPathOptional": "E-mailsti (Valgfrit)",
+ "idpJmespathEmailPathOptionalDescription": "Stien til brugerens e-mailadresse i ID-tokenet",
+ "idpJmespathNamePathOptional": "Navn Sti (Valgfrit)",
+ "idpJmespathNamePathOptionalDescription": "Stien til brugerens navn i ID-tokenet",
+ "idpOidcConfigureScopes": "Scopes",
+ "idpOidcConfigureScopesDescription": "Mellemrumsepareret liste over OAuth2-scopes at be om",
+ "idpSubmit": "Opret identitetsudbyder",
+ "orgPolicies": "Organisationspolitikker",
+ "idpSettings": "{idpName} Indstillinger",
+ "idpCreateSettingsDescription": "Konfigurer indstillingerne for identitetsudbyderen",
+ "roleMapping": "Rolletildeling",
+ "orgMapping": "Organisationsmapping",
+ "orgPoliciesSearch": "Søg i organisationens politikker...",
+ "orgPoliciesAdd": "Tilføj organisationspolitik",
+ "orgRequired": "Organisation er påkrævet",
+ "error": "Fejl",
+ "success": "Succes",
+ "orgPolicyAddedDescription": "Politik med succes tilføjet",
+ "orgPolicyUpdatedDescription": "Politikken er med succes opdateret",
+ "orgPolicyDeletedDescription": "Politik slettet med succes",
+ "defaultMappingsUpdatedDescription": "Standardtildelinger opdateret med succes",
+ "orgPoliciesAbout": "Om organisationens politikker",
+ "orgPoliciesAboutDescription": "Organisationspolitikker bruges til at kontrollere adgang til organisationer baseret på brugerens ID-token. Du kan angive JMESPath-udtryk for at udtrække rolle- og organisationsinformation fra ID-tokenet.",
+ "orgPoliciesAboutDescriptionLink": "Se dokumentation, for mere information.",
+ "defaultMappingsOptional": "Standardtildelinger (Valgfrit)",
+ "defaultMappingsOptionalDescription": "Standardtildelingerne bruges når det ikke er defineret en organisationspolitik for en organisation. Du kan angive standard rolle- og organisationstildelinger som det kan faldes tilbage på her.",
+ "defaultMappingsRole": "Standard rolletildeling",
+ "defaultMappingsRoleDescription": "Resultatet af dette udtryk skal returnere rollenavnet, som det er defineret i organisationen, som en streng.",
+ "defaultMappingsOrg": "Standard organisationstildeling",
+ "defaultMappingsOrgDescription": "Når denne er sat, skal udtrykket returnere organisations-IDen eller «true» for at brugeren skal få adgang til den organisationen. Når den ikke er sat, er det nok at definere en rolletildeling: brugeren får adgang så længe en gyldig rolletilknytning kan løses for dem i organisationen.",
+ "defaultMappingsSubmit": "Gem standardtildelinger",
+ "orgPoliciesEdit": "Rediger Organisationspolitik",
+ "org": "Organisation",
+ "orgSelect": "Vælg organisation",
+ "orgSearch": "Søg organisation",
+ "orgNotFound": "Ingen organisation fundet.",
+ "roleMappingPathOptional": "Rollemappingsti (Valgfrit)",
+ "orgMappingPathOptional": "Organisationstildelingssti (valgfrit)",
+ "orgPolicyUpdate": "Opdater politik",
+ "orgPolicyAdd": "Tilføj politik",
+ "orgPolicyConfig": "Konfigurer adgang for en organisation",
+ "idpUpdatedDescription": "Identitetsudbyder med succes opdateret",
+ "redirectUrl": "Omdirigerings-URL",
+ "orgIdpRedirectUrls": "Omdirigerings-URL'er",
+ "redirectUrlAbout": "Om omdirigerings-URL",
+ "redirectUrlAboutDescription": "Dette er URL'en som brugere vil blive omdirigeret efter autentificering. Du skal konfigurere denne URL'en i identitetsudbyderens indstillinger.",
+ "pangolinAuth": "Autentificering - Pangolin",
+ "verificationCodeLengthRequirements": "Din bekræftelseskode skal være 8 tegn.",
+ "errorOccurred": "Det opstod en fejl",
+ "emailErrorVerify": "Kunne ikke verificere e-mail:",
+ "emailVerified": "E-mailen er bekræftet! Omdirigerer deg...",
+ "verificationCodeErrorResend": "Kunne ikke sende bekræftelseskode igen:",
+ "verificationCodeResend": "Bekræftelseskode sendt igen",
+ "verificationCodeResendDescription": "Vi har sendt en ny bekræftelseskode til din e-mailadresse. Tjek venligst din indbakke.",
+ "emailVerify": "Bekræft e-mail",
+ "emailVerifyDescription": "Indtast bekræftelseskoden, der er sendt til din e-mailadresse.",
+ "verificationCode": "Bekræftelseskode",
+ "verificationCodeEmailSent": "Vi har sendt en bekræftelseskode til din e-mailadresse.",
+ "submit": "Send",
+ "emailVerifyResendProgress": "Sender igen...",
+ "emailVerifyResend": "Har du ikke modtaget en kode? Klik her for at sende igen",
+ "passwordNotMatch": "Adgangskoderne matcher ikke",
+ "signupError": "Det opstod en fejl ved registrering",
+ "pangolinLogoAlt": "Pangolin-logo",
+ "inviteAlready": "Ser ud til at du er blevet inviteret!",
+ "inviteAlreadyDescription": "For at acceptere invitationen skal du logge ind eller oprette en konto.",
+ "signupQuestion": "Har du allerede en konto?",
+ "login": "Log ind",
+ "resourceNotFound": "Ressource ikke fundet",
+ "resourceNotFoundDescription": "Ressourcen du prøver at få adgang til findes ikke.",
+ "pincodeRequirementsLength": "PIN skal være præcis 6 cifre",
+ "pincodeRequirementsChars": "PIN skal kun inneholde tal",
+ "passwordRequirementsLength": "Adgangskode skal være mindst 1 tegn langt",
+ "passwordRequirementsTitle": "Adgangskodekrav:",
+ "passwordRequirementLength": "Mindst 8 tegn lang",
+ "passwordRequirementUppercase": "Mindst én stort bogstav",
+ "passwordRequirementLowercase": "Mindst ét lille bogstav",
+ "passwordRequirementNumber": "Mindst ét tal",
+ "passwordRequirementSpecial": "Mindst ét specialtegn",
+ "passwordRequirementsMet": "✓ Adgangskoden opfylder alle krav",
+ "passwordStrength": "Adgangskodestyrke",
+ "passwordStrengthWeak": "Svag",
+ "passwordStrengthMedium": "Medium",
+ "passwordStrengthStrong": "Stærk",
+ "passwordRequirements": "Krav:",
+ "passwordRequirementLengthText": "8+ tegn",
+ "passwordRequirementUppercaseText": "Stort bogstav (A-Z)",
+ "passwordRequirementLowercaseText": "Lille bogstav (a-z)",
+ "passwordRequirementNumberText": "Tal (0-9)",
+ "passwordRequirementSpecialText": "Specialtegn (!@#$%...)",
+ "passwordsDoNotMatch": "Adgangskoderne matcher ikke",
+ "otpEmailRequirementsLength": "OTP skal være mindst 1 tegn lang.",
+ "otpEmailSent": "OTP sendt",
+ "otpEmailSentDescription": "En OTP er sendt til din e-mail",
+ "otpEmailErrorAuthenticate": "Mislykkedes at autentificere med e-mail",
+ "pincodeErrorAuthenticate": "Kunne ikke autentificere med PIN-kode",
+ "passwordErrorAuthenticate": "Kunne ikke autentificere med adgangskode",
+ "poweredBy": "Drevet af",
+ "authenticationRequired": "Autentificering påkrævet",
+ "authenticationMethodChoose": "Vælg din foretrukne metode for at få adgang til {name}",
+ "authenticationRequest": "Du skal autentificere dig for at få adgang til {name}",
+ "user": "Bruger",
+ "pincodeInput": "6-sifret PIN-kode",
+ "pincodeSubmit": "Log ind med PIN",
+ "passwordSubmit": "Log ind med adgangskode",
+ "otpEmailDescription": "En engangskode vil blive sendt til denne e-mailen.",
+ "otpEmailSend": "Send engangskode",
+ "otpEmail": "Engangskode (OTP)",
+ "otpEmailSubmit": "Send OTP",
+ "backToEmail": "Tilbage til E-mail",
+ "noSupportKey": "Serveren kører uden en supporterlicens. Overvej at støtte prosjektet!",
+ "accessDenied": "Adgang nægtet",
+ "accessDeniedDescription": "Du har ikke adgang til denne ressource. Hvis dette er en fejl, venligst kontakt administratoren.",
+ "accessTokenError": "Fejl ved tjek af adgangstoken",
+ "accessGranted": "Adgang givet",
+ "accessUrlInvalid": "Ugyldig adgangs-URL",
+ "accessGrantedDescription": "Du har fått adgang til denne ressource. Omdirigerer deg...",
+ "accessUrlInvalidDescription": "Denne delings-URL er ugyldig. Kontakt venligst ressourceejeren for en ny URL.",
+ "tokenInvalid": "Ugyldigt token",
+ "pincodeInvalid": "Ugyldig kode",
+ "passwordErrorRequestReset": "Forespørgsel om nulstilling mislykkedes",
+ "passwordErrorReset": "Kunne ikke nulstille adgangskode:",
+ "passwordResetSuccess": "Adgangskoden er nulstillet! Går tilbage til login...",
+ "passwordReset": "Nulstil adgangskode",
+ "passwordResetDescription": "Følg trinene for at nulstille din adgangskode",
+ "passwordResetSent": "Vi sender en kode til nulstilling af adgangskoden til denne e-mailadresse.",
+ "passwordResetCode": "Nulstillingskode",
+ "passwordResetCodeDescription": "Tjek e-mailen din for nulstillingskoden.",
+ "generatePasswordResetCode": "Lag nulstillingskode for adgangskode",
+ "passwordResetCodeGenerated": "Adgangskode nulstillingskoden er generert",
+ "passwordResetCodeGeneratedDescription": "Del denne kode med brugeren. De kan bruge den til at nulstille adgangskoden.",
+ "passwordResetUrl": "Nulstillings-URL",
+ "passwordNew": "Ny adgangskode",
+ "passwordNewConfirm": "Bekræft ny adgangskode",
+ "changePassword": "Skift adgangskode",
+ "changePasswordDescription": "Opdater adgangskoden for din konto",
+ "oldPassword": "Nuværende adgangskode",
+ "newPassword": "Ny adgangskode",
+ "confirmNewPassword": "Bekræft ny adgangskode",
+ "changePasswordError": "Kunne ikke ændre adgangskode",
+ "changePasswordErrorDescription": "Der opstod en fejl under ændring af adgangskoden",
+ "changePasswordSuccess": "Adgangskoden er ændret",
+ "changePasswordSuccessDescription": "Dit adgangskode blev opdateret",
+ "passwordExpiryRequired": "Adgangskodeudløb kræves",
+ "passwordExpiryDescription": "Denne organisation kræver at du bytter adgangskode hver {maxDays} dag.",
+ "changePasswordNow": "Bytt adgangskode nu",
+ "pincodeAuth": "Godkendelseskode",
+ "pincodeSubmit2": "Send kode",
+ "passwordResetSubmit": "Be om nulstilling",
+ "passwordResetAlreadyHaveCode": "Indtast koden",
+ "passwordResetSmtpRequired": "Kontakt din administrator",
+ "passwordResetSmtpRequiredDescription": "En adgangskode nulstillingskode kræves for at nulstille adgangskoden. Kontakt systemansvarlig for assistanse.",
+ "passwordBack": "Tilbage til adgangskode",
+ "loginBack": "Gå tilbage til loginsiden for hovedkontoen",
+ "signup": "Tilmeld dig",
+ "loginStart": "Log ind for at komme i gang",
+ "idpOidcTokenValidating": "Validerer OIDC-token",
+ "idpOidcTokenResponse": "Valider OIDC-tokensvar",
+ "idpErrorOidcTokenValidating": "Fejl ved validering af OIDC-token",
+ "idpConnectingTo": "Opretter forbindelse til {name}",
+ "idpConnectingToDescription": "Validerer din identitet",
+ "idpConnectingToProcess": "Opretter forbindelse til...",
+ "idpConnectingToFinished": "Tilsluttet",
+ "idpErrorConnectingTo": "Det opstod et problem med at oprette forbindelse til {name}. Venligst kontakt din administrator.",
+ "idpErrorNotFound": "IdP ikke fundet",
+ "inviteInvalid": "Ugyldig invitation",
+ "labels": "Etiketter",
+ "orgLabelsDescription": "Administrer etiketter i denne organisation.",
+ "addLabels": "Tilføj etiketter",
+ "siteLabelsTab": "Etiketter",
+ "siteLabelsDescription": "Administrer etiketter knyttet til dette sitet.",
+ "labelsNotFound": "Ingen etiketter fundet.",
+ "labelsEmptyCreateHint": "Start at skrive ovenfor for at oprette en etikett.",
+ "labelSearch": "Søg efter etiketter",
+ "labelSearchOrCreate": "Søg eller opret en etikett",
+ "accessLabelFilterCount": "{count, plural, one {en etikett} other {# etiketter}}",
+ "labelOverflowCount": "+{count, plural, one {en etikett} other {# etiketter}}",
+ "accessLabelFilterClear": "Fjern etikettfiltre",
+ "accessFilterClear": "Fjern filtre",
+ "selectColor": "Vælg farve",
+ "createNewLabel": "Opret ny org-etikett \"{label}\"",
+ "inviteInvalidDescription": "Invitationslinket er ugyldig.",
+ "inviteErrorWrongUser": "Invitationen er ikke for denne bruger",
+ "inviteErrorUserNotExists": "Brugeren findes ikke. Venligst opret en konto først.",
+ "inviteErrorLoginRequired": "Du skal være loget ind for at acceptere en invitation",
+ "inviteErrorExpired": "Invitationen kan have udløbet",
+ "inviteErrorRevoked": "Invitationen kan have blevet trukket tilbage",
+ "inviteErrorTypo": "Det kan være en stavefejl i invitationslinket",
+ "pangolinSetup": "Opsætning - Pangolin",
+ "orgNameRequired": "Organisationsnavn er påkrævet",
+ "orgIdRequired": "Organisations-ID er påkrævet",
+ "orgIdMaxLength": "Organisations-ID må højst være 32 tegn",
+ "orgErrorCreate": "En fejl opstod under oprettelse af organisation",
+ "pageNotFound": "Siden blev ikke fundet",
+ "pageNotFoundDescription": "Ups! Siden, du leder efter, findes ikke.",
+ "overview": "Oversigt",
+ "home": "Hjem",
+ "settings": "Indstillinger",
+ "usersAll": "Alle brugere",
+ "license": "Licens",
+ "pangolinDashboard": "Dashboard - Pangolin",
+ "noResults": "Ingen resultater fundet.",
+ "terabytes": "{count} TB",
+ "gigabytes": "{count} GB",
+ "megabytes": "{count} MB",
+ "tagsEntered": "Inntastede tager",
+ "tagsEnteredDescription": "Dette er tagene du har tastet ind.",
+ "tagsWarnCannotBeLessThanZero": "maxTags og minTags kan ikke være mindre end 0",
+ "tagsWarnNotAllowedAutocompleteOptions": "Tag ikke tilladt i henhold til autofuldførelsesmuligheder",
+ "tagsWarnInvalid": "Ugyldigt tag i henhold til validateTag",
+ "tagWarnTooShort": "Tag {tagText} er for kort",
+ "tagWarnTooLong": "Tag {tagText} er for langt",
+ "tagsWarnReachedMaxNumber": "Maksimalt antal tilladte tager er nådd",
+ "tagWarnDuplicate": "Duplikeret tag {tagText} blev ikke tilføjet",
+ "supportKeyInvalid": "Ugyldig nøgle",
+ "supportKeyInvalidDescription": "Din supporternøgle er ugyldig.",
+ "supportKeyValid": "Gyldig nøgle",
+ "supportKeyValidDescription": "Din supporternøgle er valideret. Tak for din støtte!",
+ "supportKeyErrorValidationDescription": "Kunne ikke validere supporternøgle.",
+ "supportKey": "Støtt utviklingen og adopter en Pangolin!",
+ "supportKeyDescription": "Køb en supporternøgle for at hjelpe oss med at fortsætte utviklingen af Pangolin for fællesskabet. Dit bidrag lader oss bruge mere tid på at vedligeholde og tilføje nye funktioner i applikationen for alle. Vi vil aldrig bruge dette til at legge funktioner bak en betalingsmur. Dette er atskilt fra enhver kommerciel udgave.",
+ "supportKeyPet": "Du vil også få adoptere og møte din helt egen kæledyr-Pangolin!",
+ "supportKeyPurchase": "Betalinger behandles via GitHub. Etterpå kan du hente din nøgle på",
+ "supportKeyPurchaseLink": "vores hjemmeside",
+ "supportKeyPurchase2": "og løse den ind her.",
+ "supportKeyLearnMore": "Læs mere.",
+ "supportKeyOptions": "Vælg venligst den mulighed, der passer dig bedst.",
+ "supportKetOptionFull": "Full supporter",
+ "forWholeServer": "For hele serveren",
+ "lifetimePurchase": "Livstidskøb",
+ "supporterStatus": "Supporterstatus",
+ "buy": "Køb",
+ "supportKeyOptionLimited": "Begrænset supporter",
+ "forFiveUsers": "For 5 eller færre brugere",
+ "supportKeyRedeem": "Løs ind supporternøgle",
+ "supportKeyHideSevenDays": "Skjul i 7 dage",
+ "supportKeyEnter": "Indtast supporternøgle",
+ "supportKeyEnterDescription": "Møt din helt egen kæledyr-Pangolin!",
+ "githubUsername": "GitHub-brugernavn",
+ "supportKeyInput": "Supporternøgle",
+ "supportKeyBuy": "Køb supporternøgle",
+ "logoutError": "Fejl ved logout",
+ "signingAs": "Logget ind som",
+ "serverAdmin": "Serveradministrator",
+ "managedSelfhosted": "Administreret selvhostet",
+ "otpEnable": "Aktivér tofaktor",
+ "otpDisable": "Deaktivér tofaktor",
+ "logout": "Log ud",
+ "licenseTierProfessionalRequired": "Professionel udgave påkrævet",
+ "licenseTierProfessionalRequiredDescription": "Denne funktion er kun tilgængelig i den professionelle udgave.",
+ "actionGetOrg": "Hent organisation",
+ "updateOrgUser": "Opdater organisationsbruger",
+ "createOrgUser": "Opret organisationsbruger",
+ "actionUpdateOrg": "Opdater organisation",
+ "actionRemoveInvitation": "Fjern invitation",
+ "actionUpdateUser": "Opdater bruger",
+ "actionGetUser": "Hent bruger",
+ "actionGetOrgUser": "Hent organisationsbruger",
+ "actionListOrgDomains": "Vis organisationsdomæner",
+ "actionGetDomain": "Hent domæne",
+ "actionCreateOrgDomain": "Opret domæne",
+ "actionUpdateOrgDomain": "Opdater domæne",
+ "actionDeleteOrgDomain": "Slet domæne",
+ "actionGetDNSRecords": "Hent DNS-poster",
+ "actionRestartOrgDomain": "Genstart Domæne",
+ "actionCreateSite": "Opret site",
+ "actionDeleteSite": "Slet site",
+ "actionGetSite": "Hent site",
+ "actionListSites": "Vis sites",
+ "actionApplyBlueprint": "Brug blueprint",
+ "actionListBlueprints": "Vis blueprints",
+ "actionGetBlueprint": "Hent blueprint",
+ "actionCreateOrgWideLauncherView": "Opret org-dækkende launcher-visning",
+ "setupToken": "Opsætningstoken",
+ "setupTokenDescription": "Indtast opsætningstoken fra serverkonsollen.",
+ "setupTokenRequired": "Opsætningstoken er nødvendig",
+ "actionUpdateSite": "Opdater site",
+ "actionResetSiteBandwidth": "Nulstil organisationsbåndbredde",
+ "actionListSiteRoles": "Vis tilladte områderoller",
+ "actionCreateResource": "Opret ressource",
+ "actionDeleteResource": "Slet ressource",
+ "actionGetResource": "Hent ressource",
+ "actionListResource": "Vis ressourcer",
+ "actionUpdateResource": "Opdater ressource",
+ "actionListResourceUsers": "Vis ressourcebrugere",
+ "actionSetResourceUsers": "Angiv ressourcebrugere",
+ "actionSetAllowedResourceRoles": "Angiv tilladte ressourceroller",
+ "actionListAllowedResourceRoles": "Vis tilladte ressourceroller",
+ "actionSetResourcePassword": "Angiv ressourceadgangskode",
+ "actionSetResourcePincode": "Angiv ressource-PIN-kode",
+ "actionSetResourceEmailWhitelist": "Angiv e-mailwhitelist for ressource",
+ "actionGetResourceEmailWhitelist": "Hent e-mailwhitelist for ressource",
+ "actionCreateTarget": "Opret mål",
+ "actionDeleteTarget": "Slet mål",
+ "actionGetTarget": "Hent mål",
+ "actionListTargets": "Vis mål",
+ "actionUpdateTarget": "Opdater mål",
+ "actionCreateRole": "Opret rolle",
+ "actionDeleteRole": "Slet rolle",
+ "actionGetRole": "Hent rolle",
+ "actionListRole": "Vis roller",
+ "actionUpdateRole": "Opdater rolle",
+ "actionListAllowedRoleResources": "Vis tilladte rolleressourcer",
+ "actionInviteUser": "Inviter bruger",
+ "actionRemoveUser": "Fjern bruger",
+ "actionListUsers": "Vis brugere",
+ "actionAddUserRole": "Tilføj brugerrolle",
+ "actionSetUserOrgRoles": "Angiv brugerroller",
+ "actionGenerateAccessToken": "Generer adgangstoken",
+ "actionDeleteAccessToken": "Slet adgangstoken",
+ "actionListAccessTokens": "Vis adgangstokens",
+ "actionCreateResourceRule": "Opret ressourceregel",
+ "actionDeleteResourceRule": "Slet ressourceregel",
+ "actionListResourceRules": "Vis ressourceregler",
+ "actionUpdateResourceRule": "Opdater ressourceregel",
+ "actionListOrgs": "Vis organisationer",
+ "actionCheckOrgId": "Tjek ID",
+ "actionCreateOrg": "Opret organisation",
+ "actionDeleteOrg": "Slet organisation",
+ "actionListApiKeys": "Vis API-nøgler",
+ "actionListApiKeyActions": "Vis API-nøglehandlinger",
+ "actionSetApiKeyActions": "Angiv tilladte handlinger for API-nøgle",
+ "actionCreateApiKey": "Opret API-nøgle",
+ "actionDeleteApiKey": "Slet API-nøgle",
+ "actionCreateIdp": "Opret IdP",
+ "actionUpdateIdp": "Opdater IdP",
+ "actionDeleteIdp": "Slet IdP",
+ "actionListIdps": "Vis IdP'er",
+ "actionGetIdp": "Hent IdP",
+ "actionCreateIdpOrg": "Opret IdP-organisationspolitik",
+ "actionDeleteIdpOrg": "Slet IdP-organisationspolitik",
+ "actionListIdpOrgs": "Vis IdP-organisationer",
+ "actionUpdateIdpOrg": "Opdater IdP-organisation",
+ "actionCreateClient": "Opret Klient",
+ "actionDeleteClient": "Slet klient",
+ "actionArchiveClient": "Arkiver klient",
+ "actionUnarchiveClient": "Fjern arkivering klient",
+ "actionBlockClient": "Bloker kunde",
+ "actionUnblockClient": "Fjern blokering af klient",
+ "actionUpdateClient": "Opdater klient",
+ "actionListClients": "Vis klienter",
+ "actionGetClient": "Hent klient",
+ "actionCreateSiteResource": "Opret siteressource",
+ "actionDeleteSiteResource": "Slet Siteressource",
+ "actionGetSiteResource": "Hent Siteressource",
+ "actionListSiteResources": "Vis Siteressourcer",
+ "actionUpdateSiteResource": "Opdater Siteressource",
+ "actionListInvitations": "Vis invitationer",
+ "actionExportLogs": "Eksportér logs",
+ "actionViewLogs": "Vis logs",
+ "noneSelected": "Ingen valgt",
+ "orgNotFound2": "Ingen organisationer fundet.",
+ "search": "Søg…",
+ "searchPlaceholder": "Søg...",
+ "emptySearchOptions": "Ingen valg fundet",
+ "create": "Opret",
+ "orgs": "Organisationer",
+ "loginError": "Der opstod en uventet fejl. Prøv venligst igen.",
+ "loginRequiredForDevice": "Login er påkrævet for din enhed.",
+ "passwordForgot": "Glemt adgangskoden dit?",
+ "otpAuth": "Tofaktorgodkendelse",
+ "otpAuthDescription": "Indtast koden fra autentiseringsappen din eller en af dine engangs reservekoder.",
+ "otpAuthSubmit": "Send kode",
+ "idpContinue": "Eller fortsæt med",
+ "otpAuthBack": "Tilbage til adgangskode",
+ "navbar": "Navigationsmenu",
+ "navbarDescription": "Hovednavigasjonsmeny for applikationen",
+ "navbarDocsLink": "Dokumentation",
+ "otpErrorEnable": "Kunne ikke aktivere 2FA",
+ "otpErrorEnableDescription": "En fejl opstod under aktivering af 2FA",
+ "otpSetupCheckCode": "Indtast venligst en 6-sifret kode",
+ "otpSetupCheckCodeRetry": "Ugyldig kode. Prøv venligst igen.",
+ "otpSetup": "Aktivér tofaktorgodkendelse",
+ "otpSetupDescription": "Sikre din konto med et ekstra lag med beskyttelse",
+ "otpSetupScanQr": "Skann denne QR-koden med autentiseringsappen din eller indtast den hemmelige nøgle manuelt:",
+ "otpSetupSecretCode": "Godkendelseskode",
+ "otpSetupSuccess": "Tofaktorgodkendelse aktiveret",
+ "otpSetupSuccessStoreBackupCodes": "Din konto er nu sikrere. Ikke glem at gem reservekodene dine.",
+ "otpErrorDisable": "Kunne ikke deaktivere 2FA",
+ "otpErrorDisableDescription": "En fejl opstod under deaktivering af 2FA",
+ "otpRemove": "Deaktivér tofaktorgodkendelse",
+ "otpRemoveDescription": "Deaktivér tofaktorgodkendelse for din konto",
+ "otpRemoveSuccess": "Tofaktorgodkendelse deaktiveret",
+ "otpRemoveSuccessMessage": "Tofaktorgodkendelse er deaktiveret for din konto. Du kan aktivere den tilbage når som helst.",
+ "otpRemoveSubmit": "Deaktivér 2FA",
+ "paginator": "Side {current} af {last}",
+ "paginatorToFirst": "Gå til første side",
+ "paginatorToPrevious": "Gå til forrige side",
+ "paginatorToNext": "Gå til næste side",
+ "paginatorToLast": "Gå til sidste side",
+ "copyText": "Kopiér tekst",
+ "copyTextFailed": "Kunne ikke kopiere tekst: ",
+ "copyTextClipboard": "Kopiér til udklipsholder",
+ "inviteErrorInvalidConfirmation": "Ugyldig bekræftelse",
+ "passwordRequired": "Adgangskode er påkrævet",
+ "allowAll": "Tillad alle",
+ "permissionsAllowAll": "Tillad alle rettigheter",
+ "githubUsernameRequired": "GitHub-brugernavn er påkrævet",
+ "supportKeyRequired": "supporternøgle er påkrævet",
+ "passwordRequirementsChars": "Adgangskoden skal være mindst 8 tegn",
+ "language": "Sprog",
+ "verificationCodeRequired": "Kode er påkrævet",
+ "userErrorNoUpdate": "Ingen bruger at opdatere",
+ "siteErrorNoUpdate": "Ingen site at opdatere",
+ "resourceErrorNoUpdate": "Ingen ressource at opdatere",
+ "authErrorNoUpdate": "Ingen autentificeringsinfo at opdatere",
+ "orgErrorNoUpdate": "Ingen organisation at opdatere",
+ "orgErrorNoProvided": "Ingen organisation angivet",
+ "apiKeysErrorNoUpdate": "Ingen API-nøgle at opdatere",
+ "sidebarOverview": "Oversigt",
+ "sidebarHome": "Hjem",
+ "sidebarSites": "Websteder",
+ "sidebarApprovals": "Godkendelsesanmodninger",
+ "sidebarResources": "Ressourcer",
+ "sidebarProxyResources": "Offentlig",
+ "sidebarClientResources": "Privat",
+ "sidebarPolicies": "Delte politikker",
+ "sidebarResourcePolicies": "Offentlige ressourcer",
+ "sidebarAccessControl": "Adgangskontrol",
+ "sidebarLogsAndAnalytics": "Logs og analyser",
+ "sidebarTeam": "Lag",
+ "sidebarUsers": "Brugere",
+ "sidebarAdmin": "Administrator",
+ "sidebarInvitations": "Invitationer",
+ "sidebarRoles": "Roller",
+ "sidebarShareableLinks": "Delbare links",
+ "sidebarApiKeys": "API-nøgler",
+ "sidebarProvisioning": "Provisionering",
+ "sidebarSettings": "Indstillinger",
+ "sidebarAllUsers": "Alle brugere",
+ "sidebarIdentityProviders": "Identitetsudbydere",
+ "sidebarLicense": "Licens",
+ "sidebarClients": "Klienter",
+ "sidebarUserDevices": "Bruger Enheder",
+ "sidebarMachineClients": "Maskiner",
+ "sidebarDomains": "Domæner",
+ "sidebarGeneral": "Administrer",
+ "sidebarLogAndAnalytics": "Logs og analyser",
+ "sidebarBluePrints": "Blueprints",
+ "sidebarAlerting": "Varsling",
+ "sidebarHealthChecks": "Sundhedstjek",
+ "sidebarOrganization": "Organisation",
+ "sidebarManagement": "Administration",
+ "sidebarBillingAndLicenses": "Fakturering & licenser",
+ "sidebarLogsAnalytics": "Analyser",
+ "alertingTitle": "Varsling",
+ "alertingDescription": "Definer kilder, triggere og handlinger for varsler",
+ "alertingRules": "Varslingsregler",
+ "alertingSearchRules": "Søg i regler…",
+ "alertingAddRule": "Opret regel",
+ "alertingColumnSource": "Kilde",
+ "alertingColumnTrigger": "Udløser",
+ "alertingColumnActions": "Handlinger",
+ "alertingColumnEnabled": "Aktiveret",
+ "alertingDeleteQuestion": "Bekræft venligst, at du vil slette denne varslingsregel.",
+ "alertingDeleteRule": "Slet varslingsregel",
+ "alertingRuleDeleted": "Varslingsregel slettet",
+ "alertingRuleSaved": "Varslingsregel gemt",
+ "alertingRuleSavedCreatedDescription": "Din nye varslingsregel blev oprettet. Du kan fortsætte at redigere den på denne side.",
+ "alertingRuleSavedUpdatedDescription": "Dine ændringer i denne varslingsreglen blev gemt.",
+ "alertingEditRule": "Rediger varslingsregel",
+ "alertingCreateRule": "Opret varslingsregel",
+ "alertingRuleCredenzaDescription": "Vælg hvad som skal overvåges, når det skal varsles, og hvordan du vil blive informert",
+ "alertingRuleNamePlaceholder": "Produktionssite nede",
+ "alertingRuleEnabled": "Regel aktiveret",
+ "alertingSectionSource": "Kilde",
+ "alertingSourceType": "Kildetype",
+ "alertingSourceSite": "Sted",
+ "alertingSourceHealthCheck": "Sundhedstjek",
+ "alertingPickSites": "Steder",
+ "alertingPickHealthChecks": "Sundhedstjek",
+ "alertingPickResources": "Ressourcer",
+ "alertingAllSites": "Alle sites",
+ "alertingAllSitesDescription": "Varsler for alle sites",
+ "alertingSpecificSites": "Specifikke sites",
+ "alertingSpecificSitesDescription": "Vælg specifikke sites for overvågning",
+ "alertingAllHealthChecks": "Alle sundhedstjek",
+ "alertingAllHealthChecksDescription": "Varsler for alle sundhedstjek",
+ "alertingSpecificHealthChecks": "Specifikke sundhedstjek",
+ "alertingSpecificHealthChecksDescription": "Vælg specifikke sundhedstjek for overvågning",
+ "alertingAllResources": "Alle ressourcer",
+ "alertingAllResourcesDescription": "Varsler for alle ressourcer",
+ "alertingSpecificResources": "Specifikke ressourcer",
+ "alertingSpecificResourcesDescription": "Vælg specifikke ressourcer for overvågning",
+ "alertingSelectResources": "Vælg ressourcer…",
+ "alertingResourcesSelected": "{count} ressourcer valgt",
+ "alertingResourcesEmpty": "Ingen ressourcer med mål i de første 10 resultaterne.",
+ "alertingSectionTrigger": "Udløser",
+ "alertingTrigger": "Når skal det varsles",
+ "alertingTriggerSiteOnline": "Site er online",
+ "alertingTriggerSiteOffline": "Site er offline",
+ "alertingTriggerSiteToggle": "Ændringer i sitestatus",
+ "alertingTriggerHcHealthy": "Sundhedstjek sund",
+ "alertingTriggerHcUnhealthy": "Sundhedstjek usund",
+ "alertingTriggerHcToggle": "Ændringer i sundhedstjekstatus",
+ "alertingTriggerResourceHealthy": "Ressource sund",
+ "alertingTriggerResourceUnhealthy": "Ressource usund",
+ "alertingTriggerResourceDegraded": "Ressource forringet",
+ "alertingSearchHealthChecks": "Søg i sundhedstjek…",
+ "alertingHealthChecksEmpty": "Ingen tilgængelige sundhedstjek.",
+ "alertingTriggerResourceToggle": "Ændringer i ressourcestatus",
+ "alertingSourceResource": "Ressource",
+ "alertingSectionActions": "Handlinger",
+ "alertingAddAction": "Tilføj handling",
+ "alertingActionNotify": "E-mail",
+ "alertingActionNotifyDescription": "Send e-mailvarsler til brugere eller roller",
+ "alertingActionWebhook": "Webhook",
+ "alertingActionWebhookDescription": "Send en HTTP-forespørgsel til et tilpasset endpoint",
+ "alertingExternalIntegration": "Ekstern integration",
+ "alertingExternalPagerDutyDescription": "Send varsler til PagerDuty for hændelseshåndtering",
+ "alertingExternalOpsgenieDescription": "Rute varsler til Opsgenie for vagthåndtering",
+ "alertingExternalServiceNowDescription": "Opret ServiceNow hændelser fra varslingshændelser",
+ "alertingExternalIncidentIoDescription": "Utløs Incident.io arbejdsgange fra varsels hændelser",
+ "alertingActionType": "Handlings type",
+ "alertingNotifyUsers": "Brugere",
+ "alertingNotifyRoles": "Roller",
+ "alertingNotifyEmails": "E-mailadresser",
+ "alertingEmailPlaceholder": "Tilføj e-mail og trykk Enter",
+ "alertingWebhookMethod": "HTTP-metode",
+ "alertingWebhookSecret": "Signeringshemmelighed (valgfrit)",
+ "alertingWebhookSecretPlaceholder": "HMAC-hemmelig",
+ "alertingWebhookHeaders": "Overskrifter",
+ "alertingAddHeader": "Tilføj header",
+ "alertingSelectSites": "Vælg sites…",
+ "alertingSitesSelected": "{count} sites valgt",
+ "alertingSelectHealthChecks": "Vælg sundhedstjek…",
+ "alertingHealthChecksSelected": "{count} sundhedstjek valgt",
+ "alertingNoHealthChecks": "Ingen mål med sundhedstjek aktiveret",
+ "alertingHealthCheckStub": "Valg af sundhedstjekkilde er ikke færdiggjort endnu - du kan stadig konfigurere triggere og handlinger.",
+ "alertingSelectUsers": "Vælg brugere…",
+ "alertingUsersSelected": "{count} brugere valgt",
+ "alertingSelectRoles": "Vælg roller…",
+ "alertingRolesSelected": "{count} roller valgt",
+ "alertingSummarySites": "Websteder ({count})",
+ "alertingSummaryAllSites": "Alle sites",
+ "alertingSummaryHealthChecks": "Sundhedstjek ({count})",
+ "alertingSummaryAllHealthChecks": "Alle sundhedstjek",
+ "alertingSummaryResources": "Ressourcer ({count})",
+ "alertingSummaryAllResources": "Alle ressourcer",
+ "alertingErrorNameRequired": "Indtast et navn",
+ "alertingErrorActionsMin": "Tilføj mindst én handling",
+ "alertingErrorPickSites": "Vælg mindst ét site",
+ "alertingErrorPickHealthChecks": "Vælg mindst én sundhedstjek",
+ "alertingErrorPickResources": "Vælg mindst én ressource",
+ "alertingErrorTriggerSite": "Vælg en trigger for site",
+ "alertingErrorTriggerHealth": "Vælg en trigger for sundhedstjek",
+ "alertingErrorTriggerResource": "Vælg en trigger for ressource",
+ "alertingErrorNotifyRecipients": "Vælg brugere, roller, eller mindst én e-mail",
+ "alertingConfigureSource": "Konfigurer kilde",
+ "alertingConfigureTrigger": "Konfigurer trigger",
+ "alertingConfigureActions": "Konfigurer handlinger",
+ "alertingBackToRules": "Tilbage til regler",
+ "alertingRuleCooldown": "Cooldown (sekunder)",
+ "alertingRuleCooldownDescription": "Minimumstid mellem gentagne varsler for samme regel. Sæt til 0 for at udløse hver gang.",
+ "alertingDraftBadge": "Kladde - gem for at gem denne reglen",
+ "alertingSidebarHint": "Klik på et steg på lærredet for at redigere det her.",
+ "alertingGraphCanvasTitle": "Regelflow",
+ "alertingGraphCanvasDescription": "Visuel oversigt over kilde, trigger og handlinger. Vælg en node for at redigere den i panelet.",
+ "alertingNodeNotConfigured": "Ikke konfigureret endnu",
+ "alertingNodeActionsCount": "{count, plural, one {# handling} other {# handlinger}}",
+ "alertingNodeRoleSource": "Kilde",
+ "alertingNodeRoleTrigger": "Udløser",
+ "alertingNodeRoleAction": "Handling",
+ "alertingTabRules": "Varslingsregler",
+ "alertingTabHealthChecks": "Sundhedstjek",
+ "alertingRulesBannerTitle": "Bli varslet",
+ "alertingRulesBannerDescription": "Hver regel binder sammen hvad som skal overvåges (et site, sundhedstjek eller ressource), når det skal varsles (for eksempel offline eller usund), og hvordan varsle teamet dit via e-mail, webhooks eller integrationer. Brug denne listen for at oprette, aktivere og administrer disse reglerne.",
+ "alertingHealthChecksBannerTitle": "Overvåg sundhed & ressourcer",
+ "alertingHealthChecksBannerDescription": "Sundhedstjek er HTTP- eller TCP-monitorer, du definerer én gang. Du kan derefter bruge dem som kilder i varslingsregler, så du bliver varslet, når et mål bliver sundt eller usundt. Sundhedstjek på ressourcer vises også her.",
+ "standaloneHcTableTitle": "Sundhedstjek",
+ "standaloneHcSearchPlaceholder": "Søg i sundhedstjek…",
+ "standaloneHcAddButton": "Opret sundhedstjek",
+ "standaloneHcCreateTitle": "Opret sundhedstjek",
+ "standaloneHcEditTitle": "Rediger sundhedstjek",
+ "standaloneHcDescription": "Konfigurer en HTTP- eller TCP-sundhedstjek for brug i varslingsregler.",
+ "standaloneHcNameLabel": "Navn",
+ "standaloneHcNamePlaceholder": "Min HTTP-monitor",
+ "standaloneHcDeleteTitle": "Slet sundhedstjek",
+ "standaloneHcDeleteQuestion": "Bekræft venligst, at du vil slette dette sundhedstjek.",
+ "standaloneHcDeleted": "Sundhedstjek slettet",
+ "standaloneHcSaved": "Sundhedstjek gemt",
+ "standaloneHcColumnHealth": "Sundhed",
+ "standaloneHcColumnMode": "Tilstand",
+ "standaloneHcColumnTarget": "Mål",
+ "standaloneHcHealthStateHealthy": "Sund",
+ "standaloneHcHealthStateUnhealthy": "Usund",
+ "standaloneHcHealthStateUnknown": "Ukendt",
+ "standaloneHcFilterAnySite": "Alle sites",
+ "standaloneHcFilterAnyResource": "Alle ressourcer",
+ "standaloneHcFilterMode": "Tilstand",
+ "standaloneHcFilterModeHttp": "HTTP",
+ "standaloneHcFilterModeTcp": "TCP",
+ "standaloneHcFilterModeSnmp": "SNMP",
+ "standaloneHcFilterModePing": "Ping",
+ "standaloneHcFilterHealth": "Sundhed",
+ "standaloneHcFilterEnabled": "Aktiveret",
+ "standaloneHcFilterEnabledOn": "Aktiveret",
+ "standaloneHcFilterEnabledOff": "Deaktiveret",
+ "standaloneHcFilterSiteIdFallback": "Sted {id}",
+ "standaloneHcFilterResourceIdFallback": "Ressource {id}",
+ "blueprints": "Blueprints",
+ "blueprintsLog": "Blueprint-log",
+ "blueprintsDescription": "Se tidligere blueprint-applikationer og deres resultater, eller brug et nyt blueprint",
+ "blueprintAdd": "Tilføj blueprint",
+ "blueprintGoBack": "Se alle blueprints",
+ "blueprintCreate": "Oprette skabelon",
+ "blueprintCreateDescription2": "Følg trinene nedenfor for at oprette og bruge en ny blueprint",
+ "blueprintDetails": "Blueprint detaljer",
+ "blueprintDetailsDescription": "Se resultatet af den påførte blåkopien og alle fejl som opstod",
+ "blueprintInfo": "Blueprint information",
+ "message": "Meddelelse",
+ "blueprintContentsDescription": "Definere indholdet til YAML som beskriver infrastrukturen",
+ "blueprintErrorCreateDescription": "Det opstod en fejl da blueprintet blev tilføjet",
+ "blueprintErrorCreate": "Fejl ved oprettelse af blueprint",
+ "searchBlueprintProgress": "Søg efter plantegninger...",
+ "appliedAt": "Anvendt den",
+ "source": "Kilde",
+ "contents": "Indhold",
+ "parsedContents": "Parset indhold (skrivebeskyttet)",
+ "enableDockerSocket": "Aktivér Docker-blueprint",
+ "enableDockerSocketDescription": "Aktivér Docker Socket etikett skrubbing for blueprint etiketter. Socket sti skal angives til site-connectoren. Læs om hvordan dette fungerer i dokumentasjonen.",
+ "newtAutoUpdate": "Aktivér Automatisk Opdatering af Site",
+ "newtAutoUpdateDescription": "Når dette er aktiveret, vil site-connectorer automatisk downloade den nyeste version og genstarte sig selv. Dette kan tilsidesættes pr. site.",
+ "siteAutoUpdate": "Automatisk Opdatering af Site",
+ "siteAutoUpdateLabel": "Aktivér Automatisk Opdatering",
+ "siteAutoUpdateDescription": "Når dette er aktiveret, vil dette sites connector automatisk downloade den nyeste version og genstarte sig selv.",
+ "siteAutoUpdateOrgDefault": "Organisation standard: {state}",
+ "siteAutoUpdateOverriding": "Overstyrer organisationens indstilling",
+ "siteAutoUpdateResetToOrg": "Nulstil til Organisationsstandard",
+ "siteAutoUpdateEnabled": "aktiveret",
+ "siteAutoUpdateDisabled": "deaktiveret",
+ "viewDockerContainers": "Vis Docker-containere",
+ "containersIn": "Containere i {siteName}",
+ "selectContainerDescription": "Vælg en hvilken som helst container for at bruge den som værtsnavn for dette mål. Klik på en port for at bruge den.",
+ "containerName": "Navn",
+ "containerImage": "Bilde",
+ "containerState": "Tilstand",
+ "containerNetworks": "Netværk",
+ "containerHostnameIp": "Hostnavn/IP",
+ "containerLabels": "Etiketter",
+ "containerLabelsCount": "{count, plural, one {en etikett} other {# etiketter}}",
+ "containerLabelsTitle": "Containeretiketter",
+ "containerLabelEmpty": "",
+ "containerPorts": "Porte",
+ "containerPortsMore": "+{count} til",
+ "containerActions": "Handlinger",
+ "select": "Vælg",
+ "noContainersMatchingFilters": "Ingen containere fundet som matcher de nuværende filtre.",
+ "showContainersWithoutPorts": "Vis containere uden porte",
+ "showStoppedContainers": "Vis stoppede containere",
+ "noContainersFound": "Ingen containere fundet. Sørg for at Docker-containere kører.",
+ "searchContainersPlaceholder": "Søg blandt {count} containere...",
+ "searchResultsCount": "{count, plural, one {ét resultat} other {# resultater}}",
+ "filters": "Filtre",
+ "filterOptions": "Filterindstillinger",
+ "filterPorts": "Porte",
+ "filterStopped": "Stoppet",
+ "clearAllFilters": "Ryd alle filtre",
+ "columns": "Kolonner",
+ "toggleColumns": "Vis/skjul kolonner",
+ "refreshContainersList": "Opdater containerliste",
+ "searching": "Søger...",
+ "noContainersFoundMatching": "Ingen containere fundet som matcher \"{filter}\".",
+ "light": "lys",
+ "dark": "mørk",
+ "system": "system",
+ "theme": "Tema",
+ "subnetRequired": "Subnet er påkrævet",
+ "initialSetupTitle": "Førstegangsopsætning af server",
+ "initialSetupDescription": "Opret den første serveradministratorkontoen. Det kan kun findes én serveradministrator. Du kan altid ændre denne logininformationen senere.",
+ "createAdminAccount": "Opret administratorkonto",
+ "setupErrorCreateAdmin": "En fejl opstod under oprettelsen af serveradministratorkontoen.",
+ "certificateStatus": "Certifikat",
+ "certificateStatusAutoRefreshHint": "Status opdateres automatisk.",
+ "loading": "Indlæser",
+ "loadingEllipsis": "Indlæser...",
+ "loadingAnalytics": "Indlæser analyser",
+ "restart": "Genstart",
+ "domains": "Domæner",
+ "domainsDescription": "Opret og administrer domæner som er tilgængelige i organisationen",
+ "domainsSearch": "Søg i domæner...",
+ "domainAdd": "Tilføj domæne",
+ "domainAddDescription": "Registrer et nyt domæne med organisationen",
+ "domainCreate": "Opret domæne",
+ "domainCreatedDescription": "Domæne blev oprettet",
+ "domainDeletedDescription": "Domæne blev slettet",
+ "domainQuestionRemove": "Er du sikker på at du vil fjerne domænet?",
+ "domainMessageRemove": "Når domænet er fjernet, vil det ikke længere være forbundet med organisationen.",
+ "domainConfirmDelete": "Bekræft sletning af domæne",
+ "domainDelete": "Slet domæne",
+ "domain": "Domæne",
+ "selectDomainTypeNsName": "Domenedelegering (NS)",
+ "selectDomainTypeNsDescription": "Dette domænet og alle dets underdomæner. Brug dette når du vil kontrollere en hel domænezone.",
+ "selectDomainTypeCnameName": "Enkelt domæne (CNAME)",
+ "selectDomainTypeCnameDescription": "Kun dette specifikke domænet. Brug dette for individuelle underdomæner eller specifikke domæneposter.",
+ "selectDomainTypeWildcardName": "Wildcard-domæne",
+ "selectDomainTypeWildcardDescription": "Dette domænet og dets underdomæner.",
+ "domainDelegation": "Enkelt domæne",
+ "selectType": "Vælg en type",
+ "actions": "Handlinger",
+ "refresh": "Opdater",
+ "refreshError": "Kunne ikke opdatere data",
+ "verified": "Verificeret",
+ "pending": "Afventer",
+ "pendingApproval": "Venter på godkendelse",
+ "sidebarBilling": "Fakturering",
+ "billing": "Fakturering",
+ "orgBillingDescription": "Administrer faktureringsinformation og abonnementer",
+ "github": "GitHub",
+ "pangolinHosted": "Hostet af Pangolin",
+ "fossorial": "Fossorial",
+ "completeAccountSetup": "Fuldfør kontoopsætning",
+ "completeAccountSetupDescription": "Angiv adgangskoden dit for at komme i gang",
+ "accountSetupSent": "Vi sender en opsætningskode for kontoen til denne e-mailadressen.",
+ "accountSetupCode": "Opsætningskode",
+ "accountSetupCodeDescription": "Tjek din e-mail for opsætningskoden.",
+ "passwordCreate": "Opret adgangskode",
+ "passwordCreateConfirm": "Bekræft adgangskode",
+ "accountSetupSubmit": "Send opsætningskode",
+ "completeSetup": "Fuldfør opsætning",
+ "accountSetupSuccess": "Kontoopsætning fuldført! Velkommen til Pangolin!",
+ "documentation": "Dokumentation",
+ "saveAllSettings": "Gem alle indstillinger",
+ "saveResourceTargets": "Gem indstillinger",
+ "saveResourceHttp": "Gem indstillinger",
+ "saveProxyProtocol": "Gem indstillinger",
+ "settingsUpdated": "Indstillinger opdateret",
+ "settingsUpdatedDescription": "Indstillinger opdateret med succes",
+ "settingsErrorUpdate": "Kunne ikke opdatere indstillinger",
+ "settingsErrorUpdateDescription": "En fejl opstod under opdatering af indstillinger",
+ "sidebarCollapse": "Skjul",
+ "sidebarExpand": "Udvid",
+ "productUpdateMoreInfo": "{noOfUpdates} flere opdateringer",
+ "productUpdateInfo": "{noOfUpdates} opdateringer",
+ "productUpdateWhatsNew": "Hvad er nyt",
+ "productUpdateTitle": "Opdateringer om produktet",
+ "productUpdateEmpty": "Ingen opdateringer",
+ "dismissAll": "Afvis alle",
+ "pangolinUpdateAvailable": "Opdatering tilgængelig",
+ "pangolinUpdateAvailableInfo": "Version {version} er klar til at installere",
+ "pangolinUpdateAvailableReleaseNotes": "Se utgivelsesnotater",
+ "newtUpdateAvailable": "Opdatering tilgængelig",
+ "newtUpdateAvailableInfo": "En ny version af Newt er tilgængeligt. Opdater venligst til den nyeste version for den bedste oplevelse.",
+ "pangolinNodeUpdateAvailableInfo": "En ny version af Pangolin Node er tilgængeligt. Opdater venligst til den nyeste version for den bedste oplevelse.",
+ "domainPickerEnterDomain": "Domæne",
+ "domainPickerPlaceholder": "minapp.eksempel.no",
+ "domainPickerDescription": "Indtast hele domænet til ressourcen for at se tilgængelige alternativer.",
+ "domainPickerDescriptionSaas": "Indtast et fullt domæne, underdomæne eller kun et navn for at se tilgængelige alternativer",
+ "domainPickerTabAll": "Alle",
+ "domainPickerTabOrganization": "Organisation",
+ "domainPickerTabProvided": "Levert",
+ "domainPickerSortAsc": "A-AT",
+ "domainPickerSortDesc": "AT-A",
+ "domainPickerCheckingAvailability": "Kontrollerer tilgængelighed...",
+ "domainPickerNoMatchingDomains": "Ingen matchende domæner fundet. Prøv et andet domæne, eller kontroller organisationens domæneindstillinger.",
+ "domainPickerOrganizationDomains": "Organisationsdomæner",
+ "domainPickerProvidedDomains": "Leverte domæner",
+ "domainPickerSubdomain": "Underdomæne: {subdomain}",
+ "domainPickerNamespace": "Navnerom: {namespace}",
+ "domainPickerShowMore": "Vis mere",
+ "regionSelectorTitle": "Vælg Region",
+ "domainPickerRemoteExitNodeWarning": "Leverede domæner understøttes ikke, når sites kobles til eksterne exitnoder. For ressourcer, der skal være tilgængelige på eksterne noder, skal du i stedet bruge et brugerdefineret domæne.",
+ "regionSelectorInfo": "At vælge en region hjelper oss med at give bedre ydeevne for din placering. Du behøver ikke være i samme region som serveren.",
+ "regionSelectorPlaceholder": "Vælg en region",
+ "regionSelectorComingSoon": "Kommer snart",
+ "billingLoadingSubscription": "Indlæser abonnement...",
+ "billingFreeTier": "Gratis nivå",
+ "billingWarningOverLimit": "Advarsel: Du har overskredet en eller flere forbrugsgrænser. Dine sites vil ikke opret forbindelse til før du ændrer dit abonnement eller justerer forbruget.",
+ "billingUsageLimitsOverview": "Oversikt over forbrugsgrænser",
+ "billingMonitorUsage": "Overvåg forbruget din i forhold til konfigurerte grænse. Hvis du behøver økte grænse, venligst kontakt support@pangolin.net.",
+ "billingDataUsage": "Dataforbrug",
+ "billingSites": "Websteder",
+ "billingUsers": "Brugere",
+ "billingDomains": "Domæner",
+ "billingOrganizations": "Orger",
+ "billingRemoteExitNodes": "Eksterne noder",
+ "billingNoLimitConfigured": "Ingen grænse konfigureret",
+ "billingEstimatedPeriod": "Estimert faktureringsperiode",
+ "billingIncludedUsage": "Inklusive Brug",
+ "billingIncludedUsageDescription": "Brug inklusive i din nuværende abonnementsplan",
+ "billingFreeTierIncludedUsage": "Gratis nivå forbrugsgrænser",
+ "billingIncluded": "inklusive",
+ "billingEstimatedTotal": "Estimert Totalt:",
+ "billingNotes": "Notater",
+ "billingEstimateNote": "Dette er et estimat baseret på din nuværende brug.",
+ "billingActualChargesMayVary": "Faktiske omkostninger kan variere.",
+ "billingBilledAtEnd": "Du vil blive fakturert ved slutten af faktureringsperioden.",
+ "billingModifySubscription": "Ændre abonnement",
+ "billingStartSubscription": "Start abonnement",
+ "billingRecurringCharge": "Indgående Avgift",
+ "billingManageSubscriptionSettings": "Administrer abonnementsindstillinger",
+ "billingNoActiveSubscription": "Du har ikke et aktivt abonnement. Start dit abonnement for at øge bruksgrensene.",
+ "billingFailedToLoadSubscription": "Kunne ikke indlæse abonnement",
+ "billingFailedToLoadUsage": "Kunne ikke indlæse bruksdata",
+ "billingFailedToGetCheckoutUrl": "Mislykkedes at få betalingslenke",
+ "billingPleaseTryAgainLater": "Prøv venligst igen senere.",
+ "billingCheckoutError": "Kasserror",
+ "billingFailedToGetPortalUrl": "Mislykkedes at hente portal URL",
+ "billingPortalError": "Portalfeil",
+ "billingDataUsageInfo": "Du bliver opkrævet for al data, der overføres gennem dine sikre tunneler, når du er forbundet til skyen. Dette inkluderer både indgående og udgående trafik på alle dine sites. Når du når din grænse, vil dine sites blive frakoblet, indtil du opgraderer din plan eller reducerer forbruget. Data belastes ikke ved brug af exitnode-grupper.",
+ "billingSInfo": "Hvor mange sites du kan bruge",
+ "billingUsersInfo": "Hvor mange brugere du kan bruge",
+ "billingDomainInfo": "Hvor mange domæner du kan bruge",
+ "billingRemoteExitNodesInfo": "Hvor mange fjernnoder du kan bruge",
+ "billingLicenseKeys": "Licensnøgler",
+ "billingLicenseKeysDescription": "Administrer dine licensnøgleabonnementer",
+ "billingLicenseSubscription": "Licens abonnement",
+ "billingInactive": "Inaktiv",
+ "billingLicenseItem": "Licens artikkel",
+ "billingQuantity": "Antal",
+ "billingTotal": "totalt",
+ "billingModifyLicenses": "Ændre licensabonnement",
+ "domainNotFound": "Domæne ikke fundet",
+ "domainNotFoundDescription": "Denne ressource er deaktiveret fordi domænet ikke længere findes i systemet vores. Venligst angiv et nyt domæne for denne ressource.",
+ "failed": "Mislykkedes",
+ "createNewOrgDescription": "Opret en ny organisation",
+ "organization": "Organisation",
+ "primary": "Primær",
+ "port": "Port",
+ "securityKeyManage": "Administrer sikkerhedsnøgler",
+ "securityKeyDescription": "Tilføj eller fjern sikkerhedsnøgler for adgangskodeløs autentificering",
+ "securityKeyRegister": "Registrer ny sikkerhedsnøgle",
+ "securityKeyList": "Dine sikkerhedsnøgler",
+ "securityKeyNone": "Ingen sikkerhedsnøgler er registreret endnu",
+ "securityKeyNameRequired": "Navn er påkrævet",
+ "securityKeyRemove": "Fjern",
+ "securityKeyLastUsed": "Sist brugt: {date}",
+ "securityKeyNameLabel": "Navn på sikkerhedsnøgle",
+ "securityKeyRegisterSuccess": "Sikkerhedsnøgle registreret",
+ "securityKeyRegisterError": "Kunne ikke registrere sikkerhedsnøgle",
+ "securityKeyRemoveSuccess": "Sikkerhedsnøgle fjernet",
+ "securityKeyRemoveError": "Kunne ikke fjerne sikkerhedsnøgle",
+ "securityKeyLoadError": "Kunne ikke indlæse ind sikkerhedsnøgler",
+ "securityKeyLogin": "Brug sikkerhedsnøgle",
+ "securityKeyAuthError": "Kunne ikke autentificere med sikkerhedsnøgle",
+ "securityKeyRecommendation": "Registrer en reserve-sikkerhedsnøgle på en anden enhed for at sikre at du altid har adgang til din konto.",
+ "registering": "Registrerer...",
+ "securityKeyPrompt": "Venligst bekræft din identitet med sikkerhedsnøglen. Sørg for at sikkerhedsnøglen er forbundet til og klar.",
+ "securityKeyBrowserNotSupported": "Browseren din understøtter ikke sikkerhedsnøgler. Venligst brug en moderne browser som Chrome, Firefox eller Safari.",
+ "securityKeyPermissionDenied": "Tillad venligst adgang til din sikkerhedsnøgle for at fortsætte loginprocessen.",
+ "securityKeyRemovedTooQuickly": "Hold venligst sikkerhedsnøglen tilsluttet, indtil loginprocessen er fuldført.",
+ "securityKeyNotSupported": "Sikkerhedsnøglen din er muligvis ikke kompatibel. Venligst prøv en anden sikkerhedsnøgle.",
+ "securityKeyUnknownError": "Der opstod et problem med at bruge din sikkerhedsnøgle. Prøv venligst igen.",
+ "twoFactorRequired": "Tofaktorgodkendelse er påkrævet for at registrere en sikkerhedsnøgle.",
+ "twoFactor": "Tofaktorgodkendelse",
+ "twoFactorAuthentication": "To-faktor autentificering",
+ "twoFactorDescription": "Denne organisation kræver to-faktor-autentificering.",
+ "enableTwoFactor": "Aktivér to-faktor autentificering",
+ "organizationSecurityPolicy": "Politikker for organisations sikkerhed",
+ "organizationSecurityPolicyDescription": "Denne organisation har sikkerhedskrav som skal opfyldes før du får adgang til den",
+ "securityRequirements": "Krav Til Sikkerhed",
+ "allRequirementsMet": "Alle krav er opfyldt",
+ "completeRequirementsToContinue": "Fuldfør kravene nedenfor for at fortsætte adgangen til denne organisation",
+ "youCanNowAccessOrganization": "Du har nu adgang til denne organisation",
+ "reauthenticationRequired": "Økt lengde",
+ "reauthenticationDescription": "Denne organisation kræver at du logs på alle {maxDays} dage.",
+ "reauthenticationDescriptionHours": "Denne organisation kræver at du logs ind hver {maxHours} time.",
+ "reauthenticateNow": "Log ind tilbage",
+ "adminEnabled2FaOnYourAccount": "Din administrator har aktiveret tofaktorgodkendelse for {email}. Fuldfør venligst opsætningsprocessen for at fortsætte.",
+ "securityKeyAdd": "Tilføj sikkerhedsnøgle",
+ "securityKeyRegisterTitle": "Registrer ny sikkerhedsnøgle",
+ "securityKeyRegisterDescription": "Opret forbindelse til sikkerhedsnøglen og indtast et navn for at identifisere den",
+ "securityKeyTwoFactorRequired": "Tofaktorgodkendelse påkrævet",
+ "securityKeyTwoFactorDescription": "Indtast venligst koden for tofaktorgodkendelse for at registrere sikkerhedsnøglen",
+ "securityKeyTwoFactorRemoveDescription": "Indtast venligst koden for tofaktorgodkendelse for at fjerne sikkerhedsnøglen",
+ "securityKeyTwoFactorCode": "Tofaktorkode",
+ "securityKeyRemoveTitle": "Fjern sikkerhedsnøgle",
+ "securityKeyRemoveDescription": "Indtast adgangskoden dit for at fjerne sikkerhedsnøglen \"{name}\"",
+ "securityKeyNoKeysRegistered": "Ingen sikkerhedsnøgler registreret",
+ "securityKeyNoKeysDescription": "Tilføj en sikkerhedsnøgle for at øge sikkerheden for din konto",
+ "createDomainRequired": "Domæne er påkrævet",
+ "createDomainAddDnsRecords": "Tilføj DNS-poster",
+ "createDomainAddDnsRecordsDescription": "Tilføj følgende DNS-poster hos din domæneudbyder for at fuldføre opsætningen.",
+ "createDomainNsRecords": "NS-poster",
+ "createDomainRecord": "Post",
+ "createDomainType": "Type:",
+ "createDomainName": "Navn:",
+ "createDomainValue": "Værdi:",
+ "createDomainCnameRecords": "CNAME-poster",
+ "createDomainARecords": "A-poster",
+ "createDomainRecordNumber": "Post {number}",
+ "createDomainTxtRecords": "TXT-poster",
+ "createDomainSaveTheseRecords": "Gem disse posterne",
+ "createDomainSaveTheseRecordsDescription": "Sørg for at gem disse DNS-posterne, da du ikke vil se dem tilbage.",
+ "createDomainDnsPropagation": "DNS-propagering",
+ "createDomainDnsPropagationDescription": "DNS-ændringer kan tage lidt tid at propagere over internettet. Dette kan tage fra nogen få minutter til 48 timer, afhængigt af din DNS-udbyder og TTL-indstillinger.",
+ "resourcePortRequired": "Portnummer er påkrævet for ikke-HTTP-ressourcer",
+ "resourcePortNotAllowed": "Portnummer skal ikke angis for HTTP-ressourcer",
+ "billingPricingCalculatorLink": "Pris Kalkulator",
+ "billingYourPlan": "Din funktionsplan",
+ "billingViewOrModifyPlan": "Vis eller ændre nuværende abonnement",
+ "billingViewPlanDetails": "Se Planleggings detaljer",
+ "billingUsageAndLimits": "Brug og grænse",
+ "billingViewUsageAndLimits": "Se planets grænse og nuværende brug",
+ "billingCurrentUsage": "Nuværende brug",
+ "billingMaximumLimits": "Maks antal grænse",
+ "billingRemoteNodes": "Eksterne noder",
+ "billingUnlimited": "Ubegrænset",
+ "billingPaidLicenseKeys": "Betalt licensnøgler",
+ "billingManageLicenseSubscription": "Administrer abonnementet for betalte licensnøgler selv hostet",
+ "billingCurrentKeys": "Nuværende nøgler",
+ "billingModifyCurrentPlan": "Ændre nuværende plan",
+ "billingManageLicenseSubscriptionDescription": "Administrer dit abonnement for betalte selvhostede licensnøgler og download fakturaer.",
+ "billingConfirmUpgrade": "Bekræft opgradering",
+ "billingConfirmDowngrade": "Bekræft nedgradering",
+ "billingConfirmUpgradeDescription": "Du er ved at opgradere dit abonnement. Gå gennem de nye grænserne og pris nedenfor.",
+ "billingConfirmDowngradeDescription": "Du er ved at nedgradere din plan. Gå gennem de nye grænserne og pris nedenfor.",
+ "billingPlanIncludes": "Plan Inkluderer",
+ "billingProcessing": "Behandler...",
+ "billingConfirmUpgradeButton": "Bekræft opgradering",
+ "billingConfirmDowngradeButton": "Bekræft nedgradering",
+ "billingLimitViolationWarning": "Brug overbelastede grænse for ny plan",
+ "billingLimitViolationDescription": "Dit nuværende forbrug overskrider grænserne for denne plan. Efter nedgradering deaktiveres alle handlinger, indtil du reducerer forbruget inden for de nye grænser. Gennemgå venligst funktionerne nedenfor, som i øjeblikket er over grænserne. Overskredne grænser:",
+ "billingFeatureLossWarning": "Fremhev tilgængelig notifikation",
+ "billingFeatureLossDescription": "Ved at nedgradere vil funktioner der ikke er tilgængelige i den nye planen automatisk blive deaktiveret. Nogen indstillinger og konfigurationer kan gå tapt. Venligst gennemgå prismatrisen for at forstå hvilke funktioner der ikke længere vil være tilgængelige.",
+ "billingUsageExceedsLimit": "Nuværende brug ({current}) overskrider grænsen ({limit})",
+ "billingPastDueTitle": "Betalingen har forfalden",
+ "billingPastDueDescription": "Betalingen er forfalden. Opdater venligst din betalingsmetode for fortsat at bruge din nuværende funktionsplan. Hvis problemet ikke løses, bliver dit abonnement annulleret, og du bliver nulstillet til gratisniveauet.",
+ "billingUnpaidTitle": "Abonnement ubetalt",
+ "billingUnpaidDescription": "Dit abonnement er ubetalt, og du er blevet nulstillet til gratisniveauet. Opdater venligst din betalingsmetode for at gendanne abonnementet.",
+ "billingIncompleteTitle": "Betaling ufullstendig",
+ "billingIncompleteDescription": "Betalingen er ufullstendig. Venligst fuldfør betalingsprosessen for at aktivere abonnementet.",
+ "billingIncompleteExpiredTitle": "Betaling udløbet",
+ "billingIncompleteExpiredDescription": "Din betaling blev aldrig fuldført og er udløbet. Du er blevet nulstillet til gratisniveauet. Abonnér venligst igen for at gendanne adgangen til betalte funktioner.",
+ "billingManageSubscription": "Administrer dit abonnement",
+ "billingResolvePaymentIssue": "Venligst løs dit betalingsproblem før du opgraderer eller nedgraderer betalingen",
+ "signUpTerms": {
+ "IAgreeToThe": "Jeg accepterer",
+ "termsOfService": "brugervilkårene",
+ "and": "og",
+ "privacyPolicy": "privatlivspolitikken"
+ },
+ "signUpMarketing": {
+ "keepMeInTheLoop": "Hold mig opdateret med nyheder, opdateringer og nye funktioner via e-mail."
+ },
+ "siteRequired": "Site er påkrævet.",
+ "olmTunnel": "Olm-tunnel",
+ "olmTunnelDescription": "Brug Olm for klientforbindelse",
+ "errorCreatingClient": "Fejl ved oprettelse af klient",
+ "clientDefaultsNotFound": "Klientstandarder ikke fundet",
+ "createClient": "Opret klient",
+ "createClientDescription": "Oprette en ny klient for at få adgang til private ressourcer",
+ "seeAllClients": "Se alle klienter",
+ "clientInformation": "Klientinformation",
+ "clientNamePlaceholder": "Klientnavn",
+ "address": "Adresse",
+ "subnetPlaceholder": "Subnet",
+ "addressDescription": "Den interne adressen til klienten. Skal falle inden for organisationens subnet.",
+ "selectSites": "Vælg sites",
+ "selectLabels": "Vælg etiketter",
+ "sitesDescription": "Klienten vil have forbindelse til de valgte områdene",
+ "clientInstallOlm": "Installer Olm",
+ "clientInstallOlmDescription": "Få Olm til at køre på dit system",
+ "clientOlmCredentials": "Legitimationsoplysninger",
+ "clientOlmCredentialsDescription": "Dette er hvordan klienten vil godkende med serveren",
+ "olmEndpoint": "Endpoint",
+ "olmId": "ID",
+ "olmSecretKey": "Sikkerhedsnøgle",
+ "clientCredentialsSave": "Gem brugeroplysninger",
+ "clientCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for at kopiere det til et sikkert sted.",
+ "generalSettingsDescription": "Konfigurer de generelle indstillingerne for denne klienten",
+ "clientUpdated": "Klient opdateret",
+ "clientUpdatedDescription": "Klienten er blevet opdateret.",
+ "clientUpdateFailed": "Kunne ikke opdatere klient",
+ "clientUpdateError": "En fejl opstod under opdatering af klienten.",
+ "sitesFetchFailed": "Kunne ikke hente sites",
+ "sitesFetchError": "En fejl opstod under hentning af sites.",
+ "olmErrorFetchReleases": "En fejl opstod under hentning af Olm-utgivelser.",
+ "olmErrorFetchLatest": "En fejl opstod under hentning af den nyeste Olm-utgivelsen.",
+ "enterCidrRange": "Indtast CIDR-site",
+ "resourceEnableProxy": "Aktivér offentlig proxy",
+ "resourceEnableProxyDescription": "Aktivér offentlig proxying til denne ressource. Dette giver adgang til ressourcen udefra netværket gennem skyen på en åben port. Kræver Traefik-konfiguration.",
+ "externalProxyEnabled": "Ekstern proxy aktiveret",
+ "addNewTarget": "Tilføj nyt mål",
+ "targetsList": "Liste over mål",
+ "advancedMode": "Avanceret tilstand",
+ "advancedSettings": "Avanserte indstillinger",
+ "targetErrorDuplicateTargetFound": "Duplikat af mål fundet",
+ "healthCheckHealthy": "Sund",
+ "healthCheckUnhealthy": "Usund",
+ "healthCheckUnknown": "Ukendt",
+ "healthCheck": "Sundhedstjek",
+ "configureHealthCheck": "Konfigurer Sundhedstjek",
+ "configureHealthCheckDescription": "Opsæt overvågning af din ressource for at sikre at den altid er tilgængelig",
+ "enableHealthChecks": "Aktivér Sundhedstjek",
+ "healthCheckDisabledStateDescription": "Når deaktiveret vil sitet ikke udføre sundhedstjek, og tilstanden vil blive betragtet som ukendt.",
+ "enableHealthChecksDescription": "Overvåg sundheden for dette mål. Du kan overvåge et andet endpoint end målet, hvis det er nødvendigt.",
+ "healthScheme": "Metode",
+ "healthSelectScheme": "Vælg metode",
+ "healthCheckPortInvalid": "Porten skal være mellem 1 og 65535",
+ "healthCheckPath": "Sti",
+ "healthHostname": "IP / Vært",
+ "healthPort": "Port",
+ "healthCheckPathDescription": "Stien for at tjekke helsestatus.",
+ "healthyIntervalSeconds": "Sund intervall (sek)",
+ "unhealthyIntervalSeconds": "Usundt interval (sek.)",
+ "IntervalSeconds": "Sundt interval",
+ "timeoutSeconds": "Tidsavbrudd (sek)",
+ "timeIsInSeconds": "Tid er i sekunder",
+ "requireDeviceApproval": "Kræv enhedsgodkendelse",
+ "requireDeviceApprovalDescription": "Brugere med denne rolle skal have nye enheder godkendt af en administrator, før de kan oprette forbindelse og få adgang til ressourcer.",
+ "sshSettings": "SSH Indstillinger",
+ "sshAccess": "SSH-adgang",
+ "rdpSettings": "RDP Indstillinger",
+ "vncSettings": "VNC Indstillinger",
+ "sshServer": "SSH-server",
+ "rdpServer": "RDP-server",
+ "vncServer": "VNC-server",
+ "sshServerDescription": "Opsæt autentiseringsmetoden, daemonplasseringen, og serverens destination",
+ "rdpServerDescription": "Konfigurer destinationen og porten til RDP-serveren",
+ "vncServerDescription": "Konfigurer destinationen og porten til VNC-serveren",
+ "sshServerMode": "Tilstand",
+ "sshServerModeStandard": "Standard SSH-server",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Ruter kommandoer over netværk til en SSH-server som OpenSSH.",
+ "sshServerModeNative": "Innfødt SSH Server",
+ "sshServerModeNativeDescription": "Udfører kommandoer direkte i verten via Site-connectoren. Ingen netværkskonfiguration kræves.",
+ "sshAuthenticationMethod": "Autentificeringsmetode",
+ "sshAuthMethodManual": "Manuel autentificering",
+ "sshAuthMethodManualDescription": "Kræver eksisterende vertlegitimation. Omgår automatisk provisionering.",
+ "sshAuthMethodAutomated": "Automatisk Provisionering",
+ "sshAuthMethodAutomatedDescription": "Opretter automatisk brugere, grupper og sudo-tilladelser på verten.",
+ "sshAuthDaemonLocation": "Autentificering Daemon-plassering",
+ "sshDaemonLocationSiteDescription": "Utføres lokalt på maskinen som er host for site-connectoren.",
+ "sshDaemonLocationRemote": "På Ekstern Host",
+ "sshDaemonLocationRemoteDescription": "Utføres på en separat målenhet på samme netværk.",
+ "sshDaemonDisclaimer": "Sørg for, at din målenhed er korrekt konfigureret til at køre autentificeringsdaemonen, før du fuldfører denne opsætning, ellers mislykkes provisioneringen.",
+ "sshDaemonPort": "Daemon-port",
+ "sshServerDestination": "Serverens Destination",
+ "sshServerDestinationDescription": "Konfigurer destinationen for SSH-serveren",
+ "destination": "Destination",
+ "destinationRequired": "Destination er påkrævet.",
+ "domainRequired": "Domæne er påkrævet.",
+ "proxyPortRequired": "Port er påkrævet.",
+ "invalidPathConfiguration": "Ugyldig sti-konfiguration.",
+ "invalidRewritePathConfiguration": "Ugyldig omskrivningssti-konfiguration.",
+ "bgTargetMultiSiteDisclaimer": "Ved at vælge flere sites aktiveres robust routing og failover for høj tilgængelighed.",
+ "roleAllowSsh": "Tillad SSH",
+ "roleAllowSshAllow": "Tillad",
+ "roleAllowSshDisallow": "Forby",
+ "roleAllowSshDescription": "Tillad brugere med denne rolle at oprette forbindelse til ressourcer via SSH. Når deaktiveret får rollen ikke adgang til SSH.",
+ "sshSudoMode": "Sudo adgang",
+ "sshSudoModeNone": "Ingen",
+ "sshSudoModeNoneDescription": "Brugeren kan ikke køre kommandoer med sudo.",
+ "sshSudoModeFull": "Fuld Sudo",
+ "sshSudoModeFullDescription": "Brugeren kan køre hvilken som helst kommando med sudo.",
+ "sshSudoModeCommands": "Kommandoer",
+ "sshSudoModeCommandsDescription": "Brugeren kan kun køre de angitte kommandoene med sudo.",
+ "sshSudo": "Tillad sudo",
+ "sshSudoCommands": "Sudo kommandoer",
+ "sshSudoCommandsDescription": "Liste over kommandoer brugeren har lov til at køre med sudo, separert med komma, mellemrum eller nye linjer. Absolutte stier skal bruges.",
+ "sshCreateHomeDir": "Opret hjemmappe",
+ "sshUnixGroups": "Unix grupper",
+ "sshUnixGroupsDescription": "Unix-grupper at tilføje brugeren i på målverten, separert med komma, mellemrum eller nye linjer.",
+ "roleTextFieldPlaceholder": "Indtast verdier, eller slipp en.txt eller.csv fil",
+ "roleTextImportTitle": "Importer fra fil",
+ "roleTextImportDescription": "Importerer {fileName} til {fieldLabel}.",
+ "roleTextImportSkipHeader": "Hopp over første rad (header)",
+ "roleTextImportOverride": "Erstatte eksisterende",
+ "roleTextImportAppend": "Tilføj eksisterende",
+ "roleTextImportMode": "Importtilstand",
+ "roleTextImportPreview": "Forhåndsvisning",
+ "roleTextImportItemCount": "{count, plural, =0 {Ingen elementer at importere} one {ét element at importere} other {# elementer at importere}}",
+ "roleTextImportTotalCount": "{existing} eksisterende + {imported} importert = {total} totalt",
+ "roleTextImportConfirm": "Importer",
+ "roleTextImportInvalidFile": "Ustøttet filtype",
+ "roleTextImportInvalidFileDescription": "Kun.txt og.csv filer er støttet.",
+ "roleTextImportEmpty": "Ingen elementer fundet i filen",
+ "roleTextImportEmptyDescription": "Filen indeholder ingen importerbare elementer.",
+ "retryAttempts": "Forsøg igen",
+ "expectedResponseCodes": "Forventede svarkoder",
+ "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sund status. Hvis den bliver stående tom, regnes 200-300 som sund.",
+ "customHeaders": "Brugerdefinerede headers",
+ "customHeadersDescription": "Headers som er adskilt med linje: Overskriftsnavn: værdi",
+ "headersValidationError": "Header skal være i formatet: header-navn: værdi.",
+ "saveHealthCheck": "Gem Sundhedstjek",
+ "healthCheckSaved": "Sundhedstjek Gemt",
+ "healthCheckSavedDescription": "Sundhedstjekkonfigurationen blev gemt",
+ "healthCheckError": "Sundhedstjekfeil",
+ "healthCheckErrorDescription": "Det opstod en fejl under lagring af sundhedstjekkonfigurationen",
+ "healthCheckPathRequired": "Sundhedstjeksti er påkrævet",
+ "healthCheckMethodRequired": "HTTP-metode er påkrævet",
+ "healthCheckIntervalMin": "Sjekkeintervallet skal være mindst 5 sekunder",
+ "healthCheckTimeoutMin": "Timeout skal være mindst 1 sekund",
+ "healthCheckRetryMin": "Forsøg igen skal være mindst 1",
+ "healthCheckMode": "Tjek tilstand",
+ "healthCheckStrategy": "Strategi",
+ "healthCheckModeDescription": "TCP-tilstand verificerer kun forbindelsen. HTTP-tilstand validerer HTTP-responsen.",
+ "healthyThreshold": "Sunnhets terskel",
+ "healthyThresholdDescription": "Suksesser på rad som kræves før man markerer som sund.",
+ "unhealthyThreshold": "Usund terskel",
+ "unhealthyThresholdDescription": "Fejl på rad som kræves før man markerer som usund.",
+ "healthCheckHealthyThresholdMin": "Sunnhet terskel skal være mindst 1",
+ "healthCheckUnhealthyThresholdMin": "Usund terskel skal være mindst 1",
+ "httpMethod": "HTTP-metode",
+ "selectHttpMethod": "Vælg HTTP-metode",
+ "domainPickerSubdomainLabel": "Underdomæne",
+ "domainPickerWildcard": "Jokertegn",
+ "domainPickerWildcardPaidOnly": "Wildcard-underdomæner er en betalt funktion. Opgrader venligst for at få adgang til denne funktion.",
+ "domainPickerBaseDomainLabel": "Basisdomæne",
+ "domainPickerSearchDomains": "Søg i domæner...",
+ "domainPickerNoDomainsFound": "Ingen domæner fundet",
+ "domainPickerLoadingDomains": "Indlæser domæner...",
+ "domainPickerSelectBaseDomain": "Vælg basisdomæne...",
+ "domainPickerNotAvailableForCname": "Ikke tilgængelig for CNAME-domæner",
+ "domainPickerEnterSubdomainOrLeaveBlank": "Indtast underdomæne eller la feltet stå tomt for at bruge basisdomæne.",
+ "domainPickerEnterSubdomainToSearch": "Indtast et underdomæne for at søge og vælge blandt tilgængelige gratis domæner.",
+ "domainPickerFreeDomains": "Gratis domæner",
+ "domainPickerSearchForAvailableDomains": "Søg efter tilgængelige domæner",
+ "domainPickerNotWorkSelfHosted": "Merk: Gratis tilbudte domæner er ikke tilgængelig for selvhostede instanser akkurat nu.",
+ "resourceDomain": "Domæne",
+ "resourceEditDomain": "Rediger domæne",
+ "siteName": "Områdenavn",
+ "proxyPort": "Port",
+ "resourcesTableProxyResources": "Offentlig",
+ "resourcesTableClientResources": "Privat",
+ "resourcesTableNoProxyResourcesFound": "Ingen proxy-ressourcer fundet.",
+ "resourcesTableNoInternalResourcesFound": "Ingen interne ressourcer fundet.",
+ "resourcesTableDestination": "Destination",
+ "resourcesTableAlias": "Alias",
+ "resourcesTableAliasAddress": "Alias adresse",
+ "resourcesTableAliasAddressInfo": "Denne adressen er en del af organisationens subnet. Den bruges til at løse aliasposter ved hjælp af intern DNS-opløsning.",
+ "resourcesTableClients": "Klienter",
+ "resourcesTableAndOnlyAccessibleInternally": "og er kun tilgængelig internt når de er forbundet til med en klient.",
+ "resourcesTableHealthy": "Frisk",
+ "resourcesTableDegraded": "Nedgradert",
+ "resourcesTableUnhealthy": "Usund",
+ "resourcesTableUnknown": "Ukendt",
+ "resourcesTableNotMonitored": "Ikke overvåket",
+ "resourcesTableNoTargets": "Ingen mål",
+ "editInternalResourceDialogEditClientResource": "Rediger Private Ressourcer",
+ "editInternalResourceDialogUpdateResourceProperties": "Opdater ressourcekonfigurationen og få adgangskontroller for {resourceName}",
+ "editInternalResourceDialogResourceProperties": "Ressourceegenskaber",
+ "editInternalResourceDialogName": "Navn",
+ "editInternalResourceDialogProtocol": "Protokol",
+ "editInternalResourceDialogSitePort": "Områdeport",
+ "editInternalResourceDialogTargetConfiguration": "Målkonfiguration",
+ "editInternalResourceDialogCancel": "Annuller",
+ "editInternalResourceDialogSaveResource": "Gem ressource",
+ "editInternalResourceDialogSuccess": "Succes",
+ "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Intern ressource opdateret med succes",
+ "editInternalResourceDialogError": "Fejl",
+ "editInternalResourceDialogFailedToUpdateInternalResource": "Mislykkedes at opdatere intern ressource",
+ "editInternalResourceDialogNameRequired": "Navn er påkrævet",
+ "editInternalResourceDialogNameMaxLength": "Navn kan ikke være længere enn 255 tegn",
+ "editInternalResourceDialogProxyPortMin": "Proxy-port skal være mindst 1",
+ "editInternalResourceDialogProxyPortMax": "Proxy-port skal være mindre end 65536",
+ "editInternalResourceDialogInvalidIPAddressFormat": "Ugyldig IP-adresseformat",
+ "editInternalResourceDialogDestinationPortMin": "Destinasjonsport skal være mindst 1",
+ "editInternalResourceDialogDestinationPortMax": "Destinasjonsport skal være mindre end 65536",
+ "editInternalResourceDialogPortModeRequired": "Protokol, proxy-port og målport er påkrævet for porttilstand",
+ "editInternalResourceDialogMode": "Tilstand",
+ "editInternalResourceDialogModePort": "Port",
+ "editInternalResourceDialogModeHost": "Vært",
+ "editInternalResourceDialogModeCidr": "CIDR",
+ "editInternalResourceDialogModeHttp": "HTTP",
+ "editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
+ "editInternalResourceDialogScheme": "Skema",
+ "editInternalResourceDialogEnableSsl": "Aktivér TLS",
+ "editInternalResourceDialogEnableSslDescription": "Aktivér SSL/TLS-kryptering for sikre HTTPS-forbindelser til destinationen.",
+ "editInternalResourceDialogDestination": "Destination",
+ "editInternalResourceDialogDestinationHostDescription": "IP-adressen eller værtsnavnet til ressourcen på sitets netværk.",
+ "editInternalResourceDialogDestinationIPDescription": "IP eller hostnavn til ressourcen på sitets netværk.",
+ "editInternalResourceDialogDestinationCidrDescription": "CIDR-området til ressourcen på sitets netværk.",
+ "editInternalResourceDialogAlias": "Alias",
+ "editInternalResourceDialogAliasDescription": "Et valgfrit internt DNS-alias for denne ressource.",
+ "createInternalResourceDialogNoSitesAvailable": "Ingen tilgængelige steder",
+ "createInternalResourceDialogNoSitesAvailableDescription": "Du skal have mindst ét Newt-site med et konfigureret subnet for at oprette interne ressourcer.",
+ "createInternalResourceDialogClose": "Luk",
+ "createInternalResourceDialogCreateClientResource": "Opret privat ressource",
+ "createInternalResourceDialogCreateClientResourceDescription": "Opret en ny ressource som kun vil være tilgængelig for kunder som er forbundet til organisationen",
+ "createInternalResourceDialogResourceProperties": "Ressourceegenskaber",
+ "createInternalResourceDialogName": "Navn",
+ "createInternalResourceDialogSite": "Websted",
+ "selectSite": "Vælg site...",
+ "multiSitesSelectorSitesCount": "{count, plural, one {# sted} other {# steder}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# etiket} other {# etiketter}}",
+ "noSitesFound": "Ingen sites fundet.",
+ "createInternalResourceDialogProtocol": "Protokol",
+ "createInternalResourceDialogTcp": "TCP",
+ "createInternalResourceDialogUdp": "UDP",
+ "createInternalResourceDialogSitePort": "Områdeport",
+ "createInternalResourceDialogSitePortDescription": "Brug denne port for at få adgang til ressourcen på sitet, når du er tilsluttet med en klient.",
+ "createInternalResourceDialogTargetConfiguration": "Målkonfiguration",
+ "createInternalResourceDialogDestinationIPDescription": "IP eller hostnavn til ressourcen på sitets netværk.",
+ "createInternalResourceDialogDestinationPortDescription": "Porten på destinasjons-IP-en der ressourcen kan nås.",
+ "createInternalResourceDialogCancel": "Annuller",
+ "createInternalResourceDialogCreateResource": "Opret ressource",
+ "createInternalResourceDialogSuccess": "Succes",
+ "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Intern ressource oprettet med succes",
+ "createInternalResourceDialogError": "Fejl",
+ "createInternalResourceDialogFailedToCreateInternalResource": "Kunne ikke oprette intern ressource",
+ "createInternalResourceDialogNameRequired": "Navn er påkrævet",
+ "createInternalResourceDialogNameMaxLength": "Navn kan ikke være længere enn 255 tegn",
+ "createInternalResourceDialogPleaseSelectSite": "Vælg venligst et site",
+ "createInternalResourceDialogProxyPortMin": "Proxy-port skal være mindst 1",
+ "createInternalResourceDialogProxyPortMax": "Proxy-port skal være mindre end 65536",
+ "createInternalResourceDialogInvalidIPAddressFormat": "Ugyldig IP-adresseformat",
+ "createInternalResourceDialogDestinationPortMin": "Destinasjonsport skal være mindst 1",
+ "createInternalResourceDialogDestinationPortMax": "Destinasjonsport skal være mindre end 65536",
+ "createInternalResourceDialogPortModeRequired": "Protokol, proxy-port og målport er påkrævet for porttilstand",
+ "createInternalResourceDialogMode": "Tilstand",
+ "createInternalResourceDialogModePort": "Port",
+ "createInternalResourceDialogModeHost": "Vært",
+ "createInternalResourceDialogModeCidr": "CIDR",
+ "createInternalResourceDialogModeHttp": "HTTP",
+ "createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
+ "scheme": "Skema",
+ "createInternalResourceDialogScheme": "Skema",
+ "createInternalResourceDialogEnableSsl": "Aktivér TLS",
+ "createInternalResourceDialogEnableSslDescription": "Aktivér SSL/TLS-kryptering for sikre HTTPS-forbindelser til destinationen.",
+ "createInternalResourceDialogDestination": "Destination",
+ "createInternalResourceDialogDestinationHostDescription": "IP-adressen eller værtsnavnet til ressourcen på sitets netværk.",
+ "createInternalResourceDialogDestinationCidrDescription": "CIDR-området til ressourcen på sitets netværk.",
+ "createInternalResourceDialogAlias": "Alias",
+ "createInternalResourceDialogAliasDescription": "Et valgfrit internt DNS-alias for denne ressource.",
+ "internalResourceAliasLocalWarning": "Aliasser, der ender på .local, kan forårsage opløsningsproblemer på grund af mDNS på nogle netværk.",
+ "internalResourceDownstreamSchemeRequired": "Skema er påkrævet for HTTP-ressourcer",
+ "internalResourceHttpPortRequired": "Destinasjonsport er nødvendig for HTTP-ressourcer",
+ "siteConfiguration": "Konfiguration",
+ "siteAcceptClientConnections": "Acceptere klientforbindelser",
+ "siteAcceptClientConnectionsDescription": "Tillad brugere og klienter at få adgang til ressourcer på denne side. Dette kan endres senere.",
+ "siteAddress": "Siteadresse (avanceret)",
+ "siteAddressDescription": "Den interne adresse til sitet. Skal falde inden for organisationens subnet.",
+ "siteNameDescription": "Visningsnavnet på sitet, som kan ændres senere.",
+ "autoLoginExternalIdp": "Automatisk login med ekstern IdP",
+ "autoLoginExternalIdpDescription": "Omdiriger brugeren umiddelbart til den eksterne identitetsudbyderen for autentificering.",
+ "selectIdp": "Vælg IdP",
+ "selectIdpPlaceholder": "Vælg en IdP...",
+ "selectIdpRequired": "Vælg venligst en IdP når automatisk login er aktiveret.",
+ "autoLoginTitle": "Omdirigering",
+ "autoLoginDescription": "Omdirigerer dig til den eksterne identitetsudbyderen for autentificering.",
+ "autoLoginProcessing": "Forbereder autentificering...",
+ "autoLoginRedirecting": "Omdirigerer til login...",
+ "autoLoginError": "Fejl ved automatisk login",
+ "autoLoginErrorNoRedirectUrl": "Ingen omdirigerings-URL modtaget fra identitetsudbyderen.",
+ "autoLoginErrorGeneratingUrl": "Kunne ikke generere autentiserings-URL.",
+ "remoteExitNodeManageRemoteExitNodes": "Eksterne noder",
+ "remoteExitNodeDescription": "Selvhost din egen eksterne relay- og proxyservernode",
+ "remoteExitNodes": "Noder",
+ "searchRemoteExitNodes": "Søg noder...",
+ "remoteExitNodeAdd": "Tilføj Node",
+ "remoteExitNodeErrorDelete": "Fejl ved sletning af node",
+ "remoteExitNodeQuestionRemove": "Er du sikker på at du vil fjerne noden fra organisationen?",
+ "remoteExitNodeMessageRemove": "Når noden er fjernet, vil ikke længere være tilgængeligt.",
+ "remoteExitNodeConfirmDelete": "Bekræft sletning af Node",
+ "remoteExitNodeDelete": "Slet Node",
+ "sidebarRemoteExitNodes": "Eksterne noder",
+ "remoteExitNodeId": "ID",
+ "remoteExitNodeSecretKey": "Sikkerhedsnøgle",
+ "remoteExitNodeNetworkingTitle": "Netværksindstillinger",
+ "remoteExitNodeNetworkingDescription": "Konfigurér, hvordan denne fjerne exit-node skal dirigere trafik, og hvilke sites der foretrækkes at oprette forbindelse gennem den. Avancerede funktioner til brug med backhaul-netværkskonfigurationer.",
+ "remoteExitNodeNetworkingSave": "Gem indstillinger",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Netværksindstillinger gemt",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Netværksindstillinger er blevet opdateret.",
+ "remoteExitNodeNetworkingSaveError": "Kunne ikke gemme netværksindstillinger",
+ "remoteExitNodeNetworkingSubnetsTitle": "Fjern Subnets",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definér de CIDR-områder, som denne fjerne exit-node vil dirigere trafik til. Indtast en gyldig CIDR (f.eks. 10.0.0.0/8) og tryk Enter for at tilføje.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Tilføj et CIDR-område (f.eks. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Kunne ikke indlæse subnets",
+ "remoteExitNodeNetworkingLabelsTitle": "Præference Etiketter",
+ "remoteExitNodeNetworkingLabelsDescription": "Sites med disse etiketter vil blive tvunget til at oprette forbindelse gennem denne fjerne exit-node.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Vælg etiketter...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Søg efter etiketter...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Kunne ikke indlæse etiketter",
+ "remoteExitNodeCreate": {
+ "title": "Opret ekstern node",
+ "description": "Opret en ny selvhostet ekstern relay- og proxyservernode",
+ "viewAllButton": "Vis alle noder",
+ "strategy": {
+ "title": "Oprettelsesstrategi",
+ "description": "Vælg, hvordan du vil oprette den eksterne node",
+ "adopt": {
+ "title": "Adopter node",
+ "description": "Vælg dette, hvis du allerede har legitimationsoplysninger til noden."
+ },
+ "generate": {
+ "title": "Generér nøgler",
+ "description": "Vælg dette, hvis du vil generere nye nøgler til noden."
+ }
+ },
+ "adopt": {
+ "title": "Adopter eksisterende node",
+ "description": "Indtast oplysningerne for den eksisterende node, du vil adoptere",
+ "nodeIdLabel": "Node-ID",
+ "nodeIdDescription": "ID’et til den eksisterende node, du vil adoptere",
+ "secretLabel": "Sikkerhedsnøgle",
+ "secretDescription": "Den hemmelige nøgle til en eksisterende node",
+ "submitButton": "Adopter node"
+ },
+ "generate": {
+ "title": "Genererede legitimationsoplysninger",
+ "description": "Brug disse genererede oplysninger til at konfigurere noden",
+ "nodeIdTitle": "Node-ID",
+ "secretTitle": "Sikkerhed",
+ "saveCredentialsTitle": "Tilføj legitimationsoplysninger til konfigurationen",
+ "saveCredentialsDescription": "Tilføj disse legitimationsoplysninger i din selvhostede Pangolin-nodekonfigurationsfil for at fuldføre forbindelsen.",
+ "submitButton": "Opret node"
+ },
+ "validation": {
+ "adoptRequired": "Node-ID og hemmelighed er påkrævet, når du adopterer en eksisterende node"
+ },
+ "errors": {
+ "loadDefaultsFailed": "Fejl ved indlæsning af standardværdier",
+ "defaultsNotLoaded": "Standardværdier er ikke indlæst",
+ "createFailed": "Kan ikke oprette node"
+ },
+ "success": {
+ "created": "Node oprettet"
+ }
+ },
+ "remoteExitNodeSelection": "Nodevalg",
+ "remoteExitNodeSelectionDescription": "Vælg en node til at sende trafik gennem for dette lokale site",
+ "remoteExitNodeRequired": "En node skal vælges for lokale sites",
+ "noRemoteExitNodesAvailable": "Ingen noder tilgængelige",
+ "noRemoteExitNodesAvailableDescription": "Ingen noder er tilgængelige for denne organisation. Opret en node først for at bruge lokale sites.",
+ "exitNode": "Exitnode",
+ "country": "Land",
+ "rulesMatchCountry": "I øjeblikket baseret på kilde-IP",
+ "region": "Fylke",
+ "selectRegion": "Vælg region",
+ "searchRegions": "Søg efter sites...",
+ "noRegionFound": "Ingen region fundet.",
+ "rulesMatchRegion": "Vælg en regional gruppering af land",
+ "rulesErrorInvalidRegion": "Ugyldig site",
+ "rulesErrorInvalidRegionDescription": "Vælg venligst et gyldig site.",
+ "regionAfrica": "Afrika",
+ "regionNorthernAfrica": "[country name] Nord-Afrika",
+ "regionEasternAfrica": "Øst-Afrika",
+ "regionMiddleAfrica": "Mellemafrika",
+ "regionSouthernAfrica": "Sør-Afrika",
+ "regionWesternAfrica": "[country name] Vest-Afrika",
+ "regionAmericas": "Amerika",
+ "regionCaribbean": "Karibia",
+ "regionCentralAmerica": "Sentral-Amerika",
+ "regionSouthAmerica": "Sør-Amerika",
+ "regionNorthernAmerica": "Nord-Amerika",
+ "regionAsia": "Asien",
+ "regionCentralAsia": "Sentral-Asia",
+ "regionEasternAsia": "Øst-Asia",
+ "regionSouthEasternAsia": "Sørøst-Asia",
+ "regionSouthernAsia": "Sørlige Asia",
+ "regionWesternAsia": "Vest-Asia",
+ "regionEurope": "Europa",
+ "regionEasternEurope": "Øst-Europa",
+ "regionNorthernEurope": "Nord-Europa",
+ "regionSouthernEurope": "Sydeuropa",
+ "regionWesternEurope": "Vest-Europa",
+ "regionOceania": "Oceanien",
+ "regionAustraliaAndNewZealand": "Australia og New Zealand",
+ "regionMelanesia": "Melanesien",
+ "regionMicronesia": "Mikronesien",
+ "regionPolynesia": "Polynesien",
+ "managedSelfHosted": {
+ "title": "Administreret selvhostet",
+ "description": "Sikre, selvhostede Pangolin-servere med lav vedligeholdelse og ekstra bells and whistles",
+ "introTitle": "Administreret self-hosted Pangolin",
+ "introDescription": "er en mulighed udviklet til personer, der ønsker enkelhed og ekstra pålidelighed, mens de stadig holder deres data private og selvhostede.",
+ "introDetail": "Med dette valg kører du stadig din egen Pangolin-node — tunneller, TLS-terminering og trafik ligger på din server. Forskellen er, at administration og overvågning håndteres via vores cloud-dashboard, som låser op for en række fordele:",
+ "benefitSimplerOperations": {
+ "title": "Nemmere operationer",
+ "description": "Ingen grund til at køre din egen e-mailserver eller opsætte kompleks varsling. Du får sundhedstjek og nedetidsvarsler out of the box."
+ },
+ "benefitAutomaticUpdates": {
+ "title": "Automatiske opdateringer",
+ "description": "Cloud-dashboardet udvikler sig hurtigt, så du får nye funktioner og fejlrettelser uden at skulle hente nye containere manuelt hver gang."
+ },
+ "benefitLessMaintenance": {
+ "title": "Mindre vedligeholdelse",
+ "description": "Ingen databasestyring, sikkerhedskopier eller ekstra infrastruktur for at administrer. Vi håndterer det i skyen."
+ },
+ "benefitCloudFailover": {
+ "title": "Cloud-failover",
+ "description": "Hvis EK-gruppen din går ned, kan tunnellerne midlertidig mislykkes i at nu våre cloud-endpoints til du tager den tilbage online."
+ },
+ "benefitHighAvailability": {
+ "title": "Høj tilgængelighed (PoPs)",
+ "description": "Du kan også tilføje flere noder til din konto for redundans og bedre ydeevne."
+ },
+ "benefitFutureEnhancements": {
+ "title": "Fremtidige forbedringer",
+ "description": "Vi planlægger at tilføje flere analyser, varsler og administrationsværktøjer for at gøre din installation endnu mere robust."
+ },
+ "docsAlert": {
+ "text": "Læs mere om Managed Self-Hosted-muligheden i vores",
+ "documentation": "dokumentation"
+ },
+ "convertButton": "Konverter denne node til manuel drift"
+ },
+ "internationaldomaindetected": "Internasjonalt domæne registreret",
+ "willbestoredas": "Vil blive gemt som:",
+ "roleMappingDescription": "Bestem hvordan roller tildeles brugere når de logs ind med denne identitetsudbyder.",
+ "selectRole": "Vælg en rolle",
+ "roleMappingExpression": "Udtryk",
+ "selectRolePlaceholder": "Vælg en rolle",
+ "selectRoleDescription": "Vælg en rolle at tildele alle brugere fra denne identitetsudbyder",
+ "roleMappingExpressionDescription": "Indtast et JMESPath udtryk for at hente rolleinformation fra ID-nøglen",
+ "idpTenantIdRequired": "Bedriftens ID kræves",
+ "invalidValue": "Ugyldig værdi",
+ "idpTypeLabel": "Identitet udbyder type",
+ "roleMappingExpressionPlaceholder": "F.eks. indeholder(grupper, 'admin') && 'Admin' ⋅'Medlem'",
+ "roleMappingModeFixedRoles": "Fast roller",
+ "roleMappingModeMappingBuilder": "Kartlegger bygger",
+ "roleMappingModeRawExpression": "Rå udtryk",
+ "roleMappingFixedRolesPlaceholderSelect": "Vælg en eller flere roller",
+ "roleMappingFixedRolesPlaceholderFreeform": "Indtast rollenavn (eksakt treff per organisation)",
+ "roleMappingFixedRolesDescriptionSameForAll": "Tildele den samme rollen som er sat til hver automatisk midlertidig bruger.",
+ "roleMappingFixedRolesDescriptionDefaultPolicy": "For standardpolitikker, indtast rollenavne som findes i hver organisation der brugerne tilbydes. Navn skal stemme præcis.",
+ "roleMappingClaimPath": "Kræv sti",
+ "roleMappingClaimPathPlaceholder": "grupper",
+ "roleMappingClaimPathDescription": "Sti i i token payload som indeholder kildeverdier (for eksempel grupper).",
+ "roleMappingMatchValue": "Treff værdi",
+ "roleMappingAssignRoles": "Tildele roller",
+ "roleMappingAddMappingRule": "Tilføj tilordningsregel",
+ "roleMappingRawExpressionResultDescription": "Udtryk skal vurderes til en streng eller en tekststreng.",
+ "roleMappingRawExpressionResultDescriptionSingleRole": "Udtryk skal evaluere til en streng (en rollenavn).",
+ "roleMappingMatchValuePlaceholder": "Match værdi (for eksempel: admin)",
+ "roleMappingAssignRolesPlaceholderFreeform": "Angiv rollenavn (eksakt per org)",
+ "roleMappingBuilderFreeformRowHint": "Rollenavn skal samsvare med en rolle i hver målorganisation.",
+ "roleMappingRemoveRule": "Fjern",
+ "idpGoogleConfiguration": "Google Konfiguration",
+ "idpGoogleConfigurationDescription": "Konfigurer Google OAuth2 legitimationsoplysningerne",
+ "idpGoogleClientIdDescription": "Google OAuth2-klient-ID",
+ "idpGoogleClientSecretDescription": "Google OAuth2-klienten hemmelighed",
+ "idpAzureConfiguration": "Azure Entra ID konfiguration",
+ "idpAzureConfigurationDescription": "Konfigurer Azure Entra ID OAuth2 legitimationsoplysninger",
+ "idpTenantId": "Leietaker-ID",
+ "idpTenantIdPlaceholder": "lejer-id",
+ "idpAzureTenantIdDescription": "Azure leant ID (fundet i Azure Active Directory-oversikten)",
+ "idpAzureClientIdDescription": "Azure App registrerings klient-ID",
+ "idpAzureClientSecretDescription": "Azure App Registrering Klient Hemmelig",
+ "idpGoogleTitle": "Google",
+ "idpGoogleAlt": "Google",
+ "idpAzureTitle": "Azure Entra ID",
+ "idpAzureAlt": "Azure",
+ "idpGoogleConfigurationTitle": "Google Konfiguration",
+ "idpAzureConfigurationTitle": "Azure Entra ID konfiguration",
+ "idpTenantIdLabel": "Leietaker-ID",
+ "idpAzureClientIdDescription2": "Azure App registrerings klient-ID",
+ "idpAzureClientSecretDescription2": "Azure App Registrering Klient Hemmelig",
+ "idpGoogleDescription": "Google OAuth2/OIDC udbyder",
+ "idpAzureDescription": "Microsoft Azure OAuth2/OIDC leverandør",
+ "subnet": "Subnet",
+ "utilitySubnet": "Forsynings subnet",
+ "subnetDescription": "Subnettet for denne organisations netværkskonfiguration.",
+ "customDomain": "Brugerdefineret domæne",
+ "authPage": "Autentiseringssider",
+ "authPageDescription": "Sett et brugerdefineret domæne for organisationens autentiseringssider",
+ "authPageDomain": "Autentiseringsside domæne",
+ "authPageBranding": "Brugerdefineret merkevarebygging",
+ "authPageBrandingDescription": "Konfigurer merkevarebyggingen der vises på autentiseringssidene for denne organisation",
+ "authPageBrandingUpdated": "Autentiseringsside-markedsføring opdateret med succes",
+ "authPageBrandingRemoved": "Autentiseringsside-markedsføring fjernet med succes",
+ "authPageBrandingRemoveTitle": "Fjern markedsføring for autentiseringsside",
+ "authPageBrandingQuestionRemove": "Er du sikker på at du vil fjerne merkevarebyggingen for autentiseringssider?",
+ "authPageBrandingDeleteConfirm": "Bekræft sletning af merkevarebygging",
+ "brandingLogoURL": "Logo URL",
+ "brandingLogoURLOrPath": "Logoen URL eller sti",
+ "brandingLogoPathDescription": "Indtast en URL eller en lokal sti.",
+ "brandingLogoURLDescription": "Indtast en offentligt tilgængelig webadresse til din logobillede.",
+ "brandingPrimaryColor": "Primærfarge",
+ "brandingLogoWidth": "Bredde (px)",
+ "brandingLogoHeight": "Høyde (px)",
+ "brandingOrgTitle": "Titel for organisationens autentiseringsside",
+ "brandingOrgDescription": "{orgName} vil blive erstattet med organisationens navn",
+ "brandingOrgSubtitle": "Undertittel for organisationens autentiseringsside",
+ "brandingResourceTitle": "Titel for ressourcens autentiseringsside",
+ "brandingResourceSubtitle": "Undertittel for ressourcens autentiseringsside",
+ "brandingResourceDescription": "{resourceName} vil blive erstattet med organisationens navn",
+ "saveAuthPageDomain": "Gem domæne",
+ "saveAuthPageBranding": "Gem merkevarebygging",
+ "removeAuthPageBranding": "Fjern merkevarebygging",
+ "noDomainSet": "Ingen domæne valgt",
+ "changeDomain": "Ændre domæne",
+ "selectDomain": "Vælg domæne",
+ "restartCertificate": "Genstart certifikat",
+ "editAuthPageDomain": "Rediger auth-sidens domæne",
+ "setAuthPageDomain": "Angiv autoriseringsside domæne",
+ "failedToFetchCertificate": "Kunne ikke hente certifikat",
+ "failedToRestartCertificate": "Kan ikke starte certifikat",
+ "addDomainToEnableCustomAuthPages": "Brugere vil kunne få adgang til organisationens loginside og fuldføre ressourceautentificering ved at bruge dette domænet.",
+ "selectDomainForOrgAuthPage": "Vælg et domæne for organisationens autentiseringsside",
+ "domainPickerProvidedDomain": "Givet domæne",
+ "domainPickerFreeProvidedDomain": "Gratis angivet domæne",
+ "domainPickerFreeDomainsPaidFeature": "Angitte domæner er en betalingsfunktion. Abonner for at få et domæne inklusive i din plan – ingen behov for at tage med dit eget.",
+ "domainPickerVerified": "Bekræftet",
+ "domainPickerUnverified": "Uverifisert",
+ "domainPickerManual": "Manuel",
+ "domainPickerInvalidSubdomainStructure": "Ugyldige tegn bliver saniteret, når de gemmes.",
+ "domainPickerError": "Fejl",
+ "domainPickerErrorLoadDomains": "Kan ikke indlæse organisationens domæner",
+ "domainPickerErrorCheckAvailability": "Kunne ikke kontrollere domænetilgængelighed",
+ "domainPickerInvalidSubdomain": "Ugyldig underdomæne",
+ "domainPickerInvalidSubdomainRemoved": "Inndata \"{sub}\" blev fjernet fordi det ikke er gyldig.",
+ "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kunne ikke gøres gyldigt for {domain}.",
+ "domainPickerSubdomainSanitized": "Underdomænet som blev sanivert",
+ "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\"",
+ "orgAuthSignInTitle": "Organisationslogin",
+ "orgAuthChooseIdpDescription": "Vælg din identitet udbyder for at fortsætte",
+ "orgAuthNoIdpConfigured": "Denne organisation har ikke nogen identitetstjeneste konfigureret. Du kan i stedet logge ind med din Pangolin-identitet.",
+ "orgAuthSignInWithPangolin": "Log ind med Pangolin",
+ "orgAuthSignInToOrg": "Organisationens identitetsudbyder (SSO)",
+ "orgAuthSelectOrgTitle": "Organisationslogin",
+ "orgAuthSelectOrgDescription": "Indtast organisations-ID-en din for at fortsætte",
+ "orgAuthOrgIdPlaceholder": "din-organisation",
+ "orgAuthOrgIdHelp": "Indtast organisationens unikke identifikator",
+ "orgAuthSelectOrgHelp": "Efter at have skrevet ind din organisations-ID, bliver du videresendt til din organisations loginside hvor du kan bruge SSO eller organisationens legitimationsoplysninger.",
+ "orgAuthRememberOrgId": "Husk denne organisations-ID-en",
+ "orgAuthBackToSignIn": "Tilbage til standard login",
+ "orgAuthNoAccount": "Har du ikke en konto?",
+ "subscriptionRequiredToUse": "Et abonnement er påkrævet for at bruge denne funktion.",
+ "mustUpgradeToUse": "Du skal opgradere dit abonnement for at bruge denne funktion.",
+ "subscriptionRequiredTierToUse": "Denne funktion kræver {tier} eller højere.",
+ "upgradeToTierToUse": "Opgrader til {tier} eller højere for at bruge denne funktion.",
+ "subscriptionTierTier1": "Hjem",
+ "subscriptionTierTier2": "Lag",
+ "subscriptionTierTier3": "Forretninger",
+ "subscriptionTierEnterprise": "Bedrift",
+ "idpDisabled": "Identitetsudbydere er deaktiveret.",
+ "orgAuthPageDisabled": "Organisationens informationsside er deaktiveret.",
+ "domainRestartedDescription": "Domæneverificeringen blev genstartet",
+ "resourceAddEntrypointsEditFile": "Rediger fil: config/Traefik/Traefik_config.yml",
+ "resourceExposePortsEditFile": "Rediger fil: docker-compose.yml",
+ "emailVerificationRequired": "E-mailbekræftelse er nødvendig. Log ind igen via {dashboardUrl}/auth/login og fuldfør dette trinnet. Kom derefter tilbage her.",
+ "twoFactorSetupRequired": "Opsætning af tofaktorgodkendelse er påkrævet. Log venligst ind igen via {dashboardUrl}/auth/login og fuldfør dette trin. Kom derefter tilbage hertil.",
+ "additionalSecurityRequired": "Ekstra sikkerhed kræves",
+ "organizationRequiresAdditionalSteps": "Denne organisation kræver yderligere sikkerhedstrin, før du får adgang til ressourcer.",
+ "completeTheseSteps": "Fuldfør disse trinene",
+ "enableTwoFactorAuthentication": "Aktivér to-faktor autentificering",
+ "completeSecuritySteps": "Fuldfør sikkerhedstrinene",
+ "securitySettings": "Sikkerhed indstillinger",
+ "dangerSection": "Farezone",
+ "dangerSectionDescription": "Slet permanent alle data tilknyttet denne organisation",
+ "securitySettingsDescription": "Konfigurer sikkerhedspolitikker for organisationen",
+ "requireTwoFactorForAllUsers": "Kræv to-faktor autentificering for alle brugere",
+ "requireTwoFactorDescription": "Når aktiveret skal alle interne brugere i denne organisation have to-faktorautentisering aktiveret for at få adgang til organisationen.",
+ "requireTwoFactorDisabledDescription": "Denne funktion kræver en gyldig licens (Enterprise) eller aktivt abonnement (SaaS)",
+ "requireTwoFactorCannotEnableDescription": "Du skal aktivere to-faktor-autentificering for din konto før det håndhæves for alle brugere",
+ "maxSessionLength": "Maksimal øktlengde",
+ "maxSessionLengthDescription": "Angiv maksimal varighed for brugersessioner. Efter denne periode skal brugerne logge ind igen.",
+ "maxSessionLengthDisabledDescription": "Denne funktion kræver en gyldig licens (Enterprise) eller aktivt abonnement (SaaS)",
+ "selectSessionLength": "Vælg øktlengde",
+ "unenforced": "Tvungen",
+ "1Hour": "1 time",
+ "3Hours": "3 timer",
+ "6Hours": "6 timer",
+ "12Hours": "12 timer",
+ "1DaySession": "1 dag",
+ "3Days": "3 dage",
+ "7Days": "7 dage",
+ "14Days": "14 dage",
+ "30DaysSession": "30 dage",
+ "90DaysSession": "90 dage",
+ "180DaysSession": "180 dage",
+ "passwordExpiryDays": "Adgangskode udløber",
+ "editPasswordExpiryDescription": "Angiv antal dage før brugere skal ændre adgangskoden sitt.",
+ "selectPasswordExpiry": "Vælg adgangskodeudløb",
+ "30Days": "30 dage",
+ "1Day": "1 dag",
+ "60Days": "60 dage",
+ "90Days": "90 dage",
+ "180Days": "180 dage",
+ "1Year": "1 år",
+ "subscriptionBadge": "Abonnement kræves",
+ "securityPolicyChangeWarning": "Advarsel om ændring af sikkerhedsregler",
+ "securityPolicyChangeDescription": "Du er ved at ændre indstillingerne for sikkerhedspolitik. Når du har gemt, skal du muligvis logge ind igen for at opfylde disse politikopdateringer. Alle brugere, der ikke matcher, skal også autentificere sig igen.",
+ "securityPolicyChangeConfirmMessage": "Jeg bekræfter",
+ "securityPolicyChangeWarningText": "Dette vil påvirke alle brugere i organisationen",
+ "authPageErrorUpdateMessage": "Det opstod en fejl under opdatering af indstillingerne for godkendelsessiden",
+ "authPageErrorUpdate": "Kunne ikke opdatere autoriseringssiden",
+ "authPageDomainUpdated": "Autentiseringsside-domænet blev opdateret med succes",
+ "healthCheckNotAvailable": "Lokal",
+ "rewritePath": "Omskriv sti",
+ "rewritePathDescription": "Valgfrit omskrive stien før videresendelse til målet.",
+ "continueToApplication": "Fortsæt til applikationen",
+ "checkingInvite": "Kontrollerer invitation",
+ "setResourceHeaderAuth": "setResourceHeaderAuth",
+ "resourceHeaderAuthRemove": "Fjern header-auth",
+ "resourceHeaderAuthRemoveDescription": "Header autentificering fjernet.",
+ "resourceErrorHeaderAuthRemove": "Kunne ikke fjerne header-autentificering",
+ "resourceErrorHeaderAuthRemoveDescription": "Kunne ikke fjerne header-autentificering for ressourcen.",
+ "resourceHeaderAuthProtectionEnabled": "Header autentificering aktiveret",
+ "resourceHeaderAuthProtectionDisabled": "Header autentificering deaktiveret",
+ "headerAuthRemove": "Fjern header-auth",
+ "headerAuthAdd": "Tilføj header-godkendelse",
+ "resourceErrorHeaderAuthSetup": "Kunne ikke angive header-autentificering",
+ "resourceErrorHeaderAuthSetupDescription": "Kunne ikke sette topplinje autentificering for ressourcen.",
+ "resourceHeaderAuthSetup": "Header godkendelsessæt var med succes",
+ "resourceHeaderAuthSetupDescription": "Header-autentificering er blevet gemt.",
+ "resourceHeaderAuthSetupTitle": "Angiv header-godkendelse",
+ "resourceHeaderAuthSetupTitleDescription": "Angiv grunnleggende auth legitimationsoplysninger (brugernavn og adgangskode) for at beskytte denne ressource med HTTP Header autentificering. Adgang til det ved hjælp af formatet HTTPS://username:password@resource.example.com",
+ "resourceHeaderAuthSubmit": "Angiv header-godkendelse",
+ "actionSetResourceHeaderAuth": "Angiv header-godkendelse",
+ "enterpriseEdition": "Enterprise-udgave",
+ "unlicensed": "Ikke licenseret",
+ "beta": "beta",
+ "manageUserDevices": "Bruger Enheder",
+ "manageUserDevicesDescription": "Se og administrer enheder som brugere bruger for privat forbindelse til ressourcer",
+ "downloadClientBannerTitle": "Download Pangolin-klienten",
+ "downloadClientBannerDescription": "Download Pangolin-klienten til dit system for at oprette forbindelse til Pangolin-netværket og få privat adgang til ressourcer.",
+ "manageMachineClients": "Administrer maskinneklienter",
+ "manageMachineClientsDescription": "Opret og administrer klienter som servere og systemer bruger for privat forbindelse til ressourcer",
+ "machineClientsBannerTitle": "Servere og automatiserte systemer",
+ "machineClientsBannerDescription": "Maskinklienter er for servere og automatiserte systemer der ikke er tilknyttet en specifik bruger. De autentiserer med en ID og et hemmelighetsnummer, og kan køre med Pangolin CLI, Olm CLI eller Olm som en container.",
+ "machineClientsBannerPangolinCLI": "Pangolin CLI",
+ "machineClientsBannerOlmCLI": "Olm CLI",
+ "machineClientsBannerOlmContainer": "Olm Container",
+ "clientsTableUserClients": "Bruger",
+ "clientsTableMachineClients": "Maskin",
+ "licenseTableValidUntil": "Gyldig til",
+ "saasLicenseKeysSettingsTitle": "Bedriftstillatelse Licenser",
+ "saasLicenseKeysSettingsDescription": "Generer og administrer Enterprise licensnøgler for selvbetjente Pangolin forekomster",
+ "sidebarEnterpriseLicenses": "Licenser",
+ "generateLicenseKey": "Generér licensnøgle",
+ "generateLicenseKeyForm": {
+ "validation": {
+ "emailRequired": "Indtast venligst en gyldig e-mailadresse",
+ "useCaseTypeRequired": "Vælg venligst en brugstype",
+ "firstNameRequired": "Fornavn er påkrævet",
+ "lastNameRequired": "Efternavn er påkrævet",
+ "primaryUseRequired": "Beskriv din primære brug",
+ "jobTitleRequiredBusiness": "Jobtitel er påkrævet til erhvervsbrug",
+ "industryRequiredBusiness": "Branche skal til forretningsbruk",
+ "stateProvinceRegionRequired": "Stat/provins/region er påkrævet",
+ "postalZipCodeRequired": "Postnummer er påkrævet",
+ "companyNameRequiredBusiness": "Firmanavn er påkrævet til erhvervsbrug",
+ "countryOfResidenceRequiredBusiness": "Bopælsland er påkrævet til erhvervsbrug",
+ "countryRequiredPersonal": "Land er påkrævet for personlig brug",
+ "agreeToTermsRequired": "Du skal acceptere vilkårene",
+ "complianceConfirmationRequired": "Du skal bekræfte at du overholder Fossorial Kommerciel licens"
+ },
+ "useCaseOptions": {
+ "personal": {
+ "title": "Personlig brug",
+ "description": "For enkeltpersoner, ikke-kommerciel brug som læring, personlige prosjekter eller eksperimentering."
+ },
+ "business": {
+ "title": "Erhvervsbrug",
+ "description": "Til brug inden for organisationer eller virksomheter eller forretningsmessige indtægter eller aktiviteter."
+ }
+ },
+ "steps": {
+ "emailLicenseType": {
+ "title": "E-mail og licenstype",
+ "description": "Indtast din e-mailadresse og vælg licenstypen din"
+ },
+ "personalInformation": {
+ "title": "Personlige oplysninger",
+ "description": "Fortell oss om dig selv"
+ },
+ "contactInformation": {
+ "title": "Kontaktoplysninger",
+ "description": "Dine kontaktopplysninger"
+ },
+ "termsGenerate": {
+ "title": "Vilkår og generering",
+ "description": "Se gennem og acceptere vilkårene for at generere licensen"
+ }
+ },
+ "alerts": {
+ "commercialUseDisclosure": {
+ "title": "Brug utlevering",
+ "description": "Vælg licensniveauet som reflekterer præcis din tiltænkte brug. Personlige licenser tillader fri brug af software for enkelte, ikke-kommercielle eller småskala kommercielle aktiviteter, med en årlig brutto indtægt på under 100 000 amerikanske dollar. All brug ud over disse grænserne – inklusive brug inden for en virksomhed, organisation eller andre indtægter miljø - kræver en gyldig Enterprise licens og betaling af nuværende licensafgift. Alle brugere, enten personlig eller Enterprise, skal overholde de kommercielle tilladelserne på Fossorial."
+ },
+ "trialPeriodInformation": {
+ "title": "Information om prøveperiode",
+ "description": "Denne licensnøglen tillader funktioner i Enterprise for en 7-dagers evalueringsperiode. Stadig adgang til betalt funktioner uden for evalueringsperioden kræver aktivering under en gyldig Personlig eller Enterprise License. For Enterprise licensing, kontakt sales@pangolin.net."
+ }
+ },
+ "form": {
+ "useCaseQuestion": "Bruger du Pangolin for personlig eller forretningsbruk?",
+ "firstName": "Fornavn",
+ "lastName": "Efternavn",
+ "jobTitle": "Jobtitel",
+ "primaryUseQuestion": "Hvad planlegger du først og fremst at bruge Pangolin for?",
+ "industryQuestion": "Hvilken branche er du i?",
+ "prospectiveUsersQuestion": "Hvor mange prospektive brugere forventer du at have?",
+ "prospectiveSitesQuestion": "Hvor mange prospektive sites (tunnels) forventer du at have?",
+ "companyName": "Virksomhedsnavn",
+ "countryOfResidence": "Bopælsland",
+ "stateProvinceRegion": "Stat/provins/region",
+ "postalZipCode": "Postnummer",
+ "companyWebsite": "Virksomhedens hjemmeside",
+ "companyPhoneNumber": "Virksomhedens telefonnummer",
+ "country": "Land",
+ "phoneNumberOptional": "Telefonnummer (valgfrit)",
+ "complianceConfirmation": "Jeg bekræfter, at de oplysninger, jeg har angivet, er korrekte, og at jeg overholder Fossorials kommercielle licens. Indberetning af unøjagtige oplysninger eller forkert angivelse af produktbrug bryder licensen og kan føre til, at din nøgle tilbagekaldes."
+ },
+ "buttons": {
+ "close": "Luk",
+ "previous": "Forrige",
+ "next": "Næste",
+ "generateLicenseKey": "Generér licensnøgle"
+ },
+ "toasts": {
+ "success": {
+ "title": "Licensnøgle blev genereret",
+ "description": "Din licensnøgle er blevet genereret og er klar til brug."
+ },
+ "error": {
+ "title": "Kan ikke generere licensnøgle",
+ "description": "Det opstod en fejl ved generering af licensnøglen."
+ }
+ }
+ },
+ "newPricingLicenseForm": {
+ "title": "Få en licens",
+ "description": "Vælg en plan, og fortæl os, hvordan du planlægger at bruge Pangolin.",
+ "chooseTier": "Vælg din funktionsplan",
+ "viewPricingLink": "Se priser, funktioner og grænser",
+ "tiers": {
+ "starter": {
+ "title": "Starter",
+ "description": "Enterprise features, 25 brugere, 25 sites og støtte fra fællesskabet."
+ },
+ "scale": {
+ "title": "Skala",
+ "description": "Enterprise-funktioner, 50 brugere, 100 sites og prioriteret support."
+ }
+ },
+ "personalUseOnly": "Kun personlig brug (gratis licens - ingen checkout)",
+ "buttons": {
+ "continueToCheckout": "Fortsæt til checkout"
+ },
+ "toasts": {
+ "checkoutError": {
+ "title": "Fejl ved checkout",
+ "description": "Kan ikke starte checkout. Prøv igen."
+ }
+ }
+ },
+ "priority": "Prioritet",
+ "priorityDescription": "Ruter med højere prioritet evalueres først. Prioritet = 100 betyder automatisk rækkefølge (systembeslutninger). Brug et andet tal for at gennemtvinge manuel prioritet.",
+ "instanceName": "Forekomst navn",
+ "pathMatchModalTitle": "Konfigurere matching af sti",
+ "pathMatchModalDescription": "Opsæt hvordan indgående forespørgsler skal matches baseret på deres sti.",
+ "pathMatchType": "Matchtype",
+ "pathMatchPrefix": "Prefiks",
+ "pathMatchExact": "Præcis",
+ "pathMatchRegex": "Regex",
+ "pathMatchValue": "Værdi for sti",
+ "clear": "Tøm",
+ "saveChanges": "Gem ændringer",
+ "pathMatchRegexPlaceholder": "^/api/.*",
+ "pathMatchDefaultPlaceholder": "/sti",
+ "pathMatchPrefixHelp": "Eksempel: /api matcher /api, /api/users, etc.",
+ "pathMatchExactHelp": "Eksempel: /api passer kun /api",
+ "pathMatchRegexHelp": "Eksempel: ^/api/.* matcher /api/alt",
+ "pathRewriteModalTitle": "Konfigurer ferdigskriving af sti",
+ "pathRewriteModalDescription": "Overfør den matchende sti, før den videresendes til målet.",
+ "pathRewriteType": "Omskriv type",
+ "pathRewritePrefixOption": "Prefiks - erstatt prefiks",
+ "pathRewriteExactOption": "Eksakt - Erstatt hele banen",
+ "pathRewriteRegexOption": "Regex - Ekkobilde",
+ "pathRewriteStripPrefixOption": "Tage bort prefiks - fjern prefiks",
+ "pathRewriteValue": "Omskriv værdi",
+ "pathRewriteRegexPlaceholder": "/ny/$1",
+ "pathRewriteDefaultPlaceholder": "/ny sti",
+ "pathRewritePrefixHelp": "Erstatt det matchende prefikset med denne værdien",
+ "pathRewriteExactHelp": "Erstatt hele banen med denne værdien når stien matcher præcis",
+ "pathRewriteRegexHelp": "Brug capture groups som $1, $2 til erstatning",
+ "pathRewriteStripPrefixHelp": "Lad feltet være tomt for at fjerne præfikset eller tilføje et nyt præfiks",
+ "pathRewritePrefix": "Prefiks",
+ "pathRewriteExact": "Præcis",
+ "pathRewriteRegex": "Regex",
+ "pathRewriteStrip": "Stripe",
+ "pathRewriteStripLabel": "stripe",
+ "sidebarEnableEnterpriseLicense": "Aktivér Enterprise licens",
+ "cannotbeUndone": "Dette kan ikke fortrydes.",
+ "toConfirm": "at bekræfte.",
+ "deleteClientQuestion": "Er du sikker på at du vil fjerne klienten fra sitet og organisationen?",
+ "clientMessageRemove": "Når klienten er fjernet, kan den ikke længere oprette forbindelse til sitet.",
+ "sidebarLogs": "Logfiler",
+ "request": "Forespørgsel",
+ "requests": "Forespørgsler",
+ "logs": "Logfiler",
+ "logsSettingsDescription": "Overvåg logs samlet ind fra denne organisation",
+ "searchLogs": "Søg i logs...",
+ "action": "Handling",
+ "actor": "Aktør",
+ "timestamp": "Tidsstempel",
+ "accessLogs": "Adgangslogs",
+ "exportCsv": "Eksportere CSV",
+ "exportError": "Ukjent fejl ved eksport af CSV",
+ "exportCsvTooltip": "Inden for tidsramme",
+ "actorId": "Skuespiller ID",
+ "allowedByRule": "Tilladt efter regel",
+ "allowedNoAuth": "Tilladt Ingen Auth",
+ "validAccessToken": "Gyldig adgangsnøgle",
+ "validHeaderAuth": "Gyldig header-auth",
+ "validPincode": "Valid PIN-kode",
+ "validPassword": "Gyldig adgangskode",
+ "validEmail": "Gyldig e-mail",
+ "validSSO": "Gyldig SSO",
+ "view": "Vis",
+ "configManaged": "Konfiguration administrert",
+ "connectedClient": "Tilsluttet klient",
+ "resourceBlocked": "Ressource blokeret",
+ "droppedByRule": "Legg i reglen",
+ "noSessions": "Ingen økter",
+ "temporaryRequestToken": "Midlertidig forespørgsel Token",
+ "noMoreAuthMethods": "Ingen gyldig auth",
+ "ip": "IP",
+ "reason": "Grund",
+ "requestLogs": "HTTP-forespørgselslogs",
+ "requestAnalytics": "Be om analyser",
+ "host": "Vært",
+ "location": "Sted",
+ "actionLogs": "Handlingsloger",
+ "sidebarLogsRequest": "HTTP-forespørgselslogs",
+ "sidebarLogsAccess": "Adgangslogs",
+ "sidebarLogsAction": "Handlingsloger",
+ "logRetention": "Logopbevaring",
+ "logRetentionDescription": "Håndter hvor længe ulike typer logs beholdes for denne organisation, eller deaktivér dem",
+ "requestLogsDescription": "Se detaljerede forespørgselslogs for ressourcer i denne organisation",
+ "requestAnalyticsDescription": "Se detaljeret anmodningsanalyse for ressourcer i denne organisation",
+ "logRetentionRequestLabel": "Be om logbevaring",
+ "logRetentionRequestDescription": "Hvor længe du vil beholde forespørgselslogs",
+ "logRetentionAccessLabel": "Få adgang til logoverføring",
+ "logRetentionAccessDescription": "Hvor længe du vil beholde adgangsloger",
+ "logRetentionActionLabel": "Handlings log nytt",
+ "logRetentionActionDescription": "Hvor længe handlingen skal gemmes",
+ "logRetentionConnectionLabel": "Forbindelseslog",
+ "logRetentionConnectionDescription": "Hvor længe du vil beholde forbindelseslogs",
+ "logRetentionDisabled": "Deaktiveret",
+ "logRetention3Days": "3 dage",
+ "logRetention7Days": "7 dage",
+ "logRetention14Days": "14 dage",
+ "logRetention30Days": "30 dage",
+ "logRetention90Days": "90 dage",
+ "logRetentionForever": "Altid",
+ "logRetentionEndOfFollowingYear": "Slutt på næste år",
+ "actionLogsDescription": "Vis historikk for handlinger som er utført i denne organisation",
+ "accessLogsDescription": "Vis autorisationsforespørgsler for ressourcer i denne organisation",
+ "connectionLogs": "Forbindelseslogs",
+ "connectionLogsDescription": "Vis forbindelseslogs for tunneler i denne organisation",
+ "sidebarLogsConnection": "Forbindelseslogs",
+ "sidebarLogsStreaming": "Streaming",
+ "sourceAddress": "Kildeadresse",
+ "destinationAddress": "Måladresse ",
+ "duration": "Varighed",
+ "licenseRequiredToUse": "En Enterprise Edition-licens eller Pangolin Cloud er påkrævet for at bruge denne funktion. Book en demo eller POC-prøveversion.",
+ "ossEnterpriseEditionRequired": "Enterprise Edition er nødvendig for at bruge denne funktion. Denne funktion er også tilgængelig i Pangolin Cloud. Book en demo eller POC-prøve.",
+ "certResolver": "Certifikatløser",
+ "certResolverDescription": "Vælg certifikatløser som skal bruges for denne ressource.",
+ "selectCertResolver": "Vælg certifikatløser",
+ "enterCustomResolver": "Indtast brugerdefineret resolver",
+ "preferWildcardCert": "Foretrekk Wildcard certifikat",
+ "unverified": "Uverifisert",
+ "domainSetting": "Domæne indstillinger",
+ "domainSettingDescription": "Konfigurer indstillinger for domænet",
+ "preferWildcardCertDescription": "Forsøg at generere et wildcard-certifikat (kræver en korrekt konfigureret certifikatløser).",
+ "recordName": "Gem navn",
+ "auto": "Automatisk",
+ "TTL": "TTL",
+ "howToAddRecords": "Hvordan tilføje poster",
+ "dnsRecord": "DNS registre",
+ "required": "Påkrævet",
+ "domainSettingsUpdated": "Domæne indstillinger blev opdateret",
+ "orgOrDomainIdMissing": "ID for organisation eller domæne mangler",
+ "loadingDNSRecords": "Indlæser DNS-poster...",
+ "olmUpdateAvailableInfo": "En opdateret version af Olm er tilgængeligt. Opdater til den nyeste version for at få den bedste oplevelse.",
+ "updateAvailableInfo": "En opdateret version er tilgængelig. Opdater til den nyeste version for at få den bedste oplevelse.",
+ "client": "Klient",
+ "proxyProtocol": "Protokol indstillinger for Protokol",
+ "proxyProtocolDescription": "Konfigurer Proxy-protokol for at bevare klientens IP-adresser til TCP-tjenester.",
+ "enableProxyProtocol": "Aktivér Proxy-protokol",
+ "proxyProtocolInfo": "Bevar klientens IP-adresser for TCP backends",
+ "proxyProtocolVersion": "Proxy protokol version",
+ "version1": "Version 1 (Anbefalet)",
+ "version2": "Version 2",
+ "version1Description": "Tekstbaseret og bredt støttet. Sørg for at servertransport er tilføjet dynamisk konfiguration.",
+ "version2Description": "Binært og mere effektivt, men mindre kompatibel. Sørg for at servertransport er tilføjet dynamisk konfiguration.",
+ "warning": "Advarsel",
+ "proxyProtocolWarning": "Backend-applikationen skal konfigureres til at acceptere forbindelser med Proxy Protocol. Hvis backenden ikke understøtter Proxy Protocol, vil aktivering af dette ødelægge alle forbindelser. Aktivér derfor kun dette, hvis du ved, hvad du gør. Sørg for at konfigurere backenden til at stole på Proxy Protocol-headers fra Traefik.",
+ "restarting": "Restarter...",
+ "manual": "Manuel",
+ "messageSupport": "Støtte for meddelelse",
+ "supportNotAvailableTitle": "Støtte ikke tilgængelig",
+ "supportNotAvailableDescription": "Støtte er ikke tilgængelig akkurat nu. Du kan sende en e-mail til support@pangolin.net.",
+ "supportRequestSentTitle": "Supportforespørgsel sendt",
+ "supportRequestSentDescription": "Din meddelelse er sendt.",
+ "supportRequestFailedTitle": "Kunne ikke sende forespørgsel",
+ "supportRequestFailedDescription": "En fejl opstod under sending af din forespørgsel om støtte.",
+ "supportSubjectRequired": "Emne er påkrævet",
+ "supportSubjectMaxLength": "Emne skal være 255 tegn eller mindre",
+ "supportMessageRequired": "Meddelelse er påkrævet",
+ "supportReplyTo": "Svar til",
+ "supportSubject": "Emne",
+ "supportSubjectPlaceholder": "Angiv emne",
+ "supportMessage": "Meddelelse",
+ "supportMessagePlaceholder": "Skriv din meddelelse",
+ "supportSending": "Sender...",
+ "supportSend": "Sende",
+ "supportMessageSent": "Meddelelse sendt!",
+ "supportWillContact": "Vi kommer raskt til at tage kontakt!",
+ "selectLogRetention": "Vælg logopbevaring",
+ "terms": "Vilkår",
+ "privacy": "Privatliv",
+ "security": "Sikkerhed",
+ "docs": "Dokumenter",
+ "deviceActivation": "Aktivering af enhed",
+ "deviceCodeInvalidFormat": "Kode skal inneholde 9 tegn (f.eks A1AJ-N5JD)",
+ "deviceCodeInvalidOrExpired": "Ugyldig eller udløbet kode",
+ "deviceCodeVerifyFailed": "Kunne ikke bekræfte enhedskoden",
+ "deviceCodeValidating": "Validerer enhedskode...",
+ "deviceCodeVerifying": "Bekræfter enhedens godkendelse...",
+ "signedInAs": "Logget ind som",
+ "deviceCodeEnterPrompt": "Indtast koden, der vises på enheden",
+ "continue": "Fortsæt",
+ "deviceUnknownLocation": "Ukjent plassering",
+ "deviceAuthorizationRequested": "Denne godkendelse blev anmodet fra {location} den {date}. Sørg for, at du stoler på denne enhed, da den får adgang til kontoen.",
+ "deviceLabel": "Enhed: {deviceName}",
+ "deviceWantsAccess": "ønsker at få adgang til din konto",
+ "deviceExistingAccess": "Eksisterende adgang:",
+ "deviceFullAccess": "Full adgang til din konto",
+ "deviceOrganizationsAccess": "Adgang til alle organisationer din konto har adgang til",
+ "deviceAuthorize": "Autoriser {applicationName}",
+ "deviceConnected": "Enhed tilsluttet!",
+ "deviceAuthorizedMessage": "Enheden er autoriseret til adgang til kontoen. Gå venligst tilbage til klientapplikationen.",
+ "pangolinCloud": "Pangolin Cloud",
+ "viewDevices": "Vis enheder",
+ "viewDevicesDescription": "Administrer tilsluttede enheder",
+ "noDevices": "Ingen enheder fundet",
+ "dateCreated": "Oprettet dato",
+ "unnamedDevice": "Navnløs enhed",
+ "deviceQuestionRemove": "Er du sikker på, at du vil slette denne enhed?",
+ "deviceMessageRemove": "Denne handling kan ikke fortrydes.",
+ "deviceDeleteConfirm": "Slet enhed",
+ "deleteDevice": "Slet enhed",
+ "errorLoadingDevices": "Fejl ved indlæsning af enheder",
+ "failedToLoadDevices": "Kunne ikke indlæse enheder",
+ "deviceDeleted": "Enheden er slettet",
+ "deviceDeletedDescription": "Enheden er blevet slettet.",
+ "errorDeletingDevice": "Fejl ved sletning af enhed",
+ "failedToDeleteDevice": "Kunne ikke slette enheden",
+ "showColumns": "Vis kolonner",
+ "hideColumns": "Skjul kolonner",
+ "columnVisibility": "Kolonne Synlighed",
+ "toggleColumn": "Veksle {columnName} kolonne",
+ "allColumns": "Alle kolonner",
+ "defaultColumns": "Standard kolonner",
+ "customizeView": "Tilpass visning",
+ "viewOptions": "Vis alternativer",
+ "selectAll": "Vælg alle",
+ "selectNone": "Vælg ingen",
+ "selectedResources": "Valgte ressourcer",
+ "enableSelected": "Aktivér valgte",
+ "disableSelected": "Deaktivér valgte",
+ "checkSelectedStatus": "Kontroller status for valgte",
+ "clients": "Klienter",
+ "accessClientSelect": "Vælg maskinklienter",
+ "resourceClientDescription": "Maskinklienter som har adgang til denne ressource",
+ "regenerate": "Regenerer",
+ "credentials": "Legitimationsoplysninger",
+ "savecredentials": "Gem brugeroplysninger",
+ "regenerateCredentialsButton": "Regenerer brugeroplysninger",
+ "regenerateCredentials": "Regenerer brugeroplysninger",
+ "generatedcredentials": "Genererede brugeroplysninger",
+ "copyandsavethesecredentials": "Kopiér og gem disse oplysningerne",
+ "copyandsavethesecredentialsdescription": "Disse oplysninger vil ikke blive vist igen, når du forlader siden. Gem dem sikkert nu.",
+ "credentialsSaved": "Loginoplysninger gemt",
+ "credentialsSavedDescription": "Loginoplysningerne er blevet regenereret og gemt.",
+ "credentialsSaveError": "Fejl ved gemning af loginoplysninger",
+ "credentialsSaveErrorDescription": "En fejl opstod under regenerering og lagring af legitimationsoplysninger.",
+ "regenerateCredentialsWarning": "Regenerering af legitimationsoplysninger vil ugyldiggøre de forrige og forårsage en frakobling. Sørg for at opdatere alle konfigurationer, der bruger disse legitimationsoplysninger.",
+ "confirm": "Bekræft",
+ "regenerateCredentialsConfirmation": "Er du sikker på at du vil regenerere legetimationerne?",
+ "endpoint": "Endpoint",
+ "Id": "Id",
+ "SecretKey": "Hemmelig nøgle",
+ "niceId": "God ID",
+ "niceIdUpdated": "Flott ID opdateret",
+ "niceIdUpdatedSuccessfully": "Id-en blev opdateret",
+ "niceIdUpdateError": "Fejl under opdatering af hyggelig ID",
+ "niceIdUpdateErrorDescription": "Det opstod en fejl under opdatering af Nice ID.",
+ "niceIdCannotBeEmpty": "God ID kan ikke være tom",
+ "enterIdentifier": "Angiv identifikator",
+ "identifier": "Identifikator",
+ "deviceLoginUseDifferentAccount": "Ikke du? Brug en anden konto.",
+ "deviceLoginDeviceRequestingAccessToAccount": "En enhed ber om adgang til denne kontoen.",
+ "loginSelectAuthenticationMethod": "Vælg en autentificeringsmetode for at fortsætte.",
+ "noData": "Ingen data",
+ "machineClients": "Maskinklienter",
+ "install": "Installer",
+ "run": "Kjør",
+ "envFile": "Miljøfil",
+ "serviceFile": "Tjenestefil",
+ "enableAndStart": "Aktivér og start",
+ "clientNameDescription": "Visningsnavnet til klienten, der kan endres senere.",
+ "clientAddress": "Klientadresse (avanceret)",
+ "setupFailedToFetchSubnet": "Kunne ikke hente standard subnet",
+ "setupSubnetAdvanced": "Subnet (avanceret)",
+ "setupSubnetDescription": "Subnet for denne organisations interne netværk.",
+ "setupUtilitySubnet": "Utility Subnet (Avanceret)",
+ "setupUtilitySubnetDescription": "Subnettet for denne organisations aliasadresser og DNS-server.",
+ "siteRegenerateAndDisconnect": "Regenerer og frakobl",
+ "siteRegenerateAndDisconnectConfirmation": "Er du sikker på, at du vil regenerere legitimationsoplysninger og frakoble dette site?",
+ "siteRegenerateAndDisconnectWarning": "Dette vil regenerere legitimationsoplysninger og straks frakoble sitet. Sitet skal startes igen med de nye legitimationsoplysninger.",
+ "siteRegenerateCredentialsConfirmation": "Er du sikker på, at du vil regenerere legitimationsoplysninger for dette site?",
+ "siteRegenerateCredentialsWarning": "Dette vil regenerere legitimationsoplysningerne. Sitet forbliver tilsluttet, indtil du manuelt genstarter det og bruger de nye legitimationsoplysninger.",
+ "clientRegenerateAndDisconnect": "Regenerer og frakobl",
+ "clientRegenerateAndDisconnectConfirmation": "Er du sikker på, at du vil regenerere legitimationsoplysninger og frakoble denne klient?",
+ "clientRegenerateAndDisconnectWarning": "Dette vil regenerere legitimationsoplysninger og straks frakoble klienten. Klienten skal startes igen med de nye legitimationsoplysninger.",
+ "clientRegenerateCredentialsConfirmation": "Er du sikker på at du vil regenerere legitimationsoplysninger for denne klienten?",
+ "clientRegenerateCredentialsWarning": "Dette vil regenerere legitimationsoplysninger. Klienten forbliver tilsluttet, indtil du manuelt genstarter den og bruger de nye legitimationsoplysninger.",
+ "remoteExitNodeRegenerateAndDisconnect": "Regenerer og frakobl",
+ "remoteExitNodeRegenerateAndDisconnectConfirmation": "Er du sikker på, at du vil regenerere legitimationsoplysninger og frakoble denne eksterne exitnode?",
+ "remoteExitNodeRegenerateAndDisconnectWarning": "Dette vil regenerere loginoplysningerne og straks frakoble den eksterne exitnode. Den eksterne exitnode skal startes igen med de nye oplysninger.",
+ "remoteExitNodeRegenerateCredentialsConfirmation": "Er du sikker på at du vil regenerere loginoplysningerne for denne eksterne avslutningen?",
+ "remoteExitNodeRegenerateCredentialsWarning": "Dette vil regenerere legitimationsoplysninger. Den eksterne exitnode forbliver tilsluttet, indtil du manuelt genstarter den og bruger de nye legitimationsoplysninger.",
+ "agent": "Agent",
+ "personalUseOnly": "Kun til personlig brug",
+ "loginPageLicenseWatermark": "Denne instansen er licenseret kun for personlig brug.",
+ "instanceIsUnlicensed": "Denne instans er ulicenseret.",
+ "portRestrictions": "Portbegrensninger",
+ "allPorts": "Alle",
+ "custom": "Brugerdefineret",
+ "allPortsAllowed": "Alle porte tilladt",
+ "allPortsBlocked": "Alle porte blokeret",
+ "tcpPortsDescription": "Angiv hvilke TCP-porte, der er tilladt for denne ressource. Brug '*' for alle porte, lad feltet stå tomt for at blokere alle, eller indtast en kommasepareret liste over porte og intervaller (f.eks. 80,443,8000-9000).",
+ "udpPortsDescription": "Angiv hvilke UDP-porte, der er tilladt for denne ressource. Brug '*' for alle porte, lad feltet stå tomt for at blokere alle, eller indtast en kommasepareret liste over porte og intervaller (f.eks. 53,123,500-600).",
+ "organizationLoginPageTitle": "Organisationens loginside",
+ "organizationLoginPageDescription": "Tilpass loginsiden for denne organisation",
+ "resourceLoginPageTitle": "Ressourcens loginside",
+ "resourceLoginPageDescription": "Tilpass loginsiden for individuelle ressourcer",
+ "enterConfirmation": "Indtast bekræftelse",
+ "blueprintViewDetails": "Detaljer",
+ "defaultIdentityProvider": "Standard identitetsudbyder",
+ "defaultIdentityProviderDescription": "Brugeren vil automatisk blive videresendt til denne identitetsudbyder for autentificering.",
+ "editInternalResourceDialogNetworkSettings": "Netværksindstillinger",
+ "editInternalResourceDialogAccessPolicy": "Adgangsregler for adgang",
+ "editInternalResourceDialogAddRoles": "Tilføj roller",
+ "editInternalResourceDialogAddUsers": "Tilføj brugere",
+ "editInternalResourceDialogAddClients": "Tilføj klienter",
+ "editInternalResourceDialogDestinationLabel": "Destination",
+ "editInternalResourceDialogDestinationDescription": "Angiv destinationsadressen for den interne ressource. Dette kan være et værtsnavn, en IP-adresse eller et CIDR-område afhængigt af den valgte tilstand. Du kan også konfigurere et internt DNS-alias for nemmere identifikation.",
+ "internalResourceFormMultiSiteRoutingHelp": "Valg af flere sites muliggør robust routing og failover for høj tilgængelighed.",
+ "internalResourceFormMultiSiteRoutingHelpLearnMore": "Læs mere",
+ "editInternalResourceDialogPortRestrictionsDescription": "Begrens adgang til specifikke TCP/UDP-porte eller tillade/blokere alle porte.",
+ "createInternalResourceDialogHttpConfiguration": "HTTP-konfiguration",
+ "createInternalResourceDialogHttpConfigurationDescription": "Vælg domænet klienter vil bruge for at nu denne ressource via HTTP eller HTTPS.",
+ "editInternalResourceDialogHttpConfiguration": "HTTP-konfiguration",
+ "editInternalResourceDialogHttpConfigurationDescription": "Vælg domænet klienter vil bruge for at nu denne ressource via HTTP eller HTTPS.",
+ "editInternalResourceDialogTcp": "TCP",
+ "editInternalResourceDialogUdp": "UDP",
+ "editInternalResourceDialogIcmp": "ICMP",
+ "editInternalResourceDialogAccessControl": "Adgangskontrol",
+ "editInternalResourceDialogAccessControlDescription": "Kontroller hvilke roller, brugere og maskinklienter som har adgang til denne ressource når den er forbundet til. Administratorer har altid adgang.",
+ "editInternalResourceDialogPortRangeValidationError": "Portintervallet skal være \"*\" for alle porte eller en kommasepareret liste med porte og intervaller (f.eks. \"80,443,8000-9000\"). Porte skal være mellem 1 og 65535.",
+ "internalResourceAuthDaemonStrategy": "SSH Auth Daemon Sted",
+ "internalResourceAuthDaemonStrategyDescription": "Vælg, hvor SSH-autentificeringsdaemonen kører: på sitet (Newt) eller på en ekstern host.",
+ "internalResourceAuthDaemonDescription": "SSH-godkendelsesdaemonen håndterer SSH-nøglesignering og PAM-autentificering for denne ressource. Vælg, om den kører på sitet (Newt) eller på en separat ekstern host. Se dokumentationen for mere.",
+ "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+ "internalResourceAuthDaemonStrategyPlaceholder": "Vælg strategi",
+ "internalResourceAuthDaemonStrategyLabel": "Sted",
+ "internalResourceAuthDaemonSite": "På site",
+ "internalResourceAuthDaemonSiteDescription": "Autentificeringsdaemonen kører på sitet (Newt).",
+ "internalResourceAuthDaemonRemote": "Ekstern host",
+ "internalResourceAuthDaemonRemoteDescription": "Autentificeringsdaemonen kører på en host, som ikke er sitet.",
+ "internalResourceAuthDaemonPort": "Daemon Port (valgfrit)",
+ "orgAuthWhatsThis": "Hvor kan jeg finne min organisations-ID?",
+ "learnMore": "Læs mere",
+ "backToHome": "Gå tilbage til start",
+ "needToSignInToOrg": "Behøver du at bruge organisationens identitetsudbyder?",
+ "maintenanceMode": "Vedligeholdelsesside",
+ "maintenanceModeDescription": "Vis en vedligeholdelsesside til besøgende",
+ "maintenanceModeType": "Vedligeholdelsestilstandstype",
+ "showMaintenancePage": "Vis en vedligeholdelsesside til besøgende",
+ "enableMaintenanceMode": "Aktivér vedligeholdelsestilstand",
+ "enableMaintenanceModeDescription": "Når dette er aktiveret, vil besøgende se en vedligeholdelsesside i stedet for din ressource.",
+ "automatic": "Automatisk",
+ "automaticModeDescription": "Vis kun vedligeholdelsessiden, når alle serverens mål er nede eller usunde. Din ressource fortsætter med at fungere normalt, så længe mindst ét mål er sundt.",
+ "forced": "Tvunget",
+ "forcedModeDescription": "Vis altid vedligeholdelsessiden uafhængigt af serverens sundhed. Brug dette ved planlagt vedligeholdelse, når du vil forhindre al adgang.",
+ "warning:": "Advarsel:",
+ "forcedeModeWarning": "Al trafik vil blive dirigeret til vedligeholdelsessiden. Serverens ressourcer vil ikke modtage nogen forespørgsler.",
+ "pageTitle": "Sidetittel",
+ "maintenancePageContentSubsection": "Sideindhold",
+ "maintenancePageContentSubsectionDescription": "Tilpas indholdet, der vises på vedligeholdelsessiden",
+ "pageTitleDescription": "Hovedoverskriften, der vises på vedligeholdelsessiden",
+ "maintenancePageMessage": "Vedligeholdelsesbesked",
+ "maintenancePageMessagePlaceholder": "Vi kommer snart tilbage! Vores site gennemgår i øjeblikket planlagt vedligeholdelse.",
+ "maintenancePageMessageDescription": "Detaljeret besked, der forklarer vedligeholdelsen",
+ "maintenancePageTimeTitle": "Estimert ferdigstillelsestid (Valgfrit)",
+ "privateMaintenanceScreenTitle": "Privat plassholder skærm",
+ "privateMaintenanceScreenMessage": "Dette domænet bruges på en privat ressource. Opret forbindelse til ved at bruge Pangolin-klienten for at få adgang til denne ressource.",
+ "privateMaintenanceScreenSteps": "Hvis du stadig ser denne meddelelse, når du er forbundet, peger browserens DNS-cache muligvis stadig på den gamle adresse. For at rette det: Luk og åbn denne fane eller browseren igen, og gå derefter tilbage til denne side.",
+ "maintenanceTime": "f.eks. 2 timer, 1. november kl. 17:00",
+ "maintenanceEstimatedTimeDescription": "Hvornår du forventer, at vedligeholdelsen er færdig",
+ "editDomain": "Rediger domæne",
+ "editDomainDescription": "Vælg et domæne for din ressource",
+ "maintenanceModeDisabledTooltip": "Denne funktion kræver en gyldig licens for at aktiveres.",
+ "maintenanceScreenTitle": "Tjenesten er midlertidigt utilgængelig",
+ "maintenanceScreenMessage": "Vi oplever i øjeblikket tekniske problemer. Tjek venligst igen snart.",
+ "maintenanceScreenEstimatedCompletion": "Estimert ferdigstillelse:",
+ "createInternalResourceDialogDestinationRequired": "Destinationen er nødvendig",
+ "available": "Tilgængelig",
+ "disabledResourceDescription": "Når ressourcen er deaktiveret, vil den være utilgængelig for alle.",
+ "archived": "Arkiveret",
+ "noArchivedDevices": "Ingen arkiverede enheder fundet",
+ "deviceArchived": "Enhed arkiveret",
+ "deviceArchivedDescription": "Enheden er blevet arkiveret.",
+ "errorArchivingDevice": "Fejl ved arkivering af enhed",
+ "failedToArchiveDevice": "Kunne ikke arkivere enhed",
+ "deviceQuestionArchive": "Er du sikker på, at du vil arkivere denne enhed?",
+ "deviceMessageArchive": "Enheden bliver arkiveret og fjernet fra listen over aktive enheder.",
+ "deviceArchiveConfirm": "Arkiver enhed",
+ "archiveDevice": "Arkiver enhed",
+ "archive": "Arkiv",
+ "deviceUnarchived": "Enheden er fjernet fra arkivet",
+ "deviceUnarchivedDescription": "Enheden er blevet fjernet fra arkivet.",
+ "errorUnarchivingDevice": "Fejl ved arkivering af enhed",
+ "failedToUnarchiveDevice": "Kunne ikke fjerne enheden fra arkivet",
+ "unarchive": "Avarkiver",
+ "archiveClient": "Arkiver klient",
+ "archiveClientQuestion": "Er du sikker på at du vil arkivere denne klienten?",
+ "archiveClientMessage": "Klienten arkiveres og fjernes fra listen over aktive klienter.",
+ "archiveClientConfirm": "Arkiver klient",
+ "blockClient": "Bloker kunde",
+ "blockClientQuestion": "Er du sikker på at du vil blokere denne klienten?",
+ "blockClientMessage": "Enheden bliver tvunget til at frakoble, hvis den er forbundet. Du kan fjerne blokeringen af enheden senere.",
+ "blockClientConfirm": "Bloker kunde",
+ "active": "Aktiv",
+ "usernameOrEmail": "Brugernavn eller e-mail",
+ "selectYourOrganization": "Vælg din organisation",
+ "signInTo": "Log ind på",
+ "signInWithPassword": "Fortsæt med adgangskode",
+ "noAuthMethodsAvailable": "Ingen autentificeringsmetoder er tilgængelige for denne organisation.",
+ "enterPassword": "Angiv dit adgangskode",
+ "enterMfaCode": "Angiv koden fra din godkendelsesapp",
+ "securityKeyRequired": "Venligst brug sikkerhedsnøglen til at loge på.",
+ "needToUseAnotherAccount": "Behøver du at bruge en anden konto?",
+ "loginLegalDisclaimer": "Ved at klike på knapperne nedenfor, anerkender du at du har læst, forstår, og accepterer Vilkår for brug og for Privatlivserklæring.",
+ "termsOfService": "Vilkår for brug",
+ "privacyPolicy": "Privatlivspolitik",
+ "userNotFoundWithUsername": "Ingen bruger med det brugernavnet fundet.",
+ "verify": "Bekræft",
+ "signIn": "Log ind",
+ "forgotPassword": "Glemt adgangskode?",
+ "orgSignInTip": "Hvis du har loget ind før, kan du skrive ind brugernavnet eller e-mailadressen ovenfor for at autentificere med organisationens identitetstjeneste i stedet. Det er nemmere!",
+ "continueAnyway": "Fortsæt likevel",
+ "dontShowAgain": "Ikke vis tilbage",
+ "orgSignInNotice": "Visste du?",
+ "signupOrgNotice": "Prøver du at logge ind?",
+ "signupOrgTip": "Prøver du at logge ind via din organisations identitetsudbyder?",
+ "signupOrgLink": "Log ind eller tilmeld dig med organisationen din i stedet",
+ "verifyEmailLogInWithDifferentAccount": "Brug en anden konto",
+ "logIn": "Log ind",
+ "deviceInformation": "Enhedsoplysninger",
+ "deviceInformationDescription": "Oplysninger om enheden og agenten",
+ "deviceSecurity": "Enhedssikkerhed",
+ "deviceSecurityDescription": "Sikkerhedstilstandsinformation om udstyr",
+ "platform": "Platform",
+ "macosVersion": "macOS version",
+ "windowsVersion": "Windows version",
+ "iosVersion": "iOS-version",
+ "androidVersion": "Android version",
+ "osVersion": "OS version",
+ "kernelVersion": "Kjerne version",
+ "deviceModel": "Enhedsmodel",
+ "serialNumber": "Serienummer",
+ "hostname": "Hostnavn",
+ "firstSeen": "Først sett",
+ "lastSeen": "Sist sett",
+ "biometricsEnabled": "Biometri aktiveret",
+ "diskEncrypted": "Disk krypteret",
+ "firewallEnabled": "Brannmur aktiveret",
+ "autoUpdatesEnabled": "Automatiske opdateringer aktiveret",
+ "tpmAvailable": "TPM tilgængelig",
+ "windowsAntivirusEnabled": "Antivirus aktiveret",
+ "macosSipEnabled": "System Integritetsbeskyttelse (SIP)",
+ "macosGatekeeperEnabled": "Gatekeeper",
+ "macosFirewallStealthMode": "Brannmur Usynlig Tilstand",
+ "linuxAppArmorEnabled": "Rustning",
+ "linuxSELinuxEnabled": "SELinux",
+ "deviceSettingsDescription": "Vis enhedsoplysninger og indstillinger",
+ "devicePendingApprovalDescription": "Denne enhed venter på godkendelse",
+ "deviceBlockedDescription": "Denne enhed er blokeret. Den kan ikke oprette forbindelse til nogen ressourcer, medmindre blokeringen fjernes.",
+ "unblockClient": "Fjern blokering af klient",
+ "unblockClientDescription": "Enheden er blevet blokeret",
+ "unarchiveClient": "Fjern arkivering klient",
+ "unarchiveClientDescription": "Enheden er arkiveret",
+ "block": "Bloker",
+ "unblock": "Fjern blokering af",
+ "deviceActions": "Enhedshandlinger",
+ "deviceActionsDescription": "Administrer enhedsstatus og adgang",
+ "devicePendingApprovalBannerDescription": "Denne enhed venter på godkendelse. Den kan ikke oprette forbindelse til ressourcer, før den er godkendt.",
+ "connected": "Tilsluttet",
+ "disconnected": "Offline",
+ "approvalsEmptyStateTitle": "Enhedsgodkendelser er ikke aktiveret",
+ "approvalsEmptyStateDescription": "Aktivere godkendelser af enheder for at roller skal godkendes af admin før brugere kan opret forbindelse til nye enheder.",
+ "approvalsEmptyStateStep1Title": "Gå til roller",
+ "approvalsEmptyStateStep1Description": "Naviger til organisationens roller indstillinger for at konfigurere enhedsgodkendelser.",
+ "approvalsEmptyStateStep2Title": "Aktivér enhedsgodkendelser",
+ "approvalsEmptyStateStep2Description": "Rediger en rolle og aktivér muligheden 'Kræve enhedsgodkendelser'. Brugere med denne rolle vil have brug for administratorgodkendelse for nye enheder.",
+ "approvalsEmptyStatePreviewDescription": "Forhåndsvisning: Når dette er aktiveret, vises ventende enhedsanmodninger her til gennemgang",
+ "approvalsEmptyStateButtonText": "Administrer Roller",
+ "domainErrorTitle": "Vi har problemer med at verificere dit domæne",
+ "idpAdminAutoProvisionPoliciesTabHint": "Konfigurer rollegartlegging og organisationspolitikker på Autoprovisioneringsindstillinger fanen.",
+ "streamingTitle": "Hændelsesstreaming",
+ "streamingDescription": "Stream hændelser fra din organisation til eksterne destinationer i sanntid.",
+ "streamingUnnamedDestination": "Plassering uden navn",
+ "streamingNoUrlConfigured": "Ingen URL konfigureret",
+ "streamingAddDestination": "Tilføj mål",
+ "streamingHttpWebhookTitle": "HTTP Webhook",
+ "streamingHttpWebhookDescription": "Send hændelser til alle HTTP-endpoints med fleksibel autentificering og maling.",
+ "streamingS3Title": "Amazon S3",
+ "streamingS3Description": "Strøm hændelser til en S3-kompatibel objektlager. Kommer snart.",
+ "streamingDatadogTitle": "Datadog",
+ "streamingDatadogDescription": "Videresend arrangementer direkte til din Datadog-konto. Kommer snart.",
+ "streamingTypePickerDescription": "Vælg en måltype for at komme i gang.",
+ "streamingLastSyncError": "Det opstod en fejl under seneste synkronisering",
+ "streamingUnexpectedError": "En uventet fejl opstod.",
+ "streamingFailedToUpdate": "Kunne ikke opdatere destination",
+ "streamingDeletedSuccess": "Målet blev slettet",
+ "streamingFailedToDelete": "Kunne ikke slette destination",
+ "streamingDeleteTitle": "Slet mål",
+ "streamingDeleteButtonText": "Slet mål",
+ "streamingDeleteDialogAreYouSure": "Er du sikker på at du vil slette",
+ "streamingDeleteDialogThisDestination": "denne destinationen",
+ "streamingDeleteDialogPermanentlyRemoved": "? Alle konfigurationer vil blive slettet permanent.",
+ "httpDestEditTitle": "Rediger mål",
+ "httpDestAddTitle": "Tilføj HTTP-destination",
+ "httpDestEditDescription": "Opdater konfigurationen for denne HTTP-hændelsesstreamingdestination.",
+ "httpDestAddDescription": "Konfigurer et nyt HTTP-endpoint til at modtage organisationens hændelser.",
+ "S3DestEditTitle": "Rediger destination",
+ "S3DestAddTitle": "Tilføj S3 destination",
+ "S3DestEditDescription": "Opdater konfigurationen for denne S3-hændelsesstreamingdestination.",
+ "S3DestAddDescription": "Konfigurer en ny Amazon S3-bucket (eller S3-kompatibel bucket) til at modtage din organisations hændelser.",
+ "s3DestTabSettings": "Indstillinger",
+ "s3DestTabFormat": "Format",
+ "s3DestNameLabel": "Navn",
+ "s3DestNamePlaceholder": "Min S3-destination",
+ "s3DestAccessKeyIdLabel": "AWS adgangsnøgle-ID",
+ "s3DestSecretAccessKeyLabel": "AWS hemmelig adgangsnøgle",
+ "s3DestSecretAccessKeyPlaceholder": "Din AWS hemmelighed access key",
+ "s3DestRegionLabel": "AWS-region",
+ "s3DestBucketLabel": "Bucket-navn",
+ "s3DestPrefixLabel": "Nøglepræfiks (valgfrit)",
+ "s3DestPrefixDescription": "Valgfrit sti-prefiks tilføjet hver objektnøgle. Objekter er gemt på {prefix}/{logType}/{YYYY}/{MM}/{DD}/{filename}.",
+ "s3DestEndpointLabel": "Brugerdefineret endpoint (valgfrit)",
+ "s3DestEndpointDescription": "Overstyr S3-endepunktet for S3-kompatibel lagring som MinIO eller Cloudflare R2. Lad stå tomt for standard AWS S3.",
+ "s3DestGzipLabel": "Gzip-komprimering",
+ "s3DestGzipDescription": "Komprimer hvert uploadede objekt med gzip. Reducerer lageromkostninger og uploadstørrelse.",
+ "s3DestFormatTitle": "Filformat",
+ "s3DestFormatDescription": "Hvordan hændelser er serialisert i hvert uploadede objekt.",
+ "s3DestFormatJsonArrayDescription": "Hvert objekt er et JSON-array af hændelsesposter. Kompatibel med de fleste analyseværktøjer.",
+ "s3DestFormatNdjsonDescription": "Hvert objekt indeholder en JSON-post per linje (nylinje-delt JSON). Kompatibel med Athena, BigQuery, og Spark.",
+ "s3DestFormatCsvTitle": "CSV",
+ "s3DestFormatCsvDescription": "Hvert objekt er en RFC-4180 CSV-fil med en overskriftsrække. Kolonnenavne er afledt af hændelsesdatafelterne.",
+ "s3DestSaveChanges": "Gem ændringer",
+ "s3DestCreateDestination": "Opret destination",
+ "s3DestUpdatedSuccess": "Destination opdateret med succes",
+ "s3DestCreatedSuccess": "Destination oprettet med succes",
+ "s3DestUpdateFailed": "Kunne ikke opdatere destination",
+ "s3DestCreateFailed": "Kunne ikke oprette destination",
+ "datadogDestEditTitle": "Rediger destination",
+ "datadogDestAddTitle": "Tilføj Datadog destination",
+ "datadogDestEditDescription": "Opdater konfigurationen for denne Datadog-hændelsesstreamingdestination.",
+ "datadogDestAddDescription": "Konfigurer et nyt Datadog-endpoint til at modtage organisationens hændelser.",
+ "httpDestTabSettings": "Indstillinger",
+ "httpDestTabHeaders": "Overskrifter",
+ "httpDestTabBody": "Indhold",
+ "httpDestTabLogs": "Logfiler",
+ "httpDestNamePlaceholder": "Min HTTP destination",
+ "httpDestUrlLabel": "Destinasjons URL",
+ "httpDestUrlErrorHttpRequired": "URL-adressen skal bruge httpp eller HTTPS",
+ "httpDestUrlErrorHttpsRequired": "HTTPS er nødvendig for distribution af cloud",
+ "httpDestUrlErrorInvalid": "Indtast en gyldig webadresse (f.eks. https://eksempel.com/webhook)",
+ "httpDestAuthTitle": "Autentificering",
+ "httpDestAuthDescription": "Vælg, hvordan anmodninger til dit endpoint autentificeres.",
+ "httpDestAuthNoneTitle": "Ingen godkendelse",
+ "httpDestAuthNoneDescription": "Sender forespørgsler uden autorisasjonsoverskrift.",
+ "httpDestAuthBearerTitle": "Bærer Symbol",
+ "httpDestAuthBearerDescription": "Legger til en Autorisation: Bearer '' header til hver forespørgsel.",
+ "httpDestAuthBearerPlaceholder": "Din API-nøgle eller token",
+ "httpDestAuthBasicTitle": "Standard Auth",
+ "httpDestAuthBasicDescription": "Legger til en Autorisation: Basic '' header. Give legitimationsoplysninger som brugernavn:adgangskode.",
+ "httpDestAuthBasicPlaceholder": "brugernavn:adgangskode",
+ "httpDestAuthCustomTitle": "Brugerdefineret header",
+ "httpDestAuthCustomDescription": "Angiv et brugerdefineret HTTP headers navn og værdi for autentificering (f.eks X-API-Key).",
+ "httpDestAuthCustomHeaderNamePlaceholder": "Headernavn (f.eks. X-API-Key)",
+ "httpDestAuthCustomHeaderValuePlaceholder": "Header værdi",
+ "httpDestCustomHeadersTitle": "Brugerdefinerede HTTP-headers",
+ "httpDestCustomHeadersDescription": "Tilføj brugerdefinerede headers til hver udgående forespørgsel. Nyttig for statisk tokens eller en brugerdefineret indholdstype. Som standard bliver indholdstype: application/json sendt.",
+ "httpDestNoHeadersConfigured": "Ingen brugerdefinerede headers konfigureret. Klik på \"Tilføj header\" for at tilføje en.",
+ "httpDestHeaderNamePlaceholder": "Headernavn",
+ "httpDestHeaderValuePlaceholder": "Værdi",
+ "httpDestAddHeader": "Tilføj header",
+ "httpDestBodyTemplateTitle": "Brugerdefineret hovedmal",
+ "httpDestBodyTemplateDescription": "Kontroller JSON payloadstrukturen sendt til dit endpoint. Hvis deaktiveret, sendes et standard JSON-objekt for hver hændelse.",
+ "httpDestEnableBodyTemplate": "Aktivér brugerdefineret meldingsmal",
+ "httpDestBodyTemplateLabel": "Body-skabelon (JSON)",
+ "httpDestBodyTemplateHint": "Brug designmal variabler for at referere til eventfelt i din betaling.",
+ "httpDestPayloadFormatTitle": "Mål format",
+ "httpDestPayloadFormatDescription": "Hvordan hændelser serialiseres i hver request body.",
+ "httpDestFormatJsonArrayTitle": "JSON-liste",
+ "httpDestFormatJsonArrayDescription": "Én forespørgsel pr. batch; indholdet er en JSON-liste. Kompatibel med de fleste generiske webhooks og Datadog.",
+ "httpDestFormatNdjsonTitle": "NDJSON",
+ "httpDestFormatNdjsonDescription": "Én forespørgsel pr. batch; indholdet er newline-delimited JSON — ét objekt pr. linje, uden ydre array. Kræves af Splunk HEC, Elastic/OpenSearch og Grafana Loki.",
+ "httpDestFormatSingleTitle": "En hændelse per forespørgsel",
+ "httpDestFormatSingleDescription": "Sender en separat HTTP POST for hver enkelt hændelse. Brug kun for endpoints der ikke kan håndtere batcher.",
+ "httpDestLogTypesTitle": "Logtyper",
+ "httpDestLogTypesDescription": "Vælg, hvilke logtyper der videresendes til dette mål. Kun aktiverede logtyper bliver streamet.",
+ "httpDestAccessLogsTitle": "Adgangslogs",
+ "httpDestAccessLogsDescription": "Adgangsforsøk for ressourcer, inklusive godkendte og afvist forespørgsler.",
+ "httpDestActionLogsTitle": "Handlingsloger",
+ "httpDestActionLogsDescription": "Administrative tiltak som utføres af brugere inden for organisationen.",
+ "httpDestConnectionLogsTitle": "Forbindelseslogs",
+ "httpDestConnectionLogsDescription": "Udstyrs- og tunnelforbindelseshændelser, inklusive forbindelser og frakobling.",
+ "httpDestRequestLogsTitle": "HTTP-forespørgselslogs",
+ "httpDestRequestLogsDescription": "HTTP-forespørgsel logs for bekræftede ressourcer, inklusive metode, sti og responskode.",
+ "httpDestSaveChanges": "Gem ændringer",
+ "httpDestCreateDestination": "Opret mål",
+ "httpDestUpdatedSuccess": "Målet er opdateret",
+ "httpDestCreatedSuccess": "Målet er oprettet",
+ "httpDestUpdateFailed": "Kunne ikke opdatere destination",
+ "httpDestCreateFailed": "Kan ikke oprette mål",
+ "followRedirects": "Følg videresendinger",
+ "followRedirectsDescription": "Følg automatisk HTTP-videresendinger for forespørgsler.",
+ "alertingErrorWebhookUrl": "Indtast venligst en gyldig URL for webhooken.",
+ "healthCheckStrategyHttp": "Validerer forbindelse og kontrollerer HTTP-responsstatus.",
+ "healthCheckStrategyTcp": "Bekræfter kun TCP-forbindelse, uden at inspisere responsen.",
+ "healthCheckStrategySnmp": "Udfører en SNMP get-forespørgsel for at tjekke sundheden til netværksenheder og infrastruktur.",
+ "healthCheckStrategyIcmp": "Bruger ICMP ekko forespørgsler (ping) for at tjekke om en ressource er tilgængelig og responsiv.",
+ "healthCheckTabStrategy": "Strategi",
+ "healthCheckTabConnection": "Forbindelse",
+ "healthCheckTabAdvanced": "Avanceret",
+ "healthCheckStrategyNotAvailable": "Denne strategien er ikke tilgængeligt. Venligst kontakt salgsafdelingen for at aktivere denne funktion.",
+ "uptime30d": "Oppetid (30 d)",
+ "idpAddActionCreateNew": "Opret ny identitetsudbyder",
+ "idpAddActionImportFromOrg": "Importer fra en anden organisation",
+ "idpImportDialogTitle": "Importer identitetsudbyder",
+ "idpImportDialogDescription": "Vælg en identitetsudbyder fra en organisation der du er admin. Den vil blive knyttet til denne organisation.",
+ "idpImportSearchPlaceholder": "Søg efter organisations- eller leverandørnavn...",
+ "idpImportEmpty": "Ingen identitetsudbydere fundet.",
+ "idpImportedDescription": "Identitetsudbyderen blev importert med succes.",
+ "idpDeleteGlobalQuestion": "Er du sikker på, at du vil slette denne identitetsudbyder permanent?",
+ "idpDeleteGlobalDescription": "Dette vil slette identitetsudbyder permanent fra alle organisationer, den er tilknyttet.",
+ "idpUnassociateTitle": "Frakobl identitetsudbyder",
+ "idpUnassociateQuestion": "Er du sikker på, at du vil frakoble denne identitetsudbyder fra denne organisation?",
+ "idpUnassociateDescription": "Alle brugere knyttet til denne identitetsudbyder vil blive fjernet fra denne organisation, men identitetsudbyderen vil stadig eksistere for andre tilknyttede organisationer.",
+ "idpUnassociateConfirm": "Bekræft frakobling af identitetsudbyder",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "SLET OG FJERN MIG FRA ORGANISATIONEN",
+ "idpUnassociateAndRemoveMeFromOrg": "FRAKOBL OG FJERN MIG FRA ORGANISATIONEN",
+ "idpUnassociateWarning": "Dette kan ikke fortrydes for denne organisation.",
+ "idpUnassociatedDescription": "Identitetsudbyderen er frakoblet fra denne organisation",
+ "idpUnassociateMenu": "Frakobl",
+ "idpDeleteAllOrgsMenu": "Slet",
+ "publicIpEndpoint": "Slutpunkt",
+ "lastTriggeredAt": "Senest udløst",
+ "reject": "Afvis",
+ "uptimeDaysAgo": "{count} dage siden",
+ "uptimeToday": "I dag",
+ "uptimeNoDataAvailable": "Ingen data tilgængelig",
+ "uptimeSuffix": "oppetid",
+ "uptimeDowntimeSuffix": "nedetid",
+ "uptimeTooltipUptimeLabel": "Oppetid",
+ "uptimeTooltipDowntimeLabel": "Nedetid",
+ "uptimeOngoing": "pågående",
+ "uptimeNoMonitoringData": "Ingen overvåkingsdata",
+ "uptimeNoData": "Ingen data",
+ "uptimeMiniBarDown": "Nede",
+ "uptimeSectionTitle": "Oppetid",
+ "uptimeSectionDescription": "Tilgængelighed de seneste {days} dage",
+ "uptimeAddAlert": "Tilføj varsling",
+ "uptimeViewAlerts": "Vis varsler",
+ "uptimeCreateEmailAlert": "Opret e-mailnotifikation",
+ "uptimeAlertDescriptionSite": "Få besked via e-mail, når dette site går offline eller kommer tilbage online.",
+ "uptimeAlertDescriptionResource": "Få besked via e-mail, når denne ressource går offline eller kommer tilbage online.",
+ "uptimeAlertNamePlaceholder": "Varslingsnavn",
+ "uptimeAdditionalEmails": "Flere e-mails",
+ "uptimeCreateAlert": "Opret varsling",
+ "uptimeAlertNoRecipients": "Ingen modtagere",
+ "uptimeAlertNoRecipientsDescription": "Venligst tilføj mindst én bruger, rolle, eller e-mail for at varsle.",
+ "uptimeAlertCreated": "Notifikation oprettet",
+ "uptimeAlertCreatedDescription": "Du vil blive varslet når dette ændrer status.",
+ "uptimeAlertCreateFailed": "Kunne ikke oprette notifikation",
+ "webhookUrlLabel": "URL",
+ "webhookHeaderKeyPlaceholder": "Nøgle",
+ "webhookHeaderValuePlaceholder": "Værdi",
+ "alertLabel": "Notifikation",
+ "domainPickerWildcardSubdomainNotAllowed": "Wildcard-underdomæner er ikke tilladt.",
+ "domainPickerWildcardCertWarning": "Wildcard-ressourcer kan kræve ekstra konfiguration for at fungere korrekt.",
+ "domainPickerWildcardCertWarningLink": "Læs mere",
+ "health": "Sundhed",
+ "domainPendingErrorTitle": "Verificeringsproblem",
+ "memberPortalTitle": "Ressourcer",
+ "memberPortalDescription": "Ressourcer du har adgang til i denne organisation",
+ "memberPortalSortBy": "Sorter efter...",
+ "memberPortalSortNameAsc": "Navn A-AT",
+ "memberPortalSortNameDesc": "Navn AT-A",
+ "memberPortalSortDomainAsc": "Domæne A-AT",
+ "memberPortalSortDomainDesc": "Domæne AT-A",
+ "memberPortalSortEnabledFirst": "Aktiveret først",
+ "memberPortalSortDisabledFirst": "Deaktiveret først",
+ "memberPortalRefresh": "Opdater",
+ "memberPortalRefreshResources": "Opdater ressourcer",
+ "memberPortalFailedToLoad": "Kunne ikke indlæse ind ressourcer",
+ "memberPortalFailedToLoadDescription": "Kunne ikke indlæse ressourcer. Tjek venligst din forbindelse, og prøv igen.",
+ "memberPortalUnableToLoad": "Kan ikke indlæse ind ressourcer",
+ "memberPortalTryAgain": "Prøv igen",
+ "memberPortalNoResourcesFound": "Ingen ressourcer fundet",
+ "memberPortalNoResourcesAvailable": "Ingen ressourcer tilgængelig",
+ "memberPortalNoResourcesMatchSearch": "Ingen ressourcer matcher med \"{query}\". Prøv at justere søgeordene dine eller fjern søgningen for at se alle ressourcer.",
+ "memberPortalNoResourcesAccess": "Du har endnu ikke adgang til nogen ressourcer. Kontakt din administrator for at få adgang til de ressourcer, du har brug for.",
+ "memberPortalClearSearch": "Fjern søg",
+ "memberPortalPublicResources": "Offentlige ressourcer",
+ "memberPortalPublicResourcesDescription": "Webapplikationer og -tjenester tilgængelige via browser",
+ "memberPortalCopiedToClipboard": "Kopieret til udklipsholderen",
+ "memberPortalCopiedUrlDescription": "Ressource-URL er kopieret til din udklipsholder.",
+ "memberPortalOpenResource": "Åbn ressource",
+ "memberPortalPrivateResources": "Private ressourcer",
+ "memberPortalPrivateResourcesDescription": "Interne netværksressourcer tilgængelige via klient",
+ "memberPortalResourceDetails": "Ressourcedetaljer",
+ "memberPortalMode": "Tilstand",
+ "memberPortalDestination": "Destination",
+ "memberPortalAlias": "Navn",
+ "memberPortalCopiedAliasDescription": "Ressourcealias er kopieret til din udklipsholder.",
+ "memberPortalCopiedDestinationDescription": "Ressourcedestination er kopieret til din udklipsholder.",
+ "memberPortalRequiresClientConnection": "Kræver klientforbindelse",
+ "memberPortalAuthMethods": "Autentificeringsmetoder",
+ "memberPortalSso": "Enkeltpåloging (SSO)",
+ "memberPortalPasswordProtected": "Adgangskodebeskyttet",
+ "memberPortalPinCode": "PIN-kode",
+ "memberPortalEmailWhitelist": "E-mailwhitelist",
+ "memberPortalResourceDisabled": "Ressource deaktiveret",
+ "memberPortalShowingResources": "Viser {start}-{end} af {total} ressourcer",
+ "resourceLauncherTitle": "Ressource Starter",
+ "resourceLauncherDescription": "Se ressource detaljer og start dem fra ét sted",
+ "resourceLauncherSearchPlaceholder": "Søg i alle sites...",
+ "resourceLauncherDefaultView": "Standard",
+ "resourceLauncherSaveView": "Gem Visning",
+ "resourceLauncherSaveToCurrentView": "Gem til nuværende visning",
+ "resourceLauncherResetView": "Nulstil Visning",
+ "resourceLauncherSaveAsNewView": "Gem som Ny Visning",
+ "resourceLauncherSaveAsNewViewDescription": "Giv denne visning et navn for at gemme dine nuværende filtre og layout.",
+ "resourceLauncherSaveForEveryone": "Gem for Alle",
+ "resourceLauncherSaveForEveryoneDescription": "Del denne visning med alle organisationsmedlemmer. Når den er ikke markeret, er visningen kun synlig for dig.",
+ "resourceLauncherMakePersonal": "Gør Personlig",
+ "resourceLauncherFilter": "Filter",
+ "resourceLauncherSort": "Sortér",
+ "resourceLauncherSortAscending": "Sortér stigende",
+ "resourceLauncherSortDescending": "Sortér faldende",
+ "resourceLauncherSettings": "Indstillinger",
+ "resourceLauncherGroupBy": "Gruppér Efter",
+ "resourceLauncherGroupBySite": "Websted",
+ "resourceLauncherGroupByLabel": "Etikett",
+ "resourceLauncherLayout": "Layout",
+ "resourceLauncherLayoutGrid": "Gitter",
+ "resourceLauncherLayoutList": "Liste",
+ "resourceLauncherShowLabels": "Vis Etiketter",
+ "resourceLauncherShowSiteTags": "Vis Site Tags",
+ "resourceLauncherShowRecents": "Vis Seneste",
+ "resourceLauncherDeleteView": "Slet Visning",
+ "resourceLauncherViewAsAdmin": "Vis som Admin",
+ "resourceLauncherResourceDetailsDescription": "Se detaljer for denne ressource.",
+ "resourceLauncherUnlabeled": "Uden Etiket",
+ "resourceLauncherNoSite": "Ingen Site",
+ "resourceLauncherNoResourcesInGroup": "Ingen ressourcer i denne gruppe",
+ "resourceLauncherEmptyStateTitle": "Ingen ressourcer tilgængelige",
+ "resourceLauncherEmptyStateDescription": "Du har endnu ikke adgang til nogen ressourcer. Kontakt din administrator for at anmode om adgang.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Ingen ressourcer fundet",
+ "resourceLauncherEmptyStateNoResultsDescription": "Ingen ressourcer matcher din nuværende søgning eller filtre. Prøv at justere dem for at finde det, du leder efter.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Ingen ressourcer matcher \"{query}\". Prøv at justere din søgning eller rydde filtre for at se alle ressourcer.",
+ "resourceLauncherCopiedToClipboard": "Kopieret til udklipsholderen",
+ "resourceLauncherCopiedAccessDescription": "Ressourcetilgangen er kopieret til din udklipsholder.",
+ "resourceLauncherViewNamePlaceholder": "Vis navn",
+ "resourceLauncherViewNameLabel": "Vis Navn",
+ "resourceLauncherViewSaved": "Vis Gemt",
+ "resourceLauncherViewSavedDescription": "Din launcher-visning er blevet gemt.",
+ "resourceLauncherViewSaveFailed": "Kunne ikke gemme visning",
+ "resourceLauncherViewSaveFailedDescription": "Kunne ikke gemme launcher-visningen. Prøv venligst igen.",
+ "resourceLauncherViewDeleted": "Visning slået væk",
+ "resourceLauncherViewDeletedDescription": "Launcher-visningen er blevet slettet.",
+ "resourceLauncherViewDeleteFailed": "Kunne ikke slette visning",
+ "resourceLauncherViewDeleteFailedDescription": "Kan ikke slette launcher-visningen. Prøv venligst igen.",
+ "memberPortalPrevious": "Forrige",
+ "memberPortalNext": "Næste",
+ "httpSettings": "HTTP Indstillinger",
+ "tcpSettings": "TCP Indstillinger",
+ "udpSettings": "UDP Indstillinger",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Oprette en sikker forbindelse…",
+ "sshConnecting": "Opretter forbindelse til…",
+ "sshInitializing": "Initialiserer…",
+ "sshSignInTitle": "Log ind på SSH",
+ "sshSignInDescription": "Indtast dine SSH-legitimationsoplysninger for at oprette forbindelse til",
+ "sshPasswordTab": "Adgangskode",
+ "sshPrivateKeyTab": "Privat Nøgle",
+ "sshPrivateKeyField": "Privat Nøgle",
+ "sshPrivateKeyDisclaimer": "Din private nøgle gemmes ikke og er ikke synlig for Pangolin. Alternativt kan du bruge kortlivede certifikater til sømløs autentificering med din eksisterende Pangolin-identitet.",
+ "sshLearnMore": "Læs mere",
+ "sshPrivateKeyFile": "Privat nøglefil",
+ "sshAuthenticate": "Opret forbindelse til",
+ "sshTerminate": "Avslutt",
+ "sshPoweredBy": "Drevet af",
+ "sshErrorNoTarget": "Ingen mål spesifisert",
+ "sshErrorWebSocket": "WebSocket-forbindelse mislykkedes",
+ "sshErrorAuthFailed": "Autentificering mislykkedes",
+ "sshErrorConnectionClosed": "Forbindelse afsluttet før autentificering blev fuldført",
+ "sitePangolinSshDescription": "Tillad SSH-adgang til ressourcer på dette site. Dette kan ændres senere.",
+ "browserGatewayNoResourceForDomain": "Ingen ressourcer fundet for dette domænet",
+ "browserGatewayNoTarget": "Ingen mål",
+ "browserGatewayConnect": "Opret forbindelse til",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Kunne ikke signere SSH-nøgle for PAM-loginautentificering. Er du logget ind som bruger?",
+ "sshTerminalError": "Fejl: {error}",
+ "sshConnectionClosedCode": "Forbindelsen blev lukket (kode {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGYNN OPENSSH PRIVAT NØGLE-----",
+ "sshPrivateKeyRequired": "Privat nøgle er påkrævet",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Indtast dine VNC-legitimationsoplysninger for at oprette forbindelse",
+ "vncUsernameOptional": "Brugernavn (valgfrit)",
+ "vncPasswordOptional": "Adgangskode (valgfrit)",
+ "vncNoResourceTarget": "Intet ressourcemål tilgængeligt",
+ "vncFailedToLoadNovnc": "Kunne ikke indlæse noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Indsæt udklipsholder",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Log ind på Fjernskrivebord",
+ "rdpSignInDescription": "Indtast Windows-legitimationsoplysninger for at oprette forbindelse til",
+ "rdpLoadingModule": "Indlæser modul...",
+ "rdpFailedToLoadModule": "Kunne ikke indlæse RDP-modul",
+ "rdpNotReady": "Ikke klar",
+ "rdpModuleInitializing": "RDP-modulen er stadig under initialisering",
+ "rdpDownloadingFiles": "Downloader {count} fil(er) fra fjern…",
+ "rdpDownloadFailed": "Download mislykkedes: {fileName}",
+ "rdpUploaded": "Uploadet: {fileName}",
+ "rdpNoConnectionTarget": "Intet forbindelsesmål tilgængeligt",
+ "rdpConnectionFailed": "Forbindelsen mislykkedes",
+ "rdpFit": "Tilpass",
+ "rdpFull": "Fuldt",
+ "rdpReal": "Ekte",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Upload filer",
+ "rdpFilesReadyToPaste": "Filer klare til at limes ind",
+ "rdpFilesReadyToPasteDescription": "{count} fil(er) kopieret til fjernudklipsholderen — trykk Ctrl+V på fjernskrivebordet for at indsætte.",
+ "rdpUploadFailed": "Uploaden mislykkedes",
+ "rdpUnicodeKeyboardMode": "Unicode tastaturtilstand",
+ "sessionToolbarShow": "Vis værktøjslinje",
+ "sessionToolbarHide": "Skjul værktøjslinje"
+}
diff --git a/messages/de-DE.json b/messages/de-DE.json
index 11d76dab5..ad39fda09 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -66,9 +66,15 @@
"local": "Lokal",
"edit": "Bearbeiten",
"siteConfirmDelete": "Löschen des Standorts bestätigen",
+ "siteConfirmDeleteAndResources": "Löschen von Standort und Ressourcen bestätigen",
"siteDelete": "Standort löschen",
+ "siteDeleteAndResources": "Standort und Ressourcen löschen",
"siteMessageRemove": "Sobald der Standort entfernt ist, wird er nicht mehr zugänglich sein. Alle mit dem Standort verbundenen Ziele werden ebenfalls entfernt.",
+ "siteMessageRemoveAndResources": "Dies wird dauerhaft alle öffentlichen und privaten Ressourcen, die mit diesem Standort verknüpft sind, löschen, selbst wenn eine Ressource auch mit anderen Standorten verbunden ist.",
"siteQuestionRemove": "Sind Sie sicher, dass Sie den Standort aus der Organisation entfernen möchten?",
+ "siteQuestionRemoveAndResources": "Sind Sie sicher, dass Sie diesen Standort und alle zugehörigen Ressourcen löschen möchten?",
+ "sitesTableDeleteSite": "Standort löschen",
+ "sitesTableDeleteSiteAndResources": "Standort und Ressourcen löschen",
"siteManageSites": "Standorte verwalten",
"siteDescription": "Erstellen und Verwalten von Standorten, um die Verbindung zu privaten Netzwerken zu ermöglichen",
"sitesBannerTitle": "Verbinde ein beliebiges Netzwerk",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Private Ressourcen anzeigen",
"siteInstallNewt": "Newt installieren",
"siteInstallNewtDescription": "Installiere Newt auf deinem System.",
+ "siteInstallKubernetesDocsDescription": "Für aktuelle Installationsinformationen zu Kubernetes, siehe docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Für Installationsanweisungen für Advantech-Modems siehe docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "WireGuard Konfiguration",
"WgConfigurationDescription": "Verwenden Sie folgende Konfiguration, um sich mit dem Netzwerk zu verbinden",
"operatingSystem": "Betriebssystem",
@@ -115,6 +123,16 @@
"siteUpdated": "Standort aktualisiert",
"siteUpdatedDescription": "Der Standort wurde aktualisiert.",
"siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren",
+ "siteRestartTitle": "Standort neu starten",
+ "siteRestartDescription": "Starten Sie den WireGuard-Tunnel für diesen Standort neu. Dies wird die Konnektivität kurzzeitig unterbrechen.",
+ "siteRestartBody": "Verwenden Sie dies, wenn der Standort-Tunnel nicht ordnungsgemäß funktioniert und Sie eine erneute Verbindung erzwingen möchten, ohne den Host neu zu starten.",
+ "siteRestartButton": "Standort neu starten",
+ "siteRestartDialogMessage": "Sind Sie sicher, dass Sie den WireGuard-Tunnel für {name} neu starten möchten? Der Standort wird kurzzeitig die Konnektivität verlieren.",
+ "siteRestartWarning": "Der Standort wird kurzzeitig getrennt, während der Tunnel neu gestartet wird.",
+ "siteRestarted": "Standort neu gestartet",
+ "siteRestartedDescription": "Der WireGuard-Tunnel wurde neu gestartet.",
+ "siteErrorRestart": "Fehler beim Neustart des Standorts",
+ "siteErrorRestartDescription": "Ein Fehler ist aufgetreten, während der Standort neu gestartet wurde.",
"siteSettingDescription": "Standorteinstellungen konfigurieren",
"siteResourcesTab": "Ressourcen",
"siteResourcesNoneOnSite": "Dieser Standort hat noch keine öffentlichen oder privaten Ressourcen",
@@ -157,7 +175,7 @@
"shareDeleted": "Link gelöscht",
"shareDeletedDescription": "Der Link wurde gelöscht",
"shareDelete": "Freigabelink löschen",
- "shareDeleteConfirm": "Löschen des Freigabelinks bestätigen",
+ "shareDeleteConfirm": "Löschung des Freigabelinks bestätigen",
"shareQuestionRemove": "Sind Sie sicher, dass Sie diesen Freigabelink löschen möchten?",
"shareMessageRemove": "Nach dem Löschen funktioniert der Link nicht mehr, und jeder, der ihn nutzt, verliert den Zugriff auf die Ressource.",
"shareTokenDescription": "Das Zugriffstoken kann auf zwei Arten übergeben werden: als Abfrageparameter oder in den Request-Headern. Diese müssen vom Client auf jeder Anfrage für authentifizierten Zugriff weitergegeben werden.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Beim Erstellen des Freigabelinks ist ein Fehler aufgetreten",
"shareCreateDescription": "Jeder mit diesem Link kann auf die Ressource zugreifen",
"shareTitleOptional": "Titel (optional)",
+ "sharePathOptional": "Pfad (optional)",
+ "sharePathDescription": "Der Link leitet Benutzer nach der Authentifizierung zu diesem Pfad weiter.",
"expireIn": "Läuft ab in",
"neverExpire": "Läuft nie ab",
"shareExpireDescription": "Ablaufzeit ist, wie lange der Link verwendet werden kann und bietet Zugriff auf die Ressource. Nach dieser Zeit wird der Link nicht mehr funktionieren und Benutzer, die diesen Link benutzt haben, verlieren den Zugriff auf die Ressource.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Bitte wählen Sie eine Ressource",
"proxyResourceTitle": "Öffentliche Ressourcen verwalten",
"proxyResourceDescription": "Erstelle und verwalte Ressourcen, die über einen Webbrowser öffentlich zugänglich sind",
- "proxyResourcesBannerTitle": "Web-basierter öffentlicher Zugang",
- "proxyResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS oder TCP/UDP-Proxys, die über einen Webbrowser für jeden zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextbezogene Zugriffsrichtlinien beinhalten.",
+ "publicResourcesBannerTitle": "Web-basierter öffentlicher Zugang",
+ "publicResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS-Proxys, die über einen Webbrowser für jeden im Internet zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextuelle Zugriffsrichtlinien enthalten.",
"clientResourceTitle": "Private Ressourcen verwalten",
"clientResourceDescription": "Erstelle und verwalte Ressourcen, die nur über einen verbundenen Client zugänglich sind",
"privateResourcesBannerTitle": "Zero-Trust-Zugriff auf private Ressourcen",
@@ -208,11 +228,37 @@
"resourcesSearch": "Suche Ressourcen...",
"resourceAdd": "Ressource hinzufügen",
"resourceErrorDelte": "Fehler beim Löschen der Ressource",
+ "resourcePoliciesBannerTitle": "Authentifizierungs- und Zugriffsregeln wiederverwenden",
+ "resourcePoliciesBannerDescription": "Freigegebene Ressourcenrichtlinien ermöglichen es Ihnen, Authentifizierungsmethoden und Zugriffsregeln einmal zu definieren und sie dann an mehrere öffentliche Ressourcen zu binden. Wenn Sie eine Richtlinie aktualisieren, übernimmt jede verknüpfte Ressource die Änderung automatisch.",
+ "resourcePoliciesBannerButtonText": "Mehr erfahren",
+ "resourcePoliciesTitle": "Öffentliche Ressourcen Richtlinien verwalten",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ressourcen",
+ "resourcePoliciesAttachedResources": "{count} Ressource(n)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# Ressource} other {# Ressourcen}}",
+ "resourcePoliciesAttachedResourcesEmpty": "keine Ressourcen",
+ "resourcePoliciesDescription": "Erstellen und verwalten Sie Authentifizierungsrichtlinien, um den Zugriff auf Ihre öffentlichen Ressourcen zu steuern",
+ "resourcePoliciesSearch": "Richtlinien suchen...",
+ "resourcePoliciesAdd": "Richtlinie hinzufügen",
+ "resourcePoliciesDefaultBadgeText": "Standardrichtlinie",
+ "resourcePoliciesCreate": "Öffentliche Ressourcen Richtlinie erstellen",
+ "resourcePoliciesCreateDescription": "Befolgen Sie die unten stehenden Schritte, um eine neue Richtlinie zu erstellen",
+ "resourcePolicyName": "Richtlinienname",
+ "resourcePolicyNameDescription": "Geben Sie dieser Richtlinie einen Namen, um sie für Ihre Ressourcen zu identifizieren",
+ "resourcePolicyNamePlaceholder": "z. B. Richtlinie für internen Zugriff",
+ "resourcePoliciesSeeAll": "Alle Richtlinien anzeigen",
+ "resourcePolicyAuthMethodAdd": "Authentifizierungsmethode hinzufügen",
+ "resourcePolicyOtpEmailAdd": "OTP-E-Mails hinzufügen",
+ "resourcePolicyRulesAdd": "Regeln hinzufügen",
+ "resourcePolicyAuthMethodsDescription": "Ermöglichen Sie den Zugriff auf Ressourcen über zusätzliche Authentifizierungsmethoden",
+ "resourcePolicyUsersRolesDescription": "Konfigurieren Sie, welche Benutzer und Rollen diese Ressource besuchen können",
+ "rulesResourcePolicyDescription": "Konfigurieren Sie Regeln, um den Zugang zu den mit dieser Richtlinie verbundenen Ressourcen zu kontrollieren",
"authentication": "Authentifizierung",
"protected": "Geschützt",
"notProtected": "Nicht geschützt",
"resourceMessageRemove": "Einmal entfernt, wird die Ressource nicht mehr zugänglich sein. Alle mit der Ressource verbundenen Ziele werden ebenfalls entfernt.",
"resourceQuestionRemove": "Sind Sie sicher, dass Sie die Ressource aus der Organisation entfernen möchten?",
+ "resourcePolicyMessageRemove": "Einmal entfernt, wird die Ressourcenrichtlinie nicht mehr zugänglich sein. Alle mit der Ressource verbundenen Ressourcen werden nicht mehr zugeordnet und bleiben ohne Authentifizierung.",
+ "resourcePolicyQuestionRemove": "Sind Sie sicher, dass Sie die Ressourcenrichtlinie aus der Organisation entfernen möchten?",
"resourceHTTP": "HTTPS-Ressource",
"resourceHTTPDescription": "Proxy-Anfragen über HTTPS mit einem voll qualifizierten Domain-Namen.",
"resourceRaw": "Direkte TCP/UDP Ressource (raw)",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy-Anfragen über rohe TCP/UDP mit Portnummer. Benötigt Sites, um sich mit einem entfernten Knoten zu verbinden.",
"resourceCreate": "Ressource erstellen",
"resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen",
+ "resourceCreateGeneralDescription": "Konfigurieren Sie die Grundeinstellungen der Ressource, einschließlich Name und Typ",
"resourceSeeAll": "Alle Ressourcen anzeigen",
- "resourceInfo": "Ressourcen-Informationen",
+ "resourceCreateGeneral": "Allgemein",
"resourceNameDescription": "Dies ist der Anzeigename für die Ressource.",
"siteSelect": "Standort auswählen",
"siteSearch": "Standorte durchsuchen",
@@ -231,12 +278,15 @@
"noCountryFound": "Kein Land gefunden.",
"siteSelectionDescription": "Dieser Standort wird die Verbindung zum Ziel herstellen.",
"resourceType": "Ressourcentyp",
- "resourceTypeDescription": "Legen Sie fest, wie Sie auf die Ressource zugreifen",
+ "resourceTypeDescription": "Dies steuert das Ressourcenprotokoll und wie es im Browser gerendert wird. Dies kann später nicht geändert werden.",
+ "resourceDomainDescription": "Die Ressource wird unter diesem vollständig qualifizierten Domainnamen bereitgestellt.",
"resourceHTTPSSettings": "HTTPS-Einstellungen",
"resourceHTTPSSettingsDescription": "Konfigurieren Sie den Zugriff auf die Ressource über HTTPS",
+ "resourcePortDescription": "Der externe Port auf der Pangolin-Instanz oder dem Knoten, an dem die Ressource zugänglich ist.",
"domainType": "Domain-Typ",
"subdomain": "Subdomain",
"baseDomain": "Basis-Domain",
+ "configure": "Konfiguration",
"subdomnainDescription": "Die Subdomäne, auf die die Ressource zugegriffen werden soll.",
"resourceRawSettings": "TCP/UDP Einstellungen",
"resourceRawSettingsDescription": "Konfigurieren, wie auf die Ressource über TCP/UDP zugegriffen wird",
@@ -247,14 +297,35 @@
"back": "Zurück",
"cancel": "Abbrechen",
"resourceConfig": "Konfiguration Snippets",
- "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurations-Snippets ein, um die TCP/UDP Ressource einzurichten",
+ "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurationsschnipsel ein, um die TCP/UDP-Ressource einzurichten.",
"resourceAddEntrypoints": "Traefik: Einstiegspunkte hinzufügen",
"resourceExposePorts": "Gerbil: Ports im Docker Compose freigeben",
"resourceLearnRaw": "Lernen Sie, wie Sie TCP/UDP Ressourcen konfigurieren",
"resourceBack": "Zurück zu den Ressourcen",
"resourceGoTo": "Zu Ressource gehen",
+ "resourcePolicyDelete": "Ressourcenrichtlinie löschen",
+ "resourcePolicyDeleteConfirm": "Löschen der Ressourcenrichtlinie bestätigen",
"resourceDelete": "Ressource löschen",
"resourceDeleteConfirm": "Ressource löschen bestätigen",
+ "labelDelete": "Etikett löschen",
+ "labelAdd": "Etikett hinzufügen",
+ "labelCreateSuccessMessage": "Etikett erfolgreich erstellt",
+ "labelDuplicateError": "Doppeltes Label",
+ "labelDuplicateErrorDescription": "Ein Label mit diesem Namen existiert bereits.",
+ "labelEditSuccessMessage": "Etikett erfolgreich bearbeitet",
+ "labelNameField": "Etikettenname",
+ "labelColorField": "Etikettenfarbe",
+ "labelPlaceholder": "Beispiel: Heimlabor",
+ "labelCreate": "Etikett erstellen",
+ "createLabelDialogTitle": "Etikett erstellen",
+ "createLabelDialogDescription": "Erstellen Sie ein neues Etikett, das dieser Organisation zugeordnet werden kann",
+ "labelEdit": "Etikett bearbeiten",
+ "editLabelDialogTitle": "Etikett aktualisieren",
+ "editLabelDialogDescription": "Bearbeiten Sie ein neues Etikett, das dieser Organisation zugeordnet werden kann",
+ "labelDeleteConfirm": "Löschen des Etiketts bestätigen",
+ "labelErrorDelete": "Etikett konnte nicht gelöscht werden",
+ "labelMessageRemove": "Diese Aktion ist dauerhaft. Alle Standorte, Ressourcen und Clients, die mit diesem Etikett versehen sind, werden nicht mehr zugeordnet.",
+ "labelQuestionRemove": "Sind Sie sicher, dass Sie das Etikett aus der Organisation entfernen möchten?",
"visibility": "Sichtbarkeit",
"enabled": "Aktiviert",
"disabled": "Deaktiviert",
@@ -265,6 +336,8 @@
"rules": "Regeln",
"resourceSettingDescription": "Einstellungen für die Ressource konfigurieren",
"resourceSetting": "{resourceName} Einstellungen",
+ "resourcePolicySettingDescription": "Richten Sie die Einstellungen für diese öffentliche Ressourcenrichtlinie ein",
+ "resourcePolicySetting": "{policyName} Einstellungen",
"alwaysAllow": "Authentifizierung umgehen",
"alwaysDeny": "Zugriff blockieren",
"passToAuth": "Weiterleiten zur Authentifizierung",
@@ -671,7 +744,7 @@
"targetSubmit": "Ziel hinzufügen",
"targetNoOne": "Diese Ressource hat keine Ziele. Fügen Sie ein Ziel hinzu, um zu konfigurieren, wo Anfragen an das Backend gesendet werden sollen.",
"targetNoOneDescription": "Das Hinzufügen von mehr als einem Ziel aktiviert den Lastausgleich.",
- "targetsSubmit": "Ziele speichern",
+ "targetsSubmit": "Einstellungen speichern",
"addTarget": "Ziel hinzufügen",
"proxyMultiSiteRoundRobinNodeHelp": "Round-Robin-Routing funktioniert nicht zwischen Standorten, die nicht mit demselben Knoten verbunden sind, aber Failover funktioniert.",
"targetErrorInvalidIp": "Ungültige IP-Adresse",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Doppelte Regel",
"rulesErrorDuplicateDescription": "Eine Regel mit diesen Einstellungen existiert bereits",
"rulesErrorInvalidIpAddressRange": "Ungültiger CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Bitte geben Sie einen gültigen CIDR-Wert ein",
- "rulesErrorInvalidUrl": "Ungültiger URL-Pfad",
- "rulesErrorInvalidUrlDescription": "Bitte geben Sie einen gültigen URL-Pfad-Wert ein",
- "rulesErrorInvalidIpAddress": "Ungültige IP",
- "rulesErrorInvalidIpAddressDescription": "Bitte geben Sie eine gültige IP-Adresse ein",
+ "rulesErrorInvalidIpAddressRangeDescription": "Geben Sie einen gültigen CIDR-Bereich ein (z.B., 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Ungültiger Pfad",
+ "rulesErrorInvalidUrlDescription": "Geben Sie einen gültigen URL-Pfad oder ein gültiges Muster ein (z.B., /api/*).",
+ "rulesErrorInvalidIpAddress": "Ungültige IP-Adresse",
+ "rulesErrorInvalidIpAddressDescription": "Geben Sie eine gültige IPv4 oder IPv6 Adresse ein.",
"rulesErrorUpdate": "Fehler beim Aktualisieren der Regeln",
"rulesErrorUpdateDescription": "Beim Aktualisieren der Regeln ist ein Fehler aufgetreten",
"rulesUpdated": "Regeln aktivieren",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Geben Sie eine IP-Adresse ein (z.B. 103.21.244.12)",
"rulesMatchUrl": "Geben Sie einen URL-Pfad oder -Muster ein (z.B. /api/v1/todos oder /api/v1/*)",
"rulesErrorInvalidPriority": "Ungültige Priorität",
- "rulesErrorInvalidPriorityDescription": "Bitte geben Sie eine gültige Priorität ein",
+ "rulesErrorInvalidPriorityDescription": "Geben Sie eine ganze Zahl von 1 oder höher ein.",
"rulesErrorDuplicatePriority": "Doppelte Prioritäten",
- "rulesErrorDuplicatePriorityDescription": "Bitte geben Sie eindeutige Prioritäten ein",
+ "rulesErrorDuplicatePriorityDescription": "Jede Regel muss eine eindeutige Prioritätsnummer haben.",
+ "rulesErrorValidation": "Ungültige Regeln",
+ "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Wählen Sie einen gültigen Vergleichstyp (Pfad, IP, CIDR, Land, Region oder ASN).",
+ "rulesErrorValueRequired": "Geben Sie einen Wert für diese Regel ein.",
+ "rulesErrorInvalidCountry": "Ungültiges Land",
+ "rulesErrorInvalidCountryDescription": "Wählen Sie ein gültiges Land aus.",
+ "rulesErrorInvalidAsn": "Ungültiges ASN",
+ "rulesErrorInvalidAsnDescription": "Geben Sie ein gültiges ASN ein (z.B., AS15169).",
"ruleUpdated": "Regeln aktualisiert",
"ruleUpdatedDescription": "Regeln erfolgreich aktualisiert",
"ruleErrorUpdate": "Operation fehlgeschlagen",
"ruleErrorUpdateDescription": "Während des Speichervorgangs ist ein Fehler aufgetreten",
"rulesPriority": "Priorität",
+ "rulesReorderDragHandle": "Ziehen, um die Regelpriorität neu zu ordnen",
"rulesAction": "Aktion",
"rulesMatchType": "Übereinstimmungstyp",
"value": "Wert",
@@ -744,9 +826,60 @@
"rulesResource": "Ressourcen-Regelkonfiguration",
"rulesResourceDescription": "Regeln konfigurieren, um den Zugriff auf die Ressource zu steuern",
"ruleSubmit": "Regel hinzufügen",
- "rulesNoOne": "Keine Regeln. Fügen Sie eine Regel über das Formular hinzu.",
+ "rulesNoOne": "Noch keine Regeln vorhanden.",
"rulesOrder": "Regeln werden nach aufsteigender Priorität ausgewertet.",
"rulesSubmit": "Regeln speichern",
+ "policyErrorCreate": "Fehler beim Erstellen der Richtlinie",
+ "policyErrorCreateDescription": "Beim Erstellen der Richtlinie ist ein Fehler aufgetreten",
+ "policyErrorCreateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten",
+ "policyErrorUpdate": "Fehler beim Aktualisieren der Richtlinie",
+ "policyErrorUpdateDescription": "Beim Aktualisieren der Richtlinie ist ein Fehler aufgetreten",
+ "policyErrorUpdateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten",
+ "policyCreatedSuccess": "Ressourcenrichtlinie erfolgreich erstellt",
+ "policyUpdatedSuccess": "Ressourcenrichtlinie erfolgreich aktualisiert",
+ "authMethodsSave": "Einstellungen speichern",
+ "policyAuthStackTitle": "Authentifizierung",
+ "policyAuthStackDescription": "Kontrollieren Sie, welche Authentifizierungsmethoden erforderlich sind, um auf diese Ressource zuzugreifen",
+ "policyAuthOrLogicTitle": "Mehrere Authentifizierungsmethoden aktiv",
+ "policyAuthOrLogicBanner": "Besucher können sich mit einer der unten aktiven Methoden authentifizieren. Sie müssen nicht alle abschließen.",
+ "policyAuthMethodActive": "Aktiv",
+ "policyAuthMethodOff": "Aus",
+ "policyAuthSsoTitle": "Plattform SSO",
+ "policyAuthSsoDescription": "Anmeldung über den Identitätsanbieter Ihrer Organisation erforderlich",
+ "policyAuthSsoSummary": "{idp} · {users} Benutzer, {roles} Rollen",
+ "policyAuthSsoDefaultIdp": "Standardanbieter",
+ "policyAuthAddDefaultIdentityProvider": "Standardidentitätsanbieter hinzufügen",
+ "policyAuthOtherMethodsTitle": "Andere Methoden",
+ "policyAuthOtherMethodsDescription": "Optionale Methoden, die Besucher anstelle von oder zusammen mit Plattform-SSO verwenden können",
+ "policyAuthPasscodeTitle": "Passwort",
+ "policyAuthPasscodeDescription": "Erfordere einen geteilten alphanumerischen Passcode für den Zugriff auf die Ressource",
+ "policyAuthPasscodeSummary": "Passcode festgelegt",
+ "policyAuthPincodeTitle": "PIN-Code",
+ "policyAuthPincodeDescription": "Ein kurzer numerischer Code, der erforderlich ist, um auf die Ressource zuzugreifen",
+ "policyAuthPincodeSummary": "6-stelliger PIN festgelegt",
+ "policyAuthEmailTitle": "E-Mail-Whitelist",
+ "policyAuthEmailDescription": "Erlaubte E-Mail-Adressen mit Einmalpasswörtern",
+ "policyAuthEmailSummary": "{count} Adressen erlaubt",
+ "policyAuthEmailOtpCallout": "Durch Aktivieren der E-Mail-Whitelist wird beim Einloggen ein Einmalpasswort an die E-Mail des Besuchers gesendet.",
+ "policyAuthHeaderAuthTitle": "Grundlegende Header-Authentifizierung",
+ "policyAuthHeaderAuthDescription": "Überprüfen Sie einen benutzerdefinierten HTTP-Headernamen und -wert bei jeder Anfrage",
+ "policyAuthHeaderAuthSummary": "Header konfiguriert",
+ "policyAuthHeaderName": "Header-Name",
+ "policyAuthHeaderValue": "Erwarteter Wert",
+ "policyAuthSetPasscode": "Passcode setzen",
+ "policyAuthSetPincode": "PIN-Code festlegen",
+ "policyAuthSetEmailWhitelist": "E-Mail-Whitelist festlegen",
+ "policyAuthSetHeaderAuth": "Grundlegende Header-Authentifizierung festlegen",
+ "policyAccessRulesTitle": "Zugriffsregeln",
+ "policyAccessRulesEnableDescription": "Bei Aktivierung werden die Regeln in absteigender Reihenfolge ausgewertet, bis eine als wahr ausgewertet wird.",
+ "policyAccessRulesFirstMatch": "Regeln werden von oben nach unten ausgewertet. Die erste übereinstimmende Regel bestimmt das Ergebnis.",
+ "policyAccessRulesHowItWorks": "Regeln vergleichen Anfragen nach Pfad, IP-Adresse, Standort oder anderen Kriterien. Jede Regel wendet eine Aktion an: Authentifizierung umgehen, Zugriff blockieren oder zur Authentifizierung weiterleiten. Wenn keine Regel zutrifft, wird der Verkehr zur Authentifizierung weitergeleitet.",
+ "policyAccessRulesFallthroughOff": "Wenn Regeln deaktiviert sind, wird der gesamte Verkehr zur Authentifizierung weitergeleitet.",
+ "policyAccessRulesFallthroughOn": "Wenn keine Regel übereinstimmt, wird der Verkehr zur Authentifizierung weitergeleitet.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Regeln speichern",
"resourceErrorCreate": "Fehler beim Erstellen der Ressource",
"resourceErrorCreateDescription": "Beim Erstellen der Ressource ist ein Fehler aufgetreten",
"resourceErrorCreateMessage": "Fehler beim Erstellen der Ressource:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Beim Aktualisieren der Ressource ist ein Fehler aufgetreten",
"access": "Zugriff",
"accessControl": "Zugriffskontrolle",
- "shareLink": "{resource} Freigabe-Link",
+ "shareLink": "{resource} Freigabelink",
"resourceSelect": "Ressource auswählen",
- "shareLinks": "Freigabe-Links",
+ "shareLinks": "Teilbare Links",
"share": "Teilbare Links",
"shareDescription2": "Erstellen Sie teilbare Links zu Ressourcen. Links bieten temporären oder unbegrenzten Zugriff auf Ihre Ressource. Sie können die Verfallsdauer des Links beim Erstellen eines Links festlegen.",
"shareEasyCreate": "Einfach zu erstellen und zu teilen",
@@ -810,6 +943,17 @@
"pincodeAdd": "PIN-Code hinzufügen",
"pincodeRemove": "PIN-Code entfernen",
"resourceAuthMethods": "Authentifizierungsmethoden",
+ "resourcePolicyAuthMethodsEmpty": "Keine Authentifizierungsmethode",
+ "resourcePolicyOtpEmpty": "Kein Einmal-Passwort",
+ "resourcePolicyReadOnly": "Diese Richtlinie ist nur lesbar",
+ "resourcePolicyReadOnlyDescription": "Diese Ressourcenrichtlinie wird über mehrere Ressourcen geteilt, Sie können sie auf dieser Seite nicht bearbeiten.",
+ "editSharedPolicy": "Geteilte Richtlinie bearbeiten",
+ "resourcePolicyTypeSave": "Ressourcentyp speichern",
+ "resourcePolicySelect": "Ressourcenrichtlinie auswählen",
+ "resourcePolicySelectError": "Wählen Sie eine Ressourcenrichtlinie aus",
+ "resourcePolicyNotFound": "Richtlinie nicht gefunden",
+ "resourcePolicySearch": "Richtlinien suchen",
+ "resourcePolicyRulesEmpty": "Keine Authentifizierungsregeln",
"resourceAuthMethodsDescriptions": "Ermöglichen Sie den Zugriff auf die Ressource über zusätzliche Authentifizierungsmethoden",
"resourceAuthSettingsSave": "Erfolgreich gespeichert",
"resourceAuthSettingsSaveDescription": "Authentifizierungseinstellungen wurden gespeichert",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "PIN-Code festlegen",
"resourcePincodeSetupTitleDescription": "Legen Sie einen PIN-Code fest, um diese Ressource zu schützen",
"resourceRoleDescription": "Administratoren haben immer Zugriff auf diese Ressource.",
+ "resourcePolicySelectTitle": "Zugriffsrichtlinie für Ressourcen",
+ "resourcePolicySelectDescription": "Wählen Sie den Ressourcentransfertyp für die Authentifizierung",
+ "resourcePolicyTypeLabel": "Richtlinientyp",
+ "resourcePolicyLabel": "Ressourcenrichtlinie",
+ "resourcePolicyInline": "Inline-Ressourcenrichtlinie",
+ "resourcePolicyInlineDescription": "Zugriffsrichtlinie nur für diese Ressource",
+ "resourcePolicyShared": "Geteilte Ressourcenrichtlinie",
+ "resourcePolicySharedDescription": "Diese Ressource verwendet eine gemeinsame Richtlinie.",
+ "sharedPolicy": "Gemeinsame Richtlinie",
+ "sharedPolicyNoneDescription": "Diese Ressource hat ihre eigene Richtlinie.",
+ "resourceSharedPolicyOwnDescription": "Diese Ressource hat eigene Authentifizierungs- und Zugriffsregel-Kontrollen.",
+ "resourceSharedPolicyInheritedDescription": "Diese Ressource erbt von {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Diese Ressource verwendet eine geteilte Richtlinie. Einige Authentifizierungseinstellungen können in dieser Ressource bearbeitet werden, um zur Richtlinie beizutragen. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie zu {policyName} wechseln.",
+ "resourceSharedPolicyRulesNotice": "Diese Ressource verwendet eine gemeinsame Richtlinie. Einige Zugriffsregeln können in dieser Ressource bearbeitet werden. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie {policyName} bearbeiten.",
"resourceUsersRoles": "Zugriffskontrolle",
"resourceUsersRolesDescription": "Konfigurieren Sie, welche Benutzer und Rollen diese Ressource besuchen können",
"resourceUsersRolesSubmit": "Zugriffskontrollen speichern",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Sichtbarkeit",
"resourceVisibilityTitleDescription": "Ressourcensichtbarkeit vollständig aktivieren oder deaktivieren",
"resourceGeneral": "Allgemeine Einstellungen",
- "resourceGeneralDescription": "Konfigurieren Sie die allgemeinen Einstellungen für diese Ressource",
+ "resourceGeneralDescription": "Konfigurieren Sie Name, Adresse und Zugriffsrichtlinie für diese Ressource.",
+ "resourceGeneralDetailsSubsection": "Ressourcendetails",
+ "resourceGeneralDetailsSubsectionDescription": "Legen Sie den Anzeigenamen, die Kennung und die öffentlich zugängliche Domain für diese Ressource fest.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Legen Sie den Anzeigenamen, die Kennung und den öffentlichen Port für diese Ressource fest.",
+ "resourceGeneralPublicAddressSubsection": "Öffentliche Adresse",
+ "resourceGeneralPublicAddressSubsectionDescription": "Bestimmen Sie, wie Benutzer diese Ressource erreichen.",
+ "resourceGeneralAuthenticationAccessSubsection": "Authentifizierung und Zugriff",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Wählen Sie, ob diese Ressource ihre eigene Richtlinie verwendet oder von einer gemeinsamen Richtlinie erbt.",
"resourceEnable": "Ressource aktivieren",
"resourceTransfer": "Ressource übertragen",
"resourceTransferDescription": "Diese Ressource auf einen anderen Standort übertragen",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Es gab ein Problem bei der Verbindung zu {name}. Bitte kontaktieren Sie Ihren Administrator.",
"idpErrorNotFound": "IdP nicht gefunden",
"inviteInvalid": "Ungültige Einladung",
+ "labels": "Etiketten",
+ "orgLabelsDescription": "Etiketten in dieser Organisation verwalten.",
+ "addLabels": "Etiketten hinzufügen",
+ "siteLabelsTab": "Etiketten",
+ "siteLabelsDescription": "Verwalten Sie die mit diesem Standort verbundenen Etiketten.",
+ "labelsNotFound": "Keine Kennzeichnungen gefunden.",
+ "labelsEmptyCreateHint": "Beginnen Sie oben zu tippen, um ein Label zu erstellen.",
+ "labelSearch": "Etiketten suchen",
+ "labelSearchOrCreate": "Suchen oder erstellen Sie ein Label",
+ "accessLabelFilterCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
+ "labelOverflowCount": "+{count, plural, one {# Etikett} other {# Etiketten}}",
+ "accessLabelFilterClear": "Etikettenfilter löschen",
+ "accessFilterClear": "Filter löschen",
+ "selectColor": "Farbe auswählen",
+ "createNewLabel": "Neues Org-Etikett \"{label}\" erstellen",
"inviteInvalidDescription": "Der Einladungslink ist ungültig.",
"inviteErrorWrongUser": "Einladung ist nicht für diesen Benutzer",
"inviteErrorUserNotExists": "Benutzer existiert nicht. Bitte erstelle zuerst ein Konto.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Blueprint anwenden",
"actionListBlueprints": "Blaupausen anzeigen",
"actionGetBlueprint": "Erhalte Blaupause",
+ "actionCreateOrgWideLauncherView": "Organisationen-Weiter-Startansicht erstellen",
"setupToken": "Setup-Token",
"setupTokenDescription": "Geben Sie das Setup-Token von der Serverkonsole ein.",
"setupTokenRequired": "Setup-Token ist erforderlich",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Ressourcen",
"sidebarProxyResources": "Öffentlich",
"sidebarClientResources": "Privat",
+ "sidebarPolicies": "Gemeinsame Richtlinien",
+ "sidebarResourcePolicies": "Öffentliche Ressourcen",
"sidebarAccessControl": "Zugriffskontrolle",
"sidebarLogsAndAnalytics": "Protokolle & Analysen",
"sidebarTeam": "Team",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Admin",
"sidebarInvitations": "Einladungen",
"sidebarRoles": "Rollen",
- "sidebarShareableLinks": "Links",
+ "sidebarShareableLinks": "Teilbare Links",
"sidebarApiKeys": "API-Schlüssel",
"sidebarProvisioning": "Bereitstellung",
"sidebarSettings": "Einstellungen",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Standort {id}",
"standaloneHcFilterResourceIdFallback": "Ressource {id}",
"blueprints": "Blaupausen",
- "blueprintsDescription": "Deklarative Konfigurationen anwenden und vorherige Abläufe anzeigen",
+ "blueprintsLog": "Blaupausen-Protokoll",
+ "blueprintsDescription": "Betrachten Sie vergangene Blueprint-Anwendungen und deren Ergebnisse oder wenden Sie einen neuen Blueprint an",
"blueprintAdd": "Blueprint hinzufügen",
"blueprintGoBack": "Alle Blueprints ansehen",
"blueprintCreate": "Blueprint erstellen",
@@ -1575,7 +1759,17 @@
"contents": "Inhalt",
"parsedContents": "Analysierte Inhalte (Nur lesen)",
"enableDockerSocket": "Docker Blueprint aktivieren",
- "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blueprintbeschriftungen. Der Socket-Pfad muss neu angegeben werden.",
+ "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blueprint-Etiketten. Der Socket-Pfad muss dem Site-Connector angegeben werden. Lesen Sie, wie dies in der Dokumentation funktioniert.",
+ "newtAutoUpdate": "Standort-Auto-Update aktivieren",
+ "newtAutoUpdateDescription": "Wenn aktiviert, werden die Seiten-Connectoren automatisch die neueste Version herunterladen und sich selbst neu starten. Dies kann für jede Seite überschrieben werden.",
+ "siteAutoUpdate": "Standort-Auto-Update",
+ "siteAutoUpdateLabel": "Autoupdate aktivieren",
+ "siteAutoUpdateDescription": "Wenn aktiviert, wird der Seiten-Connector automatisch die neueste Version herunterladen und sich selbst neu starten.",
+ "siteAutoUpdateOrgDefault": "Standard der Organisation: {state}",
+ "siteAutoUpdateOverriding": "Organisations-Einstellung überschreiben",
+ "siteAutoUpdateResetToOrg": "Auf Standard der Organisation zurücksetzen",
+ "siteAutoUpdateEnabled": "aktiviert",
+ "siteAutoUpdateDisabled": "deaktiviert",
"viewDockerContainers": "Docker Container anzeigen",
"containersIn": "Container in {siteName}",
"selectContainerDescription": "Wählen Sie einen Container, der als Hostname für dieses Ziel verwendet werden soll. Klicken Sie auf einen Port, um einen Port zu verwenden.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Zertifikat",
"certificateStatusAutoRefreshHint": "Der Status wird automatisch aktualisiert.",
"loading": "Laden",
+ "loadingEllipsis": "Laden...",
"loadingAnalytics": "Analytik wird geladen",
"restart": "Neustart",
"domains": "Domänen",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Kontoeinrichtung abgeschlossen! Willkommen bei Pangolin!",
"documentation": "Dokumentation",
"saveAllSettings": "Alle Einstellungen speichern",
- "saveResourceTargets": "Ziele speichern",
- "saveResourceHttp": "Proxy-Einstellungen speichern",
- "saveProxyProtocol": "Proxy-Protokolleinstellungen speichern",
+ "saveResourceTargets": "Einstellungen speichern",
+ "saveResourceHttp": "Einstellungen speichern",
+ "saveProxyProtocol": "Einstellungen speichern",
"settingsUpdated": "Einstellungen aktualisiert",
"settingsUpdatedDescription": "Einstellungen erfolgreich aktualisiert",
"settingsErrorUpdate": "Einstellungen konnten nicht aktualisiert werden",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Verwalten Sie Ihr Abonnement für kostenpflichtige selbstgehostete Lizenzschlüssel",
"billingCurrentKeys": "Aktuelle Tasten",
"billingModifyCurrentPlan": "Aktuelles Paket ändern",
+ "billingManageLicenseSubscriptionDescription": "Verwalten Sie Ihr Abonnement für bezahlte selbst gehostete Lizenzschlüssel und laden Sie Rechnungen herunter.",
"billingConfirmUpgrade": "Upgrade bestätigen",
"billingConfirmDowngrade": "Downgrade bestätigen",
"billingConfirmUpgradeDescription": "Sie sind dabei, Ihr Paket zu aktualisieren. Schauen Sie sich die neuen Limits und Preise unten an.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Subnetz",
"addressDescription": "Die interne Adresse des Clients. Muss in das Subnetz der Organisation fallen.",
"selectSites": "Standorte auswählen",
+ "selectLabels": "Etiketten auswählen",
"sitesDescription": "Der Client wird zu den ausgewählten Standorten eine Verbindung haben.",
"clientInstallOlm": "Olm installieren",
"clientInstallOlmDescription": "Olm auf Ihrem System zum Laufen bringen",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Unbekannt",
"healthCheck": "Gesundheits-Check",
"configureHealthCheck": "Gesundheits-Check konfigurieren",
- "configureHealthCheckDescription": "Richten Sie die Gesundheitsüberwachung für {target} ein",
+ "configureHealthCheckDescription": "Richten Sie die Überwachung für Ihre Resource ein, um sicherzustellen, dass sie immer verfügbar ist",
"enableHealthChecks": "Gesundheits-Checks aktivieren",
"healthCheckDisabledStateDescription": "Wenn deaktiviert, führt der Standort keine Gesundheitsprüfungen durch und der Zustand wird als unbekannt betrachtet.",
"enableHealthChecksDescription": "Überwachen Sie die Gesundheit dieses Ziels. Bei Bedarf können Sie einen anderen Endpunkt als das Ziel überwachen.",
"healthScheme": "Methode",
"healthSelectScheme": "Methode auswählen",
- "healthCheckPortInvalid": "Der Gesundheitskontroll-Port muss zwischen 1 und 65535 liegen",
+ "healthCheckPortInvalid": "Der Port muss zwischen 1 und 65535 liegen",
"healthCheckPath": "Pfad",
"healthHostname": "IP / Host",
"healthPort": "Port",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Zeit ist in Sekunden",
"requireDeviceApproval": "Gerätegenehmigungen erforderlich",
"requireDeviceApprovalDescription": "Benutzer mit dieser Rolle benötigen neue Geräte, die von einem Administrator genehmigt wurden, bevor sie sich verbinden und auf Ressourcen zugreifen können.",
- "sshAccess": "SSH-Zugriff",
+ "sshSettings": "SSH-Einstellungen",
+ "sshAccess": "SSH Zugriff",
+ "rdpSettings": "RDP-Einstellungen",
+ "vncSettings": "VNC-Einstellungen",
+ "sshServer": "SSH-Server",
+ "rdpServer": "RDP-Server",
+ "vncServer": "VNC-Server",
+ "sshServerDescription": "Richten Sie die Authentifizierungsmethode, den Daemon-Standort und das Serverziel ein",
+ "rdpServerDescription": "Konfigurieren Sie das Ziel und den Port des RDP-Servers",
+ "vncServerDescription": "Konfigurieren Sie das Ziel und den Port des VNC-Servers",
+ "sshServerMode": "Modus",
+ "sshServerModeStandard": "Standard-SSH-Server",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Routen Befehle über Netzwerk zu einem SSH-Server wie OpenSSH.",
+ "sshServerModeNative": "Nativer SSH-Server",
+ "sshServerModeNativeDescription": "Führt Befehle direkt auf dem Host über den Site Connector aus. Keine Netzwerkkonfiguration erforderlich.",
+ "sshAuthenticationMethod": "Authentifizierungsmethode",
+ "sshAuthMethodManual": "Manuelle Authentifizierung",
+ "sshAuthMethodManualDescription": "Erfordert vorhandene Host-Anmeldeinformationen. Umgeht die automatische Bereitstellung.",
+ "sshAuthMethodAutomated": "Automatisierte Bereitstellung",
+ "sshAuthMethodAutomatedDescription": "Erstellt automatisch Benutzer, Gruppen und Sudo-Berechtigungen auf dem Host.",
+ "sshAuthDaemonLocation": "Standort des Auth-Daemon",
+ "sshDaemonLocationSiteDescription": "Wird lokal auf dem Rechner ausgeführt, der den Site-Connector beherbergt.",
+ "sshDaemonLocationRemote": "Auf Remote-Host",
+ "sshDaemonLocationRemoteDescription": "Wird auf einem separaten Zielrechner im gleichen Netzwerk ausgeführt.",
+ "sshDaemonDisclaimer": "Stellen Sie sicher, dass Ihr Zielhost korrekt konfiguriert ist, um den Auth-Daemon auszuführen, bevor Sie dieses Setup abschließen, andernfalls wird die Bereitstellung fehlschlagen.",
+ "sshDaemonPort": "Daemon-Port",
+ "sshServerDestination": "Serverziel",
+ "sshServerDestinationDescription": "Ziel des SSH-Servers konfigurieren",
+ "destination": "Ziel",
+ "destinationRequired": "Ziel ist erforderlich.",
+ "domainRequired": "Domain ist erforderlich.",
+ "proxyPortRequired": "Port ist erforderlich.",
+ "invalidPathConfiguration": "Ungültige Pfadkonfiguration.",
+ "invalidRewritePathConfiguration": "Ungültige Neupfad-Konfiguration.",
+ "bgTargetMultiSiteDisclaimer": "Die Auswahl mehrerer Standorte ermöglicht eine widerstandsfähige Weiterleitung und einen Failover für hohe Verfügbarkeit.",
"roleAllowSsh": "SSH erlauben",
"roleAllowSshAllow": "Erlauben",
"roleAllowSshDisallow": "Nicht zulassen",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
"sshSudo": "sudo erlauben",
"sshSudoCommands": "Sudo-Befehle",
- "sshSudoCommandsDescription": "Kommagetrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf.",
+ "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf, durch Kommas, Leerzeichen oder neue Zeilen getrennt. Absolute Pfade müssen verwendet werden.",
"sshCreateHomeDir": "Home-Verzeichnis erstellen",
"sshUnixGroups": "Unix-Gruppen",
- "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
+ "sshUnixGroupsDescription": "Unix-Gruppen, in die der Benutzer auf dem Ziel-Host aufgenommen werden soll, getrennt durch Kommas, Leerzeichen oder neue Zeilen.",
+ "roleTextFieldPlaceholder": "Werte eingeben oder eine .txt- oder .csv-Datei ablegen",
+ "roleTextImportTitle": "Von Datei importieren",
+ "roleTextImportDescription": "Importiere {fileName} in {fieldLabel}.",
+ "roleTextImportSkipHeader": "Erste Zeile überspringen (Header)",
+ "roleTextImportOverride": "Vorhandenes ersetzen",
+ "roleTextImportAppend": "An vorhandenes anfügen",
+ "roleTextImportMode": "Importmodus",
+ "roleTextImportPreview": "Vorschau",
+ "roleTextImportItemCount": "{count, plural, =0 {Keine Elemente zu importieren} one {1 Element zu importieren} other {# Elemente zu importieren}}",
+ "roleTextImportTotalCount": "{existing} vorhanden + {imported} importiert = {total} gesamt",
+ "roleTextImportConfirm": "Importieren",
+ "roleTextImportInvalidFile": "Nicht unterstützter Dateityp",
+ "roleTextImportInvalidFileDescription": "Nur .txt- und .csv-Dateien werden unterstützt.",
+ "roleTextImportEmpty": "Keine Elemente in der Datei gefunden",
+ "roleTextImportEmptyDescription": "Die Datei enthält keine importierbaren Elemente.",
"retryAttempts": "Wiederholungsversuche",
"expectedResponseCodes": "Erwartete Antwortcodes",
"expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Schema",
"editInternalResourceDialogEnableSsl": "TLS aktivieren",
"editInternalResourceDialogEnableSslDescription": "SSL/TLS-Verschlüsselung für sichere HTTPS-Verbindungen zum Ziel aktivieren.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Standort",
"selectSite": "Standort auswählen...",
"multiSitesSelectorSitesCount": "{count, plural, one {# Standort} other {# Standorte}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
"noSitesFound": "Keine Standorte gefunden.",
"createInternalResourceDialogProtocol": "Protokoll",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Schema",
"createInternalResourceDialogScheme": "Schema",
"createInternalResourceDialogEnableSsl": "TLS aktivieren",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "Der CIDR-Bereich der Ressource im Netzwerk der Website.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Ein optionaler interner DNS-Alias für diese Ressource.",
+ "internalResourceAliasLocalWarning": "Aliasse, die auf .local enden, können aufgrund von mDNS in einigen Netzwerken zu Auflösungsproblemen führen.",
"internalResourceDownstreamSchemeRequired": "Schema ist für HTTP-Ressourcen erforderlich",
"internalResourceHttpPortRequired": "Zielport ist für HTTP-Ressourcen erforderlich",
"siteConfiguration": "Konfiguration",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Entfernte Knoten",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Geheimnis",
+ "remoteExitNodeNetworkingTitle": "Netzwerkeinstellungen",
+ "remoteExitNodeNetworkingDescription": "Konfigurieren Sie, wie dieser Remote Exit Node den Datenverkehr leitet und welche Standorte bevorzugt über ihn verbinden. Erweiterte Funktionen zur Verwendung mit Backhaul-Netzwerkkonfigurationen.",
+ "remoteExitNodeNetworkingSave": "Einstellungen speichern",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Netzwerkeinstellungen gespeichert",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Netzwerkeinstellungen wurden erfolgreich aktualisiert.",
+ "remoteExitNodeNetworkingSaveError": "Fehler beim Speichern der Netzwerkeinstellungen",
+ "remoteExitNodeNetworkingSubnetsTitle": "Remote-Subnetze",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definieren Sie die CIDR-Bereiche, an die dieser Remote Exit Node den Datenverkehr weiterleitet. Geben Sie einen gültigen CIDR (z. B. 10.0.0.0/8) ein und drücken Sie die Eingabetaste, um hinzuzufügen.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Fügen Sie einen CIDR-Bereich hinzu (z.B. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Fehler beim Laden der Subnetze",
+ "remoteExitNodeNetworkingLabelsTitle": "Präferenzetiketten",
+ "remoteExitNodeNetworkingLabelsDescription": "Standorte mit diesen Etiketten werden gezwungen, über diesen Remote Exit Node zu verbinden.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Etiketten auswählen...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Etiketten suchen...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Fehler beim Laden der Etiketten",
"remoteExitNodeCreate": {
"title": "Erstelle Remote Node",
"description": "Erstelle einen neues selbst gehostetes Relay und ihre Proxyserver Nodes",
@@ -2233,7 +2499,7 @@
"description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichen Glocken und Pfeifen",
"introTitle": "Verwalteter selbstgehosteter Pangolin",
"introDescription": "ist eine Deployment-Option, die für Personen konzipiert wurde, die Einfachheit und zusätzliche Zuverlässigkeit wünschen, während sie ihre Daten privat und selbstgehostet halten.",
- "introDetail": "Mit dieser Option haben Sie immer noch Ihren eigenen Pangolin-Knoten – Ihre Tunnel, TLS-Terminierung und Traffic bleiben auf Ihrem Server. Der Unterschied besteht darin, dass Verwaltung und Überwachung über unser Cloud-Dashboard abgewickelt werden, das eine Reihe von Vorteilen freischaltet:",
+ "introDetail": "Mit dieser Option betreiben Sie weiterhin Ihren eigenen Pangolin-Knoten – Ihre Tunnel, TLS-Terminierung und der gesamte Datenverkehr bleiben auf Ihrem Server. Der Unterschied besteht darin, dass die Verwaltung und Überwachung über unser Cloud-Dashboard erfolgt, was eine Reihe von Vorteilen freischaltet:",
"benefitSimplerOperations": {
"title": "Einfachere Operationen",
"description": "Sie brauchen keinen eigenen Mail-Server auszuführen oder komplexe Warnungen einzurichten. Sie erhalten Gesundheitschecks und Ausfallwarnungen aus dem Box."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC Provider",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Subnetz",
+ "utilitySubnet": "Nutzsubnetz",
"subnetDescription": "Das Subnetz für die Netzwerkkonfiguration dieser Organisation.",
"customDomain": "Eigene Domain",
"authPage": "Authentifizierungs-Seiten",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Organisation oder Domänen-ID fehlt",
"loadingDNSRecords": "Lade DNS-Einträge...",
"olmUpdateAvailableInfo": "Eine aktualisierte Version von Olm ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für die beste Erfahrung.",
+ "updateAvailableInfo": "Eine aktualisierte Version ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
"client": "Client",
"proxyProtocol": "Proxy-Protokoll-Einstellungen",
"proxyProtocolDescription": "Konfigurieren Sie das Proxy-Protokoll, um die IP-Adressen des Clients für TCP-Dienste zu erhalten.",
"enableProxyProtocol": "Proxy-Protokoll aktivieren",
"proxyProtocolInfo": "Client-IP-Adressen für TCP-Backends beibehalten",
"proxyProtocolVersion": "Proxy-Protokollversion",
- "version1": " Version 1 (empfohlen)",
+ "version1": "Version 1 (Empfohlen)",
"version2": "Version 2",
- "versionDescription": "Die Version 1 ist textbasiert und unterstützt die Version 2, ist binär und effizienter, aber weniger kompatibel.",
+ "version1Description": "Textbasiert und weit verbreitet. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
+ "version2Description": "Binär und effizienter, aber weniger kompatibel. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
"warning": "Warnung",
"proxyProtocolWarning": "Die Backend-Anwendung muss so konfiguriert sein, dass Proxy-Protokoll-Verbindungen akzeptiert werden. Wenn Ihr Backend das Proxy-Protokoll nicht unterstützt, wird das Aktivieren aller Verbindungen unterbrochen, so dass Sie dies nur aktivieren, wenn Sie wissen, was Sie tun. Stellen Sie sicher, dass Sie Ihr Backend so konfigurieren, dass es Proxy-Protokoll-Header von Traefik vertraut.",
"restarting": "Neustarten...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Bestätigung eingeben",
"blueprintViewDetails": "Details",
"defaultIdentityProvider": "Standard Identitätsanbieter",
- "defaultIdentityProviderDescription": "Wenn ein Standard-Identity Provider ausgewählt ist, wird der Benutzer zur Authentifizierung automatisch an den Anbieter weitergeleitet.",
+ "defaultIdentityProviderDescription": "Der Benutzer wird automatisch zu diesem Identitätsanbieter für die Authentifizierung weitergeleitet.",
"editInternalResourceDialogNetworkSettings": "Netzwerkeinstellungen",
"editInternalResourceDialogAccessPolicy": "Zugriffsrichtlinie",
"editInternalResourceDialogAddRoles": "Rollen hinzufügen",
@@ -2937,11 +3206,12 @@
"learnMore": "Mehr erfahren",
"backToHome": "Zurück zur Startseite",
"needToSignInToOrg": "Benötigen Sie den Identitätsanbieter Ihres Unternehmens?",
- "maintenanceMode": "Wartungsmodus",
+ "maintenanceMode": "Wartungsseite",
"maintenanceModeDescription": "Eine Wartungsseite für Besucher anzeigen",
"maintenanceModeType": "Art des Wartungsmodus",
"showMaintenancePage": "Eine Wartungsseite für Besucher anzeigen",
"enableMaintenanceMode": "Wartungsmodus aktivieren",
+ "enableMaintenanceModeDescription": "Bei Aktivierung sehen Besucher eine Wartungsseite anstelle Ihrer Ressource.",
"automatic": "Automatisch",
"automaticModeDescription": " Wartungsseite nur anzeigen, wenn alle Backend-Ziele deaktiviert oder ungesund sind. Deine Ressource funktioniert normal, solange mindestens ein Ziel gesund ist.",
"forced": "Erzwungen",
@@ -2949,6 +3219,8 @@
"warning:": "Warnung:",
"forcedeModeWarning": "Der gesamte Datenverkehr wird zur Wartungsseite weitergeleitet. Ihre Backend-Ressourcen werden keine Anfragen erhalten.",
"pageTitle": "Seitentitel",
+ "maintenancePageContentSubsection": "Seiteninhalt",
+ "maintenancePageContentSubsectionDescription": "Passen Sie den auf der Wartungsseite angezeigten Inhalt an",
"pageTitleDescription": "Die Hauptüberschrift auf der Wartungsseite",
"maintenancePageMessage": "Wartungsmeldung",
"maintenancePageMessagePlaceholder": "Wir sind bald wieder da! Unsere Seite wird derzeit planmäßig gewartet.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Geschätzter Abschluss:",
"createInternalResourceDialogDestinationRequired": "Ziel ist erforderlich",
"available": "Verfügbar",
+ "disabledResourceDescription": "Wenn deaktiviert, ist die Ressource für alle unzugänglich.",
"archived": "Archiviert",
"noArchivedDevices": "Keine archivierten Geräte gefunden",
"deviceArchived": "Gerät archiviert",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Sind Sie sicher, dass Sie die Verknüpfung dieses Identitätsanbieters mit dieser Organisation aufheben möchten?",
"idpUnassociateDescription": "Alle Benutzer, die mit diesem Identitätsanbieter verbunden sind, werden aus dieser Organisation entfernt, aber der Identitätsanbieter bleibt für andere verbundene Organisationen weiterhin bestehen.",
"idpUnassociateConfirm": "Verknüpfung des Identitätsanbieters aufheben bestätigen",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "LÖSCHE UND ENTFERNE MICH AUS DER ORG",
+ "idpUnassociateAndRemoveMeFromOrg": "VERBINDUNG LÖSEN UND ENTFERNE MICH AUS DER ORG",
"idpUnassociateWarning": "Dies kann für diese Organisation nicht rückgängig gemacht werden.",
"idpUnassociatedDescription": "Identitätsanbieter erfolgreich von dieser Organisation gelöst",
"idpUnassociateMenu": "Verknüpfung aufheben",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "E-Mail-Whitelist",
"memberPortalResourceDisabled": "Ressource deaktiviert",
"memberPortalShowingResources": "Zeige {start}-{end} von {total} Ressourcen",
+ "resourceLauncherTitle": "Ressourcenstarter",
+ "resourceLauncherDescription": "Sehen Sie sich Ressourcendetails an und starten Sie sie von einem Ort aus",
+ "resourceLauncherSearchPlaceholder": "Alle Standorte durchsuchen...",
+ "resourceLauncherDefaultView": "Standard",
+ "resourceLauncherSaveView": "Ansicht speichern",
+ "resourceLauncherSaveToCurrentView": "In aktueller Ansicht speichern",
+ "resourceLauncherResetView": "Ansicht zurücksetzen",
+ "resourceLauncherSaveAsNewView": "Als neue Ansicht speichern",
+ "resourceLauncherSaveAsNewViewDescription": "Geben Sie dieser Ansicht einen Namen, um Ihre aktuellen Filter und das Layout zu speichern.",
+ "resourceLauncherSaveForEveryone": "Für alle speichern",
+ "resourceLauncherSaveForEveryoneDescription": "Teilen Sie diese Ansicht mit allen Organisationsmitgliedern. Wenn nicht aktiviert, ist die Ansicht nur für Sie sichtbar.",
+ "resourceLauncherMakePersonal": "Persönlich machen",
+ "resourceLauncherFilter": "Filter",
+ "resourceLauncherSort": "Sortieren",
+ "resourceLauncherSortAscending": "Aufsteigend sortieren",
+ "resourceLauncherSortDescending": "Absteigend sortieren",
+ "resourceLauncherSettings": "Einstellungen",
+ "resourceLauncherGroupBy": "Gruppieren nach",
+ "resourceLauncherGroupBySite": "Standort",
+ "resourceLauncherGroupByLabel": "Etikett",
+ "resourceLauncherLayout": "Layout",
+ "resourceLauncherLayoutGrid": "Raster",
+ "resourceLauncherLayoutList": "Liste",
+ "resourceLauncherShowLabels": "Etiketten anzeigen",
+ "resourceLauncherShowSiteTags": "Standort-Tags anzeigen",
+ "resourceLauncherShowRecents": "Kürzlich anzeigen",
+ "resourceLauncherDeleteView": "Ansicht löschen",
+ "resourceLauncherViewAsAdmin": "Ansicht als Administrator anzeigen",
+ "resourceLauncherResourceDetailsDescription": "Anzeigen von Details zu dieser Ressource.",
+ "resourceLauncherUnlabeled": "Nicht etikettiert",
+ "resourceLauncherNoSite": "Kein Standort",
+ "resourceLauncherNoResourcesInGroup": "Keine Ressourcen in dieser Gruppe",
+ "resourceLauncherEmptyStateTitle": "Keine Ressourcen verfügbar",
+ "resourceLauncherEmptyStateDescription": "Sie haben noch keinen Zugriff auf Ressourcen. Kontaktieren Sie Ihren Administrator, um Zugriff anzufordern.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Keine Ressourcen gefunden",
+ "resourceLauncherEmptyStateNoResultsDescription": "Keine Ressourcen entsprechen Ihrer aktuellen Suche oder den Filtern. Versuchen Sie, diese anzupassen, um zu finden, wonach Sie suchen.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Keine Ressourcen entsprechen \"{query}\". Versuchen Sie, Ihre Suche anzupassen oder die Filter zu löschen, um alle Ressourcen anzuzeigen.",
+ "resourceLauncherCopiedToClipboard": "In die Zwischenablage kopiert",
+ "resourceLauncherCopiedAccessDescription": "Der Ressourcenzugriff wurde in Ihre Zwischenablage kopiert.",
+ "resourceLauncherViewNamePlaceholder": "Ansichtsname",
+ "resourceLauncherViewNameLabel": "Ansichtsname",
+ "resourceLauncherViewSaved": "Ansicht gespeichert",
+ "resourceLauncherViewSavedDescription": "Ihre Startansicht wurde gespeichert.",
+ "resourceLauncherViewSaveFailed": "Fehler beim Speichern der Ansicht",
+ "resourceLauncherViewSaveFailedDescription": "Die Startansicht konnte nicht gespeichert werden. Bitte versuchen Sie es erneut.",
+ "resourceLauncherViewDeleted": "Ansicht gelöscht",
+ "resourceLauncherViewDeletedDescription": "Die Startansicht wurde gelöscht.",
+ "resourceLauncherViewDeleteFailed": "Fehler beim Löschen der Ansicht",
+ "resourceLauncherViewDeleteFailedDescription": "Die Startansicht konnte nicht gelöscht werden. Bitte versuchen Sie es erneut.",
"memberPortalPrevious": "Vorherige",
- "memberPortalNext": "Nächste"
+ "memberPortalNext": "Nächste",
+ "httpSettings": "HTTP-Einstellungen",
+ "tcpSettings": "TCP-Einstellungen",
+ "udpSettings": "UDP-Einstellungen",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Aufbau einer sicheren Verbindung…",
+ "sshConnecting": "Verbindung wird hergestellt…",
+ "sshInitializing": "Initialisieren…",
+ "sshSignInTitle": "Anmelden bei SSH",
+ "sshSignInDescription": "Geben Sie Ihre SSH-Anmeldedaten ein, um sich zu verbinden",
+ "sshPasswordTab": "Passwort",
+ "sshPrivateKeyTab": "Privater Schlüssel",
+ "sshPrivateKeyField": "Privater Schlüssel",
+ "sshPrivateKeyDisclaimer": "Ihr privater Schlüssel wird von Pangolin nicht gespeichert oder angezeigt. Alternativ können Sie kurzlebige Zertifikate für nahtlose Authentifizierung mit Ihrer bestehenden Pangolin-Identität verwenden.",
+ "sshLearnMore": "Mehr erfahren",
+ "sshPrivateKeyFile": "Private Schlüsseldatei",
+ "sshAuthenticate": "Verbinden",
+ "sshTerminate": "Beenden",
+ "sshPoweredBy": "Bereitgestellt von",
+ "sshErrorNoTarget": "Kein Ziel angegeben",
+ "sshErrorWebSocket": "WebSocket-Verbindung fehlgeschlagen",
+ "sshErrorAuthFailed": "Authentifizierung fehlgeschlagen",
+ "sshErrorConnectionClosed": "Verbindung geschlossen, bevor die Authentifizierung abgeschlossen wurde",
+ "sitePangolinSshDescription": "Erlaube SSH-Zugriff auf Ressourcen an diesem Standort. Dies kann später geändert werden.",
+ "browserGatewayNoResourceForDomain": "Keine Ressource für diese Domain gefunden",
+ "browserGatewayNoTarget": "Kein Ziel",
+ "browserGatewayConnect": "Verbinden",
+ "browserGatewayCtrlAltDel": "Strg+Alt+Entf",
+ "sshErrorSignKeyFailed": "Fehler beim Signieren des SSH-Schlüssels für die PAM-Push-Authentifizierung. Haben Sie sich als Benutzer angemeldet?",
+ "sshTerminalError": "Fehler: {error}",
+ "sshConnectionClosedCode": "Verbindung geschlossen (Code {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Privater Schlüssel ist erforderlich",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Geben Sie Ihre VNC-Zugangsdaten ein, um sich zu verbinden",
+ "vncUsernameOptional": "Benutzername (optional)",
+ "vncPasswordOptional": "Passwort (optional)",
+ "vncNoResourceTarget": "Kein Ressourcen-Ziel verfügbar",
+ "vncFailedToLoadNovnc": "Fehler beim Laden von noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Zwischenablage einfügen",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Anmeldung bei Remote Desktop",
+ "rdpSignInDescription": "Geben Sie die Windows-Anmeldedaten ein, um sich zu verbinden",
+ "rdpLoadingModule": "Modul wird geladen...",
+ "rdpFailedToLoadModule": "Fehler beim Laden des RDP-Moduls",
+ "rdpNotReady": "Nicht bereit",
+ "rdpModuleInitializing": "RDP-Modul wird noch initialisiert",
+ "rdpDownloadingFiles": "Herunterladen von {count} Datei(en) von Remote…",
+ "rdpDownloadFailed": "Download fehlgeschlagen: {fileName}",
+ "rdpUploaded": "Hochgeladen: {fileName}",
+ "rdpNoConnectionTarget": "Kein Verbindungsziel verfügbar",
+ "rdpConnectionFailed": "Verbindung fehlgeschlagen",
+ "rdpFit": "Anpassen",
+ "rdpFull": "Vollständig",
+ "rdpReal": "Real",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Dateien hochladen",
+ "rdpFilesReadyToPaste": "Dateien bereit zum Einfügen",
+ "rdpFilesReadyToPasteDescription": "{count} Datei(en) in die Remote-Zwischenablage kopiert — drücken Sie Strg+V auf dem Remote-Desktop, um einzufügen.",
+ "rdpUploadFailed": "Upload fehlgeschlagen",
+ "rdpUnicodeKeyboardMode": "Unicode-Tastaturmodus",
+ "sessionToolbarShow": "Werkzeugleiste zeigen",
+ "sessionToolbarHide": "Werkzeugleiste ausblenden"
}
diff --git a/messages/en-US.json b/messages/en-US.json
index 4920dd8e4..24735be61 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -66,9 +66,15 @@
"local": "Local",
"edit": "Edit",
"siteConfirmDelete": "Confirm Delete Site",
+ "siteConfirmDeleteAndResources": "Confirm Delete Site and Resources",
"siteDelete": "Delete Site",
- "siteMessageRemove": "Once removed the site will no longer be accessible. All targets associated with the site will also be removed.",
+ "siteDeleteAndResources": "Delete Site and Resources",
+ "siteMessageRemove": "Once removed the site will no longer be accessible. Targets associated with this site will be removed, but resources will remain.",
+ "siteMessageRemoveAndResources": "This will permanently delete all public and private resources linked to this site, even if a resource is also associated with other sites.",
"siteQuestionRemove": "Are you sure you want to remove the site from the organization?",
+ "siteQuestionRemoveAndResources": "Are you sure you want to delete this site and all associated resources?",
+ "sitesTableDeleteSite": "Delete Site",
+ "sitesTableDeleteSiteAndResources": "Delete Site and Resources",
"siteManageSites": "Manage Sites",
"siteDescription": "Create and manage sites to enable connectivity to private networks",
"sitesBannerTitle": "Connect Any Network",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "View Private Resources",
"siteInstallNewt": "Install Site",
"siteInstallNewtDescription": "Install the site connector for your system",
+ "siteInstallKubernetesDocsDescription": "For more and up to date Kubernetes installation information, see docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "For Advantech modem installation instructions, see docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "WireGuard Configuration",
"WgConfigurationDescription": "Use the following configuration to connect to the network",
"operatingSystem": "Operating System",
@@ -115,6 +123,16 @@
"siteUpdated": "Site updated",
"siteUpdatedDescription": "The site has been updated.",
"siteGeneralDescription": "Configure the general settings for this site",
+ "siteRestartTitle": "Restart Site",
+ "siteRestartDescription": "Restart the WireGuard tunnel for this site. This will briefly interrupt connectivity.",
+ "siteRestartBody": "Use this if the site tunnel is not functioning correctly and you want to force a reconnect without restarting the host.",
+ "siteRestartButton": "Restart Site",
+ "siteRestartDialogMessage": "Are you sure you want to restart the WireGuard tunnel for {name}? The site will briefly lose connectivity.",
+ "siteRestartWarning": "The site will briefly disconnect while the tunnel restarts.",
+ "siteRestarted": "Site restarted",
+ "siteRestartedDescription": "The WireGuard tunnel has been restarted.",
+ "siteErrorRestart": "Failed to restart site",
+ "siteErrorRestartDescription": "An error occurred while restarting the site.",
"siteSettingDescription": "Configure the settings on the site",
"siteResourcesTab": "Resources",
"siteResourcesNoneOnSite": "This site has no public or private resources yet.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
"siteInfo": "Site Information",
"status": "Status",
- "shareTitle": "Manage Share Links",
+ "shareTitle": "Manage Shareable Links",
"shareDescription": "Create shareable links to grant temporary or permanent access to proxy resources",
- "shareSearch": "Search share links...",
- "shareCreate": "Create Share Link",
+ "shareSearch": "Search shareable links...",
+ "shareCreate": "Create Shareable Link",
"shareErrorDelete": "Failed to delete link",
"shareErrorDeleteMessage": "An error occurred deleting link",
"shareDeleted": "Link deleted",
"shareDeletedDescription": "The link has been deleted",
- "shareDelete": "Delete Share Link",
- "shareDeleteConfirm": "Confirm Delete Share Link",
+ "shareDelete": "Delete Shareable Link",
+ "shareDeleteConfirm": "Confirm Delete Shareable Link",
"shareQuestionRemove": "Are you sure you want to delete this share link?",
"shareMessageRemove": "Once deleted, the link will no longer work and anyone using it will lose access to the resource.",
"shareTokenDescription": "The access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "An error occurred while creating the share link",
"shareCreateDescription": "Anyone with this link can access the resource",
"shareTitleOptional": "Title (optional)",
+ "sharePathOptional": "Path (optional)",
+ "sharePathDescription": "The link will redirect users to this path after authentication.",
"expireIn": "Expire In",
"neverExpire": "Never expire",
"shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Please select a resource",
"proxyResourceTitle": "Manage Public Resources",
"proxyResourceDescription": "Create and manage resources that are publicly accessible through a web browser",
- "proxyResourcesBannerTitle": "Web-based Public Access",
- "proxyResourcesBannerDescription": "Public resources are HTTPS proxies accessible to anyone on the internet through a web browser. Unlike private resources, they do not require client-side software and can include identity and context-aware access policies.",
+ "publicResourcesBannerTitle": "Web-based Public Access",
+ "publicResourcesBannerDescription": "Public resources are proxies accessible to anyone on the internet through a web browser and include identity and context-aware access policies. Unlike private resources, they do not require client-side software.",
"clientResourceTitle": "Manage Private Resources",
"clientResourceDescription": "Create and manage resources that are only accessible through a connected client",
"privateResourcesBannerTitle": "Zero-Trust Private Access",
@@ -208,11 +228,37 @@
"resourcesSearch": "Search resources...",
"resourceAdd": "Add Resource",
"resourceErrorDelte": "Error deleting resource",
+ "resourcePoliciesBannerTitle": "Re-use Authentication and Access Rules",
+ "resourcePoliciesBannerDescription": "Shared resource policies let you define authentication methods and access rules once, then attach them to multiple public resources. When you update a policy, every linked resource inherits the change automatically.",
+ "resourcePoliciesBannerButtonText": "Learn More",
+ "resourcePoliciesTitle": "Manage Public Resource Policies",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Resources",
+ "resourcePoliciesAttachedResources": "{count} resource(s)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# resource} other {# resources}}",
+ "resourcePoliciesAttachedResourcesEmpty": "no resources",
+ "resourcePoliciesDescription": "Create and manage authentication policies to control access to your public resources",
+ "resourcePoliciesSearch": "Search policies...",
+ "resourcePoliciesAdd": "Add Policy",
+ "resourcePoliciesDefaultBadgeText": "Default policy",
+ "resourcePoliciesCreate": "Create Public Resource Policy",
+ "resourcePoliciesCreateDescription": "Follow the steps below to create a new policy",
+ "resourcePolicyName": "Policy Name",
+ "resourcePolicyNameDescription": "Give this policy a name to identify it across your resources",
+ "resourcePolicyNamePlaceholder": "e.g. Internal Access Policy",
+ "resourcePoliciesSeeAll": "See All Policies",
+ "resourcePolicyAuthMethodAdd": "Add Authentication Method",
+ "resourcePolicyOtpEmailAdd": "Add OTP emails",
+ "resourcePolicyRulesAdd": "Add Rules",
+ "resourcePolicyAuthMethodsDescription": "Allow access to resources via additional auth methods",
+ "resourcePolicyUsersRolesDescription": "Configure which users and roles can visit associated resources",
+ "rulesResourcePolicyDescription": "Configure rules to control access resources associated to this policy",
"authentication": "Authentication",
"protected": "Protected",
"notProtected": "Not Protected",
"resourceMessageRemove": "Once removed, the resource will no longer be accessible. All targets associated with the resource will also be removed.",
"resourceQuestionRemove": "Are you sure you want to remove the resource from the organization?",
+ "resourcePolicyMessageRemove": "Once removed, the resource policy will no longer be accessible. All resources associated with the resource will be unlinked and left without authentication.",
+ "resourcePolicyQuestionRemove": "Are you sure you want to remove the resource policy from the organization?",
"resourceHTTP": "HTTPS Resource",
"resourceHTTPDescription": "Proxy requests over HTTPS using a fully qualified domain name.",
"resourceRaw": "Raw TCP/UDP Resource",
@@ -220,8 +266,11 @@
"resourceRawDescriptionCloud": "Proxy requests over raw TCP/UDP using a port number. Requires sites to connect to a remote node.",
"resourceCreate": "Create Resource",
"resourceCreateDescription": "Follow the steps below to create a new resource",
+ "resourcePublicCreate": "Create Public Resource",
+ "resourcePublicCreateDescription": "Follow the steps below to create a new public resource that is accessible through a web browser",
+ "resourceCreateGeneralDescription": "Configure the basic resource settings including the name and the type",
"resourceSeeAll": "See All Resources",
- "resourceInfo": "Resource Information",
+ "resourceCreateGeneral": "General",
"resourceNameDescription": "This is the display name for the resource.",
"siteSelect": "Select site",
"siteSearch": "Search site",
@@ -231,12 +280,15 @@
"noCountryFound": "No country found.",
"siteSelectionDescription": "This site will provide connectivity to the target.",
"resourceType": "Resource Type",
- "resourceTypeDescription": "Determine how to access the resource",
+ "resourceTypeDescription": "This controls the resource protocol and how it will be rendered in the browser. This can’t be changed later.",
+ "resourceDomainDescription": "The resource will be served at this fully qualified domain name.",
"resourceHTTPSSettings": "HTTPS Settings",
"resourceHTTPSSettingsDescription": "Configure how the resource will be accessed over HTTPS",
+ "resourcePortDescription": "The external port on the Pangolin instance or node where the resource will be accessible.",
"domainType": "Domain Type",
"subdomain": "Subdomain",
"baseDomain": "Base Domain",
+ "configure": "Configure",
"subdomnainDescription": "The subdomain where the resource will be accessible.",
"resourceRawSettings": "TCP/UDP Settings",
"resourceRawSettingsDescription": "Configure how the resource will be accessed over TCP/UDP",
@@ -247,14 +299,35 @@
"back": "Back",
"cancel": "Cancel",
"resourceConfig": "Configuration Snippets",
- "resourceConfigDescription": "Copy and paste these configuration snippets to set up the TCP/UDP resource",
+ "resourceConfigDescription": "Copy and paste these configuration snippets to set up the TCP/UDP resource.",
"resourceAddEntrypoints": "Traefik: Add Entrypoints",
"resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
"resourceLearnRaw": "Learn how to configure TCP/UDP resources",
"resourceBack": "Back to Resources",
"resourceGoTo": "Go to Resource",
+ "resourcePolicyDelete": "Delete Resource Policy",
+ "resourcePolicyDeleteConfirm": "Confirm Delete Resource Policy",
"resourceDelete": "Delete Resource",
"resourceDeleteConfirm": "Confirm Delete Resource",
+ "labelDelete": "Delete Label",
+ "labelAdd": "Add Label",
+ "labelCreateSuccessMessage": "Label Created Successfully",
+ "labelDuplicateError": "Duplicate Label",
+ "labelDuplicateErrorDescription": "A label with this name already exists.",
+ "labelEditSuccessMessage": "Label Modified Successfully",
+ "labelNameField": "Label Name",
+ "labelColorField": "Label Color",
+ "labelPlaceholder": "Ex: homelab",
+ "labelCreate": "Create Label",
+ "createLabelDialogTitle": "Create Label",
+ "createLabelDialogDescription": "Create a new label that can be attached to this organization",
+ "labelEdit": "Edit Label",
+ "editLabelDialogTitle": "Update Label",
+ "editLabelDialogDescription": "Edit a new label that can be attached to this organization",
+ "labelDeleteConfirm": "Confirm Delete Label",
+ "labelErrorDelete": "Failed to delete label",
+ "labelMessageRemove": "This action is permanent. All sites, resources, and clients tagged with this label will be untagged.",
+ "labelQuestionRemove": "Are you sure you want to remove the label from the organization?",
"visibility": "Visibility",
"enabled": "Enabled",
"disabled": "Disabled",
@@ -265,6 +338,8 @@
"rules": "Rules",
"resourceSettingDescription": "Configure the settings on the resource",
"resourceSetting": "{resourceName} Settings",
+ "resourcePolicySettingDescription": "Configure the settings on this public resource policy",
+ "resourcePolicySetting": "{policyName} Settings",
"alwaysAllow": "Bypass Auth",
"alwaysDeny": "Block Access",
"passToAuth": "Pass to Auth",
@@ -540,7 +615,8 @@
"idpNameInternal": "Internal",
"emailInvalid": "Invalid email address",
"inviteValidityDuration": "Please select a duration",
- "accessRoleSelectPlease": "Please select a role",
+ "accessRoleSelectPlease": "A user must belong to at least one role.",
+ "accessRoleRequired": "Role required",
"removeOwnAdminRoleConfirmTitle": "Remove your administrator access?",
"removeOwnAdminRoleConfirmDescription": "You will no longer have administrator permissions in this organization after saving. Another administrator can restore access if needed.",
"removeOwnAdminRoleConfirmButton": "Remove My Administrator Access",
@@ -671,7 +747,7 @@
"targetSubmit": "Add Target",
"targetNoOne": "This resource doesn't have any targets. Add a target to configure where to send requests to the backend.",
"targetNoOneDescription": "Adding more than one target above will enable load balancing.",
- "targetsSubmit": "Save Targets",
+ "targetsSubmit": "Save Settings",
"addTarget": "Add Target",
"proxyMultiSiteRoundRobinNodeHelp": "Round robin routing will not work between sites that are not connected to the same node, but failover will work.",
"targetErrorInvalidIp": "Invalid IP address",
@@ -705,11 +781,11 @@
"rulesErrorDuplicate": "Duplicate rule",
"rulesErrorDuplicateDescription": "A rule with these settings already exists",
"rulesErrorInvalidIpAddressRange": "Invalid CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Please enter a valid CIDR value",
- "rulesErrorInvalidUrl": "Invalid URL path",
- "rulesErrorInvalidUrlDescription": "Please enter a valid URL path value",
- "rulesErrorInvalidIpAddress": "Invalid IP",
- "rulesErrorInvalidIpAddressDescription": "Please enter a valid IP address",
+ "rulesErrorInvalidIpAddressRangeDescription": "Enter a valid CIDR range (e.g., 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Invalid path",
+ "rulesErrorInvalidUrlDescription": "Enter a valid URL path or pattern (e.g., /api/*).",
+ "rulesErrorInvalidIpAddress": "Invalid IP address",
+ "rulesErrorInvalidIpAddressDescription": "Enter a valid IPv4 or IPv6 address.",
"rulesErrorUpdate": "Failed to update rules",
"rulesErrorUpdateDescription": "An error occurred while updating rules",
"rulesUpdated": "Enable Rules",
@@ -717,15 +793,24 @@
"rulesMatchIpAddressRangeDescription": "Enter an address in CIDR format (e.g., 103.21.244.0/22)",
"rulesMatchIpAddress": "Enter an IP address (e.g., 103.21.244.12)",
"rulesMatchUrl": "Enter a URL path or pattern (e.g., /api/v1/todos or /api/v1/*)",
- "rulesErrorInvalidPriority": "Invalid Priority",
- "rulesErrorInvalidPriorityDescription": "Please enter a valid priority",
- "rulesErrorDuplicatePriority": "Duplicate Priorities",
- "rulesErrorDuplicatePriorityDescription": "Please enter unique priorities",
+ "rulesErrorInvalidPriority": "Invalid priority",
+ "rulesErrorInvalidPriorityDescription": "Enter a whole number of 1 or higher.",
+ "rulesErrorDuplicatePriority": "Duplicate priorities",
+ "rulesErrorDuplicatePriorityDescription": "Each rule must have a unique priority number.",
+ "rulesErrorValidation": "Invalid rules",
+ "rulesErrorValidationRuleDescription": "Rule {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Select a valid match type (path, IP, CIDR, country, region, or ASN).",
+ "rulesErrorValueRequired": "Enter a value for this rule.",
+ "rulesErrorInvalidCountry": "Invalid country",
+ "rulesErrorInvalidCountryDescription": "Select a valid country.",
+ "rulesErrorInvalidAsn": "Invalid ASN",
+ "rulesErrorInvalidAsnDescription": "Enter a valid ASN (e.g., AS15169).",
"ruleUpdated": "Rules updated",
"ruleUpdatedDescription": "Rules updated successfully",
"ruleErrorUpdate": "Operation failed",
"ruleErrorUpdateDescription": "An error occurred during the save operation",
"rulesPriority": "Priority",
+ "rulesReorderDragHandle": "Drag to reorder rule priority",
"rulesAction": "Action",
"rulesMatchType": "Match Type",
"value": "Value",
@@ -744,9 +829,60 @@
"rulesResource": "Resource Rules Configuration",
"rulesResourceDescription": "Configure rules to control access to the resource",
"ruleSubmit": "Add Rule",
- "rulesNoOne": "No rules. Add a rule using the form.",
+ "rulesNoOne": "No rules yet.",
"rulesOrder": "Rules are evaluated by priority in ascending order.",
"rulesSubmit": "Save Rules",
+ "policyErrorCreate": "Error creating policy",
+ "policyErrorCreateDescription": "An error occurred when creating the policy",
+ "policyErrorCreateMessageDescription": "An unexpected error occurred",
+ "policyErrorUpdate": "Error updating policy",
+ "policyErrorUpdateDescription": "An error occurred when updating the policy",
+ "policyErrorUpdateMessageDescription": "An unexpected error occurred",
+ "policyCreatedSuccess": "Resource policy succesfully created",
+ "policyUpdatedSuccess": "Resource policy succesfully updated",
+ "authMethodsSave": "Save Settings",
+ "policyAuthStackTitle": "Authentication",
+ "policyAuthStackDescription": "Control which authentication methods are required to access this resource",
+ "policyAuthOrLogicTitle": "Multiple authentication methods active",
+ "policyAuthOrLogicBanner": "Visitors may authenticate using any one of the active methods below. They do not need to complete all of them.",
+ "policyAuthMethodActive": "Active",
+ "policyAuthMethodOff": "Off",
+ "policyAuthSsoTitle": "Platform SSO",
+ "policyAuthSsoDescription": "Require sign-in through your organization's identity provider",
+ "policyAuthSsoSummary": "{idp} · {users} users, {roles} roles",
+ "policyAuthSsoDefaultIdp": "Default provider",
+ "policyAuthAddDefaultIdentityProvider": "Add Default Identity Provider",
+ "policyAuthOtherMethodsTitle": "Other Methods",
+ "policyAuthOtherMethodsDescription": "Optional methods visitors can use instead of or alongside platform SSO",
+ "policyAuthPasscodeTitle": "Passcode",
+ "policyAuthPasscodeDescription": "Require a shared alphanumeric passcode to access the resource",
+ "policyAuthPasscodeSummary": "Passcode set",
+ "policyAuthPincodeTitle": "PIN Code",
+ "policyAuthPincodeDescription": "A short numeric code required to access the resource",
+ "policyAuthPincodeSummary": "6-digit PIN set",
+ "policyAuthEmailTitle": "Email Whitelist",
+ "policyAuthEmailDescription": "Allow listed email addresses with one-time passwords",
+ "policyAuthEmailSummary": "{count} addresses allowed",
+ "policyAuthEmailOtpCallout": "Enabling email whitelist sends a one-time password to the visitor's email on login.",
+ "policyAuthHeaderAuthTitle": "Basic Header Auth",
+ "policyAuthHeaderAuthDescription": "Validate a custom HTTP header name and value on each request",
+ "policyAuthHeaderAuthSummary": "Header configured",
+ "policyAuthHeaderName": "Username",
+ "policyAuthHeaderValue": "Password",
+ "policyAuthSetPasscode": "Set Passcode",
+ "policyAuthSetPincode": "Set PIN Code",
+ "policyAuthSetEmailWhitelist": "Set Email Whitelist",
+ "policyAuthSetHeaderAuth": "Set Basic Header Auth",
+ "policyAccessRulesTitle": "Access Rules",
+ "policyAccessRulesEnableDescription": "When enabled, rules are evaluated in descending order until one evaluates as true.",
+ "policyAccessRulesFirstMatch": "Rules are evaluated top to bottom. The first matching rule decides the outcome.",
+ "policyAccessRulesHowItWorks": "Rules match requests by path, IP address, location, or other criteria. Each rule applies an action: bypass authentication, block access, or pass to authentication. If no rule matches, traffic continues to authentication.",
+ "policyAccessRulesFallthroughOff": "When rules are disabled, all traffic passes through to authentication.",
+ "policyAccessRulesFallthroughOn": "When no rule matches, traffic passes through to authentication.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Save Rules",
"resourceErrorCreate": "Error creating resource",
"resourceErrorCreateDescription": "An error occurred when creating the resource",
"resourceErrorCreateMessage": "Error creating resource:",
@@ -766,9 +902,9 @@
"resourcesErrorUpdateDescription": "An error occurred while updating the resource",
"access": "Access",
"accessControl": "Access Control",
- "shareLink": "{resource} Share Link",
+ "shareLink": "{resource} Shareable Link",
"resourceSelect": "Select resource",
- "shareLinks": "Share Links",
+ "shareLinks": "Shareable Links",
"share": "Shareable Links",
"shareDescription2": "Create shareable links to resources. Links provide temporary or unlimited access to your resource. You can configure the expiration duration of the link when you create one.",
"shareEasyCreate": "Easy to create and share",
@@ -810,6 +946,17 @@
"pincodeAdd": "Add PIN Code",
"pincodeRemove": "Remove PIN Code",
"resourceAuthMethods": "Authentication Methods",
+ "resourcePolicyAuthMethodsEmpty": "No authentication method",
+ "resourcePolicyOtpEmpty": "No one time password",
+ "resourcePolicyReadOnly": "This policy is Read only",
+ "resourcePolicyReadOnlyDescription": "This resource policy is shared accross multiple resources, you cannot edit it on this page.",
+ "editSharedPolicy": "Edit Shared Policy",
+ "resourcePolicyTypeSave": "Save Resource type",
+ "resourcePolicySelect": "Select resource policy",
+ "resourcePolicySelectError": "Select a resource policy",
+ "resourcePolicyNotFound": "Policy not found",
+ "resourcePolicySearch": "Search policies",
+ "resourcePolicyRulesEmpty": "No authentication rules",
"resourceAuthMethodsDescriptions": "Allow access to the resource via additional auth methods",
"resourceAuthSettingsSave": "Saved successfully",
"resourceAuthSettingsSaveDescription": "Authentication settings have been saved",
@@ -845,6 +992,20 @@
"resourcePincodeSetupTitle": "Set Pincode",
"resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource",
"resourceRoleDescription": "Admins can always access this resource.",
+ "resourcePolicySelectTitle": "Resource Access Policy",
+ "resourcePolicySelectDescription": "Select the resource policy type for authentication",
+ "resourcePolicyTypeLabel": "Policy type",
+ "resourcePolicyLabel": "Resource policy",
+ "resourcePolicyInline": "Inline Resource Policy",
+ "resourcePolicyInlineDescription": "Access Policy scoped to only this resource",
+ "resourcePolicyShared": "Shared Resource Policy",
+ "resourcePolicySharedDescription": "This resource uses a shared policy.",
+ "sharedPolicy": "Shared Policy",
+ "sharedPolicyNoneDescription": "This resource has its own policy.",
+ "resourceSharedPolicyOwnDescription": "This resource has its own authentication and access rules controls.",
+ "resourceSharedPolicyInheritedDescription": "This resource inherits from {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "This resource is using a shared policy. Some authentication settings can be edited on this resource to add to the policy. To change the underlying policy, you must edit to {policyName}.",
+ "resourceSharedPolicyRulesNotice": "This resource is using a shared policy. Some access rules can be edited on this resource. To change the underlying policy, you must edit {policyName}.",
"resourceUsersRoles": "Access Controls",
"resourceUsersRolesDescription": "Configure which users and roles can visit this resource",
"resourceUsersRolesSubmit": "Save Access Controls",
@@ -869,7 +1030,14 @@
"resourceVisibilityTitle": "Visibility",
"resourceVisibilityTitleDescription": "Completely enable or disable resource visibility",
"resourceGeneral": "General Settings",
- "resourceGeneralDescription": "Configure the general settings for this resource",
+ "resourceGeneralDescription": "Configure name, address, and access policy for this resource.",
+ "resourceGeneralDetailsSubsection": "Resource Details",
+ "resourceGeneralDetailsSubsectionDescription": "Set the display name, identifier, and publicly accessible domain for this resource.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Set the display name, identifier, and public port for this resource.",
+ "resourceGeneralPublicAddressSubsection": "Public Address",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configure how users reach this resource.",
+ "resourceGeneralAuthenticationAccessSubsection": "Authentication & Access",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Choose whether this resource uses its own policy or inherits from a shared policy.",
"resourceEnable": "Enable Resource",
"resourceTransfer": "Transfer Resource",
"resourceTransferDescription": "Transfer this resource to a different site",
@@ -1140,6 +1308,21 @@
"idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.",
"idpErrorNotFound": "IdP not found",
"inviteInvalid": "Invalid Invite",
+ "labels": "Labels",
+ "orgLabelsDescription": "Manage labels in this organization.",
+ "addLabels": "Add labels",
+ "siteLabelsTab": "Labels",
+ "siteLabelsDescription": "Manage labels associated with this site.",
+ "labelsNotFound": "No labels found.",
+ "labelsEmptyCreateHint": "Start typing above to create a label.",
+ "labelSearch": "Search labels",
+ "labelSearchOrCreate": "Search or create a label",
+ "accessLabelFilterCount": "{count, plural, one {# label} other {# labels}}",
+ "labelOverflowCount": "+{count, plural, one {# label} other {# labels}}",
+ "accessLabelFilterClear": "Clear label filters",
+ "accessFilterClear": "Clear filters",
+ "selectColor": "Select color",
+ "createNewLabel": "Create new org label \"{label}\"",
"inviteInvalidDescription": "The invite link is invalid.",
"inviteErrorWrongUser": "Invite is not for this user",
"inviteErrorUserNotExists": "User does not exist. Please create an account first.",
@@ -1231,6 +1414,7 @@
"actionApplyBlueprint": "Apply Blueprint",
"actionListBlueprints": "List Blueprints",
"actionGetBlueprint": "Get Blueprint",
+ "actionCreateOrgWideLauncherView": "Create Org-Wide Launcher View",
"setupToken": "Setup Token",
"setupTokenDescription": "Enter the setup token from the server console.",
"setupTokenRequired": "Setup token is required",
@@ -1250,6 +1434,15 @@
"actionSetResourcePincode": "Set Resource Pincode",
"actionSetResourceEmailWhitelist": "Set Resource Email Whitelist",
"actionGetResourceEmailWhitelist": "Get Resource Email Whitelist",
+ "actionGetResourcePolicy": "Get Resource Policy",
+ "actionUpdateResourcePolicy": "Update Resource Policy",
+ "actionSetResourcePolicyUsers": "Set Resource Policy Users",
+ "actionSetResourcePolicyRoles": "Set Resource Policy Roles",
+ "actionSetResourcePolicyPassword": "Set Resource Policy Password",
+ "actionSetResourcePolicyPincode": "Set Resource Policy Pincode",
+ "actionSetResourcePolicyHeaderAuth": "Set Resource Policy Header Authentication",
+ "actionSetResourcePolicyWhitelist": "Set Resource Policy Email Whitelist",
+ "actionSetResourcePolicyRules": "Set Resource Policy Rules",
"actionCreateTarget": "Create Target",
"actionDeleteTarget": "Delete Target",
"actionGetTarget": "Get Target",
@@ -1326,6 +1519,30 @@
"navbar": "Navigation Menu",
"navbarDescription": "Main navigation menu for the application",
"navbarDocsLink": "Documentation",
+ "commandPaletteTitle": "Command Palette",
+ "commandPaletteDescription": "Search for pages, organizations, resources, and actions",
+ "commandPaletteSearchPlaceholder": "Search pages, resources, actions...",
+ "commandPaletteNoResults": "No results found.",
+ "commandPaletteSearching": "Searching...",
+ "commandPaletteNavigation": "Navigation",
+ "commandPaletteOrganizations": "Organizations",
+ "commandPaletteSites": "Sites",
+ "commandPaletteResources": "Resources",
+ "commandPaletteUsers": "Users",
+ "commandPaletteClients": "Machine Clients",
+ "commandPaletteActions": "Actions",
+ "commandPaletteCreateSite": "Create Site",
+ "commandPaletteCreateProxyResource": "Create Public Resource",
+ "commandPaletteCreatePrivateResource": "Create Private Resource",
+ "commandPaletteCreateUser": "Create User",
+ "commandPaletteCreateApiKey": "Create API Key",
+ "commandPaletteCreateMachineClient": "Create Machine Client",
+ "commandPaletteCreateAlertRule": "Create Alert Rule",
+ "commandPaletteCreateIdentityProvider": "Create Identity Provider",
+ "commandPaletteToggleTheme": "Toggle Theme",
+ "commandPaletteChooseOrganization": "Choose Organization",
+ "commandPaletteShortcutMac": "⌘K",
+ "commandPaletteShortcutWindows": "Ctrl K",
"otpErrorEnable": "Unable to enable 2FA",
"otpErrorEnableDescription": "An error occurred while enabling 2FA",
"otpSetupCheckCode": "Please enter a 6-digit code",
@@ -1374,6 +1591,8 @@
"sidebarResources": "Resources",
"sidebarProxyResources": "Public",
"sidebarClientResources": "Private",
+ "sidebarPolicies": "Shared Policies",
+ "sidebarResourcePolicies": "Public Resources",
"sidebarAccessControl": "Access Control",
"sidebarLogsAndAnalytics": "Logs & Analytics",
"sidebarTeam": "Team",
@@ -1381,7 +1600,7 @@
"sidebarAdmin": "Admin",
"sidebarInvitations": "Invitations",
"sidebarRoles": "Roles",
- "sidebarShareableLinks": "Links",
+ "sidebarShareableLinks": "Shareable Links",
"sidebarApiKeys": "API Keys",
"sidebarProvisioning": "Provisioning",
"sidebarSettings": "Settings",
@@ -1401,6 +1620,45 @@
"sidebarManagement": "Management",
"sidebarBillingAndLicenses": "Billing & Licenses",
"sidebarLogsAnalytics": "Analytics",
+ "commandSites": "Sites",
+ "commandActionModeInfo": "Type \">\" To Open Action Mode",
+ "commandResources": "Resources",
+ "commandProxyResources": "Public Resources",
+ "commandClientResources": "Private Resources",
+ "commandClients": "Clients",
+ "commandUserDevices": "User Devices",
+ "commandMachineClients": "Machine Clients",
+ "commandDomains": "Domains",
+ "commandRemoteExitNodes": "Remote Nodes",
+ "commandTeam": "Team",
+ "commandUsers": "Users",
+ "commandRoles": "Roles",
+ "commandInvitations": "Invitations",
+ "commandPolicies": "Shared Policies",
+ "commandResourcePolicies": "Public Resources Policies",
+ "commandIdentityProviders": "Identity Providers",
+ "commandApprovals": "Approval Requests",
+ "commandShareableLinks": "Shareable Links",
+ "commandOrganization": "Organization",
+ "commandLogsAndAnalytics": "Logs & Analytics",
+ "commandLogsAnalytics": "Analytics",
+ "commandLogsRequest": "HTTP Request Logs",
+ "commandLogsAccess": "Authentication Logs",
+ "commandLogsAction": "Admin Action Logs",
+ "commandLogsConnection": "Network Logs",
+ "commandLogsStreaming": "Event Streaming",
+ "commandManagement": "Management",
+ "commandAlerting": "Alerting",
+ "commandProvisioning": "Provisioning",
+ "commandBluePrints": "Blueprints",
+ "commandApiKeys": "API Keys",
+ "commandBillingAndLicenses": "Billing & Licenses",
+ "commandBilling": "Billing",
+ "commandEnterpriseLicenses": "Licenses",
+ "commandSettings": "Settings",
+ "commandLauncher": "Launcher",
+ "commandResourceLauncher": "Resource Launcher",
+ "commandSearchResults": "Search Results",
"alertingTitle": "Alerting",
"alertingDescription": "Define sources, triggers, and actions for notifications",
"alertingRules": "Alert rules",
@@ -1472,7 +1730,7 @@
"alertingActionType": "Action type",
"alertingNotifyUsers": "Users",
"alertingNotifyRoles": "Roles",
- "alertingNotifyEmails": "Email addresses",
+ "alertingNotifyEmails": "Email Addresses",
"alertingEmailPlaceholder": "Add email and press Enter",
"alertingWebhookMethod": "HTTP method",
"alertingWebhookSecret": "Signing secret (optional)",
@@ -1557,7 +1815,8 @@
"standaloneHcFilterSiteIdFallback": "Site {id}",
"standaloneHcFilterResourceIdFallback": "Resource {id}",
"blueprints": "Blueprints",
- "blueprintsDescription": "Apply declarative configurations and view previous runs",
+ "blueprintsLog": "Blueprints Log",
+ "blueprintsDescription": "View past blueprint applications and their results or apply a new blueprint",
"blueprintAdd": "Add Blueprint",
"blueprintGoBack": "See all Blueprints",
"blueprintCreate": "Create Blueprint",
@@ -1575,7 +1834,17 @@
"contents": "Contents",
"parsedContents": "Parsed Contents (Read Only)",
"enableDockerSocket": "Enable Docker Blueprint",
- "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt. Read about how this works in the documentation.",
+ "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to the site connector. Read about how this works in the documentation.",
+ "newtAutoUpdate": "Enable Site Auto-Update",
+ "newtAutoUpdateDescription": "When enabled, site connectors will automatically download the latest version and restart themselves. This can be overridden on a per-site basis.",
+ "siteAutoUpdate": "Site Auto-Update",
+ "siteAutoUpdateLabel": "Enable Auto-Update",
+ "siteAutoUpdateDescription": "When enabled, this site's connector will automatically download the latest version and restart itself.",
+ "siteAutoUpdateOrgDefault": "Organization default: {state}",
+ "siteAutoUpdateOverriding": "Overriding organization setting",
+ "siteAutoUpdateResetToOrg": "Reset to Organization Default",
+ "siteAutoUpdateEnabled": "enabled",
+ "siteAutoUpdateDisabled": "disabled",
"viewDockerContainers": "View Docker Containers",
"containersIn": "Containers in {siteName}",
"selectContainerDescription": "Select any container to use as a hostname for this target. Click a port to use a port.",
@@ -1620,6 +1889,7 @@
"certificateStatus": "Certificate",
"certificateStatusAutoRefreshHint": "Status refreshes automatically.",
"loading": "Loading",
+ "loadingEllipsis": "Loading...",
"loadingAnalytics": "Loading Analytics",
"restart": "Restart",
"domains": "Domains",
@@ -1667,9 +1937,9 @@
"accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
"documentation": "Documentation",
"saveAllSettings": "Save All Settings",
- "saveResourceTargets": "Save Targets",
- "saveResourceHttp": "Save Proxy Settings",
- "saveProxyProtocol": "Save Proxy protocol settings",
+ "saveResourceTargets": "Save Settings",
+ "saveResourceHttp": "Save Settings",
+ "saveProxyProtocol": "Save Settings",
"settingsUpdated": "Settings updated",
"settingsUpdatedDescription": "Settings updated successfully",
"settingsErrorUpdate": "Failed to update settings",
@@ -1720,6 +1990,9 @@
"billingDomains": "Domains",
"billingOrganizations": "Orgs",
"billingRemoteExitNodes": "Remote Nodes",
+ "billingPublicResources": "Public Resources",
+ "billingPrivateResources": "Private Resources",
+ "billingMachineClients": "Machine Clients",
"billingNoLimitConfigured": "No limit configured",
"billingEstimatedPeriod": "Estimated Billing Period",
"billingIncludedUsage": "Included Usage",
@@ -1748,6 +2021,9 @@
"billingUsersInfo": "How many users you can use",
"billingDomainInfo": "How many domains you can use",
"billingRemoteExitNodesInfo": "How many remote nodes you can use",
+ "billingPublicResourcesInfo": "How many public resources you can use",
+ "billingPrivateResourcesInfo": "How many private resources you can use",
+ "billingMachineClientsInfo": "How many machine clients you can use",
"billingLicenseKeys": "License Keys",
"billingLicenseKeysDescription": "Manage your license key subscriptions",
"billingLicenseSubscription": "License Subscription",
@@ -1846,6 +2122,7 @@
"billingManageLicenseSubscription": "Manage your subscription for paid self-hosted license keys",
"billingCurrentKeys": "Current Keys",
"billingModifyCurrentPlan": "Modify Current Plan",
+ "billingManageLicenseSubscriptionDescription": "Manage your subscription for paid self-hosted license keys and download invoices.",
"billingConfirmUpgrade": "Confirm Upgrade",
"billingConfirmDowngrade": "Confirm Downgrade",
"billingConfirmUpgradeDescription": "You are about to upgrade your plan. Review the new limits and pricing below.",
@@ -1892,6 +2169,7 @@
"subnetPlaceholder": "Subnet",
"addressDescription": "The internal address of the client. Must fall within the organization's subnet.",
"selectSites": "Select sites",
+ "selectLabels": "Select labels",
"sitesDescription": "The client will have connectivity to the selected sites",
"clientInstallOlm": "Install Machine Client",
"clientInstallOlmDescription": "Install the machine client for your system",
@@ -1925,13 +2203,13 @@
"healthCheckUnknown": "Unknown",
"healthCheck": "Health Check",
"configureHealthCheck": "Configure Health Check",
- "configureHealthCheckDescription": "Set up health monitoring for {target}",
+ "configureHealthCheckDescription": "Set up monitoring for your resource to ensure it is always available",
"enableHealthChecks": "Enable Health Checks",
"healthCheckDisabledStateDescription": "When disabled, the site will not perform health checks and the state will be considered unknown.",
"enableHealthChecksDescription": "Monitor the health of this target. You can monitor a different endpoint than the target if required.",
"healthScheme": "Method",
"healthSelectScheme": "Select Method",
- "healthCheckPortInvalid": "Health check port must be between 1 and 65535",
+ "healthCheckPortInvalid": "Port must be between 1 and 65535",
"healthCheckPath": "Path",
"healthHostname": "IP / Host",
"healthPort": "Port",
@@ -1943,7 +2221,42 @@
"timeIsInSeconds": "Time is in seconds",
"requireDeviceApproval": "Require Device Approvals",
"requireDeviceApprovalDescription": "Users with this role need new devices approved by an admin before they can connect and access resources.",
+ "sshSettings": "SSH Settings",
"sshAccess": "SSH Access",
+ "rdpSettings": "RDP Settings",
+ "vncSettings": "VNC Settings",
+ "sshServer": "SSH Server",
+ "rdpServer": "RDP Server",
+ "vncServer": "VNC Server",
+ "sshServerDescription": "Set up the authentication method, daemon location, and server destination",
+ "rdpServerDescription": "Configure the destination and port of the RDP server",
+ "vncServerDescription": "Configure the destination and port of the VNC server",
+ "sshServerMode": "Mode",
+ "sshServerModeStandard": "Standard SSH Server",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Routes commands over network to an SSH server such as OpenSSH.",
+ "sshServerModeNative": "Native SSH Server",
+ "sshServerModeNativeDescription": "Executes commands directly on the host via the Site Connector. No network config required.",
+ "sshAuthenticationMethod": "Authentication Method",
+ "sshAuthMethodManual": "Manual Authentication",
+ "sshAuthMethodManualDescription": "Requires existing host credentials. Bypasses automatic provisioning.",
+ "sshAuthMethodAutomated": "Automated Provisioning",
+ "sshAuthMethodAutomatedDescription": "Automatically creates users, groups, and sudo permissions on host.",
+ "sshAuthDaemonLocation": "Auth Daemon Location",
+ "sshDaemonLocationSiteDescription": "Executes locally on the machine hosting the site connector.",
+ "sshDaemonLocationRemote": "On Remote Host",
+ "sshDaemonLocationRemoteDescription": "Executes on a separate target machine on the same network.",
+ "sshDaemonDisclaimer": "Ensure your target host is properly configured to run the auth daemon before completing this setup, or provisioning will fail.",
+ "sshDaemonPort": "Daemon Port",
+ "sshServerDestination": "Server Destination",
+ "sshServerDestinationDescription": "Configure the destination of the SSH server",
+ "destination": "Destination",
+ "destinationRequired": "Destination is required.",
+ "domainRequired": "Domain is required.",
+ "proxyPortRequired": "Port is required.",
+ "invalidPathConfiguration": "Invalid path configuration.",
+ "invalidRewritePathConfiguration": "Invalid rewrite path configuration.",
+ "bgTargetMultiSiteDisclaimer": "Selecting multiple sites enables resilient routing and failover for high availability.",
"roleAllowSsh": "Allow SSH",
"roleAllowSshAllow": "Allow",
"roleAllowSshDisallow": "Disallow",
@@ -1957,10 +2270,25 @@
"sshSudoModeCommandsDescription": "User can run only the specified commands with sudo.",
"sshSudo": "Allow sudo",
"sshSudoCommands": "Sudo Commands",
- "sshSudoCommandsDescription": "Comma separated list of commands the user is allowed to run with sudo. Absolute paths must be used.",
+ "sshSudoCommandsDescription": "List of commands the user is allowed to run with sudo, one per line. Absolute paths must be used.",
"sshCreateHomeDir": "Create Home Directory",
"sshUnixGroups": "Unix Groups",
- "sshUnixGroupsDescription": "Comma separated Unix groups to add the user to on the target host.",
+ "sshUnixGroupsDescription": "Unix groups to add the user to on the target host, one per line.",
+ "roleTextFieldPlaceholder": "Enter values, or drop a .txt or .csv file",
+ "roleTextImportTitle": "Import from File",
+ "roleTextImportDescription": "Importing {fileName} into {fieldLabel}.",
+ "roleTextImportSkipHeader": "Skip First Row (Header)",
+ "roleTextImportOverride": "Replace Existing",
+ "roleTextImportAppend": "Append to Existing",
+ "roleTextImportMode": "Import Mode",
+ "roleTextImportPreview": "Preview",
+ "roleTextImportItemCount": "{count, plural, =0 {No items to import} one {1 item to import} other {# items to import}}",
+ "roleTextImportTotalCount": "{existing} existing + {imported} imported = {total} total",
+ "roleTextImportConfirm": "Import",
+ "roleTextImportInvalidFile": "Unsupported file type",
+ "roleTextImportInvalidFileDescription": "Only .txt and .csv files are supported.",
+ "roleTextImportEmpty": "No items found in file",
+ "roleTextImportEmptyDescription": "The file does not contain any importable items.",
"retryAttempts": "Retry Attempts",
"expectedResponseCodes": "Expected Response Codes",
"expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",
@@ -2049,6 +2377,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Scheme",
"editInternalResourceDialogEnableSsl": "Enable TLS",
"editInternalResourceDialogEnableSslDescription": "Enable SSL/TLS encryption for secure HTTPS connections to the destination.",
@@ -2063,11 +2392,18 @@
"createInternalResourceDialogClose": "Close",
"createInternalResourceDialogCreateClientResource": "Create Private Resource",
"createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will only be accessible to clients connected to the organization",
+ "privateResourceCreatePageSeeAll": "See All Private Resources",
+ "privateResourceAllowIcmpPing": "Allow ICMP Ping",
+ "privateResourceNetworkAccess": "Network Access",
+ "privateResourceNetworkAccessDescription": "Control TCP/UDP port access and whether ICMP ping is allowed for this resource.",
+ "hostSettings": "Host Settings",
+ "cidrSettings": "CIDR Settings",
"createInternalResourceDialogResourceProperties": "Resource Properties",
"createInternalResourceDialogName": "Name",
"createInternalResourceDialogSite": "Site",
"selectSite": "Select site...",
"multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# label} other {# labels}}",
"noSitesFound": "No sites found.",
"createInternalResourceDialogProtocol": "Protocol",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2434,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Scheme",
"createInternalResourceDialogScheme": "Scheme",
"createInternalResourceDialogEnableSsl": "Enable TLS",
@@ -2107,6 +2444,7 @@
"createInternalResourceDialogDestinationCidrDescription": "The CIDR range of the resource on the site's network.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "An optional internal DNS alias for this resource.",
+ "internalResourceAliasLocalWarning": "Aliases ending in .local can cause resolution issues due to mDNS on some networks.",
"internalResourceDownstreamSchemeRequired": "Scheme is required for HTTP resources",
"internalResourceHttpPortRequired": "Destination port is required for HTTP resources",
"siteConfiguration": "Configuration",
@@ -2140,6 +2478,21 @@
"sidebarRemoteExitNodes": "Remote Nodes",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Secret",
+ "remoteExitNodeNetworkingTitle": "Network Settings",
+ "remoteExitNodeNetworkingDescription": "Configure how this remote exit node routes traffic and which sites prefer to connect through it. Advanced features to be used with backhaul networking configurations.",
+ "remoteExitNodeNetworkingSave": "Save Settings",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Network settings saved",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Network settings have been updated successfully.",
+ "remoteExitNodeNetworkingSaveError": "Failed to save network settings",
+ "remoteExitNodeNetworkingSubnetsTitle": "Remote Subnets",
+ "remoteExitNodeNetworkingSubnetsDescription": "Define the CIDR ranges that this remote exit node will route traffic to. Type a valid CIDR (e.g. 10.0.0.0/8) and press Enter to add.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Add a CIDR range (e.g. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Failed to load subnets",
+ "remoteExitNodeNetworkingLabelsTitle": "Preference Labels",
+ "remoteExitNodeNetworkingLabelsDescription": "Sites with these labels will be enforced to connect through this remote exit node.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Select labels...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Search labels...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Failed to load labels",
"remoteExitNodeCreate": {
"title": "Create Remote Node",
"description": "Create a new self-hosted remote relay and proxy server node",
@@ -2193,6 +2546,7 @@
"noRemoteExitNodesAvailableDescription": "No nodes are available for this organization. Create a node first to use local sites.",
"exitNode": "Exit Node",
"country": "Country",
+ "countryIsNot": "Country Is Not",
"rulesMatchCountry": "Currently based on source IP",
"region": "Region",
"selectRegion": "Select region",
@@ -2318,6 +2672,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC provider",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Subnet",
+ "utilitySubnet": "Utility Subnet",
"subnetDescription": "The subnet for this organization's network configuration.",
"customDomain": "Custom Domain",
"authPage": "Authentication Pages",
@@ -2739,15 +3094,17 @@
"orgOrDomainIdMissing": "Organization or Domain ID is missing",
"loadingDNSRecords": "Loading DNS records...",
"olmUpdateAvailableInfo": "An updated version of Olm is available. Please update to the latest version for the best experience.",
+ "updateAvailableInfo": "An updated version is available. Please update to the latest version for the best experience.",
"client": "Client",
"proxyProtocol": "Proxy Protocol Settings",
"proxyProtocolDescription": "Configure Proxy Protocol to preserve client IP addresses for TCP services.",
"enableProxyProtocol": "Enable Proxy Protocol",
"proxyProtocolInfo": "Preserve client IP addresses for TCP backends",
"proxyProtocolVersion": "Proxy Protocol Version",
- "version1": " Version 1 (Recommended)",
+ "version1": "Version 1 (Recommended)",
"version2": "Version 2",
- "versionDescription": "Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible. Make sure servers transport is added to dynamic config.",
+ "version1Description": "Text-based and widely supported. Make sure servers transport is added to dynamic config.",
+ "version2Description": "Binary and more efficient but less compatible. Make sure servers transport is added to dynamic config.",
"warning": "Warning",
"proxyProtocolWarning": "The backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections so only enable this if you know what you're doing. Make sure to configure your backend to trust Proxy Protocol headers from Traefik.",
"restarting": "Restarting...",
@@ -2904,14 +3261,14 @@
"enterConfirmation": "Enter confirmation",
"blueprintViewDetails": "Details",
"defaultIdentityProvider": "Default Identity Provider",
- "defaultIdentityProviderDescription": "When a default identity provider is selected, the user will be automatically redirected to the provider for authentication.",
+ "defaultIdentityProviderDescription": "The user will be automatically redirected to this identity provider for authentication.",
"editInternalResourceDialogNetworkSettings": "Network Settings",
"editInternalResourceDialogAccessPolicy": "Access Policy",
"editInternalResourceDialogAddRoles": "Add Roles",
"editInternalResourceDialogAddUsers": "Add Users",
"editInternalResourceDialogAddClients": "Add Clients",
"editInternalResourceDialogDestinationLabel": "Destination",
- "editInternalResourceDialogDestinationDescription": "Choose where this resource runs and how clients reach it. Selecting multiple sites will create a high availability resource that can be accessed from any of the selected sites.",
+ "editInternalResourceDialogDestinationDescription": "Choose where this resource runs and how clients reach it",
"internalResourceFormMultiSiteRoutingHelp": "Selecting multiple sites enables resilient routing and failover for high availability.",
"internalResourceFormMultiSiteRoutingHelpLearnMore": "Learn more",
"editInternalResourceDialogPortRestrictionsDescription": "Restrict access to specific TCP/UDP ports or allow/block all ports.",
@@ -2940,11 +3297,12 @@
"learnMore": "Learn more",
"backToHome": "Go back to home",
"needToSignInToOrg": "Need to use your organization's identity provider?",
- "maintenanceMode": "Maintenance Mode",
+ "maintenanceMode": "Maintenance Page",
"maintenanceModeDescription": "Display a maintenance page to visitors",
"maintenanceModeType": "Maintenance Mode Type",
"showMaintenancePage": "Show a maintenance page to visitors",
"enableMaintenanceMode": "Enable Maintenance Mode",
+ "enableMaintenanceModeDescription": "When enabled, visitors will see a maintenance page instead of your resource.",
"automatic": "Automatic",
"automaticModeDescription": " Show maintenance page only when all backend targets are down or unhealthy. Your resource continues working normally as long as at least one target is healthy.",
"forced": "Forced",
@@ -2952,6 +3310,8 @@
"warning:": "Warning:",
"forcedeModeWarning": "All traffic will be directed to the maintenance page. Your backend resources will not receive any requests.",
"pageTitle": "Page Title",
+ "maintenancePageContentSubsection": "Page Content",
+ "maintenancePageContentSubsectionDescription": "Customize the content displayed on the maintenance page",
"pageTitleDescription": "The main heading displayed on the maintenance page",
"maintenancePageMessage": "Maintenance Message",
"maintenancePageMessagePlaceholder": "We'll be back soon! Our site is currently undergoing scheduled maintenance.",
@@ -2970,6 +3330,7 @@
"maintenanceScreenEstimatedCompletion": "Estimated Completion:",
"createInternalResourceDialogDestinationRequired": "Destination is required",
"available": "Available",
+ "disabledResourceDescription": "When disabled, the resource will be inaccessible by everyone.",
"archived": "Archived",
"noArchivedDevices": "No archived devices found",
"deviceArchived": "Device archived",
@@ -3215,6 +3576,8 @@
"idpUnassociateQuestion": "Are you sure you want to unassociate this identity provider from this organization?",
"idpUnassociateDescription": "All users associated with this identity provider will be removed from this organization, but the identity provider will still continue to exist for other associated organizations.",
"idpUnassociateConfirm": "Confirm Unassociate Identity Provider",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "DELETE AND REMOVE ME FROM ORG",
+ "idpUnassociateAndRemoveMeFromOrg": "UNASSOCIATE AND REMOVE ME FROM ORG",
"idpUnassociateWarning": "This cannot be undone for this organization.",
"idpUnassociatedDescription": "Identity provider unassociated from this organization successfully",
"idpUnassociateMenu": "Unassociate",
@@ -3298,6 +3661,143 @@
"memberPortalEmailWhitelist": "Email Whitelist",
"memberPortalResourceDisabled": "Resource Disabled",
"memberPortalShowingResources": "Showing {start}-{end} of {total} resources",
+ "resourceLauncherTitle": "Resource Launcher",
+ "resourceSidebarLauncherTitle": "Launcher",
+ "resourceLauncherDescription": "View all available resources and launch them from one central hub",
+ "resourceLauncherSearchPlaceholder": "Search your resources...",
+ "resourceLauncherDefaultView": "Default",
+ "resourceLauncherSaveView": "Save View",
+ "resourceLauncherSaveToCurrentView": "Save to Current View",
+ "resourceLauncherSaveDefaultPersonal": "Save for Me",
+ "resourceLauncherResetView": "Reset View",
+ "resourceLauncherResetSystemDefault": "Reset to System Default",
+ "resourceLauncherSystemDefaultRestored": "System default restored",
+ "resourceLauncherSystemDefaultRestoredDescription": "The default view has been reset to the original settings.",
+ "resourceLauncherSaveAsNewView": "Save as New View",
+ "resourceLauncherSaveAsNewViewDescription": "Give this view a name to save your current filters and layout.",
+ "resourceLauncherSaveForEveryone": "Save for Everyone",
+ "resourceLauncherSaveForEveryoneDescription": "Share this view with all organization members. When unchecked, the view is only visible to you.",
+ "resourceLauncherMakePersonal": "Make Personal",
+ "resourceLauncherFilter": "Filter",
+ "resourceLauncherFilterWithCount": "Filter, {count} applied",
+ "resourceLauncherSort": "Sort",
+ "resourceLauncherSortAscending": "Sort ascending",
+ "resourceLauncherSortDescending": "Sort descending",
+ "resourceLauncherSettings": "Settings",
+ "resourceLauncherGroupBy": "Group By",
+ "resourceLauncherGroupBySite": "Site",
+ "resourceLauncherGroupByLabel": "Label",
+ "resourceLauncherGroupByNone": "None",
+ "resourceLauncherLayout": "Layout",
+ "resourceLauncherLayoutGrid": "Grid",
+ "resourceLauncherLayoutList": "List",
+ "resourceLauncherShowLabels": "Show Labels",
+ "resourceLauncherShowSiteTags": "Show Site Tags",
+ "resourceLauncherShowRecents": "Show Recents",
+ "resourceLauncherDeleteView": "Delete View",
+ "resourceLauncherDeleteViewTitle": "Delete View",
+ "resourceLauncherDeleteViewQuestion": "Are you sure you want to delete this launcher view?",
+ "resourceLauncherDeleteViewConfirm": "Delete View",
+ "resourceLauncherViewAsAdmin": "View as Admin",
+ "resourceLauncherResourceDetailsDescription": "Connection information and status for this resource.",
+ "resourceLauncherResourceDetails": "Resource Details",
+ "resourceLauncherAuthMethodsDescription": "Authentication methods enabled for this resource.",
+ "resourceLauncherPrivateClientRequired": "Connect with a client on your device to access this resource privately.",
+ "resourceLauncherPrivateClientRequiredTitle": "Client Connection Required",
+ "resourceLauncherDownloadClient": "Download client",
+ "resourceLauncherFailedToLoadDetails": "Could not load resource details. You may no longer have access to this resource.",
+ "resourceLauncherNoPortRestrictions": "No port restrictions",
+ "resourceLauncherTcp": "TCP",
+ "resourceLauncherUdp": "UDP",
+ "resourceLauncherUnlabeled": "Unlabeled",
+ "resourceLauncherNoSite": "No Site",
+ "resourceLauncherNoResourcesInGroup": "No resources in this group",
+ "resourceLauncherEmptyStateTitle": "No Resources Available",
+ "resourceLauncherEmptyStateDescription": "You don't have access to any resources yet. Contact your administrator to request access.",
+ "resourceLauncherEmptyStateNoResultsTitle": "No Resources Found",
+ "resourceLauncherEmptyStateNoResultsDescription": "No resources match your current search or filters. Try adjusting them to find what you are looking for.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "No resources match \"{query}\". Try adjusting your search or clearing filters to see all resources.",
+ "resourceLauncherSearchFirstTitle": "Search or Filter to Browse",
+ "resourceLauncherSearchFirstDescription": "You have access to many resources. Use search or filter by site or label to find what you need.",
+ "resourceLauncherSiteGroupingDisabled": "Site grouping is unavailable at this scale. Filter by site to group a smaller set.",
+ "resourceLauncherLabelGroupingDisabled": "Label grouping is unavailable at this scale.",
+ "resourceLauncherCompactModeHint": "Showing a simplified list for faster browsing. Use search or filters to narrow results.",
+ "resourceLauncherCompactGroupingHint": "Apply site or label filters to enable grouping.",
+ "resourceLauncherCopiedToClipboard": "Copied to clipboard",
+ "resourceLauncherCopiedAccessDescription": "Resource access has been copied to your clipboard.",
+ "resourceLauncherViewNamePlaceholder": "View name",
+ "resourceLauncherViewNameLabel": "View Name",
+ "resourceLauncherViewSaved": "View saved",
+ "resourceLauncherViewSavedDescription": "Your launcher view has been saved.",
+ "resourceLauncherViewSaveFailed": "Failed to save view",
+ "resourceLauncherViewSaveFailedDescription": "Could not save the launcher view. Please try again.",
+ "resourceLauncherViewDeleted": "View deleted",
+ "resourceLauncherViewDeletedDescription": "The launcher view has been deleted.",
+ "resourceLauncherViewDeleteFailed": "Failed to delete view",
+ "resourceLauncherViewDeleteFailedDescription": "Could not delete the launcher view. Please try again.",
"memberPortalPrevious": "Previous",
- "memberPortalNext": "Next"
+ "memberPortalNext": "Next",
+ "httpSettings": "HTTP Settings",
+ "tcpSettings": "TCP Settings",
+ "udpSettings": "UDP Settings",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Establishing a secure connection…",
+ "sshConnecting": "Connecting…",
+ "sshInitializing": "Initializing…",
+ "sshSignInTitle": "Sign in to SSH",
+ "sshSignInDescription": "Enter your SSH credentials to connect",
+ "sshPasswordTab": "Password",
+ "sshPrivateKeyTab": "Private Key",
+ "sshPrivateKeyField": "Private Key",
+ "sshPrivateKeyDisclaimer": "Your private key is not stored or visible to Pangolin. Alternatively, you can use short-lived certificates for seamless authentication using your existing Pangolin identity.",
+ "sshLearnMore": "Learn more",
+ "sshPrivateKeyFile": "Private Key File",
+ "sshAuthenticate": "Connect",
+ "sshTerminate": "Terminate",
+ "sshPoweredBy": "Powered by",
+ "sshErrorNoTarget": "No target specified",
+ "sshErrorWebSocket": "WebSocket connection failed",
+ "sshErrorAuthFailed": "Authentication failed",
+ "sshErrorConnectionClosed": "Connection closed before authentication completed",
+ "sitePangolinSshDescription": "Allow SSH access to resources on this site. This can be changed later.",
+ "browserGatewayNoResourceForDomain": "No resource found for this domain",
+ "browserGatewayNoTarget": "No target",
+ "browserGatewayConnect": "Connect",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Failed to sign SSH key for PAM push authentication. Did you sign in as a user?",
+ "sshTerminalError": "Error: {error}",
+ "sshConnectionClosedCode": "Connection closed (code {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Private key is required",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Enter your VNC credentials to connect",
+ "vncUsernameOptional": "Username (optional)",
+ "vncPasswordOptional": "Password (optional)",
+ "vncNoResourceTarget": "No resource target is available",
+ "vncFailedToLoadNovnc": "Failed to load noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Paste clipboard",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Sign in to Remote Desktop",
+ "rdpSignInDescription": "Enter Windows credentials to connect",
+ "rdpLoadingModule": "Loading module...",
+ "rdpFailedToLoadModule": "Failed to load RDP module",
+ "rdpNotReady": "Not ready",
+ "rdpModuleInitializing": "RDP module is still initializing",
+ "rdpDownloadingFiles": "Downloading {count} file(s) from remote…",
+ "rdpDownloadFailed": "Download failed: {fileName}",
+ "rdpUploaded": "Uploaded: {fileName}",
+ "rdpNoConnectionTarget": "No connection target available",
+ "rdpConnectionFailed": "Connection failed",
+ "rdpFit": "Fit",
+ "rdpFull": "Full",
+ "rdpReal": "Real",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Upload files",
+ "rdpFilesReadyToPaste": "Files ready to paste",
+ "rdpFilesReadyToPasteDescription": "{count} file(s) copied to remote clipboard — press Ctrl+V on the remote desktop to paste.",
+ "rdpUploadFailed": "Upload failed",
+ "rdpUnicodeKeyboardMode": "Unicode keyboard mode",
+ "sessionToolbarShow": "Show toolbar",
+ "sessionToolbarHide": "Hide toolbar"
}
diff --git a/messages/es-ES.json b/messages/es-ES.json
index 9e5b6fc82..6903dac34 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -66,9 +66,15 @@
"local": "Local",
"edit": "Editar",
"siteConfirmDelete": "Confirmar Borrar Sitio",
+ "siteConfirmDeleteAndResources": "Confirmar eliminación del sitio y recursos",
"siteDelete": "Eliminar sitio",
+ "siteDeleteAndResources": "Eliminar sitio y recursos",
"siteMessageRemove": "Una vez eliminado, el sitio ya no será accesible. Todos los objetivos asociados con el sitio también serán eliminados.",
+ "siteMessageRemoveAndResources": "Esto eliminará permanentemente todos los recursos públicos y privados vinculados a este sitio, incluso si un recurso también está asociado con otros sitios.",
"siteQuestionRemove": "¿Está seguro que desea eliminar el sitio de la organización?",
+ "siteQuestionRemoveAndResources": "¿Está seguro de que desea eliminar este sitio y todos los recursos asociados?",
+ "sitesTableDeleteSite": "Eliminar sitio",
+ "sitesTableDeleteSiteAndResources": "Eliminar sitio y recursos",
"siteManageSites": "Administrar Sitios",
"siteDescription": "Crear y administrar sitios para permitir la conectividad a redes privadas",
"sitesBannerTitle": "Conectar cualquier red",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Ver Recursos Privados",
"siteInstallNewt": "Instalar Newt",
"siteInstallNewtDescription": "Recibe Newt corriendo en tu sistema",
+ "siteInstallKubernetesDocsDescription": "Para información de instalación de Kubernetes más reciente, consulta docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Para instrucciones de instalación del módem Advantech, consulta docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Configuración de Wirex Guard",
"WgConfigurationDescription": "Utilice la siguiente configuración para conectarse a la red",
"operatingSystem": "Sistema operativo",
@@ -115,6 +123,16 @@
"siteUpdated": "Sitio actualizado",
"siteUpdatedDescription": "El sitio ha sido actualizado.",
"siteGeneralDescription": "Configurar la configuración general de este sitio",
+ "siteRestartTitle": "Reiniciar Sitio",
+ "siteRestartDescription": "Reinicia el túnel WireGuard para este sitio. Esto interrumpirá brevemente la conectividad.",
+ "siteRestartBody": "Utiliza esto si el túnel del sitio no está funcionando correctamente y quieres forzar una reconexión sin reiniciar el host.",
+ "siteRestartButton": "Reiniciar Sitio",
+ "siteRestartDialogMessage": "¿Estás seguro de que deseas reiniciar el túnel WireGuard para {name}? El sitio perderá conectividad brevemente.",
+ "siteRestartWarning": "El sitio se desconectará brevemente mientras se reinicia el túnel.",
+ "siteRestarted": "Sitio reiniciado",
+ "siteRestartedDescription": "El túnel WireGuard ha sido reiniciado.",
+ "siteErrorRestart": "Error al reiniciar el sitio",
+ "siteErrorRestartDescription": "Se ha producido un error al reiniciar el sitio.",
"siteSettingDescription": "Configurar los ajustes en el sitio",
"siteResourcesTab": "Recursos",
"siteResourcesNoneOnSite": "Este sitio aún no tiene recursos públicos o privados.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Sólo podrás verlo una vez. Asegúrate de copiarlo a un lugar seguro.",
"siteInfo": "Información del sitio",
"status": "Estado",
- "shareTitle": "Administrar Enlaces de Compartir",
+ "shareTitle": "Gestionar Enlaces Compartibles",
"shareDescription": "Crear enlaces compartidos para conceder acceso temporal o permanente a recursos proxy",
- "shareSearch": "Buscar enlaces compartidos...",
- "shareCreate": "Crear enlace Compartir",
+ "shareSearch": "Buscar enlaces compartibles...",
+ "shareCreate": "Crear Enlace Compartible",
"shareErrorDelete": "Error al eliminar el enlace",
"shareErrorDeleteMessage": "Se ha producido un error al eliminar el enlace",
"shareDeleted": "Enlace eliminado",
"shareDeletedDescription": "El enlace ha sido eliminado",
- "shareDelete": "Borrar Enlace Compartido",
- "shareDeleteConfirm": "Confirmar Borrado del Enlace Compartido",
+ "shareDelete": "Eliminar Enlace Compartible",
+ "shareDeleteConfirm": "Confirmar Eliminación de Enlace Compartible",
"shareQuestionRemove": "¿Está seguro de que desea borrar este enlace compartido?",
"shareMessageRemove": "Una vez borrado, el enlace dejará de funcionar y cualquier persona que lo use perderá acceso al recurso.",
"shareTokenDescription": "El token de acceso puede ser pasado de dos maneras: como parámetro de consulta o en las cabeceras de solicitud. Estos deben ser pasados del cliente en cada solicitud de acceso autenticado.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Se ha producido un error al crear el enlace compartido",
"shareCreateDescription": "Cualquiera con este enlace puede acceder al recurso",
"shareTitleOptional": "Título (opcional)",
+ "sharePathOptional": "Ruta (opcional)",
+ "sharePathDescription": "El enlace redirigirá a los usuarios a esta ruta tras la autenticación.",
"expireIn": "Caduca en",
"neverExpire": "Nunca expirar",
"shareExpireDescription": "El tiempo de caducidad es cuánto tiempo el enlace será utilizable y proporcionará acceso al recurso. Después de este tiempo, el enlace ya no funcionará, y los usuarios que usaron este enlace perderán el acceso al recurso.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Por favor, seleccione un recurso",
"proxyResourceTitle": "Administrar recursos públicos",
"proxyResourceDescription": "Crear y administrar recursos que sean accesibles públicamente a través de un navegador web",
- "proxyResourcesBannerTitle": "Acceso público basado en web",
- "proxyResourcesBannerDescription": "Los recursos públicos son proxies HTTPS o TCP/UDP accesibles a cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluye políticas de acceso basadas en identidad y contexto.",
+ "publicResourcesBannerTitle": "Acceso Público basado en Web",
+ "publicResourcesBannerDescription": "Los recursos públicos son proxies HTTPS accesibles para cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluyen políticas de acceso basadas en identidad y contexto.",
"clientResourceTitle": "Administrar recursos privados",
"clientResourceDescription": "Crear y administrar recursos que sólo son accesibles a través de un cliente conectado",
"privateResourcesBannerTitle": "Acceso privado de confianza cero",
@@ -208,11 +228,37 @@
"resourcesSearch": "Buscar recursos...",
"resourceAdd": "Añadir Recurso",
"resourceErrorDelte": "Error al eliminar el recurso",
+ "resourcePoliciesBannerTitle": "Reutilizar Reglas de Autenticación y Acceso",
+ "resourcePoliciesBannerDescription": "Las políticas de recursos compartidos te permiten definir métodos de autenticación y reglas de acceso una vez, y luego adjuntarlas a múltiples recursos públicos. Al actualizar una política, cada recurso vinculado hereda automáticamente el cambio.",
+ "resourcePoliciesBannerButtonText": "Saber más",
+ "resourcePoliciesTitle": "Gestionar Políticas de Recursos Públicos",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
+ "resourcePoliciesAttachedResources": "{count} recurso/s",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
+ "resourcePoliciesAttachedResourcesEmpty": "sin recursos",
+ "resourcePoliciesDescription": "Crear y gestionar políticas de autenticación para controlar el acceso a tus recursos públicos",
+ "resourcePoliciesSearch": "Buscar políticas...",
+ "resourcePoliciesAdd": "Agregar Política",
+ "resourcePoliciesDefaultBadgeText": "Política predeterminada",
+ "resourcePoliciesCreate": "Crear Política de Recursos Públicos",
+ "resourcePoliciesCreateDescription": "Siga los pasos a continuación para crear una nueva política",
+ "resourcePolicyName": "Nombre de la política",
+ "resourcePolicyNameDescription": "Déle a esta política un nombre para identificarla en sus recursos",
+ "resourcePolicyNamePlaceholder": "por ejemplo, Política de Acceso Interno",
+ "resourcePoliciesSeeAll": "Ver todas las políticas",
+ "resourcePolicyAuthMethodAdd": "Agregar Método de Autenticación",
+ "resourcePolicyOtpEmailAdd": "Agregar correos electrónicos OTP",
+ "resourcePolicyRulesAdd": "Añadir reglas",
+ "resourcePolicyAuthMethodsDescription": "Permitir el acceso a los recursos a través de métodos de autenticación adicionales",
+ "resourcePolicyUsersRolesDescription": "Configure qué usuarios y roles pueden visitar los recursos asociados",
+ "rulesResourcePolicyDescription": "Configure reglas para controlar el acceso a los recursos asociados a esta política",
"authentication": "Autenticación",
"protected": "Protegido",
"notProtected": "No protegido",
"resourceMessageRemove": "Una vez eliminado, el recurso ya no será accesible. Todos los objetivos asociados con el recurso también serán eliminados.",
"resourceQuestionRemove": "¿Está seguro que desea eliminar el recurso de la organización?",
+ "resourcePolicyMessageRemove": "Una vez eliminada, la política de recursos ya no será accesible. Todos los recursos asociados al recurso serán desvinculados y quedarán sin autenticación.",
+ "resourcePolicyQuestionRemove": "¿Está seguro de que desea eliminar la política de recursos de la organización?",
"resourceHTTP": "HTTPS Recurso",
"resourceHTTPDescription": "Proxy proporciona solicitudes sobre HTTPS usando un nombre de dominio completamente calificado.",
"resourceRaw": "Recurso TCP/UDP sin procesar",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Las peticiones de proxy sobre TCP/UDP crudas usando un número de puerto. Requiere que los sitios se conecten a un nodo remoto.",
"resourceCreate": "Crear Recurso",
"resourceCreateDescription": "Siga los siguientes pasos para crear un nuevo recurso",
+ "resourceCreateGeneralDescription": "Configurar la configuración básica del recurso, incluido el nombre y el tipo",
"resourceSeeAll": "Ver todos los recursos",
- "resourceInfo": "Información del recurso",
+ "resourceCreateGeneral": "General",
"resourceNameDescription": "Este es el nombre para mostrar el recurso.",
"siteSelect": "Seleccionar sitio",
"siteSearch": "Buscar sitio",
@@ -231,12 +278,15 @@
"noCountryFound": "Ningún país encontrado.",
"siteSelectionDescription": "Este sitio proporcionará conectividad al objetivo.",
"resourceType": "Tipo de recurso",
- "resourceTypeDescription": "Determina cómo acceder al recurso",
+ "resourceTypeDescription": "Esto controla el protocolo del recurso y cómo se renderizará en el navegador. Esto no se puede cambiar más tarde.",
+ "resourceDomainDescription": "El recurso se servirá en este nombre de dominio completamente calificado.",
"resourceHTTPSSettings": "Configuración HTTPS",
"resourceHTTPSSettingsDescription": "Configurar cómo se accederá al recurso a través de HTTPS",
+ "resourcePortDescription": "El puerto externo en la instancia o nodo de Pangolin donde el recurso será accesible.",
"domainType": "Tipo de dominio",
"subdomain": "Subdominio",
"baseDomain": "Dominio base",
+ "configure": "Configurar",
"subdomnainDescription": "El subdominio al que el recurso será accesible.",
"resourceRawSettings": "Configuración TCP/UDP",
"resourceRawSettingsDescription": "Configurar cómo se accederá al recurso a través de TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Atrás",
"cancel": "Cancelar",
"resourceConfig": "Fragmentos de configuración",
- "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP",
+ "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Añadir puntos de entrada",
"resourceExposePorts": "Gerbil: Exponer puertos en Docker Compose",
"resourceLearnRaw": "Aprende cómo configurar los recursos TCP/UDP",
"resourceBack": "Volver a Recursos",
"resourceGoTo": "Ir a Recurso",
+ "resourcePolicyDelete": "Eliminar Política de Recursos",
+ "resourcePolicyDeleteConfirm": "Confirmar eliminación de la política de recursos",
"resourceDelete": "Eliminar Recurso",
"resourceDeleteConfirm": "Confirmar Borrar Recurso",
+ "labelDelete": "Eliminar etiqueta",
+ "labelAdd": "Agregar etiqueta",
+ "labelCreateSuccessMessage": "Etiqueta creada correctamente",
+ "labelDuplicateError": "Etiqueta Duplicada",
+ "labelDuplicateErrorDescription": "Una etiqueta con este nombre ya existe.",
+ "labelEditSuccessMessage": "Etiqueta modificada correctamente",
+ "labelNameField": "Nombre de la etiqueta",
+ "labelColorField": "Color de la etiqueta",
+ "labelPlaceholder": "Ej: homelab",
+ "labelCreate": "Crear etiqueta",
+ "createLabelDialogTitle": "Crear etiqueta",
+ "createLabelDialogDescription": "Cree una nueva etiqueta que se pueda adjuntar a esta organización",
+ "labelEdit": "Editar etiqueta",
+ "editLabelDialogTitle": "Actualizar etiqueta",
+ "editLabelDialogDescription": "Edite una nueva etiqueta que se pueda adjuntar a esta organización",
+ "labelDeleteConfirm": "Confirmar eliminación de etiqueta",
+ "labelErrorDelete": "Error al eliminar la etiqueta",
+ "labelMessageRemove": "Esta acción es permanente. Todos los sitios, recursos y clientes etiquetados con esta etiqueta serán des- etiquetados.",
+ "labelQuestionRemove": "¿Está seguro de que desea eliminar la etiqueta de la organización?",
"visibility": "Visibilidad",
"enabled": "Activado",
"disabled": "Deshabilitado",
@@ -265,6 +336,8 @@
"rules": "Reglas",
"resourceSettingDescription": "Configurar la configuración del recurso",
"resourceSetting": "Ajustes {resourceName}",
+ "resourcePolicySettingDescription": "Configura los ajustes de esta política de recursos públicos",
+ "resourcePolicySetting": "Configuración {policyName}",
"alwaysAllow": "Autorización Bypass",
"alwaysDeny": "Bloquear acceso",
"passToAuth": "Pasar a Autenticación",
@@ -671,7 +744,7 @@
"targetSubmit": "Añadir destino",
"targetNoOne": "Este recurso no tiene ningún objetivo. Agrega un objetivo para configurar dónde enviar peticiones al backend.",
"targetNoOneDescription": "Si se añade más de un objetivo anterior se activará el balance de carga.",
- "targetsSubmit": "Guardar objetivos",
+ "targetsSubmit": "Guardar ajustes",
"addTarget": "Añadir destino",
"proxyMultiSiteRoundRobinNodeHelp": "El enrutamiento de turnos no funcionará entre sitios que no están conectados al mismo nodo, pero el failover funcionará.",
"targetErrorInvalidIp": "Dirección IP inválida",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Duplicar regla",
"rulesErrorDuplicateDescription": "Ya existe una regla con estos ajustes",
"rulesErrorInvalidIpAddressRange": "CIDR inválido",
- "rulesErrorInvalidIpAddressRangeDescription": "Por favor, introduzca un valor CIDR válido",
- "rulesErrorInvalidUrl": "Ruta URL inválida",
- "rulesErrorInvalidUrlDescription": "Por favor, introduzca un valor de ruta de URL válido",
- "rulesErrorInvalidIpAddress": "IP inválida",
- "rulesErrorInvalidIpAddressDescription": "Por favor, introduzca una dirección IP válida",
+ "rulesErrorInvalidIpAddressRangeDescription": "Introduce un rango CIDR válido (por ejemplo, 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Ruta no válida",
+ "rulesErrorInvalidUrlDescription": "Introduce una ruta URL o patrón válido (por ejemplo, /api/*).",
+ "rulesErrorInvalidIpAddress": "Dirección IP no válida",
+ "rulesErrorInvalidIpAddressDescription": "Introduce una dirección IPv4 o IPv6 válida.",
"rulesErrorUpdate": "Error al actualizar las reglas",
"rulesErrorUpdateDescription": "Se ha producido un error al actualizar las reglas",
"rulesUpdated": "Activar Reglas",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "Introduzca una dirección en formato CIDR (por ejemplo, 103.21.244.0/22)",
"rulesMatchIpAddress": "Introduzca una dirección IP (por ejemplo, 103.21.244.12)",
"rulesMatchUrl": "Introduzca una ruta URL o patrón (por ej., /api/v1/todos o /api/v1/*)",
- "rulesErrorInvalidPriority": "Prioridad inválida",
- "rulesErrorInvalidPriorityDescription": "Por favor, introduzca una prioridad válida",
+ "rulesErrorInvalidPriority": "Prioridad no válida",
+ "rulesErrorInvalidPriorityDescription": "Introduce un número entero de 1 o mayor.",
"rulesErrorDuplicatePriority": "Prioridades duplicadas",
- "rulesErrorDuplicatePriorityDescription": "Por favor, introduzca prioridades únicas",
+ "rulesErrorDuplicatePriorityDescription": "Cada regla debe tener un número de prioridad único.",
+ "rulesErrorValidation": "Reglas no válidas",
+ "rulesErrorValidationRuleDescription": "Regla {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Selecciona un tipo de coincidencia válido (ruta, IP, CIDR, país, región o ASN).",
+ "rulesErrorValueRequired": "Introduce un valor para esta regla.",
+ "rulesErrorInvalidCountry": "País no válido",
+ "rulesErrorInvalidCountryDescription": "Selecciona un país válido.",
+ "rulesErrorInvalidAsn": "ASN no válido",
+ "rulesErrorInvalidAsnDescription": "Introduce un ASN válido (por ejemplo, AS15169).",
"ruleUpdated": "Reglas actualizadas",
"ruleUpdatedDescription": "Reglas actualizadas correctamente",
"ruleErrorUpdate": "Operación fallida",
"ruleErrorUpdateDescription": "Se ha producido un error durante la operación de guardado",
"rulesPriority": "Prioridad",
+ "rulesReorderDragHandle": "Arrastra para reordenar la prioridad de reglas",
"rulesAction": "Accin",
"rulesMatchType": "Tipo de partida",
"value": "Valor",
@@ -744,9 +826,60 @@
"rulesResource": "Configuración de reglas de recursos",
"rulesResourceDescription": "Configurar reglas para controlar el acceso al recurso",
"ruleSubmit": "Añadir Regla",
- "rulesNoOne": "No hay reglas. Agregue una regla usando el formulario.",
+ "rulesNoOne": "Aún no hay reglas.",
"rulesOrder": "Las reglas son evaluadas por prioridad en orden ascendente.",
"rulesSubmit": "Guardar Reglas",
+ "policyErrorCreate": "Error al crear la política",
+ "policyErrorCreateDescription": "Se ha producido un error al crear la política",
+ "policyErrorCreateMessageDescription": "Se ha producido un error inesperado",
+ "policyErrorUpdate": "Error al actualizar la política",
+ "policyErrorUpdateDescription": "Se ha producido un error al actualizar la política",
+ "policyErrorUpdateMessageDescription": "Se ha producido un error inesperado",
+ "policyCreatedSuccess": "Política de recursos creada con éxito",
+ "policyUpdatedSuccess": "Política de recursos actualizada con éxito",
+ "authMethodsSave": "Guardar ajustes",
+ "policyAuthStackTitle": "Autenticación",
+ "policyAuthStackDescription": "Controla qué métodos de autenticación son necesarios para acceder a este recurso",
+ "policyAuthOrLogicTitle": "Múltiples métodos de autenticación activos",
+ "policyAuthOrLogicBanner": "Los visitantes pueden autenticarse utilizando cualquier método activo a continuación. No necesitan completar todos ellos.",
+ "policyAuthMethodActive": "Activo",
+ "policyAuthMethodOff": "Apagado",
+ "policyAuthSsoTitle": "SSO de Plataforma",
+ "policyAuthSsoDescription": "Requiere iniciar sesión a través del proveedor de identidad de tu organización",
+ "policyAuthSsoSummary": "{idp} · {users} usuarios, {roles} roles",
+ "policyAuthSsoDefaultIdp": "Proveedor por defecto",
+ "policyAuthAddDefaultIdentityProvider": "Añadir Proveedor de Identidad Predeterminado",
+ "policyAuthOtherMethodsTitle": "Otros Métodos",
+ "policyAuthOtherMethodsDescription": "Métodos opcionales que los visitantes pueden utilizar en lugar de o junto con el SSO de plataforma",
+ "policyAuthPasscodeTitle": "Código de Acceso",
+ "policyAuthPasscodeDescription": "Requiere un código alfanumérico compartido para acceder al recurso",
+ "policyAuthPasscodeSummary": "Código de acceso establecido",
+ "policyAuthPincodeTitle": "Código PIN",
+ "policyAuthPincodeDescription": "Un código numérico corto necesario para acceder al recurso",
+ "policyAuthPincodeSummary": "Código PIN de 6 dígitos establecido",
+ "policyAuthEmailTitle": "Lista Blanca de Correo",
+ "policyAuthEmailDescription": "Permitir direcciones de correo listadas con contraseñas de un solo uso",
+ "policyAuthEmailSummary": "{count} direcciones permitidas",
+ "policyAuthEmailOtpCallout": "Habilitar la lista blanca de correos envía una contraseña de un solo uso al correo del visitante al iniciar sesión.",
+ "policyAuthHeaderAuthTitle": "Autenticación Básica del Encabezado",
+ "policyAuthHeaderAuthDescription": "Valida un nombre y valor de encabezado HTTP personalizado en cada petición",
+ "policyAuthHeaderAuthSummary": "Encabezado configurado",
+ "policyAuthHeaderName": "Nombre del encabezado",
+ "policyAuthHeaderValue": "Valor esperado",
+ "policyAuthSetPasscode": "Establecer Código de Acceso",
+ "policyAuthSetPincode": "Establecer Código PIN",
+ "policyAuthSetEmailWhitelist": "Establecer Lista Blanca de Correo",
+ "policyAuthSetHeaderAuth": "Establecer Autenticación Básica del Encabezado",
+ "policyAccessRulesTitle": "Reglas de Acceso",
+ "policyAccessRulesEnableDescription": "Cuando está habilitado, las reglas se evalúan en orden descendente hasta que una se evalúa como verdadera.",
+ "policyAccessRulesFirstMatch": "Las reglas se evalúan de arriba a abajo. La primera regla coincidente decide el resultado.",
+ "policyAccessRulesHowItWorks": "Las reglas coinciden con las solicitudes por ruta, dirección IP, ubicación u otros criterios. Cada regla aplica una acción: omitir autenticación, bloquear acceso o pasar a autenticación. Si ninguna regla coincide, el tráfico sigue a la autenticación.",
+ "policyAccessRulesFallthroughOff": "Cuando las reglas están deshabilitadas, todo el tráfico pasa a autenticación.",
+ "policyAccessRulesFallthroughOn": "Cuando no coincide ninguna regla, el tráfico pasa a autenticación.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Guardar reglas",
"resourceErrorCreate": "Error al crear recurso",
"resourceErrorCreateDescription": "Se ha producido un error al crear el recurso",
"resourceErrorCreateMessage": "Error al crear el recurso:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Se ha producido un error al actualizar el recurso",
"access": "Acceder",
"accessControl": "Control de acceso",
- "shareLink": "{resource} Compartir Enlace",
+ "shareLink": "Enlace Compartible de {resource}",
"resourceSelect": "Seleccionar recurso",
- "shareLinks": "Compartir enlaces",
+ "shareLinks": "Enlaces Compartibles",
"share": "Enlaces compartibles",
"shareDescription2": "Crea enlaces compartidos a recursos. Los enlaces proporcionan acceso temporal o ilimitado a tu recurso. Puede configurar la duración de caducidad del enlace cuando cree uno.",
"shareEasyCreate": "Fácil de crear y compartir",
@@ -810,6 +943,17 @@
"pincodeAdd": "Añadir código PIN",
"pincodeRemove": "Eliminar código PIN",
"resourceAuthMethods": "Métodos de autenticación",
+ "resourcePolicyAuthMethodsEmpty": "No hay método de autenticación",
+ "resourcePolicyOtpEmpty": "Sin contraseña de un solo uso",
+ "resourcePolicyReadOnly": "Esta política es solo de lectura",
+ "resourcePolicyReadOnlyDescription": "Esta política de recursos se comparte entre varios recursos, no puede editarla en esta página.",
+ "editSharedPolicy": "Editar Política Compartida",
+ "resourcePolicyTypeSave": "Guardar tipo de recurso",
+ "resourcePolicySelect": "Seleccionar política de recursos",
+ "resourcePolicySelectError": "Seleccione una política de recursos",
+ "resourcePolicyNotFound": "Política no encontrada",
+ "resourcePolicySearch": "Buscar políticas",
+ "resourcePolicyRulesEmpty": "Sin reglas de autenticación",
"resourceAuthMethodsDescriptions": "Permitir el acceso al recurso a través de métodos de autenticación adicionales",
"resourceAuthSettingsSave": "Guardado correctamente",
"resourceAuthSettingsSaveDescription": "Se han guardado los ajustes de autenticación",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Definir Pincode",
"resourcePincodeSetupTitleDescription": "Establecer un pincode para proteger este recurso",
"resourceRoleDescription": "Los administradores siempre pueden acceder a este recurso.",
+ "resourcePolicySelectTitle": "Política de Acceso a Recursos",
+ "resourcePolicySelectDescription": "Seleccione el tipo de política de recursos para la autenticación",
+ "resourcePolicyTypeLabel": "Tipo de política",
+ "resourcePolicyLabel": "Política de recurso",
+ "resourcePolicyInline": "Política de Recursos Integrada",
+ "resourcePolicyInlineDescription": "Política de Acceso solo destinada a este recurso",
+ "resourcePolicyShared": "Política de Recursos Compartida",
+ "resourcePolicySharedDescription": "Este recurso utiliza una política compartida.",
+ "sharedPolicy": "Política Compartida",
+ "sharedPolicyNoneDescription": "Este recurso tiene su propia política.",
+ "resourceSharedPolicyOwnDescription": "Este recurso tiene sus propios controles de autenticación y reglas de acceso.",
+ "resourceSharedPolicyInheritedDescription": "Este recurso hereda de {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando una política compartida. Algunas configuraciones de autenticación se pueden editar en este recurso para añadirse a la política. Para cambiar la política subyacente, debes editar a {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Este recurso está utilizando una política compartida. Algunas reglas de acceso se pueden editar en este recurso. Para cambiar la política subyacente, debes editar {policyName}.",
"resourceUsersRoles": "Controles de acceso",
"resourceUsersRolesDescription": "Configurar qué usuarios y roles pueden visitar este recurso",
"resourceUsersRolesSubmit": "Guardar controles de acceso",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Visibilidad",
"resourceVisibilityTitleDescription": "Activar o desactivar completamente la visibilidad de los recursos",
"resourceGeneral": "Configuración General",
- "resourceGeneralDescription": "Configurar la configuración general de este recurso",
+ "resourceGeneralDescription": "Configurar nombre, dirección y política de acceso para este recurso.",
+ "resourceGeneralDetailsSubsection": "Detalles del Recurso",
+ "resourceGeneralDetailsSubsectionDescription": "Establecer el nombre de visualización, identificador y dominio públicamente accesible para este recurso.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Establecer el nombre de visualización, identificador y puerto público para este recurso.",
+ "resourceGeneralPublicAddressSubsection": "Dirección Pública",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configura cómo los usuarios acceden a este recurso.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autenticación y Acceso",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Elige si este recurso utiliza su propia política o hereda de una política compartida.",
"resourceEnable": "Activar recurso",
"resourceTransfer": "Transferir recursos",
"resourceTransferDescription": "Transferir este recurso a un sitio diferente",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Hubo un problema al conectar con {name}. Por favor, póngase en contacto con su administrador.",
"idpErrorNotFound": "IdP no encontrado",
"inviteInvalid": "Invitación inválida",
+ "labels": "Etiquetas",
+ "orgLabelsDescription": "Administrar etiquetas en esta organización.",
+ "addLabels": "Agregar etiquetas",
+ "siteLabelsTab": "Etiquetas",
+ "siteLabelsDescription": "Administrar las etiquetas asociadas con este sitio.",
+ "labelsNotFound": "No se encontraron etiquetas.",
+ "labelsEmptyCreateHint": "Empieza a escribir arriba para crear una etiqueta.",
+ "labelSearch": "Buscar etiquetas",
+ "labelSearchOrCreate": "Buscar o crear una etiqueta",
+ "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
+ "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
+ "accessLabelFilterClear": "Borrar filtros de etiquetas",
+ "accessFilterClear": "Limpiar filtros",
+ "selectColor": "Seleccionar color",
+ "createNewLabel": "Crear nueva etiqueta de organización \"{label}\"",
"inviteInvalidDescription": "El enlace de invitación no es válido.",
"inviteErrorWrongUser": "La invitación no es para este usuario",
"inviteErrorUserNotExists": "El usuario no existe. Por favor, cree una cuenta primero.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Aplicar plano",
"actionListBlueprints": "Listar blueprints",
"actionGetBlueprint": "Obtener blueprint",
+ "actionCreateOrgWideLauncherView": "Crear Vista de Lanzador para toda la Organización",
"setupToken": "Configuración de token",
"setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.",
"setupTokenRequired": "Se requiere el token de configuración",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Recursos",
"sidebarProxyResources": "Público",
"sidebarClientResources": "Privado",
+ "sidebarPolicies": "Políticas Compartidas",
+ "sidebarResourcePolicies": "Recursos Públicos",
"sidebarAccessControl": "Control de acceso",
"sidebarLogsAndAnalytics": "Registros y análisis",
"sidebarTeam": "Equipo",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Admin",
"sidebarInvitations": "Invitaciones",
"sidebarRoles": "Roles",
- "sidebarShareableLinks": "Enlaces",
+ "sidebarShareableLinks": "Enlaces Compartibles",
"sidebarApiKeys": "Claves API",
"sidebarProvisioning": "Aprovisionamiento",
"sidebarSettings": "Ajustes",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Sitio {id}",
"standaloneHcFilterResourceIdFallback": "Recurso {id}",
"blueprints": "Planos",
- "blueprintsDescription": "Aplicar configuraciones declarativas y ver ejecuciones anteriores",
+ "blueprintsLog": "Registro de planos",
+ "blueprintsDescription": "Ver aplicaciones de planos anteriores y sus resultados o aplicar un nuevo plano",
"blueprintAdd": "Añadir plano",
"blueprintGoBack": "Ver todos los Planos",
"blueprintCreate": "Crear Plano",
@@ -1575,7 +1759,17 @@
"contents": "Contenido",
"parsedContents": "Contenido analizado (Sólo lectura)",
"enableDockerSocket": "Habilitar Plano Docker",
- "enableDockerSocketDescription": "Activar el raspado de etiquetas de Socket Docker para etiquetas de planos. La ruta del Socket debe proporcionarse a Newt.",
+ "enableDockerSocketDescription": "Activar el raspado de etiquetas del socket Docker para etiquetas de planos. La ruta del socket debe proporcionarse al conector del sitio. Lea sobre cómo funciona esto en la documentación.",
+ "newtAutoUpdate": "Habilitar actualización automática del sitio",
+ "newtAutoUpdateDescription": "Cuando está habilitado, los conectores del sitio descargarán automáticamente la última versión y se reiniciarán. Esto se puede anular por sitio.",
+ "siteAutoUpdate": "Actualización automática del sitio",
+ "siteAutoUpdateLabel": "Habilitar actualización automática",
+ "siteAutoUpdateDescription": "Cuando está habilitado, el conector de este sitio descargará automáticamente la última versión y se reiniciará.",
+ "siteAutoUpdateOrgDefault": "Predeterminado de la organización: {state}",
+ "siteAutoUpdateOverriding": "Configuración de anulación de la organización",
+ "siteAutoUpdateResetToOrg": "Restablecer al predeterminado de la organización",
+ "siteAutoUpdateEnabled": "activado",
+ "siteAutoUpdateDisabled": "deshabilitado",
"viewDockerContainers": "Ver contenedores Docker",
"containersIn": "Contenedores en {siteName}",
"selectContainerDescription": "Seleccione cualquier contenedor para usar como nombre de host para este objetivo. Haga clic en un puerto para usar un puerto.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certificado",
"certificateStatusAutoRefreshHint": "El estado se actualiza automáticamente.",
"loading": "Cargando",
+ "loadingEllipsis": "Cargando...",
"loadingAnalytics": "Cargando analíticas",
"restart": "Reiniciar",
"domains": "Dominios",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "¡Configuración de cuenta completada! ¡Bienvenido a Pangolin!",
"documentation": "Documentación",
"saveAllSettings": "Guardar todos los ajustes",
- "saveResourceTargets": "Guardar objetivos",
- "saveResourceHttp": "Guardar ajustes de proxy",
- "saveProxyProtocol": "Guardar configuraciones del protocolo de proxy",
+ "saveResourceTargets": "Guardar ajustes",
+ "saveResourceHttp": "Guardar ajustes",
+ "saveProxyProtocol": "Guardar ajustes",
"settingsUpdated": "Ajustes actualizados",
"settingsUpdatedDescription": "Configuraciones actualizadas correctamente",
"settingsErrorUpdate": "Error al actualizar ajustes",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Administra tu suscripción para las claves de licencia autoalojadas pagadas",
"billingCurrentKeys": "Claves actuales",
"billingModifyCurrentPlan": "Modificar plan actual",
+ "billingManageLicenseSubscriptionDescription": "Administre su suscripción para claves de licencia autogestionadas pagas y descargue facturas.",
"billingConfirmUpgrade": "Confirmar actualización",
"billingConfirmDowngrade": "Confirmar descenso",
"billingConfirmUpgradeDescription": "Estás a punto de actualizar tu plan. Revisa los nuevos límites y precios a continuación.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Subred",
"addressDescription": "La dirección interna del cliente. Debe estar dentro de la subred de la organización.",
"selectSites": "Seleccionar sitios",
+ "selectLabels": "Seleccionar etiquetas",
"sitesDescription": "El cliente tendrá conectividad con los sitios seleccionados",
"clientInstallOlm": "Instalar Olm",
"clientInstallOlmDescription": "Obtén Olm funcionando en tu sistema",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Desconocido",
"healthCheck": "Chequeo de salud",
"configureHealthCheck": "Configurar Chequeo de Salud",
- "configureHealthCheckDescription": "Configura la monitorización de salud para {target}",
+ "configureHealthCheckDescription": "Configura la monitorización para tu recurso para asegurarte que siempre está disponible",
"enableHealthChecks": "Activar Chequeos de Salud",
"healthCheckDisabledStateDescription": "Cuando está deshabilitado, el sitio no realizará comprobaciones de salud y el estado se considerará desconocido.",
"enableHealthChecksDescription": "Controlar la salud de este objetivo. Puedes supervisar un punto final diferente al objetivo si es necesario.",
"healthScheme": "Método",
"healthSelectScheme": "Seleccionar método",
- "healthCheckPortInvalid": "El puerto de chequeo de salud debe estar entre 1 y 65535",
+ "healthCheckPortInvalid": "El puerto debe estar entre 1 y 65535",
"healthCheckPath": "Ruta",
"healthHostname": "IP / Nombre del host",
"healthPort": "Puerto",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "El tiempo está en segundos",
"requireDeviceApproval": "Requiere aprobaciones del dispositivo",
"requireDeviceApprovalDescription": "Los usuarios con este rol necesitan nuevos dispositivos aprobados por un administrador antes de poder conectarse y acceder a los recursos.",
- "sshAccess": "Acceso a SSH",
+ "sshSettings": "Configuración SSH",
+ "sshAccess": "Acceso SSH",
+ "rdpSettings": "Configuración RDP",
+ "vncSettings": "Configuración VNC",
+ "sshServer": "Servidor SSH",
+ "rdpServer": "Servidor RDP",
+ "vncServer": "Servidor VNC",
+ "sshServerDescription": "Configure el método de autenticación, la ubicación del daemon y el destino del servidor",
+ "rdpServerDescription": "Configure el destino y el puerto del servidor RDP",
+ "vncServerDescription": "Configure el destino y el puerto del servidor VNC",
+ "sshServerMode": "Modo",
+ "sshServerModeStandard": "Servidor SSH estándar",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Rutas de comandos a través de la red a un servidor SSH como OpenSSH.",
+ "sshServerModeNative": "Servidor SSH nativo",
+ "sshServerModeNativeDescription": "Ejecuta comandos directamente en el host a través del Conector de Sitio. No se requiere configuración de red.",
+ "sshAuthenticationMethod": "Método de autenticación",
+ "sshAuthMethodManual": "Autenticación manual",
+ "sshAuthMethodManualDescription": "Requiere credenciales de host existentes. Omite la provisión automática.",
+ "sshAuthMethodAutomated": "Provisión automatizada",
+ "sshAuthMethodAutomatedDescription": "Crea automáticamente usuarios, grupos y permisos de sudo en el host.",
+ "sshAuthDaemonLocation": "Ubicación del Daemon de Autenticación",
+ "sshDaemonLocationSiteDescription": "Ejecuta localmente en la máquina que aloja el conector de sitio.",
+ "sshDaemonLocationRemote": "En Host Remoto",
+ "sshDaemonLocationRemoteDescription": "Ejecuta en una máquina objetivo separada en la misma red.",
+ "sshDaemonDisclaimer": "Asegúrese de que su host objetivo esté correctamente configurado para ejecutar el daemon de autenticación antes de completar esta configuración, o la provisión fallará.",
+ "sshDaemonPort": "Puerto del Daemon",
+ "sshServerDestination": "Destino del Servidor",
+ "sshServerDestinationDescription": "Configurar el destino del servidor SSH",
+ "destination": "Destino",
+ "destinationRequired": "Se requiere destino.",
+ "domainRequired": "Se requiere dominio.",
+ "proxyPortRequired": "Se requiere puerto.",
+ "invalidPathConfiguration": "Configuración de ruta no válida.",
+ "invalidRewritePathConfiguration": "Configuración de ruta de reescritura no válida.",
+ "bgTargetMultiSiteDisclaimer": "Seleccionar múltiples sitios permite el enrutamiento resiliente y el failover para alta disponibilidad.",
"roleAllowSsh": "Permitir SSH",
"roleAllowSshAllow": "Permitir",
"roleAllowSshDisallow": "Rechazar",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
"sshSudo": "Permitir sudo",
"sshSudoCommands": "Comandos Sudo",
- "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo.",
+ "sshSudoCommandsDescription": "Lista de comandos que el usuario tiene permitido ejecutar con sudo, separados por comas, espacios o nuevas líneas. Se deben usar rutas absolutas.",
"sshCreateHomeDir": "Crear directorio principal",
"sshUnixGroups": "Grupos Unix",
- "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
+ "sshUnixGroupsDescription": "Grupos Unix a los que añadir el usuario en el host de destino, separados por comas, espacios o nuevas líneas.",
+ "roleTextFieldPlaceholder": "Introduce valores, o suelta un archivo .txt o .csv",
+ "roleTextImportTitle": "Importar desde Archivo",
+ "roleTextImportDescription": "Importando {fileName} en {fieldLabel}.",
+ "roleTextImportSkipHeader": "Omitir Primera Fila (Encabezado)",
+ "roleTextImportOverride": "Reemplazar Existente",
+ "roleTextImportAppend": "Añadir al Existente",
+ "roleTextImportMode": "Modo de Importación",
+ "roleTextImportPreview": "Previsualizar",
+ "roleTextImportItemCount": "{count, plural, =0 {No hay elementos para importar} one {1 elemento para importar} other {# elementos para importar}}",
+ "roleTextImportTotalCount": "{existing} existentes + {imported} importados = {total} total",
+ "roleTextImportConfirm": "Importar",
+ "roleTextImportInvalidFile": "Tipo de archivo no soportado",
+ "roleTextImportInvalidFileDescription": "Sólo se soportan archivos .txt y .csv.",
+ "roleTextImportEmpty": "No se encontraron elementos en el archivo",
+ "roleTextImportEmptyDescription": "El archivo no contiene ningún elemento importable.",
"retryAttempts": "Intentos de Reintento",
"expectedResponseCodes": "Códigos de respuesta esperados",
"expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Esquema",
"editInternalResourceDialogEnableSsl": "Activar TLS",
"editInternalResourceDialogEnableSslDescription": "Habilitar cifrado SSL/TLS para conexiones HTTPS seguras al destino.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Sitio",
"selectSite": "Seleccionar sitio...",
"multiSitesSelectorSitesCount": "{count, plural, one {# sitio} other {# sitios}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
"noSitesFound": "Sitios no encontrados.",
"createInternalResourceDialogProtocol": "Protocolo",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Esquema",
"createInternalResourceDialogScheme": "Esquema",
"createInternalResourceDialogEnableSsl": "Activar TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "El rango CIDR del recurso en la red del sitio.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Un alias DNS interno opcional para este recurso.",
+ "internalResourceAliasLocalWarning": "Los alias que terminan en .local pueden causar problemas de resolución debido a mDNS en algunas redes.",
"internalResourceDownstreamSchemeRequired": "Se requiere el método para recursos HTTP",
"internalResourceHttpPortRequired": "Se requiere el puerto de destino para recursos HTTP",
"siteConfiguration": "Configuración",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Nodos remotos",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Secreto",
+ "remoteExitNodeNetworkingTitle": "Ajustes de Red",
+ "remoteExitNodeNetworkingDescription": "Configura cómo este nodo de salida remoto dirige el tráfico y qué sitios prefieren conectarse a través de él. Características avanzadas para usar con configuraciones de red de retroceso.",
+ "remoteExitNodeNetworkingSave": "Guardar Ajustes",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Ajustes de red guardados",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Los ajustes de red han sido actualizados exitosamente.",
+ "remoteExitNodeNetworkingSaveError": "Error al guardar los ajustes de red",
+ "remoteExitNodeNetworkingSubnetsTitle": "Subredes Remotas",
+ "remoteExitNodeNetworkingSubnetsDescription": "Define los rangos CIDR a los que este nodo de salida remoto dirigirá el tráfico. Escribe un CIDR válido (e.g. 10.0.0.0/8) y presiona Enter para añadir.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Añadir un rango CIDR (e.g. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Error al cargar las subredes",
+ "remoteExitNodeNetworkingLabelsTitle": "Etiquetas de Preferencias",
+ "remoteExitNodeNetworkingLabelsDescription": "Los sitios con estas etiquetas se verán obligados a conectarse a través de este nodo de salida remoto.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Seleccionar etiquetas...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Buscar etiquetas...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Error al cargar las etiquetas",
"remoteExitNodeCreate": {
"title": "Crear nodo remoto",
"description": "Crea un nuevo nodo de retransmisión y proxy server autogestionado",
@@ -2233,7 +2499,7 @@
"description": "Servidor Pangolin autoalojado más fiable y de bajo mantenimiento con campanas y silbidos extra",
"introTitle": "Pangolin autogestionado",
"introDescription": "es una opción de despliegue diseñada para personas que quieren simplicidad y fiabilidad extra mientras mantienen sus datos privados y autoalojados.",
- "introDetail": "Con esta opción, todavía ejecuta su propio nodo Pangolin, sus túneles, terminación TLS y tráfico permanecen en su servidor. La diferencia es que la gestión y el control se gestionan a través de nuestro panel de control en la nube, que desbloquea una serie de ventajas:",
+ "introDetail": "Con esta opción, todavía ejecuta su propio nodo Pangolin, sus túneles, terminación del TLS y tráfico permanecen en su servidor. La diferencia es que la gestión y el monitoreo se manejan a través de nuestro panel de control en la nube, lo que desbloquea una serie de beneficios:",
"benefitSimplerOperations": {
"title": "Operaciones simples",
"description": "No necesitas ejecutar tu propio servidor de correo o configurar alertas complejas. Recibirás cheques de salud y alertas de tiempo de inactividad."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Proveedor OAuth2/OIDC de Google",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Subred",
+ "utilitySubnet": "Subred de Utilidad",
"subnetDescription": "La subred para la configuración de red de esta organización.",
"customDomain": "Dominio personalizado",
"authPage": "Páginas de autenticación",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Falta el ID de organización o dominio",
"loadingDNSRecords": "Cargando registros DNS...",
"olmUpdateAvailableInfo": "Una versión actualizada de Olm está disponible. Por favor, actualice a la última versión para obtener la mejor experiencia.",
+ "updateAvailableInfo": "Hay una versión actualizada disponible. Actualice a la última versión para obtener la mejor experiencia.",
"client": "Cliente",
"proxyProtocol": "Configuración del Protocolo Proxy",
"proxyProtocolDescription": "Configurar el protocolo de proxy para preservar las direcciones IP del cliente para los servicios TCP.",
"enableProxyProtocol": "Habilitar protocolo proxy",
"proxyProtocolInfo": "Conservar direcciones IP del cliente para backends TCP",
"proxyProtocolVersion": "Versión del Protocolo Proxy",
- "version1": " Versión 1 (Recomendado)",
+ "version1": "Versión 1 (Recomendada)",
"version2": "Versión 2",
- "versionDescription": "La versión 1 está basada en texto y es ampliamente soportada. La versión 2 es binaria y más eficiente pero menos compatible.",
+ "version1Description": "Basado en texto y ampliamente compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
+ "version2Description": "Binario y más eficiente, pero menos compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
"warning": "Advertencia",
"proxyProtocolWarning": "La aplicación backend debe configurarse para aceptar conexiones Proxy Protocol. Si el backend no soporta Proxy Protocol, activarlo romperá todas las conexiones, así que sólo habilítelo si sabe lo que está haciendo. Asegúrese de configurar su backend para que confíe en las cabeceras del protocolo Proxy de Traefik.",
"restarting": "Reiniciando...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Ingresar confirmación",
"blueprintViewDetails": "Detalles",
"defaultIdentityProvider": "Proveedor de identidad predeterminado",
- "defaultIdentityProviderDescription": "Cuando se selecciona un proveedor de identidad por defecto, el usuario será redirigido automáticamente al proveedor de autenticación.",
+ "defaultIdentityProviderDescription": "El usuario será redirigido automáticamente a este proveedor de identidad para autenticación.",
"editInternalResourceDialogNetworkSettings": "Configuración de red",
"editInternalResourceDialogAccessPolicy": "Política de acceso",
"editInternalResourceDialogAddRoles": "Agregar roles",
@@ -2937,11 +3206,12 @@
"learnMore": "Más información",
"backToHome": "Volver a inicio",
"needToSignInToOrg": "¿Necesita usar el proveedor de identidad de su organización?",
- "maintenanceMode": "Modo de mantenimiento",
+ "maintenanceMode": "Página de Mantenimiento",
"maintenanceModeDescription": "Muestra una página de mantenimiento a los visitantes",
"maintenanceModeType": "Tipo de modo de mantenimiento",
"showMaintenancePage": "Mostrar página de mantenimiento a los visitantes",
"enableMaintenanceMode": "Habilitar modo de mantenimiento",
+ "enableMaintenanceModeDescription": "Cuando esté habilitado, los visitantes verán una página de mantenimiento en lugar de tu recurso.",
"automatic": "Automático",
"automaticModeDescription": "Mostrar página de mantenimiento solo cuando todos los objetivos de backend están caídos o no saludables. Su recurso continúa funcionando normalmente siempre que al menos un objetivo esté saludable.",
"forced": "Forzado",
@@ -2949,6 +3219,8 @@
"warning:": "Advertencia:",
"forcedeModeWarning": "Todo el tráfico será dirigido a la página de mantenimiento. Sus recursos de backend no recibirán solicitudes.",
"pageTitle": "Título de la página",
+ "maintenancePageContentSubsection": "Contenido de la Página",
+ "maintenancePageContentSubsectionDescription": "Personaliza el contenido mostrado en la página de mantenimiento",
"pageTitleDescription": "El encabezado principal visible en la página de mantenimiento",
"maintenancePageMessage": "Mensaje de mantenimiento",
"maintenancePageMessagePlaceholder": "¡Volveremos pronto! Nuestro sitio está actualmente en mantenimiento programado.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Estimado completado:",
"createInternalResourceDialogDestinationRequired": "Se requiere destino",
"available": "Disponible",
+ "disabledResourceDescription": "Cuando está deshabilitado, el recurso será inaccesible para todos.",
"archived": "Archivado",
"noArchivedDevices": "No se encontraron dispositivos archivados",
"deviceArchived": "Dispositivo archivado",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "¿Está seguro de que desea desasociar este proveedor de identidad de esta organización?",
"idpUnassociateDescription": "Todos los usuarios asociados con este proveedor de identidad serán eliminados de esta organización, pero el proveedor de identidad continuará existiendo para otras organizaciones asociadas.",
"idpUnassociateConfirm": "Confirme Desasociar Proveedor de Identidad",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "ELIMINAR Y QUITARME DE ORG",
+ "idpUnassociateAndRemoveMeFromOrg": "DESASOCIAR Y QUITARME DE ORG",
"idpUnassociateWarning": "Esto no se puede deshacer para esta organización.",
"idpUnassociatedDescription": "Proveedor de identidad desasociado de esta organización con éxito",
"idpUnassociateMenu": "Desasociar",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Lista Blanca de Correo",
"memberPortalResourceDisabled": "Recurso Deshabilitado",
"memberPortalShowingResources": "Mostrando {start}-{end} de {total} recursos",
+ "resourceLauncherTitle": "Lanzador de Recursos",
+ "resourceLauncherDescription": "Ve los detalles de los recursos y lánzalos desde un solo lugar",
+ "resourceLauncherSearchPlaceholder": "Buscar en todos los sitios...",
+ "resourceLauncherDefaultView": "Predeterminado",
+ "resourceLauncherSaveView": "Guardar Vista",
+ "resourceLauncherSaveToCurrentView": "Guardar en la Vista Actual",
+ "resourceLauncherResetView": "Restablecer Vista",
+ "resourceLauncherSaveAsNewView": "Guardar como Nueva Vista",
+ "resourceLauncherSaveAsNewViewDescription": "Ponle un nombre a esta vista para guardar tus filtros y diseño actuales.",
+ "resourceLauncherSaveForEveryone": "Guardar para Todos",
+ "resourceLauncherSaveForEveryoneDescription": "Comparte esta vista con todos los miembros de la organización. Si está desmarcado, la vista solo es visible para ti.",
+ "resourceLauncherMakePersonal": "Hacer Personal",
+ "resourceLauncherFilter": "Filtro",
+ "resourceLauncherSort": "Ordenar",
+ "resourceLauncherSortAscending": "Ordenar Ascendente",
+ "resourceLauncherSortDescending": "Ordenar Descendente",
+ "resourceLauncherSettings": "Ajustes",
+ "resourceLauncherGroupBy": "Agrupar Por",
+ "resourceLauncherGroupBySite": "Sitio",
+ "resourceLauncherGroupByLabel": "Etiqueta",
+ "resourceLauncherLayout": "Disposición",
+ "resourceLauncherLayoutGrid": "Cuadrícula",
+ "resourceLauncherLayoutList": "Lista",
+ "resourceLauncherShowLabels": "Mostrar Etiquetas",
+ "resourceLauncherShowSiteTags": "Mostrar Etiquetas del Sitio",
+ "resourceLauncherShowRecents": "Mostrar Recientes",
+ "resourceLauncherDeleteView": "Eliminar Vista",
+ "resourceLauncherViewAsAdmin": "Ver como Administrador",
+ "resourceLauncherResourceDetailsDescription": "Ver detalles de este recurso.",
+ "resourceLauncherUnlabeled": "Sin Etiqueta",
+ "resourceLauncherNoSite": "Sin Sitio",
+ "resourceLauncherNoResourcesInGroup": "No hay recursos en este grupo",
+ "resourceLauncherEmptyStateTitle": "No hay Recursos Disponibles",
+ "resourceLauncherEmptyStateDescription": "Todavía no tienes acceso a ningún recurso. Contacta a tu administrador para solicitar acceso.",
+ "resourceLauncherEmptyStateNoResultsTitle": "No se Encontraron Recursos",
+ "resourceLauncherEmptyStateNoResultsDescription": "No hay recursos que coincidan con tu búsqueda o filtros actuales. Intenta ajustarlos para encontrar lo que buscas.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "No hay recursos que coincidan con \"{query}\". Intenta ajustar tu búsqueda o borrar filtros para ver todos los recursos.",
+ "resourceLauncherCopiedToClipboard": "Copiado al portapapeles",
+ "resourceLauncherCopiedAccessDescription": "El acceso al recurso ha sido copiado a tu portapapeles.",
+ "resourceLauncherViewNamePlaceholder": "Nombre de la Vista",
+ "resourceLauncherViewNameLabel": "Nombre de la Vista",
+ "resourceLauncherViewSaved": "Vista guardada",
+ "resourceLauncherViewSavedDescription": "Tu vista del lanzador ha sido guardada.",
+ "resourceLauncherViewSaveFailed": "Error al guardar la vista",
+ "resourceLauncherViewSaveFailedDescription": "No se pudo guardar la vista del lanzador. Por favor, intenta de nuevo.",
+ "resourceLauncherViewDeleted": "Vista eliminada",
+ "resourceLauncherViewDeletedDescription": "La vista del lanzador ha sido eliminada.",
+ "resourceLauncherViewDeleteFailed": "Error al eliminar la vista",
+ "resourceLauncherViewDeleteFailedDescription": "No se pudo eliminar la vista del lanzador. Por favor, intenta de nuevo.",
"memberPortalPrevious": "Anterior",
- "memberPortalNext": "Siguiente"
+ "memberPortalNext": "Siguiente",
+ "httpSettings": "Configuración HTTP",
+ "tcpSettings": "Configuración TCP",
+ "udpSettings": "Configuración UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Estableciendo una conexión segura…",
+ "sshConnecting": "Conectando…",
+ "sshInitializing": "Inicializando…",
+ "sshSignInTitle": "Iniciar sesión en SSH",
+ "sshSignInDescription": "Ingresa tus credenciales SSH para conectar",
+ "sshPasswordTab": "Contraseña",
+ "sshPrivateKeyTab": "Clave Privada",
+ "sshPrivateKeyField": "Clave Privada",
+ "sshPrivateKeyDisclaimer": "Su clave privada no se almacena ni es visible para Pangolin. Alternativamente, puede usar certificados de corta duración para una autenticación sin interrupciones usando su identidad Pangolin existente.",
+ "sshLearnMore": "Más información",
+ "sshPrivateKeyFile": "Archivo de clave privada",
+ "sshAuthenticate": "Conectar",
+ "sshTerminate": "Terminar",
+ "sshPoweredBy": "Desarrollado por",
+ "sshErrorNoTarget": "No se especificó el objetivo",
+ "sshErrorWebSocket": "Conexión WebSocket fallida",
+ "sshErrorAuthFailed": "Falló la autenticación",
+ "sshErrorConnectionClosed": "La conexión se cerró antes de completar la autenticación",
+ "sitePangolinSshDescription": "Permitir acceso SSH a los recursos en este sitio. Esto se puede cambiar más tarde.",
+ "browserGatewayNoResourceForDomain": "No se encontró un recurso para este dominio",
+ "browserGatewayNoTarget": "Sin destino",
+ "browserGatewayConnect": "Conectar",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Error al firmar la clave SSH para autenticación PAM push. ¿Te has iniciado sesión como usuario?",
+ "sshTerminalError": "Error: {error}",
+ "sshConnectionClosedCode": "Conexión cerrada (código {code})",
+ "sshPrivateKeyPlaceholder": "-----COMIENZO DE LA CLAVE PRIVADA OPENSSH-----",
+ "sshPrivateKeyRequired": "Se requiere clave privada",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Introduce tus credenciales VNC para conectarte",
+ "vncUsernameOptional": "Nombre de usuario (opcional)",
+ "vncPasswordOptional": "Contraseña (opcional)",
+ "vncNoResourceTarget": "No hay objetivo de recurso disponible",
+ "vncFailedToLoadNovnc": "Error al cargar noVNC",
+ "vncAuthFailedStatus": "Estado {status}",
+ "vncPasteClipboard": "Pegar portapapeles",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Iniciar sesión en el Escritorio Remoto",
+ "rdpSignInDescription": "Introduce las credenciales de Windows para conectar",
+ "rdpLoadingModule": "Cargando módulo...",
+ "rdpFailedToLoadModule": "Error al cargar el módulo RDP",
+ "rdpNotReady": "No está listo",
+ "rdpModuleInitializing": "El módulo RDP aún se está iniciando",
+ "rdpDownloadingFiles": "Descargando {count} archivo(s) del remoto…",
+ "rdpDownloadFailed": "Error al descargar: {fileName}",
+ "rdpUploaded": "Subido: {fileName}",
+ "rdpNoConnectionTarget": "No hay objetivo de conexión disponible",
+ "rdpConnectionFailed": "Conexión fallida",
+ "rdpFit": "Ajustar",
+ "rdpFull": "Completo",
+ "rdpReal": "Real",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Subir archivos",
+ "rdpFilesReadyToPaste": "Archivos listos para pegar",
+ "rdpFilesReadyToPasteDescription": "{count, plural, one {# archivo copiado al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.} other {# archivos copiados al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.}}",
+ "rdpUploadFailed": "Error de subida",
+ "rdpUnicodeKeyboardMode": "Modo teclado Unicode",
+ "sessionToolbarShow": "Mostrar barra de herramientas",
+ "sessionToolbarHide": "Ocultar barra de herramientas"
}
diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index da3350e46..f3262c3ef 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -66,9 +66,15 @@
"local": "Locale",
"edit": "Modifier",
"siteConfirmDelete": "Confirmer la suppression du nœud",
+ "siteConfirmDeleteAndResources": "Confirmer la suppression du site et des ressources",
"siteDelete": "Supprimer le nœud",
+ "siteDeleteAndResources": "Supprimer le site et les ressources",
"siteMessageRemove": "Une fois supprimé, le nœud ne sera plus accessible. Toutes les cibles associées au nœud seront également supprimées.",
+ "siteMessageRemoveAndResources": "Cela supprimera définitivement toutes les ressources publiques et privées liées à ce site, même si une ressource est également associée à d'autres sites.",
"siteQuestionRemove": "Êtes-vous sûr de vouloir supprimer ce nœud de l'organisation ?",
+ "siteQuestionRemoveAndResources": "Êtes-vous sûr de vouloir supprimer ce site et toutes les ressources associées?",
+ "sitesTableDeleteSite": "Supprimer le site",
+ "sitesTableDeleteSiteAndResources": "Supprimer le site et les ressources",
"siteManageSites": "Gérer les nœuds",
"siteDescription": "Créer et gérer des sites pour activer la connectivité aux réseaux privés",
"sitesBannerTitle": "Se connecter à n'importe quel réseau",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Voir les ressources privées",
"siteInstallNewt": "Installer Newt",
"siteInstallNewtDescription": "Faites fonctionner Newt sur votre système",
+ "siteInstallKubernetesDocsDescription": "Pour plus d'informations à jour sur l'installation de Kubernetes, consultez docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Pour les instructions d'installation du modem Advantech, voir docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Configuration WireGuard",
"WgConfigurationDescription": "Utilisez la configuration suivante pour vous connecter au réseau",
"operatingSystem": "Système d'exploitation",
@@ -115,6 +123,16 @@
"siteUpdated": "Nœud mis à jour",
"siteUpdatedDescription": "Le nœud a été mis à jour.",
"siteGeneralDescription": "Configurer les paramètres par défaut de ce nœud",
+ "siteRestartTitle": "Redémarrer Site",
+ "siteRestartDescription": "Redémarrer le tunnel WireGuard pour ce site. Cela interrompra brièvement la connectivité.",
+ "siteRestartBody": "Utilisez cela si le tunnel du site ne fonctionne pas correctement et que vous souhaitez forcer une reconnexion sans redémarrer l'hôte.",
+ "siteRestartButton": "Redémarrer Site",
+ "siteRestartDialogMessage": "Êtes-vous sûr de vouloir redémarrer le tunnel WireGuard pour {name}? Le site perdra brièvement sa connectivité.",
+ "siteRestartWarning": "Le site sera brièvement déconnecté pendant le redémarrage du tunnel.",
+ "siteRestarted": "Site redémarré",
+ "siteRestartedDescription": "Le tunnel WireGuard a été redémarré.",
+ "siteErrorRestart": "Échec du redémarrage du site",
+ "siteErrorRestartDescription": "Une erreur s'est produite lors du redémarrage du site.",
"siteSettingDescription": "Configurer les paramètres du site",
"siteResourcesTab": "Ressources",
"siteResourcesNoneOnSite": "Ce site n'a pas encore de ressources publiques ou privées.",
@@ -156,8 +174,8 @@
"shareErrorDeleteMessage": "Une erreur s'est produite lors de la suppression du lien",
"shareDeleted": "Lien supprimé",
"shareDeletedDescription": "Le lien a été supprimé",
- "shareDelete": "Supprimer le lien de partage",
- "shareDeleteConfirm": "Confirmer la suppression du lien de partage",
+ "shareDelete": "Supprimer le lien partageable",
+ "shareDeleteConfirm": "Confirmer la suppression du lien partageable",
"shareQuestionRemove": "Êtes-vous sûr de vouloir supprimer ce lien de partage ?",
"shareMessageRemove": "Une fois supprimé, le lien ne fonctionnera plus et toute personne l'utilisant perdra l'accès à la ressource.",
"shareTokenDescription": "Le jeton d'accès peut être passé de deux façons : en tant que paramètre de requête ou dans les en-têtes de la requête. Elles doivent être transmises par le client à chaque demande d'accès authentifié.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Une erreur s'est produite lors de la création du lien partageable",
"shareCreateDescription": "N'importe qui avec ce lien peut accéder à la ressource",
"shareTitleOptional": "Titre (facultatif)",
+ "sharePathOptional": "Chemin (optionnel)",
+ "sharePathDescription": "Le lien redirigera les utilisateurs vers ce chemin après l'authentification.",
"expireIn": "Expire dans",
"neverExpire": "N'expire jamais",
"shareExpireDescription": "Le délai d'expiration correspond à la période pendant laquelle le lien sera utilisable et permettra d'accéder à la ressource. Passé ce délai, le lien ne fonctionnera plus et les utilisateurs qui l'ont utilisé perdront l'accès à la ressource.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Veuillez sélectionner une ressource",
"proxyResourceTitle": "Gérer les ressources publiques",
"proxyResourceDescription": "Créer et gérer des ressources accessibles au public via un navigateur web",
- "proxyResourcesBannerTitle": "Accès public basé sur le Web",
- "proxyResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS ou TCP/UDP accessibles par tout le monde sur Internet via un navigateur Web. Contrairement aux ressources privées, elles n'exigent pas de logiciel côté client et peuvent inclure des politiques d'accès basées sur l'identité et le contexte.",
+ "publicResourcesBannerTitle": "Accès public basé sur le Web",
+ "publicResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS accessibles à quiconque sur Internet via un navigateur Web. Contrairement aux ressources privées, elles ne nécessitent pas de logiciel côté client et peuvent inclure des politiques d'accès fondées sur l'identité et le contexte.",
"clientResourceTitle": "Gérer les ressources privées",
"clientResourceDescription": "Créer et gérer des ressources qui ne sont accessibles que via un client connecté",
"privateResourcesBannerTitle": "Accès privé sans confiance",
@@ -208,11 +228,37 @@
"resourcesSearch": "Chercher des ressources...",
"resourceAdd": "Ajouter une ressource",
"resourceErrorDelte": "Erreur lors de la de suppression de la ressource",
+ "resourcePoliciesBannerTitle": "Réutiliser les règles d'authentification et d'accès",
+ "resourcePoliciesBannerDescription": "Les politiques de ressources partagées vous permettent de définir des méthodes d'authentification et des règles d'accès une fois, puis de les attacher à plusieurs ressources publiques. Lorsque vous mettez à jour une politique, chaque ressource liée hérite automatiquement des changements.",
+ "resourcePoliciesBannerButtonText": "En Savoir Plus",
+ "resourcePoliciesTitle": "Gérer les politiques de ressources publiques",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ressources",
+ "resourcePoliciesAttachedResources": "{count} ressource(s)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressource} other {# ressources}}",
+ "resourcePoliciesAttachedResourcesEmpty": "pas de ressources",
+ "resourcePoliciesDescription": "Créez et gérer les politiques d'authentification pour contrôler l'accès à vos ressources publiques",
+ "resourcePoliciesSearch": "Chercher des politiques...",
+ "resourcePoliciesAdd": "Ajouter une politique",
+ "resourcePoliciesDefaultBadgeText": "Politique par défaut",
+ "resourcePoliciesCreate": "Créer une politique de ressource publique",
+ "resourcePoliciesCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle politique",
+ "resourcePolicyName": "Nom de la politique",
+ "resourcePolicyNameDescription": "Donnez à cette politique un nom pour l'identifier parmi vos ressources",
+ "resourcePolicyNamePlaceholder": "par exemple : Politique d'Accès Interne",
+ "resourcePoliciesSeeAll": "Voir toutes les politiques",
+ "resourcePolicyAuthMethodAdd": "Ajouter une méthode d'authentification",
+ "resourcePolicyOtpEmailAdd": "Ajouter des emails pour OTP",
+ "resourcePolicyRulesAdd": "Ajouter des règles",
+ "resourcePolicyAuthMethodsDescription": "Permettre l'accès aux ressources via des méthodes d'authentification supplémentaires",
+ "resourcePolicyUsersRolesDescription": "Configurer quels utilisateurs et rôles peuvent visiter les ressources associées",
+ "rulesResourcePolicyDescription": "Configurer les règles pour contrôler l'accès aux ressources associées à cette politique",
"authentication": "Authentification",
"protected": "Protégé",
"notProtected": "Non Protégé",
"resourceMessageRemove": "Une fois supprimée, la ressource ne sera plus accessible. Toutes les cibles associées à la ressource seront également supprimées.",
"resourceQuestionRemove": "Êtes-vous sûr de vouloir retirer la ressource de l'organisation ?",
+ "resourcePolicyMessageRemove": "Une fois supprimée, la politique de ressource ne sera plus accessible. Toutes les ressources associées seront détachées et laissées sans authentification.",
+ "resourcePolicyQuestionRemove": "Êtes-vous sûr de vouloir supprimer la politique de ressource de l'organisation ?",
"resourceHTTP": "Ressource HTTPS",
"resourceHTTPDescription": "Proxy les demandes sur HTTPS en utilisant un nom de domaine entièrement qualifié.",
"resourceRaw": "Ressource TCP/UDP brute",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Requêtes de proxy sur TCP/UDP brute en utilisant un numéro de port. Nécessite des sites pour se connecter à un noeud distant.",
"resourceCreate": "Créer une ressource",
"resourceCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle ressource",
+ "resourceCreateGeneralDescription": "Configurer les paramètres de ressource de base, y compris le nom et le type",
"resourceSeeAll": "Voir toutes les ressources",
- "resourceInfo": "Informations sur la ressource",
+ "resourceCreateGeneral": "Général",
"resourceNameDescription": "Ceci est le nom d'affichage de la ressource.",
"siteSelect": "Sélectionnez un nœud",
"siteSearch": "Chercher un nœud",
@@ -231,12 +278,15 @@
"noCountryFound": "Aucun pays trouvé.",
"siteSelectionDescription": "Ce site fournira la connectivité à la cible.",
"resourceType": "Type de ressource",
- "resourceTypeDescription": "Déterminer comment accéder à la ressource",
+ "resourceTypeDescription": "Cela contrôle le protocole de la ressource et comment il sera rendu dans le navigateur. Cela ne peut pas être changé plus tard.",
+ "resourceDomainDescription": "La ressource sera servie à ce nom de domaine pleinement qualifié.",
"resourceHTTPSSettings": "Paramètres HTTPS",
"resourceHTTPSSettingsDescription": "Configurer comment la ressource sera accédée via HTTPS",
+ "resourcePortDescription": "Le port externe sur l'instance ou nœud Pangolin où la ressource sera accessible.",
"domainType": "Type de domaine",
"subdomain": "Sous-domaine",
"baseDomain": "Domaine racine",
+ "configure": "Configurer",
"subdomnainDescription": "Le sous-domaine où la ressource sera accessible.",
"resourceRawSettings": "Paramètres TCP/UDP",
"resourceRawSettingsDescription": "Configurer comment la ressource sera accédée via TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Précédent",
"cancel": "Abandonner",
"resourceConfig": "Snippets de configuration",
- "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP",
+ "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Ajouter des points d'entrée",
"resourceExposePorts": "Gerbil: Exposer des ports dans Docker Compose",
"resourceLearnRaw": "Apprenez à configurer les ressources TCP/UDP",
"resourceBack": "Retour aux ressources",
"resourceGoTo": "Aller à la ressource",
+ "resourcePolicyDelete": "Supprimer la politique de ressource",
+ "resourcePolicyDeleteConfirm": "Confirmer la suppression de la politique de ressource",
"resourceDelete": "Supprimer la ressource",
"resourceDeleteConfirm": "Confirmer la suppression de la ressource",
+ "labelDelete": "Supprimer Étiquette",
+ "labelAdd": "Ajouter Étiquette",
+ "labelCreateSuccessMessage": "Étiquette créée avec succès",
+ "labelDuplicateError": "Étiquette en double",
+ "labelDuplicateErrorDescription": "Une étiquette avec ce nom existe déjà.",
+ "labelEditSuccessMessage": "Étiquette modifiée avec succès",
+ "labelNameField": "Nom de l'étiquette",
+ "labelColorField": "Couleur de l'étiquette",
+ "labelPlaceholder": "Ex : homelab",
+ "labelCreate": "Créer Étiquette",
+ "createLabelDialogTitle": "Créer Étiquette",
+ "createLabelDialogDescription": "Créer une nouvelle étiquette qui peut être attachée à cette organisation",
+ "labelEdit": "Modifier Étiquette",
+ "editLabelDialogTitle": "Mettre à jour Étiquette",
+ "editLabelDialogDescription": "Modifier une nouvelle étiquette qui peut être attachée à cette organisation",
+ "labelDeleteConfirm": "Confirmer la suppression de l'étiquette",
+ "labelErrorDelete": "Échec de la suppression de l'étiquette",
+ "labelMessageRemove": "Cette action est permanente. Tous les sites, ressources et clients étiquetés avec cette étiquette seront détachés.",
+ "labelQuestionRemove": "Êtes-vous sûr de vouloir supprimer l'étiquette de l'organisation ?",
"visibility": "Visibilité",
"enabled": "Activé",
"disabled": "Désactivé",
@@ -265,6 +336,8 @@
"rules": "Règles",
"resourceSettingDescription": "Configurer les paramètres de la ressource",
"resourceSetting": "Réglages de {resourceName}",
+ "resourcePolicySettingDescription": "Configurez les paramètres de cette politique de ressource publique",
+ "resourcePolicySetting": "Paramètres de {policyName}",
"alwaysAllow": "Outrepasser l'authentification",
"alwaysDeny": "Bloquer l'accès",
"passToAuth": "Passer à l'authentification",
@@ -671,7 +744,7 @@
"targetSubmit": "Ajouter une cible",
"targetNoOne": "Cette ressource n'a aucune cible. Ajoutez une cible pour configurer où envoyer des requêtes à l'arrière-plan.",
"targetNoOneDescription": "L'ajout de plus d'une cible ci-dessus activera l'équilibrage de charge.",
- "targetsSubmit": "Enregistrer les cibles",
+ "targetsSubmit": "Enregistrer les paramètres",
"addTarget": "Ajouter une cible",
"proxyMultiSiteRoundRobinNodeHelp": "Le routage en tourniquet n'opérera pas entre des sites qui ne sont pas connectés au même nœud, mais le basculement fonctionnera.",
"targetErrorInvalidIp": "Adresse IP invalide",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Règle en double",
"rulesErrorDuplicateDescription": "Une règle avec ces paramètres existe déjà",
"rulesErrorInvalidIpAddressRange": "CIDR invalide",
- "rulesErrorInvalidIpAddressRangeDescription": "Veuillez entrer une valeur CIDR valide",
- "rulesErrorInvalidUrl": "Chemin URL invalide",
- "rulesErrorInvalidUrlDescription": "Veuillez entrer un chemin URL valide",
- "rulesErrorInvalidIpAddress": "IP invalide",
- "rulesErrorInvalidIpAddressDescription": "Veuillez entrer une adresse IP valide",
+ "rulesErrorInvalidIpAddressRangeDescription": "Entrez une plage CIDR valide (par ex., 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Chemin non valide",
+ "rulesErrorInvalidUrlDescription": "Entrez un chemin URL valide ou un modèle (par exemple, /api/*).",
+ "rulesErrorInvalidIpAddress": "Adresse IP invalide",
+ "rulesErrorInvalidIpAddressDescription": "Entrez une adresse IPv4 ou IPv6 valide.",
"rulesErrorUpdate": "Échec de la mise à jour des règles",
"rulesErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour des règles",
"rulesUpdated": "Activer les règles",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Entrez une adresse IP (ex: 103.21.244.12)",
"rulesMatchUrl": "Entrez un chemin URL ou un motif (ex: /api/v1/todos ou /api/v1/*)",
"rulesErrorInvalidPriority": "Priorité invalide",
- "rulesErrorInvalidPriorityDescription": "Veuillez entrer une priorité valide",
+ "rulesErrorInvalidPriorityDescription": "Entrez un nombre entier de 1 ou plus.",
"rulesErrorDuplicatePriority": "Priorités en double",
- "rulesErrorDuplicatePriorityDescription": "Veuillez entrer des priorités uniques",
+ "rulesErrorDuplicatePriorityDescription": "Chaque règle doit avoir un numéro de priorité unique.",
+ "rulesErrorValidation": "Règles invalides",
+ "rulesErrorValidationRuleDescription": "Règle {ruleNumber} : {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Sélectionnez un type de correspondance valide (chemin, IP, CIDR, pays, région ou ASN).",
+ "rulesErrorValueRequired": "Entrez une valeur pour cette règle.",
+ "rulesErrorInvalidCountry": "Pays invalide",
+ "rulesErrorInvalidCountryDescription": "Sélectionnez un pays valide.",
+ "rulesErrorInvalidAsn": "ASN invalide",
+ "rulesErrorInvalidAsnDescription": "Entrez un ASN valide (par exemple, AS15169).",
"ruleUpdated": "Règles mises à jour",
"ruleUpdatedDescription": "Règles mises à jour avec succès",
"ruleErrorUpdate": "L'opération a échoué",
"ruleErrorUpdateDescription": "Une erreur s'est produite lors de l'enregistrement",
"rulesPriority": "Priorité",
+ "rulesReorderDragHandle": "Faites glisser pour réorganiser la priorité des règles",
"rulesAction": "Action",
"rulesMatchType": "Type de correspondance",
"value": "Valeur",
@@ -744,9 +826,60 @@
"rulesResource": "Configuration des règles de ressource",
"rulesResourceDescription": "Configurer les règles pour contrôler l'accès à la ressource",
"ruleSubmit": "Ajouter une règle",
- "rulesNoOne": "Aucune règle. Ajoutez une règle en utilisant le formulaire.",
+ "rulesNoOne": "Aucune règle pour le moment.",
"rulesOrder": "Les règles sont évaluées par priorité dans l'ordre croissant.",
"rulesSubmit": "Enregistrer les règles",
+ "policyErrorCreate": "Erreur lors de la création de la politique",
+ "policyErrorCreateDescription": "Une erreur s'est produite lors de la création de la politique",
+ "policyErrorCreateMessageDescription": "Une erreur inattendue s'est produite",
+ "policyErrorUpdate": "Erreur lors de la mise à jour de la politique",
+ "policyErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour de la politique",
+ "policyErrorUpdateMessageDescription": "Une erreur inattendue s'est produite",
+ "policyCreatedSuccess": "Politique de ressource créée avec succès",
+ "policyUpdatedSuccess": "Politique de ressource mise à jour avec succès",
+ "authMethodsSave": "Enregistrer les paramètres",
+ "policyAuthStackTitle": "Authentification",
+ "policyAuthStackDescription": "Contrôlez quelles méthodes d'authentification sont nécessaires pour accéder à cette ressource",
+ "policyAuthOrLogicTitle": "Plusieurs méthodes d'authentification actives",
+ "policyAuthOrLogicBanner": "Les visiteurs peuvent s'authentifier en utilisant l'une des méthodes actives ci-dessous. Ils n'ont pas besoin de toutes les compléter.",
+ "policyAuthMethodActive": "Actif",
+ "policyAuthMethodOff": "Éteint",
+ "policyAuthSsoTitle": "SSO de la plateforme",
+ "policyAuthSsoDescription": "Exigez une connexion via le fournisseur d'identité de votre organisation",
+ "policyAuthSsoSummary": "{idp} · {users} utilisateurs, {roles} rôles",
+ "policyAuthSsoDefaultIdp": "Fournisseur par défaut",
+ "policyAuthAddDefaultIdentityProvider": "Ajouter un fournisseur d'identité par défaut",
+ "policyAuthOtherMethodsTitle": "Autres méthodes",
+ "policyAuthOtherMethodsDescription": "Des méthodes facultatives que les visiteurs peuvent utiliser à la place de ou en parallèle avec la SSO de la plateforme",
+ "policyAuthPasscodeTitle": "Code confidentiel",
+ "policyAuthPasscodeDescription": "Exiger un code confidentiel alphanumérique partagé pour accéder à la ressource",
+ "policyAuthPasscodeSummary": "Code confidentiel établi",
+ "policyAuthPincodeTitle": "Code PIN",
+ "policyAuthPincodeDescription": "Un code numérique court requis pour accéder à la ressource",
+ "policyAuthPincodeSummary": "Code PIN à 6 chiffres établi",
+ "policyAuthEmailTitle": "Liste blanche des e-mails",
+ "policyAuthEmailDescription": "Autorisez les adresses e-mail listées avec des mots de passe à usage unique",
+ "policyAuthEmailSummary": "{count} adresses autorisées",
+ "policyAuthEmailOtpCallout": "Activer la liste blanche des e-mails envoie un mot de passe à usage unique à l'e-mail du visiteur lors de la connexion.",
+ "policyAuthHeaderAuthTitle": "Authentification de l'en-tête de base",
+ "policyAuthHeaderAuthDescription": "Validez un nom et une valeur d'en-tête HTTP personnalisé à chaque requête",
+ "policyAuthHeaderAuthSummary": "En-tête configuré",
+ "policyAuthHeaderName": "Nom de l'en-tête",
+ "policyAuthHeaderValue": "Valeur attendue",
+ "policyAuthSetPasscode": "Définir le code confidentiel",
+ "policyAuthSetPincode": "Définir le code PIN",
+ "policyAuthSetEmailWhitelist": "Définir la liste blanche des e-mails",
+ "policyAuthSetHeaderAuth": "Configurer l'authentification des en-têtes de base",
+ "policyAccessRulesTitle": "Règles d'accès",
+ "policyAccessRulesEnableDescription": "Lorsqu'elles sont activées, les règles sont évaluées dans l'ordre décroissant jusqu'à ce que l'une soit évaluée comme vraie.",
+ "policyAccessRulesFirstMatch": "Les règles sont évaluées de haut en bas. La première règle correspondante décide du résultat.",
+ "policyAccessRulesHowItWorks": "Les règles correspondent aux demandes par chemin, adresse IP, emplacement, ou d'autres critères. Chaque règle applique une action : contourner l'authentification, bloquer l'accès, ou passer à l'authentification. Si aucune règle ne correspond, le trafic continue jusqu'à l'authentification.",
+ "policyAccessRulesFallthroughOff": "Lorsque les règles sont désactivées, tout le trafic passe par l'authentification.",
+ "policyAccessRulesFallthroughOn": "Lorsqu'aucune règle ne correspond, le trafic passe par l'authentification.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Enregistrer les règles",
"resourceErrorCreate": "Erreur lors de la création de la ressource",
"resourceErrorCreateDescription": "Une erreur s'est produite lors de la création de la ressource",
"resourceErrorCreateMessage": "Erreur lors de la création de la ressource :",
@@ -768,7 +901,7 @@
"accessControl": "Contrôle d'accès",
"shareLink": "Lien de partage {resource}",
"resourceSelect": "Sélectionner une ressource",
- "shareLinks": "Liens de partage",
+ "shareLinks": "Liens partageables",
"share": "Liens partageables",
"shareDescription2": "Créez des liens partageables vers des ressources. Les liens fournissent un accès temporaire ou illimité à votre ressource. Vous pouvez configurer la durée d'expiration du lien lorsque vous en créez un.",
"shareEasyCreate": "Facile à créer et à partager",
@@ -810,6 +943,17 @@
"pincodeAdd": "Ajouter un code PIN",
"pincodeRemove": "Supprimer le code PIN",
"resourceAuthMethods": "Méthodes d'authentification",
+ "resourcePolicyAuthMethodsEmpty": "Pas de méthode d'authentification",
+ "resourcePolicyOtpEmpty": "Aucun mot de passe à usage unique",
+ "resourcePolicyReadOnly": "Cette politique est en lecture seule",
+ "resourcePolicyReadOnlyDescription": "Cette politique de ressource est partagée sur plusieurs ressources, vous ne pouvez pas l'éditer sur cette page.",
+ "editSharedPolicy": "Modifier la politique partagée",
+ "resourcePolicyTypeSave": "Enregistrer le type de ressource",
+ "resourcePolicySelect": "Sélectionner la politique de ressource",
+ "resourcePolicySelectError": "Sélectionner une politique de ressource",
+ "resourcePolicyNotFound": "Politique introuvable",
+ "resourcePolicySearch": "Chercher des politiques",
+ "resourcePolicyRulesEmpty": "Pas de règles d'authentification",
"resourceAuthMethodsDescriptions": "Permettre l'accès à la ressource via des méthodes d'authentification supplémentaires",
"resourceAuthSettingsSave": "Enregistré avec succès",
"resourceAuthSettingsSaveDescription": "Les paramètres d'authentification ont été enregistrés",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Définir le code PIN",
"resourcePincodeSetupTitleDescription": "Définir un code PIN pour protéger cette ressource",
"resourceRoleDescription": "Les administrateurs peuvent toujours accéder à cette ressource.",
+ "resourcePolicySelectTitle": "Politique d'accès à la ressource",
+ "resourcePolicySelectDescription": "Sélectionner le type de politique de ressource pour l'authentification",
+ "resourcePolicyTypeLabel": "Type de politique",
+ "resourcePolicyLabel": "Politique de ressource",
+ "resourcePolicyInline": "Politique de ressource en ligne",
+ "resourcePolicyInlineDescription": "Politique d'accès limitée uniquement à cette ressource",
+ "resourcePolicyShared": "Politique de ressource partagée",
+ "resourcePolicySharedDescription": "Cette ressource utilise une politique partagée.",
+ "sharedPolicy": "Politique partagée",
+ "sharedPolicyNoneDescription": "Cette ressource a sa propre politique.",
+ "resourceSharedPolicyOwnDescription": "Cette ressource a ses propres contrôles de règles d'authentification et d'accès.",
+ "resourceSharedPolicyInheritedDescription": "Cette ressource hérite de {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Cette ressource utilise une politique partagée. Certains paramètres d'authentification peuvent être modifiés sur cette ressource pour ajouter à la politique. Pour changer la politique sous-jacente, vous devez éditer à {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Cette ressource utilise une politique partagée. Certaines règles d'accès peuvent être modifiées sur cette ressource. Pour changer la politique sous-jacente, vous devez éditer {policyName}.",
"resourceUsersRoles": "Contrôles d'accès",
"resourceUsersRolesDescription": "Configurer quels utilisateurs et rôles peuvent visiter cette ressource",
"resourceUsersRolesSubmit": "Enregistrer les contrôles d'accès",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Visibilité",
"resourceVisibilityTitleDescription": "Activer ou désactiver complètement la visibilité de la ressource",
"resourceGeneral": "Paramètres généraux",
- "resourceGeneralDescription": "Configurer les paramètres généraux de cette ressource",
+ "resourceGeneralDescription": "Configurer le nom, l'adresse et la politique d'accès pour cette ressource.",
+ "resourceGeneralDetailsSubsection": "Détails de la ressource",
+ "resourceGeneralDetailsSubsectionDescription": "Définir le nom d'affichage, l'identifiant et le domaine accessible publiquement pour cette ressource.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Définir le nom d'affichage, l'identifiant et le port public pour cette ressource.",
+ "resourceGeneralPublicAddressSubsection": "Adresse publique",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configurez comment les utilisateurs accèdent à cette ressource.",
+ "resourceGeneralAuthenticationAccessSubsection": "Authentification & Accès",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Choisissez si cette ressource utilise sa propre politique ou hérite d'une politique partagée.",
"resourceEnable": "Activer la ressource",
"resourceTransfer": "Transférer la ressource",
"resourceTransferDescription": "Transférer cette ressource vers un autre site",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Un problème est survenu lors de la connexion à {name}. Veuillez contacter votre administrateur.",
"idpErrorNotFound": "IdP introuvable",
"inviteInvalid": "Invitation invalide",
+ "labels": "Étiquettes",
+ "orgLabelsDescription": "Gérer les étiquettes dans cette organisation.",
+ "addLabels": "Ajouter des étiquettes",
+ "siteLabelsTab": "Étiquettes",
+ "siteLabelsDescription": "Gérer les étiquettes associées à ce site.",
+ "labelsNotFound": "Aucune étiquette trouvée.",
+ "labelsEmptyCreateHint": "Commencez à taper ci-dessus pour créer une étiquette.",
+ "labelSearch": "Chercher des étiquettes",
+ "labelSearchOrCreate": "Recherchez ou créez une étiquette",
+ "accessLabelFilterCount": "{count, plural, one {# étiquette} other {# étiquettes}}",
+ "labelOverflowCount": "+{count, plural, one {# étiquette} other {# étiquettes}}",
+ "accessLabelFilterClear": "Effacer les filtres d'étiquette",
+ "accessFilterClear": "Effacer les filtres",
+ "selectColor": "Sélectionner la couleur",
+ "createNewLabel": "Créer une nouvelle étiquette d'organisation \"{label}\"",
"inviteInvalidDescription": "Le lien d'invitation n'est pas valide.",
"inviteErrorWrongUser": "L'invitation n'est pas pour cet utilisateur",
"inviteErrorUserNotExists": "L'utilisateur n'existe pas. Veuillez d'abord créer un compte.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Appliquer la Config",
"actionListBlueprints": "Lister les plans",
"actionGetBlueprint": "Obtenez un plan",
+ "actionCreateOrgWideLauncherView": "Créer une vue de lancement au niveau de l'organisation",
"setupToken": "Jeton de configuration",
"setupTokenDescription": "Entrez le jeton de configuration depuis la console du serveur.",
"setupTokenRequired": "Le jeton de configuration est requis.",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Ressource",
"sidebarProxyResources": "Publique",
"sidebarClientResources": "Privé",
+ "sidebarPolicies": "Politiques partagées",
+ "sidebarResourcePolicies": "Ressources publiques",
"sidebarAccessControl": "Contrôle d'accès",
"sidebarLogsAndAnalytics": "Journaux & Analytiques",
"sidebarTeam": "Equipe",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Administrateur",
"sidebarInvitations": "Invitations",
"sidebarRoles": "Rôles",
- "sidebarShareableLinks": "Liens",
+ "sidebarShareableLinks": "Liens partageables",
"sidebarApiKeys": "Clés API",
"sidebarProvisioning": "Mise en place",
"sidebarSettings": "Réglages",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Site {id}",
"standaloneHcFilterResourceIdFallback": "Ressource {id}",
"blueprints": "Configs",
- "blueprintsDescription": "Appliquer les configurations déclaratives et afficher les exécutions précédentes",
+ "blueprintsLog": "Journal des plans",
+ "blueprintsDescription": "Consultez les applications et leurs résultats de planches à dessin passées ou appliquez une nouvelle planche à dessin",
"blueprintAdd": "Ajouter une Config",
"blueprintGoBack": "Voir toutes les Configs",
"blueprintCreate": "Créer une Config",
@@ -1575,7 +1759,17 @@
"contents": "Contenus",
"parsedContents": "Contenu analysé (lecture seule)",
"enableDockerSocket": "Activer la Config Docker",
- "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin de socket doit être fourni à Newt.",
+ "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin du socket doit être fourni au connecteur du site. Lisez plus à ce sujet dans la documentation.",
+ "newtAutoUpdate": "Activer la mise à jour automatique du site",
+ "newtAutoUpdateDescription": "Lorsqu'il est activé, les connecteurs de site téléchargeront automatiquement la dernière version et redémarreront eux-mêmes. Cela peut être contourné sur une base par site.",
+ "siteAutoUpdate": "Mise à jour automatique du site",
+ "siteAutoUpdateLabel": "Activer la mise à jour automatique",
+ "siteAutoUpdateDescription": "Lorsqu'il est activé, le connecteur de ce site téléchargera automatiquement la dernière version et se redémarrera.",
+ "siteAutoUpdateOrgDefault": "Valeur par défaut de l'organisation : {state}",
+ "siteAutoUpdateOverriding": "Substitution des paramètres de l'organisation",
+ "siteAutoUpdateResetToOrg": "Réinitialiser à la valeur par défaut de l'organisation",
+ "siteAutoUpdateEnabled": "activé",
+ "siteAutoUpdateDisabled": "désactivé",
"viewDockerContainers": "Voir les conteneurs Docker",
"containersIn": "Conteneurs en {siteName}",
"selectContainerDescription": "Sélectionnez n'importe quel conteneur à utiliser comme nom d'hôte pour cette cible. Cliquez sur un port pour utiliser un port.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certificat",
"certificateStatusAutoRefreshHint": "L'état se rafraîchit automatiquement.",
"loading": "Chargement",
+ "loadingEllipsis": "Chargement...",
"loadingAnalytics": "Chargement de l'analyse",
"restart": "Redémarrer",
"domains": "Domaines",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Configuration du compte terminée! Bienvenue chez Pangolin !",
"documentation": "Documentation",
"saveAllSettings": "Enregistrer tous les paramètres",
- "saveResourceTargets": "Enregistrer les cibles",
- "saveResourceHttp": "Enregistrer les paramètres de proxy",
- "saveProxyProtocol": "Enregistrer les paramètres du protocole proxy",
+ "saveResourceTargets": "Enregistrer les paramètres",
+ "saveResourceHttp": "Enregistrer les paramètres",
+ "saveProxyProtocol": "Enregistrer les paramètres",
"settingsUpdated": "Paramètres mis à jour",
"settingsUpdatedDescription": "Paramètres mis à jour avec succès",
"settingsErrorUpdate": "Échec de la mise à jour des paramètres",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Gérer votre abonnement pour les clés de licence auto-hébergées payantes",
"billingCurrentKeys": "Clés actuelles",
"billingModifyCurrentPlan": "Modifier le plan actuel",
+ "billingManageLicenseSubscriptionDescription": "Gérez votre abonnement pour clés de licence auto-hébergées payantes et téléchargez les factures.",
"billingConfirmUpgrade": "Confirmer la mise à niveau",
"billingConfirmDowngrade": "Confirmer la rétrogradation",
"billingConfirmUpgradeDescription": "Vous êtes sur le point de mettre à niveau votre offre. Examinez les nouvelles limites et les nouveaux prix ci-dessous.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Sous-réseau",
"addressDescription": "L'adresse interne du client. Doit être dans le sous-réseau de l'organisation.",
"selectSites": "Sélectionner des sites",
+ "selectLabels": "Sélectionner des étiquettes",
"sitesDescription": "Le client aura une connectivité vers les sites sélectionnés",
"clientInstallOlm": "Installer Olm",
"clientInstallOlmDescription": "Faites fonctionner Olm sur votre système",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Inconnu",
"healthCheck": "Vérification de l'état de santé",
"configureHealthCheck": "Configurer la vérification de l'état de santé",
- "configureHealthCheckDescription": "Configurer la surveillance de la santé pour {target}",
+ "configureHealthCheckDescription": "Configurez la surveillance de votre ressource pour vous assurer qu'elle est toujours disponible",
"enableHealthChecks": "Activer les vérifications de santé",
"healthCheckDisabledStateDescription": "Lorsqu'il est désactivé, le site ne procédera pas aux vérifications de santé et l'état sera considéré comme inconnu.",
"enableHealthChecksDescription": "Surveiller la vie de cette cible. Vous pouvez surveiller un point de terminaison différent de la cible si nécessaire.",
"healthScheme": "Méthode",
"healthSelectScheme": "Sélectionnez la méthode",
- "healthCheckPortInvalid": "Le port du bilan de santé doit être compris entre 1 et 65535",
+ "healthCheckPortInvalid": "Le port doit être compris entre 1 et 65535",
"healthCheckPath": "Chemin d'accès",
"healthHostname": "IP / Hôte",
"healthPort": "Port",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Le temps est exprimé en secondes",
"requireDeviceApproval": "Exiger les autorisations de l'appareil",
"requireDeviceApprovalDescription": "Les utilisateurs ayant ce rôle ont besoin de nouveaux périphériques approuvés par un administrateur avant de pouvoir se connecter et accéder aux ressources.",
+ "sshSettings": "Paramètres SSH",
"sshAccess": "Accès SSH",
+ "rdpSettings": "Paramètres RDP",
+ "vncSettings": "Paramètres VNC",
+ "sshServer": "Serveur SSH",
+ "rdpServer": "Serveur RDP",
+ "vncServer": "Serveur VNC",
+ "sshServerDescription": "Configurer la méthode d'authentification, l'emplacement du démon et la destination du serveur",
+ "rdpServerDescription": "Configurer la destination et le port du serveur RDP",
+ "vncServerDescription": "Configurer la destination et le port du serveur VNC",
+ "sshServerMode": "Mode",
+ "sshServerModeStandard": "Serveur SSH Standard",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Relai les commandes sur le réseau vers un serveur SSH tel qu'OpenSSH.",
+ "sshServerModeNative": "Serveur SSH Natif",
+ "sshServerModeNativeDescription": "Exécute les commandes directement sur l'hôte via le Connecteur de Site. Aucune configuration réseau requise.",
+ "sshAuthenticationMethod": "Méthode d'authentification",
+ "sshAuthMethodManual": "Authentification Manuelle",
+ "sshAuthMethodManualDescription": "Nécessite des identifiants d'hôte existants. Évite l'approvisionnement automatique.",
+ "sshAuthMethodAutomated": "Approvisionnement Automatisé",
+ "sshAuthMethodAutomatedDescription": "Crée automatiquement des utilisateurs, groupes, et permissions sudo sur l'hôte.",
+ "sshAuthDaemonLocation": "Emplacement du Démon Auth",
+ "sshDaemonLocationSiteDescription": "Exécute localement sur la machine hébergeant le connecteur de site.",
+ "sshDaemonLocationRemote": "Sur hôte distant",
+ "sshDaemonLocationRemoteDescription": "S'exécute sur une machine cible séparée sur le même réseau.",
+ "sshDaemonDisclaimer": "Assurez-vous que votre hôte cible est correctement configuré pour exécuter le daemon auth avant de terminer cette configuration, ou l'approvisionnement échouera.",
+ "sshDaemonPort": "Port du Démon",
+ "sshServerDestination": "Destination du Serveur",
+ "sshServerDestinationDescription": "Configurez la destination du serveur SSH",
+ "destination": "Destination",
+ "destinationRequired": "La destination est requise.",
+ "domainRequired": "Le domaine est requis.",
+ "proxyPortRequired": "Le port est requis.",
+ "invalidPathConfiguration": "Configuration de chemin invalide.",
+ "invalidRewritePathConfiguration": "Configuration de réécriture de chemin invalide.",
+ "bgTargetMultiSiteDisclaimer": "La sélection de plusieurs sites permet un routage résilient et une bascule pour une haute disponibilité.",
"roleAllowSsh": "Autoriser SSH",
"roleAllowSshAllow": "Autoriser",
"roleAllowSshDisallow": "Interdire",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.",
"sshSudo": "Autoriser sudo",
"sshSudoCommands": "Commandes Sudo",
- "sshSudoCommandsDescription": "Liste des commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo.",
+ "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo, séparées par des virgules, des espaces ou des nouvelles lignes. Les chemins absolus doivent être utilisés.",
"sshCreateHomeDir": "Créer un répertoire personnel",
"sshUnixGroups": "Groupes Unix",
- "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.",
+ "sshUnixGroupsDescription": "Groupes Unix auxquels ajouter l'utilisateur sur l'hôte cible, séparés par des virgules, des espaces, ou des nouvelles lignes.",
+ "roleTextFieldPlaceholder": "Entrez des valeurs, ou déposez un fichier .txt ou .csv",
+ "roleTextImportTitle": "Importer depuis un fichier",
+ "roleTextImportDescription": "Importation de {fileName} dans {fieldLabel}.",
+ "roleTextImportSkipHeader": "Ignorer la première ligne (en-tête)",
+ "roleTextImportOverride": "Remplacer l'existant",
+ "roleTextImportAppend": "Ajouter à l'existant",
+ "roleTextImportMode": "Mode d'importation",
+ "roleTextImportPreview": "Aperçu",
+ "roleTextImportItemCount": "{count, plural, =0 {Aucun élément à importer} one {1 élément à importer} other {# éléments à importer}}",
+ "roleTextImportTotalCount": "{existing} existant + {imported} importé = {total} total",
+ "roleTextImportConfirm": "Importer",
+ "roleTextImportInvalidFile": "Type de fichier non pris en charge",
+ "roleTextImportInvalidFileDescription": "Seuls les fichiers .txt et .csv sont pris en charge.",
+ "roleTextImportEmpty": "Aucun élément trouvé dans le fichier",
+ "roleTextImportEmptyDescription": "Le fichier ne contient aucun élément importable.",
"retryAttempts": "Tentatives de réessai",
"expectedResponseCodes": "Codes de réponse attendus",
"expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Méthode HTTP",
"editInternalResourceDialogEnableSsl": "Activer TLS",
"editInternalResourceDialogEnableSslDescription": "Activer le cryptage SSL/TLS pour des connexions HTTPS sécurisées vers la destination.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Site",
"selectSite": "Sélectionner un site...",
"multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# étiquette} other {# étiquettes}}",
"noSitesFound": "Aucun site trouvé.",
"createInternalResourceDialogProtocol": "Protocole",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Méthode HTTP",
"createInternalResourceDialogScheme": "Méthode HTTP",
"createInternalResourceDialogEnableSsl": "Activer TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "La gamme CIDR de la ressource sur le réseau du site.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Un alias DNS interne optionnel pour cette ressource.",
+ "internalResourceAliasLocalWarning": "Les alias se terminant par .local peuvent causer des problèmes de résolution dus au mDNS sur certains réseaux.",
"internalResourceDownstreamSchemeRequired": "Un schéma est requis pour les ressources HTTP",
"internalResourceHttpPortRequired": "Le port de destination est requis pour les ressources HTTP",
"siteConfiguration": "Configuration",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Nœuds distants",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Clé secrète",
+ "remoteExitNodeNetworkingTitle": "Paramètres du réseau",
+ "remoteExitNodeNetworkingDescription": "Configurez comment ce nœud de sortie distant acheminera le trafic et quels sites préfèrent se connecter via ce dernier. Fonctions avancées à utiliser avec les configurations réseau de retour.",
+ "remoteExitNodeNetworkingSave": "Enregistrer les paramètres",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Paramètres du réseau enregistrés",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Les paramètres du réseau ont été mis à jour avec succès.",
+ "remoteExitNodeNetworkingSaveError": "Échec de l'enregistrement des paramètres du réseau",
+ "remoteExitNodeNetworkingSubnetsTitle": "Sous-réseaux distants",
+ "remoteExitNodeNetworkingSubnetsDescription": "Définissez les plages CIDR que ce nœud de sortie distant acheminera. Saisissez un CIDR valide (par exemple 10.0.0.0/8) et appuyez sur Entrée pour ajouter.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Ajouter une plage CIDR (par exemple 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Échec du chargement des sous-réseaux",
+ "remoteExitNodeNetworkingLabelsTitle": "Étiquettes de préférences",
+ "remoteExitNodeNetworkingLabelsDescription": "Les sites avec ces étiquettes devront se connecter via ce nœud de sortie distant.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Sélectionner des étiquettes...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Chercher des étiquettes...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Échec du chargement des étiquettes",
"remoteExitNodeCreate": {
"title": "Créer un nœud distant",
"description": "Créez un nouveau nœud de relais et de serveur proxy distant auto-hébergé",
@@ -2233,7 +2499,7 @@
"description": "Serveur Pangolin auto-hébergé avec des cloches et des sifflets supplémentaires",
"introTitle": "Pangolin auto-hébergé géré",
"introDescription": "est une option de déploiement conçue pour les personnes qui veulent de la simplicité et de la fiabilité tout en gardant leurs données privées et auto-hébergées.",
- "introDetail": "Avec cette option, vous exécutez toujours votre propre nœud Pangolin - vos tunnels, la terminaison TLS et le trafic restent sur votre serveur. La différence est que la gestion et la surveillance sont gérées via notre tableau de bord du cloud, qui déverrouille un certain nombre d'avantages :",
+ "introDetail": "Avec cette option, vous exécutez toujours votre propre nœud Pangolin - vos tunnels, la terminaison TLS et le trafic restent sur votre serveur. La différence est que la gestion et la surveillance sont gérées via notre tableau de bord du cloud, ce qui débloque un certain nombre d'avantages :",
"benefitSimplerOperations": {
"title": "Opérations plus simples",
"description": "Pas besoin de faire tourner votre propre serveur de messagerie ou de configurer des alertes complexes. Vous obtiendrez des contrôles de santé et des alertes de temps d'arrêt par la suite."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Sous-réseau",
+ "utilitySubnet": "Routeur utilitaire",
"subnetDescription": "Le sous-réseau de la configuration réseau de cette organisation.",
"customDomain": "Domaine personnalisé",
"authPage": "Pages d'authentification",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "L'organisation ou l'identifiant de domaine est manquant",
"loadingDNSRecords": "Chargement des enregistrements DNS...",
"olmUpdateAvailableInfo": "Une version mise à jour de Olm est disponible. Veuillez mettre à jour vers la dernière version pour la meilleure expérience.",
+ "updateAvailableInfo": "Une version mise à jour est disponible. Veuillez mettre à jour vers la dernière version pour une meilleure expérience.",
"client": "Client",
"proxyProtocol": "Paramètres du protocole proxy",
"proxyProtocolDescription": "Configurer le protocole Proxy pour préserver les adresses IP du client pour les services TCP.",
"enableProxyProtocol": "Activer le protocole Proxy",
"proxyProtocolInfo": "Conserver les adresses IP du client pour les backends TCP",
"proxyProtocolVersion": "Version du protocole proxy",
- "version1": " Version 1 (Recommandé)",
+ "version1": "Version 1 (Recommandée)",
"version2": "Version 2",
- "versionDescription": "La version 1 est basée sur du texte et est largement supportée. La version 2 est binaire et plus efficace mais moins compatible.",
+ "version1Description": "Basé sur texte et largement pris en charge. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
+ "version2Description": "Binaire et plus efficace mais moins compatible. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
"warning": "Avertissement",
"proxyProtocolWarning": "L'application backend doit être configurée pour accepter les connexions Proxy Protocol. Si votre backend ne prend pas en charge le protocole Proxy, l'activation de cette option va perturber toutes les connexions, donc n'activez cette option que si vous savez ce que vous faites. Assurez-vous de configurer votre backend pour faire confiance aux en-têtes du protocole Proxy de Traefik.",
"restarting": "Redémarrage...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Entrez la confirmation",
"blueprintViewDetails": "Détails",
"defaultIdentityProvider": "Fournisseur d'identité par défaut",
- "defaultIdentityProviderDescription": "Lorsqu'un fournisseur d'identité par défaut est sélectionné, l'utilisateur sera automatiquement redirigé vers le fournisseur pour authentification.",
+ "defaultIdentityProviderDescription": "L'utilisateur sera automatiquement redirigé vers ce fournisseur d'identité pour l'authentification.",
"editInternalResourceDialogNetworkSettings": "Paramètres réseau",
"editInternalResourceDialogAccessPolicy": "Politique d'accès",
"editInternalResourceDialogAddRoles": "Ajouter des rôles",
@@ -2937,11 +3206,12 @@
"learnMore": "En savoir plus",
"backToHome": "Retour à l'accueil",
"needToSignInToOrg": "Besoin d'utiliser le fournisseur d'identité de votre organisation ?",
- "maintenanceMode": "Mode de maintenance",
+ "maintenanceMode": "Page de maintenance",
"maintenanceModeDescription": "Afficher une page de maintenance aux visiteurs",
"maintenanceModeType": "Type de mode de maintenance",
"showMaintenancePage": "Afficher une page de maintenance aux visiteurs",
"enableMaintenanceMode": "Activer le mode de maintenance",
+ "enableMaintenanceModeDescription": "Lorsqu'il est activé, les visiteurs verront une page de maintenance au lieu de votre ressource.",
"automatic": "Automatique",
"automaticModeDescription": "Afficher la page de maintenance uniquement lorsque toutes les cibles backend sont en panne ou dégradées. Votre ressource continue à fonctionner normalement tant qu'au moins une cible est en bonne santé.",
"forced": "Forcé",
@@ -2949,6 +3219,8 @@
"warning:": "Attention :",
"forcedeModeWarning": "Tout le trafic sera dirigé vers la page de maintenance. Vos ressources backend ne recevront aucune demande.",
"pageTitle": "Titre de la page",
+ "maintenancePageContentSubsection": "Contenu de la page",
+ "maintenancePageContentSubsectionDescription": "Personnalisez le contenu affiché sur la page de maintenance",
"pageTitleDescription": "Le titre principal affiché sur la page de maintenance",
"maintenancePageMessage": "Message de maintenance",
"maintenancePageMessagePlaceholder": "Nous serons bientôt de retour ! Notre site est actuellement en maintenance planifiée.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Achèvement estimé :",
"createInternalResourceDialogDestinationRequired": "La destination est requise",
"available": "Disponible",
+ "disabledResourceDescription": "Lorsqu'il est désactivé, la ressource sera inaccessible pour tout le monde.",
"archived": "Archivé",
"noArchivedDevices": "Aucun périphérique archivé trouvé",
"deviceArchived": "Appareil archivé",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Êtes-vous sûr de vouloir dissocier ce fournisseur d'identités de cette organisation?",
"idpUnassociateDescription": "Tous les utilisateurs associés à ce fournisseur d'identités seront retirés de cette organisation, mais le fournisseur d'identités continuera d'exister pour d'autres organisations associées.",
"idpUnassociateConfirm": "Confirmer la dissociation du fournisseur d'identités",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "SUPPRIMER ET ME RETIRER DE L'ORG",
+ "idpUnassociateAndRemoveMeFromOrg": "DÉ-ASSOCIER ET ME RETIRER DE L'ORG",
"idpUnassociateWarning": "Cela ne peut pas être annulé pour cette organisation.",
"idpUnassociatedDescription": "Fournisseur d'identités dissocié de cette organisation avec succès",
"idpUnassociateMenu": "Dissocier",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Liste blanche des e-mails",
"memberPortalResourceDisabled": "Ressource désactivée",
"memberPortalShowingResources": "Affichage de {start}-{end} sur {total} ressources",
+ "resourceLauncherTitle": "Lanceur de ressources",
+ "resourceLauncherDescription": "Afficher les détails des ressources et les lancer depuis un seul endroit",
+ "resourceLauncherSearchPlaceholder": "Rechercher sur tous les sites...",
+ "resourceLauncherDefaultView": "Par défaut",
+ "resourceLauncherSaveView": "Enregistrer la vue",
+ "resourceLauncherSaveToCurrentView": "Enregistrer dans la vue actuelle",
+ "resourceLauncherResetView": "Réinitialiser la vue",
+ "resourceLauncherSaveAsNewView": "Enregistrer comme nouvelle vue",
+ "resourceLauncherSaveAsNewViewDescription": "Donnez un nom à cette vue pour enregistrer vos filtres et mise en page actuels.",
+ "resourceLauncherSaveForEveryone": "Enregistrer pour tout le monde",
+ "resourceLauncherSaveForEveryoneDescription": "Partagez cette vue avec tous les membres de l'organisation. Lorsque décochée, la vue est visible uniquement par vous.",
+ "resourceLauncherMakePersonal": "Rendre personnel",
+ "resourceLauncherFilter": "Filtrer",
+ "resourceLauncherSort": "Trier",
+ "resourceLauncherSortAscending": "Trier par ordre croissant",
+ "resourceLauncherSortDescending": "Trier par ordre décroissant",
+ "resourceLauncherSettings": "Réglages",
+ "resourceLauncherGroupBy": "Grouper par",
+ "resourceLauncherGroupBySite": "Nœud",
+ "resourceLauncherGroupByLabel": "Étiquette",
+ "resourceLauncherLayout": "Mise en page",
+ "resourceLauncherLayoutGrid": "Grille",
+ "resourceLauncherLayoutList": "Liste",
+ "resourceLauncherShowLabels": "Afficher les étiquettes",
+ "resourceLauncherShowSiteTags": "Afficher les tags de site",
+ "resourceLauncherShowRecents": "Afficher les récents",
+ "resourceLauncherDeleteView": "Supprimer la vue",
+ "resourceLauncherViewAsAdmin": "Voir en tant qu'admin",
+ "resourceLauncherResourceDetailsDescription": "Afficher les détails pour cette ressource.",
+ "resourceLauncherUnlabeled": "Non étiqueté",
+ "resourceLauncherNoSite": "Aucun nœud",
+ "resourceLauncherNoResourcesInGroup": "Aucune ressource dans ce groupe",
+ "resourceLauncherEmptyStateTitle": "Aucune ressource disponible",
+ "resourceLauncherEmptyStateDescription": "Vous n'avez pas encore accès à des ressources. Contactez votre administrateur pour demander l'accès.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Aucune ressource trouvée",
+ "resourceLauncherEmptyStateNoResultsDescription": "Aucune ressource ne correspond à votre recherche ou filtre actuel. Essayez de les ajuster pour trouver ce que vous cherchez.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Aucune ressource ne correspond à \"{query}\". Essayez d'ajuster votre recherche ou de supprimer les filtres pour voir toutes les ressources.",
+ "resourceLauncherCopiedToClipboard": "Copié dans le presse-papiers",
+ "resourceLauncherCopiedAccessDescription": "L'accès à la ressource a été copié dans votre presse-papiers.",
+ "resourceLauncherViewNamePlaceholder": "Nom de la vue",
+ "resourceLauncherViewNameLabel": "Nom de la vue",
+ "resourceLauncherViewSaved": "Vue enregistrée",
+ "resourceLauncherViewSavedDescription": "Votre vue de lancement a été enregistrée.",
+ "resourceLauncherViewSaveFailed": "Échec de l'enregistrement de la vue",
+ "resourceLauncherViewSaveFailedDescription": "Impossible d'enregistrer la vue de lancement. Veuillez réessayer.",
+ "resourceLauncherViewDeleted": "Vue supprimée",
+ "resourceLauncherViewDeletedDescription": "La vue de lancement a été supprimée.",
+ "resourceLauncherViewDeleteFailed": "Impossible de supprimer la vue",
+ "resourceLauncherViewDeleteFailedDescription": "Impossible de supprimer la vue de lancement. Veuillez réessayer.",
"memberPortalPrevious": "Précédent",
- "memberPortalNext": "Suivant"
+ "memberPortalNext": "Suivant",
+ "httpSettings": "Paramètres HTTP",
+ "tcpSettings": "Paramètres TCP",
+ "udpSettings": "Paramètres UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Établissement d'une connexion sécurisée…",
+ "sshConnecting": "Connexion…",
+ "sshInitializing": "Initialisation…",
+ "sshSignInTitle": "Se connecter à SSH",
+ "sshSignInDescription": "Entrez vos identifiants SSH pour vous connecter",
+ "sshPasswordTab": "Mot de passe",
+ "sshPrivateKeyTab": "Clé Privée",
+ "sshPrivateKeyField": "Clé Privée",
+ "sshPrivateKeyDisclaimer": "Votre clé privée n'est pas stockée ou visible par Pangolin. Alternativement, vous pouvez utiliser des certificats de courte durée pour une authentification transparente utilisant votre identité Pangolin existante.",
+ "sshLearnMore": "En savoir plus",
+ "sshPrivateKeyFile": "Fichier de Clé Privée",
+ "sshAuthenticate": "Connecter",
+ "sshTerminate": "Terminer",
+ "sshPoweredBy": "Propulsé par",
+ "sshErrorNoTarget": "Aucune cible spécifiée",
+ "sshErrorWebSocket": "Échec de la connexion WebSocket",
+ "sshErrorAuthFailed": "Échec de l'authentification",
+ "sshErrorConnectionClosed": "Connexion fermée avant que l'authentification soit terminée",
+ "sitePangolinSshDescription": "Autoriser l'accès SSH aux ressources sur ce site. Cela peut être modifié plus tard.",
+ "browserGatewayNoResourceForDomain": "Aucune ressource trouvée pour ce domaine",
+ "browserGatewayNoTarget": "Aucune cible",
+ "browserGatewayConnect": "Connecter",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Suppr",
+ "sshErrorSignKeyFailed": "Échec de la signature de la clé SSH pour l'authentification Push PAM. Vous êtes-vous connecté en tant qu'utilisateur ?",
+ "sshTerminalError": "Erreur : {error}",
+ "sshConnectionClosedCode": "Connexion fermée (code {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Une clé privée est requise",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Entrez vos identifiants VNC pour vous connecter",
+ "vncUsernameOptional": "Nom d'utilisateur (optionnel)",
+ "vncPasswordOptional": "Mot de passe (facultatif)",
+ "vncNoResourceTarget": "Aucune cible de ressource disponible",
+ "vncFailedToLoadNovnc": "Échec du chargement de noVNC",
+ "vncAuthFailedStatus": "Statut {status}",
+ "vncPasteClipboard": "Coller le presse-papiers",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Se connecter au Bureau à distance",
+ "rdpSignInDescription": "Entrez vos identifiants Windows pour vous connecter",
+ "rdpLoadingModule": "Chargement du module...",
+ "rdpFailedToLoadModule": "Échec du chargement du module RDP",
+ "rdpNotReady": "Pas prêt",
+ "rdpModuleInitializing": "Le module RDP est encore en cours d'initialisation",
+ "rdpDownloadingFiles": "Téléchargement de {count} fichier(s) depuis le site distant…",
+ "rdpDownloadFailed": "Échec du téléchargement : {fileName}",
+ "rdpUploaded": "Téléchargé : {fileName}",
+ "rdpNoConnectionTarget": "Aucune cible de connexion disponible",
+ "rdpConnectionFailed": "Échec de la connexion",
+ "rdpFit": "Ajuster",
+ "rdpFull": "Plein",
+ "rdpReal": "Réel",
+ "rdpMeta": "Méta",
+ "rdpUploadFiles": "Télécharger des fichiers",
+ "rdpFilesReadyToPaste": "Fichiers prêts à coller",
+ "rdpFilesReadyToPasteDescription": "{count} fichier(s) copié(s) vers le presse-papier distant — appuyez sur Ctrl+V sur le bureau distant pour coller.",
+ "rdpUploadFailed": "Échec du téléchargement",
+ "rdpUnicodeKeyboardMode": "Mode clavier Unicode",
+ "sessionToolbarShow": "Afficher la barre d'outils",
+ "sessionToolbarHide": "Masquer la barre d'outils"
}
diff --git a/messages/it-IT.json b/messages/it-IT.json
index 3ec9c0011..04de61551 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -66,9 +66,15 @@
"local": "Locale",
"edit": "Modifica",
"siteConfirmDelete": "Conferma Eliminazione Sito",
+ "siteConfirmDeleteAndResources": "Conferma Eliminazione Sito e Risorse",
"siteDelete": "Elimina Sito",
+ "siteDeleteAndResources": "Elimina Sito e Risorse",
"siteMessageRemove": "Una volta rimosso il sito non sarà più accessibile. Tutti gli oggetti associati al sito verranno rimossi.",
+ "siteMessageRemoveAndResources": "Questo eliminerà permanentemente tutte le risorse pubbliche e private collegate a questo sito, anche se una risorsa è anche associata ad altri siti.",
"siteQuestionRemove": "Sei sicuro di voler rimuovere il sito dall'organizzazione?",
+ "siteQuestionRemoveAndResources": "Sei sicuro di voler eliminare questo sito e tutte le risorse associate?",
+ "sitesTableDeleteSite": "Elimina Sito",
+ "sitesTableDeleteSiteAndResources": "Elimina Sito e Risorse",
"siteManageSites": "Gestisci Siti",
"siteDescription": "Creare e gestire siti per abilitare la connettività a reti private",
"sitesBannerTitle": "Connetti Qualsiasi Rete",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Visualizza Risorse Private",
"siteInstallNewt": "Installa Newt",
"siteInstallNewtDescription": "Esegui Newt sul tuo sistema",
+ "siteInstallKubernetesDocsDescription": "Per ulteriori informazioni aggiornate sull'installazione di Kubernetes, consulta docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Per le istruzioni sull'installazione del modem Advantech, consulta docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Configurazione WireGuard",
"WgConfigurationDescription": "Utilizzare la seguente configurazione per connettersi alla rete",
"operatingSystem": "Sistema Operativo",
@@ -115,6 +123,16 @@
"siteUpdated": "Sito aggiornato",
"siteUpdatedDescription": "Il sito è stato aggiornato.",
"siteGeneralDescription": "Configura le impostazioni generali per questo sito",
+ "siteRestartTitle": "Riavvia Sito",
+ "siteRestartDescription": "Riavvia il tunnel WireGuard per questo sito. Questo interromperà brevemente la connettività.",
+ "siteRestartBody": "Usalo se il tunnel del sito non funziona correttamente e vuoi forzare un riconnessione senza riavviare l'host.",
+ "siteRestartButton": "Riavvia Sito",
+ "siteRestartDialogMessage": "Sei sicuro di voler riavviare il tunnel WireGuard per {name}? Il sito perderà brevemente la connettività.",
+ "siteRestartWarning": "Il sito si disconnette brevemente mentre il tunnel si riavvia.",
+ "siteRestarted": "Sito riavviato",
+ "siteRestartedDescription": "Il tunnel WireGuard è stato riavviato.",
+ "siteErrorRestart": "Impossibile riavviare il sito",
+ "siteErrorRestartDescription": "Si è verificato un errore durante il riavvio del sito.",
"siteSettingDescription": "Configura le impostazioni del sito",
"siteResourcesTab": "Risorse",
"siteResourcesNoneOnSite": "Questo sito non ha ancora risorse pubbliche o private.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Potrai vederlo solo una volta. Assicurati di copiarlo in un luogo sicuro.",
"siteInfo": "Informazioni Sito",
"status": "Stato",
- "shareTitle": "Gestisci Collegamenti Di Condivisione",
+ "shareTitle": "Gestisci Collegamenti Condivisibili",
"shareDescription": "Crea link condivisibili per concedere accesso temporaneo o permanente alle risorse proxy",
- "shareSearch": "Cerca link condivisi...",
- "shareCreate": "Crea Link Di Condivisione",
+ "shareSearch": "Cerca collegamenti condivisibili...",
+ "shareCreate": "Crea Collegamento Condivisibile",
"shareErrorDelete": "Impossibile eliminare il link",
"shareErrorDeleteMessage": "Si è verificato un errore durante l'eliminazione del link",
"shareDeleted": "Link eliminato",
"shareDeletedDescription": "Il link è stato eliminato",
- "shareDelete": "Elimina Link di Condivisione",
- "shareDeleteConfirm": "Conferma Eliminazione Link di Condivisione",
+ "shareDelete": "Elimina Collegamento Condivisibile",
+ "shareDeleteConfirm": "Conferma Eliminazione Collegamento Condivisibile",
"shareQuestionRemove": "Sei sicuro di voler eliminare questo link di condivisione?",
"shareMessageRemove": "Una volta eliminato, il link non funzionerà più e chiunque lo utilizzi perderà l'accesso alla risorsa.",
"shareTokenDescription": "Il token di accesso può essere passato in due modi: come parametro di interrogazione o nelle intestazioni della richiesta. Questi devono essere passati dal client su ogni richiesta di accesso autenticato.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Si è verificato un errore durante la creazione del link di condivisione",
"shareCreateDescription": "Chiunque con questo link può accedere alla risorsa",
"shareTitleOptional": "Titolo (facoltativo)",
+ "sharePathOptional": "Percorso (opzionale)",
+ "sharePathDescription": "Il link reindirizzerà gli utenti a questo percorso dopo l'autenticazione.",
"expireIn": "Scadenza In",
"neverExpire": "Nessuna scadenza",
"shareExpireDescription": "Il tempo di scadenza indica per quanto tempo il link sarà utilizzabile e fornirà accesso alla risorsa. Dopo questo tempo, il link non funzionerà più e gli utenti che hanno utilizzato questo link perderanno l'accesso alla risorsa.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Seleziona una risorsa",
"proxyResourceTitle": "Gestisci Risorse Pubbliche",
"proxyResourceDescription": "Creare e gestire risorse pubbliche accessibili tramite un browser web",
- "proxyResourcesBannerTitle": "Accesso Pubblico Basato sul Web",
- "proxyResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS o TCP/UDP accessibili da chiunque tramite Internet da un browser web. A differenza delle risorse private non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
+ "publicResourcesBannerTitle": "Accesso Pubblico Basato sul Web",
+ "publicResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS accessibili a chiunque su Internet tramite un browser web. A differenza delle risorse private, non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
"clientResourceTitle": "Gestisci Risorse Private",
"clientResourceDescription": "Crea e gestisci risorse accessibili solo tramite un client connesso",
"privateResourcesBannerTitle": "Accesso Privato Zero-Trust",
@@ -208,11 +228,37 @@
"resourcesSearch": "Cerca risorse...",
"resourceAdd": "Aggiungi Risorsa",
"resourceErrorDelte": "Errore nell'eliminare la risorsa",
+ "resourcePoliciesBannerTitle": "Riutilizza Regole di Autenticazione e Accesso",
+ "resourcePoliciesBannerDescription": "Le politiche di risorsa condivise ti permettono di definire metodi di autenticazione e regole di accesso una volta, poi di applicarle a più risorse pubbliche. Quando aggiorni una politica, ogni risorsa collegata eredita il cambiamento automaticamente.",
+ "resourcePoliciesBannerButtonText": "Scopri di più",
+ "resourcePoliciesTitle": "Gestisci Politiche delle Risorse Pubbliche",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Risorse",
+ "resourcePoliciesAttachedResources": "{count} risorsa(e)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# risorsa} other {# risorse}}",
+ "resourcePoliciesAttachedResourcesEmpty": "nessuna risorsa",
+ "resourcePoliciesDescription": "Crea e gestisci politiche d'autenticazione per controllare l'accesso alle tue risorse pubbliche",
+ "resourcePoliciesSearch": "Cerca politiche...",
+ "resourcePoliciesAdd": "Aggiungi Politica",
+ "resourcePoliciesDefaultBadgeText": "Politica Predefinita",
+ "resourcePoliciesCreate": "Crea Politica Risorse Pubbliche",
+ "resourcePoliciesCreateDescription": "Segui i passaggi seguenti per creare una nuova politica",
+ "resourcePolicyName": "Nome Politica",
+ "resourcePolicyNameDescription": "Dai un nome a questa politica per identificarla tra le tue risorse",
+ "resourcePolicyNamePlaceholder": "es. Politica di Accesso Interno",
+ "resourcePoliciesSeeAll": "Vedi Tutte le Politiche",
+ "resourcePolicyAuthMethodAdd": "Aggiungi Metodo di Autenticazione",
+ "resourcePolicyOtpEmailAdd": "Aggiungi email OTP",
+ "resourcePolicyRulesAdd": "Aggiungi Regole",
+ "resourcePolicyAuthMethodsDescription": "Consenti l'accesso alle risorse tramite metodi di autenticazione aggiuntivi",
+ "resourcePolicyUsersRolesDescription": "Configura quali utenti e ruoli possono visitare le risorse associate",
+ "rulesResourcePolicyDescription": "Configura regole per controllare l'accesso alle risorse associate a questa politica",
"authentication": "Autenticazione",
"protected": "Protetto",
"notProtected": "Non Protetto",
"resourceMessageRemove": "Una volta rimossa la risorsa non sarà più accessibile. Tutti gli oggetti target associati alla risorsa saranno rimossi.",
"resourceQuestionRemove": "Sei sicuro di voler rimuovere la risorsa dall'organizzazione?",
+ "resourcePolicyMessageRemove": "Una volta rimossa, la politica delle risorse non sarà più accessibile. Tutte le risorse associate saranno dissociate e rimarranno senza autenticazione.",
+ "resourcePolicyQuestionRemove": "Sei sicuro di voler rimuovere la politica delle risorse dall'organizzazione?",
"resourceHTTP": "Risorsa HTTPS",
"resourceHTTPDescription": "Richieste proxy su HTTPS usando un nome di dominio completo.",
"resourceRaw": "Risorsa Raw TCP/UDP",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Richiesta proxy su TCP/UDP grezzo utilizzando un numero di porta. Richiede siti per connettersi a un nodo remoto.",
"resourceCreate": "Crea Risorsa",
"resourceCreateDescription": "Segui i passaggi seguenti per creare una nuova risorsa",
+ "resourceCreateGeneralDescription": "Configura le impostazioni generali delle risorse, inclusi il nome e il tipo",
"resourceSeeAll": "Vedi Tutte Le Risorse",
- "resourceInfo": "Informazioni Risorsa",
+ "resourceCreateGeneral": "Generale",
"resourceNameDescription": "Questo è il nome visualizzato per la risorsa.",
"siteSelect": "Seleziona sito",
"siteSearch": "Cerca sito",
@@ -231,12 +278,15 @@
"noCountryFound": "Nessun paese trovato.",
"siteSelectionDescription": "Questo sito fornirà connettività all'oggetto target.",
"resourceType": "Tipo Di Risorsa",
- "resourceTypeDescription": "Determinare come accedere alla risorsa",
+ "resourceTypeDescription": "Questo controlla il protocollo delle risorse e come verrà reso nel browser. Questo non può essere modificato in seguito.",
+ "resourceDomainDescription": "La risorsa sarà servita su questo dominio completamente qualificato.",
"resourceHTTPSSettings": "Impostazioni HTTPS",
"resourceHTTPSSettingsDescription": "Configura come sarà possibile accedere alla risorsa su HTTPS",
+ "resourcePortDescription": "La porta esterna sull'istanza o nodo Pangolin dove la risorsa sarà accessibile.",
"domainType": "Tipo Di Dominio",
"subdomain": "Sottodominio",
"baseDomain": "Dominio Base",
+ "configure": "Configura",
"subdomnainDescription": "Il sottodominio in cui la risorsa sarà accessibile.",
"resourceRawSettings": "Impostazioni TCP/UDP",
"resourceRawSettingsDescription": "Configura come accedere alla risorsa tramite TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Indietro",
"cancel": "Annulla",
"resourceConfig": "Snippet Di Configurazione",
- "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP",
+ "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Aggiungi Entrypoint",
"resourceExposePorts": "Gerbil: espone le porte in Docker Compose",
"resourceLearnRaw": "Scopri come configurare le risorse TCP/UDP",
"resourceBack": "Torna alle risorse",
"resourceGoTo": "Vai alla Risorsa",
+ "resourcePolicyDelete": "Elimina Politica Risorse",
+ "resourcePolicyDeleteConfirm": "Conferma Eliminazione Politica Risorse",
"resourceDelete": "Elimina Risorsa",
"resourceDeleteConfirm": "Conferma Eliminazione Risorsa",
+ "labelDelete": "Elimina Etichetta",
+ "labelAdd": "Aggiungi Etichetta",
+ "labelCreateSuccessMessage": "Etichetta Creata con Successo",
+ "labelDuplicateError": "Etichetta Duplicata",
+ "labelDuplicateErrorDescription": "Esiste già un'etichetta con questo nome.",
+ "labelEditSuccessMessage": "Etichetta Modificata con Successo",
+ "labelNameField": "Nome Etichetta",
+ "labelColorField": "Colore Etichetta",
+ "labelPlaceholder": "Es: homelab",
+ "labelCreate": "Crea Etichetta",
+ "createLabelDialogTitle": "Crea Etichetta",
+ "createLabelDialogDescription": "Crea una nuova etichetta che può essere allegata a questa organizzazione",
+ "labelEdit": "Modifica Etichetta",
+ "editLabelDialogTitle": "Aggiorna Etichetta",
+ "editLabelDialogDescription": "Modifica una nuova etichetta che può essere allegata a questa organizzazione",
+ "labelDeleteConfirm": "Conferma Eliminazione Etichetta",
+ "labelErrorDelete": "Impossibile eliminare l'etichetta",
+ "labelMessageRemove": "Questa azione è permanente. Tutti i siti, le risorse e i clienti associati a questa etichetta verranno dissociati.",
+ "labelQuestionRemove": "Sei sicuro di voler rimuovere l'etichetta dall'organizzazione?",
"visibility": "Visibilità",
"enabled": "Abilitato",
"disabled": "Disabilitato",
@@ -265,6 +336,8 @@
"rules": "Regole",
"resourceSettingDescription": "Configura le impostazioni sulla risorsa",
"resourceSetting": "Impostazioni {resourceName}",
+ "resourcePolicySettingDescription": "Configura le impostazioni su questa politica di risorsa pubblica",
+ "resourcePolicySetting": "Impostazioni del sito {policyName}",
"alwaysAllow": "Bypass Autenticazione",
"alwaysDeny": "Blocca Accesso",
"passToAuth": "Passa all'autenticazione",
@@ -671,7 +744,7 @@
"targetSubmit": "Aggiungi Target",
"targetNoOne": "Questa risorsa non ha destinazioni. Aggiungi un obiettivo per configurare dove inviare richieste al backend.",
"targetNoOneDescription": "L'aggiunta di più di un target abiliterà il bilanciamento del carico.",
- "targetsSubmit": "Salva Target",
+ "targetsSubmit": "Salva Impostazioni",
"addTarget": "Aggiungi Target",
"proxyMultiSiteRoundRobinNodeHelp": "Il routing round robin non funzionerà tra siti che non sono connessi allo stesso nodo, ma il failover funzionerà.",
"targetErrorInvalidIp": "Indirizzo IP non valido",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Regola duplicata",
"rulesErrorDuplicateDescription": "Esiste già una regola con queste impostazioni",
"rulesErrorInvalidIpAddressRange": "CIDR non valido",
- "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un valore CIDR valido",
- "rulesErrorInvalidUrl": "Percorso URL non valido",
- "rulesErrorInvalidUrlDescription": "Inserisci un valore di percorso URL valido",
- "rulesErrorInvalidIpAddress": "IP non valido",
- "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IP valido",
+ "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un intervallo CIDR valido (es., 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Percorso non valido",
+ "rulesErrorInvalidUrlDescription": "Inserisci un percorso URL valido o un pattern (es., /api/*).",
+ "rulesErrorInvalidIpAddress": "Indirizzo IP non valido",
+ "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IPv4 o IPv6 valido.",
"rulesErrorUpdate": "Impossibile aggiornare le regole",
"rulesErrorUpdateDescription": "Si è verificato un errore durante l'aggiornamento delle regole",
"rulesUpdated": "Abilita Regole",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "Inserisci un indirizzo in formato CIDR (es. 103.21.244.0/22)",
"rulesMatchIpAddress": "Inserisci un indirizzo IP (es. 103.21.244.12)",
"rulesMatchUrl": "Inserisci un percorso URL o pattern (es. /api/v1/todos o /api/v1/*)",
- "rulesErrorInvalidPriority": "Priorità Non Valida",
- "rulesErrorInvalidPriorityDescription": "Inserisci una priorità valida",
- "rulesErrorDuplicatePriority": "Priorità Duplicate",
- "rulesErrorDuplicatePriorityDescription": "Inserisci priorità uniche",
+ "rulesErrorInvalidPriority": "Priorità non valida",
+ "rulesErrorInvalidPriorityDescription": "Inserisci un numero intero di 1 o superiore.",
+ "rulesErrorDuplicatePriority": "Priorità duplicate",
+ "rulesErrorDuplicatePriorityDescription": "Ogni regola deve avere un numero di priorità univoco.",
+ "rulesErrorValidation": "Regole non valide",
+ "rulesErrorValidationRuleDescription": "Regola {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Seleziona un tipo di corrispondenza valido (percorso, IP, CIDR, paese, regione o ASN).",
+ "rulesErrorValueRequired": "Inserisci un valore per questa regola.",
+ "rulesErrorInvalidCountry": "Nazione non valida",
+ "rulesErrorInvalidCountryDescription": "Seleziona un paese valido.",
+ "rulesErrorInvalidAsn": "ASN non valido",
+ "rulesErrorInvalidAsnDescription": "Inserisci un ASN valido (es., AS15169).",
"ruleUpdated": "Regole aggiornate",
"ruleUpdatedDescription": "Regole aggiornate con successo",
"ruleErrorUpdate": "Operazione fallita",
"ruleErrorUpdateDescription": "Si è verificato un errore durante il salvataggio",
"rulesPriority": "Priorità",
+ "rulesReorderDragHandle": "Trascina per riorganizzare la priorità delle regole",
"rulesAction": "Azione",
"rulesMatchType": "Tipo di Corrispondenza",
"value": "Valore",
@@ -744,9 +826,60 @@
"rulesResource": "Configurazione Regole Risorsa",
"rulesResourceDescription": "Configura le regole per controllare l'accesso alla risorsa",
"ruleSubmit": "Aggiungi Regola",
- "rulesNoOne": "Nessuna regola. Aggiungi una regola usando il modulo.",
+ "rulesNoOne": "Nessuna regola ancora.",
"rulesOrder": "Le regole sono valutate per priorità in ordine crescente.",
"rulesSubmit": "Salva Regole",
+ "policyErrorCreate": "Errore nella creazione della politica",
+ "policyErrorCreateDescription": "Si è verificato un errore durante la creazione della politica",
+ "policyErrorCreateMessageDescription": "Si è verificato un errore imprevisto",
+ "policyErrorUpdate": "Errore nell'aggiornamento della politica",
+ "policyErrorUpdateDescription": "Si è verificato un errore durante l'aggiornamento della politica",
+ "policyErrorUpdateMessageDescription": "Si è verificato un errore imprevisto",
+ "policyCreatedSuccess": "Politica risorse creata con successo",
+ "policyUpdatedSuccess": "Politica risorse aggiornata con successo",
+ "authMethodsSave": "Salva Impostazioni",
+ "policyAuthStackTitle": "Autenticazione",
+ "policyAuthStackDescription": "Controlla quali metodi di autenticazione sono richiesti per accedere a questa risorsa",
+ "policyAuthOrLogicTitle": "Più metodi di autenticazione attivi",
+ "policyAuthOrLogicBanner": "I visitatori possono autenticarsi utilizzando uno qualsiasi dei metodi attivi sottostanti. Non è necessario completarli tutti.",
+ "policyAuthMethodActive": "Attivo",
+ "policyAuthMethodOff": "Disattivo",
+ "policyAuthSsoTitle": "SSO della Piattaforma",
+ "policyAuthSsoDescription": "Richiedi l'accesso tramite il provider di identità della tua organizzazione",
+ "policyAuthSsoSummary": "{idp} · {users} utenti, {roles} ruoli",
+ "policyAuthSsoDefaultIdp": "Provider predefinito",
+ "policyAuthAddDefaultIdentityProvider": "Aggiungi Provider di Identità Predefinito",
+ "policyAuthOtherMethodsTitle": "Altri Metodi",
+ "policyAuthOtherMethodsDescription": "Metodi opzionali che i visitatori possono utilizzare al posto o insieme al SSO della piattaforma",
+ "policyAuthPasscodeTitle": "Codice di Accesso",
+ "policyAuthPasscodeDescription": "Richiedi un codice alfanumerico condiviso per accedere alla risorsa",
+ "policyAuthPasscodeSummary": "Codice di accesso impostato",
+ "policyAuthPincodeTitle": "Codice PIN",
+ "policyAuthPincodeDescription": "Un breve codice numerico richiesto per accedere alla risorsa",
+ "policyAuthPincodeSummary": "Codice PIN a 6 cifre impostato",
+ "policyAuthEmailTitle": "Lista Autorizzazioni Email",
+ "policyAuthEmailDescription": "Consenti indirizzi email elencati con password monouso",
+ "policyAuthEmailSummary": "{count} indirizzi consentiti",
+ "policyAuthEmailOtpCallout": "L'abilitazione dell'elenco email invia una password monouso all'email del visitatore durante il login.",
+ "policyAuthHeaderAuthTitle": "Autenticazione Header Base",
+ "policyAuthHeaderAuthDescription": "Convalida un nome e un valore di intestazione HTTP personalizzato su ogni richiesta",
+ "policyAuthHeaderAuthSummary": "Intestazione configurata",
+ "policyAuthHeaderName": "Nome dell'intestazione",
+ "policyAuthHeaderValue": "Valore atteso",
+ "policyAuthSetPasscode": "Imposta Codice di Accesso",
+ "policyAuthSetPincode": "Imposta Codice PIN",
+ "policyAuthSetEmailWhitelist": "Imposta Lista Autorizzazioni Email",
+ "policyAuthSetHeaderAuth": "Imposta Autenticazione Header Base",
+ "policyAccessRulesTitle": "Regole di Accesso",
+ "policyAccessRulesEnableDescription": "Quando abilitate, le regole vengono valutate in ordine discendente finché una non è vera.",
+ "policyAccessRulesFirstMatch": "Le regole sono valutate dall'alto verso il basso. La prima regola corrispondente decide il risultato.",
+ "policyAccessRulesHowItWorks": "Le regole corrispondono alle richieste per percorso, indirizzo IP, posizione o altri criteri. Ogni regola applica un'azione: bypassa l'autenticazione, blocca l'accesso o passa all'autenticazione. Se nessuna regola corrisponde, il traffico continua all'autenticazione.",
+ "policyAccessRulesFallthroughOff": "Quando le regole sono disabilitate, tutto il traffico passa all'autenticazione.",
+ "policyAccessRulesFallthroughOn": "Quando nessuna regola corrisponde, il traffico passa all'autenticazione.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Salva Regole",
"resourceErrorCreate": "Errore nella creazione della risorsa",
"resourceErrorCreateDescription": "Si è verificato un errore durante la creazione della risorsa",
"resourceErrorCreateMessage": "Errore nella creazione della risorsa:",
@@ -768,7 +901,7 @@
"accessControl": "Controllo Accessi",
"shareLink": "Link di Condivisione {resource}",
"resourceSelect": "Seleziona risorsa",
- "shareLinks": "Link di Condivisione",
+ "shareLinks": "Collegamenti Condivisibili",
"share": "Link Condivisibili",
"shareDescription2": "Crea link condivisibili alle risorse. I link forniscono un accesso temporaneo o illimitato alla tua risorsa. È possibile configurare la durata di scadenza del collegamento quando ne viene creato uno.",
"shareEasyCreate": "Facile da creare e condividere",
@@ -810,6 +943,17 @@
"pincodeAdd": "Aggiungi Codice PIN",
"pincodeRemove": "Rimuovi Codice PIN",
"resourceAuthMethods": "Metodi di Autenticazione",
+ "resourcePolicyAuthMethodsEmpty": "Nessun metodo di autenticazione",
+ "resourcePolicyOtpEmpty": "Nessuna password monouso",
+ "resourcePolicyReadOnly": "Questa politica è sola lettura",
+ "resourcePolicyReadOnlyDescription": "Questa politica delle risorse è condivisa su più risorse, non puoi modificarla in questa pagina.",
+ "editSharedPolicy": "Modifica Politica Condivisa",
+ "resourcePolicyTypeSave": "Salva tipo di risorsa",
+ "resourcePolicySelect": "Seleziona politica delle risorse",
+ "resourcePolicySelectError": "Seleziona una politica delle risorse",
+ "resourcePolicyNotFound": "Politica non trovata",
+ "resourcePolicySearch": "Cerca politiche",
+ "resourcePolicyRulesEmpty": "Nessuna regola di autenticazione",
"resourceAuthMethodsDescriptions": "Consenti l'accesso alla risorsa tramite metodi di autenticazione aggiuntivi",
"resourceAuthSettingsSave": "Salvato con successo",
"resourceAuthSettingsSaveDescription": "Le impostazioni di autenticazione sono state salvate",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Imposta Codice PIN",
"resourcePincodeSetupTitleDescription": "Imposta un codice PIN per proteggere questa risorsa",
"resourceRoleDescription": "Gli amministratori possono sempre accedere a questa risorsa.",
+ "resourcePolicySelectTitle": "Politica di Accesso Risorse",
+ "resourcePolicySelectDescription": "Seleziona il tipo di politica delle risorse per l'autenticazione",
+ "resourcePolicyTypeLabel": "Tipo di politica",
+ "resourcePolicyLabel": "Politica delle risorse",
+ "resourcePolicyInline": "Politica Inline delle Risorse",
+ "resourcePolicyInlineDescription": "Politica di Accesso limitata solo a questa risorsa",
+ "resourcePolicyShared": "Politica Condivisa delle Risorse",
+ "resourcePolicySharedDescription": "Questa risorsa utilizza una politica condivisa.",
+ "sharedPolicy": "Politica Condivisa",
+ "sharedPolicyNoneDescription": "Questa risorsa ha la sua politica.",
+ "resourceSharedPolicyOwnDescription": "Questa risorsa ha il controllo delle proprie regole di autenticazione e accesso.",
+ "resourceSharedPolicyInheritedDescription": "Questa risorsa eredita da {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Questa risorsa utilizza una politica condivisa. Alcune impostazioni di autenticazione possono essere modificate su questa risorsa per aggiungerle alla politica. Per cambiare la politica sottostante, devi modificare {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Questa risorsa utilizza una politica condivisa. Alcune regole di accesso possono essere modificate su questa risorsa. Per cambiare la politica sottostante, devi modificare {policyName}.",
"resourceUsersRoles": "Controlli di Accesso",
"resourceUsersRolesDescription": "Configura quali utenti e ruoli possono visitare questa risorsa",
"resourceUsersRolesSubmit": "Salva Controlli di Accesso",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Visibilità",
"resourceVisibilityTitleDescription": "Abilita o disabilita completamente la visibilità della risorsa",
"resourceGeneral": "Impostazioni Generali",
- "resourceGeneralDescription": "Configura le impostazioni generali per questa risorsa",
+ "resourceGeneralDescription": "Configura nome, indirizzo e politica di accesso per questa risorsa.",
+ "resourceGeneralDetailsSubsection": "Dettagli Risorsa",
+ "resourceGeneralDetailsSubsectionDescription": "Imposta il nome visualizzato, l'identificatore e il dominio pubblicamente accessibile per questa risorsa.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Imposta il nome visualizzato, l'identificatore e la porta pubblica per questa risorsa.",
+ "resourceGeneralPublicAddressSubsection": "Indirizzo Pubblico",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configura come gli utenti raggiungono questa risorsa.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autenticazione e Accesso",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Scegli se questa risorsa utilizza la sua politica o eredita da una politica condivisa.",
"resourceEnable": "Abilita Risorsa",
"resourceTransfer": "Trasferisci Risorsa",
"resourceTransferDescription": "Trasferisci questa risorsa a un sito diverso",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Si è verificato un problema durante la connessione a {name}. Contatta il tuo amministratore.",
"idpErrorNotFound": "IdP non trovato",
"inviteInvalid": "Invito Non Valido",
+ "labels": "Etichette",
+ "orgLabelsDescription": "Gestisci le etichette in questa organizzazione.",
+ "addLabels": "Aggiungi etichette",
+ "siteLabelsTab": "Etichette",
+ "siteLabelsDescription": "Gestisci le etichette associate a questo sito.",
+ "labelsNotFound": "Nessuna etichetta trovata.",
+ "labelsEmptyCreateHint": "Inizia a digitare sopra per creare un'etichetta.",
+ "labelSearch": "Cerca etichette",
+ "labelSearchOrCreate": "Cerca o crea un'etichetta",
+ "accessLabelFilterCount": "{count, plural, one {# etichetta} other {# etichette}}",
+ "labelOverflowCount": "+{count, plural, one {# etichetta} other {# etichette}}",
+ "accessLabelFilterClear": "Cancella filtri etichette",
+ "accessFilterClear": "Cancella filtri",
+ "selectColor": "Seleziona colore",
+ "createNewLabel": "Crea nuova etichetta dell'organizzazione \"{label}\"",
"inviteInvalidDescription": "Il link di invito non è valido.",
"inviteErrorWrongUser": "L'invito non è per questo utente",
"inviteErrorUserNotExists": "L'utente non esiste. Si prega di creare prima un account.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Applica Progetto",
"actionListBlueprints": "Elenco Blueprints",
"actionGetBlueprint": "Ottieni Blueprint",
+ "actionCreateOrgWideLauncherView": "Crea Visualizzazione Lanscia Org-Wide",
"setupToken": "Configura Token",
"setupTokenDescription": "Inserisci il token di configurazione dalla console del server.",
"setupTokenRequired": "Il token di configurazione è richiesto",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Risorse",
"sidebarProxyResources": "Pubblico",
"sidebarClientResources": "Privato",
+ "sidebarPolicies": "Politiche Condivise",
+ "sidebarResourcePolicies": "Risorse Pubbliche",
"sidebarAccessControl": "Controllo Accesso",
"sidebarLogsAndAnalytics": "Registri E Analisi",
"sidebarTeam": "Squadra",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Amministratore",
"sidebarInvitations": "Inviti",
"sidebarRoles": "Ruoli",
- "sidebarShareableLinks": "Collegamenti",
+ "sidebarShareableLinks": "Collegamenti Condivisibili",
"sidebarApiKeys": "Chiavi API",
"sidebarProvisioning": "Accantonamento",
"sidebarSettings": "Impostazioni",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Sito {id}",
"standaloneHcFilterResourceIdFallback": "Risorsa {id}",
"blueprints": "Progetti",
- "blueprintsDescription": "Applica le configurazioni dichiarative e visualizza le partite precedenti",
+ "blueprintsLog": "Registro Progetti",
+ "blueprintsDescription": "Visualizza le applicazioni blueprint passate e i loro risultati o applica un nuovo blueprint",
"blueprintAdd": "Aggiungi Progetto",
"blueprintGoBack": "Vedi tutti i progetti",
"blueprintCreate": "Crea Progetto",
@@ -1575,7 +1759,17 @@
"contents": "Contenuti",
"parsedContents": "Sommario Analizzato (Solo Lettura)",
"enableDockerSocket": "Abilita Progetto Docker",
- "enableDockerSocketDescription": "Abilita la raschiatura dell'etichetta Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito a Newt.",
+ "enableDockerSocketDescription": "Abilita lo scraping delle etichette Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito al connettore del sito. Leggi come funziona nel documentazione.",
+ "newtAutoUpdate": "Abilita Aggiornamento Automatico del Sito",
+ "newtAutoUpdateDescription": "Quando abilitati, i connettori del sito scaricheranno automaticamente l'ultima versione e si riavvieranno. Questo può essere sovrascritto caso per caso.",
+ "siteAutoUpdate": "Aggiornamento Automatico del Sito",
+ "siteAutoUpdateLabel": "Abilita Aggiornamento Automatico",
+ "siteAutoUpdateDescription": "Quando abilitato, il connettore di questo sito scaricherà automaticamente l'ultima versione e si riavvierà.",
+ "siteAutoUpdateOrgDefault": "Predefinito dell'organizzazione: {state}",
+ "siteAutoUpdateOverriding": "Sovrascrivere le impostazioni dell'organizzazione",
+ "siteAutoUpdateResetToOrg": "Reimposta al Predefinito dell'Organizzazione",
+ "siteAutoUpdateEnabled": "abilitato",
+ "siteAutoUpdateDisabled": "disabilitato",
"viewDockerContainers": "Visualizza Contenitori Docker",
"containersIn": "Contenitori in {siteName}",
"selectContainerDescription": "Seleziona qualsiasi contenitore da usare come hostname per questo obiettivo. Fai clic su una porta per usare una porta.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certificato",
"certificateStatusAutoRefreshHint": "Lo stato si aggiorna automaticamente.",
"loading": "Caricamento",
+ "loadingEllipsis": "Caricamento...",
"loadingAnalytics": "Caricamento Delle Analisi",
"restart": "Riavvia",
"domains": "Domini",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Configurazione dell'account completata! Benvenuto su Pangolin!",
"documentation": "Documentazione",
"saveAllSettings": "Salva Tutte le Impostazioni",
- "saveResourceTargets": "Salva Target",
- "saveResourceHttp": "Salva Impostazioni Proxy",
- "saveProxyProtocol": "Salva impostazioni protocollo proxy",
+ "saveResourceTargets": "Salva Impostazioni",
+ "saveResourceHttp": "Salva Impostazioni",
+ "saveProxyProtocol": "Salva Impostazioni",
"settingsUpdated": "Impostazioni aggiornate",
"settingsUpdatedDescription": "Impostazioni aggiornate con successo",
"settingsErrorUpdate": "Impossibile aggiornare le impostazioni",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Gestisci il tuo abbonamento per le chiavi di licenza self-hosted a pagamento",
"billingCurrentKeys": "Tasti Attuali",
"billingModifyCurrentPlan": "Modifica Il Piano Corrente",
+ "billingManageLicenseSubscriptionDescription": "Gestisci il tuo abbonamento per le chiavi di licenza autogestite a pagamento e scarica le fatture.",
"billingConfirmUpgrade": "Conferma Aggiornamento",
"billingConfirmDowngrade": "Conferma Downgrade",
"billingConfirmUpgradeDescription": "Stai per aggiornare il tuo piano. Controlla i nuovi limiti e prezzi qui sotto.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Sottorete",
"addressDescription": "L'indirizzo interno del client. Deve rientrare nella sottorete dell'organizzazione.",
"selectSites": "Seleziona siti",
+ "selectLabels": "Seleziona etichette",
"sitesDescription": "Il cliente avrà connettività ai siti selezionati",
"clientInstallOlm": "Installa Olm",
"clientInstallOlmDescription": "Avvia Olm sul tuo sistema",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Sconosciuto",
"healthCheck": "Controllo Salute",
"configureHealthCheck": "Configura Controllo Salute",
- "configureHealthCheckDescription": "Imposta il monitoraggio della salute per {target}",
+ "configureHealthCheckDescription": "Imposta il monitoraggio per la tua risorsa per assicurarti che sia sempre disponibile",
"enableHealthChecks": "Abilita i Controlli di Salute",
"healthCheckDisabledStateDescription": "Quando disabilitato, il sito non eseguirà controlli di integrità e lo stato sarà considerato sconosciuto.",
"enableHealthChecksDescription": "Monitorare lo stato di salute di questo obiettivo. Se necessario, è possibile monitorare un endpoint diverso da quello del bersaglio.",
"healthScheme": "Metodo",
"healthSelectScheme": "Seleziona Metodo",
- "healthCheckPortInvalid": "La porta di controllo dello stato di salute deve essere compresa tra 1 e 65535",
+ "healthCheckPortInvalid": "La porta deve essere compresa tra 1 e 65535",
"healthCheckPath": "Percorso",
"healthHostname": "IP / Nome host",
"healthPort": "Porta",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Il tempo è in secondi",
"requireDeviceApproval": "Richiede Approvazioni Dispositivo",
"requireDeviceApprovalDescription": "Gli utenti con questo ruolo hanno bisogno di nuovi dispositivi approvati da un amministratore prima di poter connettersi e accedere alle risorse.",
+ "sshSettings": "Impostazioni SSH",
"sshAccess": "Accesso SSH",
+ "rdpSettings": "Impostazioni RDP",
+ "vncSettings": "Impostazioni VNC",
+ "sshServer": "Server SSH",
+ "rdpServer": "Server RDP",
+ "vncServer": "Server VNC",
+ "sshServerDescription": "Configura il metodo di autenticazione, la posizione del demone e la destinazione del server",
+ "rdpServerDescription": "Configura la destinazione e la porta del server RDP",
+ "vncServerDescription": "Configura la destinazione e la porta del server VNC",
+ "sshServerMode": "Modalità",
+ "sshServerModeStandard": "Server SSH Standard",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Instrada comandi sulla rete a un server SSH come OpenSSH.",
+ "sshServerModeNative": "Server SSH Nativo",
+ "sshServerModeNativeDescription": "Esegue comandi direttamente sull'host tramite il connettore del sito. Non è richiesta la configurazione di rete.",
+ "sshAuthenticationMethod": "Metodo di Autenticazione",
+ "sshAuthMethodManual": "Autenticazione Manuale",
+ "sshAuthMethodManualDescription": "Richiede credenziali host esistenti. Bypassa il provisioning automatico.",
+ "sshAuthMethodAutomated": "Provisioning Automatico",
+ "sshAuthMethodAutomatedDescription": "Crea automaticamente utenti, gruppi e permessi sudo sull'host.",
+ "sshAuthDaemonLocation": "Posizione Daemon Autenticazione",
+ "sshDaemonLocationSiteDescription": "Eseguito localmente sulla macchina che ospita il connettore del sito.",
+ "sshDaemonLocationRemote": "Su Host Remoto",
+ "sshDaemonLocationRemoteDescription": "Eseguito su una macchina target separata nella stessa rete.",
+ "sshDaemonDisclaimer": "Assicurati che l'host target sia correttamente configurato per eseguire il demone di autenticazione prima di completare questa configurazione, altrimenti il provisioning fallirà.",
+ "sshDaemonPort": "Porta Daemon",
+ "sshServerDestination": "Destinazione Server",
+ "sshServerDestinationDescription": "Configura la destinazione del server SSH",
+ "destination": "Destinazione",
+ "destinationRequired": "La destinazione è obbligatoria.",
+ "domainRequired": "Il dominio è obbligatorio.",
+ "proxyPortRequired": "La porta è obbligatoria.",
+ "invalidPathConfiguration": "Configurazione percorso non valida.",
+ "invalidRewritePathConfiguration": "Configurazione percorso di riscrittura non valida.",
+ "bgTargetMultiSiteDisclaimer": "Selezionare più siti abilita instradamento resiliente e failover per alta disponibilità.",
"roleAllowSsh": "Consenti SSH",
"roleAllowSshAllow": "Consenti",
"roleAllowSshDisallow": "Non Consentire",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.",
"sshSudo": "Consenti sudo",
"sshSudoCommands": "Comandi Sudo",
- "sshSudoCommandsDescription": "Elenco di comandi separati da virgole che l'utente può eseguire con sudo.",
+ "sshSudoCommandsDescription": "Elenco di comandi che l'utente è autorizzato ad eseguire con sudo, separati da virgole, spazi o nuove righe. Devono essere utilizzati percorsi assoluti.",
"sshCreateHomeDir": "Crea Cartella Home",
"sshUnixGroups": "Gruppi Unix",
- "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.",
+ "sshUnixGroupsDescription": "Gruppi Unix a cui aggiungere l'utente sull'host di destinazione, separati da virgole, spazi o nuove righe.",
+ "roleTextFieldPlaceholder": "Inserisci i valori o rilascia un file .txt o .csv",
+ "roleTextImportTitle": "Importa da File",
+ "roleTextImportDescription": "Importazione di {fileName} in {fieldLabel}.",
+ "roleTextImportSkipHeader": "Ignora Prima Riga (Intestazione)",
+ "roleTextImportOverride": "Sostituisci Esistente",
+ "roleTextImportAppend": "Aggiungi a Esistente",
+ "roleTextImportMode": "Modalità Importazione",
+ "roleTextImportPreview": "Anteprima",
+ "roleTextImportItemCount": "{count, plural, =0 {Nessun elemento da importare} one {1 elemento da importare} other {# elementi da importare}}",
+ "roleTextImportTotalCount": "{existing} esistente + {imported} importato = {total} totale",
+ "roleTextImportConfirm": "Importa",
+ "roleTextImportInvalidFile": "Tipo di file non supportato",
+ "roleTextImportInvalidFileDescription": "Sono supportati solo file .txt e .csv.",
+ "roleTextImportEmpty": "Nessun elemento trovato nel file",
+ "roleTextImportEmptyDescription": "Il file non contiene elementi importabili.",
"retryAttempts": "Tentativi di Riprova",
"expectedResponseCodes": "Codici di Risposta Attesi",
"expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",
@@ -2049,8 +2296,9 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Metodo HTTP",
- "editInternalResourceDialogEnableSsl": "Abilitare TLS",
+ "editInternalResourceDialogEnableSsl": "Abilita TLS",
"editInternalResourceDialogEnableSslDescription": "Abilita la crittografia SSL/TLS per connessioni HTTPS sicure alla destinazione.",
"editInternalResourceDialogDestination": "Destinazione",
"editInternalResourceDialogDestinationHostDescription": "L'indirizzo IP o il nome host della risorsa nella rete del sito.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Sito",
"selectSite": "Seleziona sito...",
"multiSitesSelectorSitesCount": "{count, plural, one {# sito} other {# siti}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# etichetta} other {# etichette}}",
"noSitesFound": "Nessun sito trovato.",
"createInternalResourceDialogProtocol": "Protocollo",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,15 +2347,17 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Metodo HTTP",
"createInternalResourceDialogScheme": "Metodo HTTP",
- "createInternalResourceDialogEnableSsl": "Abilitare TLS",
+ "createInternalResourceDialogEnableSsl": "Abilita TLS",
"createInternalResourceDialogEnableSslDescription": "Abilita la crittografia SSL/TLS per connessioni HTTPS sicure alla destinazione.",
"createInternalResourceDialogDestination": "Destinazione",
"createInternalResourceDialogDestinationHostDescription": "L'indirizzo IP o il nome host della risorsa nella rete del sito.",
"createInternalResourceDialogDestinationCidrDescription": "La gamma CIDR della risorsa sulla rete del sito.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Un alias DNS interno opzionale per questa risorsa.",
+ "internalResourceAliasLocalWarning": "Gli alias che terminano in .local possono causare problemi di risoluzione a causa di mDNS su alcune reti.",
"internalResourceDownstreamSchemeRequired": "Il metodo è richiesto per risorse HTTP",
"internalResourceHttpPortRequired": "Porta di destinazione richiesta per risorse HTTP",
"siteConfiguration": "Configurazione",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Nodi Remoti",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Segreto",
+ "remoteExitNodeNetworkingTitle": "Impostazioni di Rete",
+ "remoteExitNodeNetworkingDescription": "Configura come questo nodo di uscita remoto indirizza il traffico e quali siti preferiscono connettersi tramite esso. Caratteristiche avanzate da utilizzare con le configurazioni di rete backhaul.",
+ "remoteExitNodeNetworkingSave": "Salva Impostazioni",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Impostazioni di rete salvate",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Le impostazioni di rete sono state aggiornate con successo.",
+ "remoteExitNodeNetworkingSaveError": "Impossibile salvare le impostazioni di rete",
+ "remoteExitNodeNetworkingSubnetsTitle": "Sottoreti Remote",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definisci gli intervalli CIDR che questo nodo di uscita remota inoltrerà il traffico. Digita un CIDR valido (ad esempio 10.0.0.0/8) e premi Invio per aggiungerlo.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Aggiungi un intervallo CIDR (ad esempio 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Caricamento sottoreti fallito",
+ "remoteExitNodeNetworkingLabelsTitle": "Etichette Preferenze",
+ "remoteExitNodeNetworkingLabelsDescription": "I siti con queste etichette saranno collegati attraverso questo nodo di uscita remoto.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Seleziona etichette...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Cerca etichette...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Caricamento etichette fallito",
"remoteExitNodeCreate": {
"title": "Crea Nodo Remoto",
"description": "Crea un nuovo nodo server proxy e relay remoto ospitato in proprio",
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC provider",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Sottorete",
+ "utilitySubnet": "Sottorete di utilità",
"subnetDescription": "La sottorete per la configurazione di rete di questa organizzazione.",
"customDomain": "Dominio Personalizzato",
"authPage": "Pagine di Autenticazione",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Manca l'ID dell'organizzazione o del dominio",
"loadingDNSRecords": "Caricamento record DNS...",
"olmUpdateAvailableInfo": "È disponibile una versione aggiornata di Olm. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
+ "updateAvailableInfo": "È disponibile una versione aggiornata. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
"client": "Client",
"proxyProtocol": "Impostazioni Protocollo Proxy",
"proxyProtocolDescription": "Configurare il protocollo proxy per preservare gli indirizzi IP client per i servizi TCP.",
"enableProxyProtocol": "Abilita Protocollo Proxy",
"proxyProtocolInfo": "Conserva gli indirizzi IP del client per i backend TCP",
"proxyProtocolVersion": "Versione Protocollo Proxy",
- "version1": " Versione 1 (Consigliato)",
+ "version1": "Versione 1 (Consigliato)",
"version2": "Versione 2",
- "versionDescription": "La versione 1 è testuale e ampiamente supportata. La versione 2 è binaria e più efficiente, ma meno compatibile.",
+ "version1Description": "Testuale e ampiamente supportata. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
+ "version2Description": "Binaria e più efficiente ma meno compatibile. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
"warning": "Attenzione",
"proxyProtocolWarning": "L'applicazione backend deve essere configurata per accettare le connessioni del protocollo proxy. Se il tuo backend non supporta il protocollo proxy, abilitarlo interromperà tutte le connessioni, quindi attivalo solo se sai cosa stai facendo. Assicurati di configurare il tuo backend per fidarti delle intestazioni del protocollo proxy da Traefik.",
"restarting": "Riavvio...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Inserisci conferma",
"blueprintViewDetails": "Dettagli",
"defaultIdentityProvider": "Provider di Identità Predefinito",
- "defaultIdentityProviderDescription": "Quando viene selezionato un provider di identità predefinito, l'utente verrà automaticamente reindirizzato al provider per l'autenticazione.",
+ "defaultIdentityProviderDescription": "L'utente verrà automaticamente reindirizzato a questo provider di identità per l'autenticazione.",
"editInternalResourceDialogNetworkSettings": "Impostazioni di Rete",
"editInternalResourceDialogAccessPolicy": "Politica di Accesso",
"editInternalResourceDialogAddRoles": "Aggiungi Ruoli",
@@ -2937,11 +3206,12 @@
"learnMore": "Scopri di più",
"backToHome": "Torna alla home",
"needToSignInToOrg": "Hai bisogno di utilizzare il provider di identità della tua organizzazione?",
- "maintenanceMode": "Modalità di Manutenzione",
+ "maintenanceMode": "Pagina di Manutenzione",
"maintenanceModeDescription": "Visualizza una pagina di manutenzione ai visitatori",
"maintenanceModeType": "Tipo di Modalità di Manutenzione",
"showMaintenancePage": "Mostra una pagina di manutenzione ai visitatori",
"enableMaintenanceMode": "Abilita Modalità di Manutenzione",
+ "enableMaintenanceModeDescription": "Quando abilitato, i visitatori vedranno una pagina di manutenzione invece della tua risorsa.",
"automatic": "Automatico",
"automaticModeDescription": "Mostra pagina di manutenzione solo quando tutti i target del backend sono inattivi o non in salute. La tua risorsa continua a funzionare normalmente finché almeno un target è in salute.",
"forced": "Forzato",
@@ -2949,6 +3219,8 @@
"warning:": "Avviso:",
"forcedeModeWarning": "Tutto il traffico verrà indirizzato alla pagina di manutenzione. Le risorse del tuo backend non riceveranno richieste.",
"pageTitle": "Titolo Pagina",
+ "maintenancePageContentSubsection": "Contenuto della Pagina",
+ "maintenancePageContentSubsectionDescription": "Personalizza il contenuto visualizzato sulla pagina di manutenzione",
"pageTitleDescription": "L'intestazione principale visualizzata sulla pagina di manutenzione",
"maintenancePageMessage": "Messaggio di Manutenzione",
"maintenancePageMessagePlaceholder": "Torneremo presto! Il nostro sito è attualmente in manutenzione programmata.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Completamento Stimato:",
"createInternalResourceDialogDestinationRequired": "Destinazione richiesta",
"available": "Disponibile",
+ "disabledResourceDescription": "Quando disabilitato, la risorsa sarà inaccessibile a tutti.",
"archived": "Archiviato",
"noArchivedDevices": "Nessun dispositivo archiviato trovato",
"deviceArchived": "Dispositivo archiviato",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Sei sicuro di voler disassociare questo provider di identità da questa organizzazione?",
"idpUnassociateDescription": "Tutti gli utenti associati a questo provider di identità verranno rimossi da questa organizzazione, ma il provider di identità continuerà ad esistere per altre organizzazioni associate.",
"idpUnassociateConfirm": "Conferma Disassociazione Provider di Identità",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "CANCELLA E RIMUOVIMI DALL'ORGANIZZAZIONE",
+ "idpUnassociateAndRemoveMeFromOrg": "DISASSOCIA E RIMUOVIMI DALL'ORGANIZZAZIONE",
"idpUnassociateWarning": "Questo non può essere annullato per questa organizzazione.",
"idpUnassociatedDescription": "Provider di identità disassociato con successo da questa organizzazione",
"idpUnassociateMenu": "Disassocia",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Lista Autorizzazioni Email",
"memberPortalResourceDisabled": "Risorsa Disabilitata",
"memberPortalShowingResources": "Mostrando {start}-{end} di {total} risorse",
+ "resourceLauncherTitle": "Lanscia Risorse",
+ "resourceLauncherDescription": "Visualizza i dettagli delle risorse e lanciale da un solo posto",
+ "resourceLauncherSearchPlaceholder": "Cerca tutti i siti...",
+ "resourceLauncherDefaultView": "Predefinito",
+ "resourceLauncherSaveView": "Salva Visualizzazione",
+ "resourceLauncherSaveToCurrentView": "Salva alla Visualizzazione Corrente",
+ "resourceLauncherResetView": "Reimposta Visualizzazione",
+ "resourceLauncherSaveAsNewView": "Salva come Nuova Visualizzazione",
+ "resourceLauncherSaveAsNewViewDescription": "Dai un nome a questa visualizzazione per salvare i tuoi filtri e layout attuali.",
+ "resourceLauncherSaveForEveryone": "Salva per Tutti",
+ "resourceLauncherSaveForEveryoneDescription": "Condividi questa visualizzazione con tutti i membri dell'organizzazione. Quando non è selezionata, la visualizzazione è visibile solo a te.",
+ "resourceLauncherMakePersonal": "Rendi Personale",
+ "resourceLauncherFilter": "Filtro",
+ "resourceLauncherSort": "Ordina",
+ "resourceLauncherSortAscending": "Ordina in ordine crescente",
+ "resourceLauncherSortDescending": "Ordina in ordine decrescente",
+ "resourceLauncherSettings": "Impostazioni",
+ "resourceLauncherGroupBy": "Raggruppa per",
+ "resourceLauncherGroupBySite": "Sito",
+ "resourceLauncherGroupByLabel": "Etichetta",
+ "resourceLauncherLayout": "Layout",
+ "resourceLauncherLayoutGrid": "Griglia",
+ "resourceLauncherLayoutList": "Lista",
+ "resourceLauncherShowLabels": "Mostra Etichette",
+ "resourceLauncherShowSiteTags": "Mostra Tag di Sito",
+ "resourceLauncherShowRecents": "Mostra Recenti",
+ "resourceLauncherDeleteView": "Elimina Visualizzazione",
+ "resourceLauncherViewAsAdmin": "Visualizza come Admin",
+ "resourceLauncherResourceDetailsDescription": "Visualizza i dettagli per questa risorsa.",
+ "resourceLauncherUnlabeled": "Non Etichettato",
+ "resourceLauncherNoSite": "Nessun Sito",
+ "resourceLauncherNoResourcesInGroup": "Nessuna risorsa in questo gruppo",
+ "resourceLauncherEmptyStateTitle": "Non ci sono risorse disponibili",
+ "resourceLauncherEmptyStateDescription": "Non hai ancora accesso a nessuna risorsa. Contatta il tuo amministratore per richiedere l'accesso.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Nessuna risorsa trovata",
+ "resourceLauncherEmptyStateNoResultsDescription": "Nessuna risorsa corrisponde alla tua ricerca o ai tuoi filtri attuali. Prova a modificarli per trovare ciò che stai cercando.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Nessuna risorsa corrisponde a \"{query}\". Prova a modificare la tua ricerca o a cancellare i filtri per vedere tutte le risorse.",
+ "resourceLauncherCopiedToClipboard": "Copiato negli appunti",
+ "resourceLauncherCopiedAccessDescription": "L'accesso alla risorsa è stato copiato nei tuoi appunti.",
+ "resourceLauncherViewNamePlaceholder": "Nome Visualizzazione",
+ "resourceLauncherViewNameLabel": "Nome Visualizzazione",
+ "resourceLauncherViewSaved": "Visualizzazione salvata",
+ "resourceLauncherViewSavedDescription": "La tua visualizzazione del lanscia è stata salvata.",
+ "resourceLauncherViewSaveFailed": "Impossibile salvare la visualizzazione",
+ "resourceLauncherViewSaveFailedDescription": "Impossibile salvare la visualizzazione del lanscia. Per favore riprova.",
+ "resourceLauncherViewDeleted": "Visualizzazione eliminata",
+ "resourceLauncherViewDeletedDescription": "La visualizzazione del lanscia è stata eliminata.",
+ "resourceLauncherViewDeleteFailed": "Impossibile eliminare la visualizzazione",
+ "resourceLauncherViewDeleteFailedDescription": "Non è stato possibile eliminare la visualizzazione del lanscia. Per favore riprova.",
"memberPortalPrevious": "Precedente",
- "memberPortalNext": "Successivo"
+ "memberPortalNext": "Successivo",
+ "httpSettings": "Impostazioni HTTP",
+ "tcpSettings": "Impostazioni TCP",
+ "udpSettings": "Impostazioni UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Stabilire una connessione sicura…",
+ "sshConnecting": "Connessione…",
+ "sshInitializing": "Inizializzazione…",
+ "sshSignInTitle": "Accedi a SSH",
+ "sshSignInDescription": "Inserisci le tue credenziali SSH per connetterti",
+ "sshPasswordTab": "Password",
+ "sshPrivateKeyTab": "Chiave Privata",
+ "sshPrivateKeyField": "Chiave Privata",
+ "sshPrivateKeyDisclaimer": "La tua chiave privata non è memorizzata o visibile a Pangolin. In alternativa, puoi utilizzare certificati a vita breve per un'autenticazione continua utilizzando la tua identità Pangolin esistente.",
+ "sshLearnMore": "Scopri di più",
+ "sshPrivateKeyFile": "File Chiave Privata",
+ "sshAuthenticate": "Connetti",
+ "sshTerminate": "Termina",
+ "sshPoweredBy": "Offerto da",
+ "sshErrorNoTarget": "Nessun obiettivo specificato",
+ "sshErrorWebSocket": "Connessione WebSocket fallita",
+ "sshErrorAuthFailed": "Autenticazione fallita",
+ "sshErrorConnectionClosed": "Connessione chiusa prima del completamento dell'autenticazione",
+ "sitePangolinSshDescription": "Consenti l'accesso SSH alle risorse su questo sito. Questo può essere modificato in seguito.",
+ "browserGatewayNoResourceForDomain": "Nessuna risorsa trovata per questo dominio",
+ "browserGatewayNoTarget": "Nessun bersaglio",
+ "browserGatewayConnect": "Connetti",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Canc",
+ "sshErrorSignKeyFailed": "Impossibile firmare la chiave SSH per l'autenticazione push PAM. Ti sei autenticato come utente?",
+ "sshTerminalError": "Errore: {error}",
+ "sshConnectionClosedCode": "Connessione chiusa (codice {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "È richiesta una chiave privata",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Inserisci le tue credenziali VNC per connetterti",
+ "vncUsernameOptional": "Nome utente (facoltativo)",
+ "vncPasswordOptional": "Password (opzionale)",
+ "vncNoResourceTarget": "Nessun bersaglio di risorsa disponibile",
+ "vncFailedToLoadNovnc": "Impossibile caricare noVNC",
+ "vncAuthFailedStatus": "Stato {status}",
+ "vncPasteClipboard": "Incolla appunti",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Accedi al Desktop Remoto",
+ "rdpSignInDescription": "Inserisci le credenziali di Windows per connetterti",
+ "rdpLoadingModule": "Caricamento modulo...",
+ "rdpFailedToLoadModule": "Impossibile caricare il modulo RDP",
+ "rdpNotReady": "Non pronto",
+ "rdpModuleInitializing": "Il modulo RDP è ancora in inizializzazione",
+ "rdpDownloadingFiles": "Scaricamento di {count} file(s) da remoto…",
+ "rdpDownloadFailed": "Download fallito: {fileName}",
+ "rdpUploaded": "Caricato: {fileName}",
+ "rdpNoConnectionTarget": "Nessun bersaglio di connessione disponibile",
+ "rdpConnectionFailed": "Connessione fallita",
+ "rdpFit": "Adatta",
+ "rdpFull": "Completo",
+ "rdpReal": "Reale",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Carica file",
+ "rdpFilesReadyToPaste": "File pronti per essere incollati",
+ "rdpFilesReadyToPasteDescription": "{count} file(s) copiati negli appunti remoti — premi Ctrl+V sul desktop remoto per incollare.",
+ "rdpUploadFailed": "Caricamento fallito",
+ "rdpUnicodeKeyboardMode": "Modalità tastiera Unicode",
+ "sessionToolbarShow": "Mostra barra degli strumenti",
+ "sessionToolbarHide": "Nascondi barra degli strumenti"
}
diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index d1bd16382..85cc96816 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -66,9 +66,15 @@
"local": "로컬",
"edit": "편집",
"siteConfirmDelete": "사이트 삭제 확인",
+ "siteConfirmDeleteAndResources": "사이트 및 리소스 삭제 확인",
"siteDelete": "사이트 삭제",
+ "siteDeleteAndResources": "사이트 및 리소스 삭제",
"siteMessageRemove": "삭제되면 사이트에 더 이상 액세스할 수 없습니다. 사이트와 연결된 모든 대상도 삭제됩니다.",
+ "siteMessageRemoveAndResources": "이 사이트와 연결된 모든 공용 및 개인 리소스는 다른 사이트에도 연결되어 있더라도 영구적으로 삭제됩니다.",
"siteQuestionRemove": "조직에서 사이트를 제거하시겠습니까?",
+ "siteQuestionRemoveAndResources": "이 사이트와 모든 관련 리소스를 삭제하시겠습니까?",
+ "sitesTableDeleteSite": "사이트 삭제",
+ "sitesTableDeleteSiteAndResources": "사이트 및 리소스 삭제",
"siteManageSites": "사이트 관리",
"siteDescription": "프라이빗 네트워크로의 연결을 활성화하려면 사이트를 생성하고 관리하세요.",
"sitesBannerTitle": "모든 네트워크 연결",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "개인 리소스 보기",
"siteInstallNewt": "Newt 설치",
"siteInstallNewtDescription": "시스템에서 Newt 실행하기",
+ "siteInstallKubernetesDocsDescription": "더 많은 정보와 최신의 쿠버네티스 설치 정보를 보려면 docs.pangolin.net/manage/sites/install-kubernetes를 참조하세요.",
+ "siteInstallAdvantechDocsDescription": "Advantech 모뎀 설치 지침은 docs.pangolin.net/manage/sites/install-advantech을 참조하세요.",
"WgConfiguration": "WireGuard 구성",
"WgConfigurationDescription": "네트워크에 연결하기 위한 다음 구성을 사용하세요.",
"operatingSystem": "운영 체제",
@@ -115,6 +123,16 @@
"siteUpdated": "사이트가 업데이트되었습니다",
"siteUpdatedDescription": "사이트가 업데이트되었습니다.",
"siteGeneralDescription": "이 사이트에 대한 일반 설정을 구성하세요.",
+ "siteRestartTitle": "사이트 다시 시작",
+ "siteRestartDescription": "이 사이트의 WireGuard 터널을 다시 시작합니다. 일시적으로 연결이 중단될 수 있습니다.",
+ "siteRestartBody": "사이트 터널이 제대로 작동하지 않을 경우, 호스트를 재시작하지 않고 다시 연결을 강제하려면 이 옵션을 사용하세요.",
+ "siteRestartButton": "사이트 다시 시작",
+ "siteRestartDialogMessage": "{name}의 WireGuard 터널을 재시작하시겠습니까? 이 작업으로 인해 사이트의 연결이 일시적으로 중단될 수 있습니다.",
+ "siteRestartWarning": "터널을 재시작하는 동안 사이트가 일시적으로 연결이 끊깁니다.",
+ "siteRestarted": "사이트가 재시작되었습니다",
+ "siteRestartedDescription": "WireGuard 터널이 재시작되었습니다.",
+ "siteErrorRestart": "사이트 재시작 실패",
+ "siteErrorRestartDescription": "사이트를 재시작하는 중 오류가 발생했습니다.",
"siteSettingDescription": "사이트에서 설정을 구성하세요.",
"siteResourcesTab": "리소스",
"siteResourcesNoneOnSite": "이 사이트에는 아직 공용 또는 개인 리소스가 없습니다.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
"siteInfo": "사이트 정보",
"status": "상태",
- "shareTitle": "공유 링크 관리",
+ "shareTitle": "공유 가능한 링크 관리",
"shareDescription": "공유 가능한 링크를 생성하여 프록시 리소스에 임시 또는 영구적으로 액세스하세요.",
- "shareSearch": "공유 링크 검색...",
- "shareCreate": "공유 링크 생성",
+ "shareSearch": "공유 가능한 링크 검색...",
+ "shareCreate": "공유 가능한 링크 생성",
"shareErrorDelete": "링크 삭제에 실패했습니다.",
"shareErrorDeleteMessage": "링크 삭제 중 오류가 발생했습니다.",
"shareDeleted": "링크가 삭제되었습니다.",
"shareDeletedDescription": "링크가 삭제되었습니다.",
- "shareDelete": "공유 링크 삭제",
- "shareDeleteConfirm": "공유 링크 삭제 확인",
+ "shareDelete": "공유 가능한 링크 삭제",
+ "shareDeleteConfirm": "공유 가능한 링크 삭제 확인",
"shareQuestionRemove": "이 공유 링크를 삭제하시겠습니까?",
"shareMessageRemove": "삭제되면 링크가 더 이상 작동하지 않으며, 이를 사용하는 모든 사용자는 자원에 대한 접근을 잃게 됩니다.",
"shareTokenDescription": "액세스 토큰은 쿼리 매개변수 또는 요청 헤더의 두 가지 방법으로 전달될 수 있습니다. 이는 인증된 액세스를 위해 클라이언트에서 모든 요청마다 전달되어야 합니다.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "공유 링크를 생성하는 동안 오류가 발생했습니다",
"shareCreateDescription": "이 링크가 있는 누구나 리소스에 접근할 수 있습니다.",
"shareTitleOptional": "제목 (선택 사항)",
+ "sharePathOptional": "경로 (선택 사항)",
+ "sharePathDescription": "링크는 인증 후 이 경로로 사용자를 리디렉션합니다.",
"expireIn": "만료됨",
"neverExpire": "만료되지 않음",
"shareExpireDescription": "만료 시간은 링크가 사용 가능하고 리소스에 접근할 수 있는 기간입니다. 이 시간이 지나면 링크는 더 이상 작동하지 않으며, 이 링크를 사용한 사용자는 리소스에 대한 접근 권한을 잃게 됩니다.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "리소스를 선택하세요",
"proxyResourceTitle": "공개 리소스 관리",
"proxyResourceDescription": "웹 브라우저를 통해 공용으로 접근할 수 있는 리소스를 생성하고 관리하세요.",
- "proxyResourcesBannerTitle": "웹 기반 공공 접근",
- "proxyResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 또는 TCP/UDP 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
+ "publicResourcesBannerTitle": "웹 기반의 공개 액세스",
+ "publicResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
"clientResourceTitle": "개인 리소스 관리",
"clientResourceDescription": "연결된 클라이언트를 통해서만 접근할 수 있는 리소스를 생성하고 관리하세요.",
"privateResourcesBannerTitle": "제로 트러스트 개인 접근",
@@ -208,11 +228,37 @@
"resourcesSearch": "리소스 검색...",
"resourceAdd": "리소스 추가",
"resourceErrorDelte": "리소스 삭제 중 오류 발생",
+ "resourcePoliciesBannerTitle": "인증 및 액세스 규칙 재사용",
+ "resourcePoliciesBannerDescription": "공유 리소스 정책을 사용하면 한 번 인증 방법 및 액세스 규칙을 정의하고, 여러 공개 리소스에 첨부할 수 있습니다. 정책을 업데이트하면 모든 연결된 리소스가 자동으로 변경 사항을 상속받습니다.",
+ "resourcePoliciesBannerButtonText": "자세히 알아보기",
+ "resourcePoliciesTitle": "공개 리소스 정책 관리",
+ "resourcePoliciesAttachedResourcesColumnTitle": "리소스",
+ "resourcePoliciesAttachedResources": "{count} 리소스",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 자원}}",
+ "resourcePoliciesAttachedResourcesEmpty": "리소스 없음",
+ "resourcePoliciesDescription": "공개 리소스에 대한 인증 정책을 생성하고 관리하여 접근을 제어합니다",
+ "resourcePoliciesSearch": "정책 검색...",
+ "resourcePoliciesAdd": "정책 추가",
+ "resourcePoliciesDefaultBadgeText": "기본 정책",
+ "resourcePoliciesCreate": "공개 리소스 정책 생성",
+ "resourcePoliciesCreateDescription": "새로운 정책을 생성하려면 아래 단계들을 따르세요",
+ "resourcePolicyName": "정책 이름",
+ "resourcePolicyNameDescription": "이 정책에 리소스 간에 식별할 이름을 지정합니다",
+ "resourcePolicyNamePlaceholder": "예: 내부 접근 정책",
+ "resourcePoliciesSeeAll": "모든 정책 보기",
+ "resourcePolicyAuthMethodAdd": "인증 방법 추가",
+ "resourcePolicyOtpEmailAdd": "OTP 이메일 추가",
+ "resourcePolicyRulesAdd": "규칙 추가",
+ "resourcePolicyAuthMethodsDescription": "추가 인증 방법을 통해 리소스에 대한 접근을 허용합니다",
+ "resourcePolicyUsersRolesDescription": "어떤 사용자와 역할이 관련된 리소스를 방문할 수 있는지 구성합니다",
+ "rulesResourcePolicyDescription": "이 정책에 연결된 접근 리소스를 제어할 규칙을 구성하세요",
"authentication": "인증",
"protected": "보호됨",
"notProtected": "보호되지 않음",
"resourceMessageRemove": "제거되면 리소스에 더 이상 접근할 수 없습니다. 리소스와 연결된 모든 대상도 제거됩니다.",
"resourceQuestionRemove": "조직에서 리소스를 제거하시겠습니까?",
+ "resourcePolicyMessageRemove": "제거되면 리소스 정책에 접근할 수 없습니다. 리소스와 관련된 모든 리소스가 연동되지 않으며 인증 없이 남겨집니다.",
+ "resourcePolicyQuestionRemove": "정말로 조직에서 리소스 정책을 제거하시겠습니까?",
"resourceHTTP": "HTTPS 리소스",
"resourceHTTPDescription": "완전한 도메인 이름을 사용해 RAW 또는 HTTPS로 프록시 요청을 수행합니다.",
"resourceRaw": "원시 TCP/UDP 리소스",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "포트 번호를 사용하여 원격 노드에 연결해야 합니다. 원격 노드에서 리소스를 사용하려면 사용자 지정 도메인을 사용하십시오.",
"resourceCreate": "리소스 생성",
"resourceCreateDescription": "아래 단계를 따라 새 리소스를 생성하세요.",
+ "resourceCreateGeneralDescription": "이름 및 유형을 포함한 기본 리소스 설정 구성",
"resourceSeeAll": "모든 리소스 보기",
- "resourceInfo": "리소스 정보",
+ "resourceCreateGeneral": "일반",
"resourceNameDescription": "이것은 리소스의 표시 이름입니다.",
"siteSelect": "사이트 선택",
"siteSearch": "사이트 검색",
@@ -231,12 +278,15 @@
"noCountryFound": "국가를 찾을 수 없습니다.",
"siteSelectionDescription": "이 사이트는 대상에 대한 연결을 제공합니다.",
"resourceType": "리소스 유형",
- "resourceTypeDescription": "리소스에 액세스하는 방법을 결정하세요.",
+ "resourceTypeDescription": "이것은 리소스 프로토콜 및 브라우저에서 렌더링되는 방식에 영향을 줍니다. 나중에 변경할 수 없습니다.",
+ "resourceDomainDescription": "리소스는 숙주 네임에서 제공됩니다.",
"resourceHTTPSSettings": "HTTPS 설정",
"resourceHTTPSSettingsDescription": "리소스가 HTTPS로 접근할 수 있는 방식을 구성합니다.",
+ "resourcePortDescription": "리소스에 접근할 수 있는 Pangolin 인스턴스나 노드의 외부 포트입니다.",
"domainType": "도메인 유형",
"subdomain": "서브도메인",
"baseDomain": "기본 도메인",
+ "configure": "구성",
"subdomnainDescription": "리소스에 접근할 수 있는 하위 도메인입니다.",
"resourceRawSettings": "TCP/UDP 설정",
"resourceRawSettingsDescription": "TCP/UDP를 통해 리소스에 접근하는 방법을 구성하세요.",
@@ -247,14 +297,35 @@
"back": "뒤로",
"cancel": "취소",
"resourceConfig": "구성 스니펫",
- "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣습니다.",
+ "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣으세요.",
"resourceAddEntrypoints": "Traefik: 엔트리포인트 추가",
"resourceExposePorts": "Gerbil: Docker Compose에서 포트 노출",
"resourceLearnRaw": "TCP/UDP 리소스 구성 방법 알아보기",
"resourceBack": "리소스로 돌아가기",
"resourceGoTo": "리소스로 이동",
+ "resourcePolicyDelete": "리소스 정책 삭제",
+ "resourcePolicyDeleteConfirm": "리소스 정책 삭제 확인",
"resourceDelete": "리소스 삭제",
"resourceDeleteConfirm": "리소스 삭제 확인",
+ "labelDelete": "레이블 삭제",
+ "labelAdd": "레이블 추가",
+ "labelCreateSuccessMessage": "레이블이 성공적으로 생성되었습니다",
+ "labelDuplicateError": "중복 레이블",
+ "labelDuplicateErrorDescription": "이 이름의 레이블이 이미 존재합니다.",
+ "labelEditSuccessMessage": "레이블이 성공적으로 수정되었습니다",
+ "labelNameField": "레이블 이름",
+ "labelColorField": "레이블 색상",
+ "labelPlaceholder": "예: homelab",
+ "labelCreate": "레이블 만들기",
+ "createLabelDialogTitle": "레이블 만들기",
+ "createLabelDialogDescription": "이 조직에 연결할 수 있는 새 레이블을 만듭니다",
+ "labelEdit": "레이블 편집",
+ "editLabelDialogTitle": "레이블 업데이트",
+ "editLabelDialogDescription": "이 조직에 연결할 수 있는 새 레이블을 편집합니다",
+ "labelDeleteConfirm": "레이블 삭제 확인",
+ "labelErrorDelete": "레이블 삭제 실패",
+ "labelMessageRemove": "이 작업은 영구적입니다. 이 레이블과 태그된 모든 사이트, 리소스, 클라이언트의 태그가 제거됩니다.",
+ "labelQuestionRemove": "정말로 조직에서 레이블을 제거하시겠습니까?",
"visibility": "가시성",
"enabled": "활성화됨",
"disabled": "비활성화됨",
@@ -265,6 +336,8 @@
"rules": "규칙",
"resourceSettingDescription": "리소스의 설정을 구성하세요.",
"resourceSetting": "{resourceName} 설정",
+ "resourcePolicySettingDescription": "이 공개 리소스 정책의 설정을 구성하세요",
+ "resourcePolicySetting": "{policyName} 설정",
"alwaysAllow": "인증 우회",
"alwaysDeny": "접근 차단",
"passToAuth": "인증으로 전달",
@@ -671,7 +744,7 @@
"targetSubmit": "대상 추가",
"targetNoOne": "이 리소스에는 대상이 없습니다. 백엔드로 요청을 보낼 대상을 구성하려면 대상을 추가하세요.",
"targetNoOneDescription": "위에 하나 이상의 대상을 추가하면 로드 밸런싱이 활성화됩니다.",
- "targetsSubmit": "대상 저장",
+ "targetsSubmit": "설정 저장",
"addTarget": "대상 추가",
"proxyMultiSiteRoundRobinNodeHelp": "라운드 로빈 라우팅은 동일한 노드에 연결되지 않은 사이트 간에는 작동하지 않으나, 대체 라우팅은 작동합니다.",
"targetErrorInvalidIp": "유효하지 않은 IP 주소",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "중복 규칙",
"rulesErrorDuplicateDescription": "이 설정을 가진 규칙이 이미 존재합니다.",
"rulesErrorInvalidIpAddressRange": "유효하지 않은 CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 값을 입력하십시오.",
- "rulesErrorInvalidUrl": "유효하지 않은 URL 경로",
- "rulesErrorInvalidUrlDescription": "유효한 URL 경로 값을 입력해 주세요.",
- "rulesErrorInvalidIpAddress": "유효하지 않은 IP",
- "rulesErrorInvalidIpAddressDescription": "유효한 IP 주소를 입력하세요",
+ "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 범위를 입력하세요 (예: 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "유효하지 않은 경로",
+ "rulesErrorInvalidUrlDescription": "유효한 URL 경로 또는 패턴을 입력하세요 (예: /api/*).",
+ "rulesErrorInvalidIpAddress": "유효하지 않은 IP 주소",
+ "rulesErrorInvalidIpAddressDescription": "유효한 IPv4 또는 IPv6 주소를 입력하세요.",
"rulesErrorUpdate": "규칙 업데이트에 실패했습니다.",
"rulesErrorUpdateDescription": "규칙 업데이트 중 오류가 발생했습니다.",
"rulesUpdated": "규칙 활성화",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "IP 주소를 입력하세요 (예: 103.21.244.12)",
"rulesMatchUrl": "URL 경로 또는 패턴을 입력하세요 (예: /api/v1/todos 또는 /api/v1/*)",
"rulesErrorInvalidPriority": "유효하지 않은 우선순위",
- "rulesErrorInvalidPriorityDescription": "유효한 우선 순위를 입력하세요.",
- "rulesErrorDuplicatePriority": "중복 우선순위",
- "rulesErrorDuplicatePriorityDescription": "고유한 우선 순위를 입력하십시오.",
+ "rulesErrorInvalidPriorityDescription": "1 이상의 정수를 입력하세요.",
+ "rulesErrorDuplicatePriority": "중복된 우선순위",
+ "rulesErrorDuplicatePriorityDescription": "각 규칙은 고유한 우선순위 번호를 가져야 합니다.",
+ "rulesErrorValidation": "유효하지 않은 규칙",
+ "rulesErrorValidationRuleDescription": "규칙 {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "유효한 매칭 유형을 선택하세요 (경로, IP, CIDR, 국가, 지역, 또는 ASN).",
+ "rulesErrorValueRequired": "이 규칙에 대한 값을 입력하세요.",
+ "rulesErrorInvalidCountry": "유효하지 않은 국가",
+ "rulesErrorInvalidCountryDescription": "유효한 국가를 선택하세요.",
+ "rulesErrorInvalidAsn": "유효하지 않은 ASN",
+ "rulesErrorInvalidAsnDescription": "유효한 ASN을 입력하세요 (예: AS15169).",
"ruleUpdated": "규칙이 업데이트되었습니다",
"ruleUpdatedDescription": "규칙이 성공적으로 업데이트되었습니다",
"ruleErrorUpdate": "작업 실패",
"ruleErrorUpdateDescription": "저장 작업 중 오류가 발생했습니다.",
"rulesPriority": "우선순위",
+ "rulesReorderDragHandle": "드래그하여 규칙 우선순위 재정렬",
"rulesAction": "작업",
"rulesMatchType": "일치 유형",
"value": "값",
@@ -744,9 +826,60 @@
"rulesResource": "리소스 규칙 구성",
"rulesResourceDescription": "리소스에 대한 접근을 제어하는 규칙 구성",
"ruleSubmit": "규칙 추가",
- "rulesNoOne": "규칙이 없습니다. 양식을 사용하여 규칙을 추가하십시오.",
+ "rulesNoOne": "아직 규칙이 없습니다.",
"rulesOrder": "규칙은 우선 순위에 따라 오름차순으로 평가됩니다.",
"rulesSubmit": "규칙 저장",
+ "policyErrorCreate": "정책 생성 오류",
+ "policyErrorCreateDescription": "정책 생성 중 오류가 발생했습니다",
+ "policyErrorCreateMessageDescription": "예기치 않은 오류가 발생했습니다",
+ "policyErrorUpdate": "정책 업데이트 오류",
+ "policyErrorUpdateDescription": "정책 업데이트 중 오류가 발생했습니다",
+ "policyErrorUpdateMessageDescription": "예기치 않은 오류가 발생했습니다",
+ "policyCreatedSuccess": "리소스 정책이 성공적으로 생성되었습니다",
+ "policyUpdatedSuccess": "리소스 정책이 성공적으로 업데이트되었습니다",
+ "authMethodsSave": "설정 저장",
+ "policyAuthStackTitle": "인증",
+ "policyAuthStackDescription": "이 리소스에 접근하려면 어떤 인증 방법이 필요한지 제어합니다",
+ "policyAuthOrLogicTitle": "다수의 인증 방법 활성화",
+ "policyAuthOrLogicBanner": "방문자는 아래 활성화된 방법 중 하나만을 선택하여 인증할 수 있습니다. 모든 방법을 완료할 필요는 없습니다.",
+ "policyAuthMethodActive": "활성화",
+ "policyAuthMethodOff": "비활성화",
+ "policyAuthSsoTitle": "플랫폼 SSO",
+ "policyAuthSsoDescription": "사용자의 아이덴티티 공급자를 통해 로그인 필요",
+ "policyAuthSsoSummary": "{idp} · {users} 사용자, {roles} 역할",
+ "policyAuthSsoDefaultIdp": "기본 공급자",
+ "policyAuthAddDefaultIdentityProvider": "기본 아이덴티티 공급자 추가",
+ "policyAuthOtherMethodsTitle": "기타 방법",
+ "policyAuthOtherMethodsDescription": "플랫폼 SSO 대신 또는 함께 사용할 수 있는 선택적 방법",
+ "policyAuthPasscodeTitle": "패스코드",
+ "policyAuthPasscodeDescription": "리소스 접근을 위한 공유 알파벳 및 숫자 패스코드 필요",
+ "policyAuthPasscodeSummary": "패스코드 설정됨",
+ "policyAuthPincodeTitle": "PIN 코드",
+ "policyAuthPincodeDescription": "리소스 접근에 필요한 짧은 숫자 코드",
+ "policyAuthPincodeSummary": "6자리 PIN 코드 설정됨",
+ "policyAuthEmailTitle": "이메일 화이트리스트",
+ "policyAuthEmailDescription": "허용된 이메일 주소로 일회용 비밀번호 전송",
+ "policyAuthEmailSummary": "{count}개의 주소 허용됨",
+ "policyAuthEmailOtpCallout": "이메일 화이트리스트를 활성화하면 로그인 시 방문자의 이메일로 일회용 비밀번호가 전송됩니다.",
+ "policyAuthHeaderAuthTitle": "기본 헤더 인증",
+ "policyAuthHeaderAuthDescription": "각 요청에서 맞춤 HTTP 헤더 이름 및 값을 검증",
+ "policyAuthHeaderAuthSummary": "헤더 구성됨",
+ "policyAuthHeaderName": "헤더 이름",
+ "policyAuthHeaderValue": "예상 값",
+ "policyAuthSetPasscode": "패스코드 설정",
+ "policyAuthSetPincode": "PIN 코드 설정",
+ "policyAuthSetEmailWhitelist": "이메일 화이트리스트 설정",
+ "policyAuthSetHeaderAuth": "기본 헤더 인증 설정",
+ "policyAccessRulesTitle": "액세스 규칙",
+ "policyAccessRulesEnableDescription": "활성화되면 규칙은 내림차순으로 평가되며, 하나가 참으로 평가될 때까지 계속됩니다.",
+ "policyAccessRulesFirstMatch": "규칙은 위에서 아래로 평가됩니다. 첫 번째 매칭 규칙이 결과를 결정합니다.",
+ "policyAccessRulesHowItWorks": "규칙은 경로, IP 주소, 위치 또는 기타 기준에 따라 요청을 매칭합니다. 각 규칙은 인증 우회, 접근 차단 또는 인증 전송의 액션을 적용합니다. 매칭되는 규칙이 없으면, 트래픽은 인증으로 계속됩니다.",
+ "policyAccessRulesFallthroughOff": "규칙이 비활성화되면, 모든 트래픽은 인증으로 넘어갑니다.",
+ "policyAccessRulesFallthroughOn": "매칭되는 규칙이 없으면, 트래픽은 인증으로 넘어갑니다.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "규칙 저장",
"resourceErrorCreate": "리소스 생성 오류",
"resourceErrorCreateDescription": "리소스를 생성하는 중 오류가 발생했습니다.",
"resourceErrorCreateMessage": "리소스 생성 오류:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "리소스를 업데이트하는 동안 오류가 발생했습니다.",
"access": "접속",
"accessControl": "액세스 제어",
- "shareLink": "{resource} 공유 링크",
+ "shareLink": "{resource} 공유 가능한 링크",
"resourceSelect": "리소스 선택",
- "shareLinks": "공유 링크",
+ "shareLinks": "공유 가능한 링크",
"share": "공유 가능한 링크",
"shareDescription2": "리소스에 대한 공유 가능한 링크를 생성하세요. 링크는 리소스에 대한 임시 또는 무제한 액세스를 제공합니다. 링크를 생성할 때 만료 기간을 설정할 수 있습니다.",
"shareEasyCreate": "생성하고 공유하기 쉬움",
@@ -810,6 +943,17 @@
"pincodeAdd": "PIN 코드 추가",
"pincodeRemove": "PIN 코드 제거",
"resourceAuthMethods": "인증 방법",
+ "resourcePolicyAuthMethodsEmpty": "인증 방법 없음",
+ "resourcePolicyOtpEmpty": "일회용 비밀번호 없음",
+ "resourcePolicyReadOnly": "이 정책은 읽기 전용입니다",
+ "resourcePolicyReadOnlyDescription": "이 리소스 정책은 여러 리소스에 걸쳐 공유됩니다. 이 페이지에서는 수정할 수 없습니다.",
+ "editSharedPolicy": "공유 정책 편집",
+ "resourcePolicyTypeSave": "리소스 유형 저장",
+ "resourcePolicySelect": "리소스 정책 선택",
+ "resourcePolicySelectError": "리소스 정책 선택 오류",
+ "resourcePolicyNotFound": "정책을 찾을 수 없습니다",
+ "resourcePolicySearch": "정책 검색",
+ "resourcePolicyRulesEmpty": "인증 규칙 없음",
"resourceAuthMethodsDescriptions": "추가 인증 방법을 통해 리소스에 대한 액세스 허용",
"resourceAuthSettingsSave": "성공적으로 저장되었습니다.",
"resourceAuthSettingsSaveDescription": "인증 설정이 저장되었습니다",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "핀코드 설정",
"resourcePincodeSetupTitleDescription": "이 리소스를 보호하기 위해 핀 코드를 설정하십시오.",
"resourceRoleDescription": "관리자는 항상 이 리소스에 접근할 수 있습니다.",
+ "resourcePolicySelectTitle": "리소스 액세스 정책",
+ "resourcePolicySelectDescription": "인증을 위한 리소스 정책 유형을 선택하세요",
+ "resourcePolicyTypeLabel": "정책 유형",
+ "resourcePolicyLabel": "리소스 정책",
+ "resourcePolicyInline": "인라인 리소스 정책",
+ "resourcePolicyInlineDescription": "이 리소스에만 범위가 있는 액세스 정책",
+ "resourcePolicyShared": "공유 리소스 정책",
+ "resourcePolicySharedDescription": "이 리소스는 공유 정책을 사용합니다.",
+ "sharedPolicy": "공유 정책",
+ "sharedPolicyNoneDescription": "이 리소스는 자체 정책을 가지고 있습니다.",
+ "resourceSharedPolicyOwnDescription": "이 리소스는 자체 인증 및 접근 규칙 제어를 가지고 있습니다.",
+ "resourceSharedPolicyInheritedDescription": "이 리소스는 {policyName}에서 상속받습니다.",
+ "resourceSharedPolicyAuthenticationNotice": "이 리소스는 공유 정책을 사용합니다. 일부 인증 설정은 이 리소스에서 정책에 추가하기 위해 편집할 수 있습니다. 기본 정책을 변경하려면 {policyName}을 편집해야 합니다.",
+ "resourceSharedPolicyRulesNotice": "이 리소스는 공유 정책을 사용합니다. 일부 액세스 규칙은 이 리소스에서 편집할 수 있습니다. 기본 정책을 변경하려면 {policyName}을 수정해야 합니다.",
"resourceUsersRoles": "접근 제어",
"resourceUsersRolesDescription": "이 리소스를 방문할 수 있는 사용자 및 역할을 구성하십시오",
"resourceUsersRolesSubmit": "접근 제어 저장",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "가시성",
"resourceVisibilityTitleDescription": "리소스 가시성을 완전히 활성화하거나 비활성화",
"resourceGeneral": "일반 설정",
- "resourceGeneralDescription": "이 리소스에 대한 일반 설정을 구성하십시오.",
+ "resourceGeneralDescription": "이 리소스를 위한 이름, 주소 및 접근 정책을 구성하세요.",
+ "resourceGeneralDetailsSubsection": "리소스 세부 정보",
+ "resourceGeneralDetailsSubsectionDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 도메인을 설정합니다.",
+ "resourceGeneralDetailsSubsectionPortDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 포트를 설정합니다.",
+ "resourceGeneralPublicAddressSubsection": "공공 주소",
+ "resourceGeneralPublicAddressSubsectionDescription": "사용자가 이 리소스에 도달하는 방법을 구성하세요.",
+ "resourceGeneralAuthenticationAccessSubsection": "인증 및 접근",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "이 리소스가 자체 정책을 사용하는지 또는 공유 정책에서 상속받는지를 선택하세요.",
"resourceEnable": "리소스 활성화",
"resourceTransfer": "리소스 전송",
"resourceTransferDescription": "이 리소스를 다른 사이트로 전송",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "{name}에 연결하는 데 문제가 발생했습니다. 관리자에게 문의하십시오.",
"idpErrorNotFound": "IdP를 찾을 수 없습니다.",
"inviteInvalid": "유효하지 않은 초대",
+ "labels": "레이블",
+ "orgLabelsDescription": "이 조직의 레이블을 관리합니다.",
+ "addLabels": "레이블 추가",
+ "siteLabelsTab": "레이블",
+ "siteLabelsDescription": "이 사이트와 연결된 레이블을 관리합니다.",
+ "labelsNotFound": "레이블을 찾을 수 없습니다.",
+ "labelsEmptyCreateHint": "라벨을 생성하려면 위에서 입력을 시작하세요.",
+ "labelSearch": "레이블 검색",
+ "labelSearchOrCreate": "레이블을 검색하거나 생성하세요",
+ "accessLabelFilterCount": "{count, plural, other {# 레이블}}",
+ "labelOverflowCount": " +{count, plural, other {# 레이블}}",
+ "accessLabelFilterClear": "레이블 필터 초기화",
+ "accessFilterClear": "필터 지우기",
+ "selectColor": "색상 선택",
+ "createNewLabel": "새 조직 레이블 \"{label}\" 만들기",
"inviteInvalidDescription": "초대 링크가 유효하지 않습니다.",
"inviteErrorWrongUser": "이 초대는 이 사용자에게 해당되지 않습니다",
"inviteErrorUserNotExists": "사용자가 존재하지 않습니다. 먼저 계정을 생성해 주세요.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "청사진 적용",
"actionListBlueprints": "청사진 목록",
"actionGetBlueprint": "청사진 가져오기",
+ "actionCreateOrgWideLauncherView": "조직 전체 런처 보기 생성",
"setupToken": "설정 토큰",
"setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.",
"setupTokenRequired": "설정 토큰이 필요합니다",
@@ -1374,6 +1555,8 @@
"sidebarResources": "리소스",
"sidebarProxyResources": "공유",
"sidebarClientResources": "비공개",
+ "sidebarPolicies": "공유 정책들",
+ "sidebarResourcePolicies": "공개 리소스",
"sidebarAccessControl": "액세스 제어",
"sidebarLogsAndAnalytics": "로그 및 분석",
"sidebarTeam": "팀",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "관리자",
"sidebarInvitations": "초대",
"sidebarRoles": "역할",
- "sidebarShareableLinks": "링크",
+ "sidebarShareableLinks": "공유 가능한 링크",
"sidebarApiKeys": "API 키",
"sidebarProvisioning": "프로비저닝",
"sidebarSettings": "설정",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "사이트 {id}",
"standaloneHcFilterResourceIdFallback": "리소스 {id}",
"blueprints": "청사진",
- "blueprintsDescription": "선언적 구성을 적용하고 이전 실행을 봅니다",
+ "blueprintsLog": "블루프린트 로그",
+ "blueprintsDescription": "이전에 블루프린트 응용 프로그램과 그 결과를 보거나 새 블루프린트를 적용하세요",
"blueprintAdd": "청사진 추가",
"blueprintGoBack": "모든 청사진 보기",
"blueprintCreate": "청사진 생성",
@@ -1575,7 +1759,17 @@
"contents": "콘텐츠",
"parsedContents": "구문 분석된 콘텐츠 (읽기 전용)",
"enableDockerSocket": "Docker 청사진 활성화",
- "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 수집을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
+ "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 스크래핑을 활성화합니다. 소켓 경로는 사이트 커넥터에 제공되어야 합니다. 동작 방법에 대한 자세한 정보는 문서에서 확인하세요.",
+ "newtAutoUpdate": "사이트 자동 업데이트 활성화",
+ "newtAutoUpdateDescription": "활성화되면, 사이트 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다. 각 사이트별로 이를 무시할 수 있습니다.",
+ "siteAutoUpdate": "사이트 자동 업데이트",
+ "siteAutoUpdateLabel": "자동 업데이트 활성화",
+ "siteAutoUpdateDescription": "활성화되면, 이 사이트의 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다.",
+ "siteAutoUpdateOrgDefault": "조직 기본값: {state}",
+ "siteAutoUpdateOverriding": "조직 설정 재정의",
+ "siteAutoUpdateResetToOrg": "조직 기본값으로 재설정",
+ "siteAutoUpdateEnabled": "활성화됨",
+ "siteAutoUpdateDisabled": "비활성화됨",
"viewDockerContainers": "도커 컨테이너 보기",
"containersIn": "{siteName}의 컨테이너",
"selectContainerDescription": "이 대상을 위한 호스트 이름으로 사용할 컨테이너를 선택하세요. 포트를 사용하려면 포트를 클릭하세요.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "인증서",
"certificateStatusAutoRefreshHint": "상태가 자동으로 새로 고쳐집니다.",
"loading": "로딩 중",
+ "loadingEllipsis": "로딩 중...",
"loadingAnalytics": "분석 로딩 중",
"restart": "재시작",
"domains": "도메인",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "계정 설정이 완료되었습니다! 판골린에 오신 것을 환영합니다!",
"documentation": "문서",
"saveAllSettings": "모든 설정 저장",
- "saveResourceTargets": "대상 저장",
- "saveResourceHttp": "프록시 설정 저장",
- "saveProxyProtocol": "프록시 프로토콜 설정 저장",
+ "saveResourceTargets": "설정 저장",
+ "saveResourceHttp": "설정 저장",
+ "saveProxyProtocol": "설정 저장",
"settingsUpdated": "설정이 업데이트되었습니다",
"settingsUpdatedDescription": "설정이 성공적으로 업데이트되었습니다.",
"settingsErrorUpdate": "설정 업데이트 실패",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "유료 독립 호스트 라이센스 키를 위한 구독 관리",
"billingCurrentKeys": "현재 키",
"billingModifyCurrentPlan": "현재 계획 수정",
+ "billingManageLicenseSubscriptionDescription": "유료 셀프호스티드 라이선스 키에 대한 구독을 관리하고 송장을 다운로드합니다.",
"billingConfirmUpgrade": "업그레이드 확인",
"billingConfirmDowngrade": "다운그레이드 확인",
"billingConfirmUpgradeDescription": "계획을 업그레이드하려고 합니다. 아래의 새로운 제한 및 가격을 검토하세요.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "서브넷",
"addressDescription": "클라이언트의 내부 주소. 조직의 서브넷 내에 있어야 합니다.",
"selectSites": "사이트 선택",
+ "selectLabels": "레이블 선택",
"sitesDescription": "클라이언트는 선택한 사이트에 연결됩니다.",
"clientInstallOlm": "Olm 설치",
"clientInstallOlmDescription": "시스템에서 Olm을 실행하기",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "알 수 없음",
"healthCheck": "상태 확인",
"configureHealthCheck": "상태 확인 설정",
- "configureHealthCheckDescription": "{target}에 대한 상태 모니터링 설정",
+ "configureHealthCheckDescription": "리소스의 모니터링을 설정하여 항상 이용 가능하도록 하세요",
"enableHealthChecks": "상태 확인 활성화",
"healthCheckDisabledStateDescription": "비활성화되면 이 사이트가 상태 확인을 수행하지 않으며 상태가 알 수 없는 것으로 간주됩니다.",
"enableHealthChecksDescription": "이 대상을 모니터링하여 건강 상태를 확인하세요. 필요에 따라 대상과 다른 엔드포인트를 모니터링할 수 있습니다.",
"healthScheme": "방법",
"healthSelectScheme": "방법 선택",
- "healthCheckPortInvalid": "올바르지 않은 서브넷 마스크입니다. 1에서 65535 사이여야 합니다",
+ "healthCheckPortInvalid": "포트는 1에서 65535 사이여야 합니다",
"healthCheckPath": "경로",
"healthHostname": "IP / 호스트",
"healthPort": "포트",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "시간은 초 단위입니다",
"requireDeviceApproval": "장치 승인 요구",
"requireDeviceApprovalDescription": "이 역할을 가진 사용자는 장치가 연결되기 전에 관리자의 승인이 필요합니다.",
+ "sshSettings": "SSH 설정",
"sshAccess": "SSH 접속",
+ "rdpSettings": "RDP 설정",
+ "vncSettings": "VNC 설정",
+ "sshServer": "SSH 서버",
+ "rdpServer": "RDP 서버",
+ "vncServer": "VNC 서버",
+ "sshServerDescription": "인증 방법, 데몬 위치 및 서버 목적지를 설정합니다",
+ "rdpServerDescription": "RDP 서버의 목적지 및 포트를 구성합니다",
+ "vncServerDescription": "VNC 서버의 목적지 및 포트를 구성합니다",
+ "sshServerMode": "모드",
+ "sshServerModeStandard": "표준 SSH 서버",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "네트워크를 통해 OpenSSH와 같은 SSH 서버로 명령을 전달합니다.",
+ "sshServerModeNative": "네이티브 SSH 서버",
+ "sshServerModeNativeDescription": "사이트 커넥터를 통해 호스트에서 직접 명령을 실행합니다. 네트워크 구성이 필요 없습니다.",
+ "sshAuthenticationMethod": "인증 방법",
+ "sshAuthMethodManual": "수동 인증",
+ "sshAuthMethodManualDescription": "기존 호스트 자격 증명이 필요합니다. 자동 프로비저닝을 우회합니다.",
+ "sshAuthMethodAutomated": "자동 프로비저닝",
+ "sshAuthMethodAutomatedDescription": "호스트에 사용자, 그룹 및 sudo 권한을 자동으로 생성합니다.",
+ "sshAuthDaemonLocation": "인증 데몬 위치",
+ "sshDaemonLocationSiteDescription": "사이트 커넥터를 호스팅하는 기계에서 로컬로 실행됩니다.",
+ "sshDaemonLocationRemote": "원격 호스트에서",
+ "sshDaemonLocationRemoteDescription": "같은 네트워크의 별도의 대상 기계에서 실행됩니다.",
+ "sshDaemonDisclaimer": "이 설정을 완료하기 전에 인증 데몬을 실행할 대상 호스트가 적절히 구성되었는지 확인하십시오. 그렇지 않으면 프로비저닝이 실패할 수 있습니다.",
+ "sshDaemonPort": "데몬 포트",
+ "sshServerDestination": "서버 목적지",
+ "sshServerDestinationDescription": "SSH 서버의 목적지를 설정합니다",
+ "destination": "대상지",
+ "destinationRequired": "목적지가 필요합니다.",
+ "domainRequired": "도메인은 필수입니다.",
+ "proxyPortRequired": "포트가 필요합니다.",
+ "invalidPathConfiguration": "유효하지 않은 경로 구성입니다.",
+ "invalidRewritePathConfiguration": "유효하지 않은 재작성 경로 구성입니다.",
+ "bgTargetMultiSiteDisclaimer": "여러 사이트를 선택하면 고가용성을 위한 내구성 있는 라우팅 및 장애 조치를 활성화합니다.",
"roleAllowSsh": "SSH 허용",
"roleAllowSshAllow": "허용",
"roleAllowSshDisallow": "허용 안 함",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
"sshSudo": "Sudo 허용",
"sshSudoCommands": "Sudo 명령",
- "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령어의 쉼표로 구분된 목록입니다.",
+ "sshSudoCommandsDescription": "사용자가 쉘에서 sudo로 실행할 수 있는 명령 목록, 쉼표, 공백 또는 새 줄로 구분됩니다. 절대 경로를 사용해야 합니다.",
"sshCreateHomeDir": "홈 디렉터리 생성",
"sshUnixGroups": "유닉스 그룹",
- "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
+ "sshUnixGroupsDescription": "사용자를 대상 호스트에 추가할 유닉스 그룹들, 쉼표, 공백 또는 새 줄로 구분됩니다.",
+ "roleTextFieldPlaceholder": "값을 입력하거나 .txt나 .csv 파일을 드롭하세요",
+ "roleTextImportTitle": "파일에서 가져오기",
+ "roleTextImportDescription": "{fileName}을(를) {fieldLabel}에 가져오는 중",
+ "roleTextImportSkipHeader": "첫 행 건너뛰기 (헤더)",
+ "roleTextImportOverride": "기존 항목 교체",
+ "roleTextImportAppend": "기존 항목에 추가",
+ "roleTextImportMode": "가져오기 모드",
+ "roleTextImportPreview": "미리보기",
+ "roleTextImportItemCount": "{count, plural, =0 {가져올 항목 없음} other {# 개의 항목 가져오기}}",
+ "roleTextImportTotalCount": "{existing} 기존 + {imported} 가져옴 = {total} 총계",
+ "roleTextImportConfirm": "가져오기",
+ "roleTextImportInvalidFile": "지원되지 않는 파일 유형",
+ "roleTextImportInvalidFileDescription": ".txt 및 .csv 파일만 지원됩니다.",
+ "roleTextImportEmpty": "파일에서 항목을 찾을 수 없습니다",
+ "roleTextImportEmptyDescription": "파일에 가져올 항목이 포함되어 있지 않습니다.",
"retryAttempts": "재시도 횟수",
"expectedResponseCodes": "예상 응답 코드",
"expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "스킴",
"editInternalResourceDialogEnableSsl": "TLS 활성화",
"editInternalResourceDialogEnableSslDescription": "목적지로의 안전한 HTTPS 연결을 위한 SSL/TLS 암호화 활성화.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "사이트",
"selectSite": "사이트 선택...",
"multiSitesSelectorSitesCount": "{count, plural, other {# 사이트}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# 레이블} other {# 레이블}}",
"noSitesFound": "사이트를 찾을 수 없습니다.",
"createInternalResourceDialogProtocol": "프로토콜",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "스킴",
"createInternalResourceDialogScheme": "스킴",
"createInternalResourceDialogEnableSsl": "TLS 활성화",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "사이트 네트워크의 자원 IP 주소입니다.",
"createInternalResourceDialogAlias": "별칭",
"createInternalResourceDialogAliasDescription": "이 리소스에 대한 선택적 내부 DNS 별칭입니다.",
+ "internalResourceAliasLocalWarning": ".local로 끝나는 별칭은 일부 네트워크에서 mDNS로 인해 해결 문제가 발생할 수 있습니다.",
"internalResourceDownstreamSchemeRequired": "HTTP 리소스에 스킴이 필요합니다",
"internalResourceHttpPortRequired": "HTTP 리소스에 목적지 포트가 필요합니다",
"siteConfiguration": "설정",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "원격 노드",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "비밀",
+ "remoteExitNodeNetworkingTitle": "네트워크 설정",
+ "remoteExitNodeNetworkingDescription": "이 원격 출구 노드의 트래픽 라우팅 방법과 어떤 사이트가 이를 통해 연결하는지 구성합니다. 백홀 네트워킹 구성을 사용한 고급 기능입니다.",
+ "remoteExitNodeNetworkingSave": "설정 저장",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "네트워크 설정이 저장되었습니다",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "네트워크 설정이 성공적으로 업데이트되었습니다.",
+ "remoteExitNodeNetworkingSaveError": "네트워크 설정 저장 실패",
+ "remoteExitNodeNetworkingSubnetsTitle": "원격 서브넷",
+ "remoteExitNodeNetworkingSubnetsDescription": "이 원격 출구 노드가 트래픽을 라우팅할 CIDR 범위를 정의합니다. 유효한 CIDR을 입력하고 Enter를 눌러 추가하세요 (예: 10.0.0.0/8).",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "CIDR 범위 추가 (예: 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "서브넷 로드 실패",
+ "remoteExitNodeNetworkingLabelsTitle": "우선순위 레이블",
+ "remoteExitNodeNetworkingLabelsDescription": "이 레이블이 있는 사이트는 이 원격 출구 노드를 통해 연결됩니다.",
+ "remoteExitNodeNetworkingLabelsButtonText": "레이블 선택...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "레이블 검색...",
+ "remoteExitNodeNetworkingLabelsLoadError": "레이블 로드 실패",
"remoteExitNodeCreate": {
"title": "원격 노드 생성",
"description": "새로운 자체 호스팅 원격 중계 및 프록시 서버 노드를 생성하십시오.",
@@ -2233,7 +2499,7 @@
"description": "더 신뢰할 수 있고 낮은 유지보수의 자체 호스팅 팡골린 서버, 추가 기능 포함",
"introTitle": "관리 자체 호스팅 팡골린",
"introDescription": "는 자신의 데이터를 프라이빗하고 자체 호스팅을 유지하면서 더 간단하고 추가적인 신뢰성을 원하는 사람들을 위한 배포 옵션입니다.",
- "introDetail": "이 옵션을 사용하면 여전히 자신의 팡골린 노드를 운영하고 - 터널, TLS 종료 및 트래픽 모두 서버에 유지됩니다. 차이점은 관리 및 모니터링이 클라우드 대시보드를 통해 처리되어 여러 혜택을 제공합니다.",
+ "introDetail": "이 옵션을 사용하면 여전히 자신의 Pangolin 노드를 운영하고 - 터널, TLS 종료, 트래픽 모두 서버에 유지됩니다. 차이점은 관리 및 모니터링이 클라우드 대시보드를 통해 처리되어 여러 혜택을 제공합니다:",
"benefitSimplerOperations": {
"title": "더 간단한 운영",
"description": "자체 메일 서버를 운영하거나 복잡한 경고를 설정할 필요가 없습니다. 기본적으로 상태 점검 및 다운타임 경고를 받을 수 있습니다."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC 공급자",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC 공급자",
"subnet": "서브넷",
+ "utilitySubnet": "유틸리티 서브넷",
"subnetDescription": "이 조직의 네트워크 구성에 대한 서브넷입니다.",
"customDomain": "사용자 정의 도메인",
"authPage": "인증 페이지",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "조직 ID 또는 도메인 ID가 누락되었습니다",
"loadingDNSRecords": "DNS 레코드를 로드하는 중...",
"olmUpdateAvailableInfo": "올름의 새 버전이 이용 가능합니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
+ "updateAvailableInfo": "업데이트된 버전이 있습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
"client": "클라이언트",
"proxyProtocol": "프록시 프로토콜 설정",
"proxyProtocolDescription": "TCP 서비스에 대한 클라이언트 IP 주소를 유지하도록 프록시 프로토콜을 구성하세요.",
"enableProxyProtocol": "프록시 프로토콜 활성화",
"proxyProtocolInfo": "TCP 백엔드에 대한 클라이언트 IP 주소를 유지합니다.",
"proxyProtocolVersion": "프록시 프로토콜 버전",
- "version1": " 버전 1 (추천)",
+ "version1": "버전 1 (추천)",
"version2": "버전 2",
- "versionDescription": "버전 1은 텍스트 기반으로 널리 지원됩니다. 버전 2는 이진 기반으로 더 효율적이지만 호환성이 낮습니다.",
+ "version1Description": "텍스트 기반으로 널리 지원됩니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
+ "version2Description": "바이너리 및 더 효율적이지만 호환성은 낮습니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
"warning": "경고",
"proxyProtocolWarning": "백엔드 애플리케이션이 프록시 프로토콜 연결을 허용하도록 구성되어야 합니다. 백엔드가 프록시 프로토콜을 지원하지 않으면, 이를 활성화하면 모든 연결이 끊어집니다. 트래픽에서 온 프록시 프로토콜 헤더를 백엔드가 신뢰하도록 구성하십시오.",
"restarting": "재시작 중...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "확인 입력",
"blueprintViewDetails": "세부 정보",
"defaultIdentityProvider": "기본 아이덴티티 공급자",
- "defaultIdentityProviderDescription": "기본 ID 공급자가 선택되면, 사용자는 인증을 위해 자동으로 해당 공급자로 리디렉션됩니다.",
+ "defaultIdentityProviderDescription": "사용자는 인증을 위해 이 아이덴티티 공급자로 자동 리디렉션됩니다.",
"editInternalResourceDialogNetworkSettings": "네트워크 설정",
"editInternalResourceDialogAccessPolicy": "액세스 정책",
"editInternalResourceDialogAddRoles": "역할 추가",
@@ -2937,11 +3206,12 @@
"learnMore": "자세히 알아보기",
"backToHome": "홈으로 돌아가기",
"needToSignInToOrg": "조직의 아이덴티티 공급자를 사용해야 합니까?",
- "maintenanceMode": "유지보수 모드",
+ "maintenanceMode": "유지 관리 페이지",
"maintenanceModeDescription": "방문자에게 유지보수 페이지 표시",
"maintenanceModeType": "유지보수 모드 유형",
"showMaintenancePage": "방문자에게 유지보수 페이지 표시",
"enableMaintenanceMode": "유지보수 모드 활성화",
+ "enableMaintenanceModeDescription": "활성화되면 방문자는 리소스 대신 유지보수 페이지를 보게 됩니다.",
"automatic": "자동",
"automaticModeDescription": "백엔드 타깃이 모두 다운되거나 건강하지 않을 때만 유지보수 페이지를 표시합니다. 적어도 하나의 타깃이 건강한 한 리소스는 정상 작동합니다.",
"forced": "강제",
@@ -2949,6 +3219,8 @@
"warning:": "경고:",
"forcedeModeWarning": "모든 트래픽이 유지보수 페이지로 전달됩니다. 백엔드 리소스는 어떠한 요청도 받지 않습니다.",
"pageTitle": "페이지 제목",
+ "maintenancePageContentSubsection": "페이지 콘텐츠",
+ "maintenancePageContentSubsectionDescription": "유지보수 페이지에 표시될 콘텐츠를 사용자 정의하세요",
"pageTitleDescription": "유지보수 페이지에 표시될 주요 제목",
"maintenancePageMessage": "유지보수 메시지",
"maintenancePageMessagePlaceholder": "곧 돌아오겠습니다! 사이트는 현재 예정된 유지보수를 진행 중입니다.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "예상 완료:",
"createInternalResourceDialogDestinationRequired": "목적지가 필요합니다.",
"available": "사용 가능",
+ "disabledResourceDescription": "비활성화되면 리소스에 모든 사람이 접근할 수 없습니다.",
"archived": "보관된",
"noArchivedDevices": "보관된 장치가 없습니다.",
"deviceArchived": "장치가 보관되었습니다.",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "정말로 이 조직에서 이 아이덴티티 공급자의 연관을 해제하시겠습니까?",
"idpUnassociateDescription": "이 아이덴티티 공급자와 연관된 모든 사용자는 이 조직에서 제거될 것이지만, 아이덴티티 공급자는 다른 연관된 조직에 계속해서 존재할 것입니다.",
"idpUnassociateConfirm": "아이덴티티 공급자 연관 해제 확인",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "조직에서 삭제하고 제거하기",
+ "idpUnassociateAndRemoveMeFromOrg": "조직에서 연관 해제하고 제거하기",
"idpUnassociateWarning": "이 조직에서 이것은 되돌릴 수 없습니다.",
"idpUnassociatedDescription": "아이덴티티 공급자가 이 조직에서 성공적으로 연관 해제되었습니다",
"idpUnassociateMenu": "연관 해제",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "이메일 화이트리스트",
"memberPortalResourceDisabled": "리소스 비활성화됨",
"memberPortalShowingResources": "{start}-{end} 중 {total}개의 리소스를 표시 중",
+ "resourceLauncherTitle": "리소스 런처",
+ "resourceLauncherDescription": "리소스 세부 정보를 보고 한 곳에서 실행하세요",
+ "resourceLauncherSearchPlaceholder": "모든 사이트 검색...",
+ "resourceLauncherDefaultView": "기본값",
+ "resourceLauncherSaveView": "보기를 저장",
+ "resourceLauncherSaveToCurrentView": "현재 보기로 저장",
+ "resourceLauncherResetView": "보기를 재설정",
+ "resourceLauncherSaveAsNewView": "새 보기로 저장",
+ "resourceLauncherSaveAsNewViewDescription": "현재 필터와 레이아웃을 저장할 이름을 입력하세요.",
+ "resourceLauncherSaveForEveryone": "모두에게 저장",
+ "resourceLauncherSaveForEveryoneDescription": "이 보기를 모든 조직 구성원과 공유합니다. 체크 해제하면 해당 뷰는 사용자에게만 표시됩니다.",
+ "resourceLauncherMakePersonal": "개인적으로 만들기",
+ "resourceLauncherFilter": "필터",
+ "resourceLauncherSort": "정렬",
+ "resourceLauncherSortAscending": "오름차순 정렬",
+ "resourceLauncherSortDescending": "내림차순 정렬",
+ "resourceLauncherSettings": "설정",
+ "resourceLauncherGroupBy": "그룹화 기준",
+ "resourceLauncherGroupBySite": "사이트",
+ "resourceLauncherGroupByLabel": "레이블",
+ "resourceLauncherLayout": "레이아웃",
+ "resourceLauncherLayoutGrid": "그리드",
+ "resourceLauncherLayoutList": "목록",
+ "resourceLauncherShowLabels": "레이블 표시",
+ "resourceLauncherShowSiteTags": "사이트 태그 표시",
+ "resourceLauncherShowRecents": "최근 항목 표시",
+ "resourceLauncherDeleteView": "보기 삭제",
+ "resourceLauncherViewAsAdmin": "관리자로 보기",
+ "resourceLauncherResourceDetailsDescription": "이 리소스의 세부정보를 봅니다.",
+ "resourceLauncherUnlabeled": "레이블 없음",
+ "resourceLauncherNoSite": "사이트 없음",
+ "resourceLauncherNoResourcesInGroup": "이 그룹에는 리소스가 없습니다",
+ "resourceLauncherEmptyStateTitle": "사용 가능한 리소스 없음",
+ "resourceLauncherEmptyStateDescription": "아직 리소스에 대한 액세스 권한이 없습니다. 액세스를 요청하려면 관리자에게 문의하세요.",
+ "resourceLauncherEmptyStateNoResultsTitle": "리소스를 찾을 수 없음",
+ "resourceLauncherEmptyStateNoResultsDescription": "현재 검색이나 필터에 맞는 리소스가 없습니다. 필터를 조정하여 찾으려는 항목을 확인해보세요.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "\"{query}\"와 일치하는 리소스가 없습니다. 검색을 조정하거나 필터를 지워서 모든 리소스를 확인해보세요.",
+ "resourceLauncherCopiedToClipboard": "클립보드에 복사됨",
+ "resourceLauncherCopiedAccessDescription": "리소스 액세스가 클립보드에 복사되었습니다.",
+ "resourceLauncherViewNamePlaceholder": "보기 이름",
+ "resourceLauncherViewNameLabel": "뷰 이름",
+ "resourceLauncherViewSaved": "보기 저장됨",
+ "resourceLauncherViewSavedDescription": "런처 뷰가 저장되었습니다.",
+ "resourceLauncherViewSaveFailed": "뷰 저장 실패",
+ "resourceLauncherViewSaveFailedDescription": "런처 뷰를 저장할 수 없습니다. 다시 시도하세요.",
+ "resourceLauncherViewDeleted": "보기 삭제됨",
+ "resourceLauncherViewDeletedDescription": "런처 뷰가 삭제되었습니다.",
+ "resourceLauncherViewDeleteFailed": "뷰 삭제 실패",
+ "resourceLauncherViewDeleteFailedDescription": "런처 뷰를 삭제할 수 없습니다. 다시 시도하세요.",
"memberPortalPrevious": "이전",
- "memberPortalNext": "다음"
+ "memberPortalNext": "다음",
+ "httpSettings": "HTTP 설정",
+ "tcpSettings": "TCP 설정",
+ "udpSettings": "UDP 설정",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "보안 연결 설정 중…",
+ "sshConnecting": "연결 중…",
+ "sshInitializing": "초기화 중…",
+ "sshSignInTitle": "SSH에 로그인",
+ "sshSignInDescription": "연결하려면 SSH 자격 증명을 입력하세요",
+ "sshPasswordTab": "비밀번호",
+ "sshPrivateKeyTab": "개인 키",
+ "sshPrivateKeyField": "개인 키",
+ "sshPrivateKeyDisclaimer": "당신의 개인 키는 Pangolin에 저장되거나 보이지 않습니다. 대신, 기존 Pangolin 신원을 사용하여 매끄러운 인증을 제공하는 단기 인증서를 사용할 수 있습니다.",
+ "sshLearnMore": "자세히 알아보기",
+ "sshPrivateKeyFile": "개인 키 파일",
+ "sshAuthenticate": "연결",
+ "sshTerminate": "종료",
+ "sshPoweredBy": "제공자",
+ "sshErrorNoTarget": "지정된 대상이 없습니다",
+ "sshErrorWebSocket": "WebSocket 연결 실패",
+ "sshErrorAuthFailed": "인증 실패",
+ "sshErrorConnectionClosed": "인증이 완료되기 전에 연결이 닫혔습니다",
+ "sitePangolinSshDescription": "이 사이트의 리소스에 SSH 접속을 허용합니다. 나중에 변경할 수 있습니다.",
+ "browserGatewayNoResourceForDomain": "이 도메인에 대한 리소스를 찾을 수 없습니다",
+ "browserGatewayNoTarget": "대상 없음",
+ "browserGatewayConnect": "연결",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "PAM 푸시 인증을 위한 SSH 키 서명 실패. 사용자로 로그인하셨나요?",
+ "sshTerminalError": "오류: {error}",
+ "sshConnectionClosedCode": "연결 종료됨 (코드 {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "프라이빗 키가 필요합니다",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "연결하기 위해 VNC 자격 증명을 입력하세요",
+ "vncUsernameOptional": "사용자 이름 (선택 사항)",
+ "vncPasswordOptional": "비밀번호 (선택 사항)",
+ "vncNoResourceTarget": "사용할 수 있는 리소스 대상이 없습니다",
+ "vncFailedToLoadNovnc": "noVNC 로드를 실패했습니다",
+ "vncAuthFailedStatus": "상태 {status}",
+ "vncPasteClipboard": "클립보드 붙여넣기",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "원격 데스크톱에 로그인",
+ "rdpSignInDescription": "연결하려면 Windows 자격 증명을 입력하세요",
+ "rdpLoadingModule": "모듈 로딩 중...",
+ "rdpFailedToLoadModule": "RDP 모듈 로딩 실패",
+ "rdpNotReady": "준비되지 않음",
+ "rdpModuleInitializing": "RDP 모듈이 아직 초기화 중입니다",
+ "rdpDownloadingFiles": "원격에서 {count}개의 파일 다운로드 중…",
+ "rdpDownloadFailed": "다운로드 실패: {fileName}",
+ "rdpUploaded": "업로드 완료: {fileName}",
+ "rdpNoConnectionTarget": "연결 대상 없음",
+ "rdpConnectionFailed": "연결 실패",
+ "rdpFit": "적합",
+ "rdpFull": "전체",
+ "rdpReal": "실제",
+ "rdpMeta": "메타",
+ "rdpUploadFiles": "파일 업로드",
+ "rdpFilesReadyToPaste": "붙여넣기 준비 완료된 파일",
+ "rdpFilesReadyToPasteDescription": "{count}개의 파일이 원격 클립보드에 복사되었습니다 — 원격 데스크탑에서 Ctrl+V를 눌러 붙여 넣으세요.",
+ "rdpUploadFailed": "업로드 실패",
+ "rdpUnicodeKeyboardMode": "유니코드 키보드 모드",
+ "sessionToolbarShow": "툴바 보기",
+ "sessionToolbarHide": "툴바 숨기기"
}
diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index d76013d16..ec65f9307 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -66,9 +66,15 @@
"local": "Lokal",
"edit": "Rediger",
"siteConfirmDelete": "Bekreft Sletting av Område",
+ "siteConfirmDeleteAndResources": "Bekreft sletting av nettsted og ressurser",
"siteDelete": "Slett Område",
+ "siteDeleteAndResources": "Slett nettsted og ressurser",
"siteMessageRemove": "Når nettstedet er fjernet, vil det ikke lenger være tilgjengelig. Alle målene for nettstedet vil også bli fjernet.",
+ "siteMessageRemoveAndResources": "Dette vil permanent slette alle offentlige og private ressurser tilknyttet dette nettstedet, selv om en ressurs også er tilknyttet andre nettsteder.",
"siteQuestionRemove": "Er du sikker på at du vil fjerne nettstedet fra organisasjonen?",
+ "siteQuestionRemoveAndResources": "Er du sikker på at du vil slette dette nettstedet og alle tilknyttede ressurser?",
+ "sitesTableDeleteSite": "Slett nettsted",
+ "sitesTableDeleteSiteAndResources": "Slett nettsted og ressurser",
"siteManageSites": "Administrer Områder",
"siteDescription": "Opprette og administrere nettsteder for å aktivere tilkobling til private nettverk",
"sitesBannerTitle": "Koble til alle nettverk",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Vis private ressurser",
"siteInstallNewt": "Installer Newt",
"siteInstallNewtDescription": "Få Newt til å kjøre på systemet ditt",
+ "siteInstallKubernetesDocsDescription": "For mer og oppdatert informasjon om Kubernetes-installasjon, se docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "For installasjonsinstruksjoner for Advantech-modem, se docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "WireGuard Konfigurasjon",
"WgConfigurationDescription": "Bruk følgende konfigurasjon for å koble til nettverket",
"operatingSystem": "Operativsystem",
@@ -115,6 +123,16 @@
"siteUpdated": "Område oppdatert",
"siteUpdatedDescription": "Området har blitt oppdatert.",
"siteGeneralDescription": "Konfigurer de generelle innstillingene for dette området",
+ "siteRestartTitle": "Start område på nytt",
+ "siteRestartDescription": "Start WireGuard-tunnelen for dette området på nytt. Dette vil midlertidig avbryte tilkoblingen.",
+ "siteRestartBody": "Bruk dette hvis områdetunnelen ikke fungerer riktig og du vil tvinge en ny tilkobling uten å starte verten på nytt.",
+ "siteRestartButton": "Start område på nytt",
+ "siteRestartDialogMessage": "Er du sikker på at du vil starte WireGuard-tunnelen for {name} på nytt? Området vil midlertidig miste tilkoblingen.",
+ "siteRestartWarning": "Området vil kobles kort fra mens tunnelen starter om.",
+ "siteRestarted": "Område startet på nytt",
+ "siteRestartedDescription": "WireGuard-tunnelen er startet på nytt.",
+ "siteErrorRestart": "Kan ikke starte område på nytt",
+ "siteErrorRestartDescription": "En feil oppstod ved omstart av området.",
"siteSettingDescription": "Konfigurere innstillingene på nettstedet",
"siteResourcesTab": "Ressurser",
"siteResourcesNoneOnSite": "Dette nettstedet har ingen offentlige eller private ressurser enda.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.",
"siteInfo": "Områdeinformasjon",
"status": "Status",
- "shareTitle": "Administrer delingslenker",
+ "shareTitle": "Administrer delbare lenker",
"shareDescription": "Opprett delbare lenker for å gi midlertidige eller permanent tilgang til proxyressurser",
- "shareSearch": "Søk delingslenker...",
- "shareCreate": "Opprett delingslenke",
+ "shareSearch": "Søk delbare lenker...",
+ "shareCreate": "Opprett delbar lenke",
"shareErrorDelete": "Klarte ikke å slette lenke",
"shareErrorDeleteMessage": "En feil oppstod ved sletting av lenke",
"shareDeleted": "Lenke slettet",
"shareDeletedDescription": "Lenken har blitt slettet",
- "shareDelete": "Slett delingslenke",
- "shareDeleteConfirm": "Bekreft sletting av delingslenke",
+ "shareDelete": "Slett delbar lenke",
+ "shareDeleteConfirm": "Bekreft sletting av delbar lenke",
"shareQuestionRemove": "Er du sikker på at du vil slette denne delingslenken?",
"shareMessageRemove": "Når slettet, vil lenken ikke lenger fungere, og alle som bruker den vil miste tilgang til ressursen.",
"shareTokenDescription": "Adgangstoken kan sendes på to måter: som en spørringsparameter eller i forespørselsoverskriftene. Disse må sendes fra klienten på hver forespørsel om autentisert tilgang.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Det oppsto en feil ved opprettelse av delingslenken",
"shareCreateDescription": "Alle med denne lenken får tilgang til ressursen",
"shareTitleOptional": "Tittel (valgfritt)",
+ "sharePathOptional": "Bane (valgfritt)",
+ "sharePathDescription": "Lenken vil videresende brukere til denne stien etter autentisering.",
"expireIn": "Utløper om",
"neverExpire": "Utløper aldri",
"shareExpireDescription": "Utløpstid er hvor lenge lenken vil være brukbar og gi tilgang til ressursen. Etter denne tiden vil lenken ikke lenger fungere, og brukere som brukte denne lenken vil miste tilgangen til ressursen.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Vennligst velg en ressurs",
"proxyResourceTitle": "Administrere offentlige ressurser",
"proxyResourceDescription": "Opprett og administrer ressurser som er offentlig tilgjengelige via en nettleser",
- "proxyResourcesBannerTitle": "Nettbasert offentlig tilgang",
- "proxyResourcesBannerDescription": "Offentlige ressurser er HTTPS- eller TCP/UDP-proxyer tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klient-basert programvare og kan inkludere identitets- og kontekstbevisste tilgangspolicyer.",
+ "publicResourcesBannerTitle": "Web-basert offentlig tilgang",
+ "publicResourcesBannerDescription": "Offentlige ressurser er HTTPS-proxyer som er tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klientprogramvare og kan inkludere identitets- og kontekstsensitive tilgangspolicyer.",
"clientResourceTitle": "Administrer private ressurser",
"clientResourceDescription": "Opprette og administrere ressurser som bare er tilgjengelige via en tilkoblet klient",
"privateResourcesBannerTitle": "Zero-Trust privat tilgang",
@@ -208,11 +228,37 @@
"resourcesSearch": "Søk i ressurser...",
"resourceAdd": "Legg til ressurs",
"resourceErrorDelte": "Feil ved sletting av ressurs",
+ "resourcePoliciesBannerTitle": "Gjenbruk autentisering og tilgangsregler",
+ "resourcePoliciesBannerDescription": "Delte ressursretningslinjer lar deg definere autentiseringsmetoder og tilgangsregler en gang, for deretter å knytte dem til flere offentlige ressurser. Når du oppdaterer en policy, arver alle tilknyttede ressurser endringen automatisk.",
+ "resourcePoliciesBannerButtonText": "Lær mer",
+ "resourcePoliciesTitle": "Administrer offentlige ressursretningslinjer",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ressurser",
+ "resourcePoliciesAttachedResources": "{count} ressurs(er)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressurs} other {# ressurser}}",
+ "resourcePoliciesAttachedResourcesEmpty": "ingen ressurser",
+ "resourcePoliciesDescription": "Opprett og administrer autentiseringsretningslinjer for å kontrollere tilgang til dine offentlige ressurser",
+ "resourcePoliciesSearch": "Søk etter regler...",
+ "resourcePoliciesAdd": "Legg til policy",
+ "resourcePoliciesDefaultBadgeText": "Standard politisk",
+ "resourcePoliciesCreate": "Opprett offentlig ressursretningslinje",
+ "resourcePoliciesCreateDescription": "Følg trinnene nedenfor for å lage en ny policy",
+ "resourcePolicyName": "Polisnavn",
+ "resourcePolicyNameDescription": "Gi denne policynavnet for å identifisere den på tvers av dine ressurser",
+ "resourcePolicyNamePlaceholder": "f.eks. Intern Tilgangspolicy",
+ "resourcePoliciesSeeAll": "Se Alle Policies",
+ "resourcePolicyAuthMethodAdd": "Legg til Autentiseringsmetode",
+ "resourcePolicyOtpEmailAdd": "Legg til OTP e-poster",
+ "resourcePolicyRulesAdd": "Legg til Regler",
+ "resourcePolicyAuthMethodsDescription": "Tillat tilgang til ressurser via tilleggsauthentiseringsmetoder",
+ "resourcePolicyUsersRolesDescription": "Konfigurer hvilke brukere og roller som kan besøke tilknyttede ressurser",
+ "rulesResourcePolicyDescription": "Konfigurer regler for å kontrollere tilgangen til ressurser som er knyttet til denne policyen",
"authentication": "Autentisering",
"protected": "Beskyttet",
"notProtected": "Ikke beskyttet",
"resourceMessageRemove": "Når den er fjernet, vil ressursen ikke lenger være tilgjengelig. Alle mål knyttet til ressursen vil også bli fjernet.",
"resourceQuestionRemove": "Er du sikker på at du vil fjerne ressursen fra organisasjonen?",
+ "resourcePolicyMessageRemove": "Når den er fjernet, vil ressursen ikke lenger være tilgjengelig. Alle ressurser knyttet til ressursen vil bli frakoblet og stå uten autentisering.",
+ "resourcePolicyQuestionRemove": "Er du sikker på at du vil fjerne ressurspolitikken fra organisasjonen?",
"resourceHTTP": "HTTPS-ressurs",
"resourceHTTPDescription": "Proxy forespørsler over HTTPS ved å bruke et fullstendig kvalifisert domenenavn.",
"resourceRaw": "Rå TCP/UDP-ressurs",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy forespørsler om rå TCP/UDP ved hjelp av et portnummer. Krever sider for å koble til en ekstern node.",
"resourceCreate": "Opprett ressurs",
"resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs",
+ "resourceCreateGeneralDescription": "Konfigurer de grunnleggende ressursinnstillingene inkludert navnet og typen",
"resourceSeeAll": "Se alle ressurser",
- "resourceInfo": "Ressursinformasjon",
+ "resourceCreateGeneral": "Generelt",
"resourceNameDescription": "Dette er visningsnavnet for ressursen.",
"siteSelect": "Velg område",
"siteSearch": "Søk i område",
@@ -231,12 +278,15 @@
"noCountryFound": "Ingen land funnet.",
"siteSelectionDescription": "Dette området vil gi tilkobling til mål.",
"resourceType": "Ressurstype",
- "resourceTypeDescription": "Bestemme hvordan denne ressursen skal brukes",
+ "resourceTypeDescription": "Dette kontrollerer ressursprotokollen og hvordan den vil vises i nettleseren. Dette kan ikke endres senere.",
+ "resourceDomainDescription": "Ressursen vil bli servert på dette fullstendig kvalifiserte domenenavnet.",
"resourceHTTPSSettings": "HTTPS-innstillinger",
"resourceHTTPSSettingsDescription": "Konfigurer hvordan ressursen skal nås over HTTPS",
+ "resourcePortDescription": "Den eksterne porten på Pangolin-instansen eller noden der ressursen vil være tilgjengelig.",
"domainType": "Domenetype",
"subdomain": "Underdomene",
"baseDomain": "Grunndomene",
+ "configure": "Konfigurer",
"subdomnainDescription": "Underdomenet hvor ressursen vil være tilgjengelig.",
"resourceRawSettings": "TCP/UDP-innstillinger",
"resourceRawSettingsDescription": "Konfigurer hvordan ressursen vil bli tilgjengelig over TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Tilbake",
"cancel": "Avbryt",
"resourceConfig": "Konfigurasjonsutdrag",
- "resourceConfigDescription": "Kopier og lim inn disse konfigurasjons-øyeblikkene for å sette opp TCP/UDP ressursen",
+ "resourceConfigDescription": "Kopier og lim inn disse konfigurasjonsbitene for å sette opp TCP/UDP ressursen.",
"resourceAddEntrypoints": "Traefik: Legg til inngangspunkter",
"resourceExposePorts": "Gerbil: Eksponer Porter i Docker Compose",
"resourceLearnRaw": "Lær hvordan å konfigurere TCP/UDP-ressurser",
"resourceBack": "Tilbake til ressurser",
"resourceGoTo": "Gå til ressurs",
+ "resourcePolicyDelete": "Slett Ressurspolitikk",
+ "resourcePolicyDeleteConfirm": "Bekreft sletting av ressurspolitikk",
"resourceDelete": "Slett ressurs",
"resourceDeleteConfirm": "Bekreft sletting av ressurs",
+ "labelDelete": "Slett etikett",
+ "labelAdd": "Legg til etikett",
+ "labelCreateSuccessMessage": "Etikett opprettet vellykket",
+ "labelDuplicateError": "Dupliser etikett",
+ "labelDuplicateErrorDescription": "En etikett med dette navnet finnes allerede.",
+ "labelEditSuccessMessage": "Etikett endret vellykket",
+ "labelNameField": "Etikettnavn",
+ "labelColorField": "Etikettfarge",
+ "labelPlaceholder": "Eksempel: homelab",
+ "labelCreate": "Opprett etikett",
+ "createLabelDialogTitle": "Opprett etikett",
+ "createLabelDialogDescription": "Opprett en ny etikett som kan knyttes til denne organisasjonen",
+ "labelEdit": "Rediger etikett",
+ "editLabelDialogTitle": "Oppdater etikett",
+ "editLabelDialogDescription": "Rediger en ny etikett som kan knyttes til denne organisasjonen",
+ "labelDeleteConfirm": "Bekreft sletting av etikett",
+ "labelErrorDelete": "Kunne ikke slette etikett",
+ "labelMessageRemove": "Denne handlingen er permanent. Alle steder, ressurser, og klienter tagget med denne etiketten vil bli umerket.",
+ "labelQuestionRemove": "Er du sikker på at du vil fjerne etiketten fra organisasjonen?",
"visibility": "Synlighet",
"enabled": "Aktivert",
"disabled": "Deaktivert",
@@ -265,6 +336,8 @@
"rules": "Regler",
"resourceSettingDescription": "Konfigurere innstillingene på ressursen",
"resourceSetting": "{resourceName} Innstillinger",
+ "resourcePolicySettingDescription": "Konfigurer innstillingene for denne offentlige ressursretningslinjen",
+ "resourcePolicySetting": "{policyName} Innstillinger",
"alwaysAllow": "Omgå Auth",
"alwaysDeny": "Blokker tilgang",
"passToAuth": "Pass til Autentisering",
@@ -671,7 +744,7 @@
"targetSubmit": "Legg til mål",
"targetNoOne": "Denne ressursen har ikke noen mål. Legg til et mål for å konfigurere hvor du vil sende forespørsler til backend.",
"targetNoOneDescription": "Å legge til mer enn ett mål ovenfor vil aktivere lastbalansering.",
- "targetsSubmit": "Lagre mål",
+ "targetsSubmit": "Lagre innstillinger",
"addTarget": "Legg til mål",
"proxyMultiSiteRoundRobinNodeHelp": "Rundkjøringrutefordeling vil ikke fungere mellom steder som ikke er koblet til samme node, men failover vil fungere.",
"targetErrorInvalidIp": "Ugyldig IP-adresse",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Duplisert regel",
"rulesErrorDuplicateDescription": "En regel med disse innstillingene finnes allerede",
"rulesErrorInvalidIpAddressRange": "Ugyldig CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Vennligst skriv inn en gyldig CIDR-verdi",
- "rulesErrorInvalidUrl": "Ugyldig URL-sti",
- "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig verdi for URL-sti",
- "rulesErrorInvalidIpAddress": "Ugyldig IP",
- "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IP-adresse",
+ "rulesErrorInvalidIpAddressRangeDescription": "Skriv inn et gyldig CIDR-område (f.eks. 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Ugyldig sti",
+ "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig URL-sti eller et mønster (f.eks., /api/*).",
+ "rulesErrorInvalidIpAddress": "Ugyldig IP-adresse",
+ "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IPv4 eller IPv6 adresse.",
"rulesErrorUpdate": "Kunne ikke oppdatere regler",
"rulesErrorUpdateDescription": "Det oppsto en feil under oppdatering av regler",
"rulesUpdated": "Aktiver Regler",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Angi en IP-adresse (f.eks. 103.21.244.12)",
"rulesMatchUrl": "Skriv inn en URL-sti eller et mønster (f.eks. /api/v1/todos eller /api/v1/*)",
"rulesErrorInvalidPriority": "Ugyldig prioritet",
- "rulesErrorInvalidPriorityDescription": "Vennligst skriv inn en gyldig prioritet",
- "rulesErrorDuplicatePriority": "Dupliserte prioriteringer",
- "rulesErrorDuplicatePriorityDescription": "Vennligst angi unike prioriteringer",
+ "rulesErrorInvalidPriorityDescription": "Skriv inn et heltall på 1 eller høyere.",
+ "rulesErrorDuplicatePriority": "Dupliserte prioriteter",
+ "rulesErrorDuplicatePriorityDescription": "Hver regel må ha et unikt prioritetstall.",
+ "rulesErrorValidation": "Ugyldige regler",
+ "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Velg en gyldig samsvarstype (sti, IP, CIDR, land, region eller ASN).",
+ "rulesErrorValueRequired": "Skriv inn en verdi for denne regelen.",
+ "rulesErrorInvalidCountry": "Ugyldig land",
+ "rulesErrorInvalidCountryDescription": "Velg et gyldig land.",
+ "rulesErrorInvalidAsn": "Ugyldig ASN",
+ "rulesErrorInvalidAsnDescription": "Skriv inn en gyldig ASN (f.eks., AS15169).",
"ruleUpdated": "Regler oppdatert",
"ruleUpdatedDescription": "Reglene er oppdatert",
"ruleErrorUpdate": "Operasjon mislyktes",
"ruleErrorUpdateDescription": "En feil oppsto under lagringsoperasjonen",
"rulesPriority": "Prioritet",
+ "rulesReorderDragHandle": "Dra for å omorganisere regelprioriteringen",
"rulesAction": "Handling",
"rulesMatchType": "Trefftype",
"value": "Verdi",
@@ -744,9 +826,60 @@
"rulesResource": "Konfigurasjon av ressursregler",
"rulesResourceDescription": "Konfigurer regler for å kontrollere tilgang til ressursen",
"ruleSubmit": "Legg til regel",
- "rulesNoOne": "Ingen regler. Legg til en regel ved å bruke skjemaet.",
+ "rulesNoOne": "Ingen regler ennå.",
"rulesOrder": "Regler evalueres etter prioritet i stigende rekkefølge.",
"rulesSubmit": "Lagre regler",
+ "policyErrorCreate": "Feil ved opprettelse av policy",
+ "policyErrorCreateDescription": "Det oppstod en feil under opprettelse av policyen",
+ "policyErrorCreateMessageDescription": "En uventet feil oppstod",
+ "policyErrorUpdate": "Feil ved oppdatering av policy",
+ "policyErrorUpdateDescription": "Det oppstod en feil ved oppdatering av policyen",
+ "policyErrorUpdateMessageDescription": "En uventet feil oppstod",
+ "policyCreatedSuccess": "Ressurspolitikken ble opprettet vellykket",
+ "policyUpdatedSuccess": "Ressurspolitikken ble oppdatert vellykket",
+ "authMethodsSave": "Lagre innstillinger",
+ "policyAuthStackTitle": "Autentisering",
+ "policyAuthStackDescription": "Kontroller hvilke autentiseringsmetoder som kreves for å få tilgang til denne ressursen",
+ "policyAuthOrLogicTitle": "Flere autentiseringsmetoder aktive",
+ "policyAuthOrLogicBanner": "Besøkende kan autentisere ved bruk av en hvilken som helst av de aktive metodene nedenfor. De trenger ikke å fullføre alle.",
+ "policyAuthMethodActive": "Aktiv",
+ "policyAuthMethodOff": "Av",
+ "policyAuthSsoTitle": "Plattform SSO",
+ "policyAuthSsoDescription": "Krev pålogging gjennom din organisasjons identitetsleverandør",
+ "policyAuthSsoSummary": "{idp} · {users} brukere, {roles} roller",
+ "policyAuthSsoDefaultIdp": "Standardleverandør",
+ "policyAuthAddDefaultIdentityProvider": "Legg til standard identitetsleverandør",
+ "policyAuthOtherMethodsTitle": "Andre metoder",
+ "policyAuthOtherMethodsDescription": "Valgfrie metoder som besøkende kan bruke i stedet for eller i tillegg til plattform SSO",
+ "policyAuthPasscodeTitle": "Kodeord",
+ "policyAuthPasscodeDescription": "Krev en delt alfanumerisk kodeord for å få tilgang til ressursen",
+ "policyAuthPasscodeSummary": "Kodeord satt",
+ "policyAuthPincodeTitle": "PIN-kode",
+ "policyAuthPincodeDescription": "En kort numerisk kode kreves for å få tilgang til ressursen",
+ "policyAuthPincodeSummary": "6-sifret PIN satt",
+ "policyAuthEmailTitle": "E-post hviteliste",
+ "policyAuthEmailDescription": "Tillat oppførte e-postadresser med engangspassord",
+ "policyAuthEmailSummary": "{count} adresser tillatt",
+ "policyAuthEmailOtpCallout": "Aktivering av e-post hviteliste sender en engangskode til den besøkendes e-post ved innlogging.",
+ "policyAuthHeaderAuthTitle": "Grunnleggende Header Autentisering",
+ "policyAuthHeaderAuthDescription": "Bekreft et tilpasset HTTP-headernavn og verdi ved hver forespørsel",
+ "policyAuthHeaderAuthSummary": "Header konfigurert",
+ "policyAuthHeaderName": "Headernavn",
+ "policyAuthHeaderValue": "Forventet verdi",
+ "policyAuthSetPasscode": "Angi passordkode",
+ "policyAuthSetPincode": "Sett PIN-kode",
+ "policyAuthSetEmailWhitelist": "Angi e-post hviteliste",
+ "policyAuthSetHeaderAuth": "Sett grunnleggende Header Autentisering",
+ "policyAccessRulesTitle": "Tilgangsregler",
+ "policyAccessRulesEnableDescription": "Når aktivert, blir regler evaluert i synkende rekkefølge til en evaluerer til sann.",
+ "policyAccessRulesFirstMatch": "Regler evalueres ovenfra og ned. Den første samsvarande regeln bestemmer utfall.",
+ "policyAccessRulesHowItWorks": "Regler samsvarer forespørsler etter sti, IP-adresse, lokasjon eller andre kriterier. Hver regel anvender en handling: omgå autentisering, blokkere tilgang, eller sende til autentisering. Hvis ingen regler samsvarer, fortsetter trafikken til autentisering.",
+ "policyAccessRulesFallthroughOff": "Når regler er deaktivert, går all trafikk gjennom til autentisering.",
+ "policyAccessRulesFallthroughOn": "Når ingen regler samsvarer, fortsetter trafikken til autentisering.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Lagre Regler",
"resourceErrorCreate": "Feil under oppretting av ressurs",
"resourceErrorCreateDescription": "Det oppstod en feil under oppretting av ressursen",
"resourceErrorCreateMessage": "Feil ved oppretting av ressurs:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "En feil oppstod under oppdatering av ressursen",
"access": "Tilgang",
"accessControl": "Tilgangskontroll",
- "shareLink": "{resource} Del Lenke",
+ "shareLink": "{resource} Delbar lenke",
"resourceSelect": "Velg ressurs",
- "shareLinks": "Del lenker",
+ "shareLinks": "Delbare lenker",
"share": "Delbare lenker",
"shareDescription2": "Opprett delbare lenker til ressurser. Lenker gir midlertidig eller ubegrenset tilgang til din ressurs. Du kan konfigurere utløpsvarigheten på lenken når du oppretter en.",
"shareEasyCreate": "Enkelt å lage og dele",
@@ -810,6 +943,17 @@
"pincodeAdd": "Legg til PIN-kode",
"pincodeRemove": "Fjern PIN-kode",
"resourceAuthMethods": "Autentiseringsmetoder",
+ "resourcePolicyAuthMethodsEmpty": "Ingen autentiseringsmetode",
+ "resourcePolicyOtpEmpty": "Ingen engangspassord",
+ "resourcePolicyReadOnly": "Denne policyen er kun lesbar",
+ "resourcePolicyReadOnlyDescription": "Denne ressursreglen deles på tvers av flere ressurser, du kan ikke redigere den på denne siden.",
+ "editSharedPolicy": "Rediger Delte Rekvireringer",
+ "resourcePolicyTypeSave": "Lagre Ressurstype",
+ "resourcePolicySelect": "Velg ressurspolitikk",
+ "resourcePolicySelectError": "Velg en ressursregel",
+ "resourcePolicyNotFound": "Policy ikke funnet",
+ "resourcePolicySearch": "Søk etter regler",
+ "resourcePolicyRulesEmpty": "Ingen autentiseringsregler",
"resourceAuthMethodsDescriptions": "Tillat tilgang til ressursen via ytterligere autentiseringsmetoder",
"resourceAuthSettingsSave": "Lagret vellykket",
"resourceAuthSettingsSaveDescription": "Autentiseringsinnstillinger er lagret",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Angi PIN-kode",
"resourcePincodeSetupTitleDescription": "Sett en pinkode for å beskytte denne ressursen",
"resourceRoleDescription": "Administratorer har alltid tilgang til denne ressursen.",
+ "resourcePolicySelectTitle": "Ressurstilgangspolitikk",
+ "resourcePolicySelectDescription": "Velg policytype for autentisering",
+ "resourcePolicyTypeLabel": "Policy-type",
+ "resourcePolicyLabel": "Ressurspolicy",
+ "resourcePolicyInline": "Inline Ressursregler",
+ "resourcePolicyInlineDescription": "Tilgangspolitikk som kun er gyldig for denne ressursen",
+ "resourcePolicyShared": "Delte Ressursregler",
+ "resourcePolicySharedDescription": "Denne ressursen bruker en delt policy.",
+ "sharedPolicy": "Delt policy",
+ "sharedPolicyNoneDescription": "Denne ressursen har sin egen policy.",
+ "resourceSharedPolicyOwnDescription": "Denne ressursen har sine egne autentiserings- og tilgangskontroller.",
+ "resourceSharedPolicyInheritedDescription": "Denne ressursen arver fra {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Denne ressursen bruker en delt policy. Noen autentiseringsinnstillinger kan redigeres på denne ressursen for å legge til policyen. For å endre den underliggende policyen, må du redigere til {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Denne ressursen bruker en delt policy. Noen tilgangsregler kan redigeres på denne ressursen. For å endre den underliggende policyen, må du redigere {policyName}.",
"resourceUsersRoles": "Tilgangskontroller",
"resourceUsersRolesDescription": "Konfigurer hvilke brukere og roller som har tilgang til denne ressursen",
"resourceUsersRolesSubmit": "Lagre tilgangskontroller",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Synlighet",
"resourceVisibilityTitleDescription": "Fullstendig aktiver eller deaktiver ressursynlighet",
"resourceGeneral": "Generelle innstillinger",
- "resourceGeneralDescription": "Konfigurer de generelle innstillingene for denne ressursen",
+ "resourceGeneralDescription": "Konfigurer navn, adresse og tilgangspolicy for denne ressursen.",
+ "resourceGeneralDetailsSubsection": "Ressursdetaljer",
+ "resourceGeneralDetailsSubsectionDescription": "Angi visningsnavn, identifikator og offentlig tilgjengelig domene for denne ressursen.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Angi visningsnavn, identifikator og offentlig port for denne ressursen.",
+ "resourceGeneralPublicAddressSubsection": "Offentlig adresse",
+ "resourceGeneralPublicAddressSubsectionDescription": "Konfigurer hvordan brukere får tilgang til denne ressursen.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autentisering og tilgang",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Velg om denne ressursen bruker sin egen policy eller arver fra en delt policy.",
"resourceEnable": "Aktiver ressurs",
"resourceTransfer": "Overfør Ressurs",
"resourceTransferDescription": "Overfør denne ressursen til et annet område",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Det oppstod et problem med å koble til {name}. Vennligst kontakt din administrator.",
"idpErrorNotFound": "IdP ikke funnet",
"inviteInvalid": "Ugyldig invitasjon",
+ "labels": "Etiketter",
+ "orgLabelsDescription": "Administrer etiketter i denne organisasjonen.",
+ "addLabels": "Legg til etiketter",
+ "siteLabelsTab": "Etiketter",
+ "siteLabelsDescription": "Administrer etiketter knyttet til dette nettstedet.",
+ "labelsNotFound": "Ingen etiketter funnet.",
+ "labelsEmptyCreateHint": "Start å skrive ovenfor for å lage en etikett.",
+ "labelSearch": "Søk etter etiketter",
+ "labelSearchOrCreate": "Søk eller opprett en etikett",
+ "accessLabelFilterCount": "{count, plural, one {en etikett} other {# etiketter}}",
+ "labelOverflowCount": "+{count, plural, one {en etikett} other {# etiketter}}",
+ "accessLabelFilterClear": "Fjern etikettfiltre",
+ "accessFilterClear": "Fjern filtre",
+ "selectColor": "Velg farge",
+ "createNewLabel": "Opprett ny org-etikett \"{label}\"",
"inviteInvalidDescription": "Invitasjonslenken er ugyldig.",
"inviteErrorWrongUser": "Invitasjonen er ikke for denne brukeren",
"inviteErrorUserNotExists": "Brukeren eksisterer ikke. Vennligst opprett en konto først.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Bruk blåkopi",
"actionListBlueprints": "List opp blåkopier",
"actionGetBlueprint": "Hent blåkopi",
+ "actionCreateOrgWideLauncherView": "Opprett lanseringsvisning for hele organisasjonen",
"setupToken": "Oppsetttoken",
"setupTokenDescription": "Skriv inn oppsetttoken fra serverkonsollen.",
"setupTokenRequired": "Oppsetttoken er nødvendig",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Ressurser",
"sidebarProxyResources": "Offentlig",
"sidebarClientResources": "Privat",
+ "sidebarPolicies": "Delte policies",
+ "sidebarResourcePolicies": "Offentlige ressurser",
"sidebarAccessControl": "Tilgangskontroll",
"sidebarLogsAndAnalytics": "Logger og analyser",
"sidebarTeam": "Lag",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Administrator",
"sidebarInvitations": "Invitasjoner",
"sidebarRoles": "Roller",
- "sidebarShareableLinks": "Lenker",
+ "sidebarShareableLinks": "Delbare lenker",
"sidebarApiKeys": "API-nøkler",
"sidebarProvisioning": "Levering",
"sidebarSettings": "Innstillinger",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Område {id}",
"standaloneHcFilterResourceIdFallback": "Ressurs {id}",
"blueprints": "Tegninger",
- "blueprintsDescription": "Bruk deklarative konfigurasjoner og vis tidligere kjøringer",
+ "blueprintsLog": "Blåkopieringslogg",
+ "blueprintsDescription": "Se tidligere blueprint-applikasjoner og deres resultater, eller bruk et nytt blueprint",
"blueprintAdd": "Legg til blåkopi",
"blueprintGoBack": "Se alle blåkopier",
"blueprintCreate": "Opprette mal",
@@ -1575,7 +1759,17 @@
"contents": "Innhold",
"parsedContents": "Parastinnhold (kun lese)",
"enableDockerSocket": "Aktiver Docker blåkopi",
- "enableDockerSocketDescription": "Aktiver skraping av Docker Socket for blueprint Etiketter. Socket bane må brukes for nye.",
+ "enableDockerSocketDescription": "Aktiver Docker Socket etikett skrubbing for blueprint etiketter. Socket bane må oppgis til nettstedkobleren. Les om hvordan dette fungerer i dokumentasjonen.",
+ "newtAutoUpdate": "Aktiver Automatisk Oppdatering av Nettsted",
+ "newtAutoUpdateDescription": "Når aktivert, vil nettstedskoblinger automatisk laste ned den nyeste versjonen og starte seg selv på nytt. Dette kan overstyres på basis per nettsted.",
+ "siteAutoUpdate": "Automatisk Oppdatering av Nettsted",
+ "siteAutoUpdateLabel": "Aktiver Automatisk Oppdatering",
+ "siteAutoUpdateDescription": "Når aktivert, vil denne nettstedets kobling automatisk laste ned den nyeste versjonen og starte seg selv på nytt.",
+ "siteAutoUpdateOrgDefault": "Organisasjon standard: {state}",
+ "siteAutoUpdateOverriding": "Overstyrer organisasjonens innstilling",
+ "siteAutoUpdateResetToOrg": "Tilbakestill til Organisasjonsstandard",
+ "siteAutoUpdateEnabled": "aktivert",
+ "siteAutoUpdateDisabled": "deaktivert",
"viewDockerContainers": "Vis Docker-containere",
"containersIn": "Containere i {siteName}",
"selectContainerDescription": "Velg en hvilken som helst container for å bruke som vertsnavn for dette målet. Klikk på en port for å bruke en port.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Sertifikat",
"certificateStatusAutoRefreshHint": "Status oppdateres automatisk.",
"loading": "Laster inn",
+ "loadingEllipsis": "Laster inn...",
"loadingAnalytics": "Laster inn analyser",
"restart": "Start på nytt",
"domains": "Domener",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Kontooppsett fullført! Velkommen til Pangolin!",
"documentation": "Dokumentasjon",
"saveAllSettings": "Lagre alle innstillinger",
- "saveResourceTargets": "Lagre mål",
- "saveResourceHttp": "Lagre proxy-innstillinger",
- "saveProxyProtocol": "Lagre proxy-protokollinnstillinger",
+ "saveResourceTargets": "Lagre innstillinger",
+ "saveResourceHttp": "Lagre innstillinger",
+ "saveProxyProtocol": "Lagre innstillinger",
"settingsUpdated": "Innstillinger oppdatert",
"settingsUpdatedDescription": "Innstillinger oppdatert vellykket",
"settingsErrorUpdate": "Klarte ikke å oppdatere innstillinger",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Administrer abonnementet for betalte lisensnøkler selv hostet",
"billingCurrentKeys": "Nåværende nøkler",
"billingModifyCurrentPlan": "Endre gjeldende plan",
+ "billingManageLicenseSubscriptionDescription": "Administrer ditt abonnement for betalte egenvertslisensnøkler og last ned fakturaer.",
"billingConfirmUpgrade": "Bekreft oppgradering",
"billingConfirmDowngrade": "Bekreft nedgradering",
"billingConfirmUpgradeDescription": "Du er i ferd med å oppgradere abonnementet ditt. Gå gjennom de nye grensene og pris nedenfor.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Subnett",
"addressDescription": "Den interne adressen til klienten. Må falle innenfor organisasjonens undernett.",
"selectSites": "Velg områder",
+ "selectLabels": "Velg etiketter",
"sitesDescription": "Klienten vil ha tilkobling til de valgte områdene",
"clientInstallOlm": "Installer Olm",
"clientInstallOlmDescription": "Få Olm til å kjøre på systemet ditt",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Ukjent",
"healthCheck": "Helsekontroll",
"configureHealthCheck": "Konfigurer Helsekontroll",
- "configureHealthCheckDescription": "Sett opp helsekontroll for {target}",
+ "configureHealthCheckDescription": "Sett opp overvåking av ressursen din for å sikre at den alltid er tilgjengelig",
"enableHealthChecks": "Aktiver Helsekontroller",
"healthCheckDisabledStateDescription": "Når deaktivert, vil ikke nettstedet utføre helsekontroller, og tilstanden vil anses som ukjent.",
"enableHealthChecksDescription": "Overvåk helsen til dette målet. Du kan overvåke et annet endepunkt enn målet hvis nødvendig.",
"healthScheme": "Metode",
"healthSelectScheme": "Velg metode",
- "healthCheckPortInvalid": "Helsekontrollporten må være mellom 1 og 65535",
+ "healthCheckPortInvalid": "Porten må være mellom 1 og 65535",
"healthCheckPath": "Sti",
"healthHostname": "IP / Vert",
"healthPort": "Port",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Tid er i sekunder",
"requireDeviceApproval": "Krev enhetsgodkjenning",
"requireDeviceApprovalDescription": "Brukere med denne rollen trenger nye enheter godkjent av en admin før de kan koble seg og få tilgang til ressurser.",
- "sshAccess": "SSH tilgang",
+ "sshSettings": "SSH Innstillinger",
+ "sshAccess": "SSH-tilgang",
+ "rdpSettings": "RDP Innstillinger",
+ "vncSettings": "VNC Innstillinger",
+ "sshServer": "SSH-server",
+ "rdpServer": "RDP-server",
+ "vncServer": "VNC-server",
+ "sshServerDescription": "Sett opp autentiseringsmetoden, daemonplasseringen, og serverens destinasjon",
+ "rdpServerDescription": "Konfigurer destinasjonen og porten til RDP-serveren",
+ "vncServerDescription": "Konfigurer destinasjonen og porten til VNC-serveren",
+ "sshServerMode": "Modus",
+ "sshServerModeStandard": "Standard SSH-server",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Ruter kommandoer over nettverk til en SSH-server som OpenSSH.",
+ "sshServerModeNative": "Innfødt SSH Server",
+ "sshServerModeNativeDescription": "Utfører kommandoer direkte på verten via Nettsted-kobleren. Ingen nettverkskonfigurasjon kreves.",
+ "sshAuthenticationMethod": "Autentiseringsmetode",
+ "sshAuthMethodManual": "Manuell Autentisering",
+ "sshAuthMethodManualDescription": "Krever eksisterende vertlegitimasjon. Omgår automatisk klargjøring.",
+ "sshAuthMethodAutomated": "Automatisk Klargjøring",
+ "sshAuthMethodAutomatedDescription": "Oppretter automatisk brukere, grupper og sudo-tillatelser på verten.",
+ "sshAuthDaemonLocation": "Autentisering Daemon-plassering",
+ "sshDaemonLocationSiteDescription": "Utføres lokalt på maskinen som er vert for nettstedkobleren.",
+ "sshDaemonLocationRemote": "På Ekstern Vert",
+ "sshDaemonLocationRemoteDescription": "Utføres på en separat målenhet på samme nettverk.",
+ "sshDaemonDisclaimer": "Sørg for at målenheten din er riktig konfigurert for å kjøre autentiseringsdaemon før du fullfører denne oppsettet, eller klargjøring vil mislykkes.",
+ "sshDaemonPort": "Daemon-port",
+ "sshServerDestination": "Serverens Destinasjon",
+ "sshServerDestinationDescription": "Konfigurer destinasjonen for SSH-serveren",
+ "destination": "Destinasjon",
+ "destinationRequired": "Destinasjon er påkrevd.",
+ "domainRequired": "Domene er påkrevd.",
+ "proxyPortRequired": "Port er påkrevd.",
+ "invalidPathConfiguration": "Ugyldig sti-konfigurasjon.",
+ "invalidRewritePathConfiguration": "Ugyldig omskrivingssti-konfigurasjon.",
+ "bgTargetMultiSiteDisclaimer": "Ved å velge flere nettsteder aktiveres robust ruting og feilaktig avbrudd for høy tilgjengelighet.",
"roleAllowSsh": "Tillat SSH",
"roleAllowSshAllow": "Tillat",
"roleAllowSshDisallow": "Forby",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
"sshSudo": "Tillat sudo",
"sshSudoCommands": "Sudo kommandoer",
- "sshSudoCommandsDescription": "Kommaseparert liste med kommandoer brukeren kan kjøre med sudo.",
+ "sshSudoCommandsDescription": "Liste over kommandoer brukeren har lov til å kjøre med sudo, separert med komma, mellomrom eller nye linjer. Absolutte stier må brukes.",
"sshCreateHomeDir": "Opprett hjemmappe",
"sshUnixGroups": "Unix grupper",
- "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
+ "sshUnixGroupsDescription": "Unix-grupper å legge til brukeren i på målverten, separert med komma, mellomrom eller nye linjer.",
+ "roleTextFieldPlaceholder": "Skriv inn verdier, eller slipp en .txt eller .csv fil",
+ "roleTextImportTitle": "Importer fra fil",
+ "roleTextImportDescription": "Importerer {fileName} til {fieldLabel}.",
+ "roleTextImportSkipHeader": "Hopp over første rad (header)",
+ "roleTextImportOverride": "Erstatte eksisterende",
+ "roleTextImportAppend": "Legg til eksisterende",
+ "roleTextImportMode": "Importmodus",
+ "roleTextImportPreview": "Forhåndsvisning",
+ "roleTextImportItemCount": "{count, plural, =0 {Ingen elementer å importere} one {ett element å importere} other {# elementer å importere}}",
+ "roleTextImportTotalCount": "{existing} eksisterende + {imported} importert = {total} totalt",
+ "roleTextImportConfirm": "Import",
+ "roleTextImportInvalidFile": "Ustøttet filtype",
+ "roleTextImportInvalidFileDescription": "Bare .txt og .csv filer er støttet.",
+ "roleTextImportEmpty": "Ingen elementer funnet i filen",
+ "roleTextImportEmptyDescription": "Filen inneholder ingen importerbare elementer.",
"retryAttempts": "Forsøk på nytt",
"expectedResponseCodes": "Forventede svarkoder",
"expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Skjema",
"editInternalResourceDialogEnableSsl": "Aktiver TLS",
"editInternalResourceDialogEnableSslDescription": "Aktiver SSL/TLS-kryptering for sikre HTTPS-tilkoblinger til destinasjonen.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Område",
"selectSite": "Velg område...",
"multiSitesSelectorSitesCount": "{count, plural, one {# sted} other {# steder}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {en etikett} other {# etiketter}}",
"noSitesFound": "Ingen områder funnet.",
"createInternalResourceDialogProtocol": "Protokoll",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Skjema",
"createInternalResourceDialogScheme": "Skjema",
"createInternalResourceDialogEnableSsl": "Aktiver TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "CIDR-rekkevidden til ressursen på nettstedets nettverk.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Et valgfritt internt DNS-alias for denne ressursen.",
+ "internalResourceAliasLocalWarning": "Alias som slutter på .local kan forårsake oppløsningsproblemer på grunn av mDNS på enkelte nettverk.",
"internalResourceDownstreamSchemeRequired": "Skjema er påkrevd for HTTP-ressurser",
"internalResourceHttpPortRequired": "Destinasjonsport er nødvendig for HTTP-ressurser",
"siteConfiguration": "Konfigurasjon",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Eksterne Noder",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Sikkerhetsnøkkel",
+ "remoteExitNodeNetworkingTitle": "Nettverksinnstillinger",
+ "remoteExitNodeNetworkingDescription": "Konfigurer hvordan denne fjerne utgangsnoden ruter trafikk og hvilke områder som foretrekker å koble gjennom den. Avanserte funksjoner for å brukes med bakhalstilkoplingskonfigurasjoner.",
+ "remoteExitNodeNetworkingSave": "Lagre innstillinger",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Nettverksinnstillinger lagret",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Nettverksinnstillingene er oppdatert.",
+ "remoteExitNodeNetworkingSaveError": "Klarte ikke å lagre nettverksinnstillinger",
+ "remoteExitNodeNetworkingSubnetsTitle": "Fjern-subnett",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definer CIDR-områdene som denne fjernutgangsnoden vil rute trafikk til. Skriv inn en gyldig CIDR (f.eks. 10.0.0.0/8) og trykk Enter for å legge til.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Legg til et CIDR-område (f.eks. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Feil ved lasting av subnett",
+ "remoteExitNodeNetworkingLabelsTitle": "Preferanseetiketter",
+ "remoteExitNodeNetworkingLabelsDescription": "Områder med disse etikettene vil bli tvunget til å koble gjennom denne fjerne utgangsnoden.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Velg etiketter...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Søk etiketter...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Feil ved lasting av etiketter",
"remoteExitNodeCreate": {
"title": "Opprett ekstern node",
"description": "Opprett en ny egendrift ekstern relé- og proxyservernode",
@@ -2233,7 +2499,7 @@
"description": "Sikre og lavvedlikeholdsservere, selvbetjente Pangolin med ekstra klokker, og understell",
"introTitle": "Administrert Self-Hosted Pangolin",
"introDescription": "er et alternativ for bruk utviklet for personer som ønsker enkel og ekstra pålitelighet mens de fortsatt holder sine data privat og selvdrevne.",
- "introDetail": "Med dette valget kjører du fortsatt din egen Pangolin-node - tunneler, TLS-terminering og trafikken ligger på serveren din. Forskjellen er at behandling og overvåking håndteres gjennom vårt skydashbord, som låser opp en rekke fordeler:",
+ "introDetail": "Med dette valget kjører du fortsatt din egen Pangolin-node - tunneler, TLS-terminering, og trafikken ligger på serveren din. Forskjellen er at behandling og overvåking håndteres gjennom vårt sky-dashbord, som låser opp en rekke fordeler:",
"benefitSimplerOperations": {
"title": "Enklere operasjoner",
"description": "Ingen grunn til å kjøre din egen e-postserver eller sette opp kompleks varsling. Du vil få helsesjekk og nedetid varsler ut av boksen."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC leverandør",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Subnett",
+ "utilitySubnet": "Nyttesubnett",
"subnetDescription": "Undernettverket for denne organisasjonens nettverkskonfigurasjon.",
"customDomain": "Egendefinert domene",
"authPage": "Autentiseringssider",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "ID for organisasjon eller domene mangler",
"loadingDNSRecords": "Laster DNS-poster...",
"olmUpdateAvailableInfo": "En oppdatert versjon av Olm er tilgjengelig. Oppdater til den nyeste versjonen for å få den beste opplevelsen.",
+ "updateAvailableInfo": "En oppdatert versjon er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.",
"client": "Klient",
"proxyProtocol": "Protokoll innstillinger for Protokoll",
"proxyProtocolDescription": "Konfigurer Proxy-protokoll for å bevare klientens IP-adresser til TCP-tjenester.",
"enableProxyProtocol": "Aktiver Proxy-protokoll",
"proxyProtocolInfo": "Bevar klientens IP-adresser for TCP backends",
"proxyProtocolVersion": "Proxy protokoll versjon",
- "version1": " Versjon 1 (Anbefalt)",
+ "version1": "Versjon 1 (Anbefalt)",
"version2": "Versjon 2",
- "versionDescription": "Versjon 1 er tekstbasert og støttet. Versjon 2 er binært og mer effektivt, men mindre kompatibel.",
+ "version1Description": "Tekstbasert og bredt støttet. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
+ "version2Description": "Binært og mer effektivt, men mindre kompatibel. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
"warning": "Advarsel",
"proxyProtocolWarning": "backend-programmet må konfigureres til å akseptere forbindelser i Proxy Protokoll. Hvis backend ikke støtter Proxy Beskyttelse vil aktivering av dette ødelegge alle tilkoblinger så bare dette hvis du vet hva du gjør. Sørg for å konfigurere backend til å stole på Proxy Protokoll overskrifter fra Traefik.",
"restarting": "Restarter...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Skriv inn bekreftelse",
"blueprintViewDetails": "Detaljer",
"defaultIdentityProvider": "Standard identitetsleverandør",
- "defaultIdentityProviderDescription": "Når en standard identitetsleverandør er valgt, vil brukeren automatisk bli omdirigert til leverandøren for autentisering.",
+ "defaultIdentityProviderDescription": "Brukeren vil automatisk bli videresendt til denne identitetsleverandøren for autentisering.",
"editInternalResourceDialogNetworkSettings": "Nettverksinnstillinger",
"editInternalResourceDialogAccessPolicy": "Tilgangsregler for tilgang",
"editInternalResourceDialogAddRoles": "Legg til roller",
@@ -2937,11 +3206,12 @@
"learnMore": "Lær mer",
"backToHome": "Gå tilbake til start",
"needToSignInToOrg": "Trenger du å bruke organisasjonens identitetsleverandør?",
- "maintenanceMode": "Vedlikeholdsmodus",
+ "maintenanceMode": "Vedlikeholdsside",
"maintenanceModeDescription": "Vis en vedlikeholdsside til besøkende",
"maintenanceModeType": "Vedlikeholdsmodus type",
"showMaintenancePage": "Vis en vedlikeholdsside til besøkende",
"enableMaintenanceMode": "Aktiver vedlikeholdsmodus",
+ "enableMaintenanceModeDescription": "Når aktivert, vil besøkende se en vedlikeholdsside i stedet for ressursen din.",
"automatic": "Automatisk",
"automaticModeDescription": "Vis vedlikeholdsside kun når alle serverens mål er nede eller usunne. Ressursen din fortsetter å fungere normalt så lenge minst ett mål er sunt.",
"forced": "Tvunget",
@@ -2949,6 +3219,8 @@
"warning:": "Advarsel:",
"forcedeModeWarning": "All trafikk vil bli dirigeres til vedlikeholdssiden. Serverens ressurser vil ikke motta noen forespørsler.",
"pageTitle": "Sidetittel",
+ "maintenancePageContentSubsection": "Sideinnhold",
+ "maintenancePageContentSubsectionDescription": "Tilpass innholdet som vises på vedlikeholdssiden",
"pageTitleDescription": "Hovedoverskriften vist på vedlikeholdssiden",
"maintenancePageMessage": "Vedlikeholdsbeskjed",
"maintenancePageMessagePlaceholder": "Vi kommer snart tilbake! Vårt nettsted gjennomgår for øyeblikket planlagt vedlikehold.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Estimert ferdigstillelse:",
"createInternalResourceDialogDestinationRequired": "Destinasjonen er nødvendig",
"available": "Tilgjengelig",
+ "disabledResourceDescription": "Når deaktivert, vil ressursen være utilgjengelig for alle.",
"archived": "Arkivert",
"noArchivedDevices": "Ingen arkiverte enheter funnet",
"deviceArchived": "Enhet arkivert",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Er du sikker på at du vil frakoble denne identitetsleverandøren fra denne organisasjonen?",
"idpUnassociateDescription": "Alle brukere knyttet til denne identitetsleverandøren vil bli fjernet fra denne organisasjonen, men identitetsleverandøren vil fortsatt eksistere for andre tilknyttede organisasjoner.",
"idpUnassociateConfirm": "Bekreft frakobling av identitetsleverandør",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "SLETT OG FJERN MEG FRA ORGANISASJONEN",
+ "idpUnassociateAndRemoveMeFromOrg": "AVKOBLE OG FJERN MEG FRA ORGANISASJONEN",
"idpUnassociateWarning": "Dette kan ikke angres for denne organisasjonen.",
"idpUnassociatedDescription": "Identitetsleverandør er vellykket frakoblet fra denne organisasjonen",
"idpUnassociateMenu": "Frakoble",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "E-post-hviteliste",
"memberPortalResourceDisabled": "Ressurs deaktivert",
"memberPortalShowingResources": "Viser {start}-{end} av {total} ressurser",
+ "resourceLauncherTitle": "Ressurslansering",
+ "resourceLauncherDescription": "Vis ressursdetaljer og start dem fra ett sted",
+ "resourceLauncherSearchPlaceholder": "Søk i alle områder...",
+ "resourceLauncherDefaultView": "Standard",
+ "resourceLauncherSaveView": "Lagre visning",
+ "resourceLauncherSaveToCurrentView": "Lagre til nåværende visning",
+ "resourceLauncherResetView": "Tilbakestill visning",
+ "resourceLauncherSaveAsNewView": "Lagre som ny visning",
+ "resourceLauncherSaveAsNewViewDescription": "Gi denne visningen et navn for å lagre dine nåværende filtre og oppsett.",
+ "resourceLauncherSaveForEveryone": "Lagre for alle",
+ "resourceLauncherSaveForEveryoneDescription": "Del denne visningen med alle organisasjonsmedlemmer. Når avkrysset, er visningen synlig bare for deg.",
+ "resourceLauncherMakePersonal": "Gjør personlig",
+ "resourceLauncherFilter": "Filter",
+ "resourceLauncherSort": "Sorter",
+ "resourceLauncherSortAscending": "Sorter stigende",
+ "resourceLauncherSortDescending": "Sorter synkende",
+ "resourceLauncherSettings": "Innstillinger",
+ "resourceLauncherGroupBy": "Grupper etter",
+ "resourceLauncherGroupBySite": "Område",
+ "resourceLauncherGroupByLabel": "Etikett",
+ "resourceLauncherLayout": "Oppsett",
+ "resourceLauncherLayoutGrid": "Rutenett",
+ "resourceLauncherLayoutList": "Liste",
+ "resourceLauncherShowLabels": "Vis etiketter",
+ "resourceLauncherShowSiteTags": "Vis områdestikkord",
+ "resourceLauncherShowRecents": "Vis nylige",
+ "resourceLauncherDeleteView": "Slett visning",
+ "resourceLauncherViewAsAdmin": "Vis som administrator",
+ "resourceLauncherResourceDetailsDescription": "Vis detaljer for denne ressursen.",
+ "resourceLauncherUnlabeled": "Umerket",
+ "resourceLauncherNoSite": "Ingen område",
+ "resourceLauncherNoResourcesInGroup": "Ingen ressurser i denne gruppen",
+ "resourceLauncherEmptyStateTitle": "Ingen tilgjengelige ressurser",
+ "resourceLauncherEmptyStateDescription": "Du har ennå ikke tilgang til noen ressurser. Kontakt administratoren din for å be om tilgang.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Ingen ressurser funnet",
+ "resourceLauncherEmptyStateNoResultsDescription": "Ingen ressurser matcher dine nåværende søk eller filtre. Prøv å justere dem for å finne det du leter etter.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Ingen ressurser samsvarer med \"{query}\". Prøv å justere søket eller fjern filtrene for å se alle ressursene.",
+ "resourceLauncherCopiedToClipboard": "Kopiert til utklippstavlen",
+ "resourceLauncherCopiedAccessDescription": "Ressurstilgang er kopiert til utklippstavlen din.",
+ "resourceLauncherViewNamePlaceholder": "Visningsnavn",
+ "resourceLauncherViewNameLabel": "Visningsnavn",
+ "resourceLauncherViewSaved": "Visning lagret",
+ "resourceLauncherViewSavedDescription": "Lanseringsvisningen din er lagret.",
+ "resourceLauncherViewSaveFailed": "Feilet å lagre visning",
+ "resourceLauncherViewSaveFailedDescription": "Kunne ikke lagre lanseringsvisningen. Vennligst prøv igjen.",
+ "resourceLauncherViewDeleted": "Visning slettet",
+ "resourceLauncherViewDeletedDescription": "Lanseringsvisningen er slettet.",
+ "resourceLauncherViewDeleteFailed": "Klarte ikke å slette visning",
+ "resourceLauncherViewDeleteFailedDescription": "Kunne ikke slette lanseringsvisningen. Vennligst prøv igjen.",
"memberPortalPrevious": "Forrige",
- "memberPortalNext": "Neste"
+ "memberPortalNext": "Neste",
+ "httpSettings": "HTTP Innstillinger",
+ "tcpSettings": "TCP Innstillinger",
+ "udpSettings": "UDP Innstillinger",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Opprette en sikker tilkobling…",
+ "sshConnecting": "Kobler til…",
+ "sshInitializing": "Initialiserer…",
+ "sshSignInTitle": "Logg inn på SSH",
+ "sshSignInDescription": "Skriv inn dine SSH-legitimasjon for å koble til",
+ "sshPasswordTab": "Passord",
+ "sshPrivateKeyTab": "Privat Nøkkel",
+ "sshPrivateKeyField": "Privat Nøkkel",
+ "sshPrivateKeyDisclaimer": "Din private nøkkel er ikke lagret eller synlig for Pangolin. Alternativt kan du bruke kortevaliderte sertifikater for sømløs autentisering ved å bruke din eksisterende Pangolin-identitet.",
+ "sshLearnMore": "Lær mer",
+ "sshPrivateKeyFile": "Privat Nøkkelfil",
+ "sshAuthenticate": "Koble til",
+ "sshTerminate": "Avslutt",
+ "sshPoweredBy": "Drevet av",
+ "sshErrorNoTarget": "Ingen mål spesifisert",
+ "sshErrorWebSocket": "WebSocket-tilkobling mislyktes",
+ "sshErrorAuthFailed": "Autentisering mislyktes",
+ "sshErrorConnectionClosed": "Tilkobling avsluttet før autentisering ble fullført",
+ "sitePangolinSshDescription": "Tillat SSH-tilgang til ressurser på dette nettstedet. Dette kan endres senere.",
+ "browserGatewayNoResourceForDomain": "Ingen ressurser funnet for dette domenet",
+ "browserGatewayNoTarget": "Ingen mål",
+ "browserGatewayConnect": "Koble til",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Kunne ikke signere SSH-nøkkel for PAM-påloggingsautentisering. Logget du inn som bruker?",
+ "sshTerminalError": "Feil: {error}",
+ "sshConnectionClosedCode": "Tilkoblingen ble lukket (kode {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGYNN OPENSSH PRIVAT NØKKEL-----",
+ "sshPrivateKeyRequired": "Privat nøkkel er påkrevd",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Skriv inn VNC-kredentialene dine for å koble til",
+ "vncUsernameOptional": "Brukernavn (valgfritt)",
+ "vncPasswordOptional": "Passord (valgfritt)",
+ "vncNoResourceTarget": "Ingen ressursemål tilgjengelig",
+ "vncFailedToLoadNovnc": "Klarte ikke å laste noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Lim inn utklippstavle",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Logg på Fjernskrivebord",
+ "rdpSignInDescription": "Skriv inn Windows-legitimasjon for å koble til",
+ "rdpLoadingModule": "Laster modul...",
+ "rdpFailedToLoadModule": "Kunne ikke laste RDP-modul",
+ "rdpNotReady": "Ikke klar",
+ "rdpModuleInitializing": "RDP-modulen er fortsatt under initialisering",
+ "rdpDownloadingFiles": "Laster ned {count} fil(er) fra fjern…",
+ "rdpDownloadFailed": "Nedlasting feilet: {fileName}",
+ "rdpUploaded": "Opplastet: {fileName}",
+ "rdpNoConnectionTarget": "Ingen tilkoblingsmål tilgjengelig",
+ "rdpConnectionFailed": "Tilkoblingen feilet",
+ "rdpFit": "Tilpass",
+ "rdpFull": "Full",
+ "rdpReal": "Ekte",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Last opp filer",
+ "rdpFilesReadyToPaste": "Filer klare til å limes inn",
+ "rdpFilesReadyToPasteDescription": "{count} fil(er) kopiert til fjernutklippstavlen — trykk Ctrl+V på fjernskrivebordet for å lime inn.",
+ "rdpUploadFailed": "Opplastningen mislyktes",
+ "rdpUnicodeKeyboardMode": "Unicode tastaturmodus",
+ "sessionToolbarShow": "Vis verktøylinje",
+ "sessionToolbarHide": "Skjul verktøylinje"
}
diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index f989db342..702ff0325 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -66,9 +66,15 @@
"local": "Lokaal",
"edit": "Bewerken",
"siteConfirmDelete": "Verwijderen van site bevestigen",
+ "siteConfirmDeleteAndResources": "Bevestig Verwijderen van Site en Bronnen",
"siteDelete": "Site verwijderen",
+ "siteDeleteAndResources": "Site en Bronnen verwijderen",
"siteMessageRemove": "Eenmaal verwijderd zal de site niet langer toegankelijk zijn. Alle aan de site gekoppelde doelen zullen ook worden verwijderd.",
+ "siteMessageRemoveAndResources": "Dit zal permanent alle publieke en private resources gekoppeld aan deze site verwijderen, zelfs als een resource ook aan andere sites is gekoppeld.",
"siteQuestionRemove": "Weet u zeker dat u de site wilt verwijderen uit de organisatie?",
+ "siteQuestionRemoveAndResources": "Weet u zeker dat u deze site en alle gekoppelde resources wilt verwijderen?",
+ "sitesTableDeleteSite": "Site verwijderen",
+ "sitesTableDeleteSiteAndResources": "Site en Bronnen verwijderen",
"siteManageSites": "Sites beheren",
"siteDescription": "Maak en beheer sites om verbinding met privénetwerken in te schakelen",
"sitesBannerTitle": "Verbind elk netwerk",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Privébronnen bekijken",
"siteInstallNewt": "Installeer Newt",
"siteInstallNewtDescription": "Laat Newt draaien op uw systeem",
+ "siteInstallKubernetesDocsDescription": "Voor meer informatie over de installatie van Kubernetes, zie docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Voor instructies voor de installatie van Advantech modems, zie docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "WireGuard Configuratie",
"WgConfigurationDescription": "Gebruik de volgende configuratie om verbinding te maken met het netwerk",
"operatingSystem": "Operating systeem",
@@ -115,6 +123,16 @@
"siteUpdated": "Site bijgewerkt",
"siteUpdatedDescription": "De site is bijgewerkt.",
"siteGeneralDescription": "Algemene instellingen voor deze site configureren",
+ "siteRestartTitle": "Herstart Site",
+ "siteRestartDescription": "Herstart de WireGuard-tunnel voor deze site. Dit zal de connectiviteit kort onderbreken.",
+ "siteRestartBody": "Gebruik dit als de sitetunnel niet correct functioneert en je wilt een herverbinding forceren zonder de host opnieuw op te starten.",
+ "siteRestartButton": "Herstart Site",
+ "siteRestartDialogMessage": "Weet u zeker dat u de WireGuard-tunnel voor {name} wilt herstarten? De site zal tijdelijk geen connectiviteit hebben.",
+ "siteRestartWarning": "De site zal kort worden losgekoppeld terwijl de tunnel opnieuw wordt gestart.",
+ "siteRestarted": "Site herstart",
+ "siteRestartedDescription": "De WireGuard-tunnel is opnieuw gestart.",
+ "siteErrorRestart": "Site herstarten mislukt",
+ "siteErrorRestartDescription": "Er is een fout opgetreden tijdens het herstarten van de site.",
"siteSettingDescription": "Configureer de instellingen van de site",
"siteResourcesTab": "Bronnen",
"siteResourcesNoneOnSite": "Deze site heeft nog geen openbare of privébronnen.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
"siteInfo": "Site informatie",
"status": "Status",
- "shareTitle": "Beheer deellinks",
+ "shareTitle": "Beheer Deelbare Links",
"shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot proxybronnen te verlenen",
- "shareSearch": "Zoek share links...",
- "shareCreate": "Maak Share link",
+ "shareSearch": "Zoek deelbare links...",
+ "shareCreate": "Creëer Deelbare Link",
"shareErrorDelete": "Kan link niet verwijderen",
"shareErrorDeleteMessage": "Fout opgetreden tijdens het verwijderen link",
"shareDeleted": "Link verwijderd",
"shareDeletedDescription": "De link is verwijderd",
- "shareDelete": "Verwijder Deel Link",
- "shareDeleteConfirm": "Bevestig verwijdering van Deel Link",
+ "shareDelete": "Verwijder Deelbare Link",
+ "shareDeleteConfirm": "Bevestig Verwijdering Deelbare Link",
"shareQuestionRemove": "Weet u zeker dat u deze deel link wilt verwijderen?",
"shareMessageRemove": "Zodra verwijderd, zal de link niet meer werken en zal iedereen die het gebruikt de toegang tot de bron verliezen.",
"shareTokenDescription": "De toegangstoken kan op twee manieren worden doorgegeven: als queryparameter of in de aanvraagheaders. Deze moeten worden doorgegeven van de client op elk verzoek voor geverifieerde toegang.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Fout opgetreden tijdens het maken van de share link",
"shareCreateDescription": "Iedereen met deze link heeft toegang tot de pagina",
"shareTitleOptional": "Titel (optioneel)",
+ "sharePathOptional": "Pad (optioneel)",
+ "sharePathDescription": "De link zal gebruikers naar dit pad doorsturen na authenticatie.",
"expireIn": "Vervalt in",
"neverExpire": "Nooit verlopen",
"shareExpireDescription": "Vervaltijd is hoe lang de link bruikbaar is en geeft toegang tot de bron. Na deze tijd zal de link niet meer werken en zullen gebruikers die deze link hebben gebruikt de toegang tot de pagina verliezen.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Selecteer een bron",
"proxyResourceTitle": "Openbare bronnen beheren",
"proxyResourceDescription": "Creëer en beheer bronnen die openbaar toegankelijk zijn via een webbrowser",
- "proxyResourcesBannerTitle": "Webgebaseerde openbare toegang",
- "proxyResourcesBannerDescription": "Openbare bronnen zijn HTTPS of TCP/UDP-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot priv��bronnen vereisen ze geen client-side software maar kunnen ze identiteits- en context-bewuste toegangsrichtlijnen bevatten.",
+ "publicResourcesBannerTitle": "Web-gebaseerde Openbare Toegang",
+ "publicResourcesBannerDescription": "Openbare bronnen zijn HTTPS-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot privébronnen hoeven ze geen client-software te hebben en kunnen ze identiteit- en context bewuste toegangsmiddelen bevatten.",
"clientResourceTitle": "Privébronnen beheren",
"clientResourceDescription": "Creëer en beheer bronnen die alleen toegankelijk zijn via een verbonden client",
"privateResourcesBannerTitle": "Zero-Trust Private Access",
@@ -208,11 +228,37 @@
"resourcesSearch": "Zoek bronnen...",
"resourceAdd": "Bron toevoegen",
"resourceErrorDelte": "Fout bij verwijderen document",
+ "resourcePoliciesBannerTitle": "Herbruik Authenticatie en Toegangsregels",
+ "resourcePoliciesBannerDescription": "Gedeelde bronbeleidslijnen laten u authenticatiemethoden en toegangsregels eenmaal definiëren, en ze vervolgens koppelen aan meerdere openbare bronnen. Wanneer u een beleid bijwerkt, erft elke gekoppelde bron de wijziging automatisch.",
+ "resourcePoliciesBannerButtonText": "Meer informatie",
+ "resourcePoliciesTitle": "Beheer Openbare Bronnenbeleid",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Bronnen",
+ "resourcePoliciesAttachedResources": "{count} bron(nen)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# bron} other {# bronnen}}",
+ "resourcePoliciesAttachedResourcesEmpty": "geen bronnen",
+ "resourcePoliciesDescription": "Creëer en beheer authenticatiebeleid om toegang tot uw openbare bronnen te controleren",
+ "resourcePoliciesSearch": "Beleidsregels zoeken...",
+ "resourcePoliciesAdd": "Beleid toevoegen",
+ "resourcePoliciesDefaultBadgeText": "Standaard beleidsregel",
+ "resourcePoliciesCreate": "Openbare Bronbeleid maken",
+ "resourcePoliciesCreateDescription": "Volg de onderstaande stappen om een nieuw beleid aan te maken",
+ "resourcePolicyName": "Beleidsregelnaam",
+ "resourcePolicyNameDescription": "Geef deze beleidsregel een naam om deze te identificeren in uw bronnen",
+ "resourcePolicyNamePlaceholder": "bijv. Intern Toegangsbeleid",
+ "resourcePoliciesSeeAll": "Zie Alle Beleid",
+ "resourcePolicyAuthMethodAdd": "Authenticatiemethode toevoegen",
+ "resourcePolicyOtpEmailAdd": "OTP e-mails toevoegen",
+ "resourcePolicyRulesAdd": "Regels toevoegen",
+ "resourcePolicyAuthMethodsDescription": "Sta toegang tot bronnen toe via aanvullende authenticatiemethoden",
+ "resourcePolicyUsersRolesDescription": "Bepaal welke gebruikers en rollen geassocieerde bronnen kunnen bezoeken",
+ "rulesResourcePolicyDescription": "Stel regels in om toegang te regelen tot bronnen die zijn gekoppeld aan dit beleid",
"authentication": "Authenticatie",
"protected": "Beschermd",
"notProtected": "Niet beveiligd",
"resourceMessageRemove": "Eenmaal verwijderd, zal het bestand niet langer toegankelijk zijn. Alle doelen die gekoppeld zijn aan het hulpbron, zullen ook verwijderd worden.",
"resourceQuestionRemove": "Weet u zeker dat u het document van de organisatie wilt verwijderen?",
+ "resourcePolicyMessageRemove": "Zodra verwijderd, zal het bronbeleid niet langer toegankelijk zijn. Alle met de bron geassocieerde bronnen worden ontkoppeld en zonder authenticatie achtergelaten.",
+ "resourcePolicyQuestionRemove": "Weet u zeker dat u het bronbeleid uit de organisatie wilt verwijderen?",
"resourceHTTP": "HTTPS bron",
"resourceHTTPDescription": "Proxyverzoeken via HTTPS met een volledig gekwalificeerde domeinnaam.",
"resourceRaw": "TCP/UDP bron",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy verzoeken over rauwe TCP/UDP met behulp van een poortnummer. Vereist sites om verbinding te maken met een remote node.",
"resourceCreate": "Bron maken",
"resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
+ "resourceCreateGeneralDescription": "Configureer de basisinstellingen van de bron, inclusief de naam en het type",
"resourceSeeAll": "Alle bronnen bekijken",
- "resourceInfo": "Bron informatie",
+ "resourceCreateGeneral": "Algemeen",
"resourceNameDescription": "Dit is de weergavenaam voor het document.",
"siteSelect": "Selecteer site",
"siteSearch": "Zoek site",
@@ -231,12 +278,15 @@
"noCountryFound": "Geen land gevonden.",
"siteSelectionDescription": "Deze site zal connectiviteit met het doelwit bieden.",
"resourceType": "Type bron",
- "resourceTypeDescription": "Bepaal hoe u toegang wilt tot de bron",
+ "resourceTypeDescription": "Dit bepaalt het bronprotocol en hoe het in de browser wordt weergegeven. Dit kan later niet gewijzigd worden.",
+ "resourceDomainDescription": "De bron zal worden bediend onder deze volledig gekwalificeerde domeinnaam.",
"resourceHTTPSSettings": "HTTPS instellingen",
"resourceHTTPSSettingsDescription": "Stel in hoe de bron wordt benaderd via HTTPS",
+ "resourcePortDescription": "De externe poort op de Pangolin-instantie of -node waar de bron toegankelijk zal zijn.",
"domainType": "Domein type",
"subdomain": "Subdomein",
"baseDomain": "Basis domein",
+ "configure": "Configureren",
"subdomnainDescription": "Het subdomein waar de bron toegankelijk zal zijn.",
"resourceRawSettings": "TCP/UDP instellingen",
"resourceRawSettingsDescription": "Stel in hoe de bron wordt benaderd via TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Achterzijde",
"cancel": "Annuleren",
"resourceConfig": "Configuratie tekstbouwstenen",
- "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om de TCP/UDP-bron in te stellen",
+ "resourceConfigDescription": "Kopieer en plak deze configuratiesnippets om de TCP/UDP-bron op te zetten.",
"resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
"resourceExposePorts": "Gerbild: Gevangen blootstellen in Docker Compose",
"resourceLearnRaw": "Leer hoe je TCP/UDP bronnen kunt configureren",
"resourceBack": "Terug naar bronnen",
"resourceGoTo": "Ga naar Resource",
+ "resourcePolicyDelete": "Verwijder Bronbeleid",
+ "resourcePolicyDeleteConfirm": "Bevestig Verwijderen Bronbeleid",
"resourceDelete": "Document verwijderen",
"resourceDeleteConfirm": "Bevestig Verwijderen Document",
+ "labelDelete": "Label verwijderen",
+ "labelAdd": "Label toevoegen",
+ "labelCreateSuccessMessage": "Label succesvol aangemaakt",
+ "labelDuplicateError": "Dubbel Label",
+ "labelDuplicateErrorDescription": "Een label met deze naam bestaat al.",
+ "labelEditSuccessMessage": "Label succesvol gewijzigd",
+ "labelNameField": "Labelnaam",
+ "labelColorField": "Label kleur",
+ "labelPlaceholder": "Bijv.: homelab",
+ "labelCreate": "Label aanmaken",
+ "createLabelDialogTitle": "Label aanmaken",
+ "createLabelDialogDescription": "Maak een nieuw label aan dat aan deze organisatie kan worden gekoppeld",
+ "labelEdit": "Label bewerken",
+ "editLabelDialogTitle": "Label bijwerken",
+ "editLabelDialogDescription": "Bewerk een nieuw label dat aan deze organisatie kan worden gekoppeld",
+ "labelDeleteConfirm": "Bevestigen Verwijderen Label",
+ "labelErrorDelete": "Kan label niet verwijderen",
+ "labelMessageRemove": "Deze handeling is definitief. Alle sites, bronnen en klanten met dit label zullen worden onttakeld.",
+ "labelQuestionRemove": "Weet u zeker dat u het label uit de organisatie wilt verwijderen?",
"visibility": "Zichtbaarheid",
"enabled": "Ingeschakeld",
"disabled": "Uitgeschakeld",
@@ -265,6 +336,8 @@
"rules": "Regels",
"resourceSettingDescription": "Configureer de instellingen in de bron",
"resourceSetting": "{resourceName} instellingen",
+ "resourcePolicySettingDescription": "Configureer de instellingen van dit openbare bronbeleid",
+ "resourcePolicySetting": "{policyName} instellingen",
"alwaysAllow": "Authenticatie omzeilen",
"alwaysDeny": "Blokkeer toegang",
"passToAuth": "Passeren naar Auth",
@@ -630,7 +703,7 @@
"createdAt": "Aangemaakt op",
"proxyErrorInvalidHeader": "Ongeldige aangepaste Header waarde. Gebruik het domeinnaam formaat, of sla leeg op om de aangepaste Host header ongedaan te maken.",
"proxyErrorTls": "Ongeldige TLS servernaam. Gebruik de domeinnaam of sla leeg op om de TLS servernaam te verwijderen.",
- "proxyEnableSSL": "TLS inschakelen",
+ "proxyEnableSSL": "Schakel TLS in",
"proxyEnableSSLDescription": "SSL/TLS-versleuteling inschakelen voor beveiligde HTTPS-verbindingen naar de doelen.",
"target": "Target",
"configureTarget": "Doelstellingen configureren",
@@ -671,7 +744,7 @@
"targetSubmit": "Doelwit toevoegen",
"targetNoOne": "Deze bron heeft geen doelwitten. Voeg een doel toe om te configureren waar verzoeken naar de backend verzonden kunnen worden.",
"targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
- "targetsSubmit": "Doelstellingen opslaan",
+ "targetsSubmit": "Instellingen opslaan",
"addTarget": "Doelwit toevoegen",
"proxyMultiSiteRoundRobinNodeHelp": "Round-robin routering werkt niet tussen locaties die niet met hetzelfde knooppunt zijn verbonden, maar failover werkt wel.",
"targetErrorInvalidIp": "Ongeldig IP-adres",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Dupliceer regel",
"rulesErrorDuplicateDescription": "Een regel met deze instellingen bestaat al",
"rulesErrorInvalidIpAddressRange": "Ongeldige CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldige CIDR waarde in",
- "rulesErrorInvalidUrl": "Ongeldige URL pad",
- "rulesErrorInvalidUrlDescription": "Voer een geldige URL padwaarde in",
- "rulesErrorInvalidIpAddress": "Ongeldig IP",
- "rulesErrorInvalidIpAddressDescription": "Voer een geldig IP-adres in",
+ "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldig CIDR-bereik in (bijv. 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Ongeldig pad",
+ "rulesErrorInvalidUrlDescription": "Voer een geldig URL-pad of patroon in (bijv. /api/*).",
+ "rulesErrorInvalidIpAddress": "Ongeldig IP-adres",
+ "rulesErrorInvalidIpAddressDescription": "Voer een geldig IPv4- of IPv6-adres in.",
"rulesErrorUpdate": "Regels bijwerken mislukt",
"rulesErrorUpdateDescription": "Fout opgetreden tijdens het bijwerken van de regels",
"rulesUpdated": "Regels inschakelen",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Voer een IP-adres in (bijv. 103.21.244.12)",
"rulesMatchUrl": "Voer een URL-pad of patroon in (bijv. /api/v1/todos of /api/v1/*)",
"rulesErrorInvalidPriority": "Ongeldige prioriteit",
- "rulesErrorInvalidPriorityDescription": "Voer een geldige prioriteit in",
+ "rulesErrorInvalidPriorityDescription": "Voer een geheel getal van 1 of hoger in.",
"rulesErrorDuplicatePriority": "Dubbele prioriteiten",
- "rulesErrorDuplicatePriorityDescription": "Voer unieke prioriteiten in",
+ "rulesErrorDuplicatePriorityDescription": "Elke regel moet een uniek prioriteitsnummer hebben.",
+ "rulesErrorValidation": "Ongeldige regels",
+ "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Selecteer een geldig matchtype (pad, IP, CIDR, land, regio of ASN).",
+ "rulesErrorValueRequired": "Voer een waarde in voor deze regel.",
+ "rulesErrorInvalidCountry": "Ongeldig land",
+ "rulesErrorInvalidCountryDescription": "Selecteer een geldig land.",
+ "rulesErrorInvalidAsn": "Ongeldige ASN",
+ "rulesErrorInvalidAsnDescription": "Voer een geldig ASN in (bijv. AS15169).",
"ruleUpdated": "Regels bijgewerkt",
"ruleUpdatedDescription": "Regels met succes bijgewerkt",
"ruleErrorUpdate": "Bewerking mislukt",
"ruleErrorUpdateDescription": "Er is een fout opgetreden tijdens het opslaan",
"rulesPriority": "Prioriteit",
+ "rulesReorderDragHandle": "Sleep om de regelprioriteit te herordenen",
"rulesAction": "actie",
"rulesMatchType": "Wedstrijd Type",
"value": "Waarde",
@@ -744,9 +826,60 @@
"rulesResource": "Configuratie Resource Regels",
"rulesResourceDescription": "Regels instellen om toegang tot de bron te beheren",
"ruleSubmit": "Regel toevoegen",
- "rulesNoOne": "Geen regels. Voeg een regel toe via het formulier.",
+ "rulesNoOne": "Nog geen regels.",
"rulesOrder": "Regels worden in oplopende volgorde volgens prioriteit beoordeeld.",
"rulesSubmit": "Regels opslaan",
+ "policyErrorCreate": "Fout bij het maken van beleid",
+ "policyErrorCreateDescription": "Er is een fout opgetreden bij het maken van het beleid",
+ "policyErrorCreateMessageDescription": "Er is een onverwachte fout opgetreden",
+ "policyErrorUpdate": "Fout bij het bijwerken van beleid",
+ "policyErrorUpdateDescription": "Er is een fout opgetreden bij het bijwerken van het beleid",
+ "policyErrorUpdateMessageDescription": "Er is een onverwachte fout opgetreden",
+ "policyCreatedSuccess": "Bronbeleid met succes aangemaakt",
+ "policyUpdatedSuccess": "Bronbeleid succesvol bijgewerkt",
+ "authMethodsSave": "Instellingen opslaan",
+ "policyAuthStackTitle": "Authenticatie",
+ "policyAuthStackDescription": "Bepaal welke authenticatiemethoden vereist zijn om toegang tot deze bron te krijgen",
+ "policyAuthOrLogicTitle": "Meerdere authenticatiemethoden actief",
+ "policyAuthOrLogicBanner": "Bezoekers kunnen zich aanmelden met een van de hieronder actieve methoden. Ze hoeven ze niet allemaal te voltooien.",
+ "policyAuthMethodActive": "Actief",
+ "policyAuthMethodOff": "Uit",
+ "policyAuthSsoTitle": "Platform SSO",
+ "policyAuthSsoDescription": "Vereis inloggen via de identiteit provider van uw organisatie",
+ "policyAuthSsoSummary": "{idp} · {users} gebruikers, {roles} rollen",
+ "policyAuthSsoDefaultIdp": "Standaard provider",
+ "policyAuthAddDefaultIdentityProvider": "Standaard Identiteit Provider Toevoegen",
+ "policyAuthOtherMethodsTitle": "Andere Methoden",
+ "policyAuthOtherMethodsDescription": "Optionele methoden die bezoekers kunnen gebruiken in plaats van of samen met platform SSO",
+ "policyAuthPasscodeTitle": "Toegangscode",
+ "policyAuthPasscodeDescription": "Vereis een alfanumerieke toegangscode om toegang te krijgen tot de bron",
+ "policyAuthPasscodeSummary": "Toegangscode ingesteld",
+ "policyAuthPincodeTitle": "Pincode",
+ "policyAuthPincodeDescription": "Een korte numerieke code vereist om toegang tot de bron te krijgen",
+ "policyAuthPincodeSummary": "6-cijferige Pincode ingesteld",
+ "policyAuthEmailTitle": "E-mail Whitelist",
+ "policyAuthEmailDescription": "Sta vermelde e-mailadressen toe met eenmalige wachtwoorden",
+ "policyAuthEmailSummary": "{count} adressen toegestaan",
+ "policyAuthEmailOtpCallout": "Het inschakelen van e-mailwhitelist stuurt een eenmalig wachtwoord naar de e-mail van de bezoeker bij het inloggen.",
+ "policyAuthHeaderAuthTitle": "Basic Header Authenticatie",
+ "policyAuthHeaderAuthDescription": "Valideer een aangepaste HTTP-headernaam en waarde bij elk verzoek",
+ "policyAuthHeaderAuthSummary": "Header geconfigureerd",
+ "policyAuthHeaderName": "Header naam",
+ "policyAuthHeaderValue": "Verwachte waarde",
+ "policyAuthSetPasscode": "Stel toegangscode in",
+ "policyAuthSetPincode": "Stel Pincode in",
+ "policyAuthSetEmailWhitelist": "Stel E-mail Whitelist in",
+ "policyAuthSetHeaderAuth": "Stel Basis Header Authenticatie in",
+ "policyAccessRulesTitle": "Toegang Regels",
+ "policyAccessRulesEnableDescription": "Wanneer ingeschakeld, worden regels in aflopende volgorde geëvalueerd totdat er één als waar wordt geoordeeld.",
+ "policyAccessRulesFirstMatch": "Regels worden van boven naar beneden geëvalueerd. De eerste overeenkomstige regel bepaalt de uitkomst.",
+ "policyAccessRulesHowItWorks": "Regels komen overeen met verzoeken op basis van pad, IP-adres, locatie of andere criteria. Elke regel past een actie toe: authenticatie omzeilen, toegang blokkeren of authenticatie doorgeven. Als er geen regel overeenkomt, gaat het verkeer door naar authenticatie.",
+ "policyAccessRulesFallthroughOff": "Wanneer regels zijn uitgeschakeld, passeert al het verkeer naar authenticatie.",
+ "policyAccessRulesFallthroughOn": "Wanneer geen regel overeenkomt, passeert het verkeer naar authenticatie.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Regels opslaan",
"resourceErrorCreate": "Fout bij maken document",
"resourceErrorCreateDescription": "Er is een fout opgetreden bij het maken van het document",
"resourceErrorCreateMessage": "Fout bij maken bron:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Er is een fout opgetreden tijdens het bijwerken van het document",
"access": "Toegangsrechten",
"accessControl": "Toegangs controle",
- "shareLink": "{resource} Share link",
+ "shareLink": "{resource} Deelbare Link",
"resourceSelect": "Selecteer resource",
- "shareLinks": "Links delen",
+ "shareLinks": "Deelbare Links",
"share": "Deelbare links",
"shareDescription2": "Maak deelbare links naar bronnen. Links bieden tijdelijke of onbeperkte toegang tot je bestand. U kunt de vervalduur van de link configureren wanneer u er een aanmaakt.",
"shareEasyCreate": "Makkelijk te maken en te delen",
@@ -810,6 +943,17 @@
"pincodeAdd": "PIN-code toevoegen",
"pincodeRemove": "PIN-code verwijderen",
"resourceAuthMethods": "Authenticatie methoden",
+ "resourcePolicyAuthMethodsEmpty": "Geen authenticatiemethode",
+ "resourcePolicyOtpEmpty": "Geen eenmalig wachtwoord",
+ "resourcePolicyReadOnly": "Dit beleid is alleen-lezen",
+ "resourcePolicyReadOnlyDescription": "Dit bronbeleid wordt gedeeld over meerdere bronnen, u kunt het niet op deze pagina bewerken.",
+ "editSharedPolicy": "Gedeeld Beleid Bewerken",
+ "resourcePolicyTypeSave": "Bewaar brontype",
+ "resourcePolicySelect": "Selecteer bronbeleid",
+ "resourcePolicySelectError": "Selecteer een bronbeleid",
+ "resourcePolicyNotFound": "Beleid niet gevonden",
+ "resourcePolicySearch": "Beleidsregels zoeken",
+ "resourcePolicyRulesEmpty": "Geen authenticatieregels",
"resourceAuthMethodsDescriptions": "Sta toegang tot de bron toe via extra autorisatiemethoden",
"resourceAuthSettingsSave": "Succesvol opgeslagen",
"resourceAuthSettingsSaveDescription": "Verificatie-instellingen zijn opgeslagen",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Pincode instellen",
"resourcePincodeSetupTitleDescription": "Stel een pincode in om deze hulpbron te beschermen",
"resourceRoleDescription": "Beheerders hebben altijd toegang tot deze bron.",
+ "resourcePolicySelectTitle": "Toegangsbeleid voor bronnen",
+ "resourcePolicySelectDescription": "Selecteer het bronbeleidstype voor authenticatie",
+ "resourcePolicyTypeLabel": "Beleidstype",
+ "resourcePolicyLabel": "Bronbeleid",
+ "resourcePolicyInline": "Inline bronbeleid",
+ "resourcePolicyInlineDescription": "Toegangsbeleid alleen gericht op deze bron",
+ "resourcePolicyShared": "Gedeeld bronbeleid",
+ "resourcePolicySharedDescription": "Deze bron gebruikt een gedeeld beleid.",
+ "sharedPolicy": "Gedeeld Beleid",
+ "sharedPolicyNoneDescription": "Deze bron heeft zijn eigen beleid.",
+ "resourceSharedPolicyOwnDescription": "Deze bron heeft zijn eigen authenticatie- en toegangsvanregels.",
+ "resourceSharedPolicyInheritedDescription": "Deze bron erft van {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Deze bron gebruikt een gedeeld beleid. Sommige authenticatie-instellingen kunnen op deze bron worden bewerkt om toe te voegen aan het beleid. Om het onderliggende beleid te wijzigen, moet u het beleid bewerken in {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Deze bron gebruikt een gedeeld beleid. Sommige toegangsregels kunnen op deze bron worden bewerkt. Om het onderliggende beleid te wijzigen, moet u {policyName} bewerken.",
"resourceUsersRoles": "Toegang Bediening",
"resourceUsersRolesDescription": "Configureer welke gebruikers en rollen deze pagina kunnen bezoeken",
"resourceUsersRolesSubmit": "Bewaar Toegangsbesturing",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Zichtbaarheid",
"resourceVisibilityTitleDescription": "Zichtbaarheid van bestanden volledig in- of uitschakelen",
"resourceGeneral": "Algemene instellingen",
- "resourceGeneralDescription": "Configureer de algemene instellingen voor deze bron",
+ "resourceGeneralDescription": "Configureer naam, adres en toegangspolicy voor deze bron.",
+ "resourceGeneralDetailsSubsection": "Bron Details",
+ "resourceGeneralDetailsSubsectionDescription": "Stel de weergavenaam, identificatiecode en publiek toegankelijk domein voor deze bron in.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Stel de weergavenaam, identificatiecode en publieke poort voor deze bron in.",
+ "resourceGeneralPublicAddressSubsection": "Publiek Adres",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configureer hoe gebruikers deze bron bereiken.",
+ "resourceGeneralAuthenticationAccessSubsection": "Authenticatie & Toegang",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Kies of deze bron zijn eigen beleid gebruikt of van een gedeeld beleid erft.",
"resourceEnable": "Resource inschakelen",
"resourceTransfer": "Bronnen overdragen",
"resourceTransferDescription": "Verplaats dit document naar een andere site",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Er was een probleem bij het verbinden met {name}. Neem contact op met uw beheerder.",
"idpErrorNotFound": "IdP niet gevonden",
"inviteInvalid": "Ongeldige uitnodiging",
+ "labels": "Labels",
+ "orgLabelsDescription": "Beheer labels in deze organisatie.",
+ "addLabels": "Labels toevoegen",
+ "siteLabelsTab": "Labels",
+ "siteLabelsDescription": "Beheer labels geassocieerd met deze site.",
+ "labelsNotFound": "Geen labels gevonden.",
+ "labelsEmptyCreateHint": "Begin hierboven te typen om een label te maken.",
+ "labelSearch": "Labels zoeken",
+ "labelSearchOrCreate": "Zoek of maak een label",
+ "accessLabelFilterCount": "{count, plural, one {# label} other {# labels}}",
+ "labelOverflowCount": "+{count, plural, one {# label} other {# labels}}",
+ "accessLabelFilterClear": "Labelfilters wissen",
+ "accessFilterClear": "Wissen van filters",
+ "selectColor": "Kleur selecteren",
+ "createNewLabel": "Nieuw org-label \"{label}\" aanmaken",
"inviteInvalidDescription": "Uitnodigingslink is ongeldig.",
"inviteErrorWrongUser": "Uitnodiging is niet voor deze gebruiker",
"inviteErrorUserNotExists": "Gebruiker bestaat niet. Maak eerst een account aan.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Blauwdruk toepassen",
"actionListBlueprints": "Lijst blauwdrukken",
"actionGetBlueprint": "Krijg Blauwdruk",
+ "actionCreateOrgWideLauncherView": "Maak Organisatiebrede Launcher Weergave",
"setupToken": "Instel Token",
"setupTokenDescription": "Voer het setup-token in vanaf de serverconsole.",
"setupTokenRequired": "Setup-token is vereist",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Bronnen",
"sidebarProxyResources": "Openbaar",
"sidebarClientResources": "Privé",
+ "sidebarPolicies": "Gedeeld Beleid",
+ "sidebarResourcePolicies": "Openbare Bronnen",
"sidebarAccessControl": "Toegangs controle",
"sidebarLogsAndAnalytics": "Logs & Analytics",
"sidebarTeam": "Team",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Beheerder",
"sidebarInvitations": "Uitnodigingen",
"sidebarRoles": "Rollen",
- "sidebarShareableLinks": "Koppelingen",
+ "sidebarShareableLinks": "Deelbare Links",
"sidebarApiKeys": "API sleutels",
"sidebarProvisioning": "Provisie",
"sidebarSettings": "Instellingen",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Site {id}",
"standaloneHcFilterResourceIdFallback": "Bron {id}",
"blueprints": "Blauwdrukken",
- "blueprintsDescription": "Gebruik declaratieve configuraties en bekijk vorige uitvoeringen.",
+ "blueprintsLog": "Log Blueprints",
+ "blueprintsDescription": "Bekijk eerdere blauwdruktoepassingen en hun resultaten of pas een nieuwe blauwdruk toe",
"blueprintAdd": "Blauwdruk toevoegen",
"blueprintGoBack": "Bekijk alle Blauwdrukken",
"blueprintCreate": "Creëer blauwdruk",
@@ -1575,7 +1759,17 @@
"contents": "Inhoud",
"parsedContents": "Geparseerde inhoud (alleen lezen)",
"enableDockerSocket": "Schakel Docker Blauwdruk in",
- "enableDockerSocketDescription": "Schakel Docker Socket label in voor blauwdruk labels. Pad naar Nieuw.",
+ "enableDockerSocketDescription": "Schakel Docker Socket-label in voor blueprint-labels. Socket-pad moet worden opgegeven aan de siteconnector. Lees meer over hoe dit werkt in de documentatie.",
+ "newtAutoUpdate": "Automatische site-update inschakelen",
+ "newtAutoUpdateDescription": "Als ingeschakeld, downloaden de site-connectoren automatisch de laatste versie en starten zichzelf opnieuw. Dit kan per site worden overschreven.",
+ "siteAutoUpdate": "Automatische site-update",
+ "siteAutoUpdateLabel": "Automatische update inschakelen",
+ "siteAutoUpdateDescription": "Als dit is ingeschakeld, downloadt en start deze site-connector automatisch de nieuwste versie opnieuw.",
+ "siteAutoUpdateOrgDefault": "Standaard van organisatie: {state}",
+ "siteAutoUpdateOverriding": "Overschrijving van organisatiestandaardinstelling",
+ "siteAutoUpdateResetToOrg": "Terugzetten naar standaard van organisatie",
+ "siteAutoUpdateEnabled": "ingeschakeld",
+ "siteAutoUpdateDisabled": "uitgeschakeld",
"viewDockerContainers": "Bekijk Docker containers",
"containersIn": "Containers in {siteName}",
"selectContainerDescription": "Selecteer een container om als hostnaam voor dit doel te gebruiken. Klik op een poort om een poort te gebruiken.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certificaat",
"certificateStatusAutoRefreshHint": "Status ververst automatisch.",
"loading": "Bezig met laden",
+ "loadingEllipsis": "Bezig met laden...",
"loadingAnalytics": "Laden van Analytics",
"restart": "Herstarten",
"domains": "Domeinen",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Accountinstelling voltooid! Welkom bij Pangolin!",
"documentation": "Documentatie",
"saveAllSettings": "Alle instellingen opslaan",
- "saveResourceTargets": "Doelstellingen opslaan",
- "saveResourceHttp": "Proxyinstellingen opslaan",
- "saveProxyProtocol": "Proxy-protocolinstellingen opslaan",
+ "saveResourceTargets": "Instellingen opslaan",
+ "saveResourceHttp": "Instellingen opslaan",
+ "saveProxyProtocol": "Instellingen opslaan",
"settingsUpdated": "Instellingen bijgewerkt",
"settingsUpdatedDescription": "Instellingen succesvol bijgewerkt",
"settingsErrorUpdate": "Bijwerken van instellingen mislukt",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Beheer je abonnement voor betaalde zelf gehoste licentiesleutels",
"billingCurrentKeys": "Huidige toetsen",
"billingModifyCurrentPlan": "Huidig plan wijzigen",
+ "billingManageLicenseSubscriptionDescription": "Beheer uw abonnement voor betaalde zelf-gehoste licentiesleutels en download facturen.",
"billingConfirmUpgrade": "Bevestig Upgrade",
"billingConfirmDowngrade": "Downgraden bevestigen",
"billingConfirmUpgradeDescription": "U staat op het punt uw abonnement te upgraden. Controleer de nieuwe limieten en prijzen hieronder.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Subnet",
"addressDescription": "Het interne adres van de klant. Moet binnen het subnetwerk van de organisatie vallen.",
"selectSites": "Selecteer sites",
+ "selectLabels": "Selecteer labels",
"sitesDescription": "De client heeft connectiviteit met de geselecteerde sites",
"clientInstallOlm": "Installeer Olm",
"clientInstallOlmDescription": "Laat Olm draaien op uw systeem",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Onbekend",
"healthCheck": "Gezondheidscontrole",
"configureHealthCheck": "Configureer Gezondheidscontrole",
- "configureHealthCheckDescription": "Stel gezondheid monitor voor {target} in",
+ "configureHealthCheckDescription": "Stel monitoring in voor uw bron om ervoor te zorgen dat deze altijd beschikbaar is",
"enableHealthChecks": "Inschakelen Gezondheidscontroles",
"healthCheckDisabledStateDescription": "Wanneer uitgeschakeld, zal de site geen gezondheidscontroles uitvoeren en wordt de staat als onbekend beschouwd.",
"enableHealthChecksDescription": "Controleer de gezondheid van dit doel. U kunt een ander eindpunt monitoren dan het doel indien vereist.",
"healthScheme": "Methode",
"healthSelectScheme": "Selecteer methode",
- "healthCheckPortInvalid": "Health check poort moet tussen 1 en 65535 zijn",
+ "healthCheckPortInvalid": "Poort moet tussen 1 en 65535 zijn",
"healthCheckPath": "Pad",
"healthHostname": "IP / Hostnaam",
"healthPort": "Poort",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Tijd is in seconden",
"requireDeviceApproval": "Vereist goedkeuring van apparaat",
"requireDeviceApprovalDescription": "Gebruikers met deze rol hebben nieuwe apparaten nodig die door een beheerder zijn goedgekeurd voordat ze verbinding kunnen maken met bronnen en deze kunnen gebruiken.",
- "sshAccess": "SSH toegang",
+ "sshSettings": "SSH-instellingen",
+ "sshAccess": "SSH Toegang",
+ "rdpSettings": "RDP-instellingen",
+ "vncSettings": "VNC-instellingen",
+ "sshServer": "SSH-server",
+ "rdpServer": "RDP-server",
+ "vncServer": "VNC-server",
+ "sshServerDescription": "Stel de authenticatiemethode, demoonlocatie en serverbestemming in",
+ "rdpServerDescription": "Configureer de bestemming en poort van de RDP-server",
+ "vncServerDescription": "Configureer de bestemming en poort van de VNC-server",
+ "sshServerMode": "Modus",
+ "sshServerModeStandard": "Standaard SSH-server",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Opdrachten over netwerk routeren naar een SSH-server zoals OpenSSH.",
+ "sshServerModeNative": "Natuurlijke SSH-server",
+ "sshServerModeNativeDescription": "Voert rechtstreeks opdrachten uit op de host via de Siteconnector. Geen netwerkconfiguratie vereist.",
+ "sshAuthenticationMethod": "Authenticatiemethode",
+ "sshAuthMethodManual": "Handmatige authenticatie",
+ "sshAuthMethodManualDescription": "Vereist bestaande hostreferenties. Omzeilt automatische voorziening.",
+ "sshAuthMethodAutomated": "Automatische voorziening",
+ "sshAuthMethodAutomatedDescription": "Creëert automatisch gebruikers, groepen en sudo-rechten op host.",
+ "sshAuthDaemonLocation": "Auth Daemon Locatie",
+ "sshDaemonLocationSiteDescription": "Wordt lokaal uitgevoerd op de machine die de siteconnector host.",
+ "sshDaemonLocationRemote": "Op Remote Host",
+ "sshDaemonLocationRemoteDescription": "Wordt uitgevoerd op een aparte doelmachine in hetzelfde netwerk.",
+ "sshDaemonDisclaimer": "Zorg ervoor dat uw doelhost goed is geconfigureerd om de auth daemon uit te voeren voordat u deze configuratie voltooit, anders zal de voorziening mislukken.",
+ "sshDaemonPort": "Demonpoort",
+ "sshServerDestination": "Serverbestemming",
+ "sshServerDestinationDescription": "Configureer de bestemming van de SSH-server",
+ "destination": "Bestemming",
+ "destinationRequired": "Bestemming is vereist.",
+ "domainRequired": "Domein is vereist.",
+ "proxyPortRequired": "Poort is vereist.",
+ "invalidPathConfiguration": "Ongeldige padconfiguratie.",
+ "invalidRewritePathConfiguration": "Ongeldige overschrijfpadconfiguratie.",
+ "bgTargetMultiSiteDisclaimer": "Het selecteren van meerdere sites maakt veerkrachtige routering mogelijk en failover voor hoge beschikbaarheid.",
"roleAllowSsh": "SSH toestaan",
"roleAllowSshAllow": "Toestaan",
"roleAllowSshDisallow": "Weigeren",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
"sshSudo": "sudo toestaan",
"sshSudoCommands": "Sudo Commando's",
- "sshSudoCommandsDescription": "Komma's gescheiden lijst van commando's waar de gebruiker een sudo mee mag uitvoeren.",
+ "sshSudoCommandsDescription": "Lijst met commando's die de gebruiker mag uitvoeren met sudo, gescheiden door komma's, spaties of nieuwe regels. Absolute paden moeten worden gebruikt.",
"sshCreateHomeDir": "Maak Home Directory",
"sshUnixGroups": "Unix groepen",
- "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
+ "sshUnixGroupsDescription": "Unix-groepen om de gebruiker aan toe te voegen op de doelhost, gescheiden door komma's, spaties of nieuwe regels.",
+ "roleTextFieldPlaceholder": "Voer waarden in, of sleep een .txt of .csv-bestand",
+ "roleTextImportTitle": "Importeer vanuit Bestand",
+ "roleTextImportDescription": "{fileName} importeren naar {fieldLabel}.",
+ "roleTextImportSkipHeader": "Sla de eerste rij over (header)",
+ "roleTextImportOverride": "Vervang Bestaande",
+ "roleTextImportAppend": "Voeg toe aan Bestaande",
+ "roleTextImportMode": "Importeer modus",
+ "roleTextImportPreview": "Voorbeeld",
+ "roleTextImportItemCount": "{count, plural, =0 {Geen items om te importeren} one {1 item om te importeren} other {# items om te importeren}}",
+ "roleTextImportTotalCount": "{existing} bestaande + {imported} geïmporteerd = {total} totaal",
+ "roleTextImportConfirm": "Importeren",
+ "roleTextImportInvalidFile": "Niet-ondersteund bestandstype",
+ "roleTextImportInvalidFileDescription": "Alleen .txt en .csv-bestanden worden ondersteund.",
+ "roleTextImportEmpty": "Geen items gevonden in bestand",
+ "roleTextImportEmptyDescription": "Het bestand bevat geen importeerbare items.",
"retryAttempts": "Herhaal Pogingen",
"expectedResponseCodes": "Verwachte Reactiecodes",
"expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",
@@ -2049,8 +2296,9 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Schema",
- "editInternalResourceDialogEnableSsl": "TLS inschakelen",
+ "editInternalResourceDialogEnableSsl": "Schakel TLS in",
"editInternalResourceDialogEnableSslDescription": "Schakel SSL/TLS-encryptie in voor beveiligde HTTPS-verbindingen met de bestemming.",
"editInternalResourceDialogDestination": "Bestemming",
"editInternalResourceDialogDestinationHostDescription": "Het IP-adres of de hostnaam van de bron op het netwerk van de site.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Site",
"selectSite": "Selecteer site...",
"multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# label} other {# labels}}",
"noSitesFound": "Geen sites gevonden.",
"createInternalResourceDialogProtocol": "Protocol",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,15 +2347,17 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Schema",
"createInternalResourceDialogScheme": "Schema",
- "createInternalResourceDialogEnableSsl": "TLS inschakelen",
+ "createInternalResourceDialogEnableSsl": "Schakel TLS in",
"createInternalResourceDialogEnableSslDescription": "Schakel SSL/TLS-encryptie in voor beveiligde HTTPS-verbindingen met de bestemming.",
"createInternalResourceDialogDestination": "Bestemming",
"createInternalResourceDialogDestinationHostDescription": "Het IP-adres of de hostnaam van de bron op het netwerk van de site.",
"createInternalResourceDialogDestinationCidrDescription": "Het CIDR-bereik van het document op het netwerk van de site.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Een optionele interne DNS-alias voor dit document.",
+ "internalResourceAliasLocalWarning": "Aliassen die eindigen op .local kunnen resolutieproblemen veroorzaken vanwege mDNS op sommige netwerken.",
"internalResourceDownstreamSchemeRequired": "Schema is vereist voor HTTP-bronnen",
"internalResourceHttpPortRequired": "Bestemmingspoort is vereist voor HTTP-bronnen",
"siteConfiguration": "Configuratie",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Externe knooppunten",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Geheim",
+ "remoteExitNodeNetworkingTitle": "Netwerkinstellingen",
+ "remoteExitNodeNetworkingDescription": "Configureer hoe dit externe exit-knooppunt verkeer routeert en welke sites de voorkeur hebben om er doorheen te verbinden. Geavanceerde functies te gebruiken met backhaul-netwerkconfiguraties.",
+ "remoteExitNodeNetworkingSave": "Instellingen opslaan",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Netwerkinstellingen opgeslagen",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Netwerkinstellingen zijn succesvol bijgewerkt.",
+ "remoteExitNodeNetworkingSaveError": "Kon netwerkinstellingen niet opslaan",
+ "remoteExitNodeNetworkingSubnetsTitle": "Externe Subnets",
+ "remoteExitNodeNetworkingSubnetsDescription": "Definieer de CIDR-bereiken waarnaar dit externe exit-knooppunt verkeer zal routeren. Voer een geldige CIDR in (bijv. 10.0.0.0/8) en druk op Enter om toe te voegen.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Voeg een CIDR-bereik toe (bijv. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Kon subnets niet laden",
+ "remoteExitNodeNetworkingLabelsTitle": "Voorkeurslabels",
+ "remoteExitNodeNetworkingLabelsDescription": "Sites met deze labels worden verplicht om verbinding te maken via dit externe exit-knooppunt.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Selecteer labels...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Labels zoeken...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Kon labels niet laden",
"remoteExitNodeCreate": {
"title": "Externe knoop aanmaken",
"description": "Maak een nieuwe zelf-gehoste externe relais- en proxyservermodule",
@@ -2233,7 +2499,7 @@
"description": "betrouwbaardere en slecht onderhouden Pangolin server met extra klokken en klokkenluiders",
"introTitle": "Beheerde zelfgehoste pangolin",
"introDescription": "is een implementatieoptie ontworpen voor mensen die eenvoud en extra betrouwbaarheid willen, terwijl hun gegevens privé en zelf georganiseerd blijven.",
- "introDetail": "Met deze optie beheert u nog steeds uw eigen Pangolin node - uw tunnels, TLS-verbinding en verkeer alles op uw server. Het verschil is dat beheer en monitoring worden behandeld via onze cloud dashboard, wat een aantal voordelen oplevert:",
+ "introDetail": "Met deze optie beheert u nog steeds uw eigen Pangolin-node - uw tunnels, TLS-terminatie en verkeer blijven allemaal op uw server. Het verschil is dat beheer en monitoring worden afgehandeld via ons cloud-dashboard, wat een aantal voordelen oplevert:",
"benefitSimplerOperations": {
"title": "Simpler operaties",
"description": "Je hoeft geen eigen mailserver te draaien of complexe waarschuwingen in te stellen. Je krijgt gezondheidscontroles en downtime meldingen uit de box."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC provider",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Subnet",
+ "utilitySubnet": "Hulpmiddel Subnet",
"subnetDescription": "Het subnet van de netwerkconfiguratie van deze organisatie.",
"customDomain": "Aangepast domein",
"authPage": "Authenticatiepagina's",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Organisatie of domein ID ontbreekt",
"loadingDNSRecords": "DNS-records laden...",
"olmUpdateAvailableInfo": "Er is een bijgewerkte versie van Olm beschikbaar. Update alstublieft naar de nieuwste versie voor de beste ervaring.",
+ "updateAvailableInfo": "Er is een bijgewerkte versie beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
"client": "Klant",
"proxyProtocol": "Proxy Protocol Instellingen",
"proxyProtocolDescription": "Proxyprotocol configureren om de IP-adressen van de client voor TCP-diensten te bewaren.",
"enableProxyProtocol": "Proxy Protocol inschakelen",
"proxyProtocolInfo": "Behoud IP adressen van de client voor TCP backends",
"proxyProtocolVersion": "Proxy Protocol Versie",
- "version1": " Versie 1 (Aanbevolen)",
+ "version1": "Versie 1 (Aanbevolen)",
"version2": "Versie 2",
- "versionDescription": "Versie 1 is text-based en breed ondersteund. Versie 2 is binair en efficiënter maar minder compatibel.",
+ "version1Description": "Tekstgebaseerd en breed ondersteund. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
+ "version2Description": "Binair en efficiënter maar minder compatibel. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
"warning": "Waarschuwing",
"proxyProtocolWarning": "De backend applicatie moet worden geconfigureerd om Proxy Protocol verbindingen te accepteren. Als je backend geen Proxy Protocol ondersteunt, zal het inschakelen van dit alle verbindingen verbreken, dus schakel dit alleen in als je weet wat je doet. Zorg ervoor dat je je backend configureert om Proxy Protocol headers van Traefik.",
"restarting": "Herstarten...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Bevestiging invoeren",
"blueprintViewDetails": "Details",
"defaultIdentityProvider": "Standaard Identiteitsprovider",
- "defaultIdentityProviderDescription": "Wanneer een standaard identity provider is geselecteerd, zal de gebruiker automatisch worden doorgestuurd naar de provider voor authenticatie.",
+ "defaultIdentityProviderDescription": "De gebruiker wordt automatisch doorgestuurd naar deze identity provider voor authenticatie.",
"editInternalResourceDialogNetworkSettings": "Netwerkinstellingen",
"editInternalResourceDialogAccessPolicy": "Toegangsbeleid",
"editInternalResourceDialogAddRoles": "Rollen toevoegen",
@@ -2937,11 +3206,12 @@
"learnMore": "Meer informatie",
"backToHome": "Ga terug naar startpagina",
"needToSignInToOrg": "Moet u de identiteit provider van uw organisatie gebruiken?",
- "maintenanceMode": "Onderhoudsmodus",
+ "maintenanceMode": "Onderhoudspagina",
"maintenanceModeDescription": "Toon een onderhoudspagina aan bezoekers",
"maintenanceModeType": "Type onderhoudsmodus",
"showMaintenancePage": "Toon een onderhoudspagina aan bezoekers",
"enableMaintenanceMode": "Onderhoudsmodus inschakelen",
+ "enableMaintenanceModeDescription": "Wanneer ingeschakeld zien bezoekers een onderhoudspagina in plaats van uw bron.",
"automatic": "Automatisch",
"automaticModeDescription": " Toon onderhoudspagina alleen wanneer alle back-enddoelen niet beschikbaar zijn of ongezond zijn. Jouw bron blijft normaal functioneren zolang er tenminste één doel gezond is.",
"forced": "Geforceerd",
@@ -2949,6 +3219,8 @@
"warning:": "Waarschuwing:",
"forcedeModeWarning": "Al het verkeer wordt naar de onderhoudspagina geleid. Jouw back-endbronnen ontvangen geen verzoeken.",
"pageTitle": "Paginatitel",
+ "maintenancePageContentSubsection": "Pagina-inhoud",
+ "maintenancePageContentSubsectionDescription": "Pas de inhoud aan die op de onderhoudspagina wordt weergegeven",
"pageTitleDescription": "De hoofdkop die op de onderhoudspagina wordt weergegeven",
"maintenancePageMessage": "Onderhoudsbericht",
"maintenancePageMessagePlaceholder": "We keren snel terug! Onze site ondergaat momenteel gepland onderhoud.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Geschatte voltooiing:",
"createInternalResourceDialogDestinationRequired": "Bestemming is vereist",
"available": "Beschikbaar",
+ "disabledResourceDescription": "Wanneer uitgeschakeld, zal de bron voor iedereen ontoegankelijk zijn.",
"archived": "Gearchiveerd",
"noArchivedDevices": "Geen gearchiveerde apparaten gevonden",
"deviceArchived": "Apparaat gearchiveerd",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Weet u zeker dat u deze identiteitsprovider van deze organisatie wilt loskoppelen?",
"idpUnassociateDescription": "Alle gebruikers die aan deze identiteitsprovider zijn gekoppeld, worden uit deze organisatie verwijderd, maar de identiteitsprovider blijft bestaan voor andere gerelateerde organisaties.",
"idpUnassociateConfirm": "Bevestig ontkoppelen identiteitsprovider",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "VERWIJDER EN VERWIJDER ME VAN ORG",
+ "idpUnassociateAndRemoveMeFromOrg": "ONTKOPPEL EN VERWIJDER ME VAN ORG",
"idpUnassociateWarning": "Dit kan niet ongedaan worden gemaakt voor deze organisatie.",
"idpUnassociatedDescription": "Identiteitsprovider succesvol losgekoppeld van deze organisatie",
"idpUnassociateMenu": "Ontkoppelen",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "E-mail whitelist",
"memberPortalResourceDisabled": "Bron Uitgeschakeld",
"memberPortalShowingResources": "Toont {start}-{end} van {total} bronnen",
+ "resourceLauncherTitle": "Bron Launcher",
+ "resourceLauncherDescription": "Bekijk brongegevens en start ze vanaf één plek",
+ "resourceLauncherSearchPlaceholder": "Zoek alle sites...",
+ "resourceLauncherDefaultView": "Standaard",
+ "resourceLauncherSaveView": "Weergave Opslaan",
+ "resourceLauncherSaveToCurrentView": "Opslaan naar huidige weergave",
+ "resourceLauncherResetView": "Weergave Herstellen",
+ "resourceLauncherSaveAsNewView": "Opslaan als Nieuwe Weergave",
+ "resourceLauncherSaveAsNewViewDescription": "Geef deze weergave een naam om je huidige filters en indeling op te slaan.",
+ "resourceLauncherSaveForEveryone": "Opslaan voor Iedereen",
+ "resourceLauncherSaveForEveryoneDescription": "Deel deze weergave met alle organisatieleden. Als dit niet is aangevinkt, is de weergave alleen zichtbaar voor jou.",
+ "resourceLauncherMakePersonal": "Persoonlijk Maken",
+ "resourceLauncherFilter": "Filter",
+ "resourceLauncherSort": "Sorteren",
+ "resourceLauncherSortAscending": "Oplopend sorteren",
+ "resourceLauncherSortDescending": "Aflopend sorteren",
+ "resourceLauncherSettings": "Instellingen",
+ "resourceLauncherGroupBy": "Groep Op",
+ "resourceLauncherGroupBySite": "Site",
+ "resourceLauncherGroupByLabel": "Label",
+ "resourceLauncherLayout": "Lay-out",
+ "resourceLauncherLayoutGrid": "Raster",
+ "resourceLauncherLayoutList": "Lijst",
+ "resourceLauncherShowLabels": "Labels Weergeven",
+ "resourceLauncherShowSiteTags": "Site Tags Weergeven",
+ "resourceLauncherShowRecents": "Recente Weergeven",
+ "resourceLauncherDeleteView": "Weergave Verwijderen",
+ "resourceLauncherViewAsAdmin": "Bekijk als Admin",
+ "resourceLauncherResourceDetailsDescription": "Bekijk details voor deze bron.",
+ "resourceLauncherUnlabeled": "Geen label",
+ "resourceLauncherNoSite": "Geen Site",
+ "resourceLauncherNoResourcesInGroup": "Geen bronnen in deze groep",
+ "resourceLauncherEmptyStateTitle": "Geen Bronnen Beschikbaar",
+ "resourceLauncherEmptyStateDescription": "Je hebt nog geen toegang tot bronnen. Neem contact op met je beheerder om toegang aan te vragen.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Geen Bronnen Gevonden",
+ "resourceLauncherEmptyStateNoResultsDescription": "Geen bronnen komen overeen met je huidige zoekopdracht of filters. Probeer ze aan te passen om te vinden wat je zoekt.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Geen bronnen komen overeen met \"{query}\". Probeer je zoekopdracht aan te passen of filters te wissen om alle bronnen te zien.",
+ "resourceLauncherCopiedToClipboard": "Gekopieerd naar klembord",
+ "resourceLauncherCopiedAccessDescription": "Toegang tot bron is gekopieerd naar je klembord.",
+ "resourceLauncherViewNamePlaceholder": "Weergavenaam",
+ "resourceLauncherViewNameLabel": "Weergavenaam",
+ "resourceLauncherViewSaved": "Weergave opgeslagen",
+ "resourceLauncherViewSavedDescription": "Je launcher-weergave is opgeslagen.",
+ "resourceLauncherViewSaveFailed": "Kon weergave niet opslaan",
+ "resourceLauncherViewSaveFailedDescription": "Kon de launcher-weergave niet opslaan. Probeer het opnieuw.",
+ "resourceLauncherViewDeleted": "Weergave verwijderd",
+ "resourceLauncherViewDeletedDescription": "De launcher-weergave is verwijderd.",
+ "resourceLauncherViewDeleteFailed": "Kon weergave niet verwijderen",
+ "resourceLauncherViewDeleteFailedDescription": "Kon de launcher-weergave niet verwijderen. Probeer het opnieuw.",
"memberPortalPrevious": "Vorige",
- "memberPortalNext": "Volgende"
+ "memberPortalNext": "Volgende",
+ "httpSettings": "HTTP-instellingen",
+ "tcpSettings": "TCP-instellingen",
+ "udpSettings": "UDP-instellingen",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Veilige verbinding tot stand brengen…",
+ "sshConnecting": "Verbinding maken…",
+ "sshInitializing": "Initialiseren…",
+ "sshSignInTitle": "Meld u aan bij SSH",
+ "sshSignInDescription": "Voer uw SSH-gegevens in om verbinding te maken",
+ "sshPasswordTab": "Wachtwoord",
+ "sshPrivateKeyTab": "Privésleutel",
+ "sshPrivateKeyField": "Privésleutel",
+ "sshPrivateKeyDisclaimer": "Uw privésleutel wordt niet opgeslagen of zichtbaar gemaakt voor Pangolin. U kunt ook gebruik maken van kortlopende certificaten voor naadloze authenticatie met uw bestaande Pangolin-identiteit.",
+ "sshLearnMore": "Meer informatie",
+ "sshPrivateKeyFile": "Bestand met privésleutel",
+ "sshAuthenticate": "Verbinden",
+ "sshTerminate": "Beëindigen",
+ "sshPoweredBy": "Aangeboden door",
+ "sshErrorNoTarget": "Geen doelwit gespecificeerd",
+ "sshErrorWebSocket": "WebSocket-verbinding is mislukt",
+ "sshErrorAuthFailed": "Authenticatie mislukt",
+ "sshErrorConnectionClosed": "Verbinding gesloten voordat authenticatie was voltooid",
+ "sitePangolinSshDescription": "Sta SSH-toegang toe tot bronnen op deze site. Dit kan later worden gewijzigd.",
+ "browserGatewayNoResourceForDomain": "Geen bron gevonden voor dit domein",
+ "browserGatewayNoTarget": "Geen doelwit",
+ "browserGatewayConnect": "Verbinden",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Kan SSH-sleutel voor PAM push-authenticatie niet ondertekenen. Heeft u als gebruiker aangemeld?",
+ "sshTerminalError": "Fout: {error}",
+ "sshConnectionClosedCode": "Verbinding gesloten (code {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Privésleutel is vereist",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Voer uw VNC-referenties in om verbinding te maken",
+ "vncUsernameOptional": "Gebruikersnaam (optioneel)",
+ "vncPasswordOptional": "Wachtwoord (optioneel)",
+ "vncNoResourceTarget": "Geen bron doelwit beschikbaar",
+ "vncFailedToLoadNovnc": "Laden van noVNC mislukt",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Klembord plakken",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Meld u aan bij Remote Desktop",
+ "rdpSignInDescription": "Voer Windows-gegevens in om verbinding te maken",
+ "rdpLoadingModule": "Module laden...",
+ "rdpFailedToLoadModule": "Laden van RDP-module mislukt",
+ "rdpNotReady": "Niet gereed",
+ "rdpModuleInitializing": "RDP-module is nog aan het initialiseren",
+ "rdpDownloadingFiles": "{count} bestand(en) worden van een externe locatie gedownload…",
+ "rdpDownloadFailed": "Download mislukt: {fileName}",
+ "rdpUploaded": "Geüpload: {fileName}",
+ "rdpNoConnectionTarget": "Geen verbinding doelwit beschikbaar",
+ "rdpConnectionFailed": "Verbinding mislukt",
+ "rdpFit": "Schalen",
+ "rdpFull": "Volledig",
+ "rdpReal": "Reëel",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Bestanden uploaden",
+ "rdpFilesReadyToPaste": "Bestanden klaar om te plakken",
+ "rdpFilesReadyToPasteDescription": "{count} bestand(en) gekopieerd naar klembord op afstand — druk op Ctrl+V op het externe bureaublad om te plakken.",
+ "rdpUploadFailed": "Upload mislukt",
+ "rdpUnicodeKeyboardMode": "Unicode toetsenbordmodus",
+ "sessionToolbarShow": "Toon werkbalk",
+ "sessionToolbarHide": "Verberg werkbalk"
}
diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 4d801023b..d6c67ac20 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -66,9 +66,15 @@
"local": "Lokalny",
"edit": "Edytuj",
"siteConfirmDelete": "Potwierdź usunięcie witryny",
+ "siteConfirmDeleteAndResources": "Potwierdź usunięcie witryny i zasobów",
"siteDelete": "Usuń witrynę",
+ "siteDeleteAndResources": "Usuń witrynę i zasoby",
"siteMessageRemove": "Po usunięciu witryna nie będzie już dostępna. Wszystkie cele związane z witryną zostaną również usunięte.",
+ "siteMessageRemoveAndResources": "To spowoduje trwałe usunięcie wszystkich zasobów publicznych i prywatnych powiązanych z tą witryną, nawet jeśli zasób jest także powiązany z innymi witrynami.",
"siteQuestionRemove": "Czy na pewno chcesz usunąć witrynę z organizacji?",
+ "siteQuestionRemoveAndResources": "Czy na pewno chcesz usunąć tę witrynę i wszystkie powiązane zasoby?",
+ "sitesTableDeleteSite": "Usuń witrynę",
+ "sitesTableDeleteSiteAndResources": "Usuń witrynę i zasoby",
"siteManageSites": "Zarządzaj stronami",
"siteDescription": "Tworzenie stron i zarządzanie nimi, aby włączyć połączenia z prywatnymi sieciami",
"sitesBannerTitle": "Połącz dowolną sieć",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Zobacz zasoby prywatne",
"siteInstallNewt": "Zainstaluj Newt",
"siteInstallNewtDescription": "Uruchom Newt w swoim systemie",
+ "siteInstallKubernetesDocsDescription": "Aby uzyskać więcej aktualnych informacji o instalacji Kubernetes, zobacz docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Aby uzyskać instrukcje dotyczące instalacji modemu Advantech, zobacz: docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Konfiguracja WireGuard",
"WgConfigurationDescription": "Użyj następującej konfiguracji, aby połączyć się z siecią",
"operatingSystem": "System operacyjny",
@@ -115,6 +123,16 @@
"siteUpdated": "Strona zaktualizowana",
"siteUpdatedDescription": "Strona została zaktualizowana.",
"siteGeneralDescription": "Skonfiguruj ustawienia ogólne dla tej witryny",
+ "siteRestartTitle": "Restartuj Stronę",
+ "siteRestartDescription": "Uruchom ponownie tunel WireGuard dla tej strony. Spowoduje to tymczasowe przerwanie łączności.",
+ "siteRestartBody": "Użyj tego, jeśli tunel strony nie działa prawidłowo i chcesz wymusić ponowne połączenie bez ponownego uruchamiania hosta.",
+ "siteRestartButton": "Restartuj Stronę",
+ "siteRestartDialogMessage": "Czy na pewno chcesz uruchomić ponownie tunel WireGuard dla {name}? Strona tymczasowo straci łączność.",
+ "siteRestartWarning": "Strona tymczasowo rozłączy się podczas ponownego uruchamiania tunelu.",
+ "siteRestarted": "Strona zrestartowana",
+ "siteRestartedDescription": "Tunel WireGuard został ponownie uruchomiony.",
+ "siteErrorRestart": "Nie udało się zrestartować strony",
+ "siteErrorRestartDescription": "Wystąpił błąd podczas ponownego uruchamiania strony.",
"siteSettingDescription": "Skonfiguruj ustawienia na stronie",
"siteResourcesTab": "Zasoby",
"siteResourcesNoneOnSite": "Ta strona nie ma jeszcze żadnych zasobów publicznych ani prywatnych.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Możesz to zobaczyć tylko raz. Upewnij się, że skopiuj je do bezpiecznego miejsca.",
"siteInfo": "Informacje o witrynie",
"status": "Status",
- "shareTitle": "Zarządzaj linkami udostępniania",
+ "shareTitle": "Zarządzaj linkami do udostępnienia",
"shareDescription": "Utwórz linki do współdzielenia, aby przyznać tymczasowy lub stały dostęp do zasobów proxy",
- "shareSearch": "Szukaj linków udostępnienia...",
- "shareCreate": "Utwórz link udostępniania",
+ "shareSearch": "Wyszukaj linki do udostępnienia...",
+ "shareCreate": "Utwórz link do udostępnienia",
"shareErrorDelete": "Nie udało się usunąć linku",
"shareErrorDeleteMessage": "Wystąpił błąd podczas usuwania linku",
"shareDeleted": "Link usunięty",
"shareDeletedDescription": "Link został usunięty",
- "shareDelete": "Usuń link udostępniania",
- "shareDeleteConfirm": "Potwierdź usunięcie linku udostępniania",
+ "shareDelete": "Usuń link do udostępnienia",
+ "shareDeleteConfirm": "Potwierdź usunięcie linku do udostępnienia",
"shareQuestionRemove": "Czy na pewno chcesz usunąć ten link udostępniania?",
"shareMessageRemove": "Po usunięciu, link przestanie działać i wszyscy korzystający z niego stracą dostęp do zasobu.",
"shareTokenDescription": "Token dostępu może być przekazywany na dwa sposoby: jako parametr zapytania lub w nagłówkach żądania. Muszą być przekazywane z klienta na każde żądanie uwierzytelnionego dostępu.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Wystąpił błąd podczas tworzenia linku udostępniania",
"shareCreateDescription": "Każdy z tym linkiem może uzyskać dostęp do zasobu",
"shareTitleOptional": "Tytuł (opcjonalnie)",
+ "sharePathOptional": "Ścieżka (opcjonalnie)",
+ "sharePathDescription": "Link przekieruje użytkowników do tej ścieżki po uwierzytelnieniu.",
"expireIn": "Wygasa za",
"neverExpire": "Nigdy nie wygasa",
"shareExpireDescription": "Czas wygaśnięcia to jak długo link będzie mógł być użyty i zapewni dostęp do zasobu. Po tym czasie link nie będzie już działał, a użytkownicy, którzy użyli tego linku, utracą dostęp do zasobu.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Wybierz zasób",
"proxyResourceTitle": "Zarządzaj zasobami publicznymi",
"proxyResourceDescription": "Twórz i zarządzaj zasobami, które są publicznie dostępne w przeglądarce internetowej",
- "proxyResourcesBannerTitle": "Publiczny dostęp za pośrednictwem sieci Web",
- "proxyResourcesBannerDescription": "Zasoby publiczne to proxy HTTPS lub TCP/UDP dostępne dla każdego w internecie za pośrednictwem przeglądarki internetowej. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
+ "publicResourcesBannerTitle": "Publiczny dostęp przez przeglądarkę internetową",
+ "publicResourcesBannerDescription": "Zasoby publiczne to serwery proxy HTTPS, dostępne dla każdego w Internecie za pośrednictwem przeglądarki. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
"clientResourceTitle": "Zarządzaj zasobami prywatnymi",
"clientResourceDescription": "Twórz i zarządzaj zasobami, które są dostępne tylko za pośrednictwem połączonego klienta",
"privateResourcesBannerTitle": "Zero zaufania do prywatnego dostępu",
@@ -208,11 +228,37 @@
"resourcesSearch": "Szukaj zasobów...",
"resourceAdd": "Dodaj zasób",
"resourceErrorDelte": "Błąd podczas usuwania zasobu",
+ "resourcePoliciesBannerTitle": "Ponownie użyj Uwierzytelniania i Zasad Dostępu",
+ "resourcePoliciesBannerDescription": "Polityki zasobów współdzielonych pozwalają zdefiniować metody uwierzytelniania oraz zasady dostępu jednokrotnie, a następnie przypiąć je do wielu zasobów publicznych. Po zaktualizowaniu polityki każda powiązana zasób automatycznie dziedziczy zmianę.",
+ "resourcePoliciesBannerButtonText": "Dowiedz się więcej",
+ "resourcePoliciesTitle": "Zarządzaj publicznymi zasadami zasobów",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Zasoby",
+ "resourcePoliciesAttachedResources": "{count} zasób(y)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zasób} few {# zasoby} many {# zasobów} other {# zasobów}}",
+ "resourcePoliciesAttachedResourcesEmpty": "brak zasobów",
+ "resourcePoliciesDescription": "Twórz i zarządzaj politykami uwierzytelniania, aby kontrolować dostęp do swoich zasobów publicznych",
+ "resourcePoliciesSearch": "Szukaj polityk...",
+ "resourcePoliciesAdd": "Dodaj politykę",
+ "resourcePoliciesDefaultBadgeText": "Domyślna polityka",
+ "resourcePoliciesCreate": "Utwórz publiczną politykę zasobów",
+ "resourcePoliciesCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nową politykę",
+ "resourcePolicyName": "Nazwa polityki",
+ "resourcePolicyNameDescription": "Nadaj tej polityce nazwę, aby można ją było zidentyfikować w całych zasobach",
+ "resourcePolicyNamePlaceholder": "np. Polityka Dostępu Wewnętrznego",
+ "resourcePoliciesSeeAll": "Zobacz wszystkie polityki",
+ "resourcePolicyAuthMethodAdd": "Dodaj metodę uwierzytelniania",
+ "resourcePolicyOtpEmailAdd": "Dodaj OTP e-maile",
+ "resourcePolicyRulesAdd": "Dodaj zasady",
+ "resourcePolicyAuthMethodsDescription": "Zezwól na dostęp do zasobu poprzez dodatkowe metody uwierzytelniania",
+ "resourcePolicyUsersRolesDescription": "Skonfiguruj, którzy użytkownicy i role mogą odwiedzać powiązane zasoby",
+ "rulesResourcePolicyDescription": "Skonfiguruj zasady, aby kontrolować zasoby dostępne w ramach tej polityki",
"authentication": "Uwierzytelnianie",
"protected": "Chronione",
"notProtected": "Niechronione",
"resourceMessageRemove": "Po usunięciu zasób nie będzie już dostępny. Wszystkie cele związane z zasobem zostaną również usunięte.",
"resourceQuestionRemove": "Czy na pewno chcesz usunąć zasób z organizacji?",
+ "resourcePolicyMessageRemove": "Po usunięciu polityka zasobów nie będzie już dostępna. Wszystkie zasoby połączone z zasobem zostaną odłączone i pozostawione bez uwierzytelniania.",
+ "resourcePolicyQuestionRemove": "Czy na pewno chcesz usunąć politykę zasobu z organizacji?",
"resourceHTTP": "Zasób HTTPS",
"resourceHTTPDescription": "Proxy zapytań przez HTTPS przy użyciu w pełni kwalifikowanej nazwy domeny.",
"resourceRaw": "Surowy zasób TCP/UDP",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Żądania proxy nad surowym TCP/UDP przy użyciu numeru portu. Wymaga stron aby połączyć się ze zdalnym węzłem.",
"resourceCreate": "Utwórz zasób",
"resourceCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nowy zasób",
+ "resourceCreateGeneralDescription": "Skonfiguruj podstawowe ustawienia zasobu, w tym nazwę i typ",
"resourceSeeAll": "Zobacz wszystkie zasoby",
- "resourceInfo": "Informacje o zasobach",
+ "resourceCreateGeneral": "Ogólny",
"resourceNameDescription": "To jest wyświetlana nazwa zasobu.",
"siteSelect": "Wybierz witrynę",
"siteSearch": "Szukaj witryny",
@@ -231,12 +278,15 @@
"noCountryFound": "Nie znaleziono kraju.",
"siteSelectionDescription": "Ta strona zapewni połączenie z celem.",
"resourceType": "Typ zasobu",
- "resourceTypeDescription": "Określ jak uzyskać dostęp do zasobu",
+ "resourceTypeDescription": "To kontroluje protokół zasobu i sposób jego renderowania w przeglądarce. Później nie można tego zmienić.",
+ "resourceDomainDescription": "Zasób będzie udostępniany pod tym w pełni kwalifikowanym adresem domenowym.",
"resourceHTTPSSettings": "Ustawienia HTTPS",
"resourceHTTPSSettingsDescription": "Skonfiguruj jak zasób będzie dostępny przez HTTPS",
+ "resourcePortDescription": "Zewnętrzny port na instancji lub węźle Pangolina, gdzie zasób będzie dostępny.",
"domainType": "Typ domeny",
"subdomain": "Poddomena",
"baseDomain": "Bazowa domena",
+ "configure": "Konfiguracja",
"subdomnainDescription": "Poddomena, w której zasób będzie dostępny.",
"resourceRawSettings": "Ustawienia TCP/UDP",
"resourceRawSettingsDescription": "Skonfiguruj jak zasób będzie dostępny przez TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Powrót",
"cancel": "Anuluj",
"resourceConfig": "Snippety konfiguracji",
- "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP",
+ "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Dodaj punkty wejścia",
"resourceExposePorts": "Gerbil: Podnieś porty w Komponencie Dockera",
"resourceLearnRaw": "Dowiedz się, jak skonfigurować zasoby TCP/UDP",
"resourceBack": "Powrót do zasobów",
"resourceGoTo": "Przejdź do zasobu",
+ "resourcePolicyDelete": "Usuń politykę zasobu",
+ "resourcePolicyDeleteConfirm": "Potwierdź usunięcie polityki zasobu",
"resourceDelete": "Usuń zasób",
"resourceDeleteConfirm": "Potwierdź usunięcie zasobu",
+ "labelDelete": "Usuń etykietę",
+ "labelAdd": "Dodaj etykietę",
+ "labelCreateSuccessMessage": "Etykieta została utworzona pomyślnie",
+ "labelDuplicateError": "Zduplikowana etykieta",
+ "labelDuplicateErrorDescription": "Etykieta o tej nazwie już istnieje.",
+ "labelEditSuccessMessage": "Etykieta została pomyślnie zmodyfikowana",
+ "labelNameField": "Nazwa etykiety",
+ "labelColorField": "Kolor etykiety",
+ "labelPlaceholder": "Np.: homelab",
+ "labelCreate": "Utwórz etykietę",
+ "createLabelDialogTitle": "Utwórz etykietę",
+ "createLabelDialogDescription": "Utwórz nową etykietę, która może być przypisana do tej organizacji",
+ "labelEdit": "Edytuj etykietę",
+ "editLabelDialogTitle": "Aktualizuj etykietę",
+ "editLabelDialogDescription": "Edytuj nową etykietę, która może być przypisana do tej organizacji",
+ "labelDeleteConfirm": "Potwierdź usunięcie etykiety",
+ "labelErrorDelete": "Nie udało się usunąć etykiety",
+ "labelMessageRemove": "To działanie jest nieodwracalne. Wszystkie strony, zasoby i klienci oznaczeni tą etykietą zostaną odznaczeni.",
+ "labelQuestionRemove": "Czy na pewno chcesz usunąć etykietę z organizacji?",
"visibility": "Widoczność",
"enabled": "Włączone",
"disabled": "Wyłączone",
@@ -265,6 +336,8 @@
"rules": "Regulamin",
"resourceSettingDescription": "Skonfiguruj ustawienia zasobu",
"resourceSetting": "Ustawienia {resourceName}",
+ "resourcePolicySettingDescription": "Skonfiguruj ustawienia tej publicznej polityki zasobów",
+ "resourcePolicySetting": "Ustawienia {policyName}",
"alwaysAllow": "Omijanie uwierzytelniania",
"alwaysDeny": "Blokuj dostęp",
"passToAuth": "Przekaż do Autoryzacji",
@@ -671,7 +744,7 @@
"targetSubmit": "Dodaj cel",
"targetNoOne": "Ten zasób nie ma żadnych celów. Dodaj cel do skonfigurowania adresów wysyłania żądań do backendu.",
"targetNoOneDescription": "Dodanie więcej niż jednego celu powyżej włączy równoważenie obciążenia.",
- "targetsSubmit": "Zapisz cele",
+ "targetsSubmit": "Zapisz ustawienia",
"addTarget": "Dodaj cel",
"proxyMultiSiteRoundRobinNodeHelp": "Trasowanie round-robin nie będzie działać między witrynami, które nie są połączone z tym samym węzłem, ale przełączanie awaryjne będzie działać.",
"targetErrorInvalidIp": "Nieprawidłowy adres IP",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Duplikat reguły",
"rulesErrorDuplicateDescription": "Reguła o tych ustawieniach już istnieje",
"rulesErrorInvalidIpAddressRange": "Nieprawidłowy CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź prawidłową wartość CIDR",
- "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka URL",
- "rulesErrorInvalidUrlDescription": "Wprowadź prawidłową wartość ścieżki URL",
- "rulesErrorInvalidIpAddress": "Nieprawidłowe IP",
- "rulesErrorInvalidIpAddressDescription": "Wprowadź prawidłowy adres IP",
+ "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź poprawny zakres CIDR (np. 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka",
+ "rulesErrorInvalidUrlDescription": "Wprowadź poprawną ścieżkę URL lub wzorzec (np. /api/*).",
+ "rulesErrorInvalidIpAddress": "Nieprawidłowy adres IP",
+ "rulesErrorInvalidIpAddressDescription": "Wprowadź poprawny adres IPv4 lub IPv6.",
"rulesErrorUpdate": "Nie udało się zaktualizować reguł",
"rulesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji reguł",
"rulesUpdated": "Włącz reguły",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Wprowadź adres IP (np. 103.21.244.12)",
"rulesMatchUrl": "Wprowadź ścieżkę URL lub wzorzec (np. /api/v1/todos lub /api/v1/*)",
"rulesErrorInvalidPriority": "Nieprawidłowy priorytet",
- "rulesErrorInvalidPriorityDescription": "Wprowadź prawidłowy priorytet",
+ "rulesErrorInvalidPriorityDescription": "Wprowadź liczbę całkowitą 1 lub wyższą.",
"rulesErrorDuplicatePriority": "Zduplikowane priorytety",
- "rulesErrorDuplicatePriorityDescription": "Wprowadź unikalne priorytety",
+ "rulesErrorDuplicatePriorityDescription": "Każda reguła musi mieć unikalny numer priorytetu.",
+ "rulesErrorValidation": "Nieprawidłowe reguły",
+ "rulesErrorValidationRuleDescription": "Reguła {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Wybierz poprawny typ dopasowania (ścieżka, IP, CIDR, kraj, region lub ASN).",
+ "rulesErrorValueRequired": "Wprowadź wartość dla tej reguły.",
+ "rulesErrorInvalidCountry": "Nieprawidłowy kraj",
+ "rulesErrorInvalidCountryDescription": "Wybierz poprawny kraj.",
+ "rulesErrorInvalidAsn": "Nieprawidłowy ASN",
+ "rulesErrorInvalidAsnDescription": "Wprowadź poprawny ASN (np. AS15169).",
"ruleUpdated": "Reguły zaktualizowane",
"ruleUpdatedDescription": "Reguły zostały pomyślnie zaktualizowane",
"ruleErrorUpdate": "Operacja nie powiodła się",
"ruleErrorUpdateDescription": "Wystąpił błąd podczas operacji zapisu",
"rulesPriority": "Priorytet",
+ "rulesReorderDragHandle": "Przeciągnij, aby zmienić kolejność priorytetów reguł",
"rulesAction": "Akcja",
"rulesMatchType": "Typ dopasowania",
"value": "Wartość",
@@ -744,9 +826,60 @@
"rulesResource": "Konfiguracja reguł zasobu",
"rulesResourceDescription": "Skonfiguruj reguły, aby kontrolować dostęp do zasobu",
"ruleSubmit": "Dodaj regułę",
- "rulesNoOne": "Brak reguł. Dodaj regułę używając formularza.",
+ "rulesNoOne": "Brak reguł.",
"rulesOrder": "Reguły są oceniane według priorytetu w kolejności rosnącej.",
"rulesSubmit": "Zapisz reguły",
+ "policyErrorCreate": "Błąd przy tworzeniu polityki",
+ "policyErrorCreateDescription": "Wystąpił błąd podczas tworzenia polityki",
+ "policyErrorCreateMessageDescription": "Wystąpił nieoczekiwany błąd",
+ "policyErrorUpdate": "Błąd przy aktualizacji polityki",
+ "policyErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji polityki",
+ "policyErrorUpdateMessageDescription": "Wystąpił nieoczekiwany błąd",
+ "policyCreatedSuccess": "Polityka zasobów została pomyślnie utworzona",
+ "policyUpdatedSuccess": "Polityka zasobów została pomyślnie zaktualizowana",
+ "authMethodsSave": "Zapisz ustawienia",
+ "policyAuthStackTitle": "Uwierzytelnianie",
+ "policyAuthStackDescription": "Kontroluj, które metody uwierzytelniania są wymagane do uzyskania dostępu do tego zasobu",
+ "policyAuthOrLogicTitle": "Kilka metod uwierzytelniania jest aktywnych",
+ "policyAuthOrLogicBanner": "Odwiedzający mogą się uwierzytelnić, korzystając z jednej z poniższych aktywnych metod. Nie muszą ukończyć wszystkich z nich.",
+ "policyAuthMethodActive": "Aktywny",
+ "policyAuthMethodOff": "Wyłączony",
+ "policyAuthSsoTitle": "Platforma SSO",
+ "policyAuthSsoDescription": "Wymagany znak w identyfikatorze dostawcy Twojej organizacji",
+ "policyAuthSsoSummary": "{idp} · {users} użytkowników, {roles} ról",
+ "policyAuthSsoDefaultIdp": "Dostawca domyślny",
+ "policyAuthAddDefaultIdentityProvider": "Dodaj Dostawcę Tożsamości Domyślnej",
+ "policyAuthOtherMethodsTitle": "Inne Metody",
+ "policyAuthOtherMethodsDescription": "Opcjonalne metody, których odwiedzający mogą używać zamiast lub razem z platformą SSO",
+ "policyAuthPasscodeTitle": "Hasło dostępu",
+ "policyAuthPasscodeDescription": "Wymagane wspólne hasło alfanumeryczne do uzyskania dostępu do zasobu",
+ "policyAuthPasscodeSummary": "Zestaw hasła dostępu",
+ "policyAuthPincodeTitle": "Kod PIN",
+ "policyAuthPincodeDescription": "Krótki kod numeryczny wymagany do uzyskania dostępu do zasobu",
+ "policyAuthPincodeSummary": "Ustawiono 6-cyfrowy kod PIN",
+ "policyAuthEmailTitle": "Biała lista e-mail",
+ "policyAuthEmailDescription": "Dozwolone adresy e-mail z hasłami jednorazowymi",
+ "policyAuthEmailSummary": "Dozwolonych {count} adresów",
+ "policyAuthEmailOtpCallout": "Włączenie białej listy e-mail wysyła hasło jednorazowe na e-mail odwiedzającego podczas logowania.",
+ "policyAuthHeaderAuthTitle": "Podstawowe Uwierzytelnianie Nagłówka",
+ "policyAuthHeaderAuthDescription": "Walidacja niestandardowej nazwy i wartości nagłówka HTTP przy każdym żądaniu",
+ "policyAuthHeaderAuthSummary": "Skonfigurowany nagłówek",
+ "policyAuthHeaderName": "Nazwa nagłówka",
+ "policyAuthHeaderValue": "Oczekiwana wartość",
+ "policyAuthSetPasscode": "Ustaw hasło dostępu",
+ "policyAuthSetPincode": "Ustaw kod PIN",
+ "policyAuthSetEmailWhitelist": "Ustaw białą listę e-mail",
+ "policyAuthSetHeaderAuth": "Ustaw Podstawowe Uwierzytelnianie Nagłówka",
+ "policyAccessRulesTitle": "Zasady Dostępu",
+ "policyAccessRulesEnableDescription": "Gdy zostaną włączone, reguły są oceniane w kolejności malejącej, aż jedna z nich zostanie oceniona jako prawdziwa.",
+ "policyAccessRulesFirstMatch": "Reguły są oceniane od góry do dołu. Pierwsza pasująca reguła decyduje o wyniku.",
+ "policyAccessRulesHowItWorks": "Reguły dopasowują żądania według ścieżki, adresu IP, lokalizacji lub innych kryteriów. Każda reguła stosuje działanie: pominięcie uwierzytelniania, blokowanie dostępu lub przekazanie do uwierzytelniania. Jeśli żadna reguła nie pasuje, ruch przechodzi dalej do uwierzytelniania.",
+ "policyAccessRulesFallthroughOff": "Gdy reguły są wyłączone, cały ruch przechodzi do uwierzytelniania.",
+ "policyAccessRulesFallthroughOn": "Gdy żadna reguła nie pasuje, ruch przechodzi do uwierzytelniania.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Zapisz zasady",
"resourceErrorCreate": "Błąd podczas tworzenia zasobu",
"resourceErrorCreateDescription": "Wystąpił błąd podczas tworzenia zasobu",
"resourceErrorCreateMessage": "Błąd podczas tworzenia zasobu:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji zasobu",
"access": "Dostęp",
"accessControl": "Kontrola dostępu",
- "shareLink": "Link udostępniania {resource}",
+ "shareLink": "{resource} Link do udostępnienia",
"resourceSelect": "Wybierz zasób",
- "shareLinks": "Linki udostępniania",
+ "shareLinks": "Linki do udostępnienia",
"share": "Linki do udostępniania",
"shareDescription2": "Utwórz linki do zasobów, które można współdzielić. Linki zapewniają tymczasowy lub nieograniczony dostęp do twojego zasobu. Możesz skonfigurować czas ważności linku, gdy go utworzysz.",
"shareEasyCreate": "Łatwe tworzenie i udostępnianie",
@@ -810,6 +943,17 @@
"pincodeAdd": "Dodaj kod PIN",
"pincodeRemove": "Usuń kod PIN",
"resourceAuthMethods": "Metody uwierzytelniania",
+ "resourcePolicyAuthMethodsEmpty": "Brak metody uwierzytelniania",
+ "resourcePolicyOtpEmpty": "Brak jednorazowego hasła",
+ "resourcePolicyReadOnly": "Ta polityka jest tylko do odczytu",
+ "resourcePolicyReadOnlyDescription": "Ta polityka zasobów jest dzielona pomiędzy wieloma zasobami, nie możesz jej edytować na tej stronie.",
+ "editSharedPolicy": "Edytuj Dzieleną Politykę",
+ "resourcePolicyTypeSave": "Zapisz typ zasobu",
+ "resourcePolicySelect": "Wybierz politykę zasobów",
+ "resourcePolicySelectError": "Wybierz politykę zasobów",
+ "resourcePolicyNotFound": "Nie znaleziono polityki",
+ "resourcePolicySearch": "Szukaj polityki",
+ "resourcePolicyRulesEmpty": "Brak zasad uwierzytelniania",
"resourceAuthMethodsDescriptions": "Zezwól na dostęp do zasobu przez dodatkowe metody uwierzytelniania",
"resourceAuthSettingsSave": "Zapisano pomyślnie",
"resourceAuthSettingsSaveDescription": "Ustawienia uwierzytelniania zostały zapisane",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Ustaw kod PIN",
"resourcePincodeSetupTitleDescription": "Ustaw kod PIN, aby chronić ten zasób",
"resourceRoleDescription": "Administratorzy zawsze mają dostęp do tego zasobu.",
+ "resourcePolicySelectTitle": "Polityka dostępu do zasobów",
+ "resourcePolicySelectDescription": "Wybierz typ polityki zasobów do uwierzytelniania",
+ "resourcePolicyTypeLabel": "Typ polityki",
+ "resourcePolicyLabel": "Polityka zasobów",
+ "resourcePolicyInline": "Warunkowa polityka zasobów",
+ "resourcePolicyInlineDescription": "Polityka dostępu tylko do tego zasobu",
+ "resourcePolicyShared": "Dzielona polityka zasobów",
+ "resourcePolicySharedDescription": "Ten zasób korzysta z polityki współdzielonej.",
+ "sharedPolicy": "Polityka Współdzielona",
+ "sharedPolicyNoneDescription": "Ten zasób ma własną politykę.",
+ "resourceSharedPolicyOwnDescription": "Ten zasób ma własne kontrole zasad uwierzytelniania i dostępu.",
+ "resourceSharedPolicyInheritedDescription": "Ten zasób dziedziczy z {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Ten zasób używa polityki współdzielonej. Niektóre ustawienia uwierzytelniania można edytować w tym zasobie, aby dodać do polityki. Aby zmienić podlegającą politykę, musisz ją edytować do {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Ten zasób używa polityki współdzielonej. Niektóre zasady dostępu można edytować w tym zasobie. Aby zmienić podlegającą politykę, musisz edytować {policyName}.",
"resourceUsersRoles": "Kontrola dostępu",
"resourceUsersRolesDescription": "Skonfiguruj, którzy użytkownicy i role mogą odwiedzać ten zasób",
"resourceUsersRolesSubmit": "Zapisz kontrole dostępu",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Widoczność",
"resourceVisibilityTitleDescription": "Całkowicie włącz lub wyłącz widoczność zasobu",
"resourceGeneral": "Ustawienia ogólne",
- "resourceGeneralDescription": "Skonfiguruj ustawienia ogólne dla tego zasobu",
+ "resourceGeneralDescription": "Skonfiguruj nazwę, adres i zasady dostępu dla tego zasobu.",
+ "resourceGeneralDetailsSubsection": "Szczegóły zasobu",
+ "resourceGeneralDetailsSubsectionDescription": "Ustaw nazwę wyświetlaną, identyfikator i publicznie dostępna domenę dla tego zasobu.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Ustaw nazwę wyświetlaną, identyfikator i publiczny port dla tego zasobu.",
+ "resourceGeneralPublicAddressSubsection": "Publiczny Adres",
+ "resourceGeneralPublicAddressSubsectionDescription": "Skonfiguruj, jak użytkownicy mogą dotrzeć do tego zasobu.",
+ "resourceGeneralAuthenticationAccessSubsection": "Uwierzytelnianie i Dostęp",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Wybierz, czy ten zasób używa własnej polityki, czy dziedziczy z polityki współdzielonej.",
"resourceEnable": "Włącz zasób",
"resourceTransfer": "Przenieś zasób",
"resourceTransferDescription": "Przenieś ten zasób do innej witryny",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Wystąpił problem z połączeniem z {name}. Skontaktuj się z administratorem.",
"idpErrorNotFound": "Nie znaleziono IdP",
"inviteInvalid": "Nieprawidłowe zaproszenie",
+ "labels": "Etykiety",
+ "orgLabelsDescription": "Zarządzaj etykietami w tej organizacji.",
+ "addLabels": "Dodaj etykiety",
+ "siteLabelsTab": "Etykiety",
+ "siteLabelsDescription": "Zarządzaj etykietami powiązanymi z tą stroną.",
+ "labelsNotFound": "Nie znaleziono etykiet.",
+ "labelsEmptyCreateHint": "Zacznij pisać powyżej, aby utworzyć etykietę.",
+ "labelSearch": "Szukaj etykiet",
+ "labelSearchOrCreate": "Wyszukaj lub utwórz etykietę",
+ "accessLabelFilterCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
+ "labelOverflowCount": "+{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
+ "accessLabelFilterClear": "Wyczyść filtry etykiet",
+ "accessFilterClear": "Wyczyść filtry",
+ "selectColor": "Wybierz kolor",
+ "createNewLabel": "Utwórz nową etykietę org \"{label}\"",
"inviteInvalidDescription": "Link zapraszający jest nieprawidłowy.",
"inviteErrorWrongUser": "Zaproszenie nie jest dla tego użytkownika",
"inviteErrorUserNotExists": "Użytkownik nie istnieje. Najpierw utwórz konto.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Zastosuj schemat",
"actionListBlueprints": "Lista planów",
"actionGetBlueprint": "Pobierz plan",
+ "actionCreateOrgWideLauncherView": "Utwórz Widok Uruchamiacza dla Całej Organizacji",
"setupToken": "Skonfiguruj token",
"setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.",
"setupTokenRequired": "Wymagany jest token konfiguracji",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Zasoby",
"sidebarProxyResources": "Publiczne",
"sidebarClientResources": "Prywatny",
+ "sidebarPolicies": "Polityki Współdzielone",
+ "sidebarResourcePolicies": "Zasoby publiczne",
"sidebarAccessControl": "Kontrola dostępu",
"sidebarLogsAndAnalytics": "Logi i Analityki",
"sidebarTeam": "Drużyna",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Administrator",
"sidebarInvitations": "Zaproszenia",
"sidebarRoles": "Role",
- "sidebarShareableLinks": "Linki",
+ "sidebarShareableLinks": "Linki do udostępnienia",
"sidebarApiKeys": "Klucze API",
"sidebarProvisioning": "Dostarczanie",
"sidebarSettings": "Ustawienia",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Witryna {id}",
"standaloneHcFilterResourceIdFallback": "Zasób {id}",
"blueprints": "Schematy",
- "blueprintsDescription": "Zastosuj konfiguracje deklaracyjne i wyświetl poprzednie operacje",
+ "blueprintsLog": "Dziennik szablonów",
+ "blueprintsDescription": "Przeglądaj wcześniejsze aplikacje wzorców i ich wyniki lub zastosuj nowy wzorzec",
"blueprintAdd": "Dodaj schemat",
"blueprintGoBack": "Zobacz wszystkie schematy",
"blueprintCreate": "Utwórz schemat",
@@ -1575,7 +1759,17 @@
"contents": "Treść",
"parsedContents": "Przetworzona zawartość (tylko do odczytu)",
"enableDockerSocket": "Włącz schemat dokera",
- "enableDockerSocketDescription": "Włącz etykietowanie kieszeni dokującej dla etykiet schematów. Ścieżka do gniazda musi być dostarczona do Newt.",
+ "enableDockerSocketDescription": "Włącz etykietowanie gniazda dokera dla etykiet szablonów. Ścieżka do gniazda musi być dostarczona do łącznika strony. Przeczytaj zarówno jak to działa w dokumentacji.",
+ "newtAutoUpdate": "Włącz automatyczną aktualizację witryny",
+ "newtAutoUpdateDescription": "Po włączeniu, łączniki witryn automatycznie pobiorą najnowszą wersję i uruchomią się ponownie. Można to nadpisać na poziomie poszczególnych witryn.",
+ "siteAutoUpdate": "Automatyczna aktualizacja strony",
+ "siteAutoUpdateLabel": "Włącz aktualizacje automatyczne",
+ "siteAutoUpdateDescription": "Po włączeniu, łącznik tej witryny automatycznie pobierze najnowszą wersję i uruchomi się ponownie.",
+ "siteAutoUpdateOrgDefault": "Domyślnie dla organizacji: {state}",
+ "siteAutoUpdateOverriding": "Nadpisywanie ustawień organizacji",
+ "siteAutoUpdateResetToOrg": "Zresetuj do domyślnych ustawień organizacji",
+ "siteAutoUpdateEnabled": "włączone",
+ "siteAutoUpdateDisabled": "wyłączone",
"viewDockerContainers": "Zobacz kontenery dokujące",
"containersIn": "Pojemniki w {siteName}",
"selectContainerDescription": "Wybierz dowolny kontener do użycia jako nazwa hosta dla tego celu. Kliknij port, aby użyć portu.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certyfikat",
"certificateStatusAutoRefreshHint": "Status odświeża się automatycznie.",
"loading": "Ładowanie",
+ "loadingEllipsis": "Ładowanie...",
"loadingAnalytics": "Ładowanie Analityki",
"restart": "Uruchom ponownie",
"domains": "Domeny",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Konfiguracja konta zakończona! Witaj w Pangolin!",
"documentation": "Dokumentacja",
"saveAllSettings": "Zapisz wszystkie ustawienia",
- "saveResourceTargets": "Zapisz cele",
- "saveResourceHttp": "Zapisz ustawienia proxy",
- "saveProxyProtocol": "Zapisz ustawienia protokołu proxy",
+ "saveResourceTargets": "Zapisz ustawienia",
+ "saveResourceHttp": "Zapisz ustawienia",
+ "saveProxyProtocol": "Zapisz ustawienia",
"settingsUpdated": "Ustawienia zaktualizowane",
"settingsUpdatedDescription": "Ustawienia zostały pomyślnie zaktualizowane",
"settingsErrorUpdate": "Nie udało się zaktualizować ustawień",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Zarządzaj subskrypcją płatnych własnych kluczy licencyjnych",
"billingCurrentKeys": "Bieżące klucze",
"billingModifyCurrentPlan": "Modyfikuj bieżący plan",
+ "billingManageLicenseSubscriptionDescription": "Zarządzaj swoją subskrypcją dla płatnych kluczy licencyjnych na samoobsługowy hosting i pobieraj faktury.",
"billingConfirmUpgrade": "Potwierdź aktualizację",
"billingConfirmDowngrade": "Potwierdź obniżenie",
"billingConfirmUpgradeDescription": "Zamierzasz ulepszyć swój plan. Przejrzyj nowe limity i ceny poniżej.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Podsieć",
"addressDescription": "Adres wewnętrzny klienta. Musi mieścić się w podsieci organizacji.",
"selectSites": "Wybierz witryny",
+ "selectLabels": "Wybierz etykiety",
"sitesDescription": "Klient będzie miał łączność z wybranymi witrynami",
"clientInstallOlm": "Zainstaluj Olm",
"clientInstallOlmDescription": "Uruchom Olm na swoim systemie",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Nieznany",
"healthCheck": "Kontrola Zdrowia",
"configureHealthCheck": "Skonfiguruj Kontrolę Zdrowia",
- "configureHealthCheckDescription": "Skonfiguruj monitorowanie zdrowia dla {target}",
+ "configureHealthCheckDescription": "Skonfiguruj monitorowanie zasobu, aby zapewnić jego dostępność",
"enableHealthChecks": "Włącz Kontrole Zdrowia",
"healthCheckDisabledStateDescription": "Gdy wyłączone, strona nie będzie wykonywać kontroli zdrowia, a stan zostanie uznany za nieznany.",
"enableHealthChecksDescription": "Monitoruj zdrowie tego celu. Możesz monitorować inny punkt końcowy niż docelowy w razie potrzeby.",
"healthScheme": "Metoda",
"healthSelectScheme": "Wybierz metodę",
- "healthCheckPortInvalid": "Port oceny stanu musi znajdować się między 1 a 65535",
+ "healthCheckPortInvalid": "Port musi być pomiędzy 1 a 65535",
"healthCheckPath": "Ścieżka",
"healthHostname": "IP / Nazwa hosta",
"healthPort": "Port",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Czas w sekundach",
"requireDeviceApproval": "Wymagaj zatwierdzenia urządzenia",
"requireDeviceApprovalDescription": "Użytkownicy o tej roli potrzebują nowych urządzeń zatwierdzonych przez administratora, zanim będą mogli połączyć się i uzyskać dostęp do zasobów.",
+ "sshSettings": "Ustawienia SSH",
"sshAccess": "Dostęp SSH",
+ "rdpSettings": "Ustawienia RDP",
+ "vncSettings": "Ustawienia VNC",
+ "sshServer": "Serwer SSH",
+ "rdpServer": "Serwer RDP",
+ "vncServer": "Serwer VNC",
+ "sshServerDescription": "Skonfiguruj metodę uwierzytelniania, lokalizację demona i miejsce docelowe serwera",
+ "rdpServerDescription": "Skonfiguruj miejsce docelowe i port serwera RDP",
+ "vncServerDescription": "Skonfiguruj miejsce docelowe i port serwera VNC",
+ "sshServerMode": "Tryb",
+ "sshServerModeStandard": "Standardowy Serwer SSH",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Przesyła polecenia przez sieć do serwera SSH takiego jak OpenSSH.",
+ "sshServerModeNative": "Natywny Serwer SSH",
+ "sshServerModeNativeDescription": "Wykonuje polecenia bezpośrednio na hoście za pomocą łącznika strony. Nie wymaga konfiguracji sieci.",
+ "sshAuthenticationMethod": "Metoda uwierzytelniania",
+ "sshAuthMethodManual": "Ręczne uwierzytelnianie",
+ "sshAuthMethodManualDescription": "Wymaga istniejących poświadczeń hosta. Omiija automatyczne provisioning.",
+ "sshAuthMethodAutomated": "Automatyczne Provisioning",
+ "sshAuthMethodAutomatedDescription": "Automatycznie tworzy użytkowników, grupy i uprawnienia sudo na hoście.",
+ "sshAuthDaemonLocation": "Lokalizacja Demona Uwierzytelniania",
+ "sshDaemonLocationSiteDescription": "Wykonuje lokalnie na maszynie hostującej łącznik strony.",
+ "sshDaemonLocationRemote": "Na Zdalnym Hoście",
+ "sshDaemonLocationRemoteDescription": "Wykonuje się na innej maszynie docelowej w tej samej sieci.",
+ "sshDaemonDisclaimer": "Upewnij się, że Twoja maszyna docelowa jest poprawnie skonfigurowana do uruchamiania demona uwierzytelniania zanim ukończysz tę konfigurację, w przeciwnym razie provisioning zakończy się niepowodzeniem.",
+ "sshDaemonPort": "Port Demona",
+ "sshServerDestination": "Miejsce docelowe serwera",
+ "sshServerDestinationDescription": "Skonfiguruj miejsce docelowe serwera SSH",
+ "destination": "Miejsce docelowe",
+ "destinationRequired": "Wymagane jest miejsce docelowe.",
+ "domainRequired": "Wymagana jest domena.",
+ "proxyPortRequired": "Wymagany jest port.",
+ "invalidPathConfiguration": "Nieprawidłowa konfiguracja ścieżki.",
+ "invalidRewritePathConfiguration": "Nieprawidłowa konfiguracja ścieżki modyfikacji.",
+ "bgTargetMultiSiteDisclaimer": "Wybór wielu stron umożliwia odporność trasowania i zmienioność dla wysokiej dostępności.",
"roleAllowSsh": "Zezwalaj na SSH",
"roleAllowSshAllow": "Zezwól",
"roleAllowSshDisallow": "Nie zezwalaj",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
"sshSudo": "Zezwól na sudo",
"sshSudoCommands": "Komendy Sudo",
- "sshSudoCommandsDescription": "Lista poleceń oddzielonych przecinkami, które użytkownik może uruchamiać z sudo.",
+ "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchomić z sudo, oddzielone przecinkami, spacjami lub nowymi liniami. Absolutne ścieżki muszą być używane.",
"sshCreateHomeDir": "Utwórz katalog domowy",
"sshUnixGroups": "Grupy Unix",
- "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
+ "sshUnixGroupsDescription": "Grupy Uniksowe, do których dodać użytkownika na docelowym hoście, oddzielone przecinkami, spacjami, lub nowymi liniami.",
+ "roleTextFieldPlaceholder": "Wprowadź wartości lub upuść plik .txt lub .csv",
+ "roleTextImportTitle": "Importuj z pliku",
+ "roleTextImportDescription": "Importowanie {fileName} do {fieldLabel}.",
+ "roleTextImportSkipHeader": "Pomiń pierwszy wiersz (Nagłówek)",
+ "roleTextImportOverride": "Zamień istniejące",
+ "roleTextImportAppend": "Dołącz do istniejącego",
+ "roleTextImportMode": "Tryb importu",
+ "roleTextImportPreview": "Podgląd",
+ "roleTextImportItemCount": "{count, plural, =0 {Brak elementów do zaimportowania} one {1 element do zaimportowania} few {# elementy do zaimportowania} many {# elementów do zaimportowania} other {# elementów do zaimportowania}}",
+ "roleTextImportTotalCount": "{existing} istniejące + {imported} zaimportowane = {total} łącznie",
+ "roleTextImportConfirm": "Importuj",
+ "roleTextImportInvalidFile": "Nieobsługiwany typ pliku",
+ "roleTextImportInvalidFileDescription": "Obsługiwane są tylko pliki .txt i .csv.",
+ "roleTextImportEmpty": "Nie znaleziono elementów w pliku",
+ "roleTextImportEmptyDescription": "Plik nie zawiera żadnych elementów możliwych do zaimportowania.",
"retryAttempts": "Próby Ponowienia",
"expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
"expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Schemat",
"editInternalResourceDialogEnableSsl": "Włącz TLS",
"editInternalResourceDialogEnableSslDescription": "Włącz szyfrowanie SSL/TLS dla bezpiecznych połączeń HTTPS z miejscem docelowym.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Witryna",
"selectSite": "Wybierz stronę...",
"multiSitesSelectorSitesCount": "{count, plural, one {# witryna} few {# witryny} many {# witryn} other {# witryn}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
"noSitesFound": "Nie znaleziono stron.",
"createInternalResourceDialogProtocol": "Protokół",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Schemat",
"createInternalResourceDialogScheme": "Schemat",
"createInternalResourceDialogEnableSsl": "Włącz TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "Zakres CIDR zasobu w sieci witryny.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Opcjonalny wewnętrzny alias DNS dla tego zasobu.",
+ "internalResourceAliasLocalWarning": "Alias kończący się na .local może powodować problemy z rozpoznawaniem z powodu mDNS w niektórych sieciach.",
"internalResourceDownstreamSchemeRequired": "Schemat jest wymagany dla zasobów HTTP",
"internalResourceHttpPortRequired": "Port docelowy jest wymagany dla zasobów HTTP",
"siteConfiguration": "Konfiguracja",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Zdalne węzły",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Sekret",
+ "remoteExitNodeNetworkingTitle": "Ustawienia sieciowe",
+ "remoteExitNodeNetworkingDescription": "Skonfiguruj, jak ten zdalny węzeł wyjściowy przekierowuje ruch i które strony preferują połączenie przez niego. Zaawansowane funkcje do użycia z konfiguracją sieci backhaul.",
+ "remoteExitNodeNetworkingSave": "Zapisz ustawienia",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Ustawienia sieciowe zapisane",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Ustawienia sieciowe zostały pomyślnie zaktualizowane.",
+ "remoteExitNodeNetworkingSaveError": "Nie udało się zapisać ustawień sieciowych",
+ "remoteExitNodeNetworkingSubnetsTitle": "Zdalne Podsieci",
+ "remoteExitNodeNetworkingSubnetsDescription": "Zdefiniuj zakresy CIDR, które ten zdalny węzeł wyjściowy przekieruje ruch do. Wpisz prawidłowy CIDR (np. 10.0.0.0/8) i naciśnij Enter, aby dodać.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Dodaj zakres CIDR (np. 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Nie udało się załadować podsieci",
+ "remoteExitNodeNetworkingLabelsTitle": "Etykiety preferencji",
+ "remoteExitNodeNetworkingLabelsDescription": "Strony z tymi etykietami będą zmuszone do połączenia się przez ten zdalny węzeł wyjściowy.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Wybierz etykiety...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Szukaj etykiet...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Nie udało się załadować etykiet",
"remoteExitNodeCreate": {
"title": "Utwórz zdalny węzeł",
"description": "Utwórz nowy, samodzielnie hostowany węzeł przekaźnika zdalnego i serwera proxy",
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Dostawca Google OAuth2/OIDC",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Podsieć",
+ "utilitySubnet": "Użyteczna podsieć",
"subnetDescription": "Podsieć dla konfiguracji sieci tej organizacji.",
"customDomain": "Niestandardowa domena",
"authPage": "Strony uwierzytelniania",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Brakuje identyfikatora organizacji lub domeny",
"loadingDNSRecords": "Ładowanie rekordów DNS...",
"olmUpdateAvailableInfo": "Dostępna jest zaktualizowana wersja Olm. Zaktualizuj do najnowszej wersji, aby uzyskać najlepsze doświadczenia.",
+ "updateAvailableInfo": "Dostępna jest zaktualizowana wersja. Zaktualizuj do najnowszej wersji, aby uzyskać najlepsze wrażenia z użytkowania.",
"client": "Klient",
"proxyProtocol": "Ustawienia protokołu proxy",
"proxyProtocolDescription": "Skonfiguruj protokół Proxy aby zachować adresy IP klienta dla usług TCP.",
"enableProxyProtocol": "Włącz protokół proxy",
"proxyProtocolInfo": "Zachowaj adresy IP klienta dla backendów TCP",
"proxyProtocolVersion": "Wersja protokołu proxy",
- "version1": " Wersja 1 (zalecane)",
+ "version1": "Wersja 1 (Zalecane)",
"version2": "Wersja 2",
- "versionDescription": "Wersja 1 jest oparta na tekście i szeroko wspierana. Wersja 2 jest binarna i bardziej efektywna, ale mniej kompatybilna.",
+ "version1Description": "Oparta na tekście i szeroko wspierana. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
+ "version2Description": "Binarna i bardziej efektywna, ale mniej kompatybilna. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
"warning": "Ostrzeżenie",
"proxyProtocolWarning": "Aplikacja backend musi być skonfigurowana do akceptowania połączeń protokołu proxy. Jeśli Twój backend nie obsługuje protokołu Proxy, włączenie tego spowoduje przerwanie wszystkich połączeń, więc włącz to tylko jeśli wiesz, co robisz. Upewnij się, że konfiguracja twojego backendu do zaufanych nagłówków protokołu proxy z Traefik.",
"restarting": "Restartowanie...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Wprowadź potwierdzenie",
"blueprintViewDetails": "Szczegóły",
"defaultIdentityProvider": "Domyślny dostawca tożsamości",
- "defaultIdentityProviderDescription": "Gdy zostanie wybrany domyślny dostawca tożsamości, użytkownik zostanie automatycznie przekierowany do dostawcy w celu uwierzytelnienia.",
+ "defaultIdentityProviderDescription": "Użytkownik zostanie automatycznie przekierowany do tego dostawcy tożsamości w celu uwierzytelnienia.",
"editInternalResourceDialogNetworkSettings": "Ustawienia sieci",
"editInternalResourceDialogAccessPolicy": "Polityka dostępowa",
"editInternalResourceDialogAddRoles": "Dodaj role",
@@ -2937,11 +3206,12 @@
"learnMore": "Dowiedz się więcej",
"backToHome": "Wróć do strony głównej",
"needToSignInToOrg": "Czy potrzebujesz użyć dostawcy tożsamości organizacji?",
- "maintenanceMode": "Tryb konserwacji",
+ "maintenanceMode": "Strona konserwacji",
"maintenanceModeDescription": "Wyświetl stronę konserwacyjną odwiedzającym",
"maintenanceModeType": "Typ trybu konserwacji",
"showMaintenancePage": "Pokaż odwiedzającym stronę konserwacji",
"enableMaintenanceMode": "Włącz tryb konserwacji",
+ "enableMaintenanceModeDescription": "Gdy włączone, odwiedzający zobaczą stronę konserwacyjną zamiast Twojego zasobu.",
"automatic": "Automatycznie",
"automaticModeDescription": "Pokaż stronę konserwacyjną tylko wtedy, gdy wszystkie cele zaplecza są wyłączone lub niezdrowe. Twój zasób działa nadal normalnie, o ile przynajmniej jeden cel jest zdrowy.",
"forced": "Wymuszone",
@@ -2949,6 +3219,8 @@
"warning:": "Ostrzeżenie:",
"forcedeModeWarning": "Cały ruch zostanie skierowany na stronę konserwacyjną. Twoje zasoby zaplecza nie otrzymają żadnych żądań.",
"pageTitle": "Tytuł strony",
+ "maintenancePageContentSubsection": "Zawartość strony",
+ "maintenancePageContentSubsectionDescription": "Dostosuj treść wyświetlaną na stronie konserwacyjnej",
"pageTitleDescription": "Główny nagłówek wyświetlany na stronie konserwacyjnej",
"maintenancePageMessage": "Komunikat konserwacyjny",
"maintenancePageMessagePlaceholder": "Wrócimy wkrótce! Nasza strona przechodzi obecnie zaplanowaną konserwację.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Szacowane zakończenie:",
"createInternalResourceDialogDestinationRequired": "Miejsce docelowe jest wymagane",
"available": "Dostępny",
+ "disabledResourceDescription": "Kiedy wyłączone, zasób będzie niedostępny dla wszystkich.",
"archived": "Zarchiwizowane",
"noArchivedDevices": "Nie znaleziono zarchiwizowanych urządzeń",
"deviceArchived": "Urządzenie zarchiwizowane",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Czy na pewno chcesz odłączyć tego dostawcę tożsamości od tej organizacji?",
"idpUnassociateDescription": "Wszystkie użytkownicy powiązani z tym dostawcą tożsamości zostaną usunięci z tej organizacji, ale dostawca tożsamości będzie nadal istniał dla innych powiązanych organizacji.",
"idpUnassociateConfirm": "Potwierdź odłączenie dostawcy tożsamości",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "USUŃ I USUŃ MNIE Z ORGANIZACJI",
+ "idpUnassociateAndRemoveMeFromOrg": "ODSTAW I USUŃ MNIE Z ORGANIZACJI",
"idpUnassociateWarning": "Tego nie można cofnąć dla tej organizacji.",
"idpUnassociatedDescription": "Dostawca tożsamości pomyślnie odłączony od tej organizacji",
"idpUnassociateMenu": "Odłącz",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Biała lista e-mail",
"memberPortalResourceDisabled": "Zasób wyłączony",
"memberPortalShowingResources": "Wyświetlanie zasobów od {start} do {end} z {total}",
+ "resourceLauncherTitle": "Uruchamiacz Zasobów",
+ "resourceLauncherDescription": "Przeglądaj szczegóły zasobów i uruchamiaj je z jednego miejsca",
+ "resourceLauncherSearchPlaceholder": "Szukaj we wszystkich stronach...",
+ "resourceLauncherDefaultView": "Domyślny",
+ "resourceLauncherSaveView": "Zapisz Widok",
+ "resourceLauncherSaveToCurrentView": "Zapisz do bieżącego widoku",
+ "resourceLauncherResetView": "Resetuj Widok",
+ "resourceLauncherSaveAsNewView": "Zapisz jako Nowy Widok",
+ "resourceLauncherSaveAsNewViewDescription": "Nadaj nazwę temu widokowi, aby zapisać swoje bieżące filtry i układ.",
+ "resourceLauncherSaveForEveryone": "Zapisz dla wszystkich",
+ "resourceLauncherSaveForEveryoneDescription": "Udostępnij ten widok wszystkim członkom organizacji. Gdy jest niezaznaczone, widok jest widoczny tylko dla Ciebie.",
+ "resourceLauncherMakePersonal": "Zrób osobisty",
+ "resourceLauncherFilter": "Filtr",
+ "resourceLauncherSort": "Sortuj",
+ "resourceLauncherSortAscending": "Sortuj rosnąco",
+ "resourceLauncherSortDescending": "Sortuj malejąco",
+ "resourceLauncherSettings": "Ustawienia",
+ "resourceLauncherGroupBy": "Grupuj według",
+ "resourceLauncherGroupBySite": "Witryna",
+ "resourceLauncherGroupByLabel": "Etykieta",
+ "resourceLauncherLayout": "Układ",
+ "resourceLauncherLayoutGrid": "Siatka",
+ "resourceLauncherLayoutList": "Lista",
+ "resourceLauncherShowLabels": "Pokaż etykiety",
+ "resourceLauncherShowSiteTags": "Pokaż tagi stron",
+ "resourceLauncherShowRecents": "Pokaż ostatnie",
+ "resourceLauncherDeleteView": "Usuń Widok",
+ "resourceLauncherViewAsAdmin": "Przeglądaj jako Administrator",
+ "resourceLauncherResourceDetailsDescription": "Pokaż szczegóły tego zasobu.",
+ "resourceLauncherUnlabeled": "Bez etykiety",
+ "resourceLauncherNoSite": "Brak strony",
+ "resourceLauncherNoResourcesInGroup": "W tej grupie nie ma zasobów",
+ "resourceLauncherEmptyStateTitle": "Brak dostępnych zasobów",
+ "resourceLauncherEmptyStateDescription": "Jeszcze nie masz dostępu do żadnych zasobów. Skontaktuj się z administratorem, aby poprosić o dostęp.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Nie znaleziono zasobów",
+ "resourceLauncherEmptyStateNoResultsDescription": "Żadne zasoby nie spełniają twojego bieżącego wyszukiwania lub filtrów. Spróbuj je dostosować, aby znaleźć to, czego szukasz.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Żadne zasoby nie odpowiadają \"{query}\". Spróbuj dostosować swoje wyszukiwanie lub usunąć filtry, aby zobaczyć wszystkie zasoby.",
+ "resourceLauncherCopiedToClipboard": "Skopiowano do schowka",
+ "resourceLauncherCopiedAccessDescription": "Dostęp do zasobu został skopiowany do schowka.",
+ "resourceLauncherViewNamePlaceholder": "Nazwa widoku",
+ "resourceLauncherViewNameLabel": "Nazwa Widoku",
+ "resourceLauncherViewSaved": "Widok zapisany",
+ "resourceLauncherViewSavedDescription": "Twój widok uruchamiacza został zapisany.",
+ "resourceLauncherViewSaveFailed": "Nie udało się zapisać widoku",
+ "resourceLauncherViewSaveFailedDescription": "Nie można zapisać widoku uruchamiacza. Proszę spróbować ponownie.",
+ "resourceLauncherViewDeleted": "Widok usunięty",
+ "resourceLauncherViewDeletedDescription": "Widok uruchamiacza został usunięty.",
+ "resourceLauncherViewDeleteFailed": "Nie udało się usunąć widoku",
+ "resourceLauncherViewDeleteFailedDescription": "Nie można usunąć widoku uruchamiacza. Proszę spróbować ponownie.",
"memberPortalPrevious": "Poprzedni",
- "memberPortalNext": "Następny"
+ "memberPortalNext": "Następny",
+ "httpSettings": "Ustawienia HTTP",
+ "tcpSettings": "Ustawienia TCP",
+ "udpSettings": "Ustawienia UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Nawiązywanie bezpiecznego połączenia…",
+ "sshConnecting": "Łączenie…",
+ "sshInitializing": "Inicjalizacja…",
+ "sshSignInTitle": "Zaloguj się do SSH",
+ "sshSignInDescription": "Wprowadź poświadczenia SSH, aby się połączyć",
+ "sshPasswordTab": "Hasło",
+ "sshPrivateKeyTab": "Klucz prywatny",
+ "sshPrivateKeyField": "Klucz prywatny",
+ "sshPrivateKeyDisclaimer": "Twój klucz prywatny nie jest przechowywany ani widoczny dla Pangolin. Alternatywnie, możesz używać certyfikatów krótkoterminowych do bezproblemowego uwierzytelniania za pomocą Twojej istniejącej tożsamości Pangolin.",
+ "sshLearnMore": "Dowiedz się więcej",
+ "sshPrivateKeyFile": "Plik klucza prywatnego",
+ "sshAuthenticate": "Połącz",
+ "sshTerminate": "Zakończ",
+ "sshPoweredBy": "Obsługiwane przez",
+ "sshErrorNoTarget": "Nie określono celu",
+ "sshErrorWebSocket": "Połączenie WebSocket nie powiodło się",
+ "sshErrorAuthFailed": "Uwierzytelnianie nie powiodło się",
+ "sshErrorConnectionClosed": "Połączenie zamknięte przed ukończeniem uwierzytelniania",
+ "sitePangolinSshDescription": "Pozwól na dostęp SSH do zasobów na tej stronie. Można to zmienić później.",
+ "browserGatewayNoResourceForDomain": "Nie znaleziono zasobu dla tej domeny",
+ "browserGatewayNoTarget": "Brak celu",
+ "browserGatewayConnect": "Połącz",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Nie udało się podpisać klucza SSH dla uwierzytelniania PAM. Czy zalogowałeś się jako użytkownik?",
+ "sshTerminalError": "Błąd: {error}",
+ "sshConnectionClosedCode": "Połączenie zamknięte (kod {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Wymagany jest klucz prywatny",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Wprowadź swoje dane uwierzytelniające VNC aby się połączyć",
+ "vncUsernameOptional": "Nazwa użytkownika (opcjonalnie)",
+ "vncPasswordOptional": "Hasło (opcjonalne)",
+ "vncNoResourceTarget": "Brak dostępnego celu zasobu",
+ "vncFailedToLoadNovnc": "Błąd ładowania noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Wklej schowek",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Zaloguj się na Pulpit Zdalny",
+ "rdpSignInDescription": "Wprowadź poświadczenia Windows, aby się połączyć",
+ "rdpLoadingModule": "Ładowanie modułu...",
+ "rdpFailedToLoadModule": "Nie udało się załadować modułu RDP",
+ "rdpNotReady": "Nie gotowy",
+ "rdpModuleInitializing": "Moduł RDP jest nadal inicjalizowany",
+ "rdpDownloadingFiles": "Pobieranie {count} pliku(ów) zdalnego…",
+ "rdpDownloadFailed": "Nie udało się pobrać: {fileName}",
+ "rdpUploaded": "Przesłano: {fileName}",
+ "rdpNoConnectionTarget": "Brak dostępnego celu połączenia",
+ "rdpConnectionFailed": "Połączenie niepowiodło się",
+ "rdpFit": "Dopasuj",
+ "rdpFull": "Pełny",
+ "rdpReal": "Rzeczywisty",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Prześlij pliki",
+ "rdpFilesReadyToPaste": "Pliki gotowe do wklejenia",
+ "rdpFilesReadyToPasteDescription": "Skopiowano {count} plik(-ów/-i) do zdalnego schowka — naciśnij Ctrl+V na zdalnym pulpicie, aby wkleić.",
+ "rdpUploadFailed": "Niepowodzenie przesyłania",
+ "rdpUnicodeKeyboardMode": "Tryb klawiatury Unicode",
+ "sessionToolbarShow": "Pokaż pasek narzędzi",
+ "sessionToolbarHide": "Ukryj pasek narzędzi"
}
diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 0604c1caf..1f47d92b8 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -66,9 +66,15 @@
"local": "Localização",
"edit": "Alterar",
"siteConfirmDelete": "Confirmar que pretende apagar o site",
+ "siteConfirmDeleteAndResources": "Confirmar Exclusão do Site e Recursos",
"siteDelete": "Excluir site",
+ "siteDeleteAndResources": "Excluir Site e Recursos",
"siteMessageRemove": "Uma vez removido, o site não estará mais acessível. Todas as metas associadas ao site também serão removidas.",
+ "siteMessageRemoveAndResources": "Isso excluirá permanentemente todos os recursos públicos e privados vinculados a este site, mesmo que um recurso também esteja associado a outros sites.",
"siteQuestionRemove": "Você tem certeza que deseja remover este site da organização?",
+ "siteQuestionRemoveAndResources": "Tem certeza de que deseja excluir este site e todos os recursos associados?",
+ "sitesTableDeleteSite": "Excluir Site",
+ "sitesTableDeleteSiteAndResources": "Excluir Site e Recursos",
"siteManageSites": "Gerir sites",
"siteDescription": "Criar e gerenciar sites para ativar a conectividade a redes privadas",
"sitesBannerTitle": "Conectar a Qualquer Rede",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Visualizar Recursos Privados",
"siteInstallNewt": "Instalar Novo",
"siteInstallNewtDescription": "Novo item em execução no seu sistema",
+ "siteInstallKubernetesDocsDescription": "Para mais informações atualizadas sobre a instalação do Kubernetes, veja docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Para instruções de instalação do modem da Advantech, veja docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Configuração do WireGuard",
"WgConfigurationDescription": "Use a seguinte configuração para conectar-se à rede",
"operatingSystem": "Sistema operacional",
@@ -115,6 +123,16 @@
"siteUpdated": "Site atualizado",
"siteUpdatedDescription": "O site foi atualizado.",
"siteGeneralDescription": "Configurar as configurações gerais para este site",
+ "siteRestartTitle": "Reiniciar site",
+ "siteRestartDescription": "Reinicie o túnel WireGuard para este site. Isso interromperá brevemente a conectividade.",
+ "siteRestartBody": "Use isso se o túnel do site não estiver funcionando corretamente e você quiser forçar uma reconexão sem reiniciar o host.",
+ "siteRestartButton": "Reiniciar site",
+ "siteRestartDialogMessage": "Tem certeza de que deseja reiniciar o túnel WireGuard para {name}? O site perderá brevemente a conectividade.",
+ "siteRestartWarning": "O site será desconectado brevemente enquanto o túnel reinicia.",
+ "siteRestarted": "Site reiniciado",
+ "siteRestartedDescription": "O túnel WireGuard foi reiniciado.",
+ "siteErrorRestart": "Falha ao reiniciar o site",
+ "siteErrorRestartDescription": "Ocorreu um erro ao reiniciar o site.",
"siteSettingDescription": "Configurar as configurações no site",
"siteResourcesTab": "Recursos",
"siteResourcesNoneOnSite": "Este site ainda não possui recursos públicos ou privados.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Você só será capaz de ver esta vez. Certifique-se de copiá-lo para um lugar seguro.",
"siteInfo": "Informações do Site",
"status": "SItuação",
- "shareTitle": "Gerir links partilhados",
+ "shareTitle": "Gerenciar Links Compartilháveis",
"shareDescription": "Criar links compartilháveis para conceder acesso temporário ou permanente aos recursos do proxy",
- "shareSearch": "Pesquisar links de compartilhamento...",
- "shareCreate": "Criar Link de Compartilhamento",
+ "shareSearch": "Pesquisar links compartilháveis...",
+ "shareCreate": "Criar Link Compartilhável",
"shareErrorDelete": "Falha ao apagar o link",
"shareErrorDeleteMessage": "Ocorreu um erro ao apagar o link",
"shareDeleted": "Link excluído",
"shareDeletedDescription": "O link foi eliminado",
- "shareDelete": "Excluir Link de Compartilhamento",
- "shareDeleteConfirm": "Confirmar Exclusão de Link de Compartilhamento",
+ "shareDelete": "Excluir Link Compartilhável",
+ "shareDeleteConfirm": "Confirmar exclusão do Link Compartilhável",
"shareQuestionRemove": "Tem certeza de que deseja excluir este link de compartilhamento?",
"shareMessageRemove": "Uma vez excluído, o link não funcionará mais e qualquer pessoa que o utilizar perderá o acesso ao recurso.",
"shareTokenDescription": "O token de acesso pode ser passado de duas maneiras: como um parâmetro de consulta ou nos cabeçalhos da solicitação. Estes devem ser passados do cliente em todas as solicitações para acesso autenticado.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Ocorreu um erro ao criar o link de compartilhamento",
"shareCreateDescription": "Qualquer um com este link pode aceder o recurso",
"shareTitleOptional": "Título (opcional)",
+ "sharePathOptional": "Caminho (opcional)",
+ "sharePathDescription": "O link redirecionará os usuários para este caminho após a autenticação.",
"expireIn": "Expira em",
"neverExpire": "Nunca expirar",
"shareExpireDescription": "Tempo de expiração é quanto tempo o link será utilizável e oferecerá acesso ao recurso. Após este tempo, o link não funcionará mais, e os utilizadores que usaram este link perderão acesso ao recurso.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Por favor, selecione um recurso",
"proxyResourceTitle": "Gerenciar Recursos Públicos",
"proxyResourceDescription": "Criar e gerenciar recursos que são acessíveis publicamente por meio de um navegador da web",
- "proxyResourcesBannerTitle": "Acesso Público via Web",
- "proxyResourcesBannerDescription": "Os recursos públicos são proxies HTTPS ou TCP/UDP acessíveis a qualquer pessoa na internet por meio de um navegador web. Ao contrário dos recursos privados, eles não requerem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
+ "publicResourcesBannerTitle": "Acesso Público Baseado em Web",
+ "publicResourcesBannerDescription": "Os recursos públicos são proxies HTTPS acessíveis a qualquer pessoa na internet através de um navegador web. Ao contrário dos recursos privados, eles não exigem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
"clientResourceTitle": "Gerenciar recursos privados",
"clientResourceDescription": "Criar e gerenciar recursos que só são acessíveis por meio de um cliente conectado",
"privateResourcesBannerTitle": "Acesso Privado com Confiança Zero",
@@ -208,11 +228,37 @@
"resourcesSearch": "Procurar recursos...",
"resourceAdd": "Adicionar Recurso",
"resourceErrorDelte": "Erro ao apagar recurso",
+ "resourcePoliciesBannerTitle": "Reutilizar Regras de Autenticação e Acesso",
+ "resourcePoliciesBannerDescription": "Políticas de recursos compartilhados permitem que você defina métodos de autenticação e regras de acesso apenas uma vez, e então as associe a vários recursos públicos. Quando você atualiza uma política, cada recurso vinculado herda a alteração automaticamente.",
+ "resourcePoliciesBannerButtonText": "Saiba mais",
+ "resourcePoliciesTitle": "Gerenciar Políticas de Recursos Públicos",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
+ "resourcePoliciesAttachedResources": "{count} recurso(s)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
+ "resourcePoliciesAttachedResourcesEmpty": "sem recursos",
+ "resourcePoliciesDescription": "Crie e gerencie políticas de autenticação para controlar o acesso aos seus recursos públicos",
+ "resourcePoliciesSearch": "Pesquisar políticas...",
+ "resourcePoliciesAdd": "Adicionar Política",
+ "resourcePoliciesDefaultBadgeText": "Política Padrão",
+ "resourcePoliciesCreate": "Criar Política de Recurso Público",
+ "resourcePoliciesCreateDescription": "Siga os passos abaixo para criar uma nova política",
+ "resourcePolicyName": "Nome da Política",
+ "resourcePolicyNameDescription": "Dê um nome a esta política para identificá-la em seus recursos",
+ "resourcePolicyNamePlaceholder": "ex.: Política de Acesso Interno",
+ "resourcePoliciesSeeAll": "Ver Todas as Políticas",
+ "resourcePolicyAuthMethodAdd": "Adicionar Método de Autenticação",
+ "resourcePolicyOtpEmailAdd": "Adicionar emails OTP",
+ "resourcePolicyRulesAdd": "Adicionar Regras",
+ "resourcePolicyAuthMethodsDescription": "Permitir acesso aos recursos via métodos de autenticação adicionais",
+ "resourcePolicyUsersRolesDescription": "Configure quais usuários e funções podem acessar os recursos associados",
+ "rulesResourcePolicyDescription": "Configure regras para controlar o acesso a recursos associados a esta política",
"authentication": "Autenticação",
"protected": "Protegido",
"notProtected": "Não Protegido",
"resourceMessageRemove": "Uma vez removido, o recurso não estará mais acessível. Todos os alvos associados ao recurso também serão removidos.",
"resourceQuestionRemove": "Você tem certeza que deseja remover o recurso da organização?",
+ "resourcePolicyMessageRemove": "Uma vez removida, a política de recurso não estará mais acessível. Todos os recursos associados serão desvinculados e deixados sem autenticação.",
+ "resourcePolicyQuestionRemove": "Tem certeza de que deseja remover a política de recurso da organização?",
"resourceHTTP": "Recurso HTTPS",
"resourceHTTPDescription": "Proxies requests sobre HTTPS usando um nome de domínio totalmente qualificado.",
"resourceRaw": "Recurso TCP/UDP bruto",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy solicita por TCP/UDP bruto usando um número de porta. Requer que sites se conectem a um nó remoto.",
"resourceCreate": "Criar Recurso",
"resourceCreateDescription": "Siga os passos abaixo para criar um novo recurso",
+ "resourceCreateGeneralDescription": "Configure as configurações gerais do recurso, incluindo o nome e o tipo",
"resourceSeeAll": "Ver todos os recursos",
- "resourceInfo": "Informação do recurso",
+ "resourceCreateGeneral": "Gerais",
"resourceNameDescription": "Este é o nome de exibição para o recurso.",
"siteSelect": "Selecionar site",
"siteSearch": "Procurar no site",
@@ -231,12 +278,15 @@
"noCountryFound": "Nenhum país encontrado.",
"siteSelectionDescription": "Este site fornecerá conectividade ao destino.",
"resourceType": "Tipo de Recurso",
- "resourceTypeDescription": "Determine como acessar o recurso",
+ "resourceTypeDescription": "Isso controla o protocolo do recurso e como ele será renderizado no navegador. Isso não pode ser alterado posteriormente.",
+ "resourceDomainDescription": "O recurso será servido neste nome de domínio totalmente qualificado.",
"resourceHTTPSSettings": "Configurações de HTTPS",
"resourceHTTPSSettingsDescription": "Configure como o recurso será acessado por HTTPS",
+ "resourcePortDescription": "A porta externa na instância ou nó Pangolin onde o recurso estará acessível.",
"domainType": "Tipo de domínio",
"subdomain": "Subdomínio",
"baseDomain": "Domínio Base",
+ "configure": "Configurar",
"subdomnainDescription": "O subdomínio onde o recurso será acessível.",
"resourceRawSettings": "Configurações TCP/UDP",
"resourceRawSettingsDescription": "Configurar como o recurso será acessado sobre TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Anterior",
"cancel": "cancelar",
"resourceConfig": "Snippets de Configuração",
- "resourceConfigDescription": "Copie e cole estes snippets de configuração para configurar o recurso TCP/UDP",
+ "resourceConfigDescription": "Copie e cole estes trechos de configuração para configurar o recurso TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Adicionar pontos de entrada",
"resourceExposePorts": "Gerbil: Expor Portas no Docker Compose",
"resourceLearnRaw": "Aprenda como configurar os recursos TCP/UDP",
"resourceBack": "Voltar aos recursos",
"resourceGoTo": "Ir para o Recurso",
+ "resourcePolicyDelete": "Excluir Política de Recurso",
+ "resourcePolicyDeleteConfirm": "Confirmar Exclusão da Política de Recurso",
"resourceDelete": "Excluir Recurso",
"resourceDeleteConfirm": "Confirmar que pretende apagar o recurso",
+ "labelDelete": "Excluir Etiqueta",
+ "labelAdd": "Adicionar Etiqueta",
+ "labelCreateSuccessMessage": "Etiqueta Criada com Sucesso",
+ "labelDuplicateError": "Etiqueta Duplicada",
+ "labelDuplicateErrorDescription": "Já existe uma etiqueta com este nome.",
+ "labelEditSuccessMessage": "Etiqueta Modificada com Sucesso",
+ "labelNameField": "Nome da Etiqueta",
+ "labelColorField": "Cor da Etiqueta",
+ "labelPlaceholder": "Ex: homelab",
+ "labelCreate": "Criar Etiqueta",
+ "createLabelDialogTitle": "Criar Etiqueta",
+ "createLabelDialogDescription": "Crie uma nova etiqueta que pode ser anexada a esta organização",
+ "labelEdit": "Editar Etiqueta",
+ "editLabelDialogTitle": "Atualizar Etiqueta",
+ "editLabelDialogDescription": "Edite uma nova etiqueta que pode ser anexada a esta organização",
+ "labelDeleteConfirm": "Confirmar Exclusão da Etiqueta",
+ "labelErrorDelete": "Falha ao excluir a etiqueta",
+ "labelMessageRemove": "Esta ação é permanente. Todos os sites, recursos e clientes etiquetados com esta etiqueta serão desmarcados.",
+ "labelQuestionRemove": "Tem certeza de que deseja remover a etiqueta da organização?",
"visibility": "Visibilidade",
"enabled": "Ativado",
"disabled": "Desabilitado",
@@ -265,6 +336,8 @@
"rules": "Regras",
"resourceSettingDescription": "Configure as configurações do recurso",
"resourceSetting": "Configurações do {resourceName}",
+ "resourcePolicySettingDescription": "Configure as configurações nesta política de recurso público",
+ "resourcePolicySetting": "Configurações de {policyName}",
"alwaysAllow": "Autenticação de bypass",
"alwaysDeny": "Bloquear Acesso",
"passToAuth": "Passar para Autenticação",
@@ -630,7 +703,7 @@
"createdAt": "Criado Em",
"proxyErrorInvalidHeader": "Valor do cabeçalho Host personalizado inválido. Use o formato de nome de domínio ou salve vazio para remover o cabeçalho Host personalizado.",
"proxyErrorTls": "Nome do Servidor TLS inválido. Use o formato de nome de domínio ou salve vazio para remover o Nome do Servidor TLS.",
- "proxyEnableSSL": "Habilitar TLS",
+ "proxyEnableSSL": "Ativar TLS",
"proxyEnableSSLDescription": "Habilitar criptografia SSL/TLS para conexões HTTPS seguras aos alvos.",
"target": "Target",
"configureTarget": "Configurar Alvos",
@@ -671,7 +744,7 @@
"targetSubmit": "Adicionar Alvo",
"targetNoOne": "Este recurso não tem nenhum alvo. Adicione um alvo para configurar para onde enviar solicitações para o backend.",
"targetNoOneDescription": "Adicionar mais de um alvo acima habilitará o balanceamento de carga.",
- "targetsSubmit": "Guardar Alvos",
+ "targetsSubmit": "Salvar Configurações",
"addTarget": "Adicionar Alvo",
"proxyMultiSiteRoundRobinNodeHelp": "O roteamento round robin não funcionará entre sites que não estão conectados ao mesmo nó, mas o failover funcionará.",
"targetErrorInvalidIp": "Endereço IP inválido",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Regra duplicada",
"rulesErrorDuplicateDescription": "Uma regra com estas configurações já existe",
"rulesErrorInvalidIpAddressRange": "CIDR inválido",
- "rulesErrorInvalidIpAddressRangeDescription": "Por favor, insira um valor CIDR válido",
- "rulesErrorInvalidUrl": "Caminho URL inválido",
- "rulesErrorInvalidUrlDescription": "Por favor, insira um valor de caminho URL válido",
- "rulesErrorInvalidIpAddress": "IP inválido",
- "rulesErrorInvalidIpAddressDescription": "Por favor, insira um endereço IP válido",
+ "rulesErrorInvalidIpAddressRangeDescription": "Digite um intervalo CIDR válido (ex.: 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Caminho inválido",
+ "rulesErrorInvalidUrlDescription": "Insira um caminho URL válido ou padrão (ex.: /api/*).",
+ "rulesErrorInvalidIpAddress": "Endereço IP inválido",
+ "rulesErrorInvalidIpAddressDescription": "Insira um endereço IPv4 ou IPv6 válido.",
"rulesErrorUpdate": "Falha ao atualizar regras",
"rulesErrorUpdateDescription": "Ocorreu um erro ao atualizar regras",
"rulesUpdated": "Ativar Regras",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "Insira um endereço no formato CIDR (ex: 103.21.244.0/22)",
"rulesMatchIpAddress": "Insira um endereço IP (ex: 103.21.244.12)",
"rulesMatchUrl": "Insira um caminho URL ou padrão (ex: /api/v1/todos ou /api/v1/*)",
- "rulesErrorInvalidPriority": "Prioridade Inválida",
- "rulesErrorInvalidPriorityDescription": "Por favor, insira uma prioridade válida",
- "rulesErrorDuplicatePriority": "Prioridades Duplicadas",
- "rulesErrorDuplicatePriorityDescription": "Por favor, insira prioridades únicas",
+ "rulesErrorInvalidPriority": "Prioridade inválida",
+ "rulesErrorInvalidPriorityDescription": "Digite um número inteiro de 1 ou mais.",
+ "rulesErrorDuplicatePriority": "Prioridades duplicadas",
+ "rulesErrorDuplicatePriorityDescription": "Cada regra deve ter um número de prioridade único.",
+ "rulesErrorValidation": "Regras inválidas",
+ "rulesErrorValidationRuleDescription": "Regra {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Selecione um tipo de correspondência válido (caminho, IP, CIDR, país, região ou ASN).",
+ "rulesErrorValueRequired": "Digite um valor para esta regra.",
+ "rulesErrorInvalidCountry": "País inválido",
+ "rulesErrorInvalidCountryDescription": "Selecione um país válido.",
+ "rulesErrorInvalidAsn": "ASN inválido",
+ "rulesErrorInvalidAsnDescription": "Insira um ASN válido (ex.: AS15169).",
"ruleUpdated": "Regras atualizadas",
"ruleUpdatedDescription": "Regras atualizadas com sucesso",
"ruleErrorUpdate": "Operação falhou",
"ruleErrorUpdateDescription": "Ocorreu um erro durante a operação de salvamento",
"rulesPriority": "Prioridade",
+ "rulesReorderDragHandle": "Arraste para reordenar a prioridade da regra",
"rulesAction": "Ação",
"rulesMatchType": "Tipo de Correspondência",
"value": "Valor",
@@ -744,9 +826,60 @@
"rulesResource": "Configuração de Regras do Recurso",
"rulesResourceDescription": "Configurar regras para controlar o acesso ao recurso",
"ruleSubmit": "Adicionar Regra",
- "rulesNoOne": "Sem regras. Adicione uma regra usando o formulário.",
+ "rulesNoOne": "Ainda não há regras.",
"rulesOrder": "As regras são avaliadas por prioridade em ordem ascendente.",
"rulesSubmit": "Guardar Regras",
+ "policyErrorCreate": "Erro ao criar política",
+ "policyErrorCreateDescription": "Ocorreu um erro ao criar a política",
+ "policyErrorCreateMessageDescription": "Ocorreu um erro inesperado",
+ "policyErrorUpdate": "Erro ao atualizar política",
+ "policyErrorUpdateDescription": "Ocorreu um erro ao atualizar a política",
+ "policyErrorUpdateMessageDescription": "Ocorreu um erro inesperado",
+ "policyCreatedSuccess": "Política de recurso criada com sucesso",
+ "policyUpdatedSuccess": "Política de recurso atualizada com sucesso",
+ "authMethodsSave": "Salvar Configurações",
+ "policyAuthStackTitle": "Autenticação",
+ "policyAuthStackDescription": "Controle quais métodos de autenticação são necessários para acessar este recurso",
+ "policyAuthOrLogicTitle": "Vários métodos de autenticação ativos",
+ "policyAuthOrLogicBanner": "Os visitantes podem autenticar-se usando qualquer um dos métodos ativos abaixo. Eles não precisam completar todos eles.",
+ "policyAuthMethodActive": "Ativo",
+ "policyAuthMethodOff": "Desligado",
+ "policyAuthSsoTitle": "SSO da Plataforma",
+ "policyAuthSsoDescription": "Exigir login pelo provedor de identidade da sua organização",
+ "policyAuthSsoSummary": "{idp} · {users} usuários, {roles} funções",
+ "policyAuthSsoDefaultIdp": "Provedor padrão",
+ "policyAuthAddDefaultIdentityProvider": "Adicionar Provedor de Identidade Padrão",
+ "policyAuthOtherMethodsTitle": "Outros Métodos",
+ "policyAuthOtherMethodsDescription": "Métodos opcionais que os visitantes podem usar em vez da SSO da plataforma ou junto com ela",
+ "policyAuthPasscodeTitle": "Código de Acesso",
+ "policyAuthPasscodeDescription": "Requer um código de acesso alfanumérico compartilhado para acessar o recurso",
+ "policyAuthPasscodeSummary": "Código de acesso definido",
+ "policyAuthPincodeTitle": "Código PIN",
+ "policyAuthPincodeDescription": "Um código numérico curto necessário para acessar o recurso",
+ "policyAuthPincodeSummary": "Código PIN de 6 dígitos definido",
+ "policyAuthEmailTitle": "Lista de E-mails Permitidos",
+ "policyAuthEmailDescription": "Permitir endereços de e-mail listados com senhas temporárias",
+ "policyAuthEmailSummary": "{count} endereços permitidos",
+ "policyAuthEmailOtpCallout": "Ativar a lista de e-mails permitidos envia uma senha temporária para o e-mail do visitante no login.",
+ "policyAuthHeaderAuthTitle": "Autenticação de Cabeçalho Básico",
+ "policyAuthHeaderAuthDescription": "Valide um nome e valor de cabeçalho HTTP personalizado em cada solicitação",
+ "policyAuthHeaderAuthSummary": "Cabeçalho configurado",
+ "policyAuthHeaderName": "Nome do Cabeçalho",
+ "policyAuthHeaderValue": "Valor esperado",
+ "policyAuthSetPasscode": "Definir Código de Acesso",
+ "policyAuthSetPincode": "Definir Código PIN",
+ "policyAuthSetEmailWhitelist": "Definir Lista de E-mails Permitidos",
+ "policyAuthSetHeaderAuth": "Definir Autenticação de Cabeçalho Básico",
+ "policyAccessRulesTitle": "Regras de Acesso",
+ "policyAccessRulesEnableDescription": "Quando ativadas, as regras são avaliadas em ordem decrescente até que uma delas seja verdadeira.",
+ "policyAccessRulesFirstMatch": "As regras são avaliadas de cima para baixo. A primeira regra correspondente decide o resultado.",
+ "policyAccessRulesHowItWorks": "As regras correspondem a solicitações por caminho, endereço IP, localização ou outros critérios. Cada regra aplica uma ação: ignorar autenticação, bloquear acesso ou passar para autenticação. Se nenhuma regra corresponder, o tráfego continua até a autenticação.",
+ "policyAccessRulesFallthroughOff": "Quando as regras estão desativadas, todo o tráfego passa para a autenticação.",
+ "policyAccessRulesFallthroughOn": "Quando nenhuma regra corresponde, o tráfego passa para a autenticação.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Guardar Regras",
"resourceErrorCreate": "Erro ao criar recurso",
"resourceErrorCreateDescription": "Ocorreu um erro ao criar o recurso",
"resourceErrorCreateMessage": "Erro ao criar recurso:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Ocorreu um erro ao atualizar o recurso",
"access": "Acesso",
"accessControl": "Controle de Acesso",
- "shareLink": "Link de Compartilhamento {resource}",
+ "shareLink": "Link Compartilhável {resource}",
"resourceSelect": "Selecionar recurso",
- "shareLinks": "Links de Compartilhamento",
+ "shareLinks": "Links Compartilháveis",
"share": "Links Compartilháveis",
"shareDescription2": "Crie links compartilháveis para recursos. Links fornecem acesso temporário ou ilimitado ao seu recurso. Você pode configurar a duração de expiração do link quando você criar um.",
"shareEasyCreate": "Fácil de criar e compartilhar",
@@ -810,6 +943,17 @@
"pincodeAdd": "Adicionar Código PIN",
"pincodeRemove": "Remover Código PIN",
"resourceAuthMethods": "Métodos de Autenticação",
+ "resourcePolicyAuthMethodsEmpty": "Nenhum método de autenticação",
+ "resourcePolicyOtpEmpty": "Sem senha única",
+ "resourcePolicyReadOnly": "Esta política é apenas leitura",
+ "resourcePolicyReadOnlyDescription": "Esta política de recurso é compartilhada entre vários recursos, você não pode editá-la nesta página.",
+ "editSharedPolicy": "Editar Política Compartilhada",
+ "resourcePolicyTypeSave": "Salvar Tipo de Recurso",
+ "resourcePolicySelect": "Selecionar política de recurso",
+ "resourcePolicySelectError": "Selecionar uma política de recurso",
+ "resourcePolicyNotFound": "Política não encontrada",
+ "resourcePolicySearch": "Pesquisar políticas",
+ "resourcePolicyRulesEmpty": "Nenhuma regra de autenticação",
"resourceAuthMethodsDescriptions": "Permitir acesso ao recurso via métodos de autenticação adicionais",
"resourceAuthSettingsSave": "Salvo com sucesso",
"resourceAuthSettingsSaveDescription": "As configurações de autenticação foram salvas",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Definir Código PIN",
"resourcePincodeSetupTitleDescription": "Defina um código PIN para proteger este recurso",
"resourceRoleDescription": "Administradores sempre podem aceder este recurso.",
+ "resourcePolicySelectTitle": "Política de Acesso ao Recurso",
+ "resourcePolicySelectDescription": "Selecione o tipo de política de recurso para autenticação",
+ "resourcePolicyTypeLabel": "Tipo de política",
+ "resourcePolicyLabel": "Política de recurso",
+ "resourcePolicyInline": "Política de Recurso Inline",
+ "resourcePolicyInlineDescription": "Política de Acesso abrange apenas este recurso",
+ "resourcePolicyShared": "Política de Recurso Compartilhada",
+ "resourcePolicySharedDescription": "Este recurso usa uma política compartilhada.",
+ "sharedPolicy": "Política Compartilhada",
+ "sharedPolicyNoneDescription": "Este recurso tem sua própria política.",
+ "resourceSharedPolicyOwnDescription": "Este recurso possui seus próprios controles de autenticação e regras de acesso.",
+ "resourceSharedPolicyInheritedDescription": "Este recurso herda de {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando uma política compartilhada. Algumas configurações de autenticação podem ser editadas neste recurso para adicionar à política. Para alterar a política subjacente, você deve editar para {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Este recurso está usando uma política compartilhada. Algumas regras de acesso podem ser editadas neste recurso. Para alterar a política subjacente, você deve editar {policyName}.",
"resourceUsersRoles": "Controlos de Acesso",
"resourceUsersRolesDescription": "Configure quais utilizadores e funções podem visitar este recurso",
"resourceUsersRolesSubmit": "Guardar Controlos de Acesso",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Visibilidade",
"resourceVisibilityTitleDescription": "Ativar ou desativar completamente a visibilidade do recurso",
"resourceGeneral": "Configurações Gerais",
- "resourceGeneralDescription": "Configure as configurações gerais para este recurso",
+ "resourceGeneralDescription": "Configure o nome, endereço e política de acesso para este recurso.",
+ "resourceGeneralDetailsSubsection": "Detalhes do Recurso",
+ "resourceGeneralDetailsSubsectionDescription": "Defina o nome de exibição, identificador e domínio publicamente acessível para este recurso.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Defina o nome de exibição, identificador e porta pública para este recurso.",
+ "resourceGeneralPublicAddressSubsection": "Endereço Público",
+ "resourceGeneralPublicAddressSubsectionDescription": "Configure como os usuários alcançarão este recurso.",
+ "resourceGeneralAuthenticationAccessSubsection": "Autenticação & Acesso",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Escolha se este recurso usa sua própria política ou herda de uma política compartilhada.",
"resourceEnable": "Ativar Recurso",
"resourceTransfer": "Transferir Recurso",
"resourceTransferDescription": "Transferir este recurso para um site diferente",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Ocorreu um problema ao ligar a {name}. Por favor, contacte o seu administrador.",
"idpErrorNotFound": "IdP não encontrado",
"inviteInvalid": "Convite Inválido",
+ "labels": "Etiquetas",
+ "orgLabelsDescription": "Gerencie etiquetas nesta organização.",
+ "addLabels": "Adicionar etiquetas",
+ "siteLabelsTab": "Etiquetas",
+ "siteLabelsDescription": "Gerencie etiquetas associadas a este site.",
+ "labelsNotFound": "Nenhuma etiqueta encontrada.",
+ "labelsEmptyCreateHint": "Comece a digitar acima para criar uma etiqueta.",
+ "labelSearch": "Pesquisar etiquetas",
+ "labelSearchOrCreate": "Pesquisar ou criar uma etiqueta",
+ "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
+ "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
+ "accessLabelFilterClear": "Limpar filtros de etiquetas",
+ "accessFilterClear": "Limpar filtros",
+ "selectColor": "Selecionar cor",
+ "createNewLabel": "Criar nova etiqueta na organização \"{label}\"",
"inviteInvalidDescription": "O link do convite é inválido.",
"inviteErrorWrongUser": "O convite não é para este utilizador",
"inviteErrorUserNotExists": "O utilizador não existe. Por favor, crie uma conta primeiro.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Aplicar Diagrama",
"actionListBlueprints": "Listar Modelos",
"actionGetBlueprint": "Obter Modelo",
+ "actionCreateOrgWideLauncherView": "Criar Visualização do Lançador para Toda a Organização",
"setupToken": "Configuração do Token",
"setupTokenDescription": "Digite o token de configuração do console do servidor.",
"setupTokenRequired": "Token de configuração é necessário",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Recursos",
"sidebarProxyResources": "Público",
"sidebarClientResources": "Privado",
+ "sidebarPolicies": "Políticas Compartilhadas",
+ "sidebarResourcePolicies": "Recursos Públicos",
"sidebarAccessControl": "Controle de Acesso",
"sidebarLogsAndAnalytics": "Registros e Análises",
"sidebarTeam": "Equipe",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Administrador",
"sidebarInvitations": "Convites",
"sidebarRoles": "Papéis",
- "sidebarShareableLinks": "Links",
+ "sidebarShareableLinks": "Links Compartilháveis",
"sidebarApiKeys": "Chaves API",
"sidebarProvisioning": "Provisionamento",
"sidebarSettings": "Configurações",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Site {id}",
"standaloneHcFilterResourceIdFallback": "Recurso {id}",
"blueprints": "Diagramas",
- "blueprintsDescription": "Aplicar configurações declarativas e ver execuções anteriores",
+ "blueprintsLog": "Registo dos Blueprint",
+ "blueprintsDescription": "Visualizar aplicações de blueprint passadas e seus resultados ou aplicar um novo blueprint",
"blueprintAdd": "Adicionar Diagrama",
"blueprintGoBack": "Ver todos os Diagramas",
"blueprintCreate": "Criar Diagrama",
@@ -1575,7 +1759,17 @@
"contents": "Conteúdo",
"parsedContents": "Conteúdo analisado (Somente Leitura)",
"enableDockerSocket": "Habilitar o Diagrama Docker",
- "enableDockerSocketDescription": "Ativar a scraping de rótulo Docker para rótulos de diagramas. Caminho de Socket deve ser fornecido para Newt.",
+ "enableDockerSocketDescription": "Ative a raspagem de etiquetas do Docker Socket para etiquetas de modelo. O caminho do Socket deve ser fornecido ao conector do site. Leia sobre como isso funciona na documentação.",
+ "newtAutoUpdate": "Ativar Atualização Automática do Site",
+ "newtAutoUpdateDescription": "Quando ativada, os conectores do site baixarão automaticamente a versão mais recente e reiniciarão por conta própria. Isto pode ser sobrescrito com base em cada site.",
+ "siteAutoUpdate": "Atualização Automática do Site",
+ "siteAutoUpdateLabel": "Ativar Atualização Automática",
+ "siteAutoUpdateDescription": "Quando ativado, o conector deste site baixará automaticamente a versão mais recente e reiniciará por si mesmo.",
+ "siteAutoUpdateOrgDefault": "Padrão da organização: {state}",
+ "siteAutoUpdateOverriding": "Substituindo configuração da organização",
+ "siteAutoUpdateResetToOrg": "Redefinir para Padrão da Organização",
+ "siteAutoUpdateEnabled": "ativado",
+ "siteAutoUpdateDisabled": "desabilitado",
"viewDockerContainers": "Ver contêineres Docker",
"containersIn": "Contêineres em {siteName}",
"selectContainerDescription": "Selecione qualquer contêiner para usar como hostname para este alvo. Clique em uma porta para usar uma porta.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Certificado",
"certificateStatusAutoRefreshHint": "Status atualiza automaticamente.",
"loading": "Carregando",
+ "loadingEllipsis": "Carregando...",
"loadingAnalytics": "Carregando Analytics",
"restart": "Reiniciar",
"domains": "Domínios",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Configuração da conta concluída! Bem-vindo ao Pangolin!",
"documentation": "Documentação",
"saveAllSettings": "Guardar Todas as Configurações",
- "saveResourceTargets": "Guardar Alvos",
- "saveResourceHttp": "Guardar Configurações de Proxy",
- "saveProxyProtocol": "Salvar configurações do protocolo de proxy",
+ "saveResourceTargets": "Salvar Configurações",
+ "saveResourceHttp": "Salvar Configurações",
+ "saveProxyProtocol": "Salvar Configurações",
"settingsUpdated": "Configurações atualizadas",
"settingsUpdatedDescription": "Configurações atualizadas com sucesso",
"settingsErrorUpdate": "Falha ao atualizar configurações",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Gerencie sua assinatura para as chaves de licenças auto-hospedadas pagas",
"billingCurrentKeys": "Chaves atuais",
"billingModifyCurrentPlan": "Modificar o Plano Atual",
+ "billingManageLicenseSubscriptionDescription": "Gerencie sua assinatura de chaves de licença auto-hospedadas pagas e baixe faturas.",
"billingConfirmUpgrade": "Confirmar a atualização",
"billingConfirmDowngrade": "Confirmar downgrade",
"billingConfirmUpgradeDescription": "Você está prestes a atualizar seu plano. Revise os novos limites e preços abaixo.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Sub-rede",
"addressDescription": "O endereço interno do cliente. Deve estar dentro da sub-rede da organização.",
"selectSites": "Selecionar sites",
+ "selectLabels": "Selecionar etiquetas",
"sitesDescription": "O cliente terá conectividade com os sites selecionados",
"clientInstallOlm": "Instalar Olm",
"clientInstallOlmDescription": "Execute o Olm em seu sistema",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Desconhecido",
"healthCheck": "Verificação de Saúde",
"configureHealthCheck": "Configurar Verificação de Saúde",
- "configureHealthCheckDescription": "Configure a monitorização de saúde para {target}",
+ "configureHealthCheckDescription": "Configure a monitorização para o seu recurso para garantir que ele esteja sempre disponível",
"enableHealthChecks": "Ativar Verificações de Saúde",
"healthCheckDisabledStateDescription": "Quando desativado, o site não realizará verificações de saúde e o estado será considerado desconhecido.",
"enableHealthChecksDescription": "Monitore a saúde deste alvo. Você pode monitorar um ponto de extremidade diferente do alvo, se necessário.",
"healthScheme": "Método",
"healthSelectScheme": "Selecione o Método",
- "healthCheckPortInvalid": "A porta do exame de saúde deve estar entre 1 e 65535",
+ "healthCheckPortInvalid": "A porta deve estar entre 1 e 65535",
"healthCheckPath": "Caminho",
"healthHostname": "IP / Nome do Host",
"healthPort": "Porta",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "O tempo está em segundos",
"requireDeviceApproval": "Exigir aprovação do dispositivo",
"requireDeviceApprovalDescription": "Usuários com esta função precisam de novos dispositivos aprovados por um administrador antes que eles possam se conectar e acessar recursos.",
+ "sshSettings": "Configurações SSH",
"sshAccess": "Acesso SSH",
+ "rdpSettings": "Configurações RDP",
+ "vncSettings": "Configurações VNC",
+ "sshServer": "Servidor SSH",
+ "rdpServer": "Servidor RDP",
+ "vncServer": "Servidor VNC",
+ "sshServerDescription": "Configure o método de autenticação, localização do daemon e destino do servidor",
+ "rdpServerDescription": "Configure o destino e a porta do servidor RDP",
+ "vncServerDescription": "Configure o destino e a porta do servidor VNC",
+ "sshServerMode": "Modo",
+ "sshServerModeStandard": "Servidor SSH Padrão",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Roteia comandos pela rede para um servidor SSH como o OpenSSH.",
+ "sshServerModeNative": "Servidor SSH Nativo",
+ "sshServerModeNativeDescription": "Executa comandos diretamente no host via Site Connector. Não é necessária configuração de rede.",
+ "sshAuthenticationMethod": "Método de Autenticação",
+ "sshAuthMethodManual": "Autenticação Manual",
+ "sshAuthMethodManualDescription": "Requer credenciais de host existentes. Ignora provisionamento automático.",
+ "sshAuthMethodAutomated": "Provisionamento Automatizado",
+ "sshAuthMethodAutomatedDescription": "Cria automaticamente usuários, grupos e permissões sudo no host.",
+ "sshAuthDaemonLocation": "Localização do Daemon de Autenticação",
+ "sshDaemonLocationSiteDescription": "Executa locais na máquina que hospeda o conector do site.",
+ "sshDaemonLocationRemote": "Em Host Remoto",
+ "sshDaemonLocationRemoteDescription": "Executa em uma máquina de destino separada na mesma rede.",
+ "sshDaemonDisclaimer": "Certifique-se de que seu host de destino está devidamente configurado para executar o daemon de autenticação antes de concluir esta configuração, ou o provisionamento falhará.",
+ "sshDaemonPort": "Porta do Daemon",
+ "sshServerDestination": "Destino do Servidor",
+ "sshServerDestinationDescription": "Configure o destino do servidor SSH",
+ "destination": "Destino",
+ "destinationRequired": "Destino é obrigatório.",
+ "domainRequired": "Domínio é obrigatório.",
+ "proxyPortRequired": "Porta é obrigatória.",
+ "invalidPathConfiguration": "Configuração de caminho inválida.",
+ "invalidRewritePathConfiguration": "Configuração de caminho de reescrita inválida.",
+ "bgTargetMultiSiteDisclaimer": "Selecionar vários sites permite roteamento resiliente e failover para alta disponibilidade.",
"roleAllowSsh": "Permitir SSH",
"roleAllowSshAllow": "Autorizar",
"roleAllowSshDisallow": "Anular",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.",
"sshSudo": "Permitir sudo",
"sshSudoCommands": "Comandos Sudo",
- "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo.",
+ "sshSudoCommandsDescription": "Lista de comandos que o usuário está autorizado a executar com sudo, separados por vírgulas, espaços ou novas linhas. Devem ser usados caminhos absolutos.",
"sshCreateHomeDir": "Criar Diretório Inicial",
"sshUnixGroups": "Grupos Unix",
- "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.",
+ "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino, separados por vírgulas, espaços ou novas linhas.",
+ "roleTextFieldPlaceholder": "Insira valores, ou solte um arquivo .txt ou .csv",
+ "roleTextImportTitle": "Importar de Arquivo",
+ "roleTextImportDescription": "Importando {fileName} para {fieldLabel}.",
+ "roleTextImportSkipHeader": "Pular Primeira Linha (Cabeçalho)",
+ "roleTextImportOverride": "Substituir Existente",
+ "roleTextImportAppend": "Anexar ao Existente",
+ "roleTextImportMode": "Modo de Importação",
+ "roleTextImportPreview": "Visualizar",
+ "roleTextImportItemCount": "{count, plural, =0 {Sem itens para importar} one {1 item para importar} other {# itens para importar}}",
+ "roleTextImportTotalCount": "{existing} existente + {imported} importado = {total} total",
+ "roleTextImportConfirm": "Importar",
+ "roleTextImportInvalidFile": "Tipo de arquivo não suportado",
+ "roleTextImportInvalidFileDescription": "Apenas arquivos .txt e .csv são suportados.",
+ "roleTextImportEmpty": "Nenhum item encontrado no arquivo",
+ "roleTextImportEmptyDescription": "O arquivo não contém quaisquer itens importáveis.",
"retryAttempts": "Tentativas de Repetição",
"expectedResponseCodes": "Códigos de Resposta Esperados",
"expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Esquema",
"editInternalResourceDialogEnableSsl": "Ativar TLS",
"editInternalResourceDialogEnableSslDescription": "Ativar criptografia SSL/TLS para conexões HTTPS seguras com o destino.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Site",
"selectSite": "Selecionar site...",
"multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# rótulo} other {# rótulos}}",
"noSitesFound": "Nenhum site encontrado.",
"createInternalResourceDialogProtocol": "Protocolo",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Esquema",
"createInternalResourceDialogScheme": "Esquema",
"createInternalResourceDialogEnableSsl": "Ativar TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "A faixa CIDR do recurso na rede do site.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Um alias de DNS interno opcional para este recurso.",
+ "internalResourceAliasLocalWarning": "Os aliases terminando em .local podem causar problemas de resolução devido ao mDNS em algumas redes.",
"internalResourceDownstreamSchemeRequired": "Esquema é obrigatório para recursos HTTP",
"internalResourceHttpPortRequired": "Porta de destino é obrigatória para recursos HTTP",
"siteConfiguration": "Configuração",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Nós remotos",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Chave Secreta",
+ "remoteExitNodeNetworkingTitle": "Configurações de Rede",
+ "remoteExitNodeNetworkingDescription": "Configure como este nó de saída remoto roteia o tráfego e quais sites preferem se conectar através dele. Recursos avançados para serem usados com configurações de rede de backhaul.",
+ "remoteExitNodeNetworkingSave": "Guardar Configurações",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Configurações de rede salvas",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "As configurações de rede foram atualizadas com sucesso.",
+ "remoteExitNodeNetworkingSaveError": "Falha ao guardar as configurações de rede",
+ "remoteExitNodeNetworkingSubnetsTitle": "Sub-redes Remotas",
+ "remoteExitNodeNetworkingSubnetsDescription": "Defina os intervalos de CIDR que este nó de saída remoto irá rotear o tráfego. Digite um CIDR válido (por exemplo, 10.0.0.0/8) e pressione Enter para adicionar.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Adicione um intervalo de CIDR (por exemplo, 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Falha ao carregar sub-redes",
+ "remoteExitNodeNetworkingLabelsTitle": "Etiquetas de Preferência",
+ "remoteExitNodeNetworkingLabelsDescription": "Os sites com essas etiquetas serão forçados a se conectar através deste nó de saída remoto.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Selecionar etiquetas...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Pesquisar etiquetas...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Falha ao carregar etiquetas",
"remoteExitNodeCreate": {
"title": "Criar Nó Remoto",
"description": "Crie um novo nó de retransmissão e proxy servidor auto-hospedado",
@@ -2233,7 +2499,7 @@
"description": "Servidor Pangolin auto-hospedado mais confiável e com baixa manutenção com sinos extras e assobiamentos",
"introTitle": "Pangolin Auto-Hospedado Gerenciado",
"introDescription": "é uma opção de implantação projetada para pessoas que querem simplicidade e confiança adicional, mantendo os seus dados privados e auto-hospedados.",
- "introDetail": "Com esta opção, você ainda roda seu próprio nó Pangolin - seus túneis, terminação TLS e tráfego todos permanecem no seu servidor. A diferença é que a gestão e a monitorização são geridos através do nosso painel de nuvem, que desbloqueia vários benefícios:",
+ "introDetail": "Com esta opção, você ainda roda seu próprio nó Pangolin - seus túneis, terminação TLS e tráfego permanecem no seu servidor. A diferença é que a gestão e a monitorização são feitas através do nosso painel de nuvem, que desbloqueia uma série de benefícios:",
"benefitSimplerOperations": {
"title": "Operações simples",
"description": "Não é necessário executar o seu próprio servidor de e-mail ou configurar um alerta complexo. Você receberá fora de caixa verificações de saúde e alertas de tempo de inatividade."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Provedor Google OAuth2/OIDC",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Sub-rede",
+ "utilitySubnet": "Sub-rede de utilidade",
"subnetDescription": "A sub-rede para a configuração de rede dessa organização.",
"customDomain": "Domínio Personalizado",
"authPage": "Páginas de Autenticação",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "ID da organização ou domínio está faltando",
"loadingDNSRecords": "Carregando registros DNS...",
"olmUpdateAvailableInfo": "Uma versão atualizada do Olm está disponível. Atualize para a versão mais recente para ter a melhor experiência.",
+ "updateAvailableInfo": "Uma versão atualizada está disponível. Por favor, atualize para a versão mais recente para uma melhor experiência.",
"client": "Cliente",
"proxyProtocol": "Configurações de Protocolo Proxy",
"proxyProtocolDescription": "Configurar o protocolo proxy para preservar endereços IP do cliente para serviços TCP.",
"enableProxyProtocol": "Habilitar protocolo proxy",
"proxyProtocolInfo": "Preservar endereços IP do cliente para backends TCP",
"proxyProtocolVersion": "Versão do Protocolo Proxy",
- "version1": " Versão 1 (recomendado)",
+ "version1": "Versão 1 (Recomendado)",
"version2": "Versão 2",
- "versionDescription": "A versão 1 é baseada em texto e amplamente suportada. A versão 2 é binária e mais eficiente, mas menos compatível.",
+ "version1Description": "Baseado em texto e amplamente suportado. Certifique-se de que o transporte dos servidores seja adicionado à configuração dinâmica.",
+ "version2Description": "Binário e mais eficiente, mas menos compatível. Certifique-se de que o transporte do servidor seja adicionado à configuração dinâmica.",
"warning": "ATENÇÃO",
"proxyProtocolWarning": "A aplicação de backend deve ser configurada para aceitar conexões de protocolo proxy. Se o seu backend não suporta o Protocolo de Proxy, habilitando isto quebrará todas as conexões, então só habilite isso se você souber o que está fazendo. Certifique-se de configurar seu backend para confiar nos cabeçalhos do protocolo proxy no Traefik.",
"restarting": "Reiniciando...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Inserir confirmação",
"blueprintViewDetails": "Detalhes",
"defaultIdentityProvider": "Provedor de Identidade Padrão",
- "defaultIdentityProviderDescription": "Quando um provedor de identidade padrão for selecionado, o usuário será automaticamente redirecionado para o provedor de autenticação.",
+ "defaultIdentityProviderDescription": "O usuário será redirecionado automaticamente para este provedor de identidade para autenticação.",
"editInternalResourceDialogNetworkSettings": "Configurações de Rede",
"editInternalResourceDialogAccessPolicy": "Política de Acesso",
"editInternalResourceDialogAddRoles": "Adicionar Funções",
@@ -2937,11 +3206,12 @@
"learnMore": "Saiba mais",
"backToHome": "Voltar para a página inicial",
"needToSignInToOrg": "Precisa usar o provedor de identidade da sua organização?",
- "maintenanceMode": "Modo de Manutenção",
+ "maintenanceMode": "Página de Manutenção",
"maintenanceModeDescription": "Exibir uma página de manutenção para os visitantes",
"maintenanceModeType": "Tipo de Modo de Manutenção",
"showMaintenancePage": "Mostrar uma página de manutenção para os visitantes",
"enableMaintenanceMode": "Ativar Modo de Manutenção",
+ "enableMaintenanceModeDescription": "Quando ativado, os visitantes verãos uma página de manutenção em vez do seu recurso.",
"automatic": "Automático",
"automaticModeDescription": "Exibir página de manutenção apenas quando todos os destinos de back-end estiverem inativos ou não saudáveis. Seu recurso continua funcionando normalmente desde que pelo menos um destino esteja saudável.",
"forced": "Forçado",
@@ -2949,6 +3219,8 @@
"warning:": "Aviso:",
"forcedeModeWarning": "Todo o tráfego será direcionado para a página de manutenção. Seus recursos de back-end não receberão nenhuma solicitação.",
"pageTitle": "Título da Página",
+ "maintenancePageContentSubsection": "Conteúdo da Página",
+ "maintenancePageContentSubsectionDescription": "Personalize o conteúdo exibido na página de manutenção",
"pageTitleDescription": "O título principal exibido na página de manutenção",
"maintenancePageMessage": "Mensagem de Manutenção",
"maintenancePageMessagePlaceholder": "Voltaremos em breve! Nosso site está passando por manutenção programada.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Conclusão Estimada:",
"createInternalResourceDialogDestinationRequired": "Destino é obrigatório",
"available": "Disponível",
+ "disabledResourceDescription": "Quando desativado, o recurso ficará inacessível para todos.",
"archived": "Arquivado",
"noArchivedDevices": "Nenhum dispositivo arquivado encontrado",
"deviceArchived": "Dispositivo arquivado",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Tem certeza de que deseja desassociar este provedor de identidade desta organização?",
"idpUnassociateDescription": "Todos os usuários associados a este provedor de identidade serão removidos desta organização, mas o provedor de identidade continuará a existir para outras organizações associadas.",
"idpUnassociateConfirm": "Confirmar Desassociação do Provedor de Identidade",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "DELETAR E REMOVER-ME DA ORGANIZAÇÃO",
+ "idpUnassociateAndRemoveMeFromOrg": "DESASSOCIAR E REMOVER-ME DA ORGANIZAÇÃO",
"idpUnassociateWarning": "Isso não pode ser desfeito para esta organização.",
"idpUnassociatedDescription": "Provedor de identidade desassociado desta organização com sucesso",
"idpUnassociateMenu": "Desassociar",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Lista de E-mails Permitidos",
"memberPortalResourceDisabled": "Recurso Desativado",
"memberPortalShowingResources": "Mostrando {start}-{end} de {total} recursos",
+ "resourceLauncherTitle": "Lançador de Recursos",
+ "resourceLauncherDescription": "Veja os detalhes do recurso e lance-os de um só lugar",
+ "resourceLauncherSearchPlaceholder": "Procurar todos os sites...",
+ "resourceLauncherDefaultView": "Padrão",
+ "resourceLauncherSaveView": "Salvar Visualização",
+ "resourceLauncherSaveToCurrentView": "Salvar na Visualização Atual",
+ "resourceLauncherResetView": "Redefinir Visualização",
+ "resourceLauncherSaveAsNewView": "Salvar como Nova Visualização",
+ "resourceLauncherSaveAsNewViewDescription": "Dê um nome a esta visualização para salvar os filtros e layout atuais.",
+ "resourceLauncherSaveForEveryone": "Salvar para Todos",
+ "resourceLauncherSaveForEveryoneDescription": "Compartilhe esta visualização com todos os membros da organização. Quando desmarcado, a visualização é visível apenas para você.",
+ "resourceLauncherMakePersonal": "Tornar Pessoal",
+ "resourceLauncherFilter": "Filtro",
+ "resourceLauncherSort": "Ordenar",
+ "resourceLauncherSortAscending": "Ordenar ascendente",
+ "resourceLauncherSortDescending": "Ordenar descendente",
+ "resourceLauncherSettings": "Configurações",
+ "resourceLauncherGroupBy": "Agrupar por",
+ "resourceLauncherGroupBySite": "Site",
+ "resourceLauncherGroupByLabel": "Marcador",
+ "resourceLauncherLayout": "Layout",
+ "resourceLauncherLayoutGrid": "Grade",
+ "resourceLauncherLayoutList": "Lista",
+ "resourceLauncherShowLabels": "Mostrar Marcadores",
+ "resourceLauncherShowSiteTags": "Mostrar Etiquetas de Site",
+ "resourceLauncherShowRecents": "Mostrar Recents",
+ "resourceLauncherDeleteView": "Excluir Visualização",
+ "resourceLauncherViewAsAdmin": "Visualizar como Administrador",
+ "resourceLauncherResourceDetailsDescription": "Veja detalhes deste recurso.",
+ "resourceLauncherUnlabeled": "Sem Etiqueta",
+ "resourceLauncherNoSite": "Sem Site",
+ "resourceLauncherNoResourcesInGroup": "Nenhum recurso neste grupo",
+ "resourceLauncherEmptyStateTitle": "Nenhum Recurso Disponível",
+ "resourceLauncherEmptyStateDescription": "Você não tem acesso a nenhum recurso ainda. Entre em contato com seu administrador para solicitar acesso.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Nenhum Recurso Encontrado",
+ "resourceLauncherEmptyStateNoResultsDescription": "Nenhum recurso corresponde à sua busca ou filtros atuais. Experimente ajustá-los para encontrar o que está procurando.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Nenhum recurso corresponde a \"{query}\". Tente ajustar sua busca ou limpar os filtros para ver todos os recursos.",
+ "resourceLauncherCopiedToClipboard": "Copiado para a área de transferência",
+ "resourceLauncherCopiedAccessDescription": "O acesso ao recurso foi copiado para sua área de transferência.",
+ "resourceLauncherViewNamePlaceholder": "Nome da Visualização",
+ "resourceLauncherViewNameLabel": "Nome da Visualização",
+ "resourceLauncherViewSaved": "Visualização salva",
+ "resourceLauncherViewSavedDescription": "Sua visualização do lançador foi salva.",
+ "resourceLauncherViewSaveFailed": "Falha ao salvar visualização",
+ "resourceLauncherViewSaveFailedDescription": "Não foi possível salvar a visualização do lançador. Por favor, tente novamente.",
+ "resourceLauncherViewDeleted": "Visualização excluída",
+ "resourceLauncherViewDeletedDescription": "A visualização do lançador foi excluída.",
+ "resourceLauncherViewDeleteFailed": "Falha ao excluir visualização",
+ "resourceLauncherViewDeleteFailedDescription": "Não foi possível excluir a visualização do lançador. Por favor, tente novamente.",
"memberPortalPrevious": "Anterior",
- "memberPortalNext": "Próximo"
+ "memberPortalNext": "Próximo",
+ "httpSettings": "Configurações HTTP",
+ "tcpSettings": "Configurações TCP",
+ "udpSettings": "Configurações UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Estabelecendo uma conexão segura…",
+ "sshConnecting": "A conectar…",
+ "sshInitializing": "A iniciar…",
+ "sshSignInTitle": "Entrar no SSH",
+ "sshSignInDescription": "Digite suas credenciais SSH para conectar",
+ "sshPasswordTab": "Palavra-passe",
+ "sshPrivateKeyTab": "Chave Privada",
+ "sshPrivateKeyField": "Chave Privada",
+ "sshPrivateKeyDisclaimer": "Sua chave privada não é armazenada ou visível para Pangolin. Alternativamente, você pode usar certificados de curta duração para autenticação perfeita usando sua identidade Pangolin existente.",
+ "sshLearnMore": "Saiba mais",
+ "sshPrivateKeyFile": "Arquivo de Chave Privada",
+ "sshAuthenticate": "Conectar",
+ "sshTerminate": "Terminar",
+ "sshPoweredBy": "Desenvolvido por",
+ "sshErrorNoTarget": "Nenhum alvo especificado",
+ "sshErrorWebSocket": "Falha na conexão WebSocket",
+ "sshErrorAuthFailed": "Falha na autenticação",
+ "sshErrorConnectionClosed": "Conexão encerrada antes de concluir a autenticação",
+ "sitePangolinSshDescription": "Permitir acesso SSH aos recursos deste site. Isso pode ser alterado mais tarde.",
+ "browserGatewayNoResourceForDomain": "Nenhum recurso encontrado para este domínio",
+ "browserGatewayNoTarget": "Sem alvo",
+ "browserGatewayConnect": "Conectar",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Falha ao assinar a chave SSH para autenticação PAM push. Você se conectou como um usuário?",
+ "sshTerminalError": "Erro: {error}",
+ "sshConnectionClosedCode": "Conexão encerrada (código {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "Chave privada é necessária",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Digite suas credenciais VNC para conectar",
+ "vncUsernameOptional": "Nome de usuário (opcional)",
+ "vncPasswordOptional": "Senha (opcional)",
+ "vncNoResourceTarget": "Nenhum alvo de recurso disponível",
+ "vncFailedToLoadNovnc": "Falha ao carregar noVNC",
+ "vncAuthFailedStatus": "Status {status}",
+ "vncPasteClipboard": "Colar conteúdo da área de transferência",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Conectar-se à Área de Trabalho Remota",
+ "rdpSignInDescription": "Digite as credenciais do Windows para conectar",
+ "rdpLoadingModule": "Carregando módulo...",
+ "rdpFailedToLoadModule": "Falha ao carregar módulo RDP",
+ "rdpNotReady": "Não está pronto",
+ "rdpModuleInitializing": "Módulo RDP ainda está inicializando",
+ "rdpDownloadingFiles": "Baixando {count} arquivo(s) do remoto…",
+ "rdpDownloadFailed": "Falha ao baixar: {fileName}",
+ "rdpUploaded": "Enviado: {fileName}",
+ "rdpNoConnectionTarget": "Nenhum alvo de conexão disponível",
+ "rdpConnectionFailed": "Conexão falhou",
+ "rdpFit": "Ajustar",
+ "rdpFull": "Completo",
+ "rdpReal": "Real",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Upload de arquivos",
+ "rdpFilesReadyToPaste": "Arquivos prontos para colar",
+ "rdpFilesReadyToPasteDescription": "{count} arquivo(s) copiado(s) para a área de transferência remota — pressione Ctrl+V na área de trabalho remota para colar.",
+ "rdpUploadFailed": "Falha no upload",
+ "rdpUnicodeKeyboardMode": "Modo de teclado Unicode",
+ "sessionToolbarShow": "Mostrar barra de ferramentas",
+ "sessionToolbarHide": "Ocultar barra de ferramentas"
}
diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index 0f3e48962..579a49c8f 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -66,9 +66,15 @@
"local": "Локальный",
"edit": "Редактировать",
"siteConfirmDelete": "Подтвердить удаление сайта",
+ "siteConfirmDeleteAndResources": "Подтвердите удаление сайта и ресурсов",
"siteDelete": "Удалить сайт",
+ "siteDeleteAndResources": "Удалить сайт и ресурсы",
"siteMessageRemove": "После удаления сайт больше не будет доступен. Все цели, связанные с сайтом, также будут удалены.",
+ "siteMessageRemoveAndResources": "Это навсегда удалит все общественные и частные ресурсы, связанные с этим сайтом, даже если ресурс также связан с другими сайтами.",
"siteQuestionRemove": "Вы уверены, что хотите удалить сайт из организации?",
+ "siteQuestionRemoveAndResources": "Вы уверены, что хотите удалить этот сайт и все связанные с ним ресурсы?",
+ "sitesTableDeleteSite": "Удалить сайт",
+ "sitesTableDeleteSiteAndResources": "Удалить сайт и ресурсы",
"siteManageSites": "Управление сайтами",
"siteDescription": "Создание и управление сайтами, чтобы включить подключение к приватным сетям",
"sitesBannerTitle": "Подключить любую сеть",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Просмотр частных ресурсов",
"siteInstallNewt": "Установить Newt",
"siteInstallNewtDescription": "Запустите Newt в вашей системе",
+ "siteInstallKubernetesDocsDescription": "Для получения дополнительной информации об установке Kubernetes, см. docs.pangolin.net/manage/sites/install-kubernetes.",
+ "siteInstallAdvantechDocsDescription": "Для инструкций по установке модема Advantech, см. docs.pangolin.net/manage/sites/install-advantech.",
"WgConfiguration": "Конфигурация WireGuard",
"WgConfigurationDescription": "Используйте следующую конфигурацию для подключения к сети",
"operatingSystem": "Операционная система",
@@ -115,6 +123,16 @@
"siteUpdated": "Сайт обновлён",
"siteUpdatedDescription": "Сайт был успешно обновлён.",
"siteGeneralDescription": "Настройте общие параметры для этого сайта",
+ "siteRestartTitle": "Перезагрузить сайт",
+ "siteRestartDescription": "Перезапустите туннель WireGuard для этого сайта. Это кратковременно прервет соединение.",
+ "siteRestartBody": "Используйте это, если туннель сайта не работает должным образом и вам нужно принудительно переподключиться без перезапуска хоста.",
+ "siteRestartButton": "Перезагрузить сайт",
+ "siteRestartDialogMessage": "Вы уверены, что хотите перезапустить туннель WireGuard для {name}? Сайт кратковременно потеряет соединение.",
+ "siteRestartWarning": "Сайт кратковременно отключится во время перезапуска туннеля.",
+ "siteRestarted": "Сайт перезапущен",
+ "siteRestartedDescription": "Туннель WireGuard был перезапущен.",
+ "siteErrorRestart": "Не удалось перезапустить сайт",
+ "siteErrorRestartDescription": "Произошла ошибка во время перезапуска сайта.",
"siteSettingDescription": "Настройка параметров на сайте",
"siteResourcesTab": "Ресурсы",
"siteResourcesNoneOnSite": "На этом сайте пока нет публичных или частных ресурсов.",
@@ -157,7 +175,7 @@
"shareDeleted": "Ссылка удалена",
"shareDeletedDescription": "Ссылка была успешно удалена",
"shareDelete": "Удалить общую ссылку",
- "shareDeleteConfirm": "Подтвердите удаление общей ссылки",
+ "shareDeleteConfirm": "Подтвердить удаление общей ссылки",
"shareQuestionRemove": "Вы уверены, что хотите удалить эту общую ссылку?",
"shareMessageRemove": "После удаления ссылка перестанет работать, и все, кто ее использует, потеряют доступ к ресурсу.",
"shareTokenDescription": "Токен доступа может быть передан двумя способами: как параметр запроса или в заголовках запроса. Они должны быть переданы от клиента по каждому запросу для аутентифицированного доступа.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Произошла ошибка при создании общей ссылки",
"shareCreateDescription": "Любой, у кого есть эта ссылка, может получить доступ к ресурсу",
"shareTitleOptional": "Заголовок (необязательно)",
+ "sharePathOptional": "Путь (необязательно)",
+ "sharePathDescription": "Ссылка перенаправит пользователей на этот путь после аутентификации.",
"expireIn": "Срок действия",
"neverExpire": "Бессрочный доступ",
"shareExpireDescription": "Срок действия - это период, в течение которого ссылка будет работать и предоставлять доступ к ресурсу. После этого времени ссылка перестанет работать, и пользователи, использовавшие эту ссылку, потеряют доступ к ресурсу.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Пожалуйста, выберите ресурс",
"proxyResourceTitle": "Управление публичными ресурсами",
"proxyResourceDescription": "Создание и управление ресурсами, которые доступны через веб-браузер",
- "proxyResourcesBannerTitle": "Общедоступный доступ через веб",
- "proxyResourcesBannerDescription": "Общедоступные ресурсы - это прокси-по HTTPS или TCP/UDP, доступные любому пользователю в Интернете через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать политики доступа на основе идентификации и контекста.",
+ "publicResourcesBannerTitle": "Веб-доступ к публичным ресурсам",
+ "publicResourcesBannerDescription": "Публичные ресурсы — это HTTPS-прокси, доступные для любого пользователя Интернета через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать в себя политики доступа, учитывающие идентичность и контекст.",
"clientResourceTitle": "Управление приватными ресурсами",
"clientResourceDescription": "Создание и управление ресурсами, которые доступны только через подключенный клиент",
"privateResourcesBannerTitle": "Частный доступ с нулевым доверием",
@@ -208,11 +228,37 @@
"resourcesSearch": "Поиск ресурсов...",
"resourceAdd": "Добавить ресурс",
"resourceErrorDelte": "Ошибка при удалении ресурса",
+ "resourcePoliciesBannerTitle": "Повторное использование правил аутентификации и доступа",
+ "resourcePoliciesBannerDescription": "Политики общих ресурсов позволяют один раз определить методы аутентификации и правила доступа, а затем прикреплять их к нескольким публичным ресурсам. Когда вы обновляете политику, каждое связанное с ней наследует изменение автоматически.",
+ "resourcePoliciesBannerButtonText": "Узнать больше",
+ "resourcePoliciesTitle": "Управление политиками публичных ресурсов",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Ресурсы",
+ "resourcePoliciesAttachedResources": "{count} ресурс(ов)",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} few {# ресурса} many {# ресурсов} other {# ресурсов}}",
+ "resourcePoliciesAttachedResourcesEmpty": "нет ресурсов",
+ "resourcePoliciesDescription": "Создание и управление политиками аутентификации для контроля доступа к вашим публичным ресурсам",
+ "resourcePoliciesSearch": "Поиск политик...",
+ "resourcePoliciesAdd": "Добавить политику",
+ "resourcePoliciesDefaultBadgeText": "Политика по умолчанию",
+ "resourcePoliciesCreate": "Создать политику публичного ресурса",
+ "resourcePoliciesCreateDescription": "Следуйте шагам ниже, чтобы создать новую политику",
+ "resourcePolicyName": "Имя политики",
+ "resourcePolicyNameDescription": "Дайте этой политике имя для идентификации ее в ваших ресурсах",
+ "resourcePolicyNamePlaceholder": "например, Политика внутреннего доступа",
+ "resourcePoliciesSeeAll": "Просмотреть все политики",
+ "resourcePolicyAuthMethodAdd": "Добавить метод аутентификации",
+ "resourcePolicyOtpEmailAdd": "Добавить OTP на email",
+ "resourcePolicyRulesAdd": "Добавить правила",
+ "resourcePolicyAuthMethodsDescription": "Разрешить доступ к ресурсам через дополнительные методы аутентификации",
+ "resourcePolicyUsersRolesDescription": "Настройте, какие пользователи и роли могут посещать связанные ресурсы",
+ "rulesResourcePolicyDescription": "Настройте правила для управления доступом к ресурсам, связанным с этой политикой",
"authentication": "Аутентификация",
"protected": "Защищён",
"notProtected": "Не защищён",
"resourceMessageRemove": "После удаления ресурс больше не будет доступен. Все целевые узлы, связанные с ресурсом, также будут удалены.",
"resourceQuestionRemove": "Вы уверены, что хотите удалить ресурс из организации?",
+ "resourcePolicyMessageRemove": "После удаления политика ресурса больше не будет доступна. Все ресурсы, связанные с ресурсом, будут отключены и останутся без аутентификации.",
+ "resourcePolicyQuestionRemove": "Вы уверены, что хотите удалить политику ресурса из организации?",
"resourceHTTP": "HTTPS-ресурс",
"resourceHTTPDescription": "Проксировать запросы через HTTPS с использованием полного доменного имени.",
"resourceRaw": "Сырой TCP/UDP-ресурс",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Прокси запросы через необработанный TCP/UDP с использованием номера порта. Требуется подключение сайтов к удаленному узлу.",
"resourceCreate": "Создание ресурса",
"resourceCreateDescription": "Следуйте инструкциям ниже для создания нового ресурса",
+ "resourceCreateGeneralDescription": "Настройте основные параметры ресурса, включая его имя и тип",
"resourceSeeAll": "Посмотреть все ресурсы",
- "resourceInfo": "Информация о ресурсе",
+ "resourceCreateGeneral": "Общие",
"resourceNameDescription": "Отображаемое имя ресурса.",
"siteSelect": "Выберите сайт",
"siteSearch": "Поиск сайта",
@@ -231,12 +278,15 @@
"noCountryFound": "Страна не найдена.",
"siteSelectionDescription": "Этот сайт предоставит подключение к цели.",
"resourceType": "Тип ресурса",
- "resourceTypeDescription": "Определить как получить доступ к ресурсу",
+ "resourceTypeDescription": "Это контролирует протокол ресурса и то, как он будет отображаться в браузере. Это нельзя изменить позже.",
+ "resourceDomainDescription": "Ресурс будет предоставлен по этому полностью определенному доменному имени.",
"resourceHTTPSSettings": "Настройки HTTPS",
"resourceHTTPSSettingsDescription": "Настройка доступа к ресурсу по HTTPS",
+ "resourcePortDescription": "Внешний порт на экземпляре или узле Pangolin, где ресурс будет доступен.",
"domainType": "Тип домена",
"subdomain": "Поддомен",
"baseDomain": "Базовый домен",
+ "configure": "Настроить",
"subdomnainDescription": "Поддомен, в котором ресурс будет доступен.",
"resourceRawSettings": "Настройки TCP/UDP",
"resourceRawSettingsDescription": "Настройка доступа к ресурсу по TCP/UDP",
@@ -247,14 +297,35 @@
"back": "Назад",
"cancel": "Отмена",
"resourceConfig": "Фрагменты конфигурации",
- "resourceConfigDescription": "Скопируйте и вставьте эти сниппеты для настройки TCP/UDP ресурса",
+ "resourceConfigDescription": "Скопируйте и вставьте эти фрагменты конфигурации для настройки ресурса TCP/UDP.",
"resourceAddEntrypoints": "Traefik: Добавить точки входа",
"resourceExposePorts": "Gerbil: Открыть порты в Docker Compose",
"resourceLearnRaw": "Узнайте, как настроить TCP/UDP-ресурсы",
"resourceBack": "Назад к ресурсам",
"resourceGoTo": "Перейти к ресурсу",
+ "resourcePolicyDelete": "Удалить политику ресурса",
+ "resourcePolicyDeleteConfirm": "Подтвердите удаление политики ресурса",
"resourceDelete": "Удалить ресурс",
"resourceDeleteConfirm": "Подтвердить удаление",
+ "labelDelete": "Удалить метку",
+ "labelAdd": "Добавить метку",
+ "labelCreateSuccessMessage": "Метка успешно создана",
+ "labelDuplicateError": "Повторяющаяся метка",
+ "labelDuplicateErrorDescription": "Метка с таким именем уже существует.",
+ "labelEditSuccessMessage": "Метка успешно изменена",
+ "labelNameField": "Название метки",
+ "labelColorField": "Цвет метки",
+ "labelPlaceholder": "Напр.: homelab",
+ "labelCreate": "Создать метку",
+ "createLabelDialogTitle": "Создать метку",
+ "createLabelDialogDescription": "Создайте новую метку, которая может быть прикреплена к этой организации",
+ "labelEdit": "Редактировать метку",
+ "editLabelDialogTitle": "Обновить метку",
+ "editLabelDialogDescription": "Измените новую метку, которую можно прикрепить к этой организации",
+ "labelDeleteConfirm": "Подтвердите удаление метки",
+ "labelErrorDelete": "Не удалось удалить метку",
+ "labelMessageRemove": "Это действие необратимо. Все сайты, ресурсы и клиенты, помеченные этой меткой, будут разметены.",
+ "labelQuestionRemove": "Вы уверены, что хотите удалить метку из организации?",
"visibility": "Видимость",
"enabled": "Включено",
"disabled": "Отключено",
@@ -265,6 +336,8 @@
"rules": "Правила",
"resourceSettingDescription": "Настройка параметров ресурса",
"resourceSetting": "Настройки {resourceName}",
+ "resourcePolicySettingDescription": "Настройте параметры этой политики публичного ресурса",
+ "resourcePolicySetting": "Настройки {policyName}",
"alwaysAllow": "Авторизация байпасса",
"alwaysDeny": "Блокировать доступ",
"passToAuth": "Переход к аутентификации",
@@ -671,7 +744,7 @@
"targetSubmit": "Добавить цель",
"targetNoOne": "Этот ресурс не имеет никаких целей. Добавьте цель для настройки, где отправлять запросы в бэкэнд.",
"targetNoOneDescription": "Добавление более одной цели выше включит балансировку нагрузки.",
- "targetsSubmit": "Сохранить цели",
+ "targetsSubmit": "Сохранить настройки",
"addTarget": "Добавить цель",
"proxyMultiSiteRoundRobinNodeHelp": "Роутинг с балансировкой нагрузки не будет работать между сайтами, не подключенными к одному и тому же узлу, но подмена будет работать.",
"targetErrorInvalidIp": "Неверный IP-адрес",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Дублирующее правило",
"rulesErrorDuplicateDescription": "Правило с такими настройками уже существует",
"rulesErrorInvalidIpAddressRange": "Неверный CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Пожалуйста, введите корректное значение CIDR",
- "rulesErrorInvalidUrl": "Неверный URL путь",
- "rulesErrorInvalidUrlDescription": "Пожалуйста, введите корректное значение URL пути",
- "rulesErrorInvalidIpAddress": "Неверный IP",
- "rulesErrorInvalidIpAddressDescription": "Пожалуйста, введите корректный IP адрес",
+ "rulesErrorInvalidIpAddressRangeDescription": "Введите действительный диапазон CIDR (например, 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Неверный путь",
+ "rulesErrorInvalidUrlDescription": "Введите действительный URL-путь или шаблон (например, /api/*).",
+ "rulesErrorInvalidIpAddress": "Недействительный IP адрес",
+ "rulesErrorInvalidIpAddressDescription": "Введите действительный адрес IPv4 или IPv6.",
"rulesErrorUpdate": "Не удалось обновить правила",
"rulesErrorUpdateDescription": "Произошла ошибка при обновлении правил",
"rulesUpdated": "Включить правила",
@@ -718,14 +791,23 @@
"rulesMatchIpAddress": "Введите IP адрес (например, 103.21.244.12)",
"rulesMatchUrl": "Введите URL путь или шаблон (например, /api/v1/todos или /api/v1/*)",
"rulesErrorInvalidPriority": "Неверный приоритет",
- "rulesErrorInvalidPriorityDescription": "Пожалуйста, введите корректный приоритет",
- "rulesErrorDuplicatePriority": "Дублирующие приоритеты",
- "rulesErrorDuplicatePriorityDescription": "Пожалуйста, введите уникальные приоритеты",
+ "rulesErrorInvalidPriorityDescription": "Введите целое число 1 или больше.",
+ "rulesErrorDuplicatePriority": "Повторяющиеся приоритеты",
+ "rulesErrorDuplicatePriorityDescription": "Каждое правило должно иметь уникальный номер приоритета.",
+ "rulesErrorValidation": "Неверные правила",
+ "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Выберите действительный тип совпадения (путь, IP, CIDR, страна, регион или ASN).",
+ "rulesErrorValueRequired": "Введите значение для этого правила.",
+ "rulesErrorInvalidCountry": "Недействительная страна",
+ "rulesErrorInvalidCountryDescription": "Выберите правильную страну.",
+ "rulesErrorInvalidAsn": "Недействительный ASN",
+ "rulesErrorInvalidAsnDescription": "Введите действительный ASN (например, AS15169).",
"ruleUpdated": "Правила обновлены",
"ruleUpdatedDescription": "Правила успешно обновлены",
"ruleErrorUpdate": "Операция не удалась",
"ruleErrorUpdateDescription": "Произошла ошибка во время операции сохранения",
"rulesPriority": "Приоритет",
+ "rulesReorderDragHandle": "Перетащите, чтобы изменить приоритет правила",
"rulesAction": "Действие",
"rulesMatchType": "Тип совпадения",
"value": "Значение",
@@ -744,9 +826,60 @@
"rulesResource": "Конфигурация правил ресурса",
"rulesResourceDescription": "Настройка правил для контроля доступа к ресурсу",
"ruleSubmit": "Добавить правило",
- "rulesNoOne": "Нет правил. Добавьте правило с помощью формы.",
+ "rulesNoOne": "Пока нет правил.",
"rulesOrder": "Правила оцениваются по приоритету в возрастающем порядке.",
"rulesSubmit": "Сохранить правила",
+ "policyErrorCreate": "Ошибка создания политики",
+ "policyErrorCreateDescription": "Произошла ошибка при создании политики",
+ "policyErrorCreateMessageDescription": "Произошла неожиданная ошибка",
+ "policyErrorUpdate": "Ошибка обновления политики",
+ "policyErrorUpdateDescription": "Произошла ошибка при обновлении политики",
+ "policyErrorUpdateMessageDescription": "Произошла неожиданная ошибка",
+ "policyCreatedSuccess": "Политика ресурса успешно создана",
+ "policyUpdatedSuccess": "Политика ресурса успешно обновлена",
+ "authMethodsSave": "Сохранить настройки",
+ "policyAuthStackTitle": "Аутентификация",
+ "policyAuthStackDescription": "Контроль, какие методы аутентификации требуются для доступа к этому ресурсу",
+ "policyAuthOrLogicTitle": "Несколько методов аутентификации активны",
+ "policyAuthOrLogicBanner": "Посетители могут аутентифицироваться, используя любой из активных методов ниже. Им не нужно выполнять все.",
+ "policyAuthMethodActive": "Активно",
+ "policyAuthMethodOff": "Отключено",
+ "policyAuthSsoTitle": "Платформа SSO",
+ "policyAuthSsoDescription": "Требуется войти через поставщика удостоверений вашей организации",
+ "policyAuthSsoSummary": "{idp} · {users} пользователей, {roles} ролей",
+ "policyAuthSsoDefaultIdp": "Поставщик по умолчанию",
+ "policyAuthAddDefaultIdentityProvider": "Добавить поставщика удостоверений по умолчанию",
+ "policyAuthOtherMethodsTitle": "Другие методы",
+ "policyAuthOtherMethodsDescription": "Дополнительные методы, которые посетители могут использовать вместо или вместе с платформой SSO",
+ "policyAuthPasscodeTitle": "Пароль",
+ "policyAuthPasscodeDescription": "Требуется общий буквенно-цифровой пароль для доступа к ресурсу",
+ "policyAuthPasscodeSummary": "Пароль установлен",
+ "policyAuthPincodeTitle": "ПИН-код",
+ "policyAuthPincodeDescription": "Краткий числовой код, необходимый для доступа к ресурсу",
+ "policyAuthPincodeSummary": "Установлен 6-значный PIN-код",
+ "policyAuthEmailTitle": "Белый список email",
+ "policyAuthEmailDescription": "Разрешить перечисленные email-адреса с одноразовыми паролями",
+ "policyAuthEmailSummary": "Разрешено адресов: {count}",
+ "policyAuthEmailOtpCallout": "Включение белого списка email отправляет одноразовый пароль на email посетителя при входе.",
+ "policyAuthHeaderAuthTitle": "Базовая аутентификация заголовка",
+ "policyAuthHeaderAuthDescription": "Проверка пользовательского имени и значения HTTP-заголовка для каждого запроса",
+ "policyAuthHeaderAuthSummary": "Заголовок настроен",
+ "policyAuthHeaderName": "Имя заголовка",
+ "policyAuthHeaderValue": "Ожидаемое значение",
+ "policyAuthSetPasscode": "Установить пароль",
+ "policyAuthSetPincode": "Установить ПИН-код",
+ "policyAuthSetEmailWhitelist": "Установить белый список email",
+ "policyAuthSetHeaderAuth": "Установить базовую аутентификацию заголовка",
+ "policyAccessRulesTitle": "Правила доступа",
+ "policyAccessRulesEnableDescription": "При включении правила оцениваются в порядке убывания до тех пор, пока одно из них не оценивается как истинное.",
+ "policyAccessRulesFirstMatch": "Правила оцениваются сверху вниз. Первое совпадающее правило определяет результат.",
+ "policyAccessRulesHowItWorks": "Правила сопоставляют запросы по пути, IP-адресу, местоположению или другим критериям. Каждое правило применяет действие: обойти аутентификацию, заблокировать доступ или передать для аутентификации. Если правило не подписано, трафик продолжается для аутентификации.",
+ "policyAccessRulesFallthroughOff": "Когда правила отключены, весь трафик проходит для аутентификации.",
+ "policyAccessRulesFallthroughOn": "Когда правило не совпадает, трафик проходит для аутентификации.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Сохранить правила",
"resourceErrorCreate": "Ошибка при создании ресурса",
"resourceErrorCreateDescription": "Произошла ошибка при создании ресурса",
"resourceErrorCreateMessage": "Ошибка создания ресурса:",
@@ -810,6 +943,17 @@
"pincodeAdd": "Добавить PIN-код",
"pincodeRemove": "Удалить PIN-код",
"resourceAuthMethods": "Методы аутентификации",
+ "resourcePolicyAuthMethodsEmpty": "Нет метода аутентификации",
+ "resourcePolicyOtpEmpty": "Нет одноразового пароля",
+ "resourcePolicyReadOnly": "Эта политика только для чтения",
+ "resourcePolicyReadOnlyDescription": "Эта политика ресурса разделяется между несколькими ресурсами, вы не можете улучшить ее на этой странице.",
+ "editSharedPolicy": "Редактировать общую политику",
+ "resourcePolicyTypeSave": "Сохранить тип ресурса",
+ "resourcePolicySelect": "Выберите политику ресурса",
+ "resourcePolicySelectError": "Выберите политику ресурса",
+ "resourcePolicyNotFound": "Политика не найдена",
+ "resourcePolicySearch": "Поиск политик",
+ "resourcePolicyRulesEmpty": "Нет правил аутентификации",
"resourceAuthMethodsDescriptions": "Разрешить доступ к ресурсу через дополнительные методы аутентификации",
"resourceAuthSettingsSave": "Успешно сохранено",
"resourceAuthSettingsSaveDescription": "Настройки аутентификации сохранены",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Установить PIN-код",
"resourcePincodeSetupTitleDescription": "Установите PIN-код для защиты этого ресурса",
"resourceRoleDescription": "Администраторы всегда имеют доступ к этому ресурсу.",
+ "resourcePolicySelectTitle": "Политика доступа к ресурсам",
+ "resourcePolicySelectDescription": "Выберите тип политики ресурса для аутентификации",
+ "resourcePolicyTypeLabel": "Тип политики",
+ "resourcePolicyLabel": "Политика ресурса",
+ "resourcePolicyInline": "Политика ресурса на месте",
+ "resourcePolicyInlineDescription": "Политика доступа ограничена только этим ресурсом",
+ "resourcePolicyShared": "Общая политика ресурса",
+ "resourcePolicySharedDescription": "Этот ресурс использует общую политику.",
+ "sharedPolicy": "Общая политика",
+ "sharedPolicyNoneDescription": "У этого ресурса есть своя политика.",
+ "resourceSharedPolicyOwnDescription": "У этого ресурса есть собственные средства управления аутентификацией и правилами доступа.",
+ "resourceSharedPolicyInheritedDescription": "Этот ресурс наследует от {policyName}.",
+ "resourceSharedPolicyAuthenticationNotice": "Этот ресурс использует общую политику. Некоторые настройки аутентификации можно изменить в этом ресурсе, чтобы добавить их в политику. Чтобы изменить основную политику, отредактируйте {policyName}.",
+ "resourceSharedPolicyRulesNotice": "Этот ресурс использует общую политику. Некоторые правила доступа могут быть отредактированы для этого ресурса. Чтобы изменить основную политику, вы должны отредактировать {policyName}.",
"resourceUsersRoles": "Контроль доступа",
"resourceUsersRolesDescription": "Выберите пользователей и роли с доступом к этому ресурсу",
"resourceUsersRolesSubmit": "Сохранить контроль доступа",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Видимость",
"resourceVisibilityTitleDescription": "Включите или отключите видимость ресурса",
"resourceGeneral": "Общие настройки",
- "resourceGeneralDescription": "Настройте общие параметры этого ресурса",
+ "resourceGeneralDescription": "Настройте имя, адрес и политику доступа для этого ресурса.",
+ "resourceGeneralDetailsSubsection": "Детали ресурса",
+ "resourceGeneralDetailsSubsectionDescription": "Установите отображаемое имя, идентификатор и публично доступный домен для этого ресурса.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Установите отображаемое имя, идентификатор и публичный порт для этого ресурса.",
+ "resourceGeneralPublicAddressSubsection": "Публичный адрес",
+ "resourceGeneralPublicAddressSubsectionDescription": "Настройте, как пользователи будут получать доступ к этому ресурсу.",
+ "resourceGeneralAuthenticationAccessSubsection": "Аутентификация и доступ",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Выберите, будет ли этот ресурс использовать собственную политику или наследовать от общей политики.",
"resourceEnable": "Ресурс активен",
"resourceTransfer": "Перенести ресурс",
"resourceTransferDescription": "Перенесите этот ресурс на другой сайт",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "Возникла проблема при подключении к {name}. Пожалуйста, свяжитесь с вашим администратором.",
"idpErrorNotFound": "IdP не найден",
"inviteInvalid": "Недействительное приглашение",
+ "labels": "Метки",
+ "orgLabelsDescription": "Управление метками в этой организации.",
+ "addLabels": "Добавить метки",
+ "siteLabelsTab": "Метки",
+ "siteLabelsDescription": "Управляйте метками, связанными с этим сайтом.",
+ "labelsNotFound": "Метки не найдены.",
+ "labelsEmptyCreateHint": "Начните печатать выше, чтобы создать метку.",
+ "labelSearch": "Поиск меток",
+ "labelSearchOrCreate": "Найти или создать метку",
+ "accessLabelFilterCount": "{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
+ "labelOverflowCount": "+{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
+ "accessLabelFilterClear": "Очистить фильтры меток",
+ "accessFilterClear": "Очистить фильтры",
+ "selectColor": "Выберите цвет",
+ "createNewLabel": "Создать новую метку организации \"{label}\"",
"inviteInvalidDescription": "Ссылка на приглашение недействительна.",
"inviteErrorWrongUser": "Приглашение не для этого пользователя",
"inviteErrorUserNotExists": "Пользователь не существует. Пожалуйста, сначала создайте учетную запись.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Применить чертёж",
"actionListBlueprints": "Список чертежей",
"actionGetBlueprint": "Получить чертёж",
+ "actionCreateOrgWideLauncherView": "Создать вид запуска на уровне организации",
"setupToken": "Код настройки",
"setupTokenDescription": "Введите токен настройки из консоли сервера.",
"setupTokenRequired": "Токен настройки обязателен",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Ресурсы",
"sidebarProxyResources": "Публичный",
"sidebarClientResources": "Приватный",
+ "sidebarPolicies": "Общие политики",
+ "sidebarResourcePolicies": "Публичные ресурсы",
"sidebarAccessControl": "Контроль доступа",
"sidebarLogsAndAnalytics": "Журналы и аналитика",
"sidebarTeam": "Команда",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Админ",
"sidebarInvitations": "Приглашения",
"sidebarRoles": "Роли",
- "sidebarShareableLinks": "Ссылки",
+ "sidebarShareableLinks": "Общие ссылки",
"sidebarApiKeys": "API ключи",
"sidebarProvisioning": "Подготовка",
"sidebarSettings": "Настройки",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Сайт {id}",
"standaloneHcFilterResourceIdFallback": "Ресурс {id}",
"blueprints": "Чертежи",
- "blueprintsDescription": "Применить декларирующие конфигурации и просмотреть предыдущие запуски",
+ "blueprintsLog": "Журнал чертежей",
+ "blueprintsDescription": "Просмотреть предыдущие приложения с чертежами и их результаты или применить новый чертеж",
"blueprintAdd": "Добавить чертёж",
"blueprintGoBack": "Посмотреть все чертежи",
"blueprintCreate": "Создать чертёж",
@@ -1575,7 +1759,17 @@
"contents": "Содержание",
"parsedContents": "Переработанное содержимое (только для чтения)",
"enableDockerSocket": "Включить чертёж Docker",
- "enableDockerSocketDescription": "Включить scraping ярлыка Docker Socket для ярлыков чертежей. Путь к сокету должен быть предоставлен в Newt.",
+ "enableDockerSocketDescription": "Включить сбор меток Docker Socket для чертежей. Путь сокета должен быть предоставлен подключателю сайта. Прочтите о том, как это работает, в документации.",
+ "newtAutoUpdate": "Включить автообновление сайта",
+ "newtAutoUpdateDescription": "При включении разъемы сайта автоматически загрузят последнюю версию и перезапустятся. Это можно переопределить на уровне каждого сайта.",
+ "siteAutoUpdate": "Автообновление сайта",
+ "siteAutoUpdateLabel": "Включить автообновление",
+ "siteAutoUpdateDescription": "При включении разъем этого сайта автоматически скачает последнюю версию и перезапустится.",
+ "siteAutoUpdateOrgDefault": "Значение по умолчанию для организации: {state}",
+ "siteAutoUpdateOverriding": "Переопределение настройки организации",
+ "siteAutoUpdateResetToOrg": "Сброс до значения по умолчанию для организации",
+ "siteAutoUpdateEnabled": "включено",
+ "siteAutoUpdateDisabled": "отключено",
"viewDockerContainers": "Просмотр контейнеров Docker",
"containersIn": "Контейнеры в {siteName}",
"selectContainerDescription": "Выберите любой контейнер для использования в качестве имени хоста для этой цели. Нажмите на порт, чтобы использовать порт.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Сертификат",
"certificateStatusAutoRefreshHint": "Статус обновляется автоматически.",
"loading": "Загрузка",
+ "loadingEllipsis": "Загрузка...",
"loadingAnalytics": "Загрузка аналитики",
"restart": "Перезагрузка",
"domains": "Домены",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Настройка аккаунта завершена! Добро пожаловать в Pangolin!",
"documentation": "Документация",
"saveAllSettings": "Сохранить все настройки",
- "saveResourceTargets": "Сохранить цели",
- "saveResourceHttp": "Сохранить настройки прокси",
- "saveProxyProtocol": "Сохранить настройки прокси-протокола",
+ "saveResourceTargets": "Сохранить настройки",
+ "saveResourceHttp": "Сохранить настройки",
+ "saveProxyProtocol": "Сохранить настройки",
"settingsUpdated": "Настройки обновлены",
"settingsUpdatedDescription": "Настройки успешно обновлены",
"settingsErrorUpdate": "Не удалось обновить настройки",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Управление подпиской на платные лицензионные ключи собственного хостинга",
"billingCurrentKeys": "Текущие ключи",
"billingModifyCurrentPlan": "Изменить текущий план",
+ "billingManageLicenseSubscriptionDescription": "Управление вашей подпиской на платные ключи лицензии для самостоятельной установки и загрузка счетов.",
"billingConfirmUpgrade": "Подтвердить обновление",
"billingConfirmDowngrade": "Подтверждение понижения",
"billingConfirmUpgradeDescription": "Вы собираетесь обновить тарифный план. Проверьте новые лимиты и цены ниже.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Подсеть",
"addressDescription": "Внутренний адрес клиента. Должен находиться в подсети организации.",
"selectSites": "Выберите сайты",
+ "selectLabels": "Выберите метки",
"sitesDescription": "Клиент будет иметь подключение к выбранным сайтам",
"clientInstallOlm": "Установить Olm",
"clientInstallOlmDescription": "Запустите Olm на вашей системе",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Неизвестно",
"healthCheck": "Проверка здоровья",
"configureHealthCheck": "Настроить проверку здоровья",
- "configureHealthCheckDescription": "Настройте мониторинг состояния для {target}",
+ "configureHealthCheckDescription": "Настройте мониторинг вашего ресурса, чтобы обеспечить его постоянную доступность",
"enableHealthChecks": "Включить проверки здоровья",
"healthCheckDisabledStateDescription": "Когда отключен, сайт не будет выполнять проверки состояния и состояние будет считаться неизвестным.",
"enableHealthChecksDescription": "Мониторинг здоровья этой цели. При необходимости можно контролировать другую конечную точку.",
"healthScheme": "Метод",
"healthSelectScheme": "Выберите метод",
- "healthCheckPortInvalid": "Порт проверки здоровья должен быть от 1 до 65535",
+ "healthCheckPortInvalid": "Порт должен быть в диапазоне от 1 до 65535",
"healthCheckPath": "Путь",
"healthHostname": "IP / хост",
"healthPort": "Порт",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Время указано в секундах",
"requireDeviceApproval": "Требовать подтверждения устройства",
"requireDeviceApprovalDescription": "Пользователям с этой ролью нужны новые устройства, одобренные администратором, прежде чем они смогут подключаться и получать доступ к ресурсам.",
- "sshAccess": "SSH доступ",
+ "sshSettings": "Настройки SSH",
+ "sshAccess": "Доступ по SSH",
+ "rdpSettings": "Настройки RDP",
+ "vncSettings": "Настройки VNC",
+ "sshServer": "SSH сервер",
+ "rdpServer": "RDP сервер",
+ "vncServer": "VNC сервер",
+ "sshServerDescription": "Настройка метода аутентификации, местоположения демона и пункта назначения сервера",
+ "rdpServerDescription": "Настройте пункт назначения и порт RDP-сервера",
+ "vncServerDescription": "Настройте пункт назначения и порт VNC-сервера",
+ "sshServerMode": "Режим",
+ "sshServerModeStandard": "Стандартный SSH-сервер",
+ "sshServerModePangolin": "SSH Pangolin",
+ "sshServerModeStandardDescription": "Маршрутизация команд по сети к SSH-серверу, такому как OpenSSH.",
+ "sshServerModeNative": "Родной SSH-сервер",
+ "sshServerModeNativeDescription": "Выполняет команды напрямую на хосте через сайт-коннектор. Настройка сети не требуется.",
+ "sshAuthenticationMethod": "Метод аутентификации",
+ "sshAuthMethodManual": "Ручная аутентификация",
+ "sshAuthMethodManualDescription": "Требуется наличие существующих учетных данных хоста. Обходит автоматическое предоставление.",
+ "sshAuthMethodAutomated": "Автоматизированное предоставление",
+ "sshAuthMethodAutomatedDescription": "Автоматически создает пользователей, группы и разрешения sudo на хосте.",
+ "sshAuthDaemonLocation": "Местоположение демона аутентификации",
+ "sshDaemonLocationSiteDescription": "Выполняется локально на машине, размещающей сайт-коннектор.",
+ "sshDaemonLocationRemote": "На удаленном хосте",
+ "sshDaemonLocationRemoteDescription": "Выполняется на отдельной целевой машине в той же сети.",
+ "sshDaemonDisclaimer": "Убедитесь, что целевой хост правильно настроен для запуска демона аутентификации перед завершением этой настройки, иначе предоставление не удастся.",
+ "sshDaemonPort": "Порт демона",
+ "sshServerDestination": "Пункт назначения сервера",
+ "sshServerDestinationDescription": "Настройте адрес сервера SSH",
+ "destination": "Пункт назначения",
+ "destinationRequired": "Требуется указание пункта назначения.",
+ "domainRequired": "Требуется домен.",
+ "proxyPortRequired": "Требуется порт.",
+ "invalidPathConfiguration": "Недействительная конфигурация пути.",
+ "invalidRewritePathConfiguration": "Недействительная конфигурация пути переписывания.",
+ "bgTargetMultiSiteDisclaimer": "Выбор нескольких сайтов включает в себя устойчивую маршрутизацию и автоматический отказ для обеспечения высокой доступности.",
"roleAllowSsh": "Разрешить SSH",
"roleAllowSshAllow": "Разрешить",
"roleAllowSshDisallow": "Запретить",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.",
"sshSudo": "Разрешить sudo",
"sshSudoCommands": "Sudo Команды",
- "sshSudoCommandsDescription": "Список команд, разделенных запятыми, которые пользователю разрешено запускать с помощью sudo.",
+ "sshSudoCommandsDescription": "Список команд, которые пользователь может запускать с sudo, разделенный запятыми, пробелами или новыми строками. Должны использоваться абсолютные пути.",
"sshCreateHomeDir": "Создать домашний каталог",
"sshUnixGroups": "Unix группы",
- "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.",
+ "sshUnixGroupsDescription": "Группы Unix, к которым пользователь добавляется на целевом хосте, разделяются запятыми, пробелами или новыми строками.",
+ "roleTextFieldPlaceholder": "Введите значения или перетащите файл .txt или .csv",
+ "roleTextImportTitle": "Импорт из файла",
+ "roleTextImportDescription": "Импортирую {fileName} в {fieldLabel}.",
+ "roleTextImportSkipHeader": "Пропустить первую строку (заголовок)",
+ "roleTextImportOverride": "Заменить существующее",
+ "roleTextImportAppend": "Добавить к существующему",
+ "roleTextImportMode": "Режим импорта",
+ "roleTextImportPreview": "Предпросмотр",
+ "roleTextImportItemCount": "{count, plural, =0 {Нет элементов для импорта} one {# элемент для импорта} few {# элемента для импорта} many {# элементов для импорта} other {# элементов для импорта}}",
+ "roleTextImportTotalCount": "{existing} существующих + {imported} импортированных = {total} всего",
+ "roleTextImportConfirm": "Импортировать",
+ "roleTextImportInvalidFile": "Неподдерживаемый тип файла",
+ "roleTextImportInvalidFileDescription": "Поддерживаются только файлы .txt и .csv.",
+ "roleTextImportEmpty": "Элементы в файле не найдены",
+ "roleTextImportEmptyDescription": "Файл не содержит элементов, которые можно импортировать.",
"retryAttempts": "Количество попыток повторного запроса",
"expectedResponseCodes": "Ожидаемые коды ответов",
"expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "СИДР",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Схема",
"editInternalResourceDialogEnableSsl": "Включить TLS",
"editInternalResourceDialogEnableSslDescription": "Включите шифрование SSL/TLS для защищенных HTTPS соединений с конечной точкой.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Сайт",
"selectSite": "Выберите сайт...",
"multiSitesSelectorSitesCount": "{count, plural, one {# сайт} few {# сайта} many {# сайтов} other {# сайтов}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
"noSitesFound": "Сайты не найдены.",
"createInternalResourceDialogProtocol": "Протокол",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "СИДР",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Схема",
"createInternalResourceDialogScheme": "Схема",
"createInternalResourceDialogEnableSsl": "Включить TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "Диапазон CIDR ресурса в сети сайта.",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "Дополнительный внутренний DNS псевдоним для этого ресурса.",
+ "internalResourceAliasLocalWarning": "Псевдонимы, оканчивающиеся на .local, могут вызывать проблемы с разрешением из-за mDNS в некоторых сетях.",
"internalResourceDownstreamSchemeRequired": "Схема обязательна для HTTP ресурсов",
"internalResourceHttpPortRequired": "Порт назначения обязателен для HTTP ресурсов",
"siteConfiguration": "Конфигурация",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Удаленные узлы",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "Секретный ключ",
+ "remoteExitNodeNetworkingTitle": "Настройки сети",
+ "remoteExitNodeNetworkingDescription": "Настройте, как этот удаленный узел выхода маршрутизирует трафик и какие сайты предпочитают подключаться через него. Расширенные функции для использования с конфигурациями магистральной сети.",
+ "remoteExitNodeNetworkingSave": "Сохранить настройки",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Сетевые настройки сохранены",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Сетевые настройки были успешно обновлены.",
+ "remoteExitNodeNetworkingSaveError": "Не удалось сохранить сетевые настройки",
+ "remoteExitNodeNetworkingSubnetsTitle": "Удалённые подсети",
+ "remoteExitNodeNetworkingSubnetsDescription": "Определите диапазоны CIDR, которые этот удаленный узел выхода будет использовать для маршрутизации трафика. Введите действительный CIDR (например, 10.0.0.0/8) и нажмите Enter, чтобы добавить.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Добавить диапазон CIDR (например, 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Не удалось загрузить подсети",
+ "remoteExitNodeNetworkingLabelsTitle": "Этикетки предпочтений",
+ "remoteExitNodeNetworkingLabelsDescription": "Сайты с этими метками будут обязаны подключаться через этот удаленный узел выхода.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Выберите метки...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Поиск меток...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Не удалось загрузить метки",
"remoteExitNodeCreate": {
"title": "Создать удалённый узел",
"description": "Создайте новый самостоятельный удалённый ретранслятор и узел прокси-сервера",
@@ -2233,7 +2499,7 @@
"description": "Более надежный и низко обслуживаемый сервер Pangolin с дополнительными колокольнями и свистками",
"introTitle": "Управляемый Само-Хост Панголина",
"introDescription": "- это вариант развертывания, предназначенный для людей, которые хотят простоты и надёжности, сохраняя при этом свои данные конфиденциальными и самостоятельными.",
- "introDetail": "С помощью этой опции вы по-прежнему используете узел Pangolin - туннели, TLS, и весь остающийся на вашем сервере. Разница заключается в том, что управление и мониторинг осуществляются через нашу панель инструментов из облака, которая открывает ряд преимуществ:",
+ "introDetail": "С помощью этой опции вы по-прежнему используете узел Pangolin - ваши туннели, завершение TLS и трафик остаются на вашем сервере. Разница заключается в том, что управление и мониторинг осуществляются через наш облачный интерфейс, что открывает ряд преимуществ:",
"benefitSimplerOperations": {
"title": "Более простые операции",
"description": "Не нужно запускать свой собственный почтовый сервер или настроить комплексное оповещение. Вы будете получать проверки состояния здоровья и оповещения о неисправностях из коробки."
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC провайдер",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "Подсеть",
+ "utilitySubnet": "Утилита подсети",
"subnetDescription": "Подсеть для конфигурации сети этой организации.",
"customDomain": "Пользовательский домен",
"authPage": "Страницы аутентификации",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Отсутствует организация или ID домена",
"loadingDNSRecords": "Загрузка записей DNS...",
"olmUpdateAvailableInfo": "Доступна обновленная версия Олма. Пожалуйста, обновитесь до последней версии.",
+ "updateAvailableInfo": "Доступна обновленная версия. Пожалуйста, обновитесь до последней версии для получения лучшего опыта.",
"client": "Клиент",
"proxyProtocol": "Настройки протокола прокси",
"proxyProtocolDescription": "Настроить Прокси-протокол для сохранения IP-адресов клиента для служб TCP.",
"enableProxyProtocol": "Включить Прокси Протокол",
"proxyProtocolInfo": "Сохранять IP-адреса клиента для backend'ов TCP",
"proxyProtocolVersion": "Версия протокола прокси",
- "version1": " Версия 1 (рекомендуется)",
+ "version1": "Версия 1 (рекомендуется)",
"version2": "Версия 2",
- "versionDescription": "Версия 1 основана на тексте и широко поддерживается. Версия 2 является бинарной и более эффективной, но менее совместимой.",
+ "version1Description": "Основано на тексте и широко поддерживается. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
+ "version2Description": "Бинарная и более эффективная, но менее совместимая. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
"warning": "Предупреждение",
"proxyProtocolWarning": "Бэкэнд приложение должно быть настроено на принятие соединений прокси-протокола. Если ваш бэкэнд не поддерживает Прокси-протокол, то включение этой опции прервет все подключения, поэтому включите это только если вы знаете, что вы делаете. Обязательно настройте вашего бэкэнда на доверие заголовкам Proxy Protocol от Traefik.",
"restarting": "Перезапуск...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Введите подтверждение",
"blueprintViewDetails": "Подробности",
"defaultIdentityProvider": "Поставщик удостоверений по умолчанию",
- "defaultIdentityProviderDescription": "Когда выбран поставщик идентификации по умолчанию, пользователь будет автоматически перенаправлен на провайдер для аутентификации.",
+ "defaultIdentityProviderDescription": "Пользователь будет автоматически перенаправлен к этому поставщику удостоверений для аутентификации.",
"editInternalResourceDialogNetworkSettings": "Настройки сети",
"editInternalResourceDialogAccessPolicy": "Политика доступа",
"editInternalResourceDialogAddRoles": "Добавить роли",
@@ -2937,11 +3206,12 @@
"learnMore": "Узнать больше",
"backToHome": "Вернуться домой",
"needToSignInToOrg": "Нужно использовать провайдера идентификаций вашей организации?",
- "maintenanceMode": "Режим обслуживания",
+ "maintenanceMode": "Страница обслуживания",
"maintenanceModeDescription": "Показать страницу обслуживания посетителям",
"maintenanceModeType": "Тип режима обслуживания",
"showMaintenancePage": "Показать страницу обслуживания посетителям",
"enableMaintenanceMode": "Включить режим обслуживания",
+ "enableMaintenanceModeDescription": "Когда включено, посетители увидят страницу обслуживания вместо вашего ресурса.",
"automatic": "Автоматический",
"automaticModeDescription": "Показывать страницу обслуживания только когда все цели бэкэнда недоступны или неисправны. Ваш ресурс продолжит работать нормально, пока хотя бы одна цель здорова.",
"forced": "Принудительно",
@@ -2949,6 +3219,8 @@
"warning:": "Предупреждение:",
"forcedeModeWarning": "Весь трафик будет направлен на страницу обслуживания. Ваши бекэнд ресурсы не будут получать никакие запросы.",
"pageTitle": "Заголовок страницы",
+ "maintenancePageContentSubsection": "Содержимое страницы",
+ "maintenancePageContentSubsectionDescription": "Настройте содержимое, отображаемое на странице обслуживания",
"pageTitleDescription": "Основной заголовок, отображаемый на странице обслуживания",
"maintenancePageMessage": "Сообщение об обслуживании",
"maintenancePageMessagePlaceholder": "Мы скоро вернемся! Наш сайт в настоящее время проходит плановое техническое обслуживание.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Предполагаемое завершение:",
"createInternalResourceDialogDestinationRequired": "Укажите адрес назначения. Это может быть имя хоста или IP-адрес.",
"available": "Доступно",
+ "disabledResourceDescription": "Когда отключено, ресурс будет недоступен для всех.",
"archived": "Архивировано",
"noArchivedDevices": "Архивные устройства не найдены",
"deviceArchived": "Устройство архивировано",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Вы уверены, что хотите рассоединить этого поставщика удостоверений с этой организацией?",
"idpUnassociateDescription": "Все пользователи, связанные с этим поставщиком удостоверений, будут удалены из этой организации, но поставщик удостоверений будет продолжать существовать для других связанных организаций.",
"idpUnassociateConfirm": "Подтвердите рассоединение поставщика удостоверений",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "УДАЛИТЬ И ИЗВЛЕЧЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
+ "idpUnassociateAndRemoveMeFromOrg": "РАЗОРВАТЬ СВЯЗЬ И УДАЛИТЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
"idpUnassociateWarning": "Это не может быть отменено для этой организации.",
"idpUnassociatedDescription": "Поставщик удостоверений успешно рассоединен с этой организацией",
"idpUnassociateMenu": "Рассоединить",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "Белый список email",
"memberPortalResourceDisabled": "Ресурс отключён",
"memberPortalShowingResources": "Показаны {start}-{end} из {total} ресурсов",
+ "resourceLauncherTitle": "Запуск ресурса",
+ "resourceLauncherDescription": "Просмотр деталей ресурса и запуск их из одного места",
+ "resourceLauncherSearchPlaceholder": "Поиск всех сайтов...",
+ "resourceLauncherDefaultView": "По умолчанию",
+ "resourceLauncherSaveView": "Сохранить вид",
+ "resourceLauncherSaveToCurrentView": "Сохранить в текущий вид",
+ "resourceLauncherResetView": "Сбросить вид",
+ "resourceLauncherSaveAsNewView": "Сохранить как новый вид",
+ "resourceLauncherSaveAsNewViewDescription": "Дайте этому виду имя, чтобы сохранить текущие фильтры и макет.",
+ "resourceLauncherSaveForEveryone": "Сохранить для всех",
+ "resourceLauncherSaveForEveryoneDescription": "Поделитесь этим видом со всеми членами организации. Если не отмечено, видимость только для вас.",
+ "resourceLauncherMakePersonal": "Сделать личным",
+ "resourceLauncherFilter": "Фильтр",
+ "resourceLauncherSort": "Сортировать",
+ "resourceLauncherSortAscending": "Сортировать по возрастанию",
+ "resourceLauncherSortDescending": "Сортировать по убыванию",
+ "resourceLauncherSettings": "Настройки",
+ "resourceLauncherGroupBy": "Группировать по",
+ "resourceLauncherGroupBySite": "Сайт",
+ "resourceLauncherGroupByLabel": "Метка",
+ "resourceLauncherLayout": "Макет",
+ "resourceLauncherLayoutGrid": "Сетка",
+ "resourceLauncherLayoutList": "Список",
+ "resourceLauncherShowLabels": "Показать метки",
+ "resourceLauncherShowSiteTags": "Показать теги сайта",
+ "resourceLauncherShowRecents": "Показать недавно",
+ "resourceLauncherDeleteView": "Удалить вид",
+ "resourceLauncherViewAsAdmin": "Просмотр как администратор",
+ "resourceLauncherResourceDetailsDescription": "Просмотр деталей этого ресурса.",
+ "resourceLauncherUnlabeled": "Без меток",
+ "resourceLauncherNoSite": "Без сайта",
+ "resourceLauncherNoResourcesInGroup": "Нет ресурсов в данной группе",
+ "resourceLauncherEmptyStateTitle": "Нет доступных ресурсов",
+ "resourceLauncherEmptyStateDescription": "У вас пока нет доступа ни к одному ресурсу. Обратитесь к администратору, чтобы запросить доступ.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Ресурсы не найдены",
+ "resourceLauncherEmptyStateNoResultsDescription": "Ни один ресурс не соответствует вашему текущему поисковому запросу или фильтрам. Попробуйте их изменить, чтобы найти нужное.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "Ни один ресурс не соответствует \"{query}\". Попробуйте изменить параметры поиска или очистить фильтры, чтобы увидеть все ресурсы.",
+ "resourceLauncherCopiedToClipboard": "Скопировано в буфер обмена",
+ "resourceLauncherCopiedAccessDescription": "Доступ к ресурсу был скопирован в ваш буфер обмена.",
+ "resourceLauncherViewNamePlaceholder": "Имя вида",
+ "resourceLauncherViewNameLabel": "Имя вида",
+ "resourceLauncherViewSaved": "Вид сохранён",
+ "resourceLauncherViewSavedDescription": "Ваш вид запуска был сохранён.",
+ "resourceLauncherViewSaveFailed": "Не удалось сохранить вид",
+ "resourceLauncherViewSaveFailedDescription": "Не удалось сохранить вид. Пожалуйста, попробуйте еще раз.",
+ "resourceLauncherViewDeleted": "Вид удалён",
+ "resourceLauncherViewDeletedDescription": "Вид запуска был удалён.",
+ "resourceLauncherViewDeleteFailed": "Не удалось удалить вид",
+ "resourceLauncherViewDeleteFailedDescription": "Не удалось удалить вид. Пожалуйста, попробуйте еще раз.",
"memberPortalPrevious": "Предыдущий",
- "memberPortalNext": "Следующий"
+ "memberPortalNext": "Следующий",
+ "httpSettings": "Настройки HTTP",
+ "tcpSettings": "Настройки TCP",
+ "udpSettings": "Настройки UDP",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Установление защищенного соединения…",
+ "sshConnecting": "Подключение…",
+ "sshInitializing": "Инициализация…",
+ "sshSignInTitle": "Вход в SSH",
+ "sshSignInDescription": "Введите свои учетные данные SSH для подключения",
+ "sshPasswordTab": "Пароль",
+ "sshPrivateKeyTab": "Закрытый ключ",
+ "sshPrivateKeyField": "Закрытый ключ",
+ "sshPrivateKeyDisclaimer": "Ваш закрытый ключ не хранится и не виден для Pangolin. Вместо этого вы можете использовать краткосрочные сертификаты для бесшовной аутентификации с использованием вашей текущей идентификации Pangolin.",
+ "sshLearnMore": "Узнать больше",
+ "sshPrivateKeyFile": "Файл закрытого ключа",
+ "sshAuthenticate": "Подключиться",
+ "sshTerminate": "Завершить",
+ "sshPoweredBy": "Разработано",
+ "sshErrorNoTarget": "Цель не указана",
+ "sshErrorWebSocket": "Подключение WebSocket не удалось",
+ "sshErrorAuthFailed": "Ошибка аутентификации",
+ "sshErrorConnectionClosed": "Подключение закрыто до завершения аутентификации",
+ "sitePangolinSshDescription": "Разрешить доступ по SSH к ресурсам на этом сайте. Это можно изменить позже.",
+ "browserGatewayNoResourceForDomain": "Ресурс для этого домена не найден",
+ "browserGatewayNoTarget": "Нет цели",
+ "browserGatewayConnect": "Подключиться",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "Не удалось подписать ключ SSH для аутентификации через PAM push. Проверьте, вошли ли вы как пользователь?",
+ "sshTerminalError": "Ошибка: {error}",
+ "sshConnectionClosedCode": "Соединение закрыто (код {code})",
+ "sshPrivateKeyPlaceholder": "-----НАЧАЛО ЛИЧНОГО КЛЮЧА OPENSSH-----",
+ "sshPrivateKeyRequired": "Требуется личный ключ",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Введите ваши учетные данные VNC для подключения",
+ "vncUsernameOptional": "Имя пользователя (необязательно)",
+ "vncPasswordOptional": "Пароль (необязательно)",
+ "vncNoResourceTarget": "Отсутствует целевой ресурс",
+ "vncFailedToLoadNovnc": "Не удалось загрузить noVNC",
+ "vncAuthFailedStatus": "Статус {status}",
+ "vncPasteClipboard": "Вставить из буфера обмена",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Вход в удаленный рабочий стол",
+ "rdpSignInDescription": "Введите учетные данные Windows для подключения",
+ "rdpLoadingModule": "Загрузка модуля...",
+ "rdpFailedToLoadModule": "Не удалось загрузить модуль RDP",
+ "rdpNotReady": "Не готово",
+ "rdpModuleInitializing": "Модуль RDP все еще инициализируется",
+ "rdpDownloadingFiles": "Загрузка {count} файлов с удалённого сервера…",
+ "rdpDownloadFailed": "Ошибка загрузки: {fileName}",
+ "rdpUploaded": "Загружено: {fileName}",
+ "rdpNoConnectionTarget": "Доступная цель подключения отсутствует",
+ "rdpConnectionFailed": "Ошибка соединения",
+ "rdpFit": "Подгонка",
+ "rdpFull": "Полный",
+ "rdpReal": "Настоящий",
+ "rdpMeta": "Метаданные",
+ "rdpUploadFiles": "Загрузить файлы",
+ "rdpFilesReadyToPaste": "Файлы готовы к вставке",
+ "rdpFilesReadyToPasteDescription": "{count, plural, one {# файл скопирован в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} few {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} many {# файлов скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} other {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.}}",
+ "rdpUploadFailed": "Ошибка загрузки",
+ "rdpUnicodeKeyboardMode": "Режим клавиатуры Unicode",
+ "sessionToolbarShow": "Показать панель инструментов",
+ "sessionToolbarHide": "Скрыть панель инструментов"
}
diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index e1d965e8e..549bd205e 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -66,9 +66,15 @@
"local": "Yerel",
"edit": "Düzenle",
"siteConfirmDelete": "Site Silmeyi Onayla",
+ "siteConfirmDeleteAndResources": "Site ve Kaynakları Silmeyi Onayla",
"siteDelete": "Siteyi Sil",
+ "siteDeleteAndResources": "Site ve Kaynakları Sil",
"siteMessageRemove": "Kaldırıldıktan sonra site artık erişilebilir olmayacaktır. Siteyle ilişkilendirilmiş tüm hedefler de kaldırılacaktır.",
+ "siteMessageRemoveAndResources": "Bu işlem, diğer sitelerle de ilişkilendirilmiş olsa bile, bu siteye bağlı tüm genel ve özel kaynakları kalıcı olarak silecektir.",
"siteQuestionRemove": "Siteyi organizasyondan kaldırmak istediğinizden emin misiniz?",
+ "siteQuestionRemoveAndResources": "Bu siteyi ve tüm ilişkili kaynakları silmek istediğinizden emin misiniz?",
+ "sitesTableDeleteSite": "Siteyi Sil",
+ "sitesTableDeleteSiteAndResources": "Site ve Kaynakları Sil",
"siteManageSites": "Siteleri Yönet",
"siteDescription": "Özel ağlara erişimi etkinleştirmek için siteler oluşturun ve yönetin",
"sitesBannerTitle": "Herhangi Bir Ağa Bağlan",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "Özel Kaynakları Görüntüle",
"siteInstallNewt": "Newt Yükle",
"siteInstallNewtDescription": "Newt'i sisteminizde çalıştırma",
+ "siteInstallKubernetesDocsDescription": "Daha fazla ve güncel Kubernetes kurulum bilgileri için docs.pangolin.net/manage/sites/install-kubernetes adresini inceleyin.",
+ "siteInstallAdvantechDocsDescription": "Advantech modem kurulum talimatları için docs.pangolin.net/manage/sites/install-advantech adresini inceleyin.",
"WgConfiguration": "WireGuard Yapılandırması",
"WgConfigurationDescription": "Ağınıza bağlanmak için aşağıdaki yapılandırmayı kullanın",
"operatingSystem": "İşletim Sistemi",
@@ -115,6 +123,16 @@
"siteUpdated": "Site güncellendi",
"siteUpdatedDescription": "Site güncellendi.",
"siteGeneralDescription": "Bu site için genel ayarları yapılandırın",
+ "siteRestartTitle": "Siteyi Yeniden Başlat",
+ "siteRestartDescription": "Bu site için WireGuard tünelini yeniden başlatın. Bu, bağlantıyı kısa süreliğine keser.",
+ "siteRestartBody": "Site tüneli düzgün çalışmadığında ve ana bilgisayarı yeniden başlatmadan bağlantıyı yeniden sağlamak istiyorsanız bunu kullanın.",
+ "siteRestartButton": "Siteyi Yeniden Başlat",
+ "siteRestartDialogMessage": "{name} için WireGuard tünelini yeniden başlatmak istediğinizden emin misiniz? Site kısa süreliğine bağlantıyı kaybedecektir.",
+ "siteRestartWarning": "Tünel yeniden başlatılırken site kısa süreliğine kesintiye uğrar.",
+ "siteRestarted": "Site yeniden başlatıldı",
+ "siteRestartedDescription": "WireGuard tüneli yeniden başlatıldı.",
+ "siteErrorRestart": "Sitenin yeniden başlatılması başarısız oldu",
+ "siteErrorRestartDescription": "Site yeniden başlatılırken bir hata oluştu.",
"siteSettingDescription": "Sitenizdeki ayarları yapılandırın",
"siteResourcesTab": "Kaynaklar",
"siteResourcesNoneOnSite": "Bu sitede henüz genel veya özel kaynak yok.",
@@ -148,16 +166,16 @@
"siteCredentialsSaveDescription": "Yalnızca bir kez görebileceksiniz. Güvenli bir yere kopyaladığınızdan emin olun.",
"siteInfo": "Site Bilgilendirmesi",
"status": "Durum",
- "shareTitle": "Paylaşım Bağlantılarını Yönet",
+ "shareTitle": "Paylaşılabilir Bağlantıları Yönet",
"shareDescription": "Kaynaklarınıza geçici veya kalıcı erişim sağlamak için paylaşılabilir bağlantılar oluşturun",
- "shareSearch": "Paylaşım bağlantılarını ara...",
- "shareCreate": "Paylaşım Bağlantısı Oluştur",
+ "shareSearch": "Paylaşılabilir bağlantıları ara...",
+ "shareCreate": "Paylaşılabilir Bağlantı Oluştur",
"shareErrorDelete": "Bağlantı silinirken hata oluştu",
"shareErrorDeleteMessage": "Bağlantı silinirken bir hata oluştu",
"shareDeleted": "Bağlantı silindi",
"shareDeletedDescription": "Bağlantı silindi",
- "shareDelete": "Paylaşım Bağlantısını Sil",
- "shareDeleteConfirm": "Paylaşım Bağlantısının Silinmesini Onayla",
+ "shareDelete": "Paylaşılabilir Bağlantıyı Sil",
+ "shareDeleteConfirm": "Paylaşılabilir Bağlantıyı Silmeyi Onayla",
"shareQuestionRemove": "Bu paylaşım bağlantısını silmek istediğinizden emin misiniz?",
"shareMessageRemove": "Silindikten sonra, bağlantı artık çalışmayacak ve kullanan herkes kaynağa erişimini kaybedecek.",
"shareTokenDescription": "Erişim jetonunuz iki şekilde iletilebilir: sorgu parametresi olarak veya istek başlıklarında. Kimlik doğrulanmış erişim için her istekten müşteri tarafından iletilmelidir.",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "Paylaşım bağlantısı oluşturulurken bir hata oluştu",
"shareCreateDescription": "Bu bağlantıya sahip olan herkes kaynağa erişebilir",
"shareTitleOptional": "Başlık (isteğe bağlı)",
+ "sharePathOptional": "Yol (isteğe bağlı)",
+ "sharePathDescription": "Bağlantıdan sonra kullanıcıları bu yola yönlendirecek bağlantıyı tanımlayın.",
"expireIn": "Süresi Dolacak",
"neverExpire": "Hiçbir Zaman Sona Ermez",
"shareExpireDescription": "Son kullanma süresi, bağlantının kullanılabilir ve kaynağa erişim sağlayacak süresidir. Bu süreden sonra bağlantı çalışmayı durduracak ve bu bağlantıyı kullanan kullanıcılar kaynağa erişimini kaybedecektir.",
@@ -199,8 +219,8 @@
"shareErrorSelectResource": "Lütfen bir kaynak seçin",
"proxyResourceTitle": "Herkese Açık Kaynakları Yönet",
"proxyResourceDescription": "Bir web tarayıcısı aracılığıyla kamuya açık kaynaklar oluşturun ve yönetin",
- "proxyResourcesBannerTitle": "Web Tabanlı Genel Erişim",
- "proxyResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla herkesin internette erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine, istemci tarafı yazılıma ihtiyaç duymazlar ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
+ "publicResourcesBannerTitle": "Web tabanlı Açık Erişim",
+ "publicResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla internette herkesin erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine istemci tarafı yazılım gerektirmezler ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
"clientResourceTitle": "Özel Kaynakları Yönet",
"clientResourceDescription": "Sadece bağlı bir istemci aracılığıyla erişilebilen kaynakları oluşturun ve yönetin",
"privateResourcesBannerTitle": "Sıfır Güven Özel Erişim",
@@ -208,11 +228,37 @@
"resourcesSearch": "Kaynakları ara...",
"resourceAdd": "Kaynak Ekle",
"resourceErrorDelte": "Kaynak silinirken hata",
+ "resourcePoliciesBannerTitle": "Kimlik Doğrulama ve Erişim Kurallarını Yeniden Kullan",
+ "resourcePoliciesBannerDescription": "Paylaşılan kaynak politikaları, kimlik doğrulama yöntemlerini ve erişim kurallarını bir kez tanımlamanıza ve ardından bunları birden fazla genel kaynağa bağlamanıza olanak tanır. Bir politikayı güncellediğinizde, bağlı her kaynak değişikliği otomatik olarak devralır.",
+ "resourcePoliciesBannerButtonText": "Daha fazla bilgi",
+ "resourcePoliciesTitle": "Herkese Açık Kaynak Politikalarını Yönetin",
+ "resourcePoliciesAttachedResourcesColumnTitle": "Kaynaklar",
+ "resourcePoliciesAttachedResources": "{count} kaynak",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# kaynak} other {# kaynaklar}}",
+ "resourcePoliciesAttachedResourcesEmpty": "hiçbir kaynak",
+ "resourcePoliciesDescription": "Genel kaynaklarınıza erişimi kontrol etmek için kimlik doğrulama politikalarını oluşturun ve yönetin",
+ "resourcePoliciesSearch": "Politikaları ara...",
+ "resourcePoliciesAdd": "Politika Ekle",
+ "resourcePoliciesDefaultBadgeText": "Varsayılan politika",
+ "resourcePoliciesCreate": "Genel Kaynak Politikası Oluştur",
+ "resourcePoliciesCreateDescription": "Yeni bir politika oluşturmak için aşağıdaki adımları izleyin",
+ "resourcePolicyName": "Politika Adı",
+ "resourcePolicyNameDescription": "Bu politikaya kaynaklarınız arasında kolayca tanımlayabilmek için bir ad verin",
+ "resourcePolicyNamePlaceholder": "örneğin: İç Erişim Politikası",
+ "resourcePoliciesSeeAll": "Tüm Politikaları Gör",
+ "resourcePolicyAuthMethodAdd": "Kimlik Doğrulama Yöntemi Ekle",
+ "resourcePolicyOtpEmailAdd": "OTP e-postaları ekle",
+ "resourcePolicyRulesAdd": "Kurallar Ekle",
+ "resourcePolicyAuthMethodsDescription": "Ek kimlik doğrulama yöntemleri aracılığıyla kaynaklara erişime izin verin",
+ "resourcePolicyUsersRolesDescription": "Hangi kullanıcılar ve rollerin ilgili kaynakları ziyaret edebileceğini yapılandırın",
+ "rulesResourcePolicyDescription": "Bu politikayla ilişkilendirilmiş erişim kaynaklarını kontrol etmek için kuralları yapılandırın",
"authentication": "Kimlik Doğrulama",
"protected": "Korunan",
"notProtected": "Korunmayan",
"resourceMessageRemove": "Kaldırıldıktan sonra kaynak artık erişilebilir olmayacaktır. Kaynakla ilişkili tüm hedefler de kaldırılacaktır.",
"resourceQuestionRemove": "Kaynağı organizasyondan kaldırmak istediğinizden emin misiniz?",
+ "resourcePolicyMessageRemove": "Kaldırıldıktan sonra kaynak politikası artık erişilebilir olmayacak. Kaynakla ilişkili tüm öğeler bağlantıları koparılacak ve kimlik doğrulaması olmadan bırakılacaktır.",
+ "resourcePolicyQuestionRemove": "Kaynak politikasını organizasyondan kaldırmak istediğinizden emin misiniz?",
"resourceHTTP": "HTTPS Kaynağı",
"resourceHTTPDescription": "Tam nitelikli bir etki alanı adı kullanarak HTTPS üzerinden proxy isteklerini yönlendirin.",
"resourceRaw": "Ham TCP/UDP Kaynağı",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "Proxy isteklerini bir port numarası kullanarak ham TCP/UDP üzerinden yapın. Sitelerin uzak bir düğüme bağlanması gereklidir.",
"resourceCreate": "Kaynak Oluştur",
"resourceCreateDescription": "Yeni bir kaynak oluşturmak için aşağıdaki adımları izleyin",
+ "resourceCreateGeneralDescription": "Adı ve türü dahil temel kaynak ayarlarını yapılandırın",
"resourceSeeAll": "Tüm Kaynakları Gör",
- "resourceInfo": "Kaynak Bilgilendirmesi",
+ "resourceCreateGeneral": "Genel",
"resourceNameDescription": "Bu, kaynak için görünen addır.",
"siteSelect": "Site seç",
"siteSearch": "Site ara",
@@ -231,12 +278,15 @@
"noCountryFound": "Ülke bulunamadı.",
"siteSelectionDescription": "Bu site hedefe bağlantı sağlayacaktır.",
"resourceType": "Kaynak Türü",
- "resourceTypeDescription": "Kaynağınıza nasıl erişmek istediğinizi belirleyin",
+ "resourceTypeDescription": "Bu, kaynak protokolünü ve tarayıcıda nasıl görüntüleneceğini kontrol eder. Bu daha sonra değiştirilemez.",
+ "resourceDomainDescription": "Kaynak bu tam etki alanı adıyla sunulacak.",
"resourceHTTPSSettings": "HTTPS Ayarları",
"resourceHTTPSSettingsDescription": "Kaynağınıza HTTPS üzerinden erişimin nasıl sağlanacağını yapılandırın",
+ "resourcePortDescription": "Kaynağa erişilebilecek Pangolin örneği veya düğüm üzerindeki harici bağlantı noktası.",
"domainType": "Alan Türü",
"subdomain": "Alt Alan Adı",
"baseDomain": "Temel Alan Adı",
+ "configure": "Yapılandır",
"subdomnainDescription": "Kaynağınızın erişilebileceği alt alan adı.",
"resourceRawSettings": "TCP/UDP Ayarları",
"resourceRawSettingsDescription": "Kaynaklara TCP/UDP üzerinden nasıl erişileceğini yapılandırın",
@@ -247,14 +297,35 @@
"back": "Geri",
"cancel": "İptal",
"resourceConfig": "Yapılandırma Parçaları",
- "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın",
+ "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın.",
"resourceAddEntrypoints": "Traefik: Başlangıç Noktaları Ekleyin",
"resourceExposePorts": "Gerbil: Docker Compose'da Portları Açın",
"resourceLearnRaw": "TCP/UDP kaynaklarını nasıl yapılandıracağınızı öğrenin",
"resourceBack": "Kaynaklara Geri Dön",
"resourceGoTo": "Kaynağa Git",
+ "resourcePolicyDelete": "Kaynak Politikasını Sil",
+ "resourcePolicyDeleteConfirm": "Kaynak Politikasının Silinmesini Onayla",
"resourceDelete": "Kaynağı Sil",
"resourceDeleteConfirm": "Kaynak Silmeyi Onayla",
+ "labelDelete": "Etiketi Sil",
+ "labelAdd": "Etiket Ekle",
+ "labelCreateSuccessMessage": "Etiket Başarıyla Oluşturuldu",
+ "labelDuplicateError": "Yinelenen Etiket",
+ "labelDuplicateErrorDescription": "Bu isimle bir etiket zaten var.",
+ "labelEditSuccessMessage": "Etiket Başarıyla Değiştirildi",
+ "labelNameField": "Etiket Adı",
+ "labelColorField": "Etiket Rengi",
+ "labelPlaceholder": "Örn: homelab",
+ "labelCreate": "Etiket Oluştur",
+ "createLabelDialogTitle": "Etiket Oluştur",
+ "createLabelDialogDescription": "Bu kuruluşa eklenebilecek yeni bir etiket oluşturun",
+ "labelEdit": "Etiketi Düzenle",
+ "editLabelDialogTitle": "Etiketi Güncelle",
+ "editLabelDialogDescription": "Bu kuruluşa eklenebilecek yeni bir etiketi düzenleyin",
+ "labelDeleteConfirm": "Etiketi Silmeyi Onayla",
+ "labelErrorDelete": "Etiket silinirken hata oluştu",
+ "labelMessageRemove": "Bu işlem kalıcıdır. Bu etiket ile etiketlenmiş tüm siteler, kaynaklar ve kullanıcılar etiketsiz kalacaktır.",
+ "labelQuestionRemove": "Etiketi organizasyondan kaldırmak istediğinizden emin misiniz?",
"visibility": "Görünürlük",
"enabled": "Etkin",
"disabled": "Devre Dışı",
@@ -265,6 +336,8 @@
"rules": "Kurallar",
"resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın",
"resourceSetting": "{resourceName} Ayarları",
+ "resourcePolicySettingDescription": "Bu açık kaynak politikasının ayarlarını yapılandırın",
+ "resourcePolicySetting": "{policyName} Ayarları",
"alwaysAllow": "Kimlik Doğrulamayı Atla",
"alwaysDeny": "Erişimi Engelle",
"passToAuth": "Kimlik Doğrulamasına Geç",
@@ -630,7 +703,7 @@
"createdAt": "Oluşturulma Tarihi",
"proxyErrorInvalidHeader": "Geçersiz özel Ana Bilgisayar Başlığı değeri. Alan adı formatını kullanın veya özel Ana Bilgisayar Başlığını ayarlamak için boş bırakın.",
"proxyErrorTls": "Geçersiz TLS Sunucu Adı. Alan adı formatını kullanın veya TLS Sunucu Adını kaldırmak için boş bırakılsın.",
- "proxyEnableSSL": "TLS Etkinleştir",
+ "proxyEnableSSL": "TLS'yi Etkinleştir",
"proxyEnableSSLDescription": "Hedeflere güvenli HTTPS bağlantıları için SSL/TLS şifrelemesini etkinleştirin.",
"target": "Hedef",
"configureTarget": "Hedefleri Yapılandır",
@@ -671,7 +744,7 @@
"targetSubmit": "Hedef Ekle",
"targetNoOne": "Bu kaynağın hedefleri yok. Arka uca gönderilecek istekleri yapılandırmak için bir hedef ekleyin.",
"targetNoOneDescription": "Yukarıdaki birden fazla hedef ekleyerek yük dengeleme etkinleştirilecektir.",
- "targetsSubmit": "Hedefleri Kaydet",
+ "targetsSubmit": "Ayarları Kaydet",
"addTarget": "Hedef Ekle",
"proxyMultiSiteRoundRobinNodeHelp": "Round robin yönlendirme, aynı düğüme bağlı olmayan siteler arasında çalışmayacaktır, ancak failover çalışacaktır.",
"targetErrorInvalidIp": "Geçersiz IP adresi",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "Yinelenen kural",
"rulesErrorDuplicateDescription": "Bu ayarlara sahip bir kural zaten mevcut",
"rulesErrorInvalidIpAddressRange": "Geçersiz CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "Lütfen geçerli bir CIDR değeri girin",
- "rulesErrorInvalidUrl": "Geçersiz URL yolu",
- "rulesErrorInvalidUrlDescription": "Lütfen geçerli bir URL yolu değeri girin",
- "rulesErrorInvalidIpAddress": "Geçersiz IP",
- "rulesErrorInvalidIpAddressDescription": "Lütfen geçerli bir IP adresi girin",
+ "rulesErrorInvalidIpAddressRangeDescription": "Geçerli bir CIDR aralığı girin (örneğin, 10.0.0.0/8).",
+ "rulesErrorInvalidUrl": "Geçersiz yol",
+ "rulesErrorInvalidUrlDescription": "Geçerli bir URL yolu veya deseni girin (örneğin, /api/*).",
+ "rulesErrorInvalidIpAddress": "Geçersiz IP adresi",
+ "rulesErrorInvalidIpAddressDescription": "Geçerli bir IPv4 veya IPv6 adresi girin.",
"rulesErrorUpdate": "Kurallar güncellenemedi",
"rulesErrorUpdateDescription": "Kurallar güncellenirken bir hata oluştu",
"rulesUpdated": "Kuralları Etkinleştir",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "CIDR formatında bir adres girin (örneğin, 103.21.244.0/22)",
"rulesMatchIpAddress": "Bir IP adresi girin (örneğin, 103.21.244.12)",
"rulesMatchUrl": "Bir URL yolu veya deseni girin (örneğin, /api/v1/todos veya /api/v1/*)",
- "rulesErrorInvalidPriority": "Geçersiz Öncelik",
- "rulesErrorInvalidPriorityDescription": "Lütfen geçerli bir öncelik girin",
- "rulesErrorDuplicatePriority": "Yinelenen Öncelikler",
- "rulesErrorDuplicatePriorityDescription": "Lütfen benzersiz öncelikler girin",
+ "rulesErrorInvalidPriority": "Geçersiz öncelik",
+ "rulesErrorInvalidPriorityDescription": "1 veya daha büyük bir tamsayı girin.",
+ "rulesErrorDuplicatePriority": "Yinelenen öncelikler",
+ "rulesErrorDuplicatePriorityDescription": "Her kuralın benzersiz bir öncelik numarası olmalıdır.",
+ "rulesErrorValidation": "Geçersiz kurallar",
+ "rulesErrorValidationRuleDescription": "Kural {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "Geçerli bir eşleşme türünü seçin (yol, IP, CIDR, ülke, bölge veya ASN).",
+ "rulesErrorValueRequired": "Bu kural için bir değer girin.",
+ "rulesErrorInvalidCountry": "Geçersiz ülke",
+ "rulesErrorInvalidCountryDescription": "Geçerli bir ülke seçin.",
+ "rulesErrorInvalidAsn": "Geçersiz ASN",
+ "rulesErrorInvalidAsnDescription": "Geçerli bir ASN girin (örneğin, AS15169).",
"ruleUpdated": "Kurallar güncellendi",
"ruleUpdatedDescription": "Kurallar başarıyla güncellendi",
"ruleErrorUpdate": "Operasyon başarısız oldu",
"ruleErrorUpdateDescription": "Kaydetme operasyonu sırasında bir hata oluştu",
"rulesPriority": "Öncelik",
+ "rulesReorderDragHandle": "Kural önceliğini yeniden sıralamak için sürükleyin",
"rulesAction": "Aksiyon",
"rulesMatchType": "Eşleşme Türü",
"value": "Değer",
@@ -744,9 +826,60 @@
"rulesResource": "Kaynak Kuralları Yapılandırması",
"rulesResourceDescription": "Kaynağa erişimi kontrol etmek için kuralları yapılandırın",
"ruleSubmit": "Kural Ekle",
- "rulesNoOne": "Kural yok. Formu kullanarak bir kural ekleyin.",
+ "rulesNoOne": "Henüz kural yok.",
"rulesOrder": "Kurallar, artan öncelik sırasına göre değerlendirilir.",
"rulesSubmit": "Kuralları Kaydet",
+ "policyErrorCreate": "Politika oluşturulurken hata oluştu",
+ "policyErrorCreateDescription": "Politikayı oluştururken bir hata oluştu",
+ "policyErrorCreateMessageDescription": "Beklenmeyen bir hata oluştu",
+ "policyErrorUpdate": "Politika güncellenirken hata oluştu",
+ "policyErrorUpdateDescription": "Policayı güncellerken bir hata oluştu",
+ "policyErrorUpdateMessageDescription": "Beklenmeyen bir hata oluştu",
+ "policyCreatedSuccess": "Kaynak politikası başarıyla oluşturuldu",
+ "policyUpdatedSuccess": "Kaynak politikası başarıyla güncellendi",
+ "authMethodsSave": "Ayarları Kaydet",
+ "policyAuthStackTitle": "Kimlik Doğrulama",
+ "policyAuthStackDescription": "Bu kaynağa erişim için hangi kimlik doğrulama yöntemlerinin gerekli olduğuna karar verin",
+ "policyAuthOrLogicTitle": "Birden fazla kimlik doğrulama yöntemi etkin",
+ "policyAuthOrLogicBanner": "Ziyaretçiler aşağıdaki etkin yöntemlerden herhangi birini kullanarak kimlik doğrulaması yapabilirler. Hepsini tamamlamaları gerekmez.",
+ "policyAuthMethodActive": "Etkin",
+ "policyAuthMethodOff": "Kapalı",
+ "policyAuthSsoTitle": "Platform SSO",
+ "policyAuthSsoDescription": "Organizasyonunuzun kimlik sağlayıcısı üzerinden oturum açmayı zorunlu kılın",
+ "policyAuthSsoSummary": "{idp} · {users} kullanıcısı, {roles} rolü",
+ "policyAuthSsoDefaultIdp": "Varsayılan sağlayıcı",
+ "policyAuthAddDefaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı Ekle",
+ "policyAuthOtherMethodsTitle": "Diğer Yöntemler",
+ "policyAuthOtherMethodsDescription": "Ziyaretçilerin platform SSO yerine veya yanı sıra kullanabileceği isteğe bağlı yöntemler",
+ "policyAuthPasscodeTitle": "Şifre",
+ "policyAuthPasscodeDescription": "Kaynağa erişim için paylaşılan bir alfasayısal şifre gerektir",
+ "policyAuthPasscodeSummary": "Şifre ayarlandı",
+ "policyAuthPincodeTitle": "PIN Kodu",
+ "policyAuthPincodeDescription": "Kaynağa erişim için kısa bir sayısal kod gereklidir",
+ "policyAuthPincodeSummary": "6 haneli PIN ayarlandı",
+ "policyAuthEmailTitle": "E-posta Beyaz Listesi",
+ "policyAuthEmailDescription": "Listelenen e-posta adreslerine tek kullanımlık parolalarla izin verin",
+ "policyAuthEmailSummary": "{count} adres izinli",
+ "policyAuthEmailOtpCallout": "E-posta beyaz listesinin etkinleştirilmesiyle ziyaretçinin girişinde bir kereye mahsus parola e-postasına gönderilecektir.",
+ "policyAuthHeaderAuthTitle": "Temel Başlık Kimlik Doğrulama",
+ "policyAuthHeaderAuthDescription": "Her istekte özel bir HTTP başlık adını ve değerini doğrulayın",
+ "policyAuthHeaderAuthSummary": "Başlık yapılandırıldı",
+ "policyAuthHeaderName": "Başlık adı",
+ "policyAuthHeaderValue": "Beklenen değer",
+ "policyAuthSetPasscode": "Şifreyi Ayarla",
+ "policyAuthSetPincode": "PIN Kodunu Ayarla",
+ "policyAuthSetEmailWhitelist": "E-posta Beyaz Listesini Ayarla",
+ "policyAuthSetHeaderAuth": "Temel Başlık Kimlik Doğrulamasını Ayarla",
+ "policyAccessRulesTitle": "Erişim Kuralları",
+ "policyAccessRulesEnableDescription": "Etkinleştirildiğinde, kurallar azalan sırayla değerlendirilecektir ve biri doğru olarak değerlendirildiğinde diğerine geçilecektir.",
+ "policyAccessRulesFirstMatch": "Kurallar yukarıdan aşağıya doğru değerlendirilir. İlk eşleşen kural sonucu belirler.",
+ "policyAccessRulesHowItWorks": "Kurallar, yol, IP adresi, konum veya başka kriterlere göre talepleri eşleştirir. Her kural bir eylem uygular: kimlik doğrulamayı atla, erişimi engelle veya kimlik doğrulaması için geçici olarak geç.",
+ "policyAccessRulesFallthroughOff": "Kurallar devre dışı bırakıldığında, tüm trafik kimlik doğrulamasına geçer.",
+ "policyAccessRulesFallthroughOn": "Herhangi bir kural eşleşmediğinde trafik kimlik doğrulamasına geçer.",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "Kuralları Kaydet",
"resourceErrorCreate": "Kaynak oluşturma hatası",
"resourceErrorCreateDescription": "Kaynak oluşturulurken bir hata oluştu",
"resourceErrorCreateMessage": "Kaynak oluşturma hatası:",
@@ -766,9 +899,9 @@
"resourcesErrorUpdateDescription": "Kaynak güncellenirken bir hata oluştu",
"access": "Erişim",
"accessControl": "Erişim Kontrolü",
- "shareLink": "{resource} Paylaşım Bağlantısı",
+ "shareLink": "{resource} Paylaşılabilir Bağlantı",
"resourceSelect": "Kaynak seçin",
- "shareLinks": "Paylaşım Bağlantıları",
+ "shareLinks": "Paylaşılabilir Bağlantılar",
"share": "Paylaşılabilir Bağlantılar",
"shareDescription2": "Kaynaklarınıza geçici veya sınırsız erişim sağlamak için paylaşılabilir bağlantılar oluşturun. Bağlantı oluştururken sona erme süresini yapılandırabilirsiniz.",
"shareEasyCreate": "Kolayca oluştur ve paylaş",
@@ -810,6 +943,17 @@
"pincodeAdd": "PIN Kodu Ekle",
"pincodeRemove": "PIN Kodu Kaldır",
"resourceAuthMethods": "Kimlik Doğrulama Yöntemleri",
+ "resourcePolicyAuthMethodsEmpty": "Kimlik doğrulama yöntemi yok",
+ "resourcePolicyOtpEmpty": "Tek seferlik parola yok",
+ "resourcePolicyReadOnly": "Bu politika yalnızca okumalıdır",
+ "resourcePolicyReadOnlyDescription": "Bu kaynak politikası birden fazla kaynakla paylaşılmaktadır, bu sayfada düzenleyemezsiniz.",
+ "editSharedPolicy": "Paylaşılan Politikayı Düzenle",
+ "resourcePolicyTypeSave": "Kaynak türünü kaydet",
+ "resourcePolicySelect": "Kaynak politikasını seçin",
+ "resourcePolicySelectError": "Bir kaynak politikası seçin",
+ "resourcePolicyNotFound": "Politika bulunamadı",
+ "resourcePolicySearch": "Politikaları ara",
+ "resourcePolicyRulesEmpty": "Kimlik doğrulama kuralı yok",
"resourceAuthMethodsDescriptions": "Ek kimlik doğrulama yöntemleriyle kaynağa erişime izin verin",
"resourceAuthSettingsSave": "Başarıyla kaydedildi",
"resourceAuthSettingsSaveDescription": "Kimlik doğrulama ayarları kaydedildi",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "Pincode Ayarla",
"resourcePincodeSetupTitleDescription": "Bu kaynağı korumak için bir pincode ayarlayın",
"resourceRoleDescription": "Yöneticiler her zaman bu kaynağa erişebilir.",
+ "resourcePolicySelectTitle": "Kaynak Erişim Politikası",
+ "resourcePolicySelectDescription": "Kimlik doğrulama için kaynak politika türünü seçin",
+ "resourcePolicyTypeLabel": "Politika türü",
+ "resourcePolicyLabel": "Kaynak politikası",
+ "resourcePolicyInline": "Satır İçi Kaynak Politikası",
+ "resourcePolicyInlineDescription": "Erişim Politikası sadece bu kaynağa yönelik",
+ "resourcePolicyShared": "Paylaşılan Kaynak Politikası",
+ "resourcePolicySharedDescription": "Bu kaynak bir paylaşılan politika kullanıyor.",
+ "sharedPolicy": "Paylaşılan Politika",
+ "sharedPolicyNoneDescription": "Bu kaynağın kendi politikası var.",
+ "resourceSharedPolicyOwnDescription": "Bu kaynak, kendi kimlik doğrulama ve erişim kuralları denetimlerine sahiptir.",
+ "resourceSharedPolicyInheritedDescription": "Bu kaynak {policyName}'dan devralmaktadır.",
+ "resourceSharedPolicyAuthenticationNotice": "Bu kaynak bir ortak politika kullanıyor. Politikayı eklemek için kimlik doğrulama ayarlarını bu kaynakta düzenleyebilirsiniz. Altta yatan politikayı değiştirmek için {policyName} düzenlemelisiniz.",
+ "resourceSharedPolicyRulesNotice": "Bu kaynak bir paylaşılan politika kullanıyor. Bazı erişim kuralları bu kaynakta düzenlenebilir. Temel politikayı değiştirmek için, {policyName} düzenlemeniz gerekecektir.",
"resourceUsersRoles": "Erişim Kontrolleri",
"resourceUsersRolesDescription": "Bu kaynağı kimlerin ziyaret edebileceği kullanıcıları ve rolleri yapılandırın",
"resourceUsersRolesSubmit": "Erişim Kontrollerini Kaydet",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "Görünürlük",
"resourceVisibilityTitleDescription": "Kaynak görünürlüğünü tamamen etkinleştirin veya devre dışı bırakın",
"resourceGeneral": "Genel Ayarlar",
- "resourceGeneralDescription": "Bu kaynak için genel ayarları yapılandırın",
+ "resourceGeneralDescription": "Bu kaynak için ad, adres ve erişim politikası yapılandırın.",
+ "resourceGeneralDetailsSubsection": "Kaynak Detayları",
+ "resourceGeneralDetailsSubsectionDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve herkesin erişebileceği alan adını belirleyin.",
+ "resourceGeneralDetailsSubsectionPortDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve halka açık portu ayarlayın.",
+ "resourceGeneralPublicAddressSubsection": "Genel Adres",
+ "resourceGeneralPublicAddressSubsectionDescription": "Kullanıcıların bu kaynağa nasıl ulaşacağını yapılandırın.",
+ "resourceGeneralAuthenticationAccessSubsection": "Kimlik Doğrulama ve Erişim",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "Bu kaynağın kendi politikasını mı yoksa ortak bir politikadan mı devralacağını seçin.",
"resourceEnable": "Kaynağı Etkinleştir",
"resourceTransfer": "Kaynağı Aktar",
"resourceTransferDescription": "Bu kaynağı farklı bir siteye aktarın",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "{name} ile bağlantı kurarken bir sorun meydana geldi. Lütfen yöneticiye danışın.",
"idpErrorNotFound": "IdP bulunamadı",
"inviteInvalid": "Geçersiz Davet",
+ "labels": "Etiketler",
+ "orgLabelsDescription": "Bu organizasyondaki etiketleri yönetin.",
+ "addLabels": "Etiketler ekle",
+ "siteLabelsTab": "Etiketler",
+ "siteLabelsDescription": "Bu siteyle ilişkili etiketleri yönetin.",
+ "labelsNotFound": "Etiket bulunamadı.",
+ "labelsEmptyCreateHint": "Etiket oluşturmak için yukarıdan yazmaya başlayın.",
+ "labelSearch": "Etiket ara",
+ "labelSearchOrCreate": "Etiket arayın veya oluşturun",
+ "accessLabelFilterCount": "{count, plural, one {# etiket} other {# etiketler}}",
+ "labelOverflowCount": "+{count, plural, one {# etiket} other {# etiketler}}",
+ "accessLabelFilterClear": "Etiket filtrelerini temizle",
+ "accessFilterClear": "Filtreleri temizle",
+ "selectColor": "Renk seç",
+ "createNewLabel": "Yeni kuruluş etiketi \"{label}\" oluştur",
"inviteInvalidDescription": "Davet bağlantısı geçersiz.",
"inviteErrorWrongUser": "Davet bu kullanıcı için değil",
"inviteErrorUserNotExists": "Kullanıcı mevcut değil. Lütfen önce bir hesap oluşturun.",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "Planı Uygula",
"actionListBlueprints": "Plan Listesini Görüntüle",
"actionGetBlueprint": "Planı Elde Et",
+ "actionCreateOrgWideLauncherView": "Kuruluş Genelinde Başlatıcı Görünümü Oluşturma",
"setupToken": "Kurulum Simgesi",
"setupTokenDescription": "Sunucu konsolundan kurulum simgesini girin.",
"setupTokenRequired": "Kurulum simgesi gerekli",
@@ -1374,6 +1555,8 @@
"sidebarResources": "Kaynaklar",
"sidebarProxyResources": "Herkese Açık",
"sidebarClientResources": "Özel",
+ "sidebarPolicies": "Paylaşılan Politikalar",
+ "sidebarResourcePolicies": "Açık Kaynaklar",
"sidebarAccessControl": "Erişim Kontrolü",
"sidebarLogsAndAnalytics": "Kayıtlar & Analitik",
"sidebarTeam": "Ekip",
@@ -1381,7 +1564,7 @@
"sidebarAdmin": "Yönetici",
"sidebarInvitations": "Davetiye",
"sidebarRoles": "Roller",
- "sidebarShareableLinks": "Bağlantılar",
+ "sidebarShareableLinks": "Paylaşılabilir Bağlantılar",
"sidebarApiKeys": "API Anahtarları",
"sidebarProvisioning": "Tedarik",
"sidebarSettings": "Ayarlar",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "Site {id}",
"standaloneHcFilterResourceIdFallback": "Kaynak {id}",
"blueprints": "Planlar",
- "blueprintsDescription": "Deklaratif yapılandırmaları uygulayın ve önceki çalışmaları görüntüleyin",
+ "blueprintsLog": "Şablonlar Günlüğü",
+ "blueprintsDescription": "Geçmiş plan uygulamalarını ve sonuçlarını görüntüleyin veya yeni bir plan uygulayın",
"blueprintAdd": "Plan Ekle",
"blueprintGoBack": "Tüm Planları Gör",
"blueprintCreate": "Plan Oluştur",
@@ -1575,7 +1759,17 @@
"contents": "İçerik",
"parsedContents": "Verilerin Ayrıştırılmış İçeriği (Salt Okunur)",
"enableDockerSocket": "Docker Soketini Etkinleştir",
- "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Newt'e soket yolu sağlanmalıdır.",
+ "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Site bağlantısına soket yolu sağlanmalıdır. Bunun nasıl çalıştığını belgelemede okuyun.",
+ "newtAutoUpdate": "Site Otomatik-Güncellemesini Etkinleştir",
+ "newtAutoUpdateDescription": "Etkinleştirildiğinde, site konektörleri en son versiyonu otomatik olarak indirir ve yeniden başlar. Bu, site bazında geçersiz kılınabilir.",
+ "siteAutoUpdate": "Site Otomatik-Güncellemesi",
+ "siteAutoUpdateLabel": "Otomatik Güncellemeyi Etkinleştir",
+ "siteAutoUpdateDescription": "Etkinleştirildiğinde, bu sitenin konektörü en son versiyonu otomatik olarak indirir ve kendini yeniden başlatır.",
+ "siteAutoUpdateOrgDefault": "Kuruluş varsayılanı: {state}",
+ "siteAutoUpdateOverriding": "Kuruluş ayarını geçersiz kılıyor",
+ "siteAutoUpdateResetToOrg": "Kuruluş Varsayılanına Sıfırla",
+ "siteAutoUpdateEnabled": "etkin",
+ "siteAutoUpdateDisabled": "devre dışı",
"viewDockerContainers": "Docker Konteynerlerini Görüntüle",
"containersIn": "{siteName} içindeki konteynerler",
"selectContainerDescription": "Bu hedef için bir ana bilgisayar adı olarak kullanmak üzere herhangi bir konteyner seçin. Bir bağlantı noktası kullanmak için bir bağlantı noktasına tıklayın.",
@@ -1620,6 +1814,7 @@
"certificateStatus": "Sertifika",
"certificateStatusAutoRefreshHint": "Durum otomatik olarak yenilenir.",
"loading": "Yükleniyor",
+ "loadingEllipsis": "Yükleniyor...",
"loadingAnalytics": "Analiz Yükleniyor",
"restart": "Yeniden Başlat",
"domains": "Alan Adları",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "Hesap kurulumu tamamlandı! Pangolin'e hoş geldiniz!",
"documentation": "Dokümantasyon",
"saveAllSettings": "Tüm Ayarları Kaydet",
- "saveResourceTargets": "Hedefleri Kaydet",
- "saveResourceHttp": "Proxy Ayarlarını Kaydet",
- "saveProxyProtocol": "Proxy protokol ayarlarını kaydet",
+ "saveResourceTargets": "Ayarları Kaydet",
+ "saveResourceHttp": "Ayarları Kaydet",
+ "saveProxyProtocol": "Ayarları Kaydet",
"settingsUpdated": "Ayarlar güncellendi",
"settingsUpdatedDescription": "Ayarlar başarıyla güncellendi",
"settingsErrorUpdate": "Ayarlar güncellenemedi",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "Kendi barındırdığınız ücretli lisans anahtarları için aboneliğinizi yönetin",
"billingCurrentKeys": "Mevcut Anahtarlar",
"billingModifyCurrentPlan": "Mevcut Planı Düzenle",
+ "billingManageLicenseSubscriptionDescription": "Ücretli kendi barındırdığı lisans anahtarları için aboneliğinizi yönetin ve faturaları indirin.",
"billingConfirmUpgrade": "Yükseltmeyi Onayla",
"billingConfirmDowngrade": "Düşürmeyi Onayla",
"billingConfirmUpgradeDescription": "Planınızı yükseltmek üzeresiniz. Yeni limitleri ve fiyatları aşağıda inceleyin.",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "Alt ağ",
"addressDescription": "İstemcinin dahili adresi. Organizasyon alt ağı içinde olmalıdır.",
"selectSites": "Siteleri seçin",
+ "selectLabels": "Etiketleri seçin",
"sitesDescription": "Müşteri seçilen sitelere bağlantı kuracaktır",
"clientInstallOlm": "Olm Yükle",
"clientInstallOlmDescription": "Sisteminizde Olm çalıştırın",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "Bilinmiyor",
"healthCheck": "Sağlık Kontrolü",
"configureHealthCheck": "Sağlık Kontrolünü Yapılandır",
- "configureHealthCheckDescription": "{hedef} için sağlık izleme kurun",
+ "configureHealthCheckDescription": "Kaynağınızın her zaman erişilebilir olduğundan emin olmak için izleme kurun",
"enableHealthChecks": "Sağlık Kontrollerini Etkinleştir",
"healthCheckDisabledStateDescription": "Devre dışı bırakıldığında, site sağlık kontrolleri yapmaz ve durum bilinmeyen olarak kabul edilecektir.",
"enableHealthChecksDescription": "Bu hedefin sağlığını izleyin. Gerekirse hedef dışındaki bir son noktayı izleyebilirsiniz.",
"healthScheme": "Yöntem",
"healthSelectScheme": "Yöntem Seç",
- "healthCheckPortInvalid": "Sağlık Kontrolü portu 1 ile 65535 arasında olmalıdır",
+ "healthCheckPortInvalid": "Bağlantı noktası 1 ile 65535 arasında olmalıdır",
"healthCheckPath": "Yol",
"healthHostname": "IP / Hostname",
"healthPort": "Bağlantı Noktası",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "Zaman saniye cinsindendir",
"requireDeviceApproval": "Cihaz Onaylarını Gerektir",
"requireDeviceApprovalDescription": "Bu role sahip kullanıcıların yeni cihazlarının bağlanabilmesi ve kaynaklara erişebilmesi için bir yönetici tarafından onaylanması gerekiyor.",
+ "sshSettings": "SSH Ayarları",
"sshAccess": "SSH Erişimi",
+ "rdpSettings": "RDP Ayarları",
+ "vncSettings": "VNC Ayarları",
+ "sshServer": "SSH Sunucusu",
+ "rdpServer": "RDP Sunucusu",
+ "vncServer": "VNC Sunucusu",
+ "sshServerDescription": "Kimlik doğrulama yöntemi, daemon konumu ve sunucu hedefini ayarlayın",
+ "rdpServerDescription": "RDP sunucusunun hedefini ve bağlantı noktasını yapılandırın",
+ "vncServerDescription": "VNC sunucusunun hedefini ve bağlantı noktasını yapılandırın",
+ "sshServerMode": "Mod",
+ "sshServerModeStandard": "Standart SSH Sunucusu",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "Ağ üzerinden OpenSSH gibi bir SSH sunucusuna komutlar gönderir.",
+ "sshServerModeNative": "Yerel SSH Sunucusu",
+ "sshServerModeNativeDescription": "Site Bağlayıcısı üzerinden doğrudan ana bilgisayarda komutları çalıştırır. Ağ yapılandırması gerekmez.",
+ "sshAuthenticationMethod": "Kimlik Doğrulama Yöntemi",
+ "sshAuthMethodManual": "Manuel Kimlik Doğrulama",
+ "sshAuthMethodManualDescription": "Mevcut ana bilgisayar kimlik bilgileri gerektiriyor. Otomatik sağlama işlemini atlar.",
+ "sshAuthMethodAutomated": "Otomatik Sağlama",
+ "sshAuthMethodAutomatedDescription": "Ana bilgisayarda otomatik olarak kullanıcılar, gruplar ve sudo izinleri oluşturur.",
+ "sshAuthDaemonLocation": "Kimlik Doğrulama Daemon Konumu",
+ "sshDaemonLocationSiteDescription": "Site bağdaştırıcısını misafir eden makinada yerel olarak çalıştırır.",
+ "sshDaemonLocationRemote": "Uzak Ana Bilgisayarda",
+ "sshDaemonLocationRemoteDescription": "Aynı ağda ayrı bir hedef makinede çalıştırır.",
+ "sshDaemonDisclaimer": "Bu kurulumu tamamlamadan önce hedef ana bilgisayarınızın kimlik doğrulama daemonunu çalıştıracak şekilde düzgün yapılandırıldığından emin olun, aksi takdirde sağlama başarısız olur.",
+ "sshDaemonPort": "Daemon Bağlantı Noktası",
+ "sshServerDestination": "Sunucu Hedefi",
+ "sshServerDestinationDescription": "SSH sunucusunun hedefini yapılandırın",
+ "destination": "Hedef",
+ "destinationRequired": "Hedef gereklidir.",
+ "domainRequired": "Alan adı gereklidir.",
+ "proxyPortRequired": "Bağlantı noktası gereklidir.",
+ "invalidPathConfiguration": "Geçersiz yol yapılandırması.",
+ "invalidRewritePathConfiguration": "Geçersiz yol yeniden yazma yapılandırması.",
+ "bgTargetMultiSiteDisclaimer": "Birden fazla site seçmek, yüksek erişilebilirlik için dayanıklı yönlendirme ve failover sağlar.",
"roleAllowSsh": "SSH'a İzin Ver",
"roleAllowSshAllow": "İzin Ver",
"roleAllowSshDisallow": "İzin Verme",
@@ -1957,10 +2189,25 @@
"sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.",
"sshSudo": "Sudo'ya izin ver",
"sshSudoCommands": "Sudo Komutları",
- "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi.",
+ "sshSudoCommandsDescription": "Kullanıcının 'sudo' ile çalıştırmasına izin verilen komutlar listesi noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır. Mutlak yollar kullanılmalıdır.",
"sshCreateHomeDir": "Ev Dizini Oluştur",
"sshUnixGroups": "Unix Grupları",
- "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.",
+ "sshUnixGroupsDescription": "Hedef ana bilgisayardaki kullanıcıya eklemek için Unix grupları, noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır.",
+ "roleTextFieldPlaceholder": "Değerleri girin veya bir .txt veya .csv dosyası bırakın",
+ "roleTextImportTitle": "Dosyadan İçe Aktar",
+ "roleTextImportDescription": "{fileName} dosyası {fieldLabel} alanına içe aktarılıyor.",
+ "roleTextImportSkipHeader": "İlk Satırı Atla (Başlık)",
+ "roleTextImportOverride": "Mevcut Olanın Yerine Yaz",
+ "roleTextImportAppend": "Mevcut olana Ekle",
+ "roleTextImportMode": "İçe Aktarma Modu",
+ "roleTextImportPreview": "Seçilen Dosya",
+ "roleTextImportItemCount": "{count, plural, =0 {İçe aktarılacak öğe yok} one {İçe aktarılacak 1 öğe} other {İçe aktarılacak # öğe}}",
+ "roleTextImportTotalCount": "{existing} mevcut + {imported} ithal = {total} toplam",
+ "roleTextImportConfirm": "İçe Aktar",
+ "roleTextImportInvalidFile": "Desteklenmeyen dosya türü",
+ "roleTextImportInvalidFileDescription": "Yalnızca .txt ve .csv dosyaları desteklenir.",
+ "roleTextImportEmpty": "Dosyada öğe bulunamadı",
+ "roleTextImportEmptyDescription": "Dosya, içe aktarılabilir öğe içermiyor.",
"retryAttempts": "Tekrar Deneme Girişimleri",
"expectedResponseCodes": "Beklenen Yanıt Kodları",
"expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",
@@ -2049,8 +2296,9 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "Şema",
- "editInternalResourceDialogEnableSsl": "TLS Etkinleştir",
+ "editInternalResourceDialogEnableSsl": "TLS'yi Etkinleştir",
"editInternalResourceDialogEnableSslDescription": "Hedefe güvenli HTTPS bağlantıları için SSL/TLS şifrelemeyi etkinleştirin.",
"editInternalResourceDialogDestination": "Hedef",
"editInternalResourceDialogDestinationHostDescription": "Site ağındaki kaynağın IP adresi veya ana bilgisayar adı.",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "Site",
"selectSite": "Site seç...",
"multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# siteler}}",
+ "labelsSelectorLabelsCount": "{count, plural, one {# etiket} other {# etiketler}}",
"noSitesFound": "Site bulunamadı.",
"createInternalResourceDialogProtocol": "Protokol",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "Şema",
"createInternalResourceDialogScheme": "Şema",
"createInternalResourceDialogEnableSsl": "TLS'yi Etkinleştir",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "Site ağındaki kaynağın CIDR aralığı.",
"createInternalResourceDialogAlias": "Takma Ad",
"createInternalResourceDialogAliasDescription": "Bu kaynak için isteğe bağlı dahili DNS takma adı.",
+ "internalResourceAliasLocalWarning": "Bazı ağlarda mDNS nedeniyle .local ile biten takma adlar çözümleme sorunlarına neden olabilir.",
"internalResourceDownstreamSchemeRequired": "HTTP kaynakları için şema gereklidir",
"internalResourceHttpPortRequired": "HTTP kaynakları için hedef bağlantı noktası gereklidir",
"siteConfiguration": "Yapılandırma",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "Uzak Düğümler",
"remoteExitNodeId": "Kimlik",
"remoteExitNodeSecretKey": "Gizli",
+ "remoteExitNodeNetworkingTitle": "Ağ Ayarları",
+ "remoteExitNodeNetworkingDescription": "Bu uzak çıkış düğümünün trafiği nasıl yönlendireceğini ve hangi sitelerin bu üzerinden bağlanmayı tercih edeceğini yapılandırın. Gelişmiş özellikler geri bağlantı ağ konfigürasyonları ile kullanılmalıdır.",
+ "remoteExitNodeNetworkingSave": "Ayarları Kaydet",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "Ağ ayarları kaydedildi",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "Ağ ayarları başarıyla güncellendi.",
+ "remoteExitNodeNetworkingSaveError": "Ağ ayarları kaydedilemedi",
+ "remoteExitNodeNetworkingSubnetsTitle": "Uzak Alt Ağlar",
+ "remoteExitNodeNetworkingSubnetsDescription": "Bu uzak çıkış düğümünün trafiği taşıyacağı CIDR aralıklarını tanımlayın. Geçerli bir CIDR (örneğin, 10.0.0.0/8) yazın ve eklemek için Enter tuşuna basın.",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "Bir CIDR aralığı ekle (örneğin, 10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "Alt ağlar yüklenemedi",
+ "remoteExitNodeNetworkingLabelsTitle": "Tercih Etiketleri",
+ "remoteExitNodeNetworkingLabelsDescription": "Bu etiketlere sahip siteler, bu uzak çıkış düğümü üzerinden bağlantı kurmaya zorlanacaktır.",
+ "remoteExitNodeNetworkingLabelsButtonText": "Etiketleri seç...",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "Etiketleri ara...",
+ "remoteExitNodeNetworkingLabelsLoadError": "Etiketler yüklenemedi",
"remoteExitNodeCreate": {
"title": "Uzak Düğüm Oluştur",
"description": "Yeni bir kendine misafir uzaktan ileti ve ara sunucu düğümü oluşturun",
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC sağlayıcısı",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC sağlayıcısı",
"subnet": "Alt ağ",
+ "utilitySubnet": "Yardımcı Alt Ağ",
"subnetDescription": "Bu organizasyonun ağ yapılandırması için alt ağ.",
"customDomain": "Özel Alan",
"authPage": "Kimlik Sayfaları",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "Organizasyon veya Alan Adı Kimliği eksik",
"loadingDNSRecords": "DNS kayıtları yükleniyor...",
"olmUpdateAvailableInfo": "Olm'nin güncellenmiş bir sürümü mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
+ "updateAvailableInfo": "Güncellenmiş bir sürüm mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
"client": "İstemci",
"proxyProtocol": "Proxy Protokol Ayarları",
"proxyProtocolDescription": "TCP hizmetleri için istemci IP adreslerini korumak amacıyla Proxy Protokolünü yapılandırın.",
"enableProxyProtocol": "Proxy Protokolünü Etkinleştir",
"proxyProtocolInfo": "TCP ara yüzlerini koruyarak istemci IP adreslerini saklayın",
"proxyProtocolVersion": "Proxy Protokol Versiyonu",
- "version1": " Versiyon 1 (Önerilen)",
+ "version1": "Versiyon 1 (Önerilen)",
"version2": "Versiyon 2",
- "versionDescription": "Versiyon 1 metin tabanlı ve yaygın olarak desteklenir. Versiyon 2 ise ikili ve daha verimlidir ama daha az uyumludur.",
+ "version1Description": "Metin tabanlı ve yaygın olarak desteklenmektedir. Sunucu taşımacılığının dinamik yapılandırmaya eklenmiş olduğundan emin olun.",
+ "version2Description": "İkili ve daha verimli ama daha az uyumlu. Sunucu taşımasının dinamik yapılandırmaya eklendiğinden emin olun.",
"warning": "Uyarı",
"proxyProtocolWarning": "Arka uç uygulamanız, Proxy Protokol bağlantılarını kabul etmek üzere yapılandırılmalıdır. Arka ucunuz Proxy Protokolünü desteklemiyorsa, bunu etkinleştirmek tüm bağlantıları koparır. Traefik'ten gelen Proxy Protokol başlıklarına güvenecek şekilde arka ucunuzu yapılandırdığınızdan emin olun.",
"restarting": "Yeniden Başlatılıyor...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "Onayı girin",
"blueprintViewDetails": "Detaylar",
"defaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı",
- "defaultIdentityProviderDescription": "Varsayılan bir kimlik sağlayıcı seçildiğinde, kullanıcı kimlik doğrulaması için otomatik olarak sağlayıcıya yönlendirilecektir.",
+ "defaultIdentityProviderDescription": "Kullanıcı, kimlik doğrulama için bu kimlik sağlayıcısına otomatik olarak yönlendirilecektir.",
"editInternalResourceDialogNetworkSettings": "Ağ Ayarları",
"editInternalResourceDialogAccessPolicy": "Erişim Politikası",
"editInternalResourceDialogAddRoles": "Roller Ekle",
@@ -2937,11 +3206,12 @@
"learnMore": "Daha fazla bilgi",
"backToHome": "Ana sayfaya geri dön",
"needToSignInToOrg": "Kuruluşunuzun kimlik sağlayıcısını kullanmanız mı gerekiyor?",
- "maintenanceMode": "Bakım Modu",
+ "maintenanceMode": "Bakım Sayfası",
"maintenanceModeDescription": "Ziyaretçilere bir bakım sayfası gösterin",
"maintenanceModeType": "Bakım Modu Türü",
"showMaintenancePage": "Ziyaretçilere bir bakım sayfası gösterin",
"enableMaintenanceMode": "Bakım Modunu Etkinleştir",
+ "enableMaintenanceModeDescription": "Etkinleştirildiğinde, ziyaretçiler kaynak yerine bir bakım sayfası görecekler.",
"automatic": "Otomatik",
"automaticModeDescription": "Tüm arka uç hedefleri kapalı veya sağlıksız olduğunda yalnızca bakım sayfasını gösterin. Sağlıklı en az bir hedef olduğu sürece kaynağınız normal şekilde çalışmaya devam eder.",
"forced": "Zorunlu",
@@ -2949,6 +3219,8 @@
"warning:": "Uyarı:",
"forcedeModeWarning": "Tüm trafik bakım sayfasına yönlendirilecek. Arka plan kaynaklarınız herhangi bir isteği almayacaktır.",
"pageTitle": "Sayfa Başlığı",
+ "maintenancePageContentSubsection": "Sayfa İçeriği",
+ "maintenancePageContentSubsectionDescription": "Bakım sayfasında gösterilen içeriği özelleştirin",
"pageTitleDescription": "Bakım sayfasında gösterilen ana başlık",
"maintenancePageMessage": "Bakım Mesajı",
"maintenancePageMessagePlaceholder": "Yakında geri döneceğiz! Sitemiz şu anda planlı bakım altındadır.",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "Tahmini Tamamlama:",
"createInternalResourceDialogDestinationRequired": "Hedef gereklidir",
"available": "Mevcut",
+ "disabledResourceDescription": "Devre dışı bırakıldığında, kaynağa herkes erişemez.",
"archived": "Arşivlenmiş",
"noArchivedDevices": "Arşivlenmiş cihaz bulunamadı",
"deviceArchived": "Cihaz arşivlendi",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "Bu kimlik sağlayıcının bu kuruluştan ilişiğini kesmek istediğinizden emin misiniz?",
"idpUnassociateDescription": "Bu kimlik sağlayıcı ile ilişkilendirilen tüm kullanıcılar bu kuruluştan kaldırılacaktır, ancak kimlik sağlayıcı diğer ilişkilendirilen kuruluşlar için var olmaya devam edecektir.",
"idpUnassociateConfirm": "Kimlik Sağlayıcının İlişkisinin Kesilmesini Onayla",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "BENİ SİL VE ORGANİZASYONDAN ÇIKAR",
+ "idpUnassociateAndRemoveMeFromOrg": "BENİ İLİŞKİLENDİRMEYİ BIRAK VE ORGANİZASYONDAN ÇIKAR",
"idpUnassociateWarning": "Bu işlem bu kuruluş için geri alınamaz.",
"idpUnassociatedDescription": "Kimlik sağlayıcı bu kuruluştan başarıyla ayrıldı",
"idpUnassociateMenu": "İlişkiyi Kes",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "E-posta Beyaz Listesi",
"memberPortalResourceDisabled": "Kaynak Devre Dışı",
"memberPortalShowingResources": "{total} kaynaktan {start}-{end} gösteriliyor",
+ "resourceLauncherTitle": "Kaynak Başlatıcı",
+ "resourceLauncherDescription": "Kaynağın detaylarını görüntüleyin ve tek bir yerden başlatın",
+ "resourceLauncherSearchPlaceholder": "Tüm siteleri ara...",
+ "resourceLauncherDefaultView": "Varsayılan",
+ "resourceLauncherSaveView": "Görünümü Kaydet",
+ "resourceLauncherSaveToCurrentView": "Mevcut Görünüme Kaydet",
+ "resourceLauncherResetView": "Görünümü Sıfırla",
+ "resourceLauncherSaveAsNewView": "Yeni Görünüm Olarak Kaydet",
+ "resourceLauncherSaveAsNewViewDescription": "Geçerli filtrelerinizi ve düzeninizi kaydetmek için bu görünüme bir ad verin.",
+ "resourceLauncherSaveForEveryone": "Herkes İçin Kaydet",
+ "resourceLauncherSaveForEveryoneDescription": "Bu görünümü tüm kuruluş üyeleriyle paylaşın. İşaretli değilse, görünüm yalnızca size görünür olur.",
+ "resourceLauncherMakePersonal": "Kişisel Yap",
+ "resourceLauncherFilter": "Filtre",
+ "resourceLauncherSort": "Sıralama",
+ "resourceLauncherSortAscending": "Artan sırala",
+ "resourceLauncherSortDescending": "Azalan sırala",
+ "resourceLauncherSettings": "Ayarlar",
+ "resourceLauncherGroupBy": "Grupla",
+ "resourceLauncherGroupBySite": "Site",
+ "resourceLauncherGroupByLabel": "Etiket",
+ "resourceLauncherLayout": "Düzen",
+ "resourceLauncherLayoutGrid": "Izgara",
+ "resourceLauncherLayoutList": "Liste",
+ "resourceLauncherShowLabels": "Etiketleri Göster",
+ "resourceLauncherShowSiteTags": "Site Etiketlerini Göster",
+ "resourceLauncherShowRecents": "Son Eklenenleri Göster",
+ "resourceLauncherDeleteView": "Görünümü Sil",
+ "resourceLauncherViewAsAdmin": "Yönetici Olarak Görüntüle",
+ "resourceLauncherResourceDetailsDescription": "Bu kaynağın detaylarını görüntüleyin.",
+ "resourceLauncherUnlabeled": "Etiketsiz",
+ "resourceLauncherNoSite": "Site Yok",
+ "resourceLauncherNoResourcesInGroup": "Bu grupta kaynak yok",
+ "resourceLauncherEmptyStateTitle": "Kullanılabilir Kaynak Yok",
+ "resourceLauncherEmptyStateDescription": "Henüz hiçbir kaynağa erişiminiz yok. Erişim istemek için yöneticinizle iletişime geçin.",
+ "resourceLauncherEmptyStateNoResultsTitle": "Kaynak Bulunamadı",
+ "resourceLauncherEmptyStateNoResultsDescription": "Mevcut arama veya filtrelerinizle eşleşen kaynak yok. Aradığınızı bulmak için ayarları değiştirmeyi deneyin.",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "\"{query}\" ile eşleşen kaynak yok. Tüm kaynakları görmek için aramayı düzenlemeyi veya filtreleri temizlemeyi deneyin.",
+ "resourceLauncherCopiedToClipboard": "Panoya kopyalandı",
+ "resourceLauncherCopiedAccessDescription": "Kaynağa erişim panonuza kopyalandı.",
+ "resourceLauncherViewNamePlaceholder": "Görünüm adı",
+ "resourceLauncherViewNameLabel": "Görünüm Adı",
+ "resourceLauncherViewSaved": "Görünüm kaydedildi",
+ "resourceLauncherViewSavedDescription": "Başlatıcı görünümünüz kaydedildi.",
+ "resourceLauncherViewSaveFailed": "Görünüm kaydedilemedi",
+ "resourceLauncherViewSaveFailedDescription": "Başlatıcı görünümü kaydedilemedi. Lütfen yeniden deneyin.",
+ "resourceLauncherViewDeleted": "Görünüm silindi",
+ "resourceLauncherViewDeletedDescription": "Başlatıcı görünüm silindi.",
+ "resourceLauncherViewDeleteFailed": "Görünüm silinemedi",
+ "resourceLauncherViewDeleteFailedDescription": "Başlatıcı görünümü silinemedi. Lütfen tekrar deneyin.",
"memberPortalPrevious": "Önceki",
- "memberPortalNext": "Sonraki"
+ "memberPortalNext": "Sonraki",
+ "httpSettings": "HTTP Ayarları",
+ "tcpSettings": "TCP Ayarları",
+ "udpSettings": "UDP Ayarları",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "Güvenli bir bağlantı kuruluyor…",
+ "sshConnecting": "Bağlanılıyor…",
+ "sshInitializing": "Başlatılıyor…",
+ "sshSignInTitle": "SSH'a Giriş Yap",
+ "sshSignInDescription": "Bağlanmak için SSH kimlik bilgilerinizi girin",
+ "sshPasswordTab": "Şifre",
+ "sshPrivateKeyTab": "Özel Anahtar",
+ "sshPrivateKeyField": "Özel Anahtar",
+ "sshPrivateKeyDisclaimer": "Özel anahtarınız Pangolin'de saklanmaz veya görünmez. Alternatif olarak, mevcut Pangolin kimliğinizle sorunsuz kimlik doğrulama için kısa ömürlü sertifikalar kullanabilirsiniz.",
+ "sshLearnMore": "Daha fazla bilgi",
+ "sshPrivateKeyFile": "Özel Anahtar Dosyası",
+ "sshAuthenticate": "Bağlan",
+ "sshTerminate": "Sonlandır",
+ "sshPoweredBy": "Tarafından sağlanmaktadır",
+ "sshErrorNoTarget": "Belirtilen hedef yok",
+ "sshErrorWebSocket": "WebSocket bağlantısı başarısız oldu",
+ "sshErrorAuthFailed": "Kimlik doğrulama başarısız",
+ "sshErrorConnectionClosed": "Kimlik doğrulama tamamlanmadan bağlantı kapandı",
+ "sitePangolinSshDescription": "Bu site üzerindeki kaynaklara SSH erişimine izin verin. Bu ayar sonradan değiştirilebilir.",
+ "browserGatewayNoResourceForDomain": "Bu etki alanı için kaynak bulunamadı",
+ "browserGatewayNoTarget": "Hedef Yok",
+ "browserGatewayConnect": "Bağlan",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "PAM itmeli kimlik doğrulama için SSH anahtarı imzalanamadı. Kullanıcı olarak oturum açtınız mı?",
+ "sshTerminalError": "Hata: {error}",
+ "sshConnectionClosedCode": "Bağlantı kapandı (kod {code})",
+ "sshPrivateKeyPlaceholder": "-----BAŞLANGIÇ OPENSSH ÖZEL ANAHTARI-----",
+ "sshPrivateKeyRequired": "Özel anahtar gereklidir",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "Bağlanmak için VNC kimlik bilgilerinizi girin",
+ "vncUsernameOptional": "Kullanıcı Adı (isteğe bağlı)",
+ "vncPasswordOptional": "Parola (isteğe bağlı)",
+ "vncNoResourceTarget": "Kaynak hedefi mevcut değil",
+ "vncFailedToLoadNovnc": "NoVNC yüklenemedi",
+ "vncAuthFailedStatus": "Durum {status}",
+ "vncPasteClipboard": "Panoya yapıştır",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "Uzak Masaüstü'ne Giriş Yap",
+ "rdpSignInDescription": "Bağlanmak için Windows kimlik bilgilerinizi girin",
+ "rdpLoadingModule": "Modül yükleniyor...",
+ "rdpFailedToLoadModule": "RDP modülü yüklenemedi",
+ "rdpNotReady": "Hazır değil",
+ "rdpModuleInitializing": "RDP modülü hala başlatılıyor",
+ "rdpDownloadingFiles": "Uzak {count, plural, one {dosya} other {dosya}} indiriliyor...",
+ "rdpDownloadFailed": "İndirme başarısız: {fileName}",
+ "rdpUploaded": "Yüklendi: {fileName}",
+ "rdpNoConnectionTarget": "Bağlantı hedefi yok",
+ "rdpConnectionFailed": "Bağlantı başarısız oldu",
+ "rdpFit": "Sığdır",
+ "rdpFull": "Tam",
+ "rdpReal": "Gerçek",
+ "rdpMeta": "Meta",
+ "rdpUploadFiles": "Dosya yükle",
+ "rdpFilesReadyToPaste": "Yapıştırmak üzere dosyalar hazır",
+ "rdpFilesReadyToPasteDescription": "{count} dosya uzak panoya kopyalandı — yapıştırmak için uzak masaüstünde Ctrl+V tuşlarına basın.",
+ "rdpUploadFailed": "Yükleme başarısız",
+ "rdpUnicodeKeyboardMode": "Unicode klavye modu",
+ "sessionToolbarShow": "Araç çubuğunu göster",
+ "sessionToolbarHide": "Araç çubuğunu gizle"
}
diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index a23647dba..bac29a695 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -17,7 +17,7 @@
"componentsErrorNoMemberCreate": "您目前不是任何组织的成员。创建组织以开始操作。",
"componentsErrorNoMember": "您目前不是任何组织的成员。",
"welcome": "欢迎使用 Pangolin",
- "welcomeTo": "欢迎来到",
+ "welcomeTo": "欢迎使用",
"componentsCreateOrg": "创建组织",
"componentsMember": "您属于{count, plural, =0 {没有组织} one {一个组织} other {# 个组织}}。",
"componentsInvalidKey": "检测到无效或过期的许可证密钥。按照许可证条款操作以继续使用所有功能。",
@@ -35,7 +35,7 @@
"trialDaysRemaining": "{count, plural, other {# 天剩余}}",
"trialDaysLeftShort": "试用期剩余 {days} 天",
"trialGoToBilling": "转到账单页面",
- "subscriptionViolationViewBilling": "查看计费",
+ "subscriptionViolationViewBilling": "查看账单",
"componentsLicenseViolation": "许可证超限:该服务器使用了 {usedSites} 个站点,已超过授权的 {maxSites} 个。请遵守许可证条款以继续使用全部功能。",
"componentsSupporterMessage": "感谢您的支持!您现在是 Pangolin 的 {tier} 用户。",
"inviteErrorNotValid": "很抱歉,但看起来你试图访问的邀请尚未被接受或不再有效。",
@@ -58,21 +58,27 @@
"name": "名称",
"online": "在线",
"offline": "离线的",
- "site": "站点",
+ "site": "节点",
"dataIn": "数据输入",
"dataOut": "数据输出",
"connectionType": "连接类型",
"tunnelType": "隧道类型",
"local": "本地的",
"edit": "编辑",
- "siteConfirmDelete": "确认删除站点",
- "siteDelete": "删除站点",
- "siteMessageRemove": "一旦移除,站点将无法访问。与站点相关的所有目标也将被移除。",
- "siteQuestionRemove": "您确定要从组织中删除该站点吗?",
+ "siteConfirmDelete": "确认删除节点",
+ "siteConfirmDeleteAndResources": "确认删除站点及资源",
+ "siteDelete": "删除节点",
+ "siteDeleteAndResources": "删除站点及资源",
+ "siteMessageRemove": "一旦移除,节点将无法访问。与节点相关的所有目标也将被移除。",
+ "siteMessageRemoveAndResources": "这将永久删除与该站点关联的所有公共和私人资源,即使资源也与其他站点相关联。",
+ "siteQuestionRemove": "您确定要从组织中删除该节点吗?",
+ "siteQuestionRemoveAndResources": "您确定要删除此站点及所有关联资源吗?",
+ "sitesTableDeleteSite": "删除站点",
+ "sitesTableDeleteSiteAndResources": "删除站点及资源",
"siteManageSites": "管理站点",
"siteDescription": "创建和管理站点,启用与私人网络的连接",
"sitesBannerTitle": "连接任何网络",
- "sitesBannerDescription": "站点是连接到远程网络的链接,允许Pangolin为用户提供资源访问,无论是公共还是私人。可以在任何可以运行二进制文件或容器的地方安装站点网络连接器(Newt)以建立连接。",
+ "sitesBannerDescription": "站点是到远程网络的连接,使 Pangolin 能够向任何位置的用户提提供公共或私有的资源访问。你可以在任何能够运行二进制文件或容器的地方安装站点网络连接器(Newt),以建立连接。",
"sitesBannerButtonText": "安装站点",
"approvalsBannerTitle": "批准或拒绝设备访问",
"approvalsBannerDescription": "审核、批准或拒绝用户的设备访问请求。 当需要设备批准时,用户必须先获得管理员批准,然后他们的设备才能连接到您的组织资源。",
@@ -101,6 +107,8 @@
"sitesTableViewPrivateResources": "查看私有资源",
"siteInstallNewt": "安装 Newt",
"siteInstallNewtDescription": "在您的系统中运行 Newt",
+ "siteInstallKubernetesDocsDescription": "有关最新的 Kubernetes 安装信息,请参阅docs.pangolin.net/manage/sites/install-kubernetes。",
+ "siteInstallAdvantechDocsDescription": "有关 Advantech 调制解调器安装说明,请参阅docs.pangolin.net/manage/sites/install-advantech。",
"WgConfiguration": "WireGuard 配置",
"WgConfigurationDescription": "使用以下配置连接到网络",
"operatingSystem": "操作系统",
@@ -115,6 +123,16 @@
"siteUpdated": "站点已更新",
"siteUpdatedDescription": "网站已更新。",
"siteGeneralDescription": "配置此站点的常规设置",
+ "siteRestartTitle": "重启站点",
+ "siteRestartDescription": "重启此站点的WireGuard隧道。此操作将暂时中断连接。",
+ "siteRestartBody": "如果站点隧道无法正常工作,并且您希望在不重启主机的情况下强制重新连接,请使用此选项。",
+ "siteRestartButton": "重启站点",
+ "siteRestartDialogMessage": "确定要重启{name}的WireGuard隧道吗?站点将暂时断开连接。",
+ "siteRestartWarning": "隧道重启时,站点将暂时断开连接。",
+ "siteRestarted": "站点已重启",
+ "siteRestartedDescription": "WireGuard隧道已重启。",
+ "siteErrorRestart": "重启站点失败",
+ "siteErrorRestartDescription": "重启站点时发生错误。",
"siteSettingDescription": "配置站点设置",
"siteResourcesTab": "资源",
"siteResourcesNoneOnSite": "此站点尚无公开或私人资源。",
@@ -132,7 +150,7 @@
"siteResourcesHowToAccess": "如何访问",
"siteResourcesTargetsOnSite": "此站点上的目标",
"siteSetting": "{siteName} 设置",
- "siteNewtTunnel": "新站点 (推荐)",
+ "siteNewtTunnel": "新节点 (推荐)",
"siteNewtTunnelDescription": "最简单的方式来创建任何网络的入口。没有额外的设置。",
"siteWg": "基本 WireGuard",
"siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。",
@@ -141,8 +159,8 @@
"siteLocalDescriptionSaas": "仅本地资源。没有隧道。仅在远程节点上可用。",
"siteSeeAll": "查看所有站点",
"siteTunnelDescription": "确定如何连接到站点",
- "siteNewtCredentials": "全权证书",
- "siteNewtCredentialsDescription": "站点如何通过服务器进行身份验证",
+ "siteNewtCredentials": "凭证",
+ "siteNewtCredentialsDescription": "节点如何与服务器进行身份验证",
"remoteNodeCredentialsDescription": "这是远程节点如何与服务器进行身份验证",
"siteCredentialsSave": "保存证书",
"siteCredentialsSaveDescription": "您只能看到一次。请确保将其复制并保存到一个安全的地方。",
@@ -150,7 +168,7 @@
"status": "状态",
"shareTitle": "管理共享链接",
"shareDescription": "创建可共享的链接,允许临时或永久访问代理资源",
- "shareSearch": "搜索共享链接...",
+ "shareSearch": "搜索共享链接……",
"shareCreate": "创建共享链接",
"shareErrorDelete": "删除链接失败",
"shareErrorDeleteMessage": "删除链接时出错",
@@ -176,6 +194,8 @@
"shareErrorCreateDescription": "创建共享链接时出错",
"shareCreateDescription": "任何具有此链接的人都可以访问资源",
"shareTitleOptional": "标题 (可选)",
+ "sharePathOptional": "路径(可选)",
+ "sharePathDescription": "认证后,链接将把用户重定向到此路径。",
"expireIn": "过期时间",
"neverExpire": "永不过期",
"shareExpireDescription": "过期时间是链接可以使用并提供对资源的访问时间。 此时间后,链接将不再工作,使用此链接的用户将失去对资源的访问。",
@@ -199,20 +219,46 @@
"shareErrorSelectResource": "请选择一个资源",
"proxyResourceTitle": "管理公共资源",
"proxyResourceDescription": "创建和管理可通过 Web 浏览器公开访问的资源",
- "proxyResourcesBannerTitle": "基于Web的公共访问",
- "proxyResourcesBannerDescription": "公共资源是可以通过网络浏览器在互联网上任何人访问的HTTPS或TCP/UDP代理。与私人资源不同,它们不需要客户端软件,并且可以包含身份和上下文感知访问策略。",
+ "publicResourcesBannerTitle": "基于 Web 的公共访问",
+ "publicResourcesBannerDescription": "公共资源是 HTTPS 代理,可供互联网上的任何人通过 Web 浏览器访问。与私人资源不同,它们不需要客户端软件,并且可以包含身份和上下文感知的访问策略。",
"clientResourceTitle": "管理私有资源",
"clientResourceDescription": "创建和管理只能通过连接客户端访问的资源",
- "privateResourcesBannerTitle": "零信任的私人访问",
- "privateResourcesBannerDescription": "私人资源使用零信任安全性,确保只允许明确授予的用户和机器访问资源。可以连接用户设备或机器客户端,通过安全的虚拟专用网络访问这些资源。",
+ "privateResourcesBannerTitle": "零信任私有访问",
+ "privateResourcesBannerDescription": "私有资源采用零信任安全机制,确保只有获得明确授权的用户和机器才能访问。用户设备或机器客户端连接后,即可通过安全的虚拟专用网络访问这些资源。",
"resourcesSearch": "搜索资源...",
"resourceAdd": "添加资源",
"resourceErrorDelte": "删除资源时出错",
+ "resourcePoliciesBannerTitle": "重用身份验证和访问规则",
+ "resourcePoliciesBannerDescription": "共享资源策略可让您定义身份验证方法和访问规则,然后将其应用到多个公共资源。当您更新策略时,每个链接的资源都会自动继承更改。",
+ "resourcePoliciesBannerButtonText": "了解更多",
+ "resourcePoliciesTitle": "管理公共资源策略",
+ "resourcePoliciesAttachedResourcesColumnTitle": "资源",
+ "resourcePoliciesAttachedResources": "{count} 个资源",
+ "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 个资源}}",
+ "resourcePoliciesAttachedResourcesEmpty": "没有资源",
+ "resourcePoliciesDescription": "创建和管理身份验证策略以控制对公共资源的访问",
+ "resourcePoliciesSearch": "搜索策略……",
+ "resourcePoliciesAdd": "添加策略",
+ "resourcePoliciesDefaultBadgeText": "默认策略",
+ "resourcePoliciesCreate": "创建公共资源策略",
+ "resourcePoliciesCreateDescription": "按照以下步骤创建新策略",
+ "resourcePolicyName": "策略名称",
+ "resourcePolicyNameDescription": "给此策略命名,以便在您的资源中识别它",
+ "resourcePolicyNamePlaceholder": "例如:内部访问策略",
+ "resourcePoliciesSeeAll": "查看所有策略",
+ "resourcePolicyAuthMethodAdd": "添加身份验证方法",
+ "resourcePolicyOtpEmailAdd": "添加 OTP 电子邮件",
+ "resourcePolicyRulesAdd": "添加规则",
+ "resourcePolicyAuthMethodsDescription": "通过额外的认证方法允许访问资源",
+ "resourcePolicyUsersRolesDescription": "配置哪些用户和角色可以访问关联的资源",
+ "rulesResourcePolicyDescription": "配置规则以控制与此策略关联的访问资源",
"authentication": "认证",
"protected": "受到保护",
"notProtected": "未受到保护",
"resourceMessageRemove": "一旦删除,资源将不再可访问。与该资源相关的所有目标也将被删除。",
"resourceQuestionRemove": "您确定要从组织中删除资源吗?",
+ "resourcePolicyMessageRemove": "一旦删除,资源策略将不再可访问。所有与资源关联的资源将取消关联,并且没有身份验证。",
+ "resourcePolicyQuestionRemove": "您确定要从组织中删除资源策略吗?",
"resourceHTTP": "HTTPS 资源",
"resourceHTTPDescription": "通过使用完全限定的域名的HTTPS代理请求。",
"resourceRaw": "TCP/UDP 资源",
@@ -220,8 +266,9 @@
"resourceRawDescriptionCloud": "正在使用端口号使用 TCP/UDP 代理请求。需要站点连接到远程节点。",
"resourceCreate": "创建资源",
"resourceCreateDescription": "按照下面的步骤创建新资源",
+ "resourceCreateGeneralDescription": "配置基本资源设置,包括名称和类型",
"resourceSeeAll": "查看所有资源",
- "resourceInfo": "资源信息",
+ "resourceCreateGeneral": "概览",
"resourceNameDescription": "这是资源的显示名称。",
"siteSelect": "选择站点",
"siteSearch": "搜索站点",
@@ -231,12 +278,15 @@
"noCountryFound": "找不到国家。",
"siteSelectionDescription": "此站点将为目标提供连接。",
"resourceType": "资源类型",
- "resourceTypeDescription": "确定如何访问资源",
+ "resourceTypeDescription": "这会控制资源协议及其在浏览器中的渲染方式。之后不能更改。",
+ "resourceDomainDescription": "资源将在此完全限定的域名上提供。",
"resourceHTTPSSettings": "HTTPS 设置",
"resourceHTTPSSettingsDescription": "配置如何通过 HTTPS 访问资源",
+ "resourcePortDescription": "在 Pangolin 实例或节点上资源可访问的外部端口。",
"domainType": "域类型",
"subdomain": "子域名",
"baseDomain": "根域名",
+ "configure": "配置",
"subdomnainDescription": "可访问资源的子域。",
"resourceRawSettings": "TCP/UDP 设置",
"resourceRawSettingsDescription": "配置如何通过 TCP/UDP 访问资源",
@@ -247,14 +297,35 @@
"back": "后退",
"cancel": "取消",
"resourceConfig": "配置片段",
- "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源",
+ "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源。",
"resourceAddEntrypoints": "Traefik: 添加入口点",
"resourceExposePorts": "Gerbil:在 Docker Compose 中显示端口",
"resourceLearnRaw": "学习如何配置 TCP/UDP 资源",
"resourceBack": "返回资源",
"resourceGoTo": "转到资源",
+ "resourcePolicyDelete": "删除资源策略",
+ "resourcePolicyDeleteConfirm": "确认删除资源策略",
"resourceDelete": "删除资源",
"resourceDeleteConfirm": "确认删除资源",
+ "labelDelete": "删除标签",
+ "labelAdd": "添加标签",
+ "labelCreateSuccessMessage": "标签创建成功",
+ "labelDuplicateError": "标签重复",
+ "labelDuplicateErrorDescription": "已存在具有该名称的标签。",
+ "labelEditSuccessMessage": "标签修改成功",
+ "labelNameField": "标签名称",
+ "labelColorField": "标签颜色",
+ "labelPlaceholder": "例:homelab",
+ "labelCreate": "创建标签",
+ "createLabelDialogTitle": "创建标签",
+ "createLabelDialogDescription": "创建一个可以附加到此组织的新标签",
+ "labelEdit": "编辑标签",
+ "editLabelDialogTitle": "更新标签",
+ "editLabelDialogDescription": "编辑一个可以附加到此组织的标签",
+ "labelDeleteConfirm": "确认删除标签",
+ "labelErrorDelete": "删除标签失败",
+ "labelMessageRemove": "此操作是永久性的。所有用此标签标记的网站、资源和客户端将取消标记。",
+ "labelQuestionRemove": "您确定要将标签从组织中移除吗?",
"visibility": "可见性",
"enabled": "已启用",
"disabled": "已禁用",
@@ -265,12 +336,14 @@
"rules": "规则",
"resourceSettingDescription": "配置资源上的设置",
"resourceSetting": "{resourceName} 设置",
+ "resourcePolicySettingDescription": "配置此公共资源策略上的设置",
+ "resourcePolicySetting": "{policyName} 设置",
"alwaysAllow": "旁路认证",
"alwaysDeny": "屏蔽访问",
"passToAuth": "传递至认证",
"orgSettingsDescription": "配置组织设置",
"orgGeneralSettings": "组织设置",
- "orgGeneralSettingsDescription": "管理机构的详细信息和配置",
+ "orgGeneralSettingsDescription": "管理组织的详细信息和配置",
"saveGeneralSettings": "保存常规设置",
"saveSettings": "保存设置",
"orgDangerZone": "危险区域",
@@ -324,7 +397,7 @@
"accessApprovalsDescription": "查看和管理待审批的组织访问权限",
"description": "描述",
"inviteTitle": "打开邀请",
- "inviteDescription": "管理其他用户加入机构的邀请",
+ "inviteDescription": "管理其他用户加入组织的邀请",
"inviteSearch": "搜索邀请...",
"minutes": "分钟",
"hours": "小时",
@@ -368,24 +441,24 @@
"apiKeysDelete": "删除 API 密钥",
"apiKeysManage": "管理 API 密钥",
"apiKeysDescription": "API 密钥用于认证集成 API",
- "provisioningKeysTitle": "置备密钥",
- "provisioningKeysManage": "管理置备键",
+ "provisioningKeysTitle": "预配密钥",
+ "provisioningKeysManage": "管理预配密钥",
"provisioningKeysDescription": "置备密钥用于验证您组织的自动站点配置。",
- "provisioningManage": "置备中",
- "provisioningDescription": "管理预配键和审查等待批准的站点。",
- "pendingSites": "待定站点",
+ "provisioningManage": "预配",
+ "provisioningDescription": "管理预配密钥,并审核待批准的站点。",
+ "pendingSites": "待审批站点",
"siteApproveSuccess": "站点批准成功",
"siteApproveError": "批准站点出错",
"provisioningKeys": "置备键",
"searchProvisioningKeys": "搜索配备密钥...",
- "provisioningKeysAdd": "生成置备键",
+ "provisioningKeysAdd": "生成预配密钥",
"provisioningKeysErrorDelete": "删除预配键时出错",
"provisioningKeysErrorDeleteMessage": "删除预配键时出错",
"provisioningKeysQuestionRemove": "您确定要从组织中删除此预配键吗?",
"provisioningKeysMessageRemove": "一旦移除,密钥不能再用于站点预配。",
"provisioningKeysDeleteConfirm": "确认删除置备键",
"provisioningKeysDelete": "删除置备键",
- "provisioningKeysCreate": "生成置备键",
+ "provisioningKeysCreate": "生成预配密钥",
"provisioningKeysCreateDescription": "为组织生成一个新的预置密钥",
"provisioningKeysSeeAll": "查看所有预配键",
"provisioningKeysSave": "保存预配键",
@@ -405,16 +478,16 @@
"provisioningKeysNeverUsed": "永不过期",
"provisioningKeysEdit": "编辑置备键",
"provisioningKeysEditDescription": "更新此密钥的最大批量大小和过期时间。",
- "provisioningKeysApproveNewSites": "批准新站点",
- "provisioningKeysApproveNewSitesDescription": "自动批准使用此密钥注册的站点。",
+ "provisioningKeysApproveNewSites": "批准新节点",
+ "provisioningKeysApproveNewSitesDescription": "自动批准使用此密钥注册的节点。",
"provisioningKeysUpdateError": "更新预配键时出错",
"provisioningKeysUpdated": "置备密钥已更新",
"provisioningKeysUpdatedDescription": "您的更改已保存。",
- "provisioningKeysBannerTitle": "站点置备密钥",
- "provisioningKeysBannerDescription": "生成一个供应密钥,并将其与 Newt 连接器一起使用,以在首次启动时自动创建站点 - 无需为每个站点设置单独的凭据。",
+ "provisioningKeysBannerTitle": "站点预配密钥",
+ "provisioningKeysBannerDescription": "生成预配密钥,并将其与 Newt 连接器配合使用,即可在首次启动时自动创建站点,无需为每个站点单独配置凭据。",
"provisioningKeysBannerButtonText": "了解更多",
- "pendingSitesBannerTitle": "待定站点",
- "pendingSitesBannerDescription": "使用供应密钥连接的站点将在此显示以供审核。",
+ "pendingSitesBannerTitle": "待审批站点",
+ "pendingSitesBannerDescription": "使用预配密钥连接的网站会在这里以供审核。",
"pendingSitesBannerButtonText": "了解更多",
"apiKeysSettings": "{apiKeyName} 设置",
"userTitle": "管理所有用户",
@@ -671,7 +744,7 @@
"targetSubmit": "添加目标",
"targetNoOne": "此资源没有任何目标。添加目标来配置向后端发送请求的位置。",
"targetNoOneDescription": "在上面添加多个目标将启用负载平衡。",
- "targetsSubmit": "保存目标",
+ "targetsSubmit": "保存设置",
"addTarget": "添加目标",
"proxyMultiSiteRoundRobinNodeHelp": "轮询路由在未连接到相同节点的站点之间将不起作用,但故障转移会生效。",
"targetErrorInvalidIp": "无效的 IP 地址",
@@ -705,11 +778,11 @@
"rulesErrorDuplicate": "复制规则",
"rulesErrorDuplicateDescription": "带有这些设置的规则已存在",
"rulesErrorInvalidIpAddressRange": "无效的 CIDR",
- "rulesErrorInvalidIpAddressRangeDescription": "请输入一个有效的 CIDR 值",
- "rulesErrorInvalidUrl": "无效的 URL 路径",
- "rulesErrorInvalidUrlDescription": "请输入一个有效的 URL 路径值",
- "rulesErrorInvalidIpAddress": "无效的 IP",
- "rulesErrorInvalidIpAddressDescription": "请输入一个有效的IP地址",
+ "rulesErrorInvalidIpAddressRangeDescription": "输入有效的 CIDR 范围(例如,10.0.0.0/8)。",
+ "rulesErrorInvalidUrl": "无效路径",
+ "rulesErrorInvalidUrlDescription": "输入有效的 URL 路径或模式(例如,/api/*)。",
+ "rulesErrorInvalidIpAddress": "无效 IP 地址",
+ "rulesErrorInvalidIpAddressDescription": "输入有效的 IPv4 或 IPv6 地址。",
"rulesErrorUpdate": "更新规则失败",
"rulesErrorUpdateDescription": "更新规则时出错",
"rulesUpdated": "启用规则",
@@ -717,15 +790,24 @@
"rulesMatchIpAddressRangeDescription": "以 CIDR 格式输入地址(如:103.21.244.0/22)",
"rulesMatchIpAddress": "输入IP地址(例如,103.21.244.12)",
"rulesMatchUrl": "输入一个 URL 路径或模式(例如/api/v1/todos 或 /api/v1/*)",
- "rulesErrorInvalidPriority": "无效的优先级",
- "rulesErrorInvalidPriorityDescription": "请输入一个有效的优先级",
- "rulesErrorDuplicatePriority": "重复的优先级",
- "rulesErrorDuplicatePriorityDescription": "请输入唯一的优先级",
+ "rulesErrorInvalidPriority": "优先级无效",
+ "rulesErrorInvalidPriorityDescription": "输入一个大于或等于 1 的整数。",
+ "rulesErrorDuplicatePriority": "优先级重复",
+ "rulesErrorDuplicatePriorityDescription": "每条规则必须拥有唯一的优先级号。",
+ "rulesErrorValidation": "规则无效",
+ "rulesErrorValidationRuleDescription": "规则 {ruleNumber}: {message}",
+ "rulesErrorInvalidMatchTypeDescription": "选择有效的匹配类型(路径、IP、CIDR、国家、地区或 ASN)。",
+ "rulesErrorValueRequired": "为此规则输入一个值。",
+ "rulesErrorInvalidCountry": "国家无效",
+ "rulesErrorInvalidCountryDescription": "选择一个有效的国家。",
+ "rulesErrorInvalidAsn": "ASN 无效",
+ "rulesErrorInvalidAsnDescription": "输入有效的 ASN(例如,AS15169)。",
"ruleUpdated": "规则已更新",
"ruleUpdatedDescription": "规则更新成功",
"ruleErrorUpdate": "操作失败",
"ruleErrorUpdateDescription": "保存过程中发生错误",
"rulesPriority": "优先权",
+ "rulesReorderDragHandle": "拖动以重新排序规则优先级",
"rulesAction": "行为",
"rulesMatchType": "匹配类型",
"value": "值",
@@ -744,9 +826,60 @@
"rulesResource": "资源规则配置",
"rulesResourceDescription": "配置规则来控制对资源的访问",
"ruleSubmit": "添加规则",
- "rulesNoOne": "没有规则。使用表单添加规则。",
+ "rulesNoOne": "尚无规则。",
"rulesOrder": "规则按优先顺序评定。",
"rulesSubmit": "保存规则",
+ "policyErrorCreate": "创建策略时出错",
+ "policyErrorCreateDescription": "创建策略时发生错误",
+ "policyErrorCreateMessageDescription": "发生意外错误",
+ "policyErrorUpdate": "更新策略时出错",
+ "policyErrorUpdateDescription": "更新策略时发生错误",
+ "policyErrorUpdateMessageDescription": "发生意外错误",
+ "policyCreatedSuccess": "资源策略创建成功",
+ "policyUpdatedSuccess": "资源策略更新成功",
+ "authMethodsSave": "保存设置",
+ "policyAuthStackTitle": "身份验证",
+ "policyAuthStackDescription": "控制哪些身份验证方法需由用户执行才能访问资源",
+ "policyAuthOrLogicTitle": "多种身份验证方法处于激活状态",
+ "policyAuthOrLogicBanner": "访问者可以使用下列任意激活的方法进行身份验证。无需完成全部过程。",
+ "policyAuthMethodActive": "激活",
+ "policyAuthMethodOff": "关闭",
+ "policyAuthSsoTitle": "平台单点登录 SSO",
+ "policyAuthSsoDescription": "要求通过您组织的身份提供商登录",
+ "policyAuthSsoSummary": "{idp} · {users} 个用户, {roles} 个角色",
+ "policyAuthSsoDefaultIdp": "默认提供商",
+ "policyAuthAddDefaultIdentityProvider": "添加默认身份提供商",
+ "policyAuthOtherMethodsTitle": "其他方法",
+ "policyAuthOtherMethodsDescription": "访问者可以使用以下备用或联合平台 SSO 的方法",
+ "policyAuthPasscodeTitle": "密码",
+ "policyAuthPasscodeDescription": "要求使用共享字母数字密码以访资源问",
+ "policyAuthPasscodeSummary": "密码已设定",
+ "policyAuthPincodeTitle": "PIN 码",
+ "policyAuthPincodeDescription": "要求使用短数字代码以访问资源",
+ "policyAuthPincodeSummary": "6 位数字 PIN 码已设定",
+ "policyAuthEmailTitle": "电子邮件白名单",
+ "policyAuthEmailDescription": "允许列出的电子邮件地址使用一次性密码",
+ "policyAuthEmailSummary": "允许 {count} 个地址",
+ "policyAuthEmailOtpCallout": "启用电子邮件白名单将在登录时向访问者的电子邮件发送一次性密码。",
+ "policyAuthHeaderAuthTitle": "基础标题认证",
+ "policyAuthHeaderAuthDescription": "在每次请求上验证自定义 HTTP 标头名称和值",
+ "policyAuthHeaderAuthSummary": "标头已配置",
+ "policyAuthHeaderName": "标头名称",
+ "policyAuthHeaderValue": "预期值",
+ "policyAuthSetPasscode": "设定密码",
+ "policyAuthSetPincode": "设置 PIN 码",
+ "policyAuthSetEmailWhitelist": "设置电子邮件白名单",
+ "policyAuthSetHeaderAuth": "设置基础标题认证",
+ "policyAccessRulesTitle": "访问规则",
+ "policyAccessRulesEnableDescription": "启用后,规则将按下降顺序进行评估,直到某条规则评估结果为真。",
+ "policyAccessRulesFirstMatch": "规则将自上而下进行评估。首次匹配的规则决定结果。",
+ "policyAccessRulesHowItWorks": "规则通过路径、IP 地址、位置或其他标准匹配请求。每个规则都会应用操作:绕过身份验证、阻止访问或通过身份验证。如果没有规则匹配,流量将继续通过身份验证。",
+ "policyAccessRulesFallthroughOff": "禁用规则后,所有流量将通过身份验证。",
+ "policyAccessRulesFallthroughOn": "没有规则匹配时,流量将通过身份验证。",
+ "rulesPlaceholderCidr": "10.0.0.0/8",
+ "rulesPlaceholderPath": "/admin/*",
+ "rulesPlaceholderGeo": "RU, KP",
+ "rulesSave": "保存规则",
"resourceErrorCreate": "创建资源时出错",
"resourceErrorCreateDescription": "创建资源时出错",
"resourceErrorCreateMessage": "创建资源时发生错误:",
@@ -766,11 +899,11 @@
"resourcesErrorUpdateDescription": "更新资源时出错",
"access": "访问权限",
"accessControl": "访问控制",
- "shareLink": "{resource} 的分享链接",
+ "shareLink": "{resource} 的共享链接",
"resourceSelect": "选择资源",
- "shareLinks": "分享链接",
+ "shareLinks": "共享链接",
"share": "分享链接",
- "shareDescription2": "创建资源的可共享链接。链接提供了对您资源的临时或无限制访问。 当您创建链接时,您可以配置链接的到期时间。",
+ "shareDescription2": "创建资源的共享链接。链接提供了对您资源的临时或无限制访问。 当您创建链接时,您可以配置链接的到期时间。",
"shareEasyCreate": "轻松创建和分享",
"shareConfigurableExpirationDuration": "可配置的过期时间",
"shareSecureAndRevocable": "安全和可撤销的",
@@ -810,6 +943,17 @@
"pincodeAdd": "添加 PIN 码",
"pincodeRemove": "移除 PIN 码",
"resourceAuthMethods": "身份验证方法",
+ "resourcePolicyAuthMethodsEmpty": "无身份验证方法",
+ "resourcePolicyOtpEmpty": "没有一次性密码",
+ "resourcePolicyReadOnly": "此策略是只读的",
+ "resourcePolicyReadOnlyDescription": "此资源策略跨多个资源共享,您无法在此页面上编辑。",
+ "editSharedPolicy": "编辑共享策略",
+ "resourcePolicyTypeSave": "保存资源类型",
+ "resourcePolicySelect": "选择资源策略",
+ "resourcePolicySelectError": "选择资源策略",
+ "resourcePolicyNotFound": "找不到策略",
+ "resourcePolicySearch": "搜索策略",
+ "resourcePolicyRulesEmpty": "无身份验证规则",
"resourceAuthMethodsDescriptions": "允许通过额外的认证方法访问资源",
"resourceAuthSettingsSave": "保存成功",
"resourceAuthSettingsSaveDescription": "已保存身份验证设置",
@@ -845,6 +989,20 @@
"resourcePincodeSetupTitle": "设置 PIN 码",
"resourcePincodeSetupTitleDescription": "设置 PIN 码来保护此资源",
"resourceRoleDescription": "管理员总是可以访问此资源。",
+ "resourcePolicySelectTitle": "资源访问策略",
+ "resourcePolicySelectDescription": "选择用于认证的资源策略类型",
+ "resourcePolicyTypeLabel": "策略类型",
+ "resourcePolicyLabel": "资源策略",
+ "resourcePolicyInline": "内联资源策略",
+ "resourcePolicyInlineDescription": "仅限于此资源的访问策略",
+ "resourcePolicyShared": "共享资源策略",
+ "resourcePolicySharedDescription": "此资源使用共享策略。",
+ "sharedPolicy": "共享策略",
+ "sharedPolicyNoneDescription": "此资源有自己的策略。",
+ "resourceSharedPolicyOwnDescription": "此资源具有自己的身份验证和访问规则控制。",
+ "resourceSharedPolicyInheritedDescription": "此资源继承自{policyName}。",
+ "resourceSharedPolicyAuthenticationNotice": "此资源使用共享策略。一些身份验证设置可以在此资源上编辑以添加到策略。要更改基础策略,您必须编辑{policyName}。",
+ "resourceSharedPolicyRulesNotice": "此资源正在使用一个共享策略。某些访问规则可以在此资源上编辑。要更改基础策略,您必须编辑{policyName}。",
"resourceUsersRoles": "访问控制",
"resourceUsersRolesDescription": "配置用户和角色可以访问此资源",
"resourceUsersRolesSubmit": "保存访问控制",
@@ -869,7 +1027,14 @@
"resourceVisibilityTitle": "可见性",
"resourceVisibilityTitleDescription": "完全启用或禁用资源可见性",
"resourceGeneral": "常规设置",
- "resourceGeneralDescription": "配置此资源的常规设置",
+ "resourceGeneralDescription": "配置资源的名称、地址和访问策略。",
+ "resourceGeneralDetailsSubsection": "资源详情",
+ "resourceGeneralDetailsSubsectionDescription": "设置资源的显示名称、标识符和公共访问域名。",
+ "resourceGeneralDetailsSubsectionPortDescription": "设置资源的显示名称、标识符和公共端口。",
+ "resourceGeneralPublicAddressSubsection": "公共地址",
+ "resourceGeneralPublicAddressSubsectionDescription": "配置用户如何访问该资源。",
+ "resourceGeneralAuthenticationAccessSubsection": "身份验证与访问",
+ "resourceGeneralAuthenticationAccessSubsectionDescription": "选择该资源是使用其自己的策略还是从共享策略继承。",
"resourceEnable": "启用资源",
"resourceTransfer": "转移资源",
"resourceTransferDescription": "将此资源转移到另一个站点",
@@ -910,7 +1075,7 @@
"network": "网络",
"manage": "管理",
"sitesNotFound": "未找到站点。",
- "pangolinServerAdmin": "服务器管理员 - Pangolin",
+ "pangolinServerAdmin": "服务器管理 - Pangolin",
"licenseTierProfessional": "专业许可证",
"licenseTierEnterprise": "企业许可证",
"licenseTierPersonal": "个人许可证",
@@ -1140,6 +1305,21 @@
"idpErrorConnectingTo": "无法连接到 {name},请联系管理员协助处理。",
"idpErrorNotFound": "找不到 IdP",
"inviteInvalid": "无效邀请",
+ "labels": "标签",
+ "orgLabelsDescription": "管理此组织的标签。",
+ "addLabels": "添加标签",
+ "siteLabelsTab": "标签",
+ "siteLabelsDescription": "管理与此网站相关的标签。",
+ "labelsNotFound": "未找到标签。",
+ "labelsEmptyCreateHint": "在上方输入以创建标签。",
+ "labelSearch": "搜索标签",
+ "labelSearchOrCreate": "搜索或创建标签",
+ "accessLabelFilterCount": "{count, plural, other {# 标签}}",
+ "labelOverflowCount": "+{count, plural, other {# 标签}}",
+ "accessLabelFilterClear": "清除标签过滤器",
+ "accessFilterClear": "清除筛选器",
+ "selectColor": "选择颜色",
+ "createNewLabel": "创建新的组织标签 \"{label}\"",
"inviteInvalidDescription": "邀请链接无效。",
"inviteErrorWrongUser": "邀请不是该用户的",
"inviteErrorUserNotExists": "用户不存在。请先创建帐户。",
@@ -1202,7 +1382,7 @@
"supportKeyBuy": "购买支持者密钥",
"logoutError": "注销错误",
"signingAs": "登录为",
- "serverAdmin": "服务器管理员",
+ "serverAdmin": "服务器管理",
"managedSelfhosted": "托管自托管",
"otpEnable": "启用双因子认证",
"otpDisable": "禁用双因子认证",
@@ -1231,6 +1411,7 @@
"actionApplyBlueprint": "应用蓝图",
"actionListBlueprints": "列表蓝图",
"actionGetBlueprint": "获取蓝图",
+ "actionCreateOrgWideLauncherView": "创建组织范围的启动器视图",
"setupToken": "设置令牌",
"setupTokenDescription": "从服务器控制台输入设置令牌。",
"setupTokenRequired": "需要设置令牌",
@@ -1372,8 +1553,10 @@
"sidebarSites": "站点",
"sidebarApprovals": "审批请求",
"sidebarResources": "资源",
- "sidebarProxyResources": "公开的",
- "sidebarClientResources": "非公开的",
+ "sidebarProxyResources": "公开资源",
+ "sidebarClientResources": "私有资源",
+ "sidebarPolicies": "共享策略",
+ "sidebarResourcePolicies": "公共资源",
"sidebarAccessControl": "访问控制",
"sidebarLogsAndAnalytics": "日志与分析",
"sidebarTeam": "团队",
@@ -1381,17 +1564,17 @@
"sidebarAdmin": "管理员",
"sidebarInvitations": "邀请",
"sidebarRoles": "角色",
- "sidebarShareableLinks": "链接",
+ "sidebarShareableLinks": "共享链接",
"sidebarApiKeys": "API密钥",
- "sidebarProvisioning": "置备中",
+ "sidebarProvisioning": "预配",
"sidebarSettings": "设置",
"sidebarAllUsers": "所有用户",
"sidebarIdentityProviders": "身份提供商",
"sidebarLicense": "证书",
"sidebarClients": "客户端",
"sidebarUserDevices": "用户设备",
- "sidebarMachineClients": "机",
- "sidebarDomains": "域",
+ "sidebarMachineClients": "机器身份",
+ "sidebarDomains": "域名",
"sidebarGeneral": "管理",
"sidebarLogAndAnalytics": "日志与分析",
"sidebarBluePrints": "蓝图",
@@ -1523,8 +1706,8 @@
"alertingTabHealthChecks": "健康检查",
"alertingRulesBannerTitle": "获取通知",
"alertingRulesBannerDescription": "每条规则都连接要监视的对象(站点、健康检查或资源),触发时间(例如离线或不健康),以及如何通过电子邮件、Webhooks 或集成将通知发送给团队。使用此列表创建、启用和管理这些规则。",
- "alertingHealthChecksBannerTitle": "监视健康和资源",
- "alertingHealthChecksBannerDescription": "健康检查是您一次定义的 HTTP 或 TCP 监控。然后可以将它们用作告警规则中的来源,以便目标变得正常或不正常时得到通知。资源上的健康检查也会出现在此处。",
+ "alertingHealthChecksBannerTitle": "资源与健康监控",
+ "alertingHealthChecksBannerDescription": "通过 HTTP 或 TCP 检查目标状态,并在服务异常或恢复时发送通知。资源中配置的健康检查也会显示在这里。",
"standaloneHcTableTitle": "健康检查",
"standaloneHcSearchPlaceholder": "搜索健康检查…",
"standaloneHcAddButton": "创建健康检查",
@@ -1557,7 +1740,8 @@
"standaloneHcFilterSiteIdFallback": "站点 {id}",
"standaloneHcFilterResourceIdFallback": "资源 {id}",
"blueprints": "蓝图",
- "blueprintsDescription": "应用声明配置并查看先前运行的",
+ "blueprintsLog": "蓝图日志",
+ "blueprintsDescription": "查看过去的蓝图应用及其结果或应用一个新的蓝图",
"blueprintAdd": "添加蓝图",
"blueprintGoBack": "查看所有蓝图",
"blueprintCreate": "创建蓝图",
@@ -1575,7 +1759,17 @@
"contents": "目录",
"parsedContents": "解析内容 (只读)",
"enableDockerSocket": "启用 Docker 蓝图",
- "enableDockerSocketDescription": "启用 Docker Socket 标签擦除蓝图标签。套接字路径必须提供给新的。",
+ "enableDockerSocketDescription": "启用用于蓝图标签的 Docker 套接字标签擦除。必须为站点连接器提供套接字路径。阅读文档以了解相关工作原理。",
+ "newtAutoUpdate": "启用站点自动更新",
+ "newtAutoUpdateDescription": "启用后,站点连接器将自动下载最新版本并重新启动。可以针对每个站点进行覆盖。",
+ "siteAutoUpdate": "站点自动更新",
+ "siteAutoUpdateLabel": "启用自动更新",
+ "siteAutoUpdateDescription": "启用后,该站点的连接器将自动下载最新版本并重新启动。",
+ "siteAutoUpdateOrgDefault": "组织默认设置:{state}",
+ "siteAutoUpdateOverriding": "覆盖组织设置",
+ "siteAutoUpdateResetToOrg": "重置为组织默认设置",
+ "siteAutoUpdateEnabled": "已启用",
+ "siteAutoUpdateDisabled": "已禁用",
"viewDockerContainers": "查看停靠容器",
"containersIn": "{siteName} 中的容器",
"selectContainerDescription": "选择任何容器作为目标的主机名。点击端口使用端口。",
@@ -1614,16 +1808,17 @@
"theme": "主题",
"subnetRequired": "子网是必填项",
"initialSetupTitle": "初始服务器设置",
- "initialSetupDescription": "创建初始服务器管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
+ "initialSetupDescription": "创建初始的管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
"createAdminAccount": "创建管理员帐户",
- "setupErrorCreateAdmin": "创建服务器管理员账户时发生错误。",
+ "setupErrorCreateAdmin": "创建管理员账户时发生错误。",
"certificateStatus": "证书",
"certificateStatusAutoRefreshHint": "状态自动刷新。",
"loading": "加载中",
+ "loadingEllipsis": "加载中……",
"loadingAnalytics": "加载分析",
"restart": "重启",
- "domains": "域",
- "domainsDescription": "创建和管理组织中可用的域",
+ "domains": "域名",
+ "domainsDescription": "创建和管理组织中可用的域名",
"domainsSearch": "搜索域...",
"domainAdd": "添加域",
"domainAddDescription": "注册一个新域名到组织",
@@ -1667,9 +1862,9 @@
"accountSetupSuccess": "账号设置完成!欢迎来到 Pangolin!",
"documentation": "文档",
"saveAllSettings": "保存所有设置",
- "saveResourceTargets": "保存目标",
- "saveResourceHttp": "保存代理设置",
- "saveProxyProtocol": "保存代理协议设置",
+ "saveResourceTargets": "保存设置",
+ "saveResourceHttp": "保存设置",
+ "saveProxyProtocol": "保存设置",
"settingsUpdated": "设置已更新",
"settingsUpdatedDescription": "设置更新成功",
"settingsErrorUpdate": "设置更新失败",
@@ -1846,6 +2041,7 @@
"billingManageLicenseSubscription": "管理您对付费的自托管许可证密钥的订阅",
"billingCurrentKeys": "当前密钥",
"billingModifyCurrentPlan": "修改当前计划",
+ "billingManageLicenseSubscriptionDescription": "管理付费的自托管许可证密钥订阅并下载发票。",
"billingConfirmUpgrade": "确认升级",
"billingConfirmDowngrade": "确认降级",
"billingConfirmUpgradeDescription": "您即将升级您的计划。请检查下面的新限额和定价。",
@@ -1892,6 +2088,7 @@
"subnetPlaceholder": "子网",
"addressDescription": "客户的内部地址。必须属于组织的子网。",
"selectSites": "选择站点",
+ "selectLabels": "选择标签",
"sitesDescription": "客户端将与所选站点进行连接",
"clientInstallOlm": "安装 Olm",
"clientInstallOlmDescription": "在您的系统上运行 Olm",
@@ -1925,13 +2122,13 @@
"healthCheckUnknown": "未知",
"healthCheck": "健康检查",
"configureHealthCheck": "配置健康检查",
- "configureHealthCheckDescription": "为 {target} 设置健康监控",
+ "configureHealthCheckDescription": "为您的资源设置监控以确保其始终可用",
"enableHealthChecks": "启用健康检查",
"healthCheckDisabledStateDescription": "禁用后,站点不会进行健康检查,状态将被视为未知。",
"enableHealthChecksDescription": "监视此目标的健康状况。如果需要,您可以监视一个不同的终点。",
"healthScheme": "方法",
"healthSelectScheme": "选择方法",
- "healthCheckPortInvalid": "健康检查端口必须介于 1 到 65535 之间",
+ "healthCheckPortInvalid": "端口必须在 1 和 65535 之间",
"healthCheckPath": "路径",
"healthHostname": "IP / 主机",
"healthPort": "端口",
@@ -1943,7 +2140,42 @@
"timeIsInSeconds": "时间以秒为单位",
"requireDeviceApproval": "需要设备批准",
"requireDeviceApprovalDescription": "具有此角色的用户需要管理员批准的新设备才能连接和访问资源。",
+ "sshSettings": "SSH 设置",
"sshAccess": "SSH 访问",
+ "rdpSettings": "RDP 设置",
+ "vncSettings": "VNC 设置",
+ "sshServer": "SSH 服务器",
+ "rdpServer": "RDP 服务器",
+ "vncServer": "VNC 服务器",
+ "sshServerDescription": "设置身份验证方法、守护程序位置和服务器目标",
+ "rdpServerDescription": "配置 RDP 服务器的目标和端口",
+ "vncServerDescription": "配置 VNC 服务器的目标和端口",
+ "sshServerMode": "模式",
+ "sshServerModeStandard": "标准 SSH 服务器",
+ "sshServerModePangolin": "Pangolin SSH",
+ "sshServerModeStandardDescription": "将命令通过网络路由到 SSH 服务器,例如 OpenSSH。",
+ "sshServerModeNative": "本地 SSH 服务器",
+ "sshServerModeNativeDescription": "通过站点连接器直接在主机上执行命令。无需网络配置。",
+ "sshAuthenticationMethod": "身份验证方法",
+ "sshAuthMethodManual": "手动身份验证",
+ "sshAuthMethodManualDescription": "需要现有的主机凭据。绕过自动配置。",
+ "sshAuthMethodAutomated": "自动配置",
+ "sshAuthMethodAutomatedDescription": "在主机上自动创建用户、组和sudo权限。",
+ "sshAuthDaemonLocation": "认证守护程序位置",
+ "sshDaemonLocationSiteDescription": "在托管站点连接器的机器上本地执行。",
+ "sshDaemonLocationRemote": "在远程主机上",
+ "sshDaemonLocationRemoteDescription": "在同一网络的独立目标机器上执行。",
+ "sshDaemonDisclaimer": "在完成本设置之前,请确保您的目标主机已经正确配置以运行身份验证守护程序,否则配置将失败。",
+ "sshDaemonPort": "守护程序端口",
+ "sshServerDestination": "服务器目标",
+ "sshServerDestinationDescription": "配置 SSH 服务器的目的地",
+ "destination": "目标",
+ "destinationRequired": "需要目的地。",
+ "domainRequired": "需要域。",
+ "proxyPortRequired": "需要端口。",
+ "invalidPathConfiguration": "路径配置无效。",
+ "invalidRewritePathConfiguration": "重写路径配置无效。",
+ "bgTargetMultiSiteDisclaimer": "选择多个站点可实现高可用性的弹性路由和故障转移。",
"roleAllowSsh": "允许 SSH",
"roleAllowSshAllow": "允许",
"roleAllowSshDisallow": "不允许",
@@ -1951,16 +2183,31 @@
"sshSudoMode": "Sudo 访问",
"sshSudoModeNone": "无",
"sshSudoModeNoneDescription": "用户不能用sudo运行命令。",
- "sshSudoModeFull": "全苏多",
+ "sshSudoModeFull": "完整 Sudo 权限",
"sshSudoModeFullDescription": "用户可以用 sudo 运行任何命令。",
"sshSudoModeCommands": "命令",
"sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
"sshSudo": "允许Sudo",
- "sshSudoCommands": "Sudo 命令",
- "sshSudoCommandsDescription": "逗号分隔的用户允许使用 sudo 运行的命令列表。",
+ "sshSudoCommands": "可用 Sudo 命令",
+ "sshSudoCommandsDescription": "用户可以使用 sudo 运行的命令列表,以逗号、空格或新行分隔。必须使用绝对路径。",
"sshCreateHomeDir": "创建主目录",
"sshUnixGroups": "Unix 组",
- "sshUnixGroupsDescription": "用逗号分隔了Unix组,将用户添加到目标主机上。",
+ "sshUnixGroupsDescription": "在目标主机上将用户添加到的 Unix 组,以逗号、空格或新行分隔。",
+ "roleTextFieldPlaceholder": "输入值,或放入 .txt 或 .csv 文件",
+ "roleTextImportTitle": "从文件导入",
+ "roleTextImportDescription": "将 {fileName} 导入到 {fieldLabel}。",
+ "roleTextImportSkipHeader": "跳过第一行(标题)",
+ "roleTextImportOverride": "替换现有",
+ "roleTextImportAppend": "附加到现有",
+ "roleTextImportMode": "导入模式",
+ "roleTextImportPreview": "预览",
+ "roleTextImportItemCount": "{count, plural, =0 {没有可导入的项目} one {1 个可导入项目} other {# 个可导入项目}}",
+ "roleTextImportTotalCount": "{existing} 个现有 + {imported} 个导入 = {total} 个总计",
+ "roleTextImportConfirm": "导入",
+ "roleTextImportInvalidFile": "不支持的文件类型",
+ "roleTextImportInvalidFileDescription": "仅支持 .txt 和 .csv 文件。",
+ "roleTextImportEmpty": "文件中未找到项目",
+ "roleTextImportEmptyDescription": "文件不包含任何可导入的项目。",
"retryAttempts": "重试次数",
"expectedResponseCodes": "期望响应代码",
"expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空,200-300 被视为健康。",
@@ -2006,8 +2253,8 @@
"resourceEditDomain": "编辑域名",
"siteName": "站点名称",
"proxyPort": "端口",
- "resourcesTableProxyResources": "公开的",
- "resourcesTableClientResources": "非公开的",
+ "resourcesTableProxyResources": "",
+ "resourcesTableClientResources": "私有资源",
"resourcesTableNoProxyResourcesFound": "未找到代理资源。",
"resourcesTableNoInternalResourcesFound": "未找到内部资源。",
"resourcesTableDestination": "目标",
@@ -2049,6 +2296,7 @@
"editInternalResourceDialogModeCidr": "CIDR",
"editInternalResourceDialogModeHttp": "HTTP",
"editInternalResourceDialogModeHttps": "HTTPS",
+ "editInternalResourceDialogModeSsh": "SSH",
"editInternalResourceDialogScheme": "方案",
"editInternalResourceDialogEnableSsl": "启用 TLS",
"editInternalResourceDialogEnableSslDescription": "为目标的安全 HTTPS 连接启用 SSL/TLS 加密。",
@@ -2068,6 +2316,7 @@
"createInternalResourceDialogSite": "站点",
"selectSite": "选择站点...",
"multiSitesSelectorSitesCount": "{count, plural, other {# 个网站}}",
+ "labelsSelectorLabelsCount": "{count, plural, other {# 标签}}",
"noSitesFound": "未找到站点。",
"createInternalResourceDialogProtocol": "协议",
"createInternalResourceDialogTcp": "TCP",
@@ -2098,6 +2347,7 @@
"createInternalResourceDialogModeCidr": "CIDR",
"createInternalResourceDialogModeHttp": "HTTP",
"createInternalResourceDialogModeHttps": "HTTPS",
+ "createInternalResourceDialogModeSsh": "SSH",
"scheme": "方案",
"createInternalResourceDialogScheme": "方案",
"createInternalResourceDialogEnableSsl": "启用 TLS",
@@ -2107,6 +2357,7 @@
"createInternalResourceDialogDestinationCidrDescription": "站点网络上资源的 CIDR 范围。",
"createInternalResourceDialogAlias": "Alias",
"createInternalResourceDialogAliasDescription": "此资源可选的内部DNS别名。",
+ "internalResourceAliasLocalWarning": "以 .local 结尾的别名可能会因某些网络上的 mDNS 而导致解析问题。",
"internalResourceDownstreamSchemeRequired": "HTTP 资源需要方案",
"internalResourceHttpPortRequired": "HTTP 资源需要目的端口",
"siteConfiguration": "配置",
@@ -2140,6 +2391,21 @@
"sidebarRemoteExitNodes": "远程节点",
"remoteExitNodeId": "ID",
"remoteExitNodeSecretKey": "密钥",
+ "remoteExitNodeNetworkingTitle": "网络设置",
+ "remoteExitNodeNetworkingDescription": "配置此远程出口节点如何路由流量以及哪些站点优先通过其连接。高级功能可用于回程网络配置。",
+ "remoteExitNodeNetworkingSave": "保存设置",
+ "remoteExitNodeNetworkingSaveSuccessTitle": "网络设置已保存",
+ "remoteExitNodeNetworkingSaveSuccessDescription": "网络设置已成功更新。",
+ "remoteExitNodeNetworkingSaveError": "保存网络设置失败",
+ "remoteExitNodeNetworkingSubnetsTitle": "远程子网",
+ "remoteExitNodeNetworkingSubnetsDescription": "定义此远程出口节点将路由流量的CIDR范围。输入有效的CIDR(例如10.0.0.0/8)并按Enter键添加。",
+ "remoteExitNodeNetworkingSubnetsPlaceholder": "添加CIDR范围(例如10.0.0.0/8)",
+ "remoteExitNodeNetworkingSubnetsLoadError": "无法加载子网",
+ "remoteExitNodeNetworkingLabelsTitle": "首选标签",
+ "remoteExitNodeNetworkingLabelsDescription": "拥有这些标签的站点将强制通过此远程出口节点连接。",
+ "remoteExitNodeNetworkingLabelsButtonText": "选择标签……",
+ "remoteExitNodeNetworkingLabelsSearchPlaceholder": "搜索标签……",
+ "remoteExitNodeNetworkingLabelsLoadError": "无法加载标签",
"remoteExitNodeCreate": {
"title": "创建远程节点",
"description": "创建一个新的自托管远程中继和代理服务器节点",
@@ -2233,7 +2499,7 @@
"description": "更可靠和低维护自我托管的 Pangolin 服务器,带有额外的铃声和告密器",
"introTitle": "托管自托管的潘戈林公司",
"introDescription": "这是一种部署选择,为那些希望简洁和额外可靠的人设计,同时仍然保持他们的数据的私密性和自我托管性。",
- "introDetail": "通过此选项,您仍然运行您自己的 Pangolin 节点 - - 您的隧道、TLS 终止,并且流量在您的服务器上保持所有状态。 不同之处在于,管理和监测是通过我们的云层仪表板进行的,该仪表板开启了一些好处:",
+ "introDetail": "通过此选项,您仍然运行您自己的 Pangolin 节点 - 您的隧道、TLS 终止,并且流量在您的服务器上保持所有状态。不同之处在于,管理和监测是通过我们的云层仪表板进行的,该仪表板开启了一些好处:",
"benefitSimplerOperations": {
"title": "简单的操作",
"description": "无需运行您自己的邮件服务器或设置复杂的警报。您将从方框中获得健康检查和下限提醒。"
@@ -2318,6 +2584,7 @@
"idpGoogleDescription": "Google OAuth2/OIDC 提供商",
"idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
"subnet": "子网",
+ "utilitySubnet": "实用程序子网",
"subnetDescription": "此组织网络配置的子网。",
"customDomain": "自定义域",
"authPage": "身份验证页面",
@@ -2694,7 +2961,7 @@
"logRetentionRequestDescription": "保留请求日志的时间",
"logRetentionAccessLabel": "访问日志保留",
"logRetentionAccessDescription": "保留访问日志的时间",
- "logRetentionActionLabel": "动作日志保留",
+ "logRetentionActionLabel": "审计日志保留",
"logRetentionActionDescription": "保留操作日志的时间",
"logRetentionConnectionLabel": "连接日志保留",
"logRetentionConnectionDescription": "保留连接日志的时间",
@@ -2707,11 +2974,11 @@
"logRetentionForever": "永远的",
"logRetentionEndOfFollowingYear": "下一年结束",
"actionLogsDescription": "查看此机构执行的操作历史",
- "accessLogsDescription": "查看此机构资源的访问认证请求",
+ "accessLogsDescription": "查看此组织资源的访问认证请求",
"connectionLogs": "连接日志",
"connectionLogsDescription": "查看此机构隧道的连接日志",
"sidebarLogsConnection": "连接日志",
- "sidebarLogsStreaming": "流流",
+ "sidebarLogsStreaming": "事件流",
"sourceAddress": "源地址",
"destinationAddress": "目的地址",
"duration": "期限",
@@ -2736,15 +3003,17 @@
"orgOrDomainIdMissing": "缺少机构或域 ID",
"loadingDNSRecords": "正在载入DNS记录...",
"olmUpdateAvailableInfo": "有最新版本的 Olm 可用。请更新到最新版本以获取最佳体验。",
+ "updateAvailableInfo": "有新版本可用。请更新到最新版本以获得最佳体验。",
"client": "客户端:",
"proxyProtocol": "代理协议设置",
"proxyProtocolDescription": "配置代理协议以保留TCP服务的客户端 IP 地址。",
"enableProxyProtocol": "启用代理协议",
"proxyProtocolInfo": "为TCP后端保留客户端IP地址",
"proxyProtocolVersion": "代理协议版本",
- "version1": " 版本 1 (推荐)",
+ "version1": "版本 1(推荐)",
"version2": "版本 2",
- "versionDescription": "版本 1 是基于文本和广泛支持的版本。版本 2 是二进制和更有效率但不那么兼容。",
+ "version1Description": "基于文本和广泛支持。确保服务器传输添加到动态配置。",
+ "version2Description": "二进制且更有效率但兼容性较低。确保服务器传输添加到动态配置。",
"warning": "警告",
"proxyProtocolWarning": "后端应用程序必须配置为接受代理协议连接。 如果您的后端不支持代理协议,启用此功能将会中断所有连接,只有当您知道自己在做什么时才能启用此功能。 请务必从Traefik配置您的后端到信任代理协议标题。",
"restarting": "正在重启...",
@@ -2901,7 +3170,7 @@
"enterConfirmation": "输入确认",
"blueprintViewDetails": "详细信息",
"defaultIdentityProvider": "默认身份提供商",
- "defaultIdentityProviderDescription": "当选择默认身份提供商时,用户将自动重定向到提供商进行身份验证。",
+ "defaultIdentityProviderDescription": "用户将自动重定向到此身份提供者进行身份验证。",
"editInternalResourceDialogNetworkSettings": "网络设置",
"editInternalResourceDialogAccessPolicy": "访问策略",
"editInternalResourceDialogAddRoles": "添加角色",
@@ -2937,11 +3206,12 @@
"learnMore": "了解更多",
"backToHome": "返回首页",
"needToSignInToOrg": "需要使用您组织的身份提供商吗?",
- "maintenanceMode": "维护模式",
+ "maintenanceMode": "维护页面",
"maintenanceModeDescription": "向访客显示维护页面",
"maintenanceModeType": "维护模式类型",
"showMaintenancePage": "只在所有后端目标都故障或不健康时显示维护页面。只要至少一个目标健康,您的资源将正常工作。",
"enableMaintenanceMode": "启用维护模式",
+ "enableMaintenanceModeDescription": "启用后,访问者将看到维护页面而不是您的资源。",
"automatic": "自动",
"automaticModeDescription": "如果所有后端目标都故障或不健康,则仅显示维护页面。只要至少一个目标健康,您的资源将正常工作。",
"forced": "强制",
@@ -2949,6 +3219,8 @@
"warning:": "警告:",
"forcedeModeWarning": "所有流量将被引导到维护页面。您的后端资源不会收到任何请求。",
"pageTitle": "页面标题",
+ "maintenancePageContentSubsection": "页面内容",
+ "maintenancePageContentSubsectionDescription": "自定义维护页面上显示的内容",
"pageTitleDescription": "维护页面显示的主标题",
"maintenancePageMessage": "维护信息",
"maintenancePageMessagePlaceholder": "我们很快回来! 我们的网站目前正在进行计划中的维护。",
@@ -2967,6 +3239,7 @@
"maintenanceScreenEstimatedCompletion": "预计完成时间:",
"createInternalResourceDialogDestinationRequired": "需要目标地址",
"available": "可用",
+ "disabledResourceDescription": "禁用后,所有人都不可访问此资源。",
"archived": "已存档",
"noArchivedDevices": "未找到存档设备",
"deviceArchived": "设备已存档",
@@ -3212,6 +3485,8 @@
"idpUnassociateQuestion": "您确定要将此身份提供者从此组织中取消关联吗?",
"idpUnassociateDescription": "与此身份提供者关联的所有用户将从该组织中移除,但身份提供者仍会继续存在于关联的其他组织中。",
"idpUnassociateConfirm": "确认取消关联身份提供者",
+ "idpConfirmDeleteAndRemoveMeFromOrg": "删除并将我从组织中移除",
+ "idpUnassociateAndRemoveMeFromOrg": "解除关联并将我从组织中移除",
"idpUnassociateWarning": "此操作无法对该组织撤销。",
"idpUnassociatedDescription": "身份提供者已成功从该组织中取消关联",
"idpUnassociateMenu": "取消关联",
@@ -3295,6 +3570,118 @@
"memberPortalEmailWhitelist": "电子邮件白名单",
"memberPortalResourceDisabled": "资源已禁用",
"memberPortalShowingResources": "显示 {start}-{end} 共 {total} 个资源",
+ "resourceLauncherTitle": "资源启动器",
+ "resourceLauncherDescription": "查看资源详情并从一个地方启动它们",
+ "resourceLauncherSearchPlaceholder": "搜索所有站点……",
+ "resourceLauncherDefaultView": "默认",
+ "resourceLauncherSaveView": "保存视图",
+ "resourceLauncherSaveToCurrentView": "保存至当前视图",
+ "resourceLauncherResetView": "重置视图",
+ "resourceLauncherSaveAsNewView": "另存为新视图",
+ "resourceLauncherSaveAsNewViewDescription": "为此视图命名,以便保存您当前的过滤器和布局。",
+ "resourceLauncherSaveForEveryone": "为所有人保存",
+ "resourceLauncherSaveForEveryoneDescription": "与所有组织成员共享此视图。如果未选中,此视图仅对您可见。",
+ "resourceLauncherMakePersonal": "创建个人",
+ "resourceLauncherFilter": "筛选",
+ "resourceLauncherSort": "排序",
+ "resourceLauncherSortAscending": "按升序排序",
+ "resourceLauncherSortDescending": "按降序排序",
+ "resourceLauncherSettings": "设置",
+ "resourceLauncherGroupBy": "按组",
+ "resourceLauncherGroupBySite": "站点",
+ "resourceLauncherGroupByLabel": "标签",
+ "resourceLauncherLayout": "布局",
+ "resourceLauncherLayoutGrid": "网格",
+ "resourceLauncherLayoutList": "列表",
+ "resourceLauncherShowLabels": "显示标签",
+ "resourceLauncherShowSiteTags": "显示站点标签",
+ "resourceLauncherShowRecents": "显示最近使用",
+ "resourceLauncherDeleteView": "删除视图",
+ "resourceLauncherViewAsAdmin": "以管理员身份查看",
+ "resourceLauncherResourceDetailsDescription": "查看此资源的详细信息。",
+ "resourceLauncherUnlabeled": "未标记",
+ "resourceLauncherNoSite": "无站点",
+ "resourceLauncherNoResourcesInGroup": "此组中没有资源",
+ "resourceLauncherEmptyStateTitle": "没有可用资源",
+ "resourceLauncherEmptyStateDescription": "您还没有访问任何资源。请联系您的管理员以请求访问。",
+ "resourceLauncherEmptyStateNoResultsTitle": "未找到资源",
+ "resourceLauncherEmptyStateNoResultsDescription": "没有资源与您当前的搜索或过滤器匹配。尝试调整它们以找到您想要的内容。",
+ "resourceLauncherEmptyStateNoResultsWithQuery": "没有资源匹配\"{query}\"。尝试调整您的搜索或清除过滤器以查看所有资源。",
+ "resourceLauncherCopiedToClipboard": "已复制到剪贴板",
+ "resourceLauncherCopiedAccessDescription": "资源访问权限已复制到剪贴板。",
+ "resourceLauncherViewNamePlaceholder": "查看名称",
+ "resourceLauncherViewNameLabel": "查看名称",
+ "resourceLauncherViewSaved": "视图已保存",
+ "resourceLauncherViewSavedDescription": "您的启动器视图已保存。",
+ "resourceLauncherViewSaveFailed": "保存视图失败",
+ "resourceLauncherViewSaveFailedDescription": "无法保存启动器视图。请再试一次。",
+ "resourceLauncherViewDeleted": "视图已删除",
+ "resourceLauncherViewDeletedDescription": "启动器视图已删除。",
+ "resourceLauncherViewDeleteFailed": "删除视图失败",
+ "resourceLauncherViewDeleteFailedDescription": "无法删除启动器视图。请再试一次。",
"memberPortalPrevious": "上一页",
- "memberPortalNext": "下一页"
+ "memberPortalNext": "下一页",
+ "httpSettings": "HTTP 设置",
+ "tcpSettings": "TCP 设置",
+ "udpSettings": "UDP 设置",
+ "sshTitle": "SSH",
+ "sshConnectingDescription": "正在建立安全连接…",
+ "sshConnecting": "正在连接…",
+ "sshInitializing": "初始化中…",
+ "sshSignInTitle": "登录 SSH",
+ "sshSignInDescription": "输入您的 SSH 凭据以进行连接",
+ "sshPasswordTab": "密码",
+ "sshPrivateKeyTab": "私钥",
+ "sshPrivateKeyField": "私钥",
+ "sshPrivateKeyDisclaimer": "您的私钥不会被 Pangolin 存储或显示。或者,您可以使用短期证书,使用您现有的 Pangolin 身份无缝认证。",
+ "sshLearnMore": "了解更多",
+ "sshPrivateKeyFile": "私钥文件",
+ "sshAuthenticate": "连接",
+ "sshTerminate": "终止",
+ "sshPoweredBy": "支持者",
+ "sshErrorNoTarget": "未指定目标",
+ "sshErrorWebSocket": "WebSocket 连接失败",
+ "sshErrorAuthFailed": "身份验证失败",
+ "sshErrorConnectionClosed": "认证完成前连接已关闭",
+ "sitePangolinSshDescription": "允许对该站点的资源进行 SSH 访问。可稍后更改。",
+ "browserGatewayNoResourceForDomain": "未找到该域的资源",
+ "browserGatewayNoTarget": "没有目标",
+ "browserGatewayConnect": "连接",
+ "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+ "sshErrorSignKeyFailed": "签署 SSH 密钥以进行 PAM 推送身份验证失败。您以用户身份登录了吗?",
+ "sshTerminalError": "错误: {error}",
+ "sshConnectionClosedCode": "连接关闭 (代码 {code})",
+ "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+ "sshPrivateKeyRequired": "需要私钥",
+ "vncTitle": "VNC",
+ "vncSignInDescription": "输入您的VNC凭据以连接",
+ "vncUsernameOptional": "用户名(可选)",
+ "vncPasswordOptional": "密码 (可选)",
+ "vncNoResourceTarget": "没有可用的资源目标",
+ "vncFailedToLoadNovnc": "加载 noVNC 失败",
+ "vncAuthFailedStatus": "状态 {status}",
+ "vncPasteClipboard": "粘贴剪贴板",
+ "rdpTitle": "RDP",
+ "rdpSignInTitle": "登录到远程桌面",
+ "rdpSignInDescription": "输入 Windows 凭据以连接",
+ "rdpLoadingModule": "加载模块中……",
+ "rdpFailedToLoadModule": "加载 RDP 模块失败",
+ "rdpNotReady": "未准备好",
+ "rdpModuleInitializing": "RDP 模块仍在初始化中",
+ "rdpDownloadingFiles": "正在从远程下载 {count} 个文件...",
+ "rdpDownloadFailed": "下载失败: {fileName}",
+ "rdpUploaded": "已上传: {fileName}",
+ "rdpNoConnectionTarget": "没有可用的连接目标",
+ "rdpConnectionFailed": "连接失败",
+ "rdpFit": "适合",
+ "rdpFull": "完整",
+ "rdpReal": "真实",
+ "rdpMeta": "元数据",
+ "rdpUploadFiles": "上传文件",
+ "rdpFilesReadyToPaste": "文件准备好粘贴",
+ "rdpFilesReadyToPasteDescription": "已将 {count} 个文件复制到远程剪贴板——在远程桌面上按 Ctrl+V 进行粘贴",
+ "rdpUploadFailed": "上传失败",
+ "rdpUnicodeKeyboardMode": "Unicode 键盘模式",
+ "sessionToolbarShow": "显示工具栏",
+ "sessionToolbarHide": "隐藏工具栏"
}
diff --git a/messages/zh-TW.json b/messages/zh-TW.json
index 532962593..6eb103d3a 100644
--- a/messages/zh-TW.json
+++ b/messages/zh-TW.json
@@ -152,8 +152,8 @@
"shareErrorSelectResource": "請選擇一個資源",
"proxyResourceTitle": "管理公開資源",
"proxyResourceDescription": "建立和管理可透過網頁瀏覽器公開存取的資源",
- "proxyResourcesBannerTitle": "基於網頁的公開存取",
- "proxyResourcesBannerDescription": "公開資源是任何人都可以透過網頁瀏覽器存取的 HTTPS 或 TCP/UDP 代理。與私有資源不同,它們不需要客戶端軟體,並且可以包含基於身份和情境感知的存取策略。",
+ "publicResourcesBannerTitle": "基於網頁的公開存取",
+ "publicResourcesBannerDescription": "公開資源是任何人都可以透過網頁瀏覽器存取的 HTTPS 或 TCP/UDP 代理。與私有資源不同,它們不需要客戶端軟體,並且可以包含基於身份和情境感知的存取策略。",
"clientResourceTitle": "管理私有資源",
"clientResourceDescription": "建立和管理只能透過已連接的客戶端存取的資源",
"privateResourcesBannerTitle": "零信任私有存取",
diff --git a/next.config.ts b/next.config.ts
index 078a459d6..0c3738433 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,12 +1,42 @@
import type { NextConfig } from "next";
import createNextIntlPlugin from "next-intl/plugin";
+import fs from "fs";
+import path from "path";
const withNextIntl = createNextIntlPlugin();
+// read allowedDevOrigins.json if it exists
+let allowedDevOrigins: string[] = [];
+const allowedDevOriginsPath = path.join(
+ process.cwd(),
+ "allowedDevOrigins.json"
+);
+if (fs.existsSync(allowedDevOriginsPath)) {
+ try {
+ const data = fs.readFileSync(allowedDevOriginsPath, "utf-8");
+ allowedDevOrigins = JSON.parse(data);
+ } catch {}
+}
const nextConfig: NextConfig = {
reactStrictMode: false,
reactCompiler: true,
- output: "standalone"
+ transpilePackages: ["@novnc/novnc"],
+ output: "standalone",
+ allowedDevOrigins,
+ async redirects() {
+ return [
+ {
+ source: "/:orgId/settings/resources/proxy/:path*",
+ destination: "/:orgId/settings/resources/public/:path*",
+ permanent: true
+ },
+ {
+ source: "/:orgId/settings/resources/client/:path*",
+ destination: "/:orgId/settings/resources/private/:path*",
+ permanent: true
+ }
+ ];
+ }
};
export default withNextIntl(nextConfig);
diff --git a/package-lock.json b/package-lock.json
index e1f1128b6..9b7196dcf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,11 +11,13 @@
"dependencies": {
"@asteasolutions/zod-to-openapi": "8.5.0",
"@aws-sdk/client-s3": "3.1056.0",
- "@faker-js/faker": "10.4.0",
+ "@devolutions/iron-remote-desktop": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-0.0.0.tgz",
+ "@devolutions/iron-remote-desktop-rdp": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.0.tgz",
"@headlessui/react": "2.2.10",
"@hookform/resolvers": "5.4.0",
"@monaco-editor/react": "4.7.0",
"@node-rs/argon2": "2.0.2",
+ "@novnc/novnc": "^1.7.0",
"@oslojs/crypto": "1.0.1",
"@oslojs/encoding": "1.1.0",
"@radix-ui/react-avatar": "1.1.11",
@@ -45,6 +47,9 @@
"@tailwindcss/forms": "0.5.11",
"@tanstack/react-query": "5.100.14",
"@tanstack/react-table": "8.21.3",
+ "@xterm/addon-fit": "^0.11.0",
+ "@xterm/addon-web-links": "^0.12.0",
+ "@xterm/xterm": "^6.0.0",
"arctic": "3.7.0",
"axios": "1.16.1",
"better-sqlite3": "11.9.1",
@@ -65,7 +70,7 @@
"input-otp": "1.4.2",
"ioredis": "5.11.0",
"jmespath": "0.16.0",
- "js-yaml": "4.1.1",
+ "js-yaml": "4.2.0",
"jsonwebtoken": "9.0.3",
"lucide-react": "1.17.0",
"maxmind": "5.0.6",
@@ -75,7 +80,7 @@
"next-themes": "0.4.6",
"nextjs-toploader": "3.9.17",
"node-cache": "5.1.2",
- "nodemailer": "8.0.9",
+ "nodemailer": "9.0.1",
"oslo": "1.2.1",
"pg": "8.21.0",
"posthog-node": "5.35.6",
@@ -137,7 +142,7 @@
"@types/yargs": "17.0.35",
"babel-plugin-react-compiler": "1.0.0",
"drizzle-kit": "0.31.10",
- "esbuild": "0.28.0",
+ "esbuild": "0.28.1",
"esbuild-node-externals": "1.22.0",
"eslint": "10.4.0",
"eslint-config-next": "16.2.6",
@@ -1113,6 +1118,16 @@
"integrity": "sha512-P5LUNhtbj6YfI3iJjw5EL9eUAG6OitD0W3fWQcpQjDRc/QIsL0tRNuO1PcDvPccWL1fSTXXdE1ds+l95DV/OFA==",
"license": "MIT"
},
+ "node_modules/@devolutions/iron-remote-desktop": {
+ "version": "0.0.0",
+ "resolved": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-0.0.0.tgz",
+ "integrity": "sha512-9o7PkCw9fdvGTPs0hgsUJG10QleGgcdsSCw1ekLpUOlVXtWCuiuPH+0bPDFhLWxqbVA+8pyVhwqdOI+t1T3TNA=="
+ },
+ "node_modules/@devolutions/iron-remote-desktop-rdp": {
+ "version": "0.0.0",
+ "resolved": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.0.tgz",
+ "integrity": "sha512-O0YVpOJDwUzekH3N2QKj+48WP+56wI0sj4VmaJkGoW5XgyAj2ONn2k3i+vk17Eavx+Vg6vAg3lwYRAOK4kKIDQ=="
+ },
"node_modules/@dotenvx/dotenvx": {
"version": "1.69.1",
"resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.69.1.tgz",
@@ -1233,9 +1248,9 @@
}
},
"node_modules/@esbuild/aix-ppc64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.28.0.tgz",
- "integrity": "sha512-lhRUCeuOyJQURhTxl4WkpFTjIsbDayJHih5kZC1giwE+MhIzAb7mEsQMqMf18rHLsrb5qI1tafG20mLxEWcWlA==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.28.1.tgz",
+ "integrity": "sha512-Svl7tq8k/08+p6CXPpRjQ1fKX+1odH/BQbb48fV6fj3CWHhsoIOoY87w1oHXm0qEpkIK3ZfVgp0hed3XBXzXMQ==",
"cpu": [
"ppc64"
],
@@ -1250,9 +1265,9 @@
}
},
"node_modules/@esbuild/android-arm": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.28.0.tgz",
- "integrity": "sha512-wqh0ByljabXLKHeWXYLqoJ5jKC4XBaw6Hk08OfMrCRd2nP2ZQ5eleDZC41XHyCNgktBGYMbqnrJKq/K/lzPMSQ==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.28.1.tgz",
+ "integrity": "sha512-0k2F129Xdio1TdJfzJ8sy1Q47vUD2NnwdhiAf7drUN1EBTfPf4hsFCtmMgu/6m8JSzsBrlmVjudMBQqOfG8usQ==",
"cpu": [
"arm"
],
@@ -1267,9 +1282,9 @@
}
},
"node_modules/@esbuild/android-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.28.0.tgz",
- "integrity": "sha512-+WzIXQOSaGs33tLEgYPYe/yQHf0WTU0X42Jca3y8NWMbUVhp7rUnw+vAsRC/QiDrdD31IszMrZy+qwPOPjd+rw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.28.1.tgz",
+ "integrity": "sha512-34EGEbCIAgosYz6goLcopX6Mo7NyGv9tfwEM2/7Ce2VcVRk568iSvniGWcUXIy7wEDR1wzolcxcriFVrWYcwBg==",
"cpu": [
"arm64"
],
@@ -1284,9 +1299,9 @@
}
},
"node_modules/@esbuild/android-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.28.0.tgz",
- "integrity": "sha512-+VJggoaKhk2VNNqVL7f6S189UzShHC/mR9EE8rDdSkdpN0KflSwWY/gWjDrNxxisg8Fp1ZCD9jLMo4m0OUfeUA==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.28.1.tgz",
+ "integrity": "sha512-dbwY7ltSMDWsRatcRpCnES4F+im88OCUgGZjy52shC7GqHRE/cYlxNbB4Z4UpJswpcc4Qxd2oE/ufM0p61IKng==",
"cpu": [
"x64"
],
@@ -1301,9 +1316,9 @@
}
},
"node_modules/@esbuild/darwin-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.28.0.tgz",
- "integrity": "sha512-0T+A9WZm+bZ84nZBtk1ckYsOvyA3x7e2Acj1KdVfV4/2tdG4fzUp91YHx+GArWLtwqp77pBXVCPn2We7Letr0Q==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.28.1.tgz",
+ "integrity": "sha512-TZbWkQY7kvTAXbXUT7uVACR5cMHsDiSz9z7ZKAX/RTq/WJEk3QyRr0wZpNhBDX+/0CtdqUIJlOiodQcta6tY3Q==",
"cpu": [
"arm64"
],
@@ -1318,9 +1333,9 @@
}
},
"node_modules/@esbuild/darwin-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.28.0.tgz",
- "integrity": "sha512-fyzLm/DLDl/84OCfp2f/XQ4flmORsjU7VKt8HLjvIXChJoFFOIL6pLJPH4Yhd1n1gGFF9mPwtlN5Wf82DZs+LQ==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.28.1.tgz",
+ "integrity": "sha512-zfdzgK9ACBNZLI/CyHTOx81SyNbM6YXn7rxSgX97VjyiPl9W1i4Ka4fgKECEoFCKGpvBj5qArWIGgQjOwkgskQ==",
"cpu": [
"x64"
],
@@ -1335,9 +1350,9 @@
}
},
"node_modules/@esbuild/freebsd-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.28.0.tgz",
- "integrity": "sha512-l9GeW5UZBT9k9brBYI+0WDffcRxgHQD8ShN2Ur4xWq/NFzUKm3k5lsH4PdaRgb2w7mI9u61nr2gI2mLI27Nh3Q==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.28.1.tgz",
+ "integrity": "sha512-wG2EA8ENdEI0qhkSZMjfqrdY+ziCYCPMmtZjjIwOmXFjmyzEHn+UUxk5of+SYsjtfs3VpnlC7QLzSI5hY/rOAw==",
"cpu": [
"arm64"
],
@@ -1352,9 +1367,9 @@
}
},
"node_modules/@esbuild/freebsd-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.28.0.tgz",
- "integrity": "sha512-BXoQai/A0wPO6Es3yFJ7APCiKGc1tdAEOgeTNy3SsB491S3aHn4S4r3e976eUnPdU+NbdtmBuLncYir2tMU9Nw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.28.1.tgz",
+ "integrity": "sha512-i7dZ9vQgnvSCzi/rYCXNgtF/U+eKZNJBzu3eTQbRgHnM7tNSizLOkRFAl3qzVc/Op/u5YkHHa4pf/3DOYHthLQ==",
"cpu": [
"x64"
],
@@ -1369,9 +1384,9 @@
}
},
"node_modules/@esbuild/linux-arm": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.28.0.tgz",
- "integrity": "sha512-CjaaREJagqJp7iTaNQjjidaNbCKYcd4IDkzbwwxtSvjI7NZm79qiHc8HqciMddQ6CKvJT6aBd8lO9kN/ZudLlw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.28.1.tgz",
+ "integrity": "sha512-qVXBOHQS+d5Y722GwJzJUtOLlX7km3CraOaGormF1pDtPd2C/l1SHRPgjLunLGe51Sh5YYWKMFDyV4SxgMQYTQ==",
"cpu": [
"arm"
],
@@ -1386,9 +1401,9 @@
}
},
"node_modules/@esbuild/linux-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.28.0.tgz",
- "integrity": "sha512-RVyzfb3FWsGA55n6WY0MEIEPURL1FcbhFE6BffZEMEekfCzCIMtB5yyDcFnVbTnwk+CLAgTujmV/Lgvih56W+A==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.28.1.tgz",
+ "integrity": "sha512-yHs+0uc8+nvEAfAfxrWQKK5peSNzBc4PegcMO0EJ2hT71uA7vB8Ihg2e77R2P7SG5uYjPbHlLLmve4LLLRCf0g==",
"cpu": [
"arm64"
],
@@ -1403,9 +1418,9 @@
}
},
"node_modules/@esbuild/linux-ia32": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.28.0.tgz",
- "integrity": "sha512-KBnSTt1kxl9x70q+ydterVdl+Cn0H18ngRMRCEQfrbqdUuntQQ0LoMZv47uB97NljZFzY6HcfqEZ2SAyIUTQBQ==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.28.1.tgz",
+ "integrity": "sha512-d1z4ZuP0ajrfz/FhGT4vv278rX8KnPPJx8i5+AtK7TYbx9Le9F1hyzurZpkEyjkGa9dUGhQow4C1NmeGvqxN2w==",
"cpu": [
"ia32"
],
@@ -1420,9 +1435,9 @@
}
},
"node_modules/@esbuild/linux-loong64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.28.0.tgz",
- "integrity": "sha512-zpSlUce1mnxzgBADvxKXX5sl8aYQHo2ezvMNI8I0lbblJtp8V4odlm3Yzlj7gPyt3T8ReksE6bK+pT3WD+aJRg==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.28.1.tgz",
+ "integrity": "sha512-M5sRjUVZrkm1OAPR3dlOYzNmN+loZKGVi1VUQGrwuqLcbR6qeAz+famMhjASeH3YVKvZz+zT1jlh/keC3Rj/lg==",
"cpu": [
"loong64"
],
@@ -1437,9 +1452,9 @@
}
},
"node_modules/@esbuild/linux-mips64el": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.28.0.tgz",
- "integrity": "sha512-2jIfP6mmjkdmeTlsX/9vmdmhBmKADrWqN7zcdtHIeNSCH1SqIoNI63cYsjQR8J+wGa4Y5izRcSHSm8K3QWmk3w==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.28.1.tgz",
+ "integrity": "sha512-mRObBZeHh2OxcBFPWE/FjylkRgZdYuiTR3vaTozquCGOH14iP9oN4x4Ge81CoIDYQrXmIxpFumJBu5MtZpnQJQ==",
"cpu": [
"mips64el"
],
@@ -1454,9 +1469,9 @@
}
},
"node_modules/@esbuild/linux-ppc64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.28.0.tgz",
- "integrity": "sha512-bc0FE9wWeC0WBm49IQMPSPILRocGTQt3j5KPCA8os6VprfuJ7KD+5PzESSrJ6GmPIPJK965ZJHTUlSA6GNYEhg==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.28.1.tgz",
+ "integrity": "sha512-slScBsMAb3GFDcdrCgLwZtPYRoH2H/youv10QiZyRjmsP48fznoveWytSgCI/R0ZcUgpc0ZhIUEx6LHts8yrfQ==",
"cpu": [
"ppc64"
],
@@ -1471,9 +1486,9 @@
}
},
"node_modules/@esbuild/linux-riscv64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.28.0.tgz",
- "integrity": "sha512-SQPZOwoTTT/HXFXQJG/vBX8sOFagGqvZyXcgLA3NhIqcBv1BJU1d46c0rGcrij2B56Z2rNiSLaZOYW5cUk7yLQ==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.28.1.tgz",
+ "integrity": "sha512-kw0owk1o0GFETUJyW0jc0G4Yzs0BHZn0JDZ8JRT088vjJYX777BAs1fDGxAC+q831qOs2DTC96mNsG2opdfyyQ==",
"cpu": [
"riscv64"
],
@@ -1488,9 +1503,9 @@
}
},
"node_modules/@esbuild/linux-s390x": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.28.0.tgz",
- "integrity": "sha512-SCfR0HN8CEEjnYnySJTd2cw0k9OHB/YFzt5zgJEwa+wL/T/raGWYMBqwDNAC6dqFKmJYZoQBRfHjgwLHGSrn3Q==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.28.1.tgz",
+ "integrity": "sha512-/lAIjX8aYFRByhh6L5rYtPEDRqa9de/4V/juOXcta5frjvzXO4/sqEtyytse0g3zZFuWu5cDN0MkLz2qRDD2Ag==",
"cpu": [
"s390x"
],
@@ -1505,9 +1520,9 @@
}
},
"node_modules/@esbuild/linux-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.28.0.tgz",
- "integrity": "sha512-us0dSb9iFxIi8srnpl931Nvs65it/Jd2a2K3qs7fz2WfGPHqzfzZTfec7oxZJRNPXPnNYZtanmRc4AL/JwVzHQ==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.28.1.tgz",
+ "integrity": "sha512-u/anNYF2mmVOEDwLtnQ1wOr3EZ9sTNGLWrsYGYwHWzGA3Si84IOkHXlbWTD1NB+9/1lcnweYKO54uhxZydNzfA==",
"cpu": [
"x64"
],
@@ -1522,9 +1537,9 @@
}
},
"node_modules/@esbuild/netbsd-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.28.0.tgz",
- "integrity": "sha512-CR/RYotgtCKwtftMwJlUU7xCVNg3lMYZ0RzTmAHSfLCXw3NtZtNpswLEj/Kkf6kEL3Gw+BpOekRX0BYCtklhUw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.28.1.tgz",
+ "integrity": "sha512-oks0DYbLwWMmaakTsCb+zL4E+aHRVLom9IJZOAthMQEPiQmydXHkziYEsGYRx0uNV/IjEKGAV941JzH02pflqw==",
"cpu": [
"arm64"
],
@@ -1539,9 +1554,9 @@
}
},
"node_modules/@esbuild/netbsd-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.28.0.tgz",
- "integrity": "sha512-nU1yhmYutL+fQ71Kxnhg8uEOdC0pwEW9entHykTgEbna2pw2dkbFSMeqjjyHZoCmt8SBkOSvV+yNmm94aUrrqw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.28.1.tgz",
+ "integrity": "sha512-aeL6lAnN89Hz43Mlh1G8ARasbuoYvSITDEx0tHh5b7jJnHcssqgjy9Yx430GDpmCa6OyrKoS0aNRjKundRizGg==",
"cpu": [
"x64"
],
@@ -1556,9 +1571,9 @@
}
},
"node_modules/@esbuild/openbsd-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.28.0.tgz",
- "integrity": "sha512-cXb5vApOsRsxsEl4mcZ1XY3D4DzcoMxR/nnc4IyqYs0rTI8ZKmW6kyyg+11Z8yvgMfAEldKzP7AdP64HnSC/6g==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.28.1.tgz",
+ "integrity": "sha512-MEFJe5C3R8pwXdZ5Y21oo6m7ePiS0d9pWucn99O/wvyJZChoIQKrQDxKrGeW8F5+T0okTHesAmDeiHDTIq0V/Q==",
"cpu": [
"arm64"
],
@@ -1573,9 +1588,9 @@
}
},
"node_modules/@esbuild/openbsd-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.28.0.tgz",
- "integrity": "sha512-8wZM2qqtv9UP3mzy7HiGYNH/zjTA355mpeuA+859TyR+e+Tc08IHYpLJuMsfpDJwoLo1ikIJI8jC3GFjnRClzA==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.28.1.tgz",
+ "integrity": "sha512-i/ZLIOafE0Z8cI/XANJAixoJL/uRAoS2xOA3rb0xN+KK0K177cMAsQYkzHtBrtMXAKuAc7HGgcWiZ/sRC1Nxgw==",
"cpu": [
"x64"
],
@@ -1590,9 +1605,9 @@
}
},
"node_modules/@esbuild/openharmony-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.28.0.tgz",
- "integrity": "sha512-FLGfyizszcef5C3YtoyQDACyg95+dndv79i2EekILBofh5wpCa1KuBqOWKrEHZg3zrL3t5ouE5jgr94vA+Wb2w==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.28.1.tgz",
+ "integrity": "sha512-ge+Z7EXFNt2BO1oAMsVpiQ8EwndV9i1xXerAeTIK7AtPs3bKFXQM7nlRxDSIUIMeueR1CNXxqztLzdNeReKBJg==",
"cpu": [
"arm64"
],
@@ -1607,9 +1622,9 @@
}
},
"node_modules/@esbuild/sunos-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.28.0.tgz",
- "integrity": "sha512-1ZgjUoEdHZZl/YlV76TSCz9Hqj9h9YmMGAgAPYd+q4SicWNX3G5GCyx9uhQWSLcbvPW8Ni7lj4gDa1T40akdlw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.28.1.tgz",
+ "integrity": "sha512-BEjgtECkL3vY+SaSQ6nzVfiALUeFxpawyp8Jmf5PtYhf1Ug40N1h/hxlhts+f1FvSvarEigdxS3BlSMI2PJLcQ==",
"cpu": [
"x64"
],
@@ -1624,9 +1639,9 @@
}
},
"node_modules/@esbuild/win32-arm64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.28.0.tgz",
- "integrity": "sha512-Q9StnDmQ/enxnpxCCLSg0oo4+34B9TdXpuyPeTedN/6+iXBJ4J+zwfQI28u/Jl40nOYAxGoNi7mFP40RUtkmUA==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.28.1.tgz",
+ "integrity": "sha512-lCv9eK/H6ZJWbE7bh2nw54CZ9M2nupBxJcTsdk/QQnWkdSjKGuxmmH8/GWrlT1eMmZfn4dGcCjRte397WqfQXA==",
"cpu": [
"arm64"
],
@@ -1641,9 +1656,9 @@
}
},
"node_modules/@esbuild/win32-ia32": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.28.0.tgz",
- "integrity": "sha512-zF3ag/gfiCe6U2iczcRzSYJKH1DCI+ByzSENHlM2FcDbEeo5Zd2C86Aq0tKUYAJJ1obRP84ymxIAksZUcdztHA==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.28.1.tgz",
+ "integrity": "sha512-zvb/mB2bSCoJOpoCBgYKKpX6YM6mJBlBUVUtVj41DlZJVEB6/0CKlRYxP5wWl1C1ILiCoAU5wZZ4q1P3qeS6Eg==",
"cpu": [
"ia32"
],
@@ -1658,9 +1673,9 @@
}
},
"node_modules/@esbuild/win32-x64": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.28.0.tgz",
- "integrity": "sha512-pEl1bO9mfAmIC+tW5btTmrKaujg3zGtUmWNdCw/xs70FBjwAL3o9OEKNHvNmnyylD6ubxUERiEhdsL0xBQ9efw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.28.1.tgz",
+ "integrity": "sha512-bm4Mowrv+GXMlpWX++EcXw/iLyd1o3+bJkC2DkWXYVvgZCqD/bSj9ctZeAMC3cIxgjRVR2Dufaiu4YPxr5gW1A==",
"cpu": [
"x64"
],
@@ -1781,22 +1796,6 @@
"node": "^20.19.0 || ^22.13.0 || >=24"
}
},
- "node_modules/@faker-js/faker": {
- "version": "10.4.0",
- "resolved": "https://registry.npmjs.org/@faker-js/faker/-/faker-10.4.0.tgz",
- "integrity": "sha512-sDBWI3yLy8EcDzgobvJTWq1MJYzAkQdpjXuPukga9wXonhpMRvd1Izuo2Qgwey2OiEoRIBr35RMU9HJRoOHzpw==",
- "funding": [
- {
- "type": "opencollective",
- "url": "https://opencollective.com/fakerjs"
- }
- ],
- "license": "MIT",
- "engines": {
- "node": "^20.19.0 || ^22.13.0 || ^23.5.0 || >=24.0.0",
- "npm": ">=10"
- }
- },
"node_modules/@floating-ui/core": {
"version": "1.7.5",
"resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.5.tgz",
@@ -3355,6 +3354,12 @@
"node": ">=12.4.0"
}
},
+ "node_modules/@novnc/novnc": {
+ "version": "1.7.0",
+ "resolved": "https://registry.npmjs.org/@novnc/novnc/-/novnc-1.7.0.tgz",
+ "integrity": "sha512-ucEJOx4T2avIRCleodk7YobZj5O2Ga2AeLfQ69A/yjG9HHba2+PDgwSkN3FttrmG+70ZGx21sElNFouK13RzyA==",
+ "license": "MPL-2.0"
+ },
"node_modules/@oslojs/asn1": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/@oslojs/asn1/-/asn1-1.0.0.tgz",
@@ -8588,6 +8593,27 @@
"win32"
]
},
+ "node_modules/@xterm/addon-fit": {
+ "version": "0.11.0",
+ "resolved": "https://registry.npmjs.org/@xterm/addon-fit/-/addon-fit-0.11.0.tgz",
+ "integrity": "sha512-jYcgT6xtVYhnhgxh3QgYDnnNMYTcf8ElbxxFzX0IZo+vabQqSPAjC3c1wJrKB5E19VwQei89QCiZZP86DCPF7g==",
+ "license": "MIT"
+ },
+ "node_modules/@xterm/addon-web-links": {
+ "version": "0.12.0",
+ "resolved": "https://registry.npmjs.org/@xterm/addon-web-links/-/addon-web-links-0.12.0.tgz",
+ "integrity": "sha512-4Smom3RPyVp7ZMYOYDoC/9eGJJJqYhnPLGGqJ6wOBfB8VxPViJNSKdgRYb8NpaM6YSelEKbA2SStD7lGyqaobw==",
+ "license": "MIT"
+ },
+ "node_modules/@xterm/xterm": {
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/@xterm/xterm/-/xterm-6.0.0.tgz",
+ "integrity": "sha512-TQwDdQGtwwDt+2cgKDLn0IRaSxYu1tSUjgKarSDkUM0ZNiSRXFpjxEsvc/Zgc5kq5omJ+V0a8/kIM2WD3sMOYg==",
+ "license": "MIT",
+ "workspaces": [
+ "addons/*"
+ ]
+ },
"node_modules/accepts": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz",
@@ -10542,6 +10568,9 @@
"integrity": "sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==",
"license": "(MPL-2.0 OR Apache-2.0)",
"peer": true,
+ "engines": {
+ "node": ">=20"
+ },
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
}
@@ -11196,9 +11225,9 @@
]
},
"node_modules/esbuild": {
- "version": "0.28.0",
- "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.28.0.tgz",
- "integrity": "sha512-sNR9MHpXSUV/XB4zmsFKN+QgVG82Cc7+/aaxJ8Adi8hyOac+EXptIp45QBPaVyX3N70664wRbTcLTOemCAnyqw==",
+ "version": "0.28.1",
+ "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.28.1.tgz",
+ "integrity": "sha512-HrJrvZv5ayxBzPfwphOoNzkzOIIlifzk0KJrGK2c8R4+LKpMtpYLQeUdjnwjWv/LZlkH2laZk+4w78pi99D4Vw==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
@@ -11209,32 +11238,32 @@
"node": ">=18"
},
"optionalDependencies": {
- "@esbuild/aix-ppc64": "0.28.0",
- "@esbuild/android-arm": "0.28.0",
- "@esbuild/android-arm64": "0.28.0",
- "@esbuild/android-x64": "0.28.0",
- "@esbuild/darwin-arm64": "0.28.0",
- "@esbuild/darwin-x64": "0.28.0",
- "@esbuild/freebsd-arm64": "0.28.0",
- "@esbuild/freebsd-x64": "0.28.0",
- "@esbuild/linux-arm": "0.28.0",
- "@esbuild/linux-arm64": "0.28.0",
- "@esbuild/linux-ia32": "0.28.0",
- "@esbuild/linux-loong64": "0.28.0",
- "@esbuild/linux-mips64el": "0.28.0",
- "@esbuild/linux-ppc64": "0.28.0",
- "@esbuild/linux-riscv64": "0.28.0",
- "@esbuild/linux-s390x": "0.28.0",
- "@esbuild/linux-x64": "0.28.0",
- "@esbuild/netbsd-arm64": "0.28.0",
- "@esbuild/netbsd-x64": "0.28.0",
- "@esbuild/openbsd-arm64": "0.28.0",
- "@esbuild/openbsd-x64": "0.28.0",
- "@esbuild/openharmony-arm64": "0.28.0",
- "@esbuild/sunos-x64": "0.28.0",
- "@esbuild/win32-arm64": "0.28.0",
- "@esbuild/win32-ia32": "0.28.0",
- "@esbuild/win32-x64": "0.28.0"
+ "@esbuild/aix-ppc64": "0.28.1",
+ "@esbuild/android-arm": "0.28.1",
+ "@esbuild/android-arm64": "0.28.1",
+ "@esbuild/android-x64": "0.28.1",
+ "@esbuild/darwin-arm64": "0.28.1",
+ "@esbuild/darwin-x64": "0.28.1",
+ "@esbuild/freebsd-arm64": "0.28.1",
+ "@esbuild/freebsd-x64": "0.28.1",
+ "@esbuild/linux-arm": "0.28.1",
+ "@esbuild/linux-arm64": "0.28.1",
+ "@esbuild/linux-ia32": "0.28.1",
+ "@esbuild/linux-loong64": "0.28.1",
+ "@esbuild/linux-mips64el": "0.28.1",
+ "@esbuild/linux-ppc64": "0.28.1",
+ "@esbuild/linux-riscv64": "0.28.1",
+ "@esbuild/linux-s390x": "0.28.1",
+ "@esbuild/linux-x64": "0.28.1",
+ "@esbuild/netbsd-arm64": "0.28.1",
+ "@esbuild/netbsd-x64": "0.28.1",
+ "@esbuild/openbsd-arm64": "0.28.1",
+ "@esbuild/openbsd-x64": "0.28.1",
+ "@esbuild/openharmony-arm64": "0.28.1",
+ "@esbuild/sunos-x64": "0.28.1",
+ "@esbuild/win32-arm64": "0.28.1",
+ "@esbuild/win32-ia32": "0.28.1",
+ "@esbuild/win32-x64": "0.28.1"
}
},
"node_modules/esbuild-node-externals": {
@@ -12126,16 +12155,16 @@
}
},
"node_modules/form-data": {
- "version": "4.0.5",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
- "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz",
+ "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==",
"license": "MIT",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
- "mime-types": "^2.1.12"
+ "hasown": "^2.0.4",
+ "mime-types": "^2.1.35"
},
"engines": {
"node": ">= 6"
@@ -12564,9 +12593,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.3",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
- "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"license": "MIT",
"dependencies": {
"function-bind": "^1.1.2"
@@ -13360,9 +13389,19 @@
"license": "MIT"
},
"node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"license": "MIT",
"dependencies": {
"argparse": "^2.0.1"
@@ -14503,9 +14542,9 @@
"license": "MIT"
},
"node_modules/nodemailer": {
- "version": "8.0.9",
- "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.9.tgz",
- "integrity": "sha512-5ofa7BUN8+C+Hckh5V2GjeeOGRQBx0CJQA6KxrvuZfC8iU4/q7sLn8XrtEEhJkjV6HdyIiQs7Bba6bTao8JhkA==",
+ "version": "9.0.1",
+ "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-9.0.1.tgz",
+ "integrity": "sha512-Gwv8SQewT616ZM/URn0H54b8PWo/Wum7md3EW2aWy1lO27+WZCX+Xyak3J+NlmHUjDh5ME+uesJUDRbR3Ye8Bw==",
"license": "MIT-0",
"engines": {
"node": ">=6.0.0"
diff --git a/package.json b/package.json
index 9209778c2..aba0c40d8 100644
--- a/package.json
+++ b/package.json
@@ -33,12 +33,14 @@
},
"dependencies": {
"@asteasolutions/zod-to-openapi": "8.5.0",
+ "@devolutions/iron-remote-desktop": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-0.0.0.tgz",
+ "@devolutions/iron-remote-desktop-rdp": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.0.tgz",
"@aws-sdk/client-s3": "3.1056.0",
- "@faker-js/faker": "10.4.0",
"@headlessui/react": "2.2.10",
"@hookform/resolvers": "5.4.0",
"@monaco-editor/react": "4.7.0",
"@node-rs/argon2": "2.0.2",
+ "@novnc/novnc": "^1.7.0",
"@oslojs/crypto": "1.0.1",
"@oslojs/encoding": "1.1.0",
"@radix-ui/react-avatar": "1.1.11",
@@ -68,6 +70,9 @@
"@tailwindcss/forms": "0.5.11",
"@tanstack/react-query": "5.100.14",
"@tanstack/react-table": "8.21.3",
+ "@xterm/addon-fit": "^0.11.0",
+ "@xterm/addon-web-links": "^0.12.0",
+ "@xterm/xterm": "^6.0.0",
"arctic": "3.7.0",
"axios": "1.16.1",
"better-sqlite3": "11.9.1",
@@ -88,7 +93,7 @@
"input-otp": "1.4.2",
"ioredis": "5.11.0",
"jmespath": "0.16.0",
- "js-yaml": "4.1.1",
+ "js-yaml": "4.2.0",
"jsonwebtoken": "9.0.3",
"lucide-react": "1.17.0",
"maxmind": "5.0.6",
@@ -98,7 +103,7 @@
"next-themes": "0.4.6",
"nextjs-toploader": "3.9.17",
"node-cache": "5.1.2",
- "nodemailer": "8.0.9",
+ "nodemailer": "9.0.1",
"oslo": "1.2.1",
"pg": "8.21.0",
"posthog-node": "5.35.6",
@@ -160,7 +165,7 @@
"@types/yargs": "17.0.35",
"babel-plugin-react-compiler": "1.0.0",
"drizzle-kit": "0.31.10",
- "esbuild": "0.28.0",
+ "esbuild": "0.28.1",
"esbuild-node-externals": "1.22.0",
"eslint": "10.4.0",
"eslint-config-next": "16.2.6",
@@ -174,7 +179,7 @@
"typescript-eslint": "8.60.0"
},
"overrides": {
- "esbuild": "0.28.0",
+ "esbuild": "0.28.1",
"dompurify": "3.4.0",
"postcss": "8.5.15"
}
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index 9ba1b5bce..e47f94d74 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -5,6 +5,7 @@ import { and, eq, inArray } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+import logger from "@server/logger";
export enum ActionsEnum {
createOrgUser = "createOrgUser",
@@ -20,6 +21,7 @@ export enum ActionsEnum {
getSite = "getSite",
listSites = "listSites",
updateSite = "updateSite",
+ restartSite = "restartSite",
resetSiteBandwidth = "resetSiteBandwidth",
reGenerateSecret = "reGenerateSecret",
createResource = "createResource",
@@ -148,11 +150,37 @@ export enum ActionsEnum {
updateAlertRule = "updateAlertRule",
deleteAlertRule = "deleteAlertRule",
listAlertRules = "listAlertRules",
+ listOrgLabels = "listOrgLabels",
+ createOrgLabel = "createOrgLabel",
+ updateOrgLabel = "updateOrgLabel",
+ deleteOrgLabel = "deleteOrgLabel",
+ attachLabelToItem = "attachLabelToItem",
+ detachLabelFromItem = "detachLabelFromItem",
getAlertRule = "getAlertRule",
createHealthCheck = "createHealthCheck",
updateHealthCheck = "updateHealthCheck",
deleteHealthCheck = "deleteHealthCheck",
- listHealthChecks = "listHealthChecks"
+ listHealthChecks = "listHealthChecks",
+ createBrowserGatewayTarget = "createBrowserGatewayTarget",
+ updateBrowserGatewayTarget = "updateBrowserGatewayTarget",
+ deleteBrowserGatewayTarget = "deleteBrowserGatewayTarget",
+ getBrowserGatewayTarget = "getBrowserGatewayTarget",
+ listBrowserGatewayTargets = "listBrowserGatewayTargets",
+ listResourcePolicies = "listResourcePolicies",
+ getResourcePolicy = "getResourcePolicy",
+ createResourcePolicy = "createResourcePolicy",
+ updateResourcePolicy = "updateResourcePolicy",
+ deleteResourcePolicy = "deleteResourcePolicy",
+ listResourcePolicyRoles = "listResourcePolicyRoles",
+ setResourcePolicyRoles = "setResourcePolicyRoles",
+ listResourcePolicyUsers = "listResourcePolicyUsers",
+ setResourcePolicyUsers = "setResourcePolicyUsers",
+ setResourcePolicyPassword = "setResourcePolicyPassword",
+ setResourcePolicyPincode = "setResourcePolicyPincode",
+ setResourcePolicyHeaderAuth = "setResourcePolicyHeaderAuth",
+ setResourcePolicyWhitelist = "setResourcePolicyWhitelist",
+ setResourcePolicyRules = "setResourcePolicyRules",
+ createOrgWideLauncherView = "createOrgWideLauncherView"
}
export async function checkUserActionPermission(
@@ -185,6 +213,23 @@ export async function checkUserActionPermission(
}
}
+ // If no direct permission, check role-based permission (any of user's roles)
+ const roleActionPermission = await db
+ .select()
+ .from(roleActions)
+ .where(
+ and(
+ eq(roleActions.actionId, actionId),
+ inArray(roleActions.roleId, userOrgRoleIds),
+ eq(roleActions.orgId, req.userOrgId!)
+ )
+ )
+ .limit(1);
+
+ if (roleActionPermission.length > 0) {
+ return true;
+ }
+
// Check if the user has direct permission for the action in the current org
const userActionPermission = await db
.select()
@@ -202,20 +247,7 @@ export async function checkUserActionPermission(
return true;
}
- // If no direct permission, check role-based permission (any of user's roles)
- const roleActionPermission = await db
- .select()
- .from(roleActions)
- .where(
- and(
- eq(roleActions.actionId, actionId),
- inArray(roleActions.roleId, userOrgRoleIds),
- eq(roleActions.orgId, req.userOrgId!)
- )
- )
- .limit(1);
-
- return roleActionPermission.length > 0;
+ return false;
} catch (error) {
console.error("Error checking user action permission:", error);
throw createHttpError(
diff --git a/server/auth/canUserAccessResource.ts b/server/auth/canUserAccessResource.ts
index 2c8911490..e7d6307cf 100644
--- a/server/auth/canUserAccessResource.ts
+++ b/server/auth/canUserAccessResource.ts
@@ -1,6 +1,12 @@
import { db } from "@server/db";
-import { and, eq, inArray } from "drizzle-orm";
-import { roleResources, userResources } from "@server/db";
+import { and, eq, inArray, isNull, or } from "drizzle-orm";
+import {
+ rolePolicies,
+ roleResources,
+ resources,
+ userPolicies,
+ userResources
+} from "@server/db";
export async function canUserAccessResource({
userId,
@@ -11,9 +17,14 @@ export async function canUserAccessResource({
resourceId: number;
roleIds: number[];
}): Promise {
- const roleResourceAccess =
+ const [
+ roleResourceAccess,
+ rolePolicyAccess,
+ userResourceAccess,
+ userPolicyAccess
+ ] = await Promise.all([
roleIds.length > 0
- ? await db
+ ? db
.select()
.from(roleResources)
.where(
@@ -23,26 +34,87 @@ export async function canUserAccessResource({
)
)
.limit(1)
- : [];
-
- if (roleResourceAccess.length > 0) {
- return true;
- }
-
- const userResourceAccess = await db
- .select()
- .from(userResources)
- .where(
- and(
- eq(userResources.userId, userId),
- eq(userResources.resourceId, resourceId)
+ : [],
+ roleIds.length > 0
+ ? db
+ .select({
+ roleId: rolePolicies.roleId,
+ resourcePolicyId: rolePolicies.resourcePolicyId
+ })
+ .from(rolePolicies)
+ .innerJoin(
+ resources,
+ // Shared policy wins; only use default policy when no shared
+ // policy is assigned to the resource.
+ or(
+ eq(
+ resources.resourcePolicyId,
+ rolePolicies.resourcePolicyId
+ ),
+ and(
+ isNull(resources.resourcePolicyId),
+ eq(
+ resources.defaultResourcePolicyId,
+ rolePolicies.resourcePolicyId
+ )
+ )
+ )
+ )
+ .where(
+ and(
+ eq(resources.resourceId, resourceId),
+ inArray(rolePolicies.roleId, roleIds)
+ )
+ )
+ .limit(1)
+ : [],
+ db
+ .select()
+ .from(userResources)
+ .where(
+ and(
+ eq(userResources.userId, userId),
+ eq(userResources.resourceId, resourceId)
+ )
)
- )
- .limit(1);
+ .limit(1),
+ db
+ .select({
+ userId: userPolicies.userId,
+ resourcePolicyId: userPolicies.resourcePolicyId
+ })
+ .from(userPolicies)
+ .innerJoin(
+ resources,
+ // Shared policy wins; only use default policy when no shared
+ // policy is assigned to the resource.
+ or(
+ eq(
+ resources.resourcePolicyId,
+ userPolicies.resourcePolicyId
+ ),
+ and(
+ isNull(resources.resourcePolicyId),
+ eq(
+ resources.defaultResourcePolicyId,
+ userPolicies.resourcePolicyId
+ )
+ )
+ )
+ )
+ .where(
+ and(
+ eq(resources.resourceId, resourceId),
+ eq(userPolicies.userId, userId)
+ )
+ )
+ .limit(1)
+ ]);
- if (userResourceAccess.length > 0) {
- return true;
- }
-
- return false;
+ return (
+ roleResourceAccess.length > 0 ||
+ rolePolicyAccess.length > 0 ||
+ userResourceAccess.length > 0 ||
+ userPolicyAccess.length > 0
+ );
}
diff --git a/server/auth/sessions/app.ts b/server/auth/sessions/app.ts
index f6cae441b..19875fc68 100644
--- a/server/auth/sessions/app.ts
+++ b/server/auth/sessions/app.ts
@@ -12,7 +12,7 @@ import {
users
} from "@server/db";
import { db } from "@server/db";
-import { eq, inArray } from "drizzle-orm";
+import { and, eq, inArray, ne } from "drizzle-orm";
import config from "@server/lib/config";
import type { RandomReader } from "@oslojs/crypto/random";
import { generateRandomString } from "@oslojs/crypto/random";
@@ -136,6 +136,45 @@ export async function invalidateAllSessions(userId: string): Promise {
}
}
+export async function invalidateAllSessionsExceptCurrent(
+ userId: string,
+ currentSessionId: string
+): Promise {
+ try {
+ await db.transaction(async (trx) => {
+ const userSessions = await trx
+ .select()
+ .from(sessions)
+ .where(
+ and(
+ eq(sessions.userId, userId),
+ ne(sessions.sessionId, currentSessionId)
+ )
+ );
+
+ if (userSessions.length > 0) {
+ await trx.delete(resourceSessions).where(
+ inArray(
+ resourceSessions.userSessionId,
+ userSessions.map((s) => s.sessionId)
+ )
+ );
+ }
+
+ await trx
+ .delete(sessions)
+ .where(
+ and(
+ eq(sessions.userId, userId),
+ ne(sessions.sessionId, currentSessionId)
+ )
+ );
+ });
+ } catch (e) {
+ logger.error("Failed to invalidate user sessions except current", e);
+ }
+}
+
export function serializeSessionCookie(
token: string,
isSecure: boolean,
diff --git a/server/auth/sessions/resource.ts b/server/auth/sessions/resource.ts
index a1ae13373..08b8063f8 100644
--- a/server/auth/sessions/resource.ts
+++ b/server/auth/sessions/resource.ts
@@ -19,6 +19,9 @@ export async function createResourceSession(opts: {
userSessionId?: string | null;
whitelistId?: number | null;
accessTokenId?: string | null;
+ policyPasswordId?: number | null;
+ policyPincodeId?: number | null;
+ policyWhitelistId?: number | null;
doNotExtend?: boolean;
expiresAt?: number | null;
sessionLength?: number | null;
@@ -28,7 +31,10 @@ export async function createResourceSession(opts: {
!opts.pincodeId &&
!opts.whitelistId &&
!opts.accessTokenId &&
- !opts.userSessionId
+ !opts.userSessionId &&
+ !opts.policyPasswordId &&
+ !opts.policyPincodeId &&
+ !opts.policyWhitelistId
) {
throw new Error("Auth method must be provided");
}
@@ -49,6 +55,9 @@ export async function createResourceSession(opts: {
whitelistId: opts.whitelistId || null,
doNotExtend: opts.doNotExtend || false,
accessTokenId: opts.accessTokenId || null,
+ policyPasswordId: opts.policyPasswordId || null,
+ policyPincodeId: opts.policyPincodeId || null,
+ policyWhitelistId: opts.policyWhitelistId || null,
isRequestToken: opts.isRequestToken || false,
userSessionId: opts.userSessionId || null,
issuedAt: new Date().getTime()
diff --git a/server/db/countries.ts b/server/db/countries.ts
index 749f1183f..c668ca2ae 100644
--- a/server/db/countries.ts
+++ b/server/db/countries.ts
@@ -795,10 +795,13 @@ export const COUNTRIES = [
name: "Serbia",
code: "RS"
},
- {
- name: "Serbia and Montenegro",
- code: "CS"
- },
+ // Removed as this is a deprecated ISO country code, not supported anymore
+ // Also the individual flags for Serbia & Montenegro are already included in the list
+ // more details: https://en.wikipedia.org/wiki/ISO_3166-2:CS
+ // {
+ // name: "Serbia and Montenegro",
+ // code: "CS"
+ // },
{
name: "Seychelles",
code: "SC"
diff --git a/server/db/names.ts b/server/db/names.ts
index 6f9e12305..ebe38573d 100644
--- a/server/db/names.ts
+++ b/server/db/names.ts
@@ -1,6 +1,12 @@
import { join } from "path";
import { readFileSync } from "fs";
-import { clients, db, resources, siteResources } from "@server/db";
+import {
+ clients,
+ db,
+ resourcePolicies,
+ resources,
+ siteResources
+} from "@server/db";
import { randomInt } from "crypto";
import { exitNodes, sites } from "@server/db";
import { eq, and } from "drizzle-orm";
@@ -107,6 +113,35 @@ export async function getUniqueResourceName(orgId: string): Promise {
}
}
+export async function getUniqueResourcePolicyName(
+ orgId: string
+): Promise {
+ let loops = 0;
+ while (true) {
+ if (loops > 100) {
+ throw new Error("Could not generate a unique name");
+ }
+
+ const name = generateName();
+ const policyCount = await db
+ .select({
+ niceId: resourcePolicies.niceId,
+ orgId: resourcePolicies.orgId
+ })
+ .from(resourcePolicies)
+ .where(
+ and(
+ eq(resourcePolicies.niceId, name),
+ eq(resourcePolicies.orgId, orgId)
+ )
+ );
+ if (policyCount.length === 0) {
+ return name;
+ }
+ loops++;
+ }
+}
+
export async function getUniqueSiteResourceName(
orgId: string
): Promise {
diff --git a/server/db/pg/driver.ts b/server/db/pg/driver.ts
index 9f6901dda..9e07a6234 100644
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -87,7 +87,7 @@ function createDb() {
export const db = createDb();
export default db;
-export const primaryDb = db.$primary as typeof db; // is this typeof a problem - techincally they are different types
+export const primaryDb = db.$primary as typeof db; // is this typeof a problem - technically they are different types
export type Transaction = Parameters<
Parameters<(typeof db)["transaction"]>[0]
>[0];
diff --git a/server/db/pg/index.ts b/server/db/pg/index.ts
index f8c04ac9e..95ca9ca3b 100644
--- a/server/db/pg/index.ts
+++ b/server/db/pg/index.ts
@@ -4,3 +4,4 @@ export * from "./safeRead";
export * from "./schema/schema";
export * from "./schema/privateSchema";
export * from "./migrate";
+export { alias } from "drizzle-orm/pg-core";
diff --git a/server/db/pg/logsDriver.ts b/server/db/pg/logsDriver.ts
index 146b8fb2f..2c34136de 100644
--- a/server/db/pg/logsDriver.ts
+++ b/server/db/pg/logsDriver.ts
@@ -2,7 +2,7 @@ import { drizzle as DrizzlePostgres } from "drizzle-orm/node-postgres";
import { readConfigFile } from "@server/lib/readConfigFile";
import { withReplicas } from "drizzle-orm/pg-core";
import { build } from "@server/build";
-import { db as mainDb, primaryDb as mainPrimaryDb } from "./driver";
+import { db as mainDb } from "./driver";
import { createPool } from "./poolConfig";
function createLogsDb() {
@@ -63,8 +63,7 @@ function createLogsDb() {
})
);
} else {
- const maxReplicaConnections =
- poolConfig?.max_replica_connections || 20;
+ const maxReplicaConnections = poolConfig?.max_replica_connections || 20;
for (const conn of replicaConnections) {
const replicaPool = createPool(
conn.connection_string,
@@ -91,4 +90,4 @@ function createLogsDb() {
export const logsDb = createLogsDb();
export default logsDb;
-export const primaryLogsDb = logsDb.$primary;
\ No newline at end of file
+export const primaryLogsDb = logsDb.$primary;
diff --git a/server/db/pg/poolConfig.ts b/server/db/pg/poolConfig.ts
index f753121c1..2f3f93a62 100644
--- a/server/db/pg/poolConfig.ts
+++ b/server/db/pg/poolConfig.ts
@@ -1,5 +1,5 @@
+import config from "@server/lib/config";
import { Pool, PoolConfig } from "pg";
-import logger from "@server/logger";
export function createPoolConfig(
connectionString: string,
@@ -27,7 +27,7 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
pool.on("error", (err) => {
// This catches errors on idle clients in the pool. Without this
// handler an unexpected disconnect would crash the process.
- logger.error(
+ console.error(
`Unexpected error on idle ${label} database client: ${err.message}`
);
});
@@ -36,10 +36,32 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
// Set a statement timeout on every new connection so a single slow
// query can't block the pool forever
client.query("SET statement_timeout = '30s'").catch((err: Error) => {
- logger.warn(
+ console.warn(
`Failed to set statement_timeout on ${label} client: ${err.message}`
);
});
+
+ // Disable JIT compilation for this connection. Our hot-path queries
+ // (e.g. resource-by-domain lookups) join many tables but only ever
+ // return a handful of rows. When planner row estimates drift (e.g.
+ // due to autovacuum lag under write-heavy load), Postgres decides
+ // these plans are expensive enough to JIT-compile, which can add
+ // multiple seconds of pure compilation overhead per query and
+ // saturate the connection pool. JIT never pays off for these
+ // short-lived OLTP queries, so it's disabled outright rather than
+ // relying on statistics staying fresh.
+ //
+ // Set via a runtime SET command rather than the `options: "-c
+ // jit=off"` startup parameter: connections in SaaS mode go through
+ // a pooler (e.g. PgBouncer) that rejects arbitrary startup packet
+ // options with a protocol_violation (08P01) error.
+ if (config.getRawConfig().postgres?.pool.jit_mode == false) {
+ client.query("SET jit = off").catch((err: Error) => {
+ console.warn(
+ `Failed to set jit=off on ${label} client: ${err.message}`
+ );
+ });
+ }
});
}
@@ -60,4 +82,4 @@ export function createPool(
);
attachPoolErrorHandlers(pool, label);
return pool;
-}
\ No newline at end of file
+}
diff --git a/server/db/pg/schema/privateSchema.ts b/server/db/pg/schema/privateSchema.ts
index 229fc9ff0..cbe8a4039 100644
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -2,6 +2,7 @@ import {
pgTable,
serial,
varchar,
+ unique,
boolean,
integer,
bigint,
@@ -11,7 +12,7 @@ import {
primaryKey,
uniqueIndex
} from "drizzle-orm/pg-core";
-import { InferSelectModel } from "drizzle-orm";
+import { InferSelectModel, sql } from "drizzle-orm";
import {
domains,
orgs,
@@ -19,12 +20,13 @@ import {
roles,
users,
exitNodes,
- sessions,
- clients,
resources,
siteResources,
targetHealthCheck,
- sites
+ sites,
+ clients,
+ sessions,
+ labels
} from "./schema";
export const certificates = pgTable("certificates", {
@@ -197,6 +199,42 @@ export const remoteExitNodes = pgTable("remoteExitNode", {
})
});
+export const remoteExitNodeResources = pgTable("remoteExitNodeResources", {
+ remoteExitNodeResourceId: serial("remoteExitNodeResourceId").primaryKey(),
+ remoteExitNodeId: varchar("remoteExitNodeId")
+ .notNull()
+ .references(() => remoteExitNodes.remoteExitNodeId, {
+ onDelete: "cascade"
+ }),
+ destination: varchar("destination").notNull() // a cidr range
+});
+
+export const remoteExitNodePreferenceLabels = pgTable(
+ // this controls what sites are enforced to connect to this node
+ "remoteExitNodePreferenceLabels",
+ {
+ remoteExitNodePreferenceLabelId: serial(
+ "remoteExitNodePreferenceLabelId"
+ ).primaryKey(),
+ remoteExitNodeId: varchar("remoteExitNodeId")
+ .references(() => remoteExitNodes.remoteExitNodeId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [
+ unique("remote_exit_node_preference_label_uniq").on(
+ t.remoteExitNodeId,
+ t.labelId
+ )
+ ]
+);
+
export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
sessionId: varchar("id").primaryKey(),
remoteExitNodeId: varchar("remoteExitNodeId")
@@ -207,17 +245,28 @@ export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
});
-export const loginPage = pgTable("loginPage", {
- loginPageId: serial("loginPageId").primaryKey(),
- subdomain: varchar("subdomain"),
- fullDomain: varchar("fullDomain"),
- exitNodeId: integer("exitNodeId").references(() => exitNodes.exitNodeId, {
- onDelete: "set null"
- }),
- domainId: varchar("domainId").references(() => domains.domainId, {
- onDelete: "set null"
- })
-});
+export const loginPage = pgTable(
+ "loginPage",
+ {
+ loginPageId: serial("loginPageId").primaryKey(),
+ subdomain: varchar("subdomain"),
+ fullDomain: varchar("fullDomain"),
+ exitNodeId: integer("exitNodeId").references(
+ () => exitNodes.exitNodeId,
+ {
+ onDelete: "set null"
+ }
+ ),
+ domainId: varchar("domainId").references(() => domains.domainId, {
+ onDelete: "set null"
+ })
+ },
+ (t) => [
+ index("idx_loginpage_fulldomain")
+ .on(t.fullDomain)
+ .where(sql`${t.fullDomain} IS NOT NULL`)
+ ]
+);
export const loginPageOrg = pgTable("loginPageOrg", {
loginPageId: integer("loginPageId")
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 7fbcef621..b207b423b 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -1,5 +1,5 @@
import { randomUUID } from "crypto";
-import { InferSelectModel } from "drizzle-orm";
+import { InferSelectModel, sql } from "drizzle-orm";
import {
bigint,
boolean,
@@ -25,7 +25,8 @@ export const domains = pgTable("domains", {
certResolver: varchar("certResolver"),
customCertResolver: varchar("customCertResolver"),
preferWildcardCert: boolean("preferWildcardCert"),
- errorMessage: text("errorMessage")
+ errorMessage: text("errorMessage"),
+ lastCheckedAt: integer("lastCheckedAt")
});
export const dnsRecords = pgTable("dnsRecords", {
@@ -65,7 +66,12 @@ export const orgs = pgTable("orgs", {
sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
isBillingOrg: boolean("isBillingOrg"),
- billingOrgId: varchar("billingOrgId")
+ billingOrgId: varchar("billingOrgId"),
+ settingsEnableGlobalNewtAutoUpdate: boolean(
+ "settingsEnableGlobalNewtAutoUpdate"
+ )
+ .notNull()
+ .default(false)
});
export const orgDomains = pgTable("orgDomains", {
@@ -77,150 +83,311 @@ export const orgDomains = pgTable("orgDomains", {
.references(() => domains.domainId, { onDelete: "cascade" })
});
-export const sites = pgTable("sites", {
- siteId: serial("siteId").primaryKey(),
+export const sites = pgTable(
+ "sites",
+ {
+ siteId: serial("siteId").primaryKey(),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ niceId: varchar("niceId").notNull(),
+ exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+ onDelete: "set null"
+ }),
+ name: varchar("name").notNull(),
+ pubKey: varchar("pubKey"),
+ subnet: varchar("subnet"),
+ megabytesIn: real("bytesIn").default(0),
+ megabytesOut: real("bytesOut").default(0),
+ lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
+ type: varchar("type").notNull(), // "newt" or "wireguard"
+ online: boolean("online").notNull().default(false),
+ lastPing: integer("lastPing"),
+ address: varchar("address"),
+ endpoint: varchar("endpoint"),
+ publicKey: varchar("publicKey"),
+ lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
+ listenPort: integer("listenPort"),
+ dockerSocketEnabled: boolean("dockerSocketEnabled")
+ .notNull()
+ .default(true),
+ autoUpdateEnabled: boolean("autoUpdateEnabled")
+ .notNull()
+ .default(false),
+ autoUpdateOverrideOrg: boolean("autoUpdateOverrideOrg")
+ .notNull()
+ .default(false),
+ status: varchar("status")
+ .$type<"pending" | "approved">()
+ .default("approved")
+ },
+ (t) => [
+ index("idx_sites_exitnodeid").on(t.exitNodeId),
+ index("idx_sites_exitnode_type_siteid").on(
+ t.exitNodeId,
+ t.type,
+ t.siteId
+ ),
+ index("idx_sites_orgid_niceid").on(t.orgId, t.niceId)
+ ]
+);
+
+export const resources = pgTable(
+ "resources",
+ {
+ resourceId: serial("resourceId").primaryKey(),
+ resourcePolicyId: integer("resourcePolicyId").references(
+ () => resourcePolicies.resourcePolicyId,
+ { onDelete: "set null" }
+ ),
+ defaultResourcePolicyId: integer("defaultResourcePolicyId").references(
+ () => resourcePolicies.resourcePolicyId,
+ {
+ onDelete: "restrict"
+ }
+ ),
+ resourceGuid: varchar("resourceGuid", { length: 36 })
+ .unique()
+ .notNull()
+ .$defaultFn(() => randomUUID()),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ niceId: text("niceId").notNull(),
+ name: varchar("name").notNull(),
+ subdomain: varchar("subdomain"),
+ fullDomain: varchar("fullDomain"),
+ domainId: varchar("domainId").references(() => domains.domainId, {
+ onDelete: "set null"
+ }),
+ ssl: boolean("ssl").notNull().default(false),
+ blockAccess: boolean("blockAccess").notNull().default(false),
+ proxyPort: integer("proxyPort"),
+ sso: boolean("sso"),
+ emailWhitelistEnabled: boolean("emailWhitelistEnabled"),
+ applyRules: boolean("applyRules"),
+ enabled: boolean("enabled").notNull().default(true),
+ stickySession: boolean("stickySession").notNull().default(false),
+ tlsServerName: varchar("tlsServerName"),
+ setHostHeader: varchar("setHostHeader"),
+ enableProxy: boolean("enableProxy").default(true),
+ skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
+ onDelete: "set null"
+ }),
+ headers: text("headers"), // comma-separated list of headers to add to the request
+ proxyProtocol: boolean("proxyProtocol").notNull().default(false),
+ proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
+ maintenanceModeEnabled: boolean("maintenanceModeEnabled")
+ .notNull()
+ .default(false),
+ maintenanceModeType: text("maintenanceModeType", {
+ enum: ["forced", "automatic"]
+ }).default("forced"), // "forced" = always show, "automatic" = only when down
+ maintenanceTitle: text("maintenanceTitle"),
+ maintenanceMessage: text("maintenanceMessage"),
+ maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
+ postAuthPath: text("postAuthPath"),
+ health: varchar("health").default("unknown"), // "healthy", "unhealthy", "unknown"
+ wildcard: boolean("wildcard").notNull().default(false),
+ mode: text("mode").default("http").notNull(), // rdp, ssh, http, vnc
+ pamMode: varchar("pamMode", { length: 32 })
+ .$type<"passthrough" | "push">()
+ .default("passthrough"),
+ authDaemonMode: varchar("authDaemonMode", { length: 32 })
+ .$type<"site" | "remote" | "native">()
+ .default("site"),
+ authDaemonPort: integer("authDaemonPort").default(22123)
+ },
+ (t) => [
+ index("idx_resources_fulldomain")
+ .on(t.fullDomain)
+ .where(sql`${t.fullDomain} IS NOT NULL`),
+ index("idx_resources_niceid").on(t.niceId),
+ index("idx_resources_orgid_niceid").on(t.orgId, t.niceId)
+ ]
+);
+
+export const labels = pgTable("labels", {
+ labelId: serial("labelId").primaryKey(),
+ name: varchar("name").notNull(),
+ color: varchar("color").notNull(),
orgId: varchar("orgId")
.references(() => orgs.orgId, {
onDelete: "cascade"
})
- .notNull(),
- niceId: varchar("niceId").notNull(),
- exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
- onDelete: "set null"
- }),
- name: varchar("name").notNull(),
- pubKey: varchar("pubKey"),
- subnet: varchar("subnet"),
- megabytesIn: real("bytesIn").default(0),
- megabytesOut: real("bytesOut").default(0),
- lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
- type: varchar("type").notNull(), // "newt" or "wireguard"
- online: boolean("online").notNull().default(false),
- lastPing: integer("lastPing"),
- address: varchar("address"),
- endpoint: varchar("endpoint"),
- publicKey: varchar("publicKey"),
- lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
- listenPort: integer("listenPort"),
- dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true),
- status: varchar("status")
- .$type<"pending" | "approved">()
- .default("approved")
+ .notNull()
});
-export const resources = pgTable("resources", {
- resourceId: serial("resourceId").primaryKey(),
- resourceGuid: varchar("resourceGuid", { length: 36 })
- .unique()
- .notNull()
- .$defaultFn(() => randomUUID()),
+export const launcherViews = pgTable("launcherViews", {
+ viewId: serial("viewId").primaryKey(),
orgId: varchar("orgId")
- .references(() => orgs.orgId, {
- onDelete: "cascade"
- })
- .notNull(),
- niceId: text("niceId").notNull(),
- name: varchar("name").notNull(),
- subdomain: varchar("subdomain"),
- fullDomain: varchar("fullDomain"),
- domainId: varchar("domainId").references(() => domains.domainId, {
- onDelete: "set null"
- }),
- ssl: boolean("ssl").notNull().default(false),
- blockAccess: boolean("blockAccess").notNull().default(false),
- sso: boolean("sso").notNull().default(true),
- http: boolean("http").notNull().default(true),
- protocol: varchar("protocol").notNull(),
- proxyPort: integer("proxyPort"),
- emailWhitelistEnabled: boolean("emailWhitelistEnabled")
.notNull()
- .default(false),
- applyRules: boolean("applyRules").notNull().default(false),
- enabled: boolean("enabled").notNull().default(true),
- stickySession: boolean("stickySession").notNull().default(false),
- tlsServerName: varchar("tlsServerName"),
- setHostHeader: varchar("setHostHeader"),
- enableProxy: boolean("enableProxy").default(true),
- skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
- onDelete: "set null"
- }),
- headers: text("headers"), // comma-separated list of headers to add to the request
- proxyProtocol: boolean("proxyProtocol").notNull().default(false),
- proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
-
- maintenanceModeEnabled: boolean("maintenanceModeEnabled")
- .notNull()
- .default(false),
- maintenanceModeType: text("maintenanceModeType", {
- enum: ["forced", "automatic"]
- }).default("forced"), // "forced" = always show, "automatic" = only when down
- maintenanceTitle: text("maintenanceTitle"),
- maintenanceMessage: text("maintenanceMessage"),
- maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
- postAuthPath: text("postAuthPath"),
- health: varchar("health").default("unknown"), // "healthy", "unhealthy", "unknown"
- wildcard: boolean("wildcard").notNull().default(false)
-});
-
-export const targets = pgTable("targets", {
- targetId: serial("targetId").primaryKey(),
- resourceId: integer("resourceId")
- .references(() => resources.resourceId, {
- onDelete: "cascade"
- })
- .notNull(),
- siteId: integer("siteId")
- .references(() => sites.siteId, {
- onDelete: "cascade"
- })
- .notNull(),
- ip: varchar("ip").notNull(),
- method: varchar("method"),
- port: integer("port").notNull(),
- internalPort: integer("internalPort"),
- enabled: boolean("enabled").notNull().default(true),
- path: text("path"),
- pathMatchType: text("pathMatchType"), // exact, prefix, regex
- rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
- rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
- priority: integer("priority").notNull().default(100)
-});
-
-export const targetHealthCheck = pgTable("targetHealthCheck", {
- targetHealthCheckId: serial("targetHealthCheckId").primaryKey(),
- targetId: integer("targetId").references(() => targets.targetId, {
+ .references(() => orgs.orgId, { onDelete: "cascade" }),
+ userId: varchar("userId").references(() => users.userId, {
onDelete: "cascade"
}),
- orgId: varchar("orgId")
- .references(() => orgs.orgId, {
- onDelete: "cascade"
- })
- .notNull(),
- siteId: integer("siteId").references(() => sites.siteId, {
- onDelete: "cascade"
- }).notNull(),
- name: varchar("name"),
- hcEnabled: boolean("hcEnabled").notNull().default(false),
- hcPath: varchar("hcPath"),
- hcScheme: varchar("hcScheme"),
- hcMode: varchar("hcMode").default("http"),
- hcHostname: varchar("hcHostname"),
- hcPort: integer("hcPort"),
- hcInterval: integer("hcInterval").default(30), // in seconds
- hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
- hcTimeout: integer("hcTimeout").default(5), // in seconds
- hcHeaders: varchar("hcHeaders"),
- hcFollowRedirects: boolean("hcFollowRedirects").default(true),
- hcMethod: varchar("hcMethod").default("GET"),
- hcStatus: integer("hcStatus"), // http code
- hcHealth: text("hcHealth")
- .$type<"unknown" | "healthy" | "unhealthy">()
- .default("unknown"), // "unknown", "healthy", "unhealthy"
- hcTlsServerName: text("hcTlsServerName"),
- hcHealthyThreshold: integer("hcHealthyThreshold").default(1),
- hcUnhealthyThreshold: integer("hcUnhealthyThreshold").default(1)
+ name: varchar("name").notNull(),
+ config: text("config").notNull(),
+ isDefault: boolean("isDefault").notNull().default(false),
+ createdAt: varchar("createdAt").notNull(),
+ updatedAt: varchar("updatedAt").notNull()
});
+export const siteLabels = pgTable(
+ "siteLabels",
+ {
+ siteLabelId: serial("siteLabelId").primaryKey(),
+ siteId: integer("siteId")
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("site_label_uniq").on(t.siteId, t.labelId)]
+);
+
+export const resourceLabels = pgTable(
+ "resourceLabels",
+ {
+ resourceLabelId: serial("resourceLabelId").primaryKey(),
+ resourceId: integer("resourceId")
+ .references(() => resources.resourceId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("resource_label_uniq").on(t.resourceId, t.labelId)]
+);
+
+export const siteResourceLabels = pgTable(
+ "siteResourceLabels",
+ {
+ siteResourceLabelId: serial("siteResourceLabelId").primaryKey(),
+ siteResourceId: integer("siteResourceId")
+ .references(() => siteResources.siteResourceId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("site_resource_label_uniq").on(t.siteResourceId, t.labelId)]
+);
+
+export const clientLabels = pgTable(
+ "clientLabels",
+ {
+ clientLabelId: serial("clientLabelId").primaryKey(),
+ clientId: integer("clientId")
+ .references(() => clients.clientId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("client_label_uniq").on(t.clientId, t.labelId)]
+);
+
+export const targets = pgTable(
+ "targets",
+ {
+ targetId: serial("targetId").primaryKey(),
+ resourceId: integer("resourceId")
+ .references(() => resources.resourceId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ siteId: integer("siteId")
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ ip: varchar("ip").notNull(),
+ method: varchar("method"),
+ port: integer("port").notNull(),
+ internalPort: integer("internalPort"),
+ enabled: boolean("enabled").notNull().default(true),
+ path: text("path"),
+ pathMatchType: text("pathMatchType"), // exact, prefix, regex
+ rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
+ rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
+ priority: integer("priority").notNull().default(100),
+ mode: varchar("mode")
+ .$type<"http" | "tcp" | "udp" | "ssh" | "rdp" | "vnc">()
+ .notNull()
+ .default("http"),
+ authToken: varchar("authToken")
+ },
+ (t) => [
+ index("idx_targets_resourceid_siteid").on(t.resourceId, t.siteId),
+ index("idx_targets_site_enabled_priority_target_resource")
+ .on(t.siteId, t.priority.desc(), t.targetId, t.resourceId)
+ .where(sql`${t.enabled} = true`)
+ ]
+);
+
+export const targetHealthCheck = pgTable(
+ "targetHealthCheck",
+ {
+ targetHealthCheckId: serial("targetHealthCheckId").primaryKey(),
+ targetId: integer("targetId").references(() => targets.targetId, {
+ onDelete: "cascade"
+ }),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ siteId: integer("siteId")
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ name: varchar("name"),
+ hcEnabled: boolean("hcEnabled").notNull().default(false),
+ hcPath: varchar("hcPath"),
+ hcScheme: varchar("hcScheme"),
+ hcMode: varchar("hcMode").default("http"),
+ hcHostname: varchar("hcHostname"),
+ hcPort: integer("hcPort"),
+ hcInterval: integer("hcInterval").default(30), // in seconds
+ hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
+ hcTimeout: integer("hcTimeout").default(5), // in seconds
+ hcHeaders: varchar("hcHeaders"),
+ hcFollowRedirects: boolean("hcFollowRedirects").default(true),
+ hcMethod: varchar("hcMethod").default("GET"),
+ hcStatus: integer("hcStatus"), // http code
+ hcHealth: text("hcHealth")
+ .$type<"unknown" | "healthy" | "unhealthy">()
+ .default("unknown"), // "unknown", "healthy", "unhealthy"
+ hcTlsServerName: text("hcTlsServerName"),
+ hcHealthyThreshold: integer("hcHealthyThreshold").default(1),
+ hcUnhealthyThreshold: integer("hcUnhealthyThreshold").default(1)
+ },
+ (t) => [index("idx_targethealthcheck_targetid").on(t.targetId)]
+);
+
export const exitNodes = pgTable("exitNodes", {
exitNodeId: serial("exitNodeId").primaryKey(),
name: varchar("name").notNull(),
@@ -236,98 +403,146 @@ export const exitNodes = pgTable("exitNodes", {
region: varchar("region")
});
-export const siteResources = pgTable("siteResources", {
- // this is for the clients
- siteResourceId: serial("siteResourceId").primaryKey(),
- orgId: varchar("orgId")
- .notNull()
- .references(() => orgs.orgId, { onDelete: "cascade" }),
- networkId: integer("networkId").references(() => networks.networkId, {
- onDelete: "set null"
- }),
- defaultNetworkId: integer("defaultNetworkId").references(
- () => networks.networkId,
- {
- onDelete: "restrict"
- }
- ),
- niceId: varchar("niceId").notNull(),
- name: varchar("name").notNull(),
- ssl: boolean("ssl").notNull().default(false),
- mode: varchar("mode").$type<"host" | "cidr" | "http">().notNull(), // "host" | "cidr" | "http"
- scheme: varchar("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
- proxyPort: integer("proxyPort"), // only for port mode
- destinationPort: integer("destinationPort"), // only for port mode
- destination: varchar("destination").notNull(), // ip, cidr, hostname; validate against the mode
- enabled: boolean("enabled").notNull().default(true),
- alias: varchar("alias"),
- aliasAddress: varchar("aliasAddress"),
- tcpPortRangeString: varchar("tcpPortRangeString").notNull().default("*"),
- udpPortRangeString: varchar("udpPortRangeString").notNull().default("*"),
- disableIcmp: boolean("disableIcmp").notNull().default(false),
- authDaemonPort: integer("authDaemonPort").default(22123),
- authDaemonMode: varchar("authDaemonMode", { length: 32 })
- .$type<"site" | "remote">()
- .default("site"),
- domainId: varchar("domainId").references(() => domains.domainId, {
- onDelete: "set null"
- }),
- subdomain: varchar("subdomain"),
- fullDomain: varchar("fullDomain")
-});
-
-export const networks = pgTable("networks", {
- networkId: serial("networkId").primaryKey(),
- niceId: text("niceId"),
- name: text("name"),
- scope: varchar("scope")
- .$type<"global" | "resource">()
- .notNull()
- .default("global"),
- orgId: varchar("orgId")
- .references(() => orgs.orgId, {
- onDelete: "cascade"
- })
- .notNull()
-});
-
-export const siteNetworks = pgTable("siteNetworks", {
- siteId: integer("siteId")
- .notNull()
- .references(() => sites.siteId, {
- onDelete: "cascade"
+export const siteResources = pgTable(
+ "siteResources",
+ {
+ // this is for the clients
+ siteResourceId: serial("siteResourceId").primaryKey(),
+ orgId: varchar("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" }),
+ networkId: integer("networkId").references(() => networks.networkId, {
+ onDelete: "set null"
}),
- networkId: integer("networkId")
- .notNull()
- .references(() => networks.networkId, { onDelete: "cascade" })
-});
+ defaultNetworkId: integer("defaultNetworkId").references(
+ () => networks.networkId,
+ {
+ onDelete: "restrict"
+ }
+ ),
+ niceId: varchar("niceId").notNull(),
+ name: varchar("name").notNull(),
+ ssl: boolean("ssl").notNull().default(false),
+ mode: varchar("mode")
+ .$type<"host" | "cidr" | "http" | "ssh">()
+ .notNull(), // "host" | "cidr" | "http"
+ scheme: varchar("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
+ proxyPort: integer("proxyPort"), // only for port mode
+ destinationPort: integer("destinationPort"), // only for port mode
+ destination: varchar("destination"), // ip, cidr, hostname; validate against the mode
+ enabled: boolean("enabled").notNull().default(true),
+ alias: varchar("alias"),
+ aliasAddress: varchar("aliasAddress"),
+ tcpPortRangeString: varchar("tcpPortRangeString")
+ .notNull()
+ .default("*"),
+ udpPortRangeString: varchar("udpPortRangeString")
+ .notNull()
+ .default("*"),
+ disableIcmp: boolean("disableIcmp").notNull().default(false),
+ authDaemonPort: integer("authDaemonPort").default(22123),
+ pamMode: varchar("pamMode", { length: 32 })
+ .$type<"passthrough" | "push">()
+ .default("passthrough"),
+ authDaemonMode: varchar("authDaemonMode", { length: 32 })
+ .$type<"site" | "remote" | "native">()
+ .default("site"),
+ domainId: varchar("domainId").references(() => domains.domainId, {
+ onDelete: "set null"
+ }),
+ subdomain: varchar("subdomain"),
+ fullDomain: varchar("fullDomain")
+ },
+ (t) => [index("idx_siteresources_orgid_niceid").on(t.orgId, t.niceId)]
+);
-export const clientSiteResources = pgTable("clientSiteResources", {
- clientId: integer("clientId")
- .notNull()
- .references(() => clients.clientId, { onDelete: "cascade" }),
- siteResourceId: integer("siteResourceId")
- .notNull()
- .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
-});
+export const networks = pgTable(
+ "networks",
+ {
+ networkId: serial("networkId").primaryKey(),
+ niceId: text("niceId"),
+ name: text("name"),
+ scope: varchar("scope")
+ .$type<"global" | "resource">()
+ .notNull()
+ .default("global"),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [index("idx_networks_orgid").on(t.orgId)]
+);
-export const roleSiteResources = pgTable("roleSiteResources", {
- roleId: integer("roleId")
- .notNull()
- .references(() => roles.roleId, { onDelete: "cascade" }),
- siteResourceId: integer("siteResourceId")
- .notNull()
- .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
-});
+export const siteNetworks = pgTable(
+ "siteNetworks",
+ {
+ siteId: integer("siteId")
+ .notNull()
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ }),
+ networkId: integer("networkId")
+ .notNull()
+ .references(() => networks.networkId, { onDelete: "cascade" })
+ },
+ (t) => [
+ index("idx_sitenetworks_siteid").on(t.siteId),
+ index("idx_sitenetworks_networkid").on(t.networkId)
+ ]
+);
-export const userSiteResources = pgTable("userSiteResources", {
- userId: varchar("userId")
- .notNull()
- .references(() => users.userId, { onDelete: "cascade" }),
- siteResourceId: integer("siteResourceId")
- .notNull()
- .references(() => siteResources.siteResourceId, { onDelete: "cascade" })
-});
+export const clientSiteResources = pgTable(
+ "clientSiteResources",
+ {
+ clientId: integer("clientId")
+ .notNull()
+ .references(() => clients.clientId, { onDelete: "cascade" }),
+ siteResourceId: integer("siteResourceId")
+ .notNull()
+ .references(() => siteResources.siteResourceId, {
+ onDelete: "cascade"
+ })
+ },
+ (t) => [
+ index("idx_clientsiteresources_clientid").on(t.clientId),
+ index("idx_clientsiteresources_siteresourceid").on(t.siteResourceId)
+ ]
+);
+
+export const roleSiteResources = pgTable(
+ "roleSiteResources",
+ {
+ roleId: integer("roleId")
+ .notNull()
+ .references(() => roles.roleId, { onDelete: "cascade" }),
+ siteResourceId: integer("siteResourceId")
+ .notNull()
+ .references(() => siteResources.siteResourceId, {
+ onDelete: "cascade"
+ })
+ },
+ (t) => [index("idx_rolesiteresources_siteresourceid").on(t.siteResourceId)]
+);
+
+export const userSiteResources = pgTable(
+ "userSiteResources",
+ {
+ userId: varchar("userId")
+ .notNull()
+ .references(() => users.userId, { onDelete: "cascade" }),
+ siteResourceId: integer("siteResourceId")
+ .notNull()
+ .references(() => siteResources.siteResourceId, {
+ onDelete: "cascade"
+ })
+ },
+ (t) => [
+ index("idx_usersiteresources_userid").on(t.userId),
+ index("idx_usersiteresources_siteresourceid").on(t.siteResourceId)
+ ]
+);
export const users = pgTable("user", {
userId: varchar("id").primaryKey(),
@@ -352,15 +567,19 @@ export const users = pgTable("user", {
locale: varchar("locale")
});
-export const newts = pgTable("newt", {
- newtId: varchar("id").primaryKey(),
- secretHash: varchar("secretHash").notNull(),
- dateCreated: varchar("dateCreated").notNull(),
- version: varchar("version"),
- siteId: integer("siteId").references(() => sites.siteId, {
- onDelete: "cascade"
- })
-});
+export const newts = pgTable(
+ "newt",
+ {
+ newtId: varchar("id").primaryKey(),
+ secretHash: varchar("secretHash").notNull(),
+ dateCreated: varchar("dateCreated").notNull(),
+ version: varchar("version"),
+ siteId: integer("siteId").references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ },
+ (t) => [index("idx_newt_siteid").on(t.siteId)]
+);
export const twoFactorBackupCodes = pgTable("twoFactorBackupCodes", {
codeId: serial("id").primaryKey(),
@@ -461,29 +680,49 @@ export const userOrgRoles = pgTable(
(t) => [unique().on(t.userId, t.orgId, t.roleId)]
);
-export const roleActions = pgTable("roleActions", {
- roleId: integer("roleId")
- .notNull()
- .references(() => roles.roleId, { onDelete: "cascade" }),
- actionId: varchar("actionId")
- .notNull()
- .references(() => actions.actionId, { onDelete: "cascade" }),
- orgId: varchar("orgId")
- .notNull()
- .references(() => orgs.orgId, { onDelete: "cascade" })
-});
+export const roleActions = pgTable(
+ "roleActions",
+ {
+ roleId: integer("roleId")
+ .notNull()
+ .references(() => roles.roleId, { onDelete: "cascade" }),
+ actionId: varchar("actionId")
+ .notNull()
+ .references(() => actions.actionId, { onDelete: "cascade" }),
+ orgId: varchar("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" })
+ },
+ (t) => [
+ index("idx_roleActions_roleId_orgId_actionId").on(
+ t.roleId,
+ t.orgId,
+ t.actionId
+ )
+ ]
+);
-export const userActions = pgTable("userActions", {
- userId: varchar("userId")
- .notNull()
- .references(() => users.userId, { onDelete: "cascade" }),
- actionId: varchar("actionId")
- .notNull()
- .references(() => actions.actionId, { onDelete: "cascade" }),
- orgId: varchar("orgId")
- .notNull()
- .references(() => orgs.orgId, { onDelete: "cascade" })
-});
+export const userActions = pgTable(
+ "userActions",
+ {
+ userId: varchar("userId")
+ .notNull()
+ .references(() => users.userId, { onDelete: "cascade" }),
+ actionId: varchar("actionId")
+ .notNull()
+ .references(() => actions.actionId, { onDelete: "cascade" }),
+ orgId: varchar("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" })
+ },
+ (t) => [
+ index("idx_userActions_userId_orgId_actionId").on(
+ t.userId,
+ t.orgId,
+ t.actionId
+ )
+ ]
+);
export const roleSites = pgTable("roleSites", {
roleId: integer("roleId")
@@ -521,6 +760,38 @@ export const userResources = pgTable("userResources", {
.references(() => resources.resourceId, { onDelete: "cascade" })
});
+export const rolePolicies = pgTable("rolePolicies", {
+ roleId: integer("roleId")
+ .notNull()
+ .references(() => roles.roleId, { onDelete: "cascade" }),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const userPolicies = pgTable("userPolicies", {
+ userId: varchar("userId")
+ .notNull()
+ .references(() => users.userId, { onDelete: "cascade" }),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyWhiteList = pgTable("resourcePolicyWhitelist", {
+ whitelistId: serial("id").primaryKey(),
+ email: varchar("email").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
export const userInvites = pgTable("userInvites", {
inviteId: varchar("inviteId").primaryKey(),
orgId: varchar("orgId")
@@ -586,6 +857,40 @@ export const resourceHeaderAuthExtendedCompatibility = pgTable(
}
);
+export const resourcePolicyPincode = pgTable("resourcePolicyPincode", {
+ pincodeId: serial("pincodeId").primaryKey(),
+ pincodeHash: varchar("pincodeHash").notNull(),
+ digitLength: integer("digitLength").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyPassword = pgTable("resourcePolicyPassword", {
+ passwordId: serial("passwordId").primaryKey(),
+ passwordHash: varchar("passwordHash").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyHeaderAuth = pgTable("resourcePolicyHeaderAuth", {
+ headerAuthId: serial("headerAuthId").primaryKey(),
+ headerAuthHash: varchar("headerAuthHash").notNull(),
+ extendedCompatibility: boolean("extendedCompatibility")
+ .notNull()
+ .default(true),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
export const resourceAccessToken = pgTable("resourceAccessToken", {
accessTokenId: varchar("accessTokenId").primaryKey(),
orgId: varchar("orgId")
@@ -594,6 +899,7 @@ export const resourceAccessToken = pgTable("resourceAccessToken", {
resourceId: integer("resourceId")
.notNull()
.references(() => resources.resourceId, { onDelete: "cascade" }),
+ path: varchar("path"),
tokenHash: varchar("tokenHash").notNull(),
sessionLength: bigint("sessionLength", { mode: "number" }).notNull(),
expiresAt: bigint("expiresAt", { mode: "number" }),
@@ -641,6 +947,24 @@ export const resourceSessions = pgTable("resourceSessions", {
onDelete: "cascade"
}
),
+ policyPasswordId: integer("policyPasswordId").references(
+ () => resourcePolicyPassword.passwordId,
+ {
+ onDelete: "cascade"
+ }
+ ),
+ policyPincodeId: integer("policyPincodeId").references(
+ () => resourcePolicyPincode.pincodeId,
+ {
+ onDelete: "cascade"
+ }
+ ),
+ policyWhitelistId: integer("policyWhitelistId").references(
+ () => resourcePolicyWhiteList.whitelistId,
+ {
+ onDelete: "cascade"
+ }
+ ),
issuedAt: bigint("issuedAt", { mode: "number" })
});
@@ -675,10 +999,71 @@ export const resourceRules = pgTable("resourceRules", {
enabled: boolean("enabled").notNull().default(true),
priority: integer("priority").notNull(),
action: varchar("action").notNull(), // ACCEPT, DROP, PASS
- match: varchar("match").notNull(), // CIDR, PATH, IP
+ match: varchar("match")
+ .$type<
+ | "CIDR"
+ | "PATH"
+ | "IP"
+ | "COUNTRY"
+ | "COUNTRY_IS_NOT"
+ | "ASN"
+ | "REGION"
+ >()
+ .notNull(), // CIDR, PATH, IP
value: varchar("value").notNull()
});
+export const resourcePolicyRules = pgTable("resourcePolicyRules", {
+ ruleId: serial("ruleId").primaryKey(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ }),
+ enabled: boolean("enabled").notNull().default(true),
+ priority: integer("priority").notNull(),
+ action: varchar("action").$type<"ACCEPT" | "DROP" | "PASS">().notNull(),
+ match: varchar("match")
+ .$type<
+ | "CIDR"
+ | "PATH"
+ | "IP"
+ | "COUNTRY"
+ | "COUNTRY_IS_NOT"
+ | "ASN"
+ | "REGION"
+ >()
+ .notNull(),
+ value: varchar("value").notNull()
+});
+
+export const resourcePolicies = pgTable(
+ "resourcePolicies",
+ {
+ resourcePolicyId: serial("resourcePolicyId").primaryKey(),
+ sso: boolean("sso").notNull().default(true),
+ applyRules: boolean("applyRules").notNull().default(false),
+ scope: varchar("scope")
+ .$type<"global" | "resource">()
+ .notNull()
+ .default("global"),
+ emailWhitelistEnabled: boolean("emailWhitelistEnabled")
+ .notNull()
+ .default(false),
+ idpId: integer("idpId").references(() => idp.idpId, {
+ onDelete: "set null"
+ }),
+ niceId: text("niceId").notNull(),
+ name: varchar("name").notNull(),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [index("idx_resourcepolicies_orgid_niceid").on(t.orgId, t.niceId)]
+);
+
export const supporterKey = pgTable("supporterKey", {
keyId: serial("keyId").primaryKey(),
key: varchar("key").notNull(),
@@ -765,40 +1150,47 @@ export const idpOrg = pgTable("idpOrg", {
orgMapping: varchar("orgMapping")
});
-export const clients = pgTable("clients", {
- clientId: serial("clientId").primaryKey(),
- orgId: varchar("orgId")
- .references(() => orgs.orgId, {
+export const clients = pgTable(
+ "clients",
+ {
+ clientId: serial("clientId").primaryKey(),
+ orgId: varchar("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+ onDelete: "set null"
+ }),
+ userId: text("userId").references(() => users.userId, {
+ // optionally tied to a user and in this case delete when the user deletes
onDelete: "cascade"
- })
- .notNull(),
- exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
- onDelete: "set null"
- }),
- userId: text("userId").references(() => users.userId, {
- // optionally tied to a user and in this case delete when the user deletes
- onDelete: "cascade"
- }),
- niceId: varchar("niceId").notNull(),
- olmId: text("olmId"), // to lock it to a specific olm optionally
- name: varchar("name").notNull(),
- pubKey: varchar("pubKey"),
- subnet: varchar("subnet").notNull(),
- megabytesIn: real("bytesIn"),
- megabytesOut: real("bytesOut"),
- lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
- lastPing: integer("lastPing"),
- type: varchar("type").notNull(), // "olm"
- online: boolean("online").notNull().default(false),
- // endpoint: varchar("endpoint"),
- lastHolePunch: integer("lastHolePunch"),
- maxConnections: integer("maxConnections"),
- archived: boolean("archived").notNull().default(false),
- blocked: boolean("blocked").notNull().default(false),
- approvalState: varchar("approvalState").$type<
- "pending" | "approved" | "denied"
- >()
-});
+ }),
+ niceId: varchar("niceId").notNull(),
+ olmId: text("olmId"), // to lock it to a specific olm optionally
+ name: varchar("name").notNull(),
+ pubKey: varchar("pubKey"),
+ subnet: varchar("subnet").notNull(),
+ megabytesIn: real("bytesIn"),
+ megabytesOut: real("bytesOut"),
+ lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
+ lastPing: integer("lastPing"),
+ type: varchar("type").notNull(), // "olm"
+ online: boolean("online").notNull().default(false),
+ // endpoint: varchar("endpoint"),
+ lastHolePunch: integer("lastHolePunch"),
+ maxConnections: integer("maxConnections"),
+ archived: boolean("archived").notNull().default(false),
+ blocked: boolean("blocked").notNull().default(false),
+ approvalState: varchar("approvalState").$type<
+ "pending" | "approved" | "denied"
+ >()
+ },
+ (t) => [
+ index("idx_clients_userid").on(t.userId),
+ index("idx_clients_orgid_niceid").on(t.orgId, t.niceId)
+ ]
+);
export const clientSitesAssociationsCache = pgTable(
"clientSitesAssociationsCache",
@@ -810,7 +1202,11 @@ export const clientSitesAssociationsCache = pgTable(
isJitMode: boolean("isJitMode").notNull().default(false),
endpoint: varchar("endpoint"),
publicKey: varchar("publicKey") // this will act as the session's public key for hole punching so we can track when it changes
- }
+ },
+ (t) => [
+ primaryKey({ columns: [t.clientId, t.siteId] }),
+ index("idx_clientsitesassociationscache_siteid").on(t.siteId)
+ ]
);
export const clientSiteResourcesAssociationsCache = pgTable(
@@ -819,7 +1215,14 @@ export const clientSiteResourcesAssociationsCache = pgTable(
clientId: integer("clientId") // not a foreign key here so after its deleted the rebuild function can delete it and send the message
.notNull(),
siteResourceId: integer("siteResourceId").notNull()
- }
+ },
+ (t) => [
+ primaryKey({ columns: [t.clientId, t.siteResourceId] }),
+ index("idx_clientSiteResourcesAssociationsCache_siteResourceId").on(
+ t.siteResourceId,
+ t.clientId
+ )
+ ]
);
export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
@@ -832,23 +1235,27 @@ export const clientPostureSnapshots = pgTable("clientPostureSnapshots", {
collectedAt: integer("collectedAt").notNull()
});
-export const olms = pgTable("olms", {
- olmId: varchar("id").primaryKey(),
- secretHash: varchar("secretHash").notNull(),
- dateCreated: varchar("dateCreated").notNull(),
- version: text("version"),
- agent: text("agent"),
- name: varchar("name"),
- clientId: integer("clientId").references(() => clients.clientId, {
- // we will switch this depending on the current org it wants to connect to
- onDelete: "set null"
- }),
- userId: text("userId").references(() => users.userId, {
- // optionally tied to a user and in this case delete when the user deletes
- onDelete: "cascade"
- }),
- archived: boolean("archived").notNull().default(false)
-});
+export const olms = pgTable(
+ "olms",
+ {
+ olmId: varchar("id").primaryKey(),
+ secretHash: varchar("secretHash").notNull(),
+ dateCreated: varchar("dateCreated").notNull(),
+ version: text("version"),
+ agent: text("agent"),
+ name: varchar("name"),
+ clientId: integer("clientId").references(() => clients.clientId, {
+ // we will switch this depending on the current org it wants to connect to
+ onDelete: "set null"
+ }),
+ userId: text("userId").references(() => users.userId, {
+ // optionally tied to a user and in this case delete when the user deletes
+ onDelete: "cascade"
+ }),
+ archived: boolean("archived").notNull().default(false)
+ },
+ (t) => [index("idx_olms_clientid").on(t.clientId)]
+);
export const currentFingerprint = pgTable("currentFingerprint", {
fingerprintId: serial("id").primaryKey(),
@@ -1097,19 +1504,30 @@ export const roundTripMessageTracker = pgTable("roundTripMessageTracker", {
complete: boolean("complete").notNull().default(false)
});
-export const statusHistory = pgTable("statusHistory", {
- id: serial("id").primaryKey(),
- entityType: varchar("entityType").notNull(),
- entityId: integer("entityId").notNull(),
- orgId: varchar("orgId")
- .notNull()
- .references(() => orgs.orgId, { onDelete: "cascade" }),
- status: varchar("status").notNull(),
- timestamp: integer("timestamp").notNull(),
-}, (table) => [
- index("idx_statusHistory_entity").on(table.entityType, table.entityId, table.timestamp),
- index("idx_statusHistory_org_timestamp").on(table.orgId, table.timestamp),
-]);
+export const statusHistory = pgTable(
+ "statusHistory",
+ {
+ id: serial("id").primaryKey(),
+ entityType: varchar("entityType").notNull(),
+ entityId: integer("entityId").notNull(),
+ orgId: varchar("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" }),
+ status: varchar("status").notNull(),
+ timestamp: integer("timestamp").notNull()
+ },
+ (table) => [
+ index("idx_statusHistory_entity").on(
+ table.entityType,
+ table.entityId,
+ table.timestamp
+ ),
+ index("idx_statusHistory_org_timestamp").on(
+ table.orgId,
+ table.timestamp
+ )
+ ]
+);
export type Org = InferSelectModel;
export type User = InferSelectModel;
@@ -1147,6 +1565,16 @@ export type ResourceHeaderAuthExtendedCompatibility = InferSelectModel<
export type ResourceOtp = InferSelectModel;
export type ResourceAccessToken = InferSelectModel;
export type ResourceWhitelist = InferSelectModel;
+export type ResourcePolicyPincode = InferSelectModel<
+ typeof resourcePolicyPincode
+>;
+export type ResourcePolicyPassword = InferSelectModel<
+ typeof resourcePolicyPassword
+>;
+export type ResourcePolicyHeaderAuth = InferSelectModel<
+ typeof resourcePolicyHeaderAuth
+>;
+
export type VersionMigration = InferSelectModel;
export type ResourceRule = InferSelectModel;
export type Domain = InferSelectModel;
@@ -1179,3 +1607,9 @@ export type RoundTripMessageTracker = InferSelectModel<
>;
export type Network = InferSelectModel;
export type StatusHistory = InferSelectModel;
+export type Label = InferSelectModel;
+export type LauncherView = InferSelectModel;
+export type ResourcePolicy = InferSelectModel;
+export type RolePolicy = InferSelectModel;
+export type UserPolicy = InferSelectModel;
+export type ResourcePolicyRule = InferSelectModel;
diff --git a/server/db/queries/verifySessionQueries.ts b/server/db/queries/verifySessionQueries.ts
index 46b45b1a0..0a22e8df3 100644
--- a/server/db/queries/verifySessionQueries.ts
+++ b/server/db/queries/verifySessionQueries.ts
@@ -17,22 +17,37 @@ import {
resourceHeaderAuth,
ResourceHeaderAuth,
resourceRules,
+ resourcePolicyRules,
resources,
roleResources,
+ rolePolicies,
sessions,
userResources,
+ userPolicies,
users,
ResourceHeaderAuthExtendedCompatibility,
- resourceHeaderAuthExtendedCompatibility
+ resourceHeaderAuthExtendedCompatibility,
+ resourcePolicies,
+ resourcePolicyPincode,
+ ResourcePolicyPincode,
+ resourcePolicyPassword,
+ ResourcePolicyPassword,
+ resourcePolicyHeaderAuth,
+ ResourcePolicyHeaderAuth
} from "@server/db";
-import { and, eq, inArray, or, sql } from "drizzle-orm";
+import { alias } from "@server/db";
+import { and, eq, inArray, isNull, or, sql } from "drizzle-orm";
+import logger from "@server/logger";
export type ResourceWithAuth = {
resource: Resource | null;
- pincode: ResourcePincode | null;
- password: ResourcePassword | null;
- headerAuth: ResourceHeaderAuth | null;
+ pincode: ResourcePincode | ResourcePolicyPincode | null;
+ password: ResourcePassword | ResourcePolicyPassword | null;
+ headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
+ applyRules: boolean | null;
+ sso: boolean | null;
+ emailWhitelistEnabled: boolean | null;
org: Org;
};
@@ -57,6 +72,33 @@ export async function getResourceByDomain(
wildcardCandidates.push(`*.${parts.slice(i).join(".")}`);
}
+ const sharedPolicy = alias(resourcePolicies, "sharedPolicy");
+ const defaultPolicy = alias(resourcePolicies, "defaultPolicy");
+ const sharedPolicyPincode = alias(
+ resourcePolicyPincode,
+ "sharedPolicyPincode"
+ );
+ const defaultPolicyPincode = alias(
+ resourcePolicyPincode,
+ "defaultPolicyPincode"
+ );
+ const sharedPolicyPassword = alias(
+ resourcePolicyPassword,
+ "sharedPolicyPassword"
+ );
+ const defaultPolicyPassword = alias(
+ resourcePolicyPassword,
+ "defaultPolicyPassword"
+ );
+ const sharedPolicyHeaderAuth = alias(
+ resourcePolicyHeaderAuth,
+ "sharedPolicyHeaderAuth"
+ );
+ const defaultPolicyHeaderAuth = alias(
+ resourcePolicyHeaderAuth,
+ "defaultPolicyHeaderAuth"
+ );
+
const potentialResults = await db
.select()
.from(resources)
@@ -79,6 +121,59 @@ export async function getResourceByDomain(
resources.resourceId
)
)
+ .leftJoin(
+ sharedPolicy,
+ eq(sharedPolicy.resourcePolicyId, resources.resourcePolicyId)
+ )
+ .leftJoin(
+ sharedPolicyPincode,
+ eq(
+ sharedPolicyPincode.resourcePolicyId,
+ sharedPolicy.resourcePolicyId
+ )
+ )
+ .leftJoin(
+ sharedPolicyPassword,
+ eq(
+ sharedPolicyPassword.resourcePolicyId,
+ sharedPolicy.resourcePolicyId
+ )
+ )
+ .leftJoin(
+ sharedPolicyHeaderAuth,
+ eq(
+ sharedPolicyHeaderAuth.resourcePolicyId,
+ sharedPolicy.resourcePolicyId
+ )
+ )
+ .leftJoin(
+ defaultPolicy,
+ eq(
+ defaultPolicy.resourcePolicyId,
+ resources.defaultResourcePolicyId
+ )
+ )
+ .leftJoin(
+ defaultPolicyPincode,
+ eq(
+ defaultPolicyPincode.resourcePolicyId,
+ defaultPolicy.resourcePolicyId
+ )
+ )
+ .leftJoin(
+ defaultPolicyPassword,
+ eq(
+ defaultPolicyPassword.resourcePolicyId,
+ defaultPolicy.resourcePolicyId
+ )
+ )
+ .leftJoin(
+ defaultPolicyHeaderAuth,
+ eq(
+ defaultPolicyHeaderAuth.resourcePolicyId,
+ defaultPolicy.resourcePolicyId
+ )
+ )
.innerJoin(orgs, eq(orgs.orgId, resources.orgId))
.where(
or(
@@ -108,13 +203,51 @@ export async function getResourceByDomain(
return null;
}
+ // If a shared (custom) policy is assigned to the resource, use ONLY
+ // its values — do not fall back to the default policy. The default
+ // policy is only consulted when no shared policy is assigned at all.
+ const hasSharedPolicy = result.sharedPolicy !== null;
+
+ const effectivePolicyPincode = hasSharedPolicy
+ ? result.sharedPolicyPincode
+ : (result.defaultPolicyPincode ?? null);
+ const effectivePolicyPassword = hasSharedPolicy
+ ? result.sharedPolicyPassword
+ : (result.defaultPolicyPassword ?? null);
+ const effectivePolicyHeaderAuth = hasSharedPolicy
+ ? result.sharedPolicyHeaderAuth
+ : (result.defaultPolicyHeaderAuth ?? null);
+ const selectedPolicy = hasSharedPolicy
+ ? result.sharedPolicy
+ : result.defaultPolicy;
+ const effectiveApplyRules =
+ selectedPolicy?.applyRules ?? result.resources.applyRules;
+ const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
+ const effectiveEmailWhitelistEnabled =
+ selectedPolicy?.emailWhitelistEnabled ??
+ result.resources.emailWhitelistEnabled;
+
return {
- resource: result.resources,
- pincode: result.resourcePincode,
- password: result.resourcePassword,
- headerAuth: result.resourceHeaderAuth,
- headerAuthExtendedCompatibility:
- result.resourceHeaderAuthExtendedCompatibility,
+ resource: {
+ ...result.resources,
+ applyRules: effectiveApplyRules,
+ sso: effectiveSSO,
+ emailWhitelistEnabled: effectiveEmailWhitelistEnabled
+ }, // doing this for backward compatability so the remote nodes get the value as part of the resource struct
+ pincode: effectivePolicyPincode ?? result.resourcePincode,
+ password: effectivePolicyPassword ?? result.resourcePassword,
+ headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth,
+ headerAuthExtendedCompatibility: effectivePolicyHeaderAuth
+ ? ({
+ headerAuthExtendedCompatibilityId: 0,
+ resourceId: result.resources.resourceId,
+ extendedCompatibilityIsActivated:
+ effectivePolicyHeaderAuth.extendedCompatibility
+ } as ResourceHeaderAuthExtendedCompatibility)
+ : result.resourceHeaderAuthExtendedCompatibility,
+ applyRules: effectiveApplyRules,
+ sso: effectiveSSO,
+ emailWhitelistEnabled: effectiveEmailWhitelistEnabled,
org: result.orgs
};
}
@@ -154,58 +287,165 @@ export async function getRoleName(roleId: number): Promise {
}
/**
- * Check if role has access to resource
+ * Check if role has access to resource (direct or via resource policy)
*/
export async function getRoleResourceAccess(
resourceId: number,
roleIds: number[]
) {
- const roleResourceAccess = await db
- .select()
- .from(roleResources)
- .where(
- and(
- eq(roleResources.resourceId, resourceId),
- inArray(roleResources.roleId, roleIds)
+ const [direct, viaPolicies] = await Promise.all([
+ db
+ .select()
+ .from(roleResources)
+ .where(
+ and(
+ eq(roleResources.resourceId, resourceId),
+ inArray(roleResources.roleId, roleIds)
+ )
+ ),
+ db
+ .select({
+ roleId: rolePolicies.roleId,
+ resourcePolicyId: rolePolicies.resourcePolicyId
+ })
+ .from(rolePolicies)
+ .innerJoin(
+ resources,
+ // Shared policy wins; only use default policy when no shared
+ // policy is assigned to the resource.
+ or(
+ eq(
+ resources.resourcePolicyId,
+ rolePolicies.resourcePolicyId
+ ),
+ and(
+ isNull(resources.resourcePolicyId),
+ eq(
+ resources.defaultResourcePolicyId,
+ rolePolicies.resourcePolicyId
+ )
+ )
+ )
)
- );
+ .where(
+ and(
+ eq(resources.resourceId, resourceId),
+ inArray(rolePolicies.roleId, roleIds)
+ )
+ )
+ ]);
- return roleResourceAccess.length > 0 ? roleResourceAccess : null;
+ const combined = [...direct, ...viaPolicies];
+ return combined.length > 0 ? combined : null;
}
/**
- * Check if user has direct access to resource
+ * Check if user has access to resource (direct or via resource policy)
*/
export async function getUserResourceAccess(
userId: string,
resourceId: number
) {
- const userResourceAccess = await db
- .select()
- .from(userResources)
- .where(
- and(
- eq(userResources.userId, userId),
- eq(userResources.resourceId, resourceId)
+ const [direct, viaPolicies] = await Promise.all([
+ db
+ .select()
+ .from(userResources)
+ .where(
+ and(
+ eq(userResources.userId, userId),
+ eq(userResources.resourceId, resourceId)
+ )
)
- )
- .limit(1);
+ .limit(1),
+ db
+ .select({
+ userId: userPolicies.userId,
+ resourcePolicyId: userPolicies.resourcePolicyId
+ })
+ .from(userPolicies)
+ .innerJoin(
+ resources,
+ // Shared policy wins; only use default policy when no shared
+ // policy is assigned to the resource.
+ or(
+ eq(
+ resources.resourcePolicyId,
+ userPolicies.resourcePolicyId
+ ),
+ and(
+ isNull(resources.resourcePolicyId),
+ eq(
+ resources.defaultResourcePolicyId,
+ userPolicies.resourcePolicyId
+ )
+ )
+ )
+ )
+ .where(
+ and(
+ eq(resources.resourceId, resourceId),
+ eq(userPolicies.userId, userId)
+ )
+ )
+ .limit(1)
+ ]);
- return userResourceAccess.length > 0 ? userResourceAccess[0] : null;
+ return direct[0] ?? viaPolicies[0] ?? null;
}
/**
- * Get resource rules for a given resource
+ * Get resource rules for a given resource (direct and via resource policy)
*/
export async function getResourceRules(
resourceId: number
): Promise {
- const rules = await db
- .select()
- .from(resourceRules)
- .where(eq(resourceRules.resourceId, resourceId));
+ const [directRules, policyRules] = await Promise.all([
+ db
+ .select()
+ .from(resourceRules)
+ .where(eq(resourceRules.resourceId, resourceId)),
+ db
+ .select({
+ ruleId: resourcePolicyRules.ruleId,
+ resourceId: sql`${resourceId}`,
+ enabled: resourcePolicyRules.enabled,
+ priority: resourcePolicyRules.priority,
+ action: resourcePolicyRules.action,
+ match: resourcePolicyRules.match,
+ value: resourcePolicyRules.value
+ })
+ .from(resourcePolicyRules)
+ .innerJoin(
+ resources,
+ // Shared policy wins; only use default policy when no shared
+ // policy is assigned to the resource.
+ or(
+ eq(
+ resources.resourcePolicyId,
+ resourcePolicyRules.resourcePolicyId
+ ),
+ and(
+ isNull(resources.resourcePolicyId),
+ eq(
+ resources.defaultResourcePolicyId,
+ resourcePolicyRules.resourcePolicyId
+ )
+ )
+ )
+ )
+ .where(eq(resources.resourceId, resourceId))
+ ]);
- return rules;
+ const maxDirectPriority = directRules.reduce(
+ (max, r) => Math.max(max, r.priority),
+ 0
+ );
+ const offsetPolicyRules = policyRules.map((r) => ({
+ ...r,
+ priority: maxDirectPriority + r.priority
+ }));
+
+ return [...directRules, ...offsetPolicyRules] as ResourceRule[];
}
/**
diff --git a/server/db/sqlite/driver.ts b/server/db/sqlite/driver.ts
index 0e50d1289..a7eee52b7 100644
--- a/server/db/sqlite/driver.ts
+++ b/server/db/sqlite/driver.ts
@@ -1,6 +1,5 @@
import { drizzle as DrizzleSqlite } from "drizzle-orm/better-sqlite3";
import Database from "better-sqlite3";
-import type BetterSqlite3 from "better-sqlite3";
import * as schema from "./schema/schema";
import path from "path";
import fs from "fs";
@@ -12,68 +11,31 @@ export const exists = checkFileExists(location);
bootstrapVolume();
-/**
- * Wraps better-sqlite3 Statement to call `finalize()` immediately after
- * execution, freeing native sqlite3_stmt memory deterministically instead
- * of waiting for GC. Fixes steady off-heap growth under load (#2120).
- * WARNING: Finalizes after first execution — incompatible with drizzle's
- * reusable .prepare() builders. No such usage exists in this codebase.
- */
-function autoFinalizeStatement(
- stmt: BetterSqlite3.Statement
-): BetterSqlite3.Statement {
- const wrapExec = any>(fn: T): T => {
- return function (this: any, ...args: any[]) {
- try {
- return fn.apply(this, args);
- } finally {
- try {
- // finalize() exists on the native Statement at runtime but
- // is missing from @types/better-sqlite3.
- (stmt as any).finalize();
- } catch {
- // Already finalized — harmless
- }
- }
- } as unknown as T;
- };
-
- stmt.run = wrapExec(stmt.run);
- stmt.get = wrapExec(stmt.get);
- stmt.all = wrapExec(stmt.all);
-
- return stmt;
-}
-
function createDb() {
const sqlite = new Database(location);
if (process.env.ENABLE_SQLITE_WAL_MODE == "true") {
// Enable WAL mode — allows concurrent readers + single writer, preventing
// contention across subsystems (verifySession, Traefik, audit, ping).
+ // NOTE: journal_mode persists in the DB file once set; unsetting this
+ // env var does NOT revert an existing WAL database.
sqlite.pragma("journal_mode = WAL");
// NORMAL sync mode: safe with WAL, reduces write lock hold time.
sqlite.pragma("synchronous = NORMAL");
}
- // Wait up to 5s on SQLITE_BUSY instead of failing — prevents audit log
- // retry loops that accumulate memory.
- sqlite.pragma("busy_timeout = 5000");
+ // No busy_timeout pragma: better-sqlite3 already arms
+ // sqlite3_busy_timeout(db, 5000) via its default `timeout` option
+ // (lib/database.js), so an explicit pragma is redundant.
- // 64 MB page cache (default 2 MB) — reduces I/O round-trips on large
- // TraefikConfigManager JOINs that block the event loop.
- sqlite.pragma("cache_size = -65536");
+ // Intentionally NOT setting cache_size or mmap_size: a large page cache plus
+ // a multi-hundred-MB mmap region inflate RSS and cause page-cache thrashing
+ // on small (~1 GB) instances. Leave SQLite on its conservative defaults.
- // 256 MB memory-mapped I/O — OS serves reads from page cache directly,
- // reducing event-loop blocking.
- sqlite.pragma("mmap_size = 268435456");
-
- // Wrap prepare() so every drizzle-orm statement is auto-finalized after
- // first use, preventing sqlite3_stmt accumulation between GC cycles.
- const originalPrepare = sqlite.prepare.bind(sqlite);
- (sqlite as any).prepare = function autoFinalizePrepare(source: string) {
- return autoFinalizeStatement(originalPrepare(source));
- };
+ // Intentionally NOT wrapping prepare()/statements: better-sqlite3 finalizes
+ // sqlite3_stmt in the Statement destructor at GC, and drizzle-orm prepares a
+ // fresh statement per query (no statement cache), so statements cannot
+ // accumulate. better-sqlite3 11.x exposes no Statement.finalize() at all.
return DrizzleSqlite(sqlite, {
schema
diff --git a/server/db/sqlite/index.ts b/server/db/sqlite/index.ts
index f8c04ac9e..d1d8d7dd4 100644
--- a/server/db/sqlite/index.ts
+++ b/server/db/sqlite/index.ts
@@ -4,3 +4,4 @@ export * from "./safeRead";
export * from "./schema/schema";
export * from "./schema/privateSchema";
export * from "./migrate";
+export { alias } from "drizzle-orm/sqlite-core";
diff --git a/server/db/sqlite/schema/privateSchema.ts b/server/db/sqlite/schema/privateSchema.ts
index ae7360780..b75836e29 100644
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -12,6 +12,7 @@ import {
clients,
domains,
exitNodes,
+ labels,
orgs,
resources,
roles,
@@ -21,9 +22,6 @@ import {
targetHealthCheck,
users
} from "./schema";
-import { serial, varchar } from "drizzle-orm/mysql-core";
-import { pgTable } from "drizzle-orm/pg-core";
-import { bigint } from "zod";
export const certificates = sqliteTable("certificates", {
certId: integer("certId").primaryKey({ autoIncrement: true }),
@@ -195,6 +193,44 @@ export const remoteExitNodes = sqliteTable("remoteExitNode", {
})
});
+export const remoteExitNodeResources = sqliteTable("remoteExitNodeResources", {
+ remoteExitNodeResourceId: integer("remoteExitNodeResourceId").primaryKey({
+ autoIncrement: true
+ }),
+ remoteExitNodeId: text("remoteExitNodeId")
+ .notNull()
+ .references(() => remoteExitNodes.remoteExitNodeId, {
+ onDelete: "cascade"
+ }),
+ destination: text("destination").notNull() // a cidr range
+});
+
+export const remoteExitNodePreferenceLabels = sqliteTable(
+ // this controls what sites are enforced to connect to this node
+ "remoteExitNodePreferenceLabels",
+ {
+ remoteExitNodePreferenceLabelId: integer(
+ "remoteExitNodePreferenceLabelId"
+ ).primaryKey({ autoIncrement: true }),
+ remoteExitNodeId: text("remoteExitNodeId")
+ .references(() => remoteExitNodes.remoteExitNodeId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [
+ uniqueIndex("remote_exit_node_preference_label_uniq").on(
+ t.remoteExitNodeId,
+ t.labelId
+ )
+ ]
+);
+
export const remoteExitNodeSessions = sqliteTable("remoteExitNodeSession", {
sessionId: text("id").primaryKey(),
remoteExitNodeId: text("remoteExitNodeId")
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 423190420..4ec4916b5 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -20,8 +20,10 @@ export const domains = sqliteTable("domains", {
failed: integer("failed", { mode: "boolean" }).notNull().default(false),
tries: integer("tries").notNull().default(0),
certResolver: text("certResolver"),
+ customCertResolver: text("customCertResolver"),
preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" }),
- errorMessage: text("errorMessage")
+ errorMessage: text("errorMessage"),
+ lastCheckedAt: integer("lastCheckedAt")
});
export const dnsRecords = sqliteTable("dnsRecords", {
@@ -62,7 +64,13 @@ export const orgs = sqliteTable("orgs", {
sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
isBillingOrg: integer("isBillingOrg", { mode: "boolean" }),
- billingOrgId: text("billingOrgId")
+ billingOrgId: text("billingOrgId"),
+ settingsEnableGlobalNewtAutoUpdate: integer(
+ "settingsEnableGlobalNewtAutoUpdate",
+ { mode: "boolean" }
+ )
+ .notNull()
+ .default(false)
});
export const userDomains = sqliteTable("userDomains", {
@@ -116,11 +124,29 @@ export const sites = sqliteTable("sites", {
dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
.notNull()
.default(true),
+ autoUpdateEnabled: integer("autoUpdateEnabled", { mode: "boolean" })
+ .notNull()
+ .default(false),
+ autoUpdateOverrideOrg: integer("autoUpdateOverrideOrg", {
+ mode: "boolean"
+ })
+ .notNull()
+ .default(false),
status: text("status").$type<"pending" | "approved">().default("approved")
});
export const resources = sqliteTable("resources", {
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
+ resourcePolicyId: integer("resourcePolicyId").references(
+ () => resourcePolicies.resourcePolicyId,
+ { onDelete: "set null" }
+ ),
+ defaultResourcePolicyId: integer("defaultResourcePolicyId").references(
+ () => resourcePolicies.resourcePolicyId,
+ {
+ onDelete: "restrict"
+ }
+ ),
resourceGuid: text("resourceGuid", { length: 36 })
.unique()
.notNull()
@@ -141,16 +167,12 @@ export const resources = sqliteTable("resources", {
blockAccess: integer("blockAccess", { mode: "boolean" })
.notNull()
.default(false),
- sso: integer("sso", { mode: "boolean" }).notNull().default(true),
- http: integer("http", { mode: "boolean" }).notNull().default(true),
- protocol: text("protocol").notNull(),
proxyPort: integer("proxyPort"),
- emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
- .notNull()
- .default(false),
- applyRules: integer("applyRules", { mode: "boolean" })
- .notNull()
- .default(false),
+ sso: integer("sso", { mode: "boolean" }),
+ emailWhitelistEnabled: integer("emailWhitelistEnabled", {
+ mode: "boolean"
+ }),
+ applyRules: integer("applyRules", { mode: "boolean" }),
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
stickySession: integer("stickySession", { mode: "boolean" })
.notNull()
@@ -166,7 +188,6 @@ export const resources = sqliteTable("resources", {
.notNull()
.default(false),
proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
-
maintenanceModeEnabled: integer("maintenanceModeEnabled", {
mode: "boolean"
})
@@ -180,9 +201,123 @@ export const resources = sqliteTable("resources", {
maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
postAuthPath: text("postAuthPath"),
health: text("health").default("unknown"), // "healthy", "unhealthy", "unknown"
- wildcard: integer("wildcard", { mode: "boolean" }).notNull().default(false)
+ wildcard: integer("wildcard", { mode: "boolean" }).notNull().default(false),
+ mode: text("mode").default("http").notNull(), // rdp, ssh, http, vnc
+ pamMode: text("pamMode")
+ .$type<"passthrough" | "push">()
+ .default("passthrough"),
+ authDaemonMode: text("authDaemonMode")
+ .$type<"site" | "remote" | "native">()
+ .default("site"),
+ authDaemonPort: integer("authDaemonPort").default(22123)
});
+export const labels = sqliteTable("labels", {
+ labelId: integer("labelId").primaryKey({ autoIncrement: true }),
+ name: text("name").notNull(),
+ color: text("color").notNull(),
+ orgId: text("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+});
+
+export const launcherViews = sqliteTable("launcherViews", {
+ viewId: integer("viewId").primaryKey({ autoIncrement: true }),
+ orgId: text("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" }),
+ userId: text("userId").references(() => users.userId, {
+ onDelete: "cascade"
+ }),
+ name: text("name").notNull(),
+ config: text("config").notNull(),
+ isDefault: integer("isDefault", { mode: "boolean" })
+ .notNull()
+ .default(false),
+ createdAt: text("createdAt").notNull(),
+ updatedAt: text("updatedAt").notNull()
+});
+
+export const siteLabels = sqliteTable(
+ "siteLabels",
+ {
+ siteLabelId: integer("siteLabelId").primaryKey({ autoIncrement: true }),
+ siteId: integer("siteId")
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("site_label_uniq").on(t.siteId, t.labelId)]
+);
+
+export const resourceLabels = sqliteTable(
+ "resourceLabels",
+ {
+ resourceLabelId: integer("resourceLabelId").primaryKey({
+ autoIncrement: true
+ }),
+ resourceId: integer("resourceId")
+ .references(() => resources.resourceId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("resource_label_uniq").on(t.resourceId, t.labelId)]
+);
+
+export const siteResourceLabels = sqliteTable(
+ "siteResourceLabels",
+ {
+ siteResourceLabelId: integer("siteResourceLabelId").primaryKey({
+ autoIncrement: true
+ }),
+ siteResourceId: integer("siteResourceId")
+ .references(() => siteResources.siteResourceId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("site_resource_label_uniq").on(t.siteResourceId, t.labelId)]
+);
+
+export const clientLabels = sqliteTable(
+ "clientLabels",
+ {
+ clientLabelId: integer("clientLabelId").primaryKey({
+ autoIncrement: true
+ }),
+ clientId: integer("clientId")
+ .references(() => clients.clientId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
+ labelId: integer("labelId")
+ .references(() => labels.labelId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+ },
+ (t) => [unique("client_label_uniq").on(t.clientId, t.labelId)]
+);
+
export const targets = sqliteTable("targets", {
targetId: integer("targetId").primaryKey({ autoIncrement: true }),
resourceId: integer("resourceId")
@@ -204,7 +339,12 @@ export const targets = sqliteTable("targets", {
pathMatchType: text("pathMatchType"), // exact, prefix, regex
rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
- priority: integer("priority").notNull().default(100)
+ priority: integer("priority").notNull().default(100),
+ mode: text("mode")
+ .$type<"http" | "tcp" | "udp" | "ssh" | "rdp" | "vnc">()
+ .notNull()
+ .default("http"),
+ authToken: text("authToken")
});
export const targetHealthCheck = sqliteTable("targetHealthCheck", {
@@ -219,9 +359,11 @@ export const targetHealthCheck = sqliteTable("targetHealthCheck", {
onDelete: "cascade"
})
.notNull(),
- siteId: integer("siteId").references(() => sites.siteId, {
- onDelete: "cascade"
- }).notNull(),
+ siteId: integer("siteId")
+ .references(() => sites.siteId, {
+ onDelete: "cascade"
+ })
+ .notNull(),
name: text("name"),
hcEnabled: integer("hcEnabled", { mode: "boolean" })
.notNull()
@@ -281,11 +423,11 @@ export const siteResources = sqliteTable("siteResources", {
niceId: text("niceId").notNull(),
name: text("name").notNull(),
ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
- mode: text("mode").$type<"host" | "cidr" | "http">().notNull(), // "host" | "cidr" | "http"
+ mode: text("mode").$type<"host" | "cidr" | "http" | "ssh">().notNull(), // "host" | "cidr" | "http"
scheme: text("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
proxyPort: integer("proxyPort"), // only for port mode
destinationPort: integer("destinationPort"), // only for port mode
- destination: text("destination").notNull(), // ip, cidr, hostname
+ destination: text("destination"), // ip, cidr, hostname
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
alias: text("alias"),
aliasAddress: text("aliasAddress"),
@@ -295,8 +437,11 @@ export const siteResources = sqliteTable("siteResources", {
.notNull()
.default(false),
authDaemonPort: integer("authDaemonPort").default(22123),
+ pamMode: text("pamMode")
+ .$type<"passthrough" | "push">()
+ .default("passthrough"),
authDaemonMode: text("authDaemonMode")
- .$type<"site" | "remote">()
+ .$type<"site" | "remote" | "native">()
.default("site"),
domainId: text("domainId").references(() => domains.domainId, {
onDelete: "set null"
@@ -909,6 +1054,47 @@ export const resourceHeaderAuth = sqliteTable("resourceHeaderAuth", {
headerAuthHash: text("headerAuthHash").notNull()
});
+export const resourcePolicyPincode = sqliteTable("resourcePolicyPincode", {
+ pincodeId: integer("pincodeId").primaryKey({ autoIncrement: true }),
+ pincodeHash: text("pincodeHash").notNull(),
+ digitLength: integer("digitLength").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyPassword = sqliteTable("resourcePolicyPassword", {
+ passwordId: integer("passwordId").primaryKey({ autoIncrement: true }),
+ passwordHash: text("passwordHash").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyHeaderAuth = sqliteTable(
+ "resourcePolicyHeaderAuth",
+ {
+ headerAuthId: integer("headerAuthId").primaryKey({
+ autoIncrement: true
+ }),
+ headerAuthHash: text("headerAuthHash").notNull(),
+ extendedCompatibility: integer("extendedCompatibility", {
+ mode: "boolean"
+ })
+ .notNull()
+ .default(true),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+ }
+);
+
export const resourceHeaderAuthExtendedCompatibility = sqliteTable(
"resourceHeaderAuthExtendedCompatibility",
{
@@ -937,6 +1123,7 @@ export const resourceAccessToken = sqliteTable("resourceAccessToken", {
resourceId: integer("resourceId")
.notNull()
.references(() => resources.resourceId, { onDelete: "cascade" }),
+ path: text("path"),
tokenHash: text("tokenHash").notNull(),
sessionLength: integer("sessionLength").notNull(),
expiresAt: integer("expiresAt"),
@@ -983,6 +1170,24 @@ export const resourceSessions = sqliteTable("resourceSessions", {
onDelete: "cascade"
}
),
+ policyPasswordId: integer("policyPasswordId").references(
+ () => resourcePolicyPassword.passwordId,
+ {
+ onDelete: "cascade"
+ }
+ ),
+ policyPincodeId: integer("policyPincodeId").references(
+ () => resourcePolicyPincode.pincodeId,
+ {
+ onDelete: "cascade"
+ }
+ ),
+ policyWhitelistId: integer("policyWhitelistId").references(
+ () => resourcePolicyWhiteList.whitelistId,
+ {
+ onDelete: "cascade"
+ }
+ ),
issuedAt: integer("issuedAt")
});
@@ -1019,10 +1224,101 @@ export const resourceRules = sqliteTable("resourceRules", {
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
priority: integer("priority").notNull(),
action: text("action").notNull(), // ACCEPT, DROP, PASS
- match: text("match").notNull(), // CIDR, PATH, IP
+ match: text("match")
+ .$type<
+ | "CIDR"
+ | "PATH"
+ | "IP"
+ | "COUNTRY"
+ | "COUNTRY_IS_NOT"
+ | "ASN"
+ | "REGION"
+ >()
+ .notNull(), // CIDR, PATH, IP
value: text("value").notNull()
});
+export const rolePolicies = sqliteTable("rolePolicies", {
+ roleId: integer("roleId")
+ .notNull()
+ .references(() => roles.roleId, { onDelete: "cascade" }),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const userPolicies = sqliteTable("userPolicies", {
+ userId: text("userId")
+ .notNull()
+ .references(() => users.userId, { onDelete: "cascade" }),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyWhiteList = sqliteTable("resourcePolicyWhitelist", {
+ whitelistId: integer("id").primaryKey({ autoIncrement: true }),
+ email: text("email").notNull(),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ })
+});
+
+export const resourcePolicyRules = sqliteTable("resourcePolicyRules", {
+ ruleId: integer("ruleId").primaryKey({ autoIncrement: true }),
+ resourcePolicyId: integer("resourcePolicyId")
+ .notNull()
+ .references(() => resourcePolicies.resourcePolicyId, {
+ onDelete: "cascade"
+ }),
+ enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
+ priority: integer("priority").notNull(),
+ action: text("action").$type<"ACCEPT" | "DROP" | "PASS">().notNull(),
+ match: text("match")
+ .$type<
+ | "CIDR"
+ | "PATH"
+ | "IP"
+ | "COUNTRY"
+ | "COUNTRY_IS_NOT"
+ | "ASN"
+ | "REGION"
+ >()
+ .notNull(),
+ value: text("value").notNull()
+});
+
+export const resourcePolicies = sqliteTable("resourcePolicies", {
+ resourcePolicyId: integer("resourcePolicyId").primaryKey(),
+ sso: integer("sso", { mode: "boolean" }).notNull().default(true),
+ applyRules: integer("applyRules", { mode: "boolean" })
+ .notNull()
+ .default(false),
+ scope: text("scope")
+ .$type<"global" | "resource">()
+ .notNull()
+ .default("global"),
+ emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
+ .notNull()
+ .default(false),
+ niceId: text("niceId").notNull(),
+ idpId: integer("idpId").references(() => idp.idpId, {
+ onDelete: "set null"
+ }),
+ name: text("name").notNull(),
+ orgId: text("orgId")
+ .references(() => orgs.orgId, {
+ onDelete: "cascade"
+ })
+ .notNull()
+});
+
export const supporterKey = sqliteTable("supporterKey", {
keyId: integer("keyId").primaryKey({ autoIncrement: true }),
key: text("key").notNull(),
@@ -1196,19 +1492,30 @@ export const roundTripMessageTracker = sqliteTable("roundTripMessageTracker", {
complete: integer("complete", { mode: "boolean" }).notNull().default(false)
});
-export const statusHistory = sqliteTable("statusHistory", {
- id: integer("id").primaryKey({ autoIncrement: true }),
- entityType: text("entityType").notNull(), // "site" | "healthCheck"
- entityId: integer("entityId").notNull(), // siteId or targetHealthCheckId
- orgId: text("orgId")
- .notNull()
- .references(() => orgs.orgId, { onDelete: "cascade" }),
- status: text("status").notNull(), // "online"/"offline" for sites; "healthy"/"unhealthy"/"unknown" for healthChecks
- timestamp: integer("timestamp").notNull(), // unix epoch seconds
-}, (table) => [
- index("idx_statusHistory_entity").on(table.entityType, table.entityId, table.timestamp),
- index("idx_statusHistory_org_timestamp").on(table.orgId, table.timestamp),
-]);
+export const statusHistory = sqliteTable(
+ "statusHistory",
+ {
+ id: integer("id").primaryKey({ autoIncrement: true }),
+ entityType: text("entityType").notNull(), // "site" | "healthCheck"
+ entityId: integer("entityId").notNull(), // siteId or targetHealthCheckId
+ orgId: text("orgId")
+ .notNull()
+ .references(() => orgs.orgId, { onDelete: "cascade" }),
+ status: text("status").notNull(), // "online"/"offline" for sites; "healthy"/"unhealthy"/"unknown" for healthChecks
+ timestamp: integer("timestamp").notNull() // unix epoch seconds
+ },
+ (table) => [
+ index("idx_statusHistory_entity").on(
+ table.entityType,
+ table.entityId,
+ table.timestamp
+ ),
+ index("idx_statusHistory_org_timestamp").on(
+ table.orgId,
+ table.timestamp
+ )
+ ]
+);
export type Org = InferSelectModel;
export type User = InferSelectModel;
@@ -1278,3 +1585,17 @@ export type RoundTripMessageTracker = InferSelectModel<
typeof roundTripMessageTracker
>;
export type StatusHistory = InferSelectModel;
+export type Label = InferSelectModel;
+export type LauncherView = InferSelectModel;
+export type ResourcePolicy = InferSelectModel;
+export type ResourcePolicyPincode = InferSelectModel<
+ typeof resourcePolicyPincode
+>;
+export type ResourcePolicyPassword = InferSelectModel<
+ typeof resourcePolicyPassword
+>;
+export type ResourcePolicyHeaderAuth = InferSelectModel<
+ typeof resourcePolicyHeaderAuth
+>;
+export type RolePolicy = InferSelectModel;
+export type UserPolicy = InferSelectModel;
diff --git a/server/index.ts b/server/index.ts
index 99fd20156..53b3e9a69 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -24,6 +24,7 @@ import license from "#dynamic/license/license";
import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
import { initAcmeCertSync } from "#dynamic/lib/acmeCertSync";
import { fetchServerIp } from "@server/lib/serverIpService";
+import { startRebuildQueueProcessor } from "@server/lib/rebuildClientAssociations";
async function startServers() {
await setHostMeta();
@@ -41,6 +42,7 @@ async function startServers() {
initLogCleanupInterval();
initAcmeCertSync();
+ startRebuildQueueProcessor();
// Start all servers
const apiServer = createApiServer();
diff --git a/server/integrationApiServer.ts b/server/integrationApiServer.ts
index 5c6d50a85..104e02d5c 100644
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -157,7 +157,9 @@ function getOpenApiDocumentation() {
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z
+ .record(z.string(), z.any())
+ .nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/lib/billing/features.ts b/server/lib/billing/features.ts
index 6063b470f..ffe24a4a3 100644
--- a/server/lib/billing/features.ts
+++ b/server/lib/billing/features.ts
@@ -1,28 +1,39 @@
-export enum FeatureId {
+export enum LimitId {
USERS = "users",
SITES = "sites",
EGRESS_DATA_MB = "egressDataMb",
DOMAINS = "domains",
REMOTE_EXIT_NODES = "remoteExitNodes",
- ORGINIZATIONS = "organizations",
+ ORGANIZATIONS = "organizations",
+ PUBLIC_RESOURCES = "publicResources",
+ PRIVATE_RESOURCES = "privateResources",
+ MACHINE_CLIENTS = "machineClients",
TIER1 = "tier1"
}
-export async function getFeatureDisplayName(featureId: FeatureId): Promise {
+export async function getFeatureDisplayName(
+ featureId: LimitId
+): Promise {
switch (featureId) {
- case FeatureId.USERS:
+ case LimitId.USERS:
return "Users";
- case FeatureId.SITES:
+ case LimitId.SITES:
return "Sites";
- case FeatureId.EGRESS_DATA_MB:
+ case LimitId.EGRESS_DATA_MB:
return "Egress Data (MB)";
- case FeatureId.DOMAINS:
+ case LimitId.DOMAINS:
return "Domains";
- case FeatureId.REMOTE_EXIT_NODES:
+ case LimitId.REMOTE_EXIT_NODES:
return "Remote Exit Nodes";
- case FeatureId.ORGINIZATIONS:
+ case LimitId.ORGANIZATIONS:
return "Organizations";
- case FeatureId.TIER1:
+ case LimitId.PUBLIC_RESOURCES:
+ return "Public Resources";
+ case LimitId.PRIVATE_RESOURCES:
+ return "Private Resources";
+ case LimitId.MACHINE_CLIENTS:
+ return "Machine Clients";
+ case LimitId.TIER1:
return "Home Lab";
default:
return featureId;
@@ -30,15 +41,16 @@ export async function getFeatureDisplayName(featureId: FeatureId): Promise> = { // right now we are not charging for any data
+export const FeatureMeterIds: Partial> = {
+ // right now we are not charging for any data
// [FeatureId.EGRESS_DATA_MB]: "mtr_61Srreh9eWrExDSCe41D3Ee2Ir7Wm5YW"
};
-export const FeatureMeterIdsSandbox: Partial> = {
+export const FeatureMeterIdsSandbox: Partial> = {
// [FeatureId.EGRESS_DATA_MB]: "mtr_test_61Snh2a2m6qome5Kv41DCpkOb237B3dQ"
};
-export function getFeatureMeterId(featureId: FeatureId): string | undefined {
+export function getFeatureMeterId(featureId: LimitId): string | undefined {
if (
process.env.ENVIRONMENT == "prod" &&
process.env.SANDBOX_MODE !== "true"
@@ -49,22 +61,20 @@ export function getFeatureMeterId(featureId: FeatureId): string | undefined {
}
}
-export function getFeatureIdByMetricId(
- metricId: string
-): FeatureId | undefined {
- return (Object.entries(FeatureMeterIds) as [FeatureId, string][]).find(
+export function getFeatureIdByMetricId(metricId: string): LimitId | undefined {
+ return (Object.entries(FeatureMeterIds) as [LimitId, string][]).find(
([_, v]) => v === metricId
)?.[0];
}
-export type FeaturePriceSet = Partial>;
+export type FeaturePriceSet = Partial>;
export const tier1FeaturePriceSet: FeaturePriceSet = {
- [FeatureId.TIER1]: "price_1SzVE3D3Ee2Ir7Wm6wT5Dl3G"
+ [LimitId.TIER1]: "price_1SzVE3D3Ee2Ir7Wm6wT5Dl3G"
};
export const tier1FeaturePriceSetSandbox: FeaturePriceSet = {
- [FeatureId.TIER1]: "price_1SxgpPDCpkOb237Bfo4rIsoT"
+ [LimitId.TIER1]: "price_1SxgpPDCpkOb237Bfo4rIsoT"
};
export function getTier1FeaturePriceSet(): FeaturePriceSet {
@@ -79,11 +89,11 @@ export function getTier1FeaturePriceSet(): FeaturePriceSet {
}
export const tier2FeaturePriceSet: FeaturePriceSet = {
- [FeatureId.USERS]: "price_1SzVCcD3Ee2Ir7Wmn6U3KvPN"
+ [LimitId.USERS]: "price_1SzVCcD3Ee2Ir7Wmn6U3KvPN"
};
export const tier2FeaturePriceSetSandbox: FeaturePriceSet = {
- [FeatureId.USERS]: "price_1SxaEHDCpkOb237BD9lBkPiR"
+ [LimitId.USERS]: "price_1SxaEHDCpkOb237BD9lBkPiR"
};
export function getTier2FeaturePriceSet(): FeaturePriceSet {
@@ -98,11 +108,11 @@ export function getTier2FeaturePriceSet(): FeaturePriceSet {
}
export const tier3FeaturePriceSet: FeaturePriceSet = {
- [FeatureId.USERS]: "price_1SzVDKD3Ee2Ir7WmPtOKNusv"
+ [LimitId.USERS]: "price_1SzVDKD3Ee2Ir7WmPtOKNusv"
};
export const tier3FeaturePriceSetSandbox: FeaturePriceSet = {
- [FeatureId.USERS]: "price_1SxaEODCpkOb237BiXdCBSfs"
+ [LimitId.USERS]: "price_1SxaEODCpkOb237BiXdCBSfs"
};
export function getTier3FeaturePriceSet(): FeaturePriceSet {
@@ -116,7 +126,7 @@ export function getTier3FeaturePriceSet(): FeaturePriceSet {
}
}
-export function getFeatureIdByPriceId(priceId: string): FeatureId | undefined {
+export function getFeatureIdByPriceId(priceId: string): LimitId | undefined {
// Check all feature price sets
const allPriceSets = [
getTier1FeaturePriceSet(),
@@ -125,7 +135,7 @@ export function getFeatureIdByPriceId(priceId: string): FeatureId | undefined {
];
for (const priceSet of allPriceSets) {
- const entry = (Object.entries(priceSet) as [FeatureId, string][]).find(
+ const entry = (Object.entries(priceSet) as [LimitId, string][]).find(
([_, price]) => price === priceId
);
if (entry) {
diff --git a/server/lib/billing/getLineItems.ts b/server/lib/billing/getLineItems.ts
index d386e5e96..5df5fb8a8 100644
--- a/server/lib/billing/getLineItems.ts
+++ b/server/lib/billing/getLineItems.ts
@@ -1,19 +1,19 @@
import Stripe from "stripe";
-import { FeatureId, FeaturePriceSet } from "./features";
+import { LimitId, FeaturePriceSet } from "./features";
import { usageService } from "./usageService";
export async function getLineItems(
featurePriceSet: FeaturePriceSet,
- orgId: string,
+ orgId: string
): Promise {
- const users = await usageService.getUsage(orgId, FeatureId.USERS);
+ const users = await usageService.getUsage(orgId, LimitId.USERS);
return Object.entries(featurePriceSet).map(([featureId, priceId]) => {
let quantity: number | undefined;
- if (featureId === FeatureId.USERS) {
+ if (featureId === LimitId.USERS) {
quantity = users?.instantaneousValue || 1;
- } else if (featureId === FeatureId.TIER1) {
+ } else if (featureId === LimitId.TIER1) {
quantity = 1;
}
diff --git a/server/lib/billing/limitSet.ts b/server/lib/billing/limitSet.ts
index e45ae637d..87b1a9c17 100644
--- a/server/lib/billing/limitSet.ts
+++ b/server/lib/billing/limitSet.ts
@@ -1,70 +1,82 @@
-import { FeatureId } from "./features";
+import { LimitId } from "./features";
export type LimitSet = Partial<{
- [key in FeatureId]: {
+ [key in LimitId]: {
value: number | null; // null indicates no limit
description?: string;
};
}>;
export const freeLimitSet: LimitSet = {
- [FeatureId.SITES]: { value: 5, description: "Basic limit" },
- [FeatureId.USERS]: { value: 5, description: "Basic limit" },
- [FeatureId.DOMAINS]: { value: 5, description: "Basic limit" },
- [FeatureId.REMOTE_EXIT_NODES]: { value: 1, description: "Basic limit" },
- [FeatureId.ORGINIZATIONS]: { value: 1, description: "Basic limit" },
+ [LimitId.SITES]: { value: 5, description: "Basic limit" },
+ [LimitId.USERS]: { value: 5, description: "Basic limit" },
+ [LimitId.DOMAINS]: { value: 5, description: "Basic limit" },
+ [LimitId.REMOTE_EXIT_NODES]: { value: 1, description: "Basic limit" },
+ [LimitId.ORGANIZATIONS]: { value: 1, description: "Basic limit" },
+ [LimitId.PUBLIC_RESOURCES]: { value: 15, description: "Basic limit" },
+ [LimitId.PRIVATE_RESOURCES]: { value: 15, description: "Basic limit" },
+ [LimitId.MACHINE_CLIENTS]: { value: 5, description: "Basic limit" }
};
export const tier1LimitSet: LimitSet = {
- [FeatureId.USERS]: { value: 7, description: "Home limit" },
- [FeatureId.SITES]: { value: 10, description: "Home limit" },
- [FeatureId.DOMAINS]: { value: 10, description: "Home limit" },
- [FeatureId.REMOTE_EXIT_NODES]: { value: 1, description: "Home limit" },
- [FeatureId.ORGINIZATIONS]: { value: 1, description: "Home limit" },
+ [LimitId.USERS]: { value: 7, description: "Home limit" },
+ [LimitId.SITES]: { value: 10, description: "Home limit" },
+ [LimitId.DOMAINS]: { value: 10, description: "Home limit" },
+ [LimitId.REMOTE_EXIT_NODES]: { value: 1, description: "Home limit" },
+ [LimitId.ORGANIZATIONS]: { value: 1, description: "Home limit" },
+ [LimitId.PUBLIC_RESOURCES]: { value: 30, description: "Home limit" },
+ [LimitId.PRIVATE_RESOURCES]: { value: 30, description: "Home limit" },
+ [LimitId.MACHINE_CLIENTS]: { value: 10, description: "Home limit" }
};
export const tier2LimitSet: LimitSet = {
- [FeatureId.USERS]: {
+ [LimitId.USERS]: {
value: 50,
description: "Team limit"
},
- [FeatureId.SITES]: {
+ [LimitId.SITES]: {
value: 50,
description: "Team limit"
},
- [FeatureId.DOMAINS]: {
+ [LimitId.DOMAINS]: {
value: 50,
description: "Team limit"
},
- [FeatureId.REMOTE_EXIT_NODES]: {
+ [LimitId.REMOTE_EXIT_NODES]: {
value: 3,
description: "Team limit"
},
- [FeatureId.ORGINIZATIONS]: {
+ [LimitId.ORGANIZATIONS]: {
value: 1,
description: "Team limit"
- }
+ },
+ [LimitId.PUBLIC_RESOURCES]: { value: 150, description: "Team limit" },
+ [LimitId.PRIVATE_RESOURCES]: { value: 150, description: "Team limit" },
+ [LimitId.MACHINE_CLIENTS]: { value: 25, description: "Team limit" }
};
export const tier3LimitSet: LimitSet = {
- [FeatureId.USERS]: {
+ [LimitId.USERS]: {
value: 250,
description: "Business limit"
},
- [FeatureId.SITES]: {
+ [LimitId.SITES]: {
value: 250,
description: "Business limit"
},
- [FeatureId.DOMAINS]: {
+ [LimitId.DOMAINS]: {
value: 100,
description: "Business limit"
},
- [FeatureId.REMOTE_EXIT_NODES]: {
+ [LimitId.REMOTE_EXIT_NODES]: {
value: 20,
description: "Business limit"
},
- [FeatureId.ORGINIZATIONS]: {
+ [LimitId.ORGANIZATIONS]: {
value: 5,
description: "Business limit"
},
+ [LimitId.PUBLIC_RESOURCES]: { value: 750, description: "Business limit" },
+ [LimitId.PRIVATE_RESOURCES]: { value: 750, description: "Business limit" },
+ [LimitId.MACHINE_CLIENTS]: { value: 100, description: "Business limit" }
};
diff --git a/server/lib/billing/limitsService.ts b/server/lib/billing/limitsService.ts
index f364d6e00..e08b0fe14 100644
--- a/server/lib/billing/limitsService.ts
+++ b/server/lib/billing/limitsService.ts
@@ -1,7 +1,7 @@
import { db, limits } from "@server/db";
import { and, eq } from "drizzle-orm";
import { LimitSet } from "./limitSet";
-import { FeatureId } from "./features";
+import { LimitId } from "./features";
import logger from "@server/logger";
class LimitService {
@@ -38,7 +38,7 @@ class LimitService {
async getOrgLimit(
orgId: string,
- featureId: FeatureId
+ featureId: LimitId
): Promise {
const limitId = `${orgId}-${featureId}`;
const [limit] = await db
diff --git a/server/lib/billing/tierMatrix.ts b/server/lib/billing/tierMatrix.ts
index f44cb8bf6..7c0b591ca 100644
--- a/server/lib/billing/tierMatrix.ts
+++ b/server/lib/billing/tierMatrix.ts
@@ -16,15 +16,17 @@ export enum TierFeature {
SessionDurationPolicies = "sessionDurationPolicies", // handle downgrade by setting to default duration
PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration
AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning
- SshPam = "sshPam",
FullRbac = "fullRbac",
SiteProvisioningKeys = "siteProvisioningKeys", // handle downgrade by revoking keys if needed
SIEM = "siem", // handle downgrade by disabling SIEM integrations
- HTTPPrivateResources = "httpPrivateResources", // handle downgrade by disabling HTTP private resources
DomainNamespaces = "domainNamespaces", // handle downgrade by removing custom domain namespaces
StandaloneHealthChecks = "standaloneHealthChecks",
AlertingRules = "alertingRules",
- WildcardSubdomain = "wildcardSubdomain"
+ WildcardSubdomain = "wildcardSubdomain",
+ NewtAutoUpdate = "newtAutoUpdate",
+ ResourcePolicies = "resourcePolicies",
+ AdvancedPublicResources = "advancedPublicResources",
+ AdvancedPrivateResources = "advancedPrivateResources"
}
export const tierMatrix: Record = {
@@ -58,13 +60,15 @@ export const tierMatrix: Record = {
"enterprise"
],
[TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"],
- [TierFeature.SshPam]: ["tier1", "tier3", "enterprise"],
[TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.SiteProvisioningKeys]: ["tier3", "enterprise"],
[TierFeature.SIEM]: ["enterprise"],
- [TierFeature.HTTPPrivateResources]: ["tier3", "enterprise"],
[TierFeature.DomainNamespaces]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.StandaloneHealthChecks]: ["tier3", "enterprise"],
[TierFeature.AlertingRules]: ["tier3", "enterprise"],
- [TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"]
+ [TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"],
+ [TierFeature.NewtAutoUpdate]: ["tier1", "tier2", "tier3", "enterprise"],
+ [TierFeature.ResourcePolicies]: ["tier3", "enterprise"],
+ [TierFeature.AdvancedPublicResources]: ["tier3", "enterprise"],
+ [TierFeature.AdvancedPrivateResources]: ["tier3", "enterprise"]
};
diff --git a/server/lib/billing/usageService.ts b/server/lib/billing/usageService.ts
index 9cb24bbeb..413bdf9a3 100644
--- a/server/lib/billing/usageService.ts
+++ b/server/lib/billing/usageService.ts
@@ -9,10 +9,10 @@ import {
Transaction,
orgs
} from "@server/db";
-import { FeatureId, getFeatureMeterId } from "./features";
+import { LimitId, getFeatureMeterId } from "./features";
import logger from "@server/logger";
import { build } from "@server/build";
-import cache from "#dynamic/lib/cache";
+import { regionalCache as cache } from "#dynamic/lib/cache";
export function noop() {
if (build !== "saas") {
@@ -22,7 +22,6 @@ export function noop() {
}
export class UsageService {
-
constructor() {
if (noop()) {
return;
@@ -38,7 +37,7 @@ export class UsageService {
public async add(
orgId: string,
- featureId: FeatureId,
+ featureId: LimitId,
value: number,
transaction: any = null
): Promise {
@@ -57,7 +56,10 @@ export class UsageService {
try {
let usage;
if (transaction) {
- const orgIdToUse = await this.getBillingOrg(orgId, transaction);
+ const orgIdToUse = await this.getBillingOrg(
+ orgId,
+ transaction
+ );
usage = await this.internalAddUsage(
orgIdToUse,
featureId,
@@ -112,7 +114,7 @@ export class UsageService {
private async internalAddUsage(
orgId: string, // here the orgId is the billing org already resolved by getBillingOrg in updateCount
- featureId: FeatureId,
+ featureId: LimitId,
value: number,
trx: Transaction
): Promise {
@@ -161,7 +163,7 @@ export class UsageService {
async updateCount(
orgId: string,
- featureId: FeatureId,
+ featureId: LimitId,
value?: number,
customerId?: string
): Promise {
@@ -225,7 +227,7 @@ export class UsageService {
private async getCustomerId(
orgId: string,
- featureId: FeatureId
+ featureId: LimitId
): Promise {
const orgIdToUse = await this.getBillingOrg(orgId);
@@ -267,18 +269,19 @@ export class UsageService {
public async getUsage(
orgId: string,
- featureId: FeatureId,
+ featureId: LimitId,
trx: Transaction | typeof db = db
): Promise {
if (noop()) {
return null;
}
- const orgIdToUse = await this.getBillingOrg(orgId, trx);
-
- const usageId = `${orgIdToUse}-${featureId}`;
-
+ let orgIdToUse = orgId;
try {
+ orgIdToUse = await this.getBillingOrg(orgId, trx);
+
+ const usageId = `${orgIdToUse}-${featureId}`;
+
const [result] = await trx
.select()
.from(usage)
@@ -338,8 +341,12 @@ export class UsageService {
`Failed to get usage for ${orgIdToUse}/${featureId}:`,
error
);
- throw error;
+ if (process.env.NODE_ENV !== "development") {
+ throw error;
+ }
}
+
+ return null;
}
public async getBillingOrg(
@@ -374,7 +381,7 @@ export class UsageService {
public async checkLimitSet(
orgId: string,
- featureId?: FeatureId,
+ featureId?: LimitId,
usage?: Usage,
trx: Transaction | typeof db = db
): Promise {
@@ -382,13 +389,13 @@ export class UsageService {
return false;
}
- const orgIdToUse = await this.getBillingOrg(orgId, trx);
-
// This method should check the current usage against the limits set for the organization
// and kick out all of the sites on the org
let hasExceededLimits = false;
-
+ let orgIdToUse = orgId;
try {
+ orgIdToUse = await this.getBillingOrg(orgId, trx);
+
let orgLimits: Limit[] = [];
if (featureId) {
// Get all limits set for this organization
@@ -422,7 +429,7 @@ export class UsageService {
} else {
currentUsage = await this.getUsage(
orgIdToUse,
- limit.featureId as FeatureId,
+ limit.featureId as LimitId,
trx
);
}
diff --git a/server/lib/blueprints/applyBlueprint.ts b/server/lib/blueprints/applyBlueprint.ts
index 8ca66971a..c62dd4735 100644
--- a/server/lib/blueprints/applyBlueprint.ts
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -3,29 +3,43 @@ import {
newts,
blueprints,
Blueprint,
- Site,
siteResources,
roleSiteResources,
userSiteResources,
clientSiteResources
} from "@server/db";
-import { Config, ConfigSchema } from "./types";
-import { ProxyResourcesResults, updateProxyResources } from "./proxyResources";
+import { Config, ConfigSchema, isTargetsOnlyResource } from "./types";
+import {
+ PublicResourcesResults,
+ updatePublicResources
+} from "./publicResources";
import { fromError } from "zod-validation-error";
import logger from "@server/logger";
import { sites } from "@server/db";
import { eq, and, isNotNull } from "drizzle-orm";
-import { addTargets as addProxyTargets } from "@server/routers/newt/targets";
-import { addTargets as addClientTargets } from "@server/routers/client/targets";
+import {
+ addTargets as addProxyTargets,
+ sendBrowserGatewayTargets
+} from "@server/routers/newt/targets";
import {
ClientResourcesResults,
- updateClientResources
-} from "./clientResources";
+ updatePrivateResources
+} from "./privateResources";
+import { updateResourcePolicies } from "./resourcePolicies";
import { BlueprintSource } from "@server/routers/blueprints/types";
import { stringify as stringifyYaml } from "yaml";
-import { faker } from "@faker-js/faker";
-import { handleMessagingForUpdatedSiteResource } from "@server/routers/siteResource";
-import { rebuildClientAssociationsFromSiteResource } from "../rebuildClientAssociations";
+import { generateName } from "@server/db/names";
+import {
+ handleMessagingForUpdatedSiteResource,
+ rebuildClientAssociationsFromSiteResource,
+ waitForSiteResourceRebuildIdle
+} from "../rebuildClientAssociations";
+import { build } from "@server/build";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import next from "next";
+import { LimitId } from "../billing";
+import { usageService } from "../billing/usageService";
type ApplyBlueprintArgs = {
orgId: string;
@@ -42,40 +56,39 @@ export async function applyBlueprint({
name,
source = "API"
}: ApplyBlueprintArgs): Promise {
- // Validate the input data
- const validationResult = ConfigSchema.safeParse(configData);
- if (!validationResult.success) {
- throw new Error(fromError(validationResult.error).toString());
- }
-
- const config: Config = validationResult.data;
let blueprintSucceeded: boolean = false;
- let blueprintMessage: string;
+ let blueprintMessage = "";
let error: any | null = null;
try {
- let proxyResourcesResults: ProxyResourcesResults = [];
- let clientResourcesResults: ClientResourcesResults = [];
- await db.transaction(async (trx) => {
- proxyResourcesResults = await updateProxyResources(
- orgId,
- config,
- trx,
- siteId
- );
- clientResourcesResults = await updateClientResources(
- orgId,
- config,
- trx,
- siteId
- );
+ const validationResult = ConfigSchema.safeParse(configData);
+ if (!validationResult.success) {
+ throw new Error(fromError(validationResult.error).toString());
+ }
- logger.debug(
- `Successfully updated proxy resources for org ${orgId}: ${JSON.stringify(proxyResourcesResults)}`
+ const config: Config = validationResult.data;
+
+ let publicResourcesResults: PublicResourcesResults = [];
+ let privateResourcesResults: ClientResourcesResults = [];
+
+ await db.transaction(async (trx) => {
+ await updateResourcePolicies(orgId, config, trx);
+
+ publicResourcesResults = await updatePublicResources(
+ orgId,
+ config,
+ trx,
+ siteId
+ );
+ privateResourcesResults = await updatePrivateResources(
+ orgId,
+ config,
+ trx,
+ siteId
);
// We need to update the targets on the newts from the successfully updated information
- for (const result of proxyResourcesResults) {
+ for (const result of publicResourcesResults) {
for (const target of result.targetsToUpdate) {
const [site] = await trx
.select()
@@ -102,178 +115,63 @@ export async function applyBlueprint({
(hc) => hc.targetId === target.targetId
);
- await addProxyTargets(
- site.newt.newtId,
- [target],
- matchingHealthcheck ? [matchingHealthcheck] : [],
- result.proxyResource.protocol,
- site.newt.version
- );
+ if (["http", "tcp", "udp"].includes(target.mode)) {
+ await addProxyTargets(
+ site.newt.newtId,
+ [target],
+ matchingHealthcheck
+ ? [matchingHealthcheck]
+ : [],
+ result.proxyResource.mode === "udp"
+ ? "udp"
+ : "tcp",
+ site.newt.version
+ );
+ } else if (
+ ["ssh", "rdp", "vnc"].includes(target.mode)
+ ) {
+ await sendBrowserGatewayTargets(
+ site.newt.newtId,
+ [target],
+ site.newt.version
+ );
+ }
}
}
}
logger.debug(
- `Successfully updated client resources for org ${orgId}: ${JSON.stringify(clientResourcesResults)}`
+ `Successfully updated public resources for org ${orgId}: ${JSON.stringify(publicResourcesResults)}`
);
// We need to update the targets on the newts from the successfully updated information
- for (const result of clientResourcesResults) {
- if (
- result.oldSiteResource &&
- JSON.stringify(result.newSites?.sort()) !==
- JSON.stringify(result.oldSites?.sort())
- ) {
- // query existing associations
- const existingRoleIds = await trx
- .select()
- .from(roleSiteResources)
- .where(
- eq(
- roleSiteResources.siteResourceId,
- result.oldSiteResource.siteResourceId
- )
+ for (const result of privateResourcesResults) {
+ rebuildClientAssociationsFromSiteResource(
+ result.newSiteResource
+ )
+ .then(() =>
+ waitForSiteResourceRebuildIdle(
+ result.newSiteResource.siteResourceId
)
- .then((rows) => rows.map((row) => row.roleId));
-
- const existingUserIds = await trx
- .select()
- .from(userSiteResources)
- .where(
- eq(
- userSiteResources.siteResourceId,
- result.oldSiteResource.siteResourceId
- )
+ )
+ .then(() =>
+ handleMessagingForUpdatedSiteResource(
+ result.oldSiteResource,
+ result.newSiteResource,
+ result.oldSites.map((s) => s.siteId),
+ result.newSites.map((s) => s.siteId)
)
- .then((rows) => rows.map((row) => row.userId));
-
- const existingClientIds = await trx
- .select()
- .from(clientSiteResources)
- .where(
- eq(
- clientSiteResources.siteResourceId,
- result.oldSiteResource.siteResourceId
- )
- )
- .then((rows) => rows.map((row) => row.clientId));
-
- // delete the existing site resource
- await trx
- .delete(siteResources)
- .where(
- and(
- eq(
- siteResources.siteResourceId,
- result.oldSiteResource.siteResourceId
- )
- )
+ )
+ .catch((e) => {
+ logger.error(
+ `Failed to rebuild and handle messaging for site resource ${result.newSiteResource.siteResourceId}. Error: ${e}`
);
-
- await rebuildClientAssociationsFromSiteResource(
- result.oldSiteResource,
- trx
- );
-
- const [insertedSiteResource] = await trx
- .insert(siteResources)
- .values({
- ...result.newSiteResource
- })
- .returning();
-
- // wait some time to allow for messages to be handled
- await new Promise((resolve) => setTimeout(resolve, 750));
-
- //////////////////// update the associations ////////////////////
-
- if (existingRoleIds.length > 0) {
- await trx.insert(roleSiteResources).values(
- existingRoleIds.map((roleId) => ({
- roleId,
- siteResourceId:
- insertedSiteResource!.siteResourceId
- }))
- );
- }
-
- if (existingUserIds.length > 0) {
- await trx.insert(userSiteResources).values(
- existingUserIds.map((userId) => ({
- userId,
- siteResourceId:
- insertedSiteResource!.siteResourceId
- }))
- );
- }
-
- if (existingClientIds.length > 0) {
- await trx.insert(clientSiteResources).values(
- existingClientIds.map((clientId) => ({
- clientId,
- siteResourceId:
- insertedSiteResource!.siteResourceId
- }))
- );
- }
-
- await rebuildClientAssociationsFromSiteResource(
- insertedSiteResource,
- trx
- );
- } else {
- let good = true;
- for (const newSite of result.newSites) {
- const [site] = await trx
- .select()
- .from(sites)
- .innerJoin(newts, eq(sites.siteId, newts.siteId))
- .where(
- and(
- eq(sites.siteId, newSite.siteId),
- eq(sites.orgId, orgId),
- eq(sites.type, "newt"),
- isNotNull(sites.pubKey)
- )
- )
- .limit(1);
-
- if (!site) {
- logger.debug(
- `No newt sites found for client resource ${result.newSiteResource.siteResourceId}, skipping target update`
- );
- good = false;
- break;
- }
-
- logger.debug(
- `Updating client resource ${result.newSiteResource.siteResourceId} on site ${newSite.siteId}`
- );
- }
-
- if (!good) {
- continue;
- }
-
- await handleMessagingForUpdatedSiteResource(
- result.oldSiteResource,
- result.newSiteResource,
- result.newSites.map((site) => ({
- siteId: site.siteId,
- orgId: result.newSiteResource.orgId
- })),
- trx
- );
- }
-
- // await addClientTargets(
- // site.newt.newtId,
- // result.resource.destination,
- // result.resource.destinationPort,
- // result.resource.protocol,
- // result.resource.proxyPort
- // );
+ });
}
+
+ logger.debug(
+ `Successfully updated private resources for org ${orgId}: ${JSON.stringify(privateResourcesResults)}`
+ );
});
blueprintSucceeded = true;
@@ -281,7 +179,9 @@ export async function applyBlueprint({
} catch (err) {
blueprintSucceeded = false;
blueprintMessage = `Blueprint applied with errors: ${err}`;
- logger.error(blueprintMessage);
+ logger.debug(
+ `Org ${orgId} blueprint apply issues: ${blueprintMessage}`
+ );
error = err;
}
@@ -291,9 +191,7 @@ export async function applyBlueprint({
.insert(blueprints)
.values({
orgId,
- name:
- name ??
- `${faker.word.adjective()}-${faker.word.adjective()}-${faker.word.noun()}`,
+ name: name ?? generateName(),
contents: stringifyYaml(configData),
createdAt: Math.floor(Date.now() / 1000),
succeeded: blueprintSucceeded,
diff --git a/server/lib/blueprints/applyNewtDockerBlueprint.ts b/server/lib/blueprints/applyNewtDockerBlueprint.ts
index eb5fc7877..59e7103d8 100644
--- a/server/lib/blueprints/applyNewtDockerBlueprint.ts
+++ b/server/lib/blueprints/applyNewtDockerBlueprint.ts
@@ -1,10 +1,56 @@
import { sendToClient } from "#dynamic/routers/ws";
import { processContainerLabels } from "./parseDockerContainers";
import { applyBlueprint } from "./applyBlueprint";
+import { PrivateResourceSchema, PublicResourceSchema } from "./types";
import { db, sites } from "@server/db";
import { eq } from "drizzle-orm";
import logger from "@server/logger";
+type BlueprintResult = ReturnType;
+
+function filterInvalidResources(blueprint: BlueprintResult): {
+ skippedCount: number;
+ skippedKeys: string[];
+} {
+ const skippedKeys: string[] = [];
+
+ for (const section of ["proxy-resources", "public-resources"] as const) {
+ const resources = blueprint[section];
+ for (const [key, value] of Object.entries(resources)) {
+ const result = PublicResourceSchema.safeParse(value);
+ if (!result.success) {
+ const errors = result.error.issues
+ .map((i) => `${i.path.join(".")}: ${i.message}`)
+ .join("; ");
+ logger.warn(
+ `Skipping invalid Docker ${section} "${key}": ${errors}`
+ );
+ delete resources[key];
+ skippedKeys.push(`${section}.${key}`);
+ }
+ }
+ }
+
+ for (const section of ["client-resources", "private-resources"] as const) {
+ const resources = blueprint[section];
+ for (const [key, value] of Object.entries(resources)) {
+ const result = PrivateResourceSchema.safeParse(value);
+ if (!result.success) {
+ const errors = result.error.issues
+ .map((i) => `${i.path.join(".")}: ${i.message}`)
+ .join("; ");
+ logger.warn(
+ `Skipping invalid Docker ${section} "${key}": ${errors}`
+ );
+ delete resources[key];
+ skippedKeys.push(`${section}.${key}`);
+ }
+ }
+ }
+
+ return { skippedCount: skippedKeys.length, skippedKeys };
+}
+
export async function applyNewtDockerBlueprint(
siteId: number,
newtId: string,
@@ -21,17 +67,27 @@ export async function applyNewtDockerBlueprint(
return;
}
- // logger.debug(`Applying Docker blueprint to site: ${siteId}`);
- // logger.debug(`Containers: ${JSON.stringify(containers, null, 2)}`);
+ let skippedCount = 0;
+ let skippedKeys: string[] = [];
try {
- const blueprint = processContainerLabels(containers);
+ // Some Newt clients can report null/undefined containers when Docker
+ // labels are unavailable. Treat that as an empty blueprint payload.
+ const safeContainers = Array.isArray(containers) ? containers : [];
+ const blueprint = processContainerLabels(safeContainers);
- logger.debug(`Received Docker blueprint: ${JSON.stringify(blueprint)}`);
+ logger.debug(
+ `Received Docker blueprint with ${Object.keys(blueprint["proxy-resources"]).length} proxy, ${Object.keys(blueprint["client-resources"]).length} client resource(s)`
+ );
- // make sure this is not an empty object
- if (isEmptyObject(blueprint)) {
- return;
+ const filterResult = filterInvalidResources(blueprint);
+ skippedCount = filterResult.skippedCount;
+ skippedKeys = filterResult.skippedKeys;
+
+ if (skippedCount > 0) {
+ logger.warn(
+ `Filtered ${skippedCount} invalid resource(s) from Docker blueprint: ${skippedKeys.join(", ")}`
+ );
}
if (
@@ -40,6 +96,15 @@ export async function applyNewtDockerBlueprint(
isEmptyObject(blueprint["public-resources"]) &&
isEmptyObject(blueprint["private-resources"])
) {
+ if (skippedCount > 0) {
+ await sendToClient(newtId, {
+ type: "newt/blueprint/results",
+ data: {
+ success: false,
+ message: `All resources were invalid and skipped: ${skippedKeys.join(", ")}`
+ }
+ });
+ }
return;
}
@@ -51,7 +116,7 @@ export async function applyNewtDockerBlueprint(
source: "NEWT"
});
} catch (error) {
- logger.error(`Failed to update database from config: ${error}`);
+ logger.debug(`Failed to update database from config: ${error}`);
await sendToClient(newtId, {
type: "newt/blueprint/results",
data: {
@@ -66,7 +131,10 @@ export async function applyNewtDockerBlueprint(
type: "newt/blueprint/results",
data: {
success: true,
- message: "Config updated successfully"
+ message:
+ skippedCount > 0
+ ? `Config updated successfully. Skipped ${skippedCount} invalid resource(s): ${skippedKeys.join(", ")}`
+ : "Config updated successfully"
}
});
}
diff --git a/server/lib/blueprints/clientResources.ts b/server/lib/blueprints/privateResources.ts
similarity index 84%
rename from server/lib/blueprints/clientResources.ts
rename to server/lib/blueprints/privateResources.ts
index c097f2d68..74a1f618f 100644
--- a/server/lib/blueprints/clientResources.ts
+++ b/server/lib/blueprints/privateResources.ts
@@ -23,6 +23,14 @@ import logger from "@server/logger";
import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
import { getNextAvailableAliasAddress } from "../ip";
import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
+import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
+import { tierMatrix } from "../billing/tierMatrix";
+import { build } from "@server/build";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import next from "next";
+import { LimitId } from "../billing";
+import { usageService } from "../billing/usageService";
async function getDomainForSiteResource(
siteResourceId: number | undefined,
@@ -103,7 +111,7 @@ export type ClientResourcesResults = {
oldSites: { siteId: number }[];
}[];
-export async function updateClientResources(
+export async function updatePrivateResources(
orgId: string,
config: Config,
trx: Transaction,
@@ -114,6 +122,30 @@ export async function updateClientResources(
for (const [resourceNiceId, resourceData] of Object.entries(
config["client-resources"]
)) {
+ if (resourceData.mode === "http") {
+ const hasHttpFeature = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.advancedPrivateResources
+ );
+ if (!hasHttpFeature) {
+ throw new Error(
+ "HTTP private resources are not included in your current plan. Please upgrade."
+ );
+ }
+ }
+
+ if (resourceData.mode === "ssh") {
+ const hasSshFeature = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.advancedPrivateResources
+ );
+ if (!hasSshFeature) {
+ throw new Error(
+ "SSH private resources are not included in your current plan. Please upgrade."
+ );
+ }
+ }
+
const [existingResource] = await trx
.select()
.from(siteResources)
@@ -227,7 +259,11 @@ export async function updateClientResources(
: resourceData["udp-ports"],
fullDomain: resourceData["full-domain"] || null,
subdomain: domainInfo ? domainInfo.subdomain : null,
- domainId: domainInfo ? domainInfo.domainId : null
+ domainId: domainInfo ? domainInfo.domainId : null,
+ pamMode: resourceData["auth-daemon"]?.pam || "passthrough",
+ authDaemonMode:
+ resourceData["auth-daemon"]?.mode || "native",
+ authDaemonPort: resourceData["auth-daemon"]?.port || 22123
})
.where(
eq(
@@ -362,7 +398,9 @@ export async function updateClientResources(
}))
);
existingRoles.push(created);
- logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
+ logger.info(
+ `Auto-created role "${name}" in org ${orgId} from blueprint`
+ );
}
const roleIds = existingRoles.map((role) => role.roleId);
@@ -381,9 +419,47 @@ export async function updateClientResources(
oldSites: existingSiteIds
});
} else {
+ // create a brand new resource
+
+ if (build == "saas") {
+ const usage = await usageService.getUsage(
+ orgId,
+ LimitId.PRIVATE_RESOURCES
+ );
+ if (!usage) {
+ throw new Error(
+ `Usage data not found for org ${orgId} and limit ${LimitId.PRIVATE_RESOURCES}`
+ );
+ }
+ const rejectResource = await usageService.checkLimitSet(
+ orgId,
+
+ LimitId.PRIVATE_RESOURCES,
+ {
+ ...usage,
+ instantaneousValue: (usage.instantaneousValue || 0) + 1
+ } // We need to add one to know if we are violating the limit
+ );
+ if (rejectResource) {
+ throw new Error(
+ "Private resource limit exceeded. Please upgrade your plan."
+ );
+ }
+ }
+
let aliasAddress: string | null = null;
- if (resourceData.mode === "host" || resourceData.mode === "http") {
- aliasAddress = await getNextAvailableAliasAddress(orgId, trx);
+ let releaseAliasLock: (() => Promise) | null = null;
+ if (
+ resourceData.mode === "host" ||
+ resourceData.mode === "http" ||
+ resourceData.mode === "ssh"
+ ) {
+ const { value, release } = await getNextAvailableAliasAddress(
+ orgId,
+ trx
+ );
+ aliasAddress = value;
+ releaseAliasLock = release;
}
let domainInfo:
@@ -437,10 +513,16 @@ export async function updateClientResources(
: resourceData["udp-ports"],
fullDomain: resourceData["full-domain"] || null,
subdomain: domainInfo ? domainInfo.subdomain : null,
- domainId: domainInfo ? domainInfo.domainId : null
+ domainId: domainInfo ? domainInfo.domainId : null,
+ pamMode: resourceData["auth-daemon"]?.pam || "passthrough",
+ authDaemonMode:
+ resourceData["auth-daemon"]?.mode || "native",
+ authDaemonPort: resourceData["auth-daemon"]?.port || 22123
})
.returning();
+ await releaseAliasLock?.();
+
const siteResourceId = newResource.siteResourceId;
for (const site of allSites) {
@@ -494,7 +576,9 @@ export async function updateClientResources(
}))
);
existingRoles.push(created);
- logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
+ logger.info(
+ `Auto-created role "${name}" in org ${orgId} from blueprint`
+ );
}
const roleIds = existingRoles.map((role) => role.roleId);
@@ -559,6 +643,8 @@ export async function updateClientResources(
`Created new client resource ${newResource.name} (${newResource.siteResourceId}) for org ${orgId}`
);
+ await usageService.add(orgId, LimitId.PRIVATE_RESOURCES, 1, trx);
+
results.push({
newSiteResource: newResource,
newSites: allSites,
diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts
deleted file mode 100644
index cc275a13d..000000000
--- a/server/lib/blueprints/proxyResources.ts
+++ /dev/null
@@ -1,1278 +0,0 @@
-import {
- domains,
- domainNamespaces,
- orgDomains,
- Resource,
- resourceHeaderAuth,
- resourceHeaderAuthExtendedCompatibility,
- resourcePincode,
- resourceRules,
- resourceWhitelist,
- roleActions,
- roleResources,
- roles,
- Target,
- TargetHealthCheck,
- targetHealthCheck,
- Transaction,
- userOrgs,
- userResources,
- users
-} from "@server/db";
-import { resources, targets, sites } from "@server/db";
-import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
-import {
- Config,
- ConfigSchema,
- isTargetsOnlyResource,
- TargetData
-} from "./types";
-import logger from "@server/logger";
-import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
-import { pickPort } from "@server/routers/target/helpers";
-import { resourcePassword } from "@server/db";
-import { hashPassword } from "@server/auth/password";
-import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
-import { isValidRegionId } from "@server/db/regions";
-import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
-import { fireHealthCheckUnknownAlert } from "@server/lib/alerts";
-import { tierMatrix } from "../billing/tierMatrix";
-import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
-
-export type ProxyResourcesResults = {
- proxyResource: Resource;
- targetsToUpdate: Target[];
- healthchecksToUpdate: TargetHealthCheck[];
-}[];
-
-export async function updateProxyResources(
- orgId: string,
- config: Config,
- trx: Transaction,
- siteId?: number
-): Promise {
- const results: ProxyResourcesResults = [];
-
- for (const [resourceNiceId, resourceData] of Object.entries(
- config["proxy-resources"]
- )) {
- const targetsToUpdate: Target[] = [];
- const healthchecksToUpdate: TargetHealthCheck[] = [];
- let resource: Resource;
-
- async function createTarget( // reusable function to create a target
- resourceId: number,
- targetData: TargetData
- ) {
- const targetSiteId = targetData.site;
- let site;
-
- if (targetSiteId) {
- // Look up site by niceId
- [site] = await trx
- .select({ siteId: sites.siteId })
- .from(sites)
- .where(
- and(
- eq(sites.niceId, targetSiteId),
- eq(sites.orgId, orgId)
- )
- )
- .limit(1);
- } else if (siteId) {
- // Use the provided siteId directly, but verify it belongs to the org
- [site] = await trx
- .select({ siteId: sites.siteId })
- .from(sites)
- .where(
- and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
- )
- .limit(1);
- } else {
- throw new Error(`Target site is required`);
- }
-
- if (!site) {
- throw new Error(
- `Site not found: ${targetSiteId} in org ${orgId}`
- );
- }
-
- let internalPortToCreate;
- if (!targetData["internal-port"]) {
- const { internalPort, targetIps } = await pickPort(
- site.siteId!,
- trx
- );
- internalPortToCreate = internalPort;
- } else {
- internalPortToCreate = targetData["internal-port"];
- }
-
- // Create target
- const [newTarget] = await trx
- .insert(targets)
- .values({
- resourceId: resourceId,
- siteId: site.siteId,
- ip: targetData.hostname,
- method: targetData.method,
- port: targetData.port,
- enabled: targetData.enabled,
- internalPort: internalPortToCreate,
- path: targetData.path,
- pathMatchType: targetData["path-match"],
- rewritePath:
- targetData.rewritePath ||
- targetData["rewrite-path"] ||
- (targetData["rewrite-match"] === "stripPrefix"
- ? "/"
- : undefined),
- rewritePathType: targetData["rewrite-match"],
- priority: targetData.priority
- })
- .returning();
-
- targetsToUpdate.push(newTarget);
-
- const healthcheckData = targetData.healthcheck;
-
- const hcHeaders = healthcheckData?.headers
- ? JSON.stringify(healthcheckData.headers)
- : null;
-
- const [newHealthcheck] = await trx
- .insert(targetHealthCheck)
- .values({
- name: `${targetData.hostname}:${targetData.port}`,
- siteId: site.siteId,
- targetId: newTarget.targetId,
- orgId: orgId,
- hcEnabled: healthcheckData?.enabled || false,
- hcPath: healthcheckData?.path,
- hcScheme: healthcheckData?.scheme,
- hcMode: healthcheckData?.mode,
- hcHostname: healthcheckData?.hostname,
- hcPort: healthcheckData?.port,
- hcInterval: healthcheckData?.interval,
- hcUnhealthyInterval:
- healthcheckData?.unhealthyInterval ||
- healthcheckData?.["unhealthy-interval"],
- hcTimeout: healthcheckData?.timeout,
- hcHeaders: hcHeaders,
- hcFollowRedirects:
- healthcheckData?.followRedirects ||
- healthcheckData?.["follow-redirects"],
- hcMethod: healthcheckData?.method,
- hcStatus: healthcheckData?.status,
- hcHealth: "unknown",
- hcHealthyThreshold: healthcheckData?.["healthy-threshold"],
- hcUnhealthyThreshold:
- healthcheckData?.["unhealthy-threshold"]
- })
- .returning();
-
- healthchecksToUpdate.push(newHealthcheck);
-
- // Insert unknown status history when HC is created in disabled state
- if (!healthcheckData?.enabled) {
- await fireHealthCheckUnknownAlert(
- orgId,
- newHealthcheck.targetHealthCheckId,
- newHealthcheck.name,
- newHealthcheck.targetId,
- undefined,
- true,
- trx
- );
- }
- }
-
- // Find existing resource by niceId and orgId
- const [existingResource] = await trx
- .select()
- .from(resources)
- .where(
- and(
- eq(resources.niceId, resourceNiceId),
- eq(resources.orgId, orgId)
- )
- )
- .limit(1);
-
- const http = resourceData.protocol == "http";
- const protocol =
- resourceData.protocol == "http" ? "tcp" : resourceData.protocol;
- const resourceEnabled =
- resourceData.enabled == undefined || resourceData.enabled == null
- ? true
- : resourceData.enabled;
- const resourceSsl =
- resourceData.ssl == undefined || resourceData.ssl == null
- ? true
- : resourceData.ssl;
- let headers = "";
- if (resourceData.headers) {
- headers = JSON.stringify(resourceData.headers);
- }
-
- if (existingResource) {
- let domain;
- if (http) {
- domain = await getDomain(
- existingResource.resourceId,
- resourceData["full-domain"]!,
- orgId,
- trx
- );
- }
-
- // check if the only key in the resource is targets, if so, skip the update
- if (isTargetsOnlyResource(resourceData)) {
- logger.debug(
- `Skipping update for resource ${existingResource.resourceId} as only targets are provided`
- );
- resource = existingResource;
- } else {
- // Update existing resource
-
- const isLicensed = await isLicensedOrSubscribed(
- orgId,
- tierMatrix.maintencePage
- );
- if (!isLicensed) {
- resourceData.maintenance = undefined;
- }
-
- [resource] = await trx
- .update(resources)
- .set({
- name: resourceData.name || "Unnamed Resource",
- protocol: protocol || "tcp",
- http: http,
- proxyPort: http ? null : resourceData["proxy-port"],
- fullDomain: http ? resourceData["full-domain"] : null,
- subdomain: domain ? domain.subdomain : null,
- domainId: domain ? domain.domainId : null,
- wildcard: domain ? domain.wildcard : false,
- enabled: resourceEnabled,
- sso: resourceData.auth?.["sso-enabled"] || false,
- skipToIdpId:
- resourceData.auth?.["auto-login-idp"] || null,
- ssl: resourceSsl,
- setHostHeader: resourceData["host-header"] || null,
- tlsServerName: resourceData["tls-server-name"] || null,
- emailWhitelistEnabled: resourceData.auth?.[
- "whitelist-users"
- ]
- ? resourceData.auth["whitelist-users"].length > 0
- : false,
- headers: headers || null,
- applyRules:
- resourceData.rules && resourceData.rules.length > 0,
- maintenanceModeEnabled:
- resourceData.maintenance?.enabled,
- maintenanceModeType: resourceData.maintenance?.type,
- maintenanceTitle: resourceData.maintenance?.title,
- maintenanceMessage: resourceData.maintenance?.message,
- maintenanceEstimatedTime:
- resourceData.maintenance?.["estimated-time"]
- })
- .where(
- eq(resources.resourceId, existingResource.resourceId)
- )
- .returning();
-
- await trx
- .delete(resourcePassword)
- .where(
- eq(
- resourcePassword.resourceId,
- existingResource.resourceId
- )
- );
- if (resourceData.auth?.password) {
- const passwordHash = await hashPassword(
- resourceData.auth.password
- );
-
- await trx.insert(resourcePassword).values({
- resourceId: existingResource.resourceId,
- passwordHash
- });
- }
-
- await trx
- .delete(resourcePincode)
- .where(
- eq(
- resourcePincode.resourceId,
- existingResource.resourceId
- )
- );
- if (resourceData.auth?.pincode) {
- const pincodeHash = await hashPassword(
- resourceData.auth.pincode.toString()
- );
-
- await trx.insert(resourcePincode).values({
- resourceId: existingResource.resourceId,
- pincodeHash,
- digitLength: 6
- });
- }
-
- await trx
- .delete(resourceHeaderAuth)
- .where(
- eq(
- resourceHeaderAuth.resourceId,
- existingResource.resourceId
- )
- );
-
- await trx
- .delete(resourceHeaderAuthExtendedCompatibility)
- .where(
- eq(
- resourceHeaderAuthExtendedCompatibility.resourceId,
- existingResource.resourceId
- )
- );
-
- if (resourceData.auth?.["basic-auth"]) {
- const headerAuthUser =
- resourceData.auth?.["basic-auth"]?.user;
- const headerAuthPassword =
- resourceData.auth?.["basic-auth"]?.password;
- const headerAuthExtendedCompatibility =
- resourceData.auth?.["basic-auth"]
- ?.extendedCompatibility;
- if (
- headerAuthUser &&
- headerAuthPassword &&
- headerAuthExtendedCompatibility !== null
- ) {
- const headerAuthHash = await hashPassword(
- Buffer.from(
- `${headerAuthUser}:${headerAuthPassword}`
- ).toString("base64")
- );
- await Promise.all([
- trx.insert(resourceHeaderAuth).values({
- resourceId: existingResource.resourceId,
- headerAuthHash
- }),
- trx
- .insert(resourceHeaderAuthExtendedCompatibility)
- .values({
- resourceId: existingResource.resourceId,
- extendedCompatibilityIsActivated:
- headerAuthExtendedCompatibility
- })
- ]);
- }
- }
-
- if (resourceData.auth?.["sso-roles"]) {
- const ssoRoles = resourceData.auth?.["sso-roles"];
- await syncRoleResources(
- existingResource.resourceId,
- ssoRoles,
- orgId,
- trx
- );
- }
-
- if (resourceData.auth?.["sso-users"]) {
- const ssoUsers = resourceData.auth?.["sso-users"];
- await syncUserResources(
- existingResource.resourceId,
- ssoUsers,
- orgId,
- trx
- );
- }
-
- if (resourceData.auth?.["whitelist-users"]) {
- const whitelistUsers =
- resourceData.auth?.["whitelist-users"];
- await syncWhitelistUsers(
- existingResource.resourceId,
- whitelistUsers,
- orgId,
- trx
- );
- }
- }
-
- const existingResourceTargets = await trx
- .select()
- .from(targets)
- .where(eq(targets.resourceId, existingResource.resourceId))
- .orderBy(asc(targets.targetId));
-
- // Create new targets
- for (const [index, targetData] of resourceData.targets.entries()) {
- if (
- !targetData ||
- (typeof targetData === "object" &&
- Object.keys(targetData).length === 0)
- ) {
- // If targetData is null or an empty object, we can skip it
- continue;
- }
- const existingTarget = existingResourceTargets[index];
-
- if (existingTarget) {
- const targetSiteId = targetData.site;
- let site;
-
- if (targetSiteId) {
- // Look up site by niceId
- [site] = await trx
- .select({ siteId: sites.siteId })
- .from(sites)
- .where(
- and(
- eq(sites.niceId, targetSiteId),
- eq(sites.orgId, orgId)
- )
- )
- .limit(1);
- } else if (siteId) {
- // Use the provided siteId directly, but verify it belongs to the org
- [site] = await trx
- .select({ siteId: sites.siteId })
- .from(sites)
- .where(
- and(
- eq(sites.siteId, siteId),
- eq(sites.orgId, orgId)
- )
- )
- .limit(1);
- } else {
- throw new Error(`Target site is required`);
- }
-
- if (!site) {
- throw new Error(
- `Site not found: ${targetSiteId} in org ${orgId}`
- );
- }
-
- // update this target
- const [updatedTarget] = await trx
- .update(targets)
- .set({
- siteId: site.siteId,
- ip: targetData.hostname,
- method: http ? targetData.method : null,
- port: targetData.port,
- enabled: targetData.enabled,
- path: targetData.path,
- pathMatchType: targetData["path-match"],
- rewritePath:
- targetData.rewritePath ||
- targetData["rewrite-path"] ||
- (targetData["rewrite-match"] === "stripPrefix"
- ? "/"
- : undefined),
- rewritePathType: targetData["rewrite-match"],
- priority: targetData.priority
- })
- .where(eq(targets.targetId, existingTarget.targetId))
- .returning();
-
- if (checkIfTargetChanged(existingTarget, updatedTarget)) {
- let internalPortToUpdate;
- if (!targetData["internal-port"]) {
- const { internalPort, targetIps } = await pickPort(
- site.siteId!,
- trx
- );
- internalPortToUpdate = internalPort;
- } else {
- internalPortToUpdate = targetData["internal-port"];
- }
-
- const [finalUpdatedTarget] = await trx // this double is so we can check the whole target before and after
- .update(targets)
- .set({
- internalPort: internalPortToUpdate
- })
- .where(
- eq(targets.targetId, existingTarget.targetId)
- )
- .returning();
-
- targetsToUpdate.push(finalUpdatedTarget);
- }
-
- const healthcheckData = targetData.healthcheck;
-
- const [oldHealthcheck] = await trx
- .select()
- .from(targetHealthCheck)
- .where(
- eq(
- targetHealthCheck.targetId,
- existingTarget.targetId
- )
- )
- .limit(1);
-
- const hcHeaders = healthcheckData?.headers
- ? JSON.stringify(healthcheckData.headers)
- : null;
-
- const [newHealthcheck] = await trx
- .update(targetHealthCheck)
- .set({
- hcEnabled: healthcheckData?.enabled || false,
- hcPath: healthcheckData?.path,
- hcScheme: healthcheckData?.scheme,
- hcMode: healthcheckData?.mode,
- hcHostname: healthcheckData?.hostname,
- hcPort: healthcheckData?.port,
- hcInterval: healthcheckData?.interval,
- hcUnhealthyInterval:
- healthcheckData?.unhealthyInterval ||
- healthcheckData?.["unhealthy-interval"],
- hcTimeout: healthcheckData?.timeout,
- hcHeaders: hcHeaders,
- hcFollowRedirects:
- healthcheckData?.followRedirects ||
- healthcheckData?.["follow-redirects"],
- hcMethod: healthcheckData?.method,
- hcStatus: healthcheckData?.status,
- hcHealthyThreshold:
- healthcheckData?.["healthy-threshold"],
- hcUnhealthyThreshold:
- healthcheckData?.["unhealthy-threshold"]
- })
- .where(
- eq(
- targetHealthCheck.targetId,
- existingTarget.targetId
- )
- )
- .returning();
-
- if (
- checkIfHealthcheckChanged(
- oldHealthcheck,
- newHealthcheck
- )
- ) {
- healthchecksToUpdate.push(newHealthcheck);
- // if the target is not already in the targetsToUpdate array, add it
- if (
- !targetsToUpdate.find(
- (t) => t.targetId === updatedTarget.targetId
- )
- ) {
- targetsToUpdate.push(updatedTarget);
- }
- }
-
- // Insert unknown status history when HC is disabled
- const isDisablingHc =
- !healthcheckData?.enabled && oldHealthcheck?.hcEnabled;
- if (isDisablingHc) {
- await fireHealthCheckUnknownAlert(
- orgId,
- newHealthcheck.targetHealthCheckId,
- newHealthcheck.name,
- newHealthcheck.targetId,
- undefined,
- true,
- trx
- );
- }
- } else {
- await createTarget(existingResource.resourceId, targetData);
- }
- }
-
- if (existingResourceTargets.length > resourceData.targets.length) {
- const targetsToDelete = existingResourceTargets.slice(
- resourceData.targets.length
- );
- logger.debug(
- `Targets to delete: ${JSON.stringify(targetsToDelete)}`
- );
- for (const target of targetsToDelete) {
- if (!target) {
- continue;
- }
- if (siteId && target.siteId !== siteId) {
- logger.debug(
- `Skipping target ${target.targetId} for deletion. Site ID does not match filter.`
- );
- continue; // only delete targets for the specified siteId
- }
- logger.debug(`Deleting target ${target.targetId}`);
- await trx
- .delete(targets)
- .where(eq(targets.targetId, target.targetId));
- }
- }
-
- const existingRules = await trx
- .select()
- .from(resourceRules)
- .where(
- eq(resourceRules.resourceId, existingResource.resourceId)
- )
- .orderBy(resourceRules.priority);
-
- // Sync rules
- for (const [index, rule] of resourceData.rules?.entries() || []) {
- const intendedPriority = rule.priority ?? index + 1;
- const existingRule = existingRules[index];
- if (existingRule) {
- if (
- existingRule.action !== getRuleAction(rule.action) ||
- existingRule.match !== rule.match.toUpperCase() ||
- existingRule.value !==
- getRuleValue(
- rule.match.toUpperCase(),
- rule.value
- ) ||
- existingRule.priority !== intendedPriority
- ) {
- validateRule(rule);
- await trx
- .update(resourceRules)
- .set({
- action: getRuleAction(rule.action),
- match: rule.match.toUpperCase(),
- value: getRuleValue(
- rule.match.toUpperCase(),
- rule.value
- ),
- priority: intendedPriority
- })
- .where(
- eq(resourceRules.ruleId, existingRule.ruleId)
- );
- }
- } else {
- validateRule(rule);
- await trx.insert(resourceRules).values({
- resourceId: existingResource.resourceId,
- action: getRuleAction(rule.action),
- match: rule.match.toUpperCase(),
- value: getRuleValue(
- rule.match.toUpperCase(),
- rule.value
- ),
- priority: intendedPriority
- });
- }
- }
-
- if (existingRules.length > (resourceData.rules?.length || 0)) {
- const rulesToDelete = existingRules.slice(
- resourceData.rules?.length || 0
- );
- for (const rule of rulesToDelete) {
- await trx
- .delete(resourceRules)
- .where(eq(resourceRules.ruleId, rule.ruleId));
- }
- }
-
- logger.debug(`Updated resource ${existingResource.resourceId}`);
- } else {
- // create a brand new resource
- let domain;
- if (http) {
- domain = await getDomain(
- undefined,
- resourceData["full-domain"]!,
- orgId,
- trx
- );
- }
-
- const isLicensed = await isLicensedOrSubscribed(
- orgId,
- tierMatrix.maintencePage
- );
- if (!isLicensed) {
- resourceData.maintenance = undefined;
- }
-
- // Create new resource
- const [newResource] = await trx
- .insert(resources)
- .values({
- orgId,
- niceId: resourceNiceId,
- name: resourceData.name || "Unnamed Resource",
- protocol: protocol || "tcp",
- http: http,
- proxyPort: http ? null : resourceData["proxy-port"],
- fullDomain: http ? resourceData["full-domain"] : null,
- subdomain: domain ? domain.subdomain : null,
- domainId: domain ? domain.domainId : null,
- wildcard: domain ? domain.wildcard : false,
- enabled: resourceEnabled,
- sso: resourceData.auth?.["sso-enabled"] || false,
- skipToIdpId: resourceData.auth?.["auto-login-idp"] || null,
- setHostHeader: resourceData["host-header"] || null,
- tlsServerName: resourceData["tls-server-name"] || null,
- ssl: resourceSsl,
- headers: headers || null,
- applyRules:
- resourceData.rules && resourceData.rules.length > 0,
- maintenanceModeEnabled: resourceData.maintenance?.enabled,
- maintenanceModeType: resourceData.maintenance?.type,
- maintenanceTitle: resourceData.maintenance?.title,
- maintenanceMessage: resourceData.maintenance?.message,
- maintenanceEstimatedTime:
- resourceData.maintenance?.["estimated-time"]
- })
- .returning();
-
- if (resourceData.auth?.password) {
- const passwordHash = await hashPassword(
- resourceData.auth.password
- );
-
- await trx.insert(resourcePassword).values({
- resourceId: newResource.resourceId,
- passwordHash
- });
- }
-
- if (resourceData.auth?.pincode) {
- const pincodeHash = await hashPassword(
- resourceData.auth.pincode.toString()
- );
-
- await trx.insert(resourcePincode).values({
- resourceId: newResource.resourceId,
- pincodeHash,
- digitLength: 6
- });
- }
-
- if (resourceData.auth?.["basic-auth"]) {
- const headerAuthUser = resourceData.auth?.["basic-auth"]?.user;
- const headerAuthPassword =
- resourceData.auth?.["basic-auth"]?.password;
- const headerAuthExtendedCompatibility =
- resourceData.auth?.["basic-auth"]?.extendedCompatibility;
-
- if (
- headerAuthUser &&
- headerAuthPassword &&
- headerAuthExtendedCompatibility !== null
- ) {
- const headerAuthHash = await hashPassword(
- Buffer.from(
- `${headerAuthUser}:${headerAuthPassword}`
- ).toString("base64")
- );
-
- await Promise.all([
- trx.insert(resourceHeaderAuth).values({
- resourceId: newResource.resourceId,
- headerAuthHash
- }),
- trx
- .insert(resourceHeaderAuthExtendedCompatibility)
- .values({
- resourceId: newResource.resourceId,
- extendedCompatibilityIsActivated:
- headerAuthExtendedCompatibility
- })
- ]);
- }
- }
-
- resource = newResource;
-
- const [adminRole] = await trx
- .select()
- .from(roles)
- .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
- .limit(1);
-
- if (!adminRole) {
- throw new Error(`Admin role not found`);
- }
-
- await trx.insert(roleResources).values({
- roleId: adminRole.roleId,
- resourceId: newResource.resourceId
- });
-
- if (resourceData.auth?.["sso-roles"]) {
- const ssoRoles = resourceData.auth?.["sso-roles"];
- await syncRoleResources(
- newResource.resourceId,
- ssoRoles,
- orgId,
- trx
- );
- }
-
- if (resourceData.auth?.["sso-users"]) {
- const ssoUsers = resourceData.auth?.["sso-users"];
- await syncUserResources(
- newResource.resourceId,
- ssoUsers,
- orgId,
- trx
- );
- }
-
- if (resourceData.auth?.["whitelist-users"]) {
- const whitelistUsers = resourceData.auth?.["whitelist-users"];
- await syncWhitelistUsers(
- newResource.resourceId,
- whitelistUsers,
- orgId,
- trx
- );
- }
-
- // Create new targets
- for (const targetData of resourceData.targets) {
- if (!targetData) {
- // If targetData is null or an empty object, we can skip it
- continue;
- }
- await createTarget(newResource.resourceId, targetData);
- }
-
- for (const [index, rule] of resourceData.rules?.entries() || []) {
- validateRule(rule);
- await trx.insert(resourceRules).values({
- resourceId: newResource.resourceId,
- action: getRuleAction(rule.action),
- match: rule.match.toUpperCase(),
- value: getRuleValue(rule.match.toUpperCase(), rule.value),
- priority: rule.priority ?? index + 1
- });
- }
-
- logger.debug(`Created resource ${newResource.resourceId}`);
- }
-
- results.push({
- proxyResource: resource,
- targetsToUpdate,
- healthchecksToUpdate
- });
- }
-
- return results;
-}
-
-function getRuleAction(input: string) {
- let action = "DROP";
- if (input == "allow") {
- action = "ACCEPT";
- } else if (input == "deny") {
- action = "DROP";
- } else if (input == "pass") {
- action = "PASS";
- }
- return action;
-}
-
-function getRuleValue(match: string, value: string) {
- // if the match is a country, uppercase the value
- if (match == "COUNTRY") {
- return value.toUpperCase();
- }
- return value;
-}
-
-function validateRule(rule: any) {
- if (rule.match === "cidr") {
- if (!isValidCIDR(rule.value)) {
- throw new Error(`Invalid CIDR provided: ${rule.value}`);
- }
- } else if (rule.match === "ip") {
- if (!isValidIP(rule.value)) {
- throw new Error(`Invalid IP provided: ${rule.value}`);
- }
- } else if (rule.match === "path") {
- if (!isValidUrlGlobPattern(rule.value)) {
- throw new Error(`Invalid URL glob pattern: ${rule.value}`);
- }
- } else if (rule.match === "region") {
- if (!isValidRegionId(rule.value)) {
- throw new Error(`Invalid region ID provided: ${rule.value}`);
- }
- }
-}
-
-async function syncRoleResources(
- resourceId: number,
- ssoRoles: string[],
- orgId: string,
- trx: Transaction
-) {
- const existingRoleResources = await trx
- .select()
- .from(roleResources)
- .where(eq(roleResources.resourceId, resourceId));
-
- for (const roleName of ssoRoles) {
- let [role] = await trx
- .select()
- .from(roles)
- .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
- .limit(1);
-
- if (!role) {
- const [created] = await trx
- .insert(roles)
- .values({ name: roleName, orgId })
- .returning();
- await trx.insert(roleActions).values(
- defaultRoleAllowedActions.map((action) => ({
- roleId: created.roleId,
- actionId: action,
- orgId
- }))
- );
- role = created;
- logger.info(`Auto-created role "${roleName}" in org ${orgId} from blueprint`);
- }
-
- if (role.isAdmin) {
- continue; // never add admin access
- }
-
- const existingRoleResource = existingRoleResources.find(
- (rr) => rr.roleId === role.roleId
- );
-
- if (!existingRoleResource) {
- await trx.insert(roleResources).values({
- roleId: role.roleId,
- resourceId: resourceId
- });
- }
- }
-
- for (const existingRoleResource of existingRoleResources) {
- const [role] = await trx
- .select()
- .from(roles)
- .where(eq(roles.roleId, existingRoleResource.roleId))
- .limit(1);
-
- if (role.isAdmin) {
- continue; // never remove admin access
- }
-
- if (role && !ssoRoles.includes(role.name)) {
- await trx
- .delete(roleResources)
- .where(
- and(
- eq(roleResources.roleId, existingRoleResource.roleId),
- eq(roleResources.resourceId, resourceId)
- )
- );
- }
- }
-}
-
-async function syncUserResources(
- resourceId: number,
- ssoUsers: string[],
- orgId: string,
- trx: Transaction
-) {
- const existingUserResources = await trx
- .select()
- .from(userResources)
- .where(eq(userResources.resourceId, resourceId));
-
- for (const username of ssoUsers) {
- const [user] = await trx
- .select()
- .from(users)
- .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
- .where(
- and(
- or(eq(users.username, username), eq(users.email, username)),
- eq(userOrgs.orgId, orgId)
- )
- )
- .limit(1);
-
- if (!user) {
- throw new Error(`User not found: ${username} in org ${orgId}`);
- }
-
- const existingUserResource = existingUserResources.find(
- (rr) => rr.userId === user.user.userId
- );
-
- if (!existingUserResource) {
- await trx.insert(userResources).values({
- userId: user.user.userId,
- resourceId: resourceId
- });
- }
- }
-
- for (const existingUserResource of existingUserResources) {
- const [user] = await trx
- .select()
- .from(users)
- .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
- .where(
- and(
- eq(users.userId, existingUserResource.userId),
- eq(userOrgs.orgId, orgId)
- )
- )
- .limit(1);
-
- if (
- user &&
- user.user.username &&
- !ssoUsers.includes(user.user.username)
- ) {
- await trx
- .delete(userResources)
- .where(
- and(
- eq(userResources.userId, existingUserResource.userId),
- eq(userResources.resourceId, resourceId)
- )
- );
- }
- }
-}
-
-async function syncWhitelistUsers(
- resourceId: number,
- whitelistUsers: string[],
- orgId: string,
- trx: Transaction
-) {
- const existingWhitelist = await trx
- .select()
- .from(resourceWhitelist)
- .where(eq(resourceWhitelist.resourceId, resourceId));
-
- for (const email of whitelistUsers) {
- const [user] = await trx
- .select()
- .from(users)
- .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
- .where(and(eq(users.email, email), eq(userOrgs.orgId, orgId)))
- .limit(1);
-
- if (!user) {
- throw new Error(`User not found: ${email} in org ${orgId}`);
- }
-
- const existingWhitelistEntry = existingWhitelist.find(
- (w) => w.email === email
- );
-
- if (!existingWhitelistEntry) {
- await trx.insert(resourceWhitelist).values({
- email,
- resourceId: resourceId
- });
- }
- }
-
- for (const existingWhitelistEntry of existingWhitelist) {
- if (!whitelistUsers.includes(existingWhitelistEntry.email)) {
- await trx
- .delete(resourceWhitelist)
- .where(
- and(
- eq(resourceWhitelist.resourceId, resourceId),
- eq(
- resourceWhitelist.email,
- existingWhitelistEntry.email
- )
- )
- );
- }
- }
-}
-
-function checkIfHealthcheckChanged(
- existing: TargetHealthCheck | undefined,
- incoming: TargetHealthCheck | undefined
-) {
- if (!existing && incoming) return true;
- if (existing && !incoming) return true;
- if (!existing || !incoming) return false;
-
- if (existing.hcEnabled !== incoming.hcEnabled) return true;
- if (existing.hcPath !== incoming.hcPath) return true;
- if (existing.hcScheme !== incoming.hcScheme) return true;
- if (existing.hcMode !== incoming.hcMode) return true;
- if (existing.hcHostname !== incoming.hcHostname) return true;
- if (existing.hcPort !== incoming.hcPort) return true;
- if (existing.hcInterval !== incoming.hcInterval) return true;
- if (existing.hcUnhealthyInterval !== incoming.hcUnhealthyInterval)
- return true;
- if (existing.hcTimeout !== incoming.hcTimeout) return true;
- if (existing.hcFollowRedirects !== incoming.hcFollowRedirects) return true;
- if (existing.hcMethod !== incoming.hcMethod) return true;
- if (existing.hcStatus !== incoming.hcStatus) return true;
- if (
- JSON.stringify(existing.hcHeaders) !==
- JSON.stringify(incoming.hcHeaders)
- )
- return true;
- if (existing.hcHealthyThreshold !== incoming.hcHealthyThreshold)
- return true;
- if (existing.hcUnhealthyThreshold !== incoming.hcUnhealthyThreshold)
- return true;
-
- return false;
-}
-
-function checkIfTargetChanged(
- existing: Target | undefined,
- incoming: Target | undefined
-): boolean {
- if (!existing && incoming) return true;
- if (existing && !incoming) return true;
- if (!existing || !incoming) return false;
-
- if (existing.ip !== incoming.ip) return true;
- if (existing.port !== incoming.port) return true;
- if (existing.siteId !== incoming.siteId) return true;
-
- return false;
-}
-
-export async function getDomain(
- resourceId: number | undefined,
- fullDomain: string,
- orgId: string,
- trx: Transaction
-) {
- const [fullDomainExists] = await trx
- .select({ resourceId: resources.resourceId })
- .from(resources)
- .where(
- and(
- eq(resources.fullDomain, fullDomain),
- eq(resources.orgId, orgId),
- resourceId
- ? ne(resources.resourceId, resourceId)
- : isNotNull(resources.resourceId)
- )
- )
- .limit(1);
-
- if (fullDomainExists) {
- throw new Error(
- `Resource already exists: ${fullDomain} in org ${orgId}`
- );
- }
-
- const domain = await getDomainId(orgId, fullDomain, trx);
-
- if (!domain) {
- throw new Error(
- `Domain not found for full-domain: ${fullDomain} in org ${orgId}`
- );
- }
-
- await createCertificate(domain.domainId, fullDomain, trx);
-
- return domain;
-}
-
-async function getDomainId(
- orgId: string,
- fullDomain: string,
- trx: Transaction
-): Promise<{
- subdomain: string | null;
- domainId: string;
- wildcard: boolean;
-} | null> {
- const isWildcardFullDomain = fullDomain.startsWith("*.");
-
- const possibleDomains = await trx
- .select()
- .from(domains)
- .innerJoin(orgDomains, eq(domains.domainId, orgDomains.domainId))
- .where(and(eq(orgDomains.orgId, orgId), eq(domains.verified, true)))
- .execute();
-
- if (possibleDomains.length === 0) {
- return null;
- }
-
- const validDomains = possibleDomains.filter((domain) => {
- // Wildcard full-domains are not allowed on CNAME domains
- if (isWildcardFullDomain && domain.domains.type === "cname") {
- return false;
- }
-
- if (domain.domains.type == "ns" || domain.domains.type == "wildcard") {
- return (
- fullDomain === domain.domains.baseDomain ||
- fullDomain.endsWith(`.${domain.domains.baseDomain}`)
- );
- } else if (domain.domains.type == "cname") {
- return fullDomain === domain.domains.baseDomain;
- }
- });
-
- if (validDomains.length === 0) {
- return null;
- }
-
- // Pick the most specific (longest baseDomain) valid domain so that, e.g.,
- // *.test.dev.example.com is assigned to *.dev.example.com rather than *.example.com.
- const domainSelection = validDomains.sort(
- (a, b) => b.domains.baseDomain.length - a.domains.baseDomain.length
- )[0].domains;
- const baseDomain = domainSelection.baseDomain;
-
- // Wildcard full-domains are not allowed on namespace (provided/free) domains
- if (isWildcardFullDomain) {
- const [namespaceDomain] = await trx
- .select()
- .from(domainNamespaces)
- .where(eq(domainNamespaces.domainId, domainSelection.domainId))
- .limit(1);
-
- if (namespaceDomain) {
- throw new Error(
- `Wildcard full-domains are not supported for provided or free domains: ${fullDomain}`
- );
- }
- }
-
- // remove the base domain of the domain
- let subdomain = null;
- if (fullDomain != baseDomain) {
- subdomain = fullDomain.replace(`.${baseDomain}`, "");
- }
-
- // Return the first valid domain
- return {
- subdomain: subdomain,
- domainId: domainSelection.domainId,
- wildcard: isWildcardFullDomain
- };
-}
diff --git a/server/lib/blueprints/publicResources.ts b/server/lib/blueprints/publicResources.ts
new file mode 100644
index 000000000..df3b3799e
--- /dev/null
+++ b/server/lib/blueprints/publicResources.ts
@@ -0,0 +1,2157 @@
+import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
+import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
+import { hashPassword } from "@server/auth/password";
+import { generateId } from "@server/auth/sessions/app";
+import { build } from "@server/build";
+import {
+ domainNamespaces,
+ domains,
+ orgDomains,
+ Resource,
+ resourceHeaderAuth,
+ resourceHeaderAuthExtendedCompatibility,
+ resourcePassword,
+ resourcePincode,
+ resourcePolicies,
+ resourcePolicyHeaderAuth,
+ resourcePolicyPassword,
+ resourcePolicyPincode,
+ resourcePolicyRules,
+ resourcePolicyWhiteList,
+ resourceRules,
+ resources,
+ resourceWhitelist,
+ roleActions,
+ rolePolicies,
+ roleResources,
+ roles,
+ sites,
+ Target,
+ TargetHealthCheck,
+ targetHealthCheck,
+ targets,
+ Transaction,
+ userOrgs,
+ userPolicies,
+ userResources,
+ users,
+ type ResourceRule
+} from "@server/db";
+import { getUniqueResourcePolicyName } from "@server/db/names";
+import { isValidRegionId } from "@server/db/regions";
+import { fireHealthCheckUnknownAlert } from "@server/lib/alerts";
+import serverConfig from "@server/lib/config";
+import { encrypt } from "@server/lib/crypto";
+import logger from "@server/logger";
+import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
+import { pickPort } from "@server/routers/target/helpers";
+import { and, asc, eq, isNotNull, ne, or } from "drizzle-orm";
+import { tierMatrix } from "../billing/tierMatrix";
+import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
+import { Config, isTargetsOnlyResource, TargetData } from "./types";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import next from "next";
+import { LimitId } from "../billing";
+import { usageService } from "../billing/usageService";
+
+export type PublicResourcesResults = {
+ proxyResource: Resource;
+ targetsToUpdate: Target[];
+ healthchecksToUpdate: TargetHealthCheck[];
+}[];
+
+export async function updatePublicResources(
+ orgId: string,
+ config: Config,
+ trx: Transaction,
+ siteId?: number
+): Promise {
+ const results: PublicResourcesResults = [];
+
+ for (const [resourceNiceId, resourceData] of Object.entries(
+ config["proxy-resources"]
+ )) {
+ const targetsToUpdate: Target[] = [];
+ const healthchecksToUpdate: TargetHealthCheck[] = [];
+ let resource: Resource;
+
+ async function createTarget( // reusable function to create a target
+ resourceId: number,
+ targetData: TargetData
+ ) {
+ const targetSiteId = targetData.site;
+ let site;
+
+ if (targetSiteId) {
+ // Look up site by niceId
+ [site] = await trx
+ .select({ siteId: sites.siteId, type: sites.type })
+ .from(sites)
+ .where(
+ and(
+ eq(sites.niceId, targetSiteId),
+ eq(sites.orgId, orgId)
+ )
+ )
+ .limit(1);
+ } else if (siteId) {
+ // Use the provided siteId directly, but verify it belongs to the org
+ [site] = await trx
+ .select({ siteId: sites.siteId, type: sites.type })
+ .from(sites)
+ .where(
+ and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
+ )
+ .limit(1);
+ } else {
+ throw new Error(`Target site is required`);
+ }
+
+ if (!site) {
+ throw new Error(
+ `Site not found: ${targetSiteId} in org ${orgId}`
+ );
+ }
+
+ let internalPortToCreate;
+ if (!targetData["internal-port"]) {
+ const { internalPort, targetIps } = await pickPort(
+ site.siteId!,
+ trx
+ );
+ internalPortToCreate = internalPort;
+ } else {
+ internalPortToCreate = targetData["internal-port"];
+ }
+
+ let authToken: string | undefined;
+ if (site.type !== "local") {
+ const plainToken = generateId(48);
+ authToken = encrypt(
+ plainToken,
+ serverConfig.getRawConfig().server.secret!
+ );
+ }
+
+ // Create target
+ const [newTarget] = await trx
+ .insert(targets)
+ .values({
+ resourceId: resourceId,
+ siteId: site.siteId,
+ ip: targetData.hostname,
+ mode: resourceData.mode as Target["mode"],
+ method: targetData.method,
+ port: targetData.port,
+ enabled: targetData.enabled,
+ internalPort: internalPortToCreate,
+ authToken: authToken,
+ path: targetData.path,
+ pathMatchType: targetData["path-match"],
+ rewritePath:
+ targetData.rewritePath ||
+ targetData["rewrite-path"] ||
+ (targetData["rewrite-match"] === "stripPrefix"
+ ? "/"
+ : undefined),
+ rewritePathType: targetData["rewrite-match"],
+ priority: targetData.priority
+ })
+ .returning();
+
+ targetsToUpdate.push(newTarget);
+
+ const healthcheckData = targetData.healthcheck;
+
+ const hcHeaders = healthcheckData?.headers
+ ? JSON.stringify(healthcheckData.headers)
+ : null;
+
+ const [newHealthcheck] = await trx
+ .insert(targetHealthCheck)
+ .values({
+ name: `${targetData.hostname}:${targetData.port}`,
+ siteId: site.siteId,
+ targetId: newTarget.targetId,
+ orgId: orgId,
+ hcEnabled: healthcheckData?.enabled || false,
+ hcPath: healthcheckData?.path,
+ hcScheme: healthcheckData?.scheme,
+ hcMode: healthcheckData?.mode,
+ hcHostname: healthcheckData?.hostname,
+ hcPort: healthcheckData?.port,
+ hcInterval: healthcheckData?.interval,
+ hcUnhealthyInterval:
+ healthcheckData?.unhealthyInterval ||
+ healthcheckData?.["unhealthy-interval"],
+ hcTimeout: healthcheckData?.timeout,
+ hcHeaders: hcHeaders,
+ hcFollowRedirects:
+ healthcheckData?.followRedirects ||
+ healthcheckData?.["follow-redirects"],
+ hcMethod: healthcheckData?.method,
+ hcStatus: healthcheckData?.status,
+ hcHealth: "unknown",
+ hcHealthyThreshold: healthcheckData?.["healthy-threshold"],
+ hcUnhealthyThreshold:
+ healthcheckData?.["unhealthy-threshold"]
+ })
+ .returning();
+
+ healthchecksToUpdate.push(newHealthcheck);
+
+ // Insert unknown status history when HC is created in disabled state
+ if (!healthcheckData?.enabled) {
+ await fireHealthCheckUnknownAlert(
+ orgId,
+ newHealthcheck.targetHealthCheckId,
+ newHealthcheck.name,
+ newHealthcheck.targetId,
+ undefined,
+ true,
+ trx
+ );
+ }
+ }
+
+ // Find existing resource by niceId and orgId
+ const [existingResource] = await trx
+ .select()
+ .from(resources)
+ .where(
+ and(
+ eq(resources.niceId, resourceNiceId),
+ eq(resources.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ const resourceEnabled =
+ resourceData.enabled == undefined || resourceData.enabled == null
+ ? true
+ : resourceData.enabled;
+ const resourceSsl =
+ resourceData.ssl == undefined || resourceData.ssl == null
+ ? true
+ : resourceData.ssl;
+ let headers = "";
+ if (resourceData.headers) {
+ headers = JSON.stringify(resourceData.headers);
+ }
+
+ if (["ssh", "rdp", "vnc"].includes(resourceData.mode || "")) {
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.advancedPublicResources
+ );
+ if (!isLicensed) {
+ throw new Error(
+ "Your current subscription does not support browser gateway resources. Please upgrade to access this feature."
+ );
+ }
+ }
+
+ if (resourceData.policy) {
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.resourcePolicies
+ );
+ if (!isLicensed) {
+ throw new Error(
+ "Your current subscription does not support shared resource policies. Please upgrade to access this feature."
+ );
+ }
+ }
+
+ if (existingResource) {
+ let domain;
+ if (
+ ["http", "ssh", "rdp", "vnc"].includes(resourceData.mode || "")
+ ) {
+ if (resourceData["full-domain"]?.startsWith("*.")) {
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.wildcardSubdomain
+ );
+ if (!isLicensed) {
+ throw new Error(
+ "Wildcard subdomains are not supported on your current plan. Please upgrade to access this feature."
+ );
+ }
+ }
+
+ domain = await getDomain(
+ existingResource.resourceId,
+ resourceData["full-domain"]!,
+ orgId,
+ trx
+ );
+
+ await enforceDomainNamespacePaywall(
+ orgId,
+ domain.domainId,
+ trx
+ );
+ }
+
+ // check if the only key in the resource is targets, if so, skip the update
+ if (isTargetsOnlyResource(resourceData)) {
+ logger.debug(
+ `Skipping update for resource ${existingResource.resourceId} as only targets are provided`
+ );
+ resource = existingResource;
+ } else {
+ // Update existing resource
+
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.maintencePage
+ );
+ if (!isLicensed) {
+ resourceData.maintenance = undefined;
+ }
+
+ // Look up the admin role (needed for inline policy creation)
+ const [adminRole] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!adminRole) {
+ throw new Error(`Admin role not found`);
+ }
+
+ if (resourceData.policy) {
+ // SHARED POLICY MODE: look up shared policy by niceId
+ const [sharedPolicy] = await trx
+ .select()
+ .from(resourcePolicies)
+ .where(
+ and(
+ eq(
+ resourcePolicies.niceId,
+ resourceData.policy
+ ),
+ eq(resourcePolicies.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!sharedPolicy) {
+ throw new Error(
+ `Shared policy not found: ${resourceData.policy} in org ${orgId}`
+ );
+ }
+
+ [resource] = await trx
+ .update(resources)
+ .set({
+ name: resourceData.name || "Unnamed Resource",
+
+ mode: resourceData.mode,
+ proxyPort: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? null
+ : resourceData["proxy-port"],
+ fullDomain: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? resourceData["full-domain"]
+ : null,
+ subdomain: domain ? domain.subdomain : null,
+ domainId: domain ? domain.domainId : null,
+ wildcard: domain ? domain.wildcard : false,
+ enabled: resourceEnabled,
+ sso: resourceData.auth?.["sso-enabled"] || false,
+ skipToIdpId:
+ resourceData.auth?.["auto-login-idp"] || null,
+ ssl: resourceSsl,
+ setHostHeader: resourceData["host-header"] || null,
+ tlsServerName:
+ resourceData["tls-server-name"] || null,
+ emailWhitelistEnabled: resourceData.auth?.[
+ "whitelist-users"
+ ]
+ ? resourceData.auth["whitelist-users"].length >
+ 0
+ : false,
+ headers: headers || null,
+ applyRules:
+ resourceData.rules &&
+ resourceData.rules.length > 0,
+ pamMode:
+ resourceData["auth-daemon"]?.pam ||
+ "passthrough",
+ authDaemonMode:
+ resourceData["auth-daemon"]?.mode || "native",
+ authDaemonPort:
+ resourceData["auth-daemon"]?.port || 22123,
+ maintenanceModeEnabled:
+ resourceData.maintenance?.enabled,
+ maintenanceModeType: resourceData.maintenance?.type,
+ maintenanceTitle: resourceData.maintenance?.title,
+ maintenanceMessage:
+ resourceData.maintenance?.message,
+ maintenanceEstimatedTime:
+ resourceData.maintenance?.["estimated-time"],
+ proxyProtocol:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol"] ?? false)
+ : false,
+ proxyProtocolVersion:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol-version"] ??
+ 1)
+ : 1,
+ resourcePolicyId: sharedPolicy.resourcePolicyId
+ })
+ .where(
+ eq(
+ resources.resourceId,
+ existingResource.resourceId
+ )
+ )
+ .returning();
+
+ // Update OLD resource-level auth tables
+ await trx
+ .delete(resourcePassword)
+ .where(
+ eq(
+ resourcePassword.resourceId,
+ existingResource.resourceId
+ )
+ );
+ if (resourceData.auth?.password) {
+ const passwordHash = await hashPassword(
+ resourceData.auth.password
+ );
+ await trx.insert(resourcePassword).values({
+ resourceId: existingResource.resourceId,
+ passwordHash
+ });
+ }
+
+ await trx
+ .delete(resourcePincode)
+ .where(
+ eq(
+ resourcePincode.resourceId,
+ existingResource.resourceId
+ )
+ );
+ if (resourceData.auth?.pincode) {
+ const pincodeHash = await hashPassword(
+ resourceData.auth.pincode.toString()
+ );
+ await trx.insert(resourcePincode).values({
+ resourceId: existingResource.resourceId,
+ pincodeHash,
+ digitLength: 6
+ });
+ }
+
+ await trx
+ .delete(resourceHeaderAuth)
+ .where(
+ eq(
+ resourceHeaderAuth.resourceId,
+ existingResource.resourceId
+ )
+ );
+ await trx
+ .delete(resourceHeaderAuthExtendedCompatibility)
+ .where(
+ eq(
+ resourceHeaderAuthExtendedCompatibility.resourceId,
+ existingResource.resourceId
+ )
+ );
+ if (resourceData.auth?.["basic-auth"]) {
+ const headerAuthUser =
+ resourceData.auth["basic-auth"]?.user;
+ const headerAuthPassword =
+ resourceData.auth["basic-auth"]?.password;
+ const headerAuthExtendedCompatibility =
+ resourceData.auth["basic-auth"]
+ ?.extendedCompatibility;
+ if (
+ headerAuthUser &&
+ headerAuthPassword &&
+ headerAuthExtendedCompatibility !== null
+ ) {
+ const headerAuthHash = await hashPassword(
+ Buffer.from(
+ `${headerAuthUser}:${headerAuthPassword}`
+ ).toString("base64")
+ );
+ await Promise.all([
+ trx.insert(resourceHeaderAuth).values({
+ resourceId: existingResource.resourceId,
+ headerAuthHash
+ }),
+ trx
+ .insert(
+ resourceHeaderAuthExtendedCompatibility
+ )
+ .values({
+ resourceId: existingResource.resourceId,
+ extendedCompatibilityIsActivated:
+ headerAuthExtendedCompatibility
+ })
+ ]);
+ }
+ }
+
+ if (resourceData.auth?.["sso-roles"]) {
+ await syncRoleResources(
+ existingResource.resourceId,
+ resourceData.auth["sso-roles"],
+ orgId,
+ trx
+ );
+ }
+
+ if (resourceData.auth?.["sso-users"]) {
+ await syncUserResources(
+ existingResource.resourceId,
+ resourceData.auth["sso-users"],
+ orgId,
+ trx
+ );
+ }
+
+ if (resourceData.auth?.["whitelist-users"]) {
+ await syncWhitelistUsers(
+ existingResource.resourceId,
+ resourceData.auth["whitelist-users"],
+ orgId,
+ trx
+ );
+ }
+ } else {
+ // INLINE POLICY MODE: ensure inline policy exists
+ const inlinePolicyId = await ensureInlinePolicy(
+ existingResource.defaultResourcePolicyId,
+ orgId,
+ resourceNiceId,
+ adminRole.roleId,
+ trx
+ );
+
+ [resource] = await trx
+ .update(resources)
+ .set({
+ name: resourceData.name || "Unnamed Resource",
+ proxyPort: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? null
+ : resourceData["proxy-port"],
+ fullDomain: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? resourceData["full-domain"]
+ : null,
+ subdomain: domain ? domain.subdomain : null,
+ domainId: domain ? domain.domainId : null,
+ wildcard: domain ? domain.wildcard : false,
+ enabled: resourceEnabled,
+ ssl: resourceSsl,
+ setHostHeader: resourceData["host-header"] || null,
+ tlsServerName:
+ resourceData["tls-server-name"] || null,
+ headers: headers || null,
+ maintenanceModeEnabled:
+ resourceData.maintenance?.enabled,
+ maintenanceModeType: resourceData.maintenance?.type,
+ maintenanceTitle: resourceData.maintenance?.title,
+ maintenanceMessage:
+ resourceData.maintenance?.message,
+ maintenanceEstimatedTime:
+ resourceData.maintenance?.["estimated-time"],
+ proxyProtocol:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol"] ?? false)
+ : false,
+ proxyProtocolVersion:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol-version"] ??
+ 1)
+ : 1,
+ pamMode:
+ resourceData["auth-daemon"]?.pam ||
+ "passthrough",
+ authDaemonMode:
+ resourceData["auth-daemon"]?.mode || "native",
+ authDaemonPort:
+ resourceData["auth-daemon"]?.port || 22123,
+ resourcePolicyId: null,
+ defaultResourcePolicyId: inlinePolicyId
+ })
+ .where(
+ eq(
+ resources.resourceId,
+ existingResource.resourceId
+ )
+ )
+ .returning();
+
+ // Clear the old resource-level auth tables (not used in inline policy mode)
+ await Promise.all([
+ trx
+ .delete(resourcePassword)
+ .where(
+ eq(
+ resourcePassword.resourceId,
+ existingResource.resourceId
+ )
+ ),
+ trx
+ .delete(resourcePincode)
+ .where(
+ eq(
+ resourcePincode.resourceId,
+ existingResource.resourceId
+ )
+ ),
+ trx
+ .delete(resourceHeaderAuth)
+ .where(
+ eq(
+ resourceHeaderAuth.resourceId,
+ existingResource.resourceId
+ )
+ ),
+ trx
+ .delete(resourceHeaderAuthExtendedCompatibility)
+ .where(
+ eq(
+ resourceHeaderAuthExtendedCompatibility.resourceId,
+ existingResource.resourceId
+ )
+ ),
+ trx
+ .delete(resourceWhitelist)
+ .where(
+ eq(
+ resourceWhitelist.resourceId,
+ existingResource.resourceId
+ )
+ )
+ ]);
+
+ // Update inline policy auth fields and policy-level tables
+ await syncInlinePolicyAuth(
+ inlinePolicyId,
+ orgId,
+ resourceData,
+ trx
+ );
+ }
+ }
+
+ const existingResourceTargets = await trx
+ .select()
+ .from(targets)
+ .where(eq(targets.resourceId, existingResource.resourceId))
+ .orderBy(asc(targets.targetId));
+
+ // Create new targets
+ for (const [index, targetData] of resourceData.targets.entries()) {
+ if (
+ !targetData ||
+ (typeof targetData === "object" &&
+ Object.keys(targetData).length === 0)
+ ) {
+ // If targetData is null or an empty object, we can skip it
+ continue;
+ }
+ const existingTarget = existingResourceTargets[index];
+
+ if (existingTarget) {
+ const targetSiteId = targetData.site;
+ let site;
+
+ if (targetSiteId) {
+ // Look up site by niceId
+ [site] = await trx
+ .select({ siteId: sites.siteId })
+ .from(sites)
+ .where(
+ and(
+ eq(sites.niceId, targetSiteId),
+ eq(sites.orgId, orgId)
+ )
+ )
+ .limit(1);
+ } else if (siteId) {
+ // Use the provided siteId directly, but verify it belongs to the org
+ [site] = await trx
+ .select({ siteId: sites.siteId })
+ .from(sites)
+ .where(
+ and(
+ eq(sites.siteId, siteId),
+ eq(sites.orgId, orgId)
+ )
+ )
+ .limit(1);
+ } else {
+ throw new Error(`Target site is required`);
+ }
+
+ if (!site) {
+ throw new Error(
+ `Site not found: ${targetSiteId} in org ${orgId}`
+ );
+ }
+
+ // update this target
+ const [updatedTarget] = await trx
+ .update(targets)
+ .set({
+ siteId: site.siteId,
+ ip: targetData.hostname,
+ method:
+ resourceData.mode == "http" // the other types of ssh, rdp, and vnc use the browser gateway targets and not this one so this is okay
+ ? targetData.method
+ : null,
+ port: targetData.port,
+ enabled: targetData.enabled,
+ path: targetData.path,
+ pathMatchType: targetData["path-match"],
+ rewritePath:
+ targetData.rewritePath ||
+ targetData["rewrite-path"] ||
+ (targetData["rewrite-match"] === "stripPrefix"
+ ? "/"
+ : undefined),
+ rewritePathType: targetData["rewrite-match"],
+ priority: targetData.priority,
+ mode: resourceData.mode
+ })
+ .where(eq(targets.targetId, existingTarget.targetId))
+ .returning();
+
+ if (checkIfTargetChanged(existingTarget, updatedTarget)) {
+ let internalPortToUpdate;
+ if (!targetData["internal-port"]) {
+ const { internalPort, targetIps } = await pickPort(
+ site.siteId!,
+ trx
+ );
+ internalPortToUpdate = internalPort;
+ } else {
+ internalPortToUpdate = targetData["internal-port"];
+ }
+
+ const [finalUpdatedTarget] = await trx // this double is so we can check the whole target before and after
+ .update(targets)
+ .set({
+ internalPort: internalPortToUpdate
+ })
+ .where(
+ eq(targets.targetId, existingTarget.targetId)
+ )
+ .returning();
+
+ targetsToUpdate.push(finalUpdatedTarget);
+ }
+
+ const healthcheckData = targetData.healthcheck;
+
+ const [oldHealthcheck] = await trx
+ .select()
+ .from(targetHealthCheck)
+ .where(
+ eq(
+ targetHealthCheck.targetId,
+ existingTarget.targetId
+ )
+ )
+ .limit(1);
+
+ const hcHeaders = healthcheckData?.headers
+ ? JSON.stringify(healthcheckData.headers)
+ : null;
+
+ const [newHealthcheck] = await trx
+ .update(targetHealthCheck)
+ .set({
+ hcEnabled: healthcheckData?.enabled || false,
+ hcPath: healthcheckData?.path,
+ hcScheme: healthcheckData?.scheme,
+ hcMode: healthcheckData?.mode,
+ hcHostname: healthcheckData?.hostname,
+ hcPort: healthcheckData?.port,
+ hcInterval: healthcheckData?.interval,
+ hcUnhealthyInterval:
+ healthcheckData?.unhealthyInterval ||
+ healthcheckData?.["unhealthy-interval"],
+ hcTimeout: healthcheckData?.timeout,
+ hcHeaders: hcHeaders,
+ hcFollowRedirects:
+ healthcheckData?.followRedirects ||
+ healthcheckData?.["follow-redirects"],
+ hcMethod: healthcheckData?.method,
+ hcStatus: healthcheckData?.status,
+ hcHealthyThreshold:
+ healthcheckData?.["healthy-threshold"],
+ hcUnhealthyThreshold:
+ healthcheckData?.["unhealthy-threshold"]
+ })
+ .where(
+ eq(
+ targetHealthCheck.targetId,
+ existingTarget.targetId
+ )
+ )
+ .returning();
+
+ if (
+ checkIfHealthcheckChanged(
+ oldHealthcheck,
+ newHealthcheck
+ )
+ ) {
+ healthchecksToUpdate.push(newHealthcheck);
+ // if the target is not already in the targetsToUpdate array, add it
+ if (
+ !targetsToUpdate.find(
+ (t) => t.targetId === updatedTarget.targetId
+ )
+ ) {
+ targetsToUpdate.push(updatedTarget);
+ }
+ }
+
+ // Insert unknown status history when HC is disabled
+ const isDisablingHc =
+ !healthcheckData?.enabled && oldHealthcheck?.hcEnabled;
+ if (isDisablingHc) {
+ await fireHealthCheckUnknownAlert(
+ orgId,
+ newHealthcheck.targetHealthCheckId,
+ newHealthcheck.name,
+ newHealthcheck.targetId,
+ undefined,
+ true,
+ trx
+ );
+ }
+ } else {
+ await createTarget(existingResource.resourceId, targetData);
+ }
+ }
+
+ if (existingResourceTargets.length > resourceData.targets.length) {
+ const targetsToDelete = existingResourceTargets.slice(
+ resourceData.targets.length
+ );
+ logger.debug(
+ `Targets to delete: ${JSON.stringify(targetsToDelete)}`
+ );
+ for (const target of targetsToDelete) {
+ if (!target) {
+ continue;
+ }
+ if (siteId && target.siteId !== siteId) {
+ logger.debug(
+ `Skipping target ${target.targetId} for deletion. Site ID does not match filter.`
+ );
+ continue; // only delete targets for the specified siteId
+ }
+ logger.debug(`Deleting target ${target.targetId}`);
+ await trx
+ .delete(targets)
+ .where(eq(targets.targetId, target.targetId));
+ }
+ }
+
+ if (resourceData.policy) {
+ // SHARED POLICY MODE: sync rules into old resourceRules table
+ const existingRules = await trx
+ .select()
+ .from(resourceRules)
+ .where(
+ eq(
+ resourceRules.resourceId,
+ existingResource.resourceId
+ )
+ )
+ .orderBy(resourceRules.priority);
+
+ // Sync rules
+ for (const [index, rule] of resourceData.rules?.entries() ||
+ []) {
+ const intendedPriority = rule.priority ?? index + 1;
+ const existingRule = existingRules[index];
+ if (existingRule) {
+ if (
+ existingRule.action !==
+ getRuleAction(rule.action) ||
+ existingRule.match !== rule.match.toUpperCase() ||
+ existingRule.value !==
+ getRuleValue(
+ rule.match.toUpperCase(),
+ rule.value
+ ) ||
+ existingRule.priority !== intendedPriority
+ ) {
+ validateRule(rule);
+ await trx
+ .update(resourceRules)
+ .set({
+ action: getRuleAction(rule.action),
+ match: rule.match.toUpperCase() as ResourceRule["match"],
+ value: getRuleValue(
+ rule.match.toUpperCase(),
+ rule.value
+ ),
+ priority: intendedPriority
+ })
+ .where(
+ eq(
+ resourceRules.ruleId,
+ existingRule.ruleId
+ )
+ );
+ }
+ } else {
+ validateRule(rule);
+ await trx.insert(resourceRules).values({
+ resourceId: existingResource.resourceId,
+ action: getRuleAction(rule.action),
+ match: rule.match.toUpperCase() as ResourceRule["match"],
+ value: getRuleValue(
+ rule.match.toUpperCase(),
+ rule.value
+ ),
+ priority: intendedPriority
+ });
+ }
+ }
+
+ if (existingRules.length > (resourceData.rules?.length || 0)) {
+ const rulesToDelete = existingRules.slice(
+ resourceData.rules?.length || 0
+ );
+ for (const rule of rulesToDelete) {
+ await trx
+ .delete(resourceRules)
+ .where(eq(resourceRules.ruleId, rule.ruleId));
+ }
+ }
+ } else {
+ // INLINE POLICY MODE: sync rules into policy-level table
+ let inlinePolicyId = resource!.defaultResourcePolicyId;
+
+ // Targets-only updates skip the auth/policy update branch above,
+ // so pre-1.19 resources can still have no inline policy linked.
+ if (!inlinePolicyId) {
+ const [adminRole] = await trx
+ .select()
+ .from(roles)
+ .where(
+ and(eq(roles.isAdmin, true), eq(roles.orgId, orgId))
+ )
+ .limit(1);
+
+ if (!adminRole) {
+ throw new Error(`Admin role not found`);
+ }
+
+ inlinePolicyId = await ensureInlinePolicy(
+ existingResource.defaultResourcePolicyId,
+ orgId,
+ resourceNiceId,
+ adminRole.roleId,
+ trx
+ );
+
+ [resource] = await trx
+ .update(resources)
+ .set({
+ resourcePolicyId: null,
+ defaultResourcePolicyId: inlinePolicyId
+ })
+ .where(
+ eq(
+ resources.resourceId,
+ existingResource.resourceId
+ )
+ )
+ .returning();
+ }
+
+ // Clear the old resource-level rules table
+ await trx
+ .delete(resourceRules)
+ .where(
+ eq(
+ resourceRules.resourceId,
+ existingResource.resourceId
+ )
+ );
+
+ await syncInlinePolicyRules(
+ inlinePolicyId,
+ resourceData.rules || [],
+ trx
+ );
+ }
+
+ logger.debug(`Updated resource ${existingResource.resourceId}`);
+ } else {
+ // create a brand new resource
+
+ if (build === "saas") {
+ const usage = await usageService.getUsage(
+ orgId,
+ LimitId.PUBLIC_RESOURCES
+ );
+ if (!usage) {
+ throw new Error(
+ `Usage data not found for org ${orgId} and limit ${LimitId.PUBLIC_RESOURCES}`
+ );
+ }
+ const rejectResource = await usageService.checkLimitSet(
+ orgId,
+
+ LimitId.PUBLIC_RESOURCES,
+ {
+ ...usage,
+ instantaneousValue: (usage.instantaneousValue || 0) + 1
+ } // We need to add one to know if we are violating the limit
+ );
+ if (rejectResource) {
+ throw new Error(
+ "Public resource limit exceeded. Please upgrade your plan."
+ );
+ }
+ }
+
+ let domain;
+ if (
+ ["http", "ssh", "rdp", "vnc"].includes(resourceData.mode || "")
+ ) {
+ if (resourceData["full-domain"]?.startsWith("*.")) {
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.wildcardSubdomain
+ );
+ if (!isLicensed) {
+ throw new Error(
+ "Wildcard subdomains are not supported on your current plan. Please upgrade to access this feature."
+ );
+ }
+ }
+
+ domain = await getDomain(
+ undefined,
+ resourceData["full-domain"]!,
+ orgId,
+ trx
+ );
+
+ await enforceDomainNamespacePaywall(
+ orgId,
+ domain.domainId,
+ trx
+ );
+ }
+
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.maintencePage
+ );
+ if (!isLicensed) {
+ resourceData.maintenance = undefined;
+ }
+
+ // Look up admin role (needed for inline policy and roleResources)
+ const [adminRole] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!adminRole) {
+ throw new Error(`Admin role not found`);
+ }
+
+ // Always create an inline policy for the resource
+ const policyNiceId = await getUniqueResourcePolicyName(orgId);
+ const [inlinePolicy] = await trx
+ .insert(resourcePolicies)
+ .values({
+ niceId: policyNiceId,
+ orgId,
+ name: `default policy for ${resourceNiceId}`,
+ sso: true,
+ scope: "resource"
+ })
+ .returning();
+
+ // Make the inline policy visible to the admin role
+ await trx.insert(rolePolicies).values({
+ roleId: adminRole.roleId,
+ resourcePolicyId: inlinePolicy.resourcePolicyId
+ });
+
+ // Determine the active shared policy (if provided)
+ let sharedPolicyId: number | null = null;
+ if (resourceData.policy) {
+ const [sharedPolicy] = await trx
+ .select()
+ .from(resourcePolicies)
+ .where(
+ and(
+ eq(resourcePolicies.niceId, resourceData.policy),
+ eq(resourcePolicies.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!sharedPolicy) {
+ throw new Error(
+ `Shared policy not found: ${resourceData.policy} in org ${orgId}`
+ );
+ }
+ sharedPolicyId = sharedPolicy.resourcePolicyId;
+ }
+
+ // Create new resource
+ const [newResource] = await trx
+ .insert(resources)
+ .values({
+ orgId,
+ niceId: resourceNiceId,
+ name: resourceData.name || "Unnamed Resource",
+ mode: resourceData.mode,
+ proxyPort: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? null
+ : resourceData["proxy-port"],
+ fullDomain: ["http", "ssh", "rdp", "vnc"].includes(
+ resourceData.mode || ""
+ )
+ ? resourceData["full-domain"]
+ : null,
+ subdomain: domain ? domain.subdomain : null,
+ domainId: domain ? domain.domainId : null,
+ wildcard: domain ? domain.wildcard : false,
+ enabled: resourceEnabled,
+ setHostHeader: resourceData["host-header"] || null,
+ tlsServerName: resourceData["tls-server-name"] || null,
+ ssl: resourceSsl,
+ headers: headers || null,
+ applyRules:
+ resourceData.rules && resourceData.rules.length > 0,
+ pamMode: resourceData["auth-daemon"]?.pam || "passthrough",
+ authDaemonMode:
+ resourceData["auth-daemon"]?.mode || "native",
+ authDaemonPort: resourceData["auth-daemon"]?.port || 22123,
+ maintenanceModeEnabled: resourceData.maintenance?.enabled,
+ maintenanceModeType: resourceData.maintenance?.type,
+ maintenanceTitle: resourceData.maintenance?.title,
+ maintenanceMessage: resourceData.maintenance?.message,
+ maintenanceEstimatedTime:
+ resourceData.maintenance?.["estimated-time"],
+ proxyProtocol:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol"] ?? false)
+ : false,
+ proxyProtocolVersion:
+ resourceData.mode === "tcp"
+ ? (resourceData["proxy-protocol-version"] ?? 1)
+ : 1,
+ defaultResourcePolicyId: inlinePolicy.resourcePolicyId,
+ resourcePolicyId: sharedPolicyId,
+ // Only set these resource-level fields when using a shared policy
+ ...(sharedPolicyId
+ ? {
+ sso: resourceData.auth?.["sso-enabled"] || false,
+ skipToIdpId:
+ resourceData.auth?.["auto-login-idp"] || null,
+ emailWhitelistEnabled: resourceData.auth?.[
+ "whitelist-users"
+ ]
+ ? resourceData.auth["whitelist-users"]
+ .length > 0
+ : false,
+ applyRules:
+ resourceData.rules &&
+ resourceData.rules.length > 0
+ }
+ : {})
+ })
+ .returning();
+
+ resource = newResource;
+
+ await trx.insert(roleResources).values({
+ roleId: adminRole.roleId,
+ resourceId: newResource.resourceId
+ });
+
+ if (sharedPolicyId) {
+ // SHARED POLICY MODE: update OLD resource-level auth tables
+ if (resourceData.auth?.password) {
+ const passwordHash = await hashPassword(
+ resourceData.auth.password
+ );
+ await trx.insert(resourcePassword).values({
+ resourceId: newResource.resourceId,
+ passwordHash
+ });
+ }
+
+ if (resourceData.auth?.pincode) {
+ const pincodeHash = await hashPassword(
+ resourceData.auth.pincode.toString()
+ );
+ await trx.insert(resourcePincode).values({
+ resourceId: newResource.resourceId,
+ pincodeHash,
+ digitLength: 6
+ });
+ }
+
+ if (resourceData.auth?.["basic-auth"]) {
+ const headerAuthUser =
+ resourceData.auth["basic-auth"]?.user;
+ const headerAuthPassword =
+ resourceData.auth["basic-auth"]?.password;
+ const headerAuthExtendedCompatibility =
+ resourceData.auth["basic-auth"]?.extendedCompatibility;
+ if (
+ headerAuthUser &&
+ headerAuthPassword &&
+ headerAuthExtendedCompatibility !== null
+ ) {
+ const headerAuthHash = await hashPassword(
+ Buffer.from(
+ `${headerAuthUser}:${headerAuthPassword}`
+ ).toString("base64")
+ );
+ await Promise.all([
+ trx.insert(resourceHeaderAuth).values({
+ resourceId: newResource.resourceId,
+ headerAuthHash
+ }),
+ trx
+ .insert(resourceHeaderAuthExtendedCompatibility)
+ .values({
+ resourceId: newResource.resourceId,
+ extendedCompatibilityIsActivated:
+ headerAuthExtendedCompatibility
+ })
+ ]);
+ }
+ }
+
+ if (resourceData.auth?.["sso-roles"]) {
+ await syncRoleResources(
+ newResource.resourceId,
+ resourceData.auth["sso-roles"],
+ orgId,
+ trx
+ );
+ }
+
+ if (resourceData.auth?.["sso-users"]) {
+ await syncUserResources(
+ newResource.resourceId,
+ resourceData.auth["sso-users"],
+ orgId,
+ trx
+ );
+ }
+
+ if (resourceData.auth?.["whitelist-users"]) {
+ await syncWhitelistUsers(
+ newResource.resourceId,
+ resourceData.auth["whitelist-users"],
+ orgId,
+ trx
+ );
+ }
+
+ // Rules into OLD resourceRules table
+ for (const [index, rule] of resourceData.rules?.entries() ||
+ []) {
+ validateRule(rule);
+ await trx.insert(resourceRules).values({
+ resourceId: newResource.resourceId,
+ action: getRuleAction(rule.action),
+ match: rule.match.toUpperCase() as ResourceRule["match"],
+ value: getRuleValue(
+ rule.match.toUpperCase(),
+ rule.value
+ ),
+ priority: rule.priority ?? index + 1
+ });
+ }
+ } else {
+ // INLINE POLICY MODE: update the inline policy auth fields
+ await syncInlinePolicyAuth(
+ inlinePolicy.resourcePolicyId,
+ orgId,
+ resourceData,
+ trx
+ );
+
+ // Rules into policy-level table
+ await syncInlinePolicyRules(
+ inlinePolicy.resourcePolicyId,
+ resourceData.rules || [],
+ trx
+ );
+ }
+
+ // Create new targets
+ for (const targetData of resourceData.targets) {
+ if (!targetData) {
+ // If targetData is null or an empty object, we can skip it
+ continue;
+ }
+ await createTarget(newResource.resourceId, targetData);
+ }
+
+ await usageService.add(orgId, LimitId.PUBLIC_RESOURCES, 1, trx);
+
+ logger.debug(`Created resource ${newResource.resourceId}`);
+ }
+
+ results.push({
+ proxyResource: resource,
+ targetsToUpdate,
+ healthchecksToUpdate
+ });
+ }
+
+ return results;
+}
+
+function getRuleAction(input: string) {
+ let action = "DROP";
+ if (input == "allow") {
+ action = "ACCEPT";
+ } else if (input == "deny") {
+ action = "DROP";
+ } else if (input == "pass") {
+ action = "PASS";
+ }
+ return action;
+}
+
+function getRuleValue(match: string, value: string) {
+ // if the match is a country, uppercase the value
+ if (match === "COUNTRY" || match === "COUNTRY_IS_NOT") {
+ return value.toUpperCase();
+ }
+ return value;
+}
+
+function validateRule(rule: any) {
+ if (rule.match === "cidr") {
+ if (!isValidCIDR(rule.value)) {
+ throw new Error(`Invalid CIDR provided: ${rule.value}`);
+ }
+ } else if (rule.match === "ip") {
+ if (!isValidIP(rule.value)) {
+ throw new Error(`Invalid IP provided: ${rule.value}`);
+ }
+ } else if (rule.match === "path") {
+ if (!isValidUrlGlobPattern(rule.value)) {
+ throw new Error(`Invalid URL glob pattern: ${rule.value}`);
+ }
+ } else if (rule.match === "region") {
+ if (!isValidRegionId(rule.value)) {
+ throw new Error(`Invalid region ID provided: ${rule.value}`);
+ }
+ }
+}
+
+async function syncRoleResources(
+ resourceId: number,
+ ssoRoles: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingRoleResources = await trx
+ .select()
+ .from(roleResources)
+ .where(eq(roleResources.resourceId, resourceId));
+
+ for (const roleName of ssoRoles) {
+ let [role] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!role) {
+ const [created] = await trx
+ .insert(roles)
+ .values({ name: roleName, orgId })
+ .returning();
+ await trx.insert(roleActions).values(
+ defaultRoleAllowedActions.map((action) => ({
+ roleId: created.roleId,
+ actionId: action,
+ orgId
+ }))
+ );
+ role = created;
+ logger.info(
+ `Auto-created role "${roleName}" in org ${orgId} from blueprint`
+ );
+ }
+
+ if (role.isAdmin) {
+ continue; // never add admin access
+ }
+
+ const existingRoleResource = existingRoleResources.find(
+ (rr) => rr.roleId === role.roleId
+ );
+
+ if (!existingRoleResource) {
+ await trx.insert(roleResources).values({
+ roleId: role.roleId,
+ resourceId: resourceId
+ });
+ }
+ }
+
+ for (const existingRoleResource of existingRoleResources) {
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(eq(roles.roleId, existingRoleResource.roleId))
+ .limit(1);
+
+ if (role.isAdmin) {
+ continue; // never remove admin access
+ }
+
+ if (role && !ssoRoles.includes(role.name)) {
+ await trx
+ .delete(roleResources)
+ .where(
+ and(
+ eq(roleResources.roleId, existingRoleResource.roleId),
+ eq(roleResources.resourceId, resourceId)
+ )
+ );
+ }
+ }
+}
+
+async function syncUserResources(
+ resourceId: number,
+ ssoUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingUserResources = await trx
+ .select()
+ .from(userResources)
+ .where(eq(userResources.resourceId, resourceId));
+
+ for (const username of ssoUsers) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ or(eq(users.username, username), eq(users.email, username)),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!user) {
+ throw new Error(`User not found: ${username} in org ${orgId}`);
+ }
+
+ const existingUserResource = existingUserResources.find(
+ (rr) => rr.userId === user.user.userId
+ );
+
+ if (!existingUserResource) {
+ await trx.insert(userResources).values({
+ userId: user.user.userId,
+ resourceId: resourceId
+ });
+ }
+ }
+
+ for (const existingUserResource of existingUserResources) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ eq(users.userId, existingUserResource.userId),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (
+ user &&
+ user.user.username &&
+ !ssoUsers.includes(user.user.username)
+ ) {
+ await trx
+ .delete(userResources)
+ .where(
+ and(
+ eq(userResources.userId, existingUserResource.userId),
+ eq(userResources.resourceId, resourceId)
+ )
+ );
+ }
+ }
+}
+
+async function syncWhitelistUsers(
+ resourceId: number,
+ whitelistUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingWhitelist = await trx
+ .select()
+ .from(resourceWhitelist)
+ .where(eq(resourceWhitelist.resourceId, resourceId));
+
+ for (const email of whitelistUsers) {
+ const existingWhitelistEntry = existingWhitelist.find(
+ (w) => w.email === email
+ );
+
+ if (!existingWhitelistEntry) {
+ await trx.insert(resourceWhitelist).values({
+ email,
+ resourceId: resourceId
+ });
+ }
+ }
+
+ for (const existingWhitelistEntry of existingWhitelist) {
+ if (!whitelistUsers.includes(existingWhitelistEntry.email)) {
+ await trx
+ .delete(resourceWhitelist)
+ .where(
+ and(
+ eq(resourceWhitelist.resourceId, resourceId),
+ eq(
+ resourceWhitelist.email,
+ existingWhitelistEntry.email
+ )
+ )
+ );
+ }
+ }
+}
+
+/**
+ * Creates an inline resourcePolicy if one doesn't exist yet, and returns its ID.
+ * Makes the policy visible to the admin role via rolePolicies.
+ */
+async function ensureInlinePolicy(
+ existingPolicyId: number | null | undefined,
+ orgId: string,
+ resourceNiceId: string,
+ adminRoleId: number,
+ trx: Transaction
+): Promise {
+ if (existingPolicyId) {
+ return existingPolicyId;
+ }
+
+ const policyNiceId = await getUniqueResourcePolicyName(orgId);
+ const [newPolicy] = await trx
+ .insert(resourcePolicies)
+ .values({
+ niceId: policyNiceId,
+ orgId,
+ name: `default policy for ${resourceNiceId}`,
+ sso: true,
+ scope: "resource"
+ })
+ .returning();
+
+ await trx.insert(rolePolicies).values({
+ roleId: adminRoleId,
+ resourcePolicyId: newPolicy.resourcePolicyId
+ });
+
+ return newPolicy.resourcePolicyId;
+}
+
+/**
+ * Updates the inline policy's auth-related fields and policy-level tables
+ * (used when no shared policy is specified in the blueprint).
+ */
+async function syncInlinePolicyAuth(
+ policyId: number,
+ orgId: string,
+ resourceData: any,
+ trx: Transaction
+) {
+ // Update policy-level SSO/whitelist/applyRules fields
+ await trx
+ .update(resourcePolicies)
+ .set({
+ sso: resourceData.auth?.["sso-enabled"] ?? false,
+ idpId: resourceData.auth?.["auto-login-idp"] || null,
+ emailWhitelistEnabled: resourceData.auth?.["whitelist-users"]
+ ? resourceData.auth["whitelist-users"].length > 0
+ : false,
+ applyRules: !!(resourceData.rules && resourceData.rules.length > 0)
+ })
+ .where(eq(resourcePolicies.resourcePolicyId, policyId));
+
+ // Password
+ await trx
+ .delete(resourcePolicyPassword)
+ .where(eq(resourcePolicyPassword.resourcePolicyId, policyId));
+ if (resourceData.auth?.password) {
+ const passwordHash = await hashPassword(resourceData.auth.password);
+ await trx.insert(resourcePolicyPassword).values({
+ resourcePolicyId: policyId,
+ passwordHash
+ });
+ }
+
+ // Pincode
+ await trx
+ .delete(resourcePolicyPincode)
+ .where(eq(resourcePolicyPincode.resourcePolicyId, policyId));
+ if (resourceData.auth?.pincode) {
+ const pincodeHash = await hashPassword(
+ resourceData.auth.pincode.toString()
+ );
+ await trx.insert(resourcePolicyPincode).values({
+ resourcePolicyId: policyId,
+ pincodeHash,
+ digitLength: 6
+ });
+ }
+
+ // Header auth
+ await trx
+ .delete(resourcePolicyHeaderAuth)
+ .where(eq(resourcePolicyHeaderAuth.resourcePolicyId, policyId));
+ if (resourceData.auth?.["basic-auth"]) {
+ const headerAuthUser = resourceData.auth["basic-auth"]?.user;
+ const headerAuthPassword = resourceData.auth["basic-auth"]?.password;
+ const headerAuthExtendedCompatibility =
+ resourceData.auth["basic-auth"]?.extendedCompatibility;
+ if (
+ headerAuthUser &&
+ headerAuthPassword &&
+ headerAuthExtendedCompatibility !== null
+ ) {
+ const headerAuthHash = await hashPassword(
+ Buffer.from(`${headerAuthUser}:${headerAuthPassword}`).toString(
+ "base64"
+ )
+ );
+ await trx.insert(resourcePolicyHeaderAuth).values({
+ resourcePolicyId: policyId,
+ headerAuthHash,
+ extendedCompatibility: headerAuthExtendedCompatibility
+ });
+ }
+ }
+
+ // SSO roles → rolePolicies
+ if (resourceData.auth?.["sso-roles"] !== undefined) {
+ await syncRolePolicies(
+ policyId,
+ resourceData.auth["sso-roles"],
+ orgId,
+ trx
+ );
+ }
+
+ // SSO users → userPolicies
+ if (resourceData.auth?.["sso-users"] !== undefined) {
+ await syncUserPolicies(
+ policyId,
+ resourceData.auth["sso-users"],
+ orgId,
+ trx
+ );
+ }
+
+ // Whitelist → resourcePolicyWhiteList
+ if (resourceData.auth?.["whitelist-users"] !== undefined) {
+ await syncWhitelistPolicyUsers(
+ policyId,
+ resourceData.auth["whitelist-users"],
+ orgId,
+ trx
+ );
+ }
+}
+
+/**
+ * Syncs rules into the resourcePolicyRules table (inline policy mode).
+ */
+async function syncInlinePolicyRules(
+ policyId: number,
+ rules: any[],
+ trx: Transaction
+) {
+ const existingRules = await trx
+ .select()
+ .from(resourcePolicyRules)
+ .where(eq(resourcePolicyRules.resourcePolicyId, policyId))
+ .orderBy(resourcePolicyRules.priority);
+
+ for (const [index, rule] of rules.entries()) {
+ const intendedPriority = rule.priority ?? index + 1;
+ const existingRule = existingRules[index];
+ if (existingRule) {
+ if (
+ existingRule.action !== getRuleAction(rule.action) ||
+ existingRule.match !== rule.match.toUpperCase() ||
+ existingRule.value !==
+ getRuleValue(rule.match.toUpperCase(), rule.value) ||
+ existingRule.priority !== intendedPriority
+ ) {
+ validateRule(rule);
+ await trx
+ .update(resourcePolicyRules)
+ .set({
+ action: getRuleAction(rule.action) as
+ | "ACCEPT"
+ | "DROP"
+ | "PASS",
+ match: rule.match.toUpperCase() as
+ | "CIDR"
+ | "IP"
+ | "PATH",
+ value: getRuleValue(
+ rule.match.toUpperCase(),
+ rule.value
+ ),
+ priority: intendedPriority
+ })
+ .where(eq(resourcePolicyRules.ruleId, existingRule.ruleId));
+ }
+ } else {
+ validateRule(rule);
+ await trx.insert(resourcePolicyRules).values({
+ resourcePolicyId: policyId,
+ action: getRuleAction(rule.action) as
+ | "ACCEPT"
+ | "DROP"
+ | "PASS",
+ match: rule.match.toUpperCase() as "CIDR" | "IP" | "PATH",
+ value: getRuleValue(rule.match.toUpperCase(), rule.value),
+ priority: intendedPriority
+ });
+ }
+ }
+
+ if (existingRules.length > rules.length) {
+ const rulesToDelete = existingRules.slice(rules.length);
+ for (const rule of rulesToDelete) {
+ await trx
+ .delete(resourcePolicyRules)
+ .where(eq(resourcePolicyRules.ruleId, rule.ruleId));
+ }
+ }
+}
+
+/**
+ * Syncs SSO roles to the rolePolicies table (inline policy mode).
+ */
+async function syncRolePolicies(
+ policyId: number,
+ ssoRoles: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingRolePoliciesList = await trx
+ .select()
+ .from(rolePolicies)
+ .where(eq(rolePolicies.resourcePolicyId, policyId));
+
+ for (const roleName of ssoRoles) {
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!role) {
+ throw new Error(`Role not found: ${roleName} in org ${orgId}`);
+ }
+
+ if (role.isAdmin) {
+ continue;
+ }
+
+ const existingRolePolicy = existingRolePoliciesList.find(
+ (rp) => rp.roleId === role.roleId
+ );
+
+ if (!existingRolePolicy) {
+ await trx.insert(rolePolicies).values({
+ roleId: role.roleId,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ for (const existingRolePolicy of existingRolePoliciesList) {
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(eq(roles.roleId, existingRolePolicy.roleId))
+ .limit(1);
+
+ if (role?.isAdmin) {
+ continue;
+ }
+
+ if (role && !ssoRoles.includes(role.name)) {
+ await trx
+ .delete(rolePolicies)
+ .where(
+ and(
+ eq(rolePolicies.roleId, existingRolePolicy.roleId),
+ eq(rolePolicies.resourcePolicyId, policyId)
+ )
+ );
+ }
+ }
+}
+
+/**
+ * Syncs SSO users to the userPolicies table (inline policy mode).
+ */
+async function syncUserPolicies(
+ policyId: number,
+ ssoUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingUserPoliciesList = await trx
+ .select()
+ .from(userPolicies)
+ .where(eq(userPolicies.resourcePolicyId, policyId));
+
+ for (const username of ssoUsers) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ or(eq(users.username, username), eq(users.email, username)),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!user) {
+ throw new Error(`User not found: ${username} in org ${orgId}`);
+ }
+
+ const existingUserPolicy = existingUserPoliciesList.find(
+ (up) => up.userId === user.user.userId
+ );
+
+ if (!existingUserPolicy) {
+ await trx.insert(userPolicies).values({
+ userId: user.user.userId,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ for (const existingUserPolicy of existingUserPoliciesList) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ eq(users.userId, existingUserPolicy.userId),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (
+ user &&
+ user.user.username &&
+ !ssoUsers.includes(user.user.username)
+ ) {
+ await trx
+ .delete(userPolicies)
+ .where(
+ and(
+ eq(userPolicies.userId, existingUserPolicy.userId),
+ eq(userPolicies.resourcePolicyId, policyId)
+ )
+ );
+ }
+ }
+}
+
+/**
+ * Syncs whitelist emails to the resourcePolicyWhiteList table (inline policy mode).
+ */
+async function syncWhitelistPolicyUsers(
+ policyId: number,
+ whitelistUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingWhitelist = await trx
+ .select()
+ .from(resourcePolicyWhiteList)
+ .where(eq(resourcePolicyWhiteList.resourcePolicyId, policyId));
+
+ for (const email of whitelistUsers) {
+ const existingEntry = existingWhitelist.find((w) => w.email === email);
+
+ if (!existingEntry) {
+ await trx.insert(resourcePolicyWhiteList).values({
+ email,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ for (const existingEntry of existingWhitelist) {
+ if (!whitelistUsers.includes(existingEntry.email)) {
+ await trx
+ .delete(resourcePolicyWhiteList)
+ .where(
+ and(
+ eq(
+ resourcePolicyWhiteList.whitelistId,
+ existingEntry.whitelistId
+ ),
+ eq(resourcePolicyWhiteList.resourcePolicyId, policyId)
+ )
+ );
+ }
+ }
+}
+
+function checkIfHealthcheckChanged(
+ existing: TargetHealthCheck | undefined,
+ incoming: TargetHealthCheck | undefined
+) {
+ if (!existing && incoming) return true;
+ if (existing && !incoming) return true;
+ if (!existing || !incoming) return false;
+
+ if (existing.hcEnabled !== incoming.hcEnabled) return true;
+ if (existing.hcPath !== incoming.hcPath) return true;
+ if (existing.hcScheme !== incoming.hcScheme) return true;
+ if (existing.hcMode !== incoming.hcMode) return true;
+ if (existing.hcHostname !== incoming.hcHostname) return true;
+ if (existing.hcPort !== incoming.hcPort) return true;
+ if (existing.hcInterval !== incoming.hcInterval) return true;
+ if (existing.hcUnhealthyInterval !== incoming.hcUnhealthyInterval)
+ return true;
+ if (existing.hcTimeout !== incoming.hcTimeout) return true;
+ if (existing.hcFollowRedirects !== incoming.hcFollowRedirects) return true;
+ if (existing.hcMethod !== incoming.hcMethod) return true;
+ if (existing.hcStatus !== incoming.hcStatus) return true;
+ if (
+ JSON.stringify(existing.hcHeaders) !==
+ JSON.stringify(incoming.hcHeaders)
+ )
+ return true;
+ if (existing.hcHealthyThreshold !== incoming.hcHealthyThreshold)
+ return true;
+ if (existing.hcUnhealthyThreshold !== incoming.hcUnhealthyThreshold)
+ return true;
+
+ return false;
+}
+
+function checkIfTargetChanged(
+ existing: Target | undefined,
+ incoming: Target | undefined
+): boolean {
+ if (!existing && incoming) return true;
+ if (existing && !incoming) return true;
+ if (!existing || !incoming) return false;
+
+ if (existing.ip !== incoming.ip) return true;
+ if (existing.port !== incoming.port) return true;
+ if (existing.siteId !== incoming.siteId) return true;
+
+ return false;
+}
+
+async function enforceDomainNamespacePaywall(
+ orgId: string,
+ domainId: string,
+ trx: Transaction
+) {
+ if (build !== "saas") {
+ return;
+ }
+
+ const hasDomainNamespaceAccess = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.domainNamespaces
+ );
+
+ if (hasDomainNamespaceAccess) {
+ return;
+ }
+
+ const [namespaceDomain] = await trx
+ .select()
+ .from(domainNamespaces)
+ .where(eq(domainNamespaces.domainId, domainId))
+ .limit(1);
+
+ if (namespaceDomain) {
+ throw new Error(
+ "Your current subscription does not support custom domain namespaces. Please upgrade to access this feature."
+ );
+ }
+}
+
+export async function getDomain(
+ resourceId: number | undefined,
+ fullDomain: string,
+ orgId: string,
+ trx: Transaction
+) {
+ const [fullDomainExists] = await trx
+ .select({ resourceId: resources.resourceId })
+ .from(resources)
+ .where(
+ and(
+ eq(resources.fullDomain, fullDomain),
+ eq(resources.orgId, orgId),
+ resourceId
+ ? ne(resources.resourceId, resourceId)
+ : isNotNull(resources.resourceId)
+ )
+ )
+ .limit(1);
+
+ if (fullDomainExists) {
+ throw new Error(
+ `Resource already exists: ${fullDomain} in org ${orgId}`
+ );
+ }
+
+ const domain = await getDomainId(orgId, fullDomain, trx);
+
+ if (!domain) {
+ throw new Error(
+ `Domain not found for full-domain: ${fullDomain} in org ${orgId}`
+ );
+ }
+
+ await createCertificate(domain.domainId, fullDomain, trx);
+
+ return domain;
+}
+
+async function getDomainId(
+ orgId: string,
+ fullDomain: string,
+ trx: Transaction
+): Promise<{
+ subdomain: string | null;
+ domainId: string;
+ wildcard: boolean;
+} | null> {
+ const isWildcardFullDomain = fullDomain.startsWith("*.");
+
+ const possibleDomains = await trx
+ .select()
+ .from(domains)
+ .innerJoin(orgDomains, eq(domains.domainId, orgDomains.domainId))
+ .where(and(eq(orgDomains.orgId, orgId), eq(domains.verified, true)))
+ .execute();
+
+ if (possibleDomains.length === 0) {
+ return null;
+ }
+
+ const validDomains = possibleDomains.filter((domain) => {
+ // Wildcard full-domains are not allowed on CNAME domains
+ if (isWildcardFullDomain && domain.domains.type === "cname") {
+ return false;
+ }
+
+ if (domain.domains.type == "ns" || domain.domains.type == "wildcard") {
+ return (
+ fullDomain === domain.domains.baseDomain ||
+ fullDomain.endsWith(`.${domain.domains.baseDomain}`)
+ );
+ } else if (domain.domains.type == "cname") {
+ return fullDomain === domain.domains.baseDomain;
+ }
+ });
+
+ if (validDomains.length === 0) {
+ return null;
+ }
+
+ // Pick the most specific (longest baseDomain) valid domain so that, e.g.,
+ // *.test.dev.example.com is assigned to *.dev.example.com rather than *.example.com.
+ const domainSelection = validDomains.sort(
+ (a, b) => b.domains.baseDomain.length - a.domains.baseDomain.length
+ )[0].domains;
+ const baseDomain = domainSelection.baseDomain;
+
+ // Wildcard full-domains are not allowed on namespace (provided/free) domains
+ if (isWildcardFullDomain) {
+ const [namespaceDomain] = await trx
+ .select()
+ .from(domainNamespaces)
+ .where(eq(domainNamespaces.domainId, domainSelection.domainId))
+ .limit(1);
+
+ if (namespaceDomain) {
+ throw new Error(
+ `Wildcard full-domains are not supported for provided or free domains: ${fullDomain}`
+ );
+ }
+ }
+
+ // remove the base domain of the domain
+ let subdomain = null;
+ if (fullDomain != baseDomain) {
+ subdomain = fullDomain.replace(`.${baseDomain}`, "");
+ }
+
+ // Return the first valid domain
+ return {
+ subdomain: subdomain,
+ domainId: domainSelection.domainId,
+ wildcard: isWildcardFullDomain
+ };
+}
diff --git a/server/lib/blueprints/resourcePolicies.ts b/server/lib/blueprints/resourcePolicies.ts
new file mode 100644
index 000000000..aa5f4bc9b
--- /dev/null
+++ b/server/lib/blueprints/resourcePolicies.ts
@@ -0,0 +1,654 @@
+import {
+ db,
+ idp,
+ idpOrg,
+ resourcePolicies,
+ resourcePolicyHeaderAuth,
+ resourcePolicyPassword,
+ resourcePolicyPincode,
+ resourcePolicyRules,
+ resourcePolicyWhiteList,
+ rolePolicies,
+ roles,
+ Transaction,
+ userOrgs,
+ userPolicies,
+ users
+} from "@server/db";
+import { eq, and, or } from "drizzle-orm";
+import { Config, ResourcePolicyData } from "./types";
+import logger from "@server/logger";
+import { getUniqueResourcePolicyName } from "@server/db/names";
+import { hashPassword } from "@server/auth/password";
+import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
+import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
+import { tierMatrix } from "../billing/tierMatrix";
+
+export type ResourcePoliciesResults = {
+ resourcePolicyId: number;
+ niceId: string;
+}[];
+
+export async function updateResourcePolicies(
+ orgId: string,
+ config: Config,
+ trx: Transaction
+): Promise {
+ const results: ResourcePoliciesResults = [];
+
+ for (const [policyNiceId, policyData] of Object.entries(
+ config["public-policies"]
+ )) {
+ const isLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.resourcePolicies
+ );
+ if (!isLicensed) {
+ throw new Error(
+ "Your current subscription does not support shared resource policies. Please upgrade to access this feature."
+ );
+ }
+
+ // Validate rules
+ for (const rule of policyData.rules) {
+ if (rule.match === "cidr" && !isValidCIDR(rule.value)) {
+ throw new Error(
+ `Invalid CIDR provided in resource policy '${policyNiceId}': ${rule.value}`
+ );
+ } else if (rule.match === "ip" && !isValidIP(rule.value)) {
+ throw new Error(
+ `Invalid IP provided in resource policy '${policyNiceId}': ${rule.value}`
+ );
+ } else if (
+ rule.match === "path" &&
+ !isValidUrlGlobPattern(rule.value)
+ ) {
+ throw new Error(
+ `Invalid URL glob pattern provided in resource policy '${policyNiceId}': ${rule.value}`
+ );
+ }
+ }
+
+ // Validate auto-login-idp if provided
+ if (policyData["auto-login-idp"]) {
+ const [provider] = await trx
+ .select()
+ .from(idp)
+ .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
+ .where(
+ and(
+ eq(idp.idpId, policyData["auto-login-idp"]),
+ eq(idpOrg.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!provider) {
+ throw new Error(
+ `Identity provider not found for policy '${policyNiceId}' in this organization`
+ );
+ }
+ }
+
+ // Look up the admin role
+ const [adminRole] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!adminRole) {
+ throw new Error("Admin role not found");
+ }
+
+ // Find existing policy by niceId and orgId
+ const [existingPolicy] = await trx
+ .select()
+ .from(resourcePolicies)
+ .where(
+ and(
+ eq(resourcePolicies.niceId, policyNiceId),
+ eq(resourcePolicies.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ let resourcePolicyId: number;
+
+ if (existingPolicy) {
+ // Update the existing policy
+ await trx
+ .update(resourcePolicies)
+ .set({
+ name: policyData.name,
+ sso: policyData.sso ?? true,
+ idpId: policyData["auto-login-idp"] ?? null,
+ emailWhitelistEnabled:
+ policyData["email-whitelist-enabled"] ??
+ policyData["whitelist-users"].length > 0,
+ applyRules:
+ policyData["apply-rules"] || policyData.rules.length > 0
+ })
+ .where(
+ eq(
+ resourcePolicies.resourcePolicyId,
+ existingPolicy.resourcePolicyId
+ )
+ );
+
+ resourcePolicyId = existingPolicy.resourcePolicyId;
+
+ // Sync password
+ await trx
+ .delete(resourcePolicyPassword)
+ .where(
+ eq(
+ resourcePolicyPassword.resourcePolicyId,
+ resourcePolicyId
+ )
+ );
+ if (policyData.password) {
+ const passwordHash = await hashPassword(policyData.password);
+ await trx.insert(resourcePolicyPassword).values({
+ resourcePolicyId,
+ passwordHash
+ });
+ }
+
+ // Sync pincode
+ await trx
+ .delete(resourcePolicyPincode)
+ .where(
+ eq(resourcePolicyPincode.resourcePolicyId, resourcePolicyId)
+ );
+ if (policyData.pincode) {
+ const pincodeHash = await hashPassword(policyData.pincode);
+ await trx.insert(resourcePolicyPincode).values({
+ resourcePolicyId,
+ pincodeHash,
+ digitLength: 6
+ });
+ }
+
+ // Sync header auth
+ await trx
+ .delete(resourcePolicyHeaderAuth)
+ .where(
+ eq(
+ resourcePolicyHeaderAuth.resourcePolicyId,
+ resourcePolicyId
+ )
+ );
+ if (policyData["basic-auth"]) {
+ const basicAuth = policyData["basic-auth"];
+ const headerAuthHash = await hashPassword(
+ Buffer.from(
+ `${basicAuth.user}:${basicAuth.password}`
+ ).toString("base64")
+ );
+ await trx.insert(resourcePolicyHeaderAuth).values({
+ resourcePolicyId,
+ headerAuthHash,
+ extendedCompatibility:
+ basicAuth["extended-compatibility"] ?? true
+ });
+ }
+
+ // Sync SSO roles
+ await syncRolePolicies(
+ resourcePolicyId,
+ policyData["sso-roles"],
+ orgId,
+ adminRole.roleId,
+ trx
+ );
+
+ // Sync SSO users
+ await syncUserPolicies(
+ resourcePolicyId,
+ policyData["sso-users"],
+ orgId,
+ trx
+ );
+
+ // Sync whitelist users
+ await syncWhitelistPolicyUsers(
+ resourcePolicyId,
+ policyData["whitelist-users"],
+ trx
+ );
+
+ // Sync rules
+ await syncPolicyRules(resourcePolicyId, policyData.rules, trx);
+
+ logger.debug(
+ `Updated resource policy ${resourcePolicyId} (${policyNiceId})`
+ );
+ } else {
+ // Create a new policy
+ const [newPolicy] = await trx
+ .insert(resourcePolicies)
+ .values({
+ niceId: policyNiceId,
+ orgId,
+ name: policyData.name,
+ sso: policyData.sso ?? true,
+ idpId: policyData["auto-login-idp"] ?? null,
+ emailWhitelistEnabled:
+ policyData["email-whitelist-enabled"] ??
+ policyData["whitelist-users"].length > 0,
+ applyRules:
+ policyData["apply-rules"] ||
+ policyData.rules.length > 0,
+ scope: "global"
+ })
+ .returning();
+
+ resourcePolicyId = newPolicy.resourcePolicyId;
+
+ // Always add admin role
+ await trx.insert(rolePolicies).values({
+ roleId: adminRole.roleId,
+ resourcePolicyId
+ });
+
+ // Add SSO roles
+ await addRolePolicies(
+ resourcePolicyId,
+ policyData["sso-roles"],
+ orgId,
+ adminRole.roleId,
+ trx
+ );
+
+ // Add SSO users
+ await addUserPolicies(
+ resourcePolicyId,
+ policyData["sso-users"],
+ orgId,
+ trx
+ );
+
+ // Add password
+ if (policyData.password) {
+ const passwordHash = await hashPassword(policyData.password);
+ await trx.insert(resourcePolicyPassword).values({
+ resourcePolicyId,
+ passwordHash
+ });
+ }
+
+ // Add pincode
+ if (policyData.pincode) {
+ const pincodeHash = await hashPassword(policyData.pincode);
+ await trx.insert(resourcePolicyPincode).values({
+ resourcePolicyId,
+ pincodeHash,
+ digitLength: 6
+ });
+ }
+
+ // Add header auth
+ if (policyData["basic-auth"]) {
+ const basicAuth = policyData["basic-auth"];
+ const headerAuthHash = await hashPassword(
+ Buffer.from(
+ `${basicAuth.user}:${basicAuth.password}`
+ ).toString("base64")
+ );
+ await trx.insert(resourcePolicyHeaderAuth).values({
+ resourcePolicyId,
+ headerAuthHash,
+ extendedCompatibility:
+ basicAuth["extended-compatibility"] ?? true
+ });
+ }
+
+ // Add whitelist users
+ if (policyData["whitelist-users"].length > 0) {
+ await trx.insert(resourcePolicyWhiteList).values(
+ policyData["whitelist-users"].map((email) => ({
+ email,
+ resourcePolicyId
+ }))
+ );
+ }
+
+ // Add rules
+ if (policyData.rules.length > 0) {
+ await trx.insert(resourcePolicyRules).values(
+ policyData.rules.map((rule, index) => ({
+ resourcePolicyId,
+ action: getRuleAction(rule.action),
+ match: getRuleMatch(rule.match),
+ value: rule.value,
+ priority: rule.priority ?? index + 1,
+ enabled: rule.enabled ?? true
+ }))
+ );
+ }
+
+ logger.debug(
+ `Created resource policy ${resourcePolicyId} (${policyNiceId})`
+ );
+ }
+
+ results.push({ resourcePolicyId, niceId: policyNiceId });
+ }
+
+ return results;
+}
+
+function getRuleAction(input: string): "ACCEPT" | "DROP" | "PASS" {
+ if (input === "allow") return "ACCEPT";
+ if (input === "deny") return "DROP";
+ return "PASS";
+}
+
+function getRuleMatch(
+ input: string
+): "CIDR" | "IP" | "PATH" | "COUNTRY" | "COUNTRY_IS_NOT" | "ASN" | "REGION" {
+ return input.toUpperCase() as
+ | "CIDR"
+ | "IP"
+ | "PATH"
+ | "COUNTRY"
+ | "COUNTRY_IS_NOT"
+ | "ASN"
+ | "REGION";
+}
+
+async function syncRolePolicies(
+ policyId: number,
+ ssoRoles: string[],
+ orgId: string,
+ adminRoleId: number,
+ trx: Transaction
+) {
+ const existingRolePolicies = await trx
+ .select()
+ .from(rolePolicies)
+ .where(eq(rolePolicies.resourcePolicyId, policyId));
+
+ for (const roleName of ssoRoles) {
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!role) {
+ logger.warn(
+ `Role '${roleName}' not found in org '${orgId}', skipping`
+ );
+ continue;
+ }
+
+ if (role.isAdmin) {
+ continue; // admin role is always included, skip
+ }
+
+ const alreadyExists = existingRolePolicies.some(
+ (rp) => rp.roleId === role.roleId
+ );
+
+ if (!alreadyExists) {
+ await trx.insert(rolePolicies).values({
+ roleId: role.roleId,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ // Remove roles no longer in the list (except admin)
+ for (const existingRolePolicy of existingRolePolicies) {
+ if (existingRolePolicy.roleId === adminRoleId) {
+ continue;
+ }
+
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(eq(roles.roleId, existingRolePolicy.roleId))
+ .limit(1);
+
+ if (role?.isAdmin) {
+ continue;
+ }
+
+ if (role && !ssoRoles.includes(role.name)) {
+ await trx
+ .delete(rolePolicies)
+ .where(
+ and(
+ eq(rolePolicies.resourcePolicyId, policyId),
+ eq(rolePolicies.roleId, existingRolePolicy.roleId)
+ )
+ );
+ }
+ }
+}
+
+async function addRolePolicies(
+ policyId: number,
+ ssoRoles: string[],
+ orgId: string,
+ adminRoleId: number,
+ trx: Transaction
+) {
+ for (const roleName of ssoRoles) {
+ const [role] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
+ .limit(1);
+
+ if (!role) {
+ logger.warn(
+ `Role '${roleName}' not found in org '${orgId}', skipping`
+ );
+ continue;
+ }
+
+ if (role.isAdmin) {
+ continue; // admin already added
+ }
+
+ await trx.insert(rolePolicies).values({
+ roleId: role.roleId,
+ resourcePolicyId: policyId
+ });
+ }
+}
+
+async function syncUserPolicies(
+ policyId: number,
+ ssoUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ const existingUserPolicies = await trx
+ .select()
+ .from(userPolicies)
+ .where(eq(userPolicies.resourcePolicyId, policyId));
+
+ for (const username of ssoUsers) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ or(eq(users.username, username), eq(users.email, username)),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!user) {
+ logger.warn(
+ `User '${username}' not found in org '${orgId}', skipping`
+ );
+ continue;
+ }
+
+ const alreadyExists = existingUserPolicies.some(
+ (up) => up.userId === user.user.userId
+ );
+
+ if (!alreadyExists) {
+ await trx.insert(userPolicies).values({
+ userId: user.user.userId,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ // Remove users no longer in the list
+ for (const existingUserPolicy of existingUserPolicies) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ eq(users.userId, existingUserPolicy.userId),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (
+ user &&
+ user.user.username &&
+ !ssoUsers.includes(user.user.username) &&
+ !ssoUsers.includes(user.user.email ?? "")
+ ) {
+ await trx
+ .delete(userPolicies)
+ .where(
+ and(
+ eq(userPolicies.resourcePolicyId, policyId),
+ eq(userPolicies.userId, existingUserPolicy.userId)
+ )
+ );
+ }
+ }
+}
+
+async function addUserPolicies(
+ policyId: number,
+ ssoUsers: string[],
+ orgId: string,
+ trx: Transaction
+) {
+ for (const username of ssoUsers) {
+ const [user] = await trx
+ .select()
+ .from(users)
+ .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+ .where(
+ and(
+ or(eq(users.username, username), eq(users.email, username)),
+ eq(userOrgs.orgId, orgId)
+ )
+ )
+ .limit(1);
+
+ if (!user) {
+ logger.warn(
+ `User '${username}' not found in org '${orgId}', skipping`
+ );
+ continue;
+ }
+
+ await trx.insert(userPolicies).values({
+ userId: user.user.userId,
+ resourcePolicyId: policyId
+ });
+ }
+}
+
+async function syncWhitelistPolicyUsers(
+ policyId: number,
+ whitelistUsers: string[],
+ trx: Transaction
+) {
+ const existingWhitelist = await trx
+ .select()
+ .from(resourcePolicyWhiteList)
+ .where(eq(resourcePolicyWhiteList.resourcePolicyId, policyId));
+
+ for (const email of whitelistUsers) {
+ const alreadyExists = existingWhitelist.some((w) => w.email === email);
+
+ if (!alreadyExists) {
+ await trx.insert(resourcePolicyWhiteList).values({
+ email,
+ resourcePolicyId: policyId
+ });
+ }
+ }
+
+ for (const existingEntry of existingWhitelist) {
+ if (!whitelistUsers.includes(existingEntry.email)) {
+ await trx
+ .delete(resourcePolicyWhiteList)
+ .where(
+ and(
+ eq(resourcePolicyWhiteList.resourcePolicyId, policyId),
+ eq(resourcePolicyWhiteList.email, existingEntry.email)
+ )
+ );
+ }
+ }
+}
+
+async function syncPolicyRules(
+ policyId: number,
+ rules: ResourcePolicyData["rules"],
+ trx: Transaction
+) {
+ const existingRules = await trx
+ .select()
+ .from(resourcePolicyRules)
+ .where(eq(resourcePolicyRules.resourcePolicyId, policyId))
+ .orderBy(resourcePolicyRules.priority);
+
+ for (const [index, rule] of rules.entries()) {
+ const intendedPriority = rule.priority ?? index + 1;
+ const existingRule = existingRules[index];
+
+ if (existingRule) {
+ await trx
+ .update(resourcePolicyRules)
+ .set({
+ action: getRuleAction(rule.action),
+ match: getRuleMatch(rule.match),
+ value: rule.value,
+ priority: intendedPriority,
+ enabled: rule.enabled ?? true
+ })
+ .where(eq(resourcePolicyRules.ruleId, existingRule.ruleId));
+ } else {
+ await trx.insert(resourcePolicyRules).values({
+ resourcePolicyId: policyId,
+ action: getRuleAction(rule.action),
+ match: getRuleMatch(rule.match),
+ value: rule.value,
+ priority: intendedPriority,
+ enabled: rule.enabled ?? true
+ });
+ }
+ }
+
+ // Remove extra rules
+ if (existingRules.length > rules.length) {
+ const rulesToDelete = existingRules.slice(rules.length);
+ for (const rule of rulesToDelete) {
+ await trx
+ .delete(resourcePolicyRules)
+ .where(eq(resourcePolicyRules.ruleId, rule.ruleId));
+ }
+ }
+}
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 221b5e586..5495a2d8e 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -1,8 +1,23 @@
import { z } from "zod";
+import { existsSync } from "node:fs";
import { portRangeStringSchema } from "@server/lib/ip";
import { MaintenanceSchema } from "#dynamic/lib/blueprints/MaintenanceSchema";
import { isValidRegionId } from "@server/db/regions";
import { wildcardSubdomainSchema } from "@server/lib/schemas";
+import config from "@server/lib/config";
+
+const maxmindDbPath = config.getRawConfig().server.maxmind_db_path;
+const maxmindAsnPath = config.getRawConfig().server.maxmind_asn_path;
+
+const hasMaxmindCountryDb =
+ typeof maxmindDbPath === "string" &&
+ maxmindDbPath.length > 0 &&
+ existsSync(maxmindDbPath);
+
+const hasMaxmindAsnDb =
+ typeof maxmindAsnPath === "string" &&
+ maxmindAsnPath.length > 0 &&
+ existsSync(maxmindAsnPath);
export const SiteSchema = z.object({
name: z.string().min(1).max(100),
@@ -83,7 +98,8 @@ export const RuleSchema = z
action: z.enum(["allow", "deny", "pass"]),
match: z.enum(["cidr", "path", "ip", "country", "asn", "region"]),
value: z.coerce.string(),
- priority: z.int().optional()
+ priority: z.int().optional(),
+ enabled: z.boolean().optional().default(true)
})
.refine(
(rule) => {
@@ -116,6 +132,9 @@ export const RuleSchema = z
.refine(
(rule) => {
if (rule.match === "country") {
+ if (!hasMaxmindCountryDb) {
+ return false;
+ }
// Check if it's a valid 2-letter country code or "ALL"
return /^[A-Z]{2}$/.test(rule.value) || rule.value === "ALL";
}
@@ -124,12 +143,15 @@ export const RuleSchema = z
{
path: ["value"],
message:
- "Value must be a 2-letter country code or 'ALL' when match is 'country'"
+ "Country rules require a valid existing server.maxmind_db_path and value must be a 2-letter country code or 'ALL'"
}
)
.refine(
(rule) => {
if (rule.match === "asn") {
+ if (!hasMaxmindCountryDb || !hasMaxmindAsnDb) {
+ return false;
+ }
// Check if it's either AS format or "ALL"
const asNumberPattern = /^AS\d+$/i;
return asNumberPattern.test(rule.value) || rule.value === "ALL";
@@ -139,7 +161,7 @@ export const RuleSchema = z
{
path: ["value"],
message:
- "Value must be 'AS' format or 'ALL' when match is 'asn'"
+ "ASN rules require valid existing server.maxmind_db_path and server.maxmind_asn_path, and value must be 'AS' format or 'ALL'"
}
)
.refine(
@@ -161,11 +183,34 @@ export const HeaderSchema = z.object({
value: z.string().min(1)
});
+export const AuthDaemonSchema = z
+ .object({
+ pam: z.enum(["passthrough", "push"]).optional().default("passthrough"),
+ mode: z.enum(["site", "remote", "native"]).optional().default("site"),
+ port: z.int().min(1).max(65535).optional()
+ })
+ .refine(
+ (data) => {
+ if (data.mode === "remote") {
+ return data.port !== undefined;
+ }
+ return true;
+ },
+ {
+ path: ["port"],
+ message: "port is required when auth-daemon mode is 'remote'"
+ }
+ );
+
// Schema for individual resource
-export const ResourceSchema = z
+export const PublicResourceSchema = z
.object({
name: z.string().optional(),
- protocol: z.enum(["http", "tcp", "udp"]).optional(),
+ protocol: z
+ .enum(["http", "tcp", "udp", "ssh", "rdp", "vnc"])
+ .optional(), // this was the old one and is now DEPRECATED in favor of the mode
+ mode: z.enum(["http", "tcp", "udp", "ssh", "rdp", "vnc"]).optional(),
+ policy: z.string().optional(),
ssl: z.boolean().optional(),
scheme: z.enum(["http", "https"]).optional(),
"full-domain": z.string().optional(),
@@ -177,7 +222,10 @@ export const ResourceSchema = z
"tls-server-name": z.string().optional(),
headers: z.array(HeaderSchema).optional(),
rules: z.array(RuleSchema).optional(),
- maintenance: MaintenanceSchema.optional()
+ maintenance: MaintenanceSchema.optional(),
+ "auth-daemon": AuthDaemonSchema.optional(),
+ "proxy-protocol": z.boolean().optional(),
+ "proxy-protocol-version": z.int().min(1).optional()
})
.refine(
(resource) => {
@@ -185,9 +233,10 @@ export const ResourceSchema = z
return true;
}
- // Otherwise, require name and protocol for full resource definition
+ // Otherwise, require name and protocol/mode for full resource definition
return (
- resource.name !== undefined && resource.protocol !== undefined
+ resource.name !== undefined &&
+ (resource.mode !== undefined || resource.protocol !== undefined)
);
},
{
@@ -201,8 +250,8 @@ export const ResourceSchema = z
return true;
}
- // If protocol is http, all targets must have method field
- if (resource.protocol === "http") {
+ // If protocol/mode is http, all targets must have method field
+ if ((resource.mode ?? resource.protocol) === "http") {
return resource.targets.every(
(target) => target == null || target.method !== undefined
);
@@ -220,8 +269,9 @@ export const ResourceSchema = z
return true;
}
- // If protocol is tcp or udp, no target should have method field
- if (resource.protocol === "tcp" || resource.protocol === "udp") {
+ // If protocol/mode is tcp or udp, no target should have method field
+ const effectiveProtocol1 = resource.mode ?? resource.protocol;
+ if (effectiveProtocol1 === "tcp" || effectiveProtocol1 === "udp") {
return resource.targets.every(
(target) => target == null || target.method === undefined
);
@@ -239,8 +289,37 @@ export const ResourceSchema = z
return true;
}
- // If protocol is http, it must have a full-domain
- if (resource.protocol === "http") {
+ const effectiveProtocol = resource.mode ?? resource.protocol;
+ if (effectiveProtocol !== "ssh") {
+ return true;
+ }
+
+ const authDaemonMode = resource["auth-daemon"]?.mode;
+ if (authDaemonMode !== "native" && authDaemonMode !== "site") {
+ return true;
+ }
+
+ return (
+ resource.targets.filter((target) => target != null).length <= 1
+ );
+ },
+ {
+ path: ["targets"],
+ error: "When protocol is 'ssh' and auth-daemon mode is 'native' or 'site', only one target/site is allowed"
+ }
+ )
+ .refine(
+ (resource) => {
+ if (isTargetsOnlyResource(resource)) {
+ return true;
+ }
+
+ // If protocol/mode is http, ssh, rdp, or vnc, it must have a full-domain
+ const effectiveProtocol = resource.mode ?? resource.protocol;
+ if (
+ effectiveProtocol !== undefined &&
+ ["http", "ssh", "rdp", "vnc"].includes(effectiveProtocol)
+ ) {
return (
resource["full-domain"] !== undefined &&
resource["full-domain"].length > 0
@@ -250,7 +329,7 @@ export const ResourceSchema = z
},
{
path: ["full-domain"],
- error: "When protocol is 'http', a 'full-domain' must be provided"
+ error: "When protocol is 'http', 'ssh', 'rdp', or 'vnc', a 'full-domain' must be provided"
}
)
.refine(
@@ -259,8 +338,9 @@ export const ResourceSchema = z
return true;
}
- // If protocol is tcp or udp, it must have both proxy-port
- if (resource.protocol === "tcp" || resource.protocol === "udp") {
+ // If protocol/mode is tcp or udp, it must have both proxy-port
+ const effectiveProtocol2 = resource.mode ?? resource.protocol;
+ if (effectiveProtocol2 === "tcp" || effectiveProtocol2 === "udp") {
return resource["proxy-port"] !== undefined;
}
return true;
@@ -277,8 +357,9 @@ export const ResourceSchema = z
return true;
}
- // If protocol is tcp or udp, it must not have auth
- if (resource.protocol === "tcp" || resource.protocol === "udp") {
+ // If protocol/mode is tcp or udp, it must not have auth
+ const effectiveProtocol3 = resource.mode ?? resource.protocol;
+ if (effectiveProtocol3 === "tcp" || effectiveProtocol3 === "udp") {
return resource.auth === undefined;
}
return true;
@@ -349,22 +430,46 @@ export const ResourceSchema = z
message:
'Wildcard full-domain must have "*" as the leftmost label only, followed by at least two valid hostname labels (e.g. "*.example.com" or "*.level1.example.com"). Patterns like "*example.com" or "level2.*.example.com" are not supported.'
}
- );
+ )
+ .refine(
+ (resource) => {
+ const effectiveMode = resource.mode ?? resource.protocol;
+ if (effectiveMode !== "tcp") {
+ return (
+ resource["proxy-protocol"] === undefined &&
+ resource["proxy-protocol-version"] === undefined
+ );
+ }
+ return true;
+ },
+ {
+ path: ["proxy-protocol"],
+ message:
+ "'proxy-protocol' and 'proxy-protocol-version' can only be set when mode is 'tcp'"
+ }
+ )
+ .transform((resource) => {
+ // Normalize: prefer mode, fall back to protocol for backwards compatibility
+ if (resource.mode === undefined && resource.protocol !== undefined) {
+ resource.mode = resource.protocol;
+ }
+ return resource;
+ });
export function isTargetsOnlyResource(resource: any): boolean {
return Object.keys(resource).length === 1 && resource.targets;
}
-export const ClientResourceSchema = z
+export const PrivateResourceSchema = z
.object({
name: z.string().min(1).max(255),
- mode: z.enum(["host", "cidr", "http"]),
+ mode: z.enum(["host", "cidr", "http", "ssh"]),
site: z.string().optional(), // DEPRECATED IN FAVOR OF sites
sites: z.array(z.string()).optional().default([]),
// protocol: z.enum(["tcp", "udp"]).optional(),
// proxyPort: z.int().positive().optional(),
"destination-port": z.int().positive().optional(),
- destination: z.string().min(1),
+ destination: z.string().min(1).optional(),
// enabled: z.boolean().default(true),
"tcp-ports": portRangeStringSchema.optional().default("*"),
"udp-ports": portRangeStringSchema.optional().default("*"),
@@ -387,11 +492,31 @@ export const ClientResourceSchema = z
error: "Admin role cannot be included in roles"
}),
users: z.array(z.string()).optional().default([]),
- machines: z.array(z.string()).optional().default([])
+ machines: z.array(z.string()).optional().default([]),
+ "auth-daemon": AuthDaemonSchema.optional()
})
+ .refine(
+ (data) => {
+ // destination is optional only for ssh+native; required for everything else
+ const isNativeSSH =
+ data.mode === "ssh" &&
+ (data["auth-daemon"] === undefined ||
+ data["auth-daemon"].mode === "native");
+ if (!isNativeSSH && !data.destination) {
+ return false;
+ }
+ return true;
+ },
+ {
+ path: ["destination"],
+ message:
+ "destination is required unless mode is 'ssh' with auth-daemon mode 'native'"
+ }
+ )
.refine(
(data) => {
if (data.mode === "host") {
+ if (!data.destination) return true; // caught by the destination-required refine
// Check if it's a valid IP address using zod (v4 or v6)
const isValidIP = z
.union([z.ipv4(), z.ipv6()])
@@ -419,6 +544,7 @@ export const ClientResourceSchema = z
.refine(
(data) => {
if (data.mode === "cidr") {
+ if (!data.destination) return true; // caught by the destination-required refine
// Check if it's a valid CIDR (v4 or v6)
const isValidCIDR = z
.union([z.cidrv4(), z.cidrv6()])
@@ -430,25 +556,112 @@ export const ClientResourceSchema = z
{
message: "Destination must be a valid CIDR notation for cidr mode"
}
- );
+ )
+ .refine(
+ (data) => {
+ if (data.mode !== "ssh") {
+ return true;
+ }
+
+ const authDaemonMode = data["auth-daemon"]?.mode;
+ if (authDaemonMode !== "native" && authDaemonMode !== "site") {
+ return true;
+ }
+
+ const uniqueSites = new Set();
+ if (data.site) {
+ uniqueSites.add(data.site);
+ }
+ for (const site of data.sites) {
+ uniqueSites.add(site);
+ }
+
+ return uniqueSites.size <= 1;
+ },
+ {
+ path: ["sites"],
+ message:
+ "When mode is 'ssh' and auth-daemon mode is 'native' or 'site', only one site/target is allowed"
+ }
+ )
+ .transform((data) => {
+ if (
+ data.mode === "ssh" &&
+ data.destination !== undefined &&
+ data["destination-port"] === undefined
+ ) {
+ data["destination-port"] = 22;
+ }
+ return data;
+ });
+
+export const ResourcePolicyRuleSchema = RuleSchema;
+
+export const ResourcePolicySchema = z.object({
+ name: z.string().min(1).max(255),
+ sso: z.boolean().optional().default(true),
+ "auto-login-idp": z.int().positive().optional().nullable(),
+ "sso-roles": z
+ .array(z.string())
+ .optional()
+ .default([])
+ .refine((roles) => !roles.includes("Admin"), {
+ error: "Admin role cannot be included in sso-roles"
+ }),
+ "sso-users": z.array(z.string()).optional().default([]),
+ password: z.string().min(4).max(100).optional().nullable(),
+ pincode: z
+ .string()
+ .regex(/^\d{6}$/)
+ .optional()
+ .nullable(),
+ "basic-auth": z
+ .object({
+ user: z.string().min(4).max(100),
+ password: z.string().min(4).max(100),
+ "extended-compatibility": z.boolean().default(true)
+ })
+ .optional()
+ .nullable(),
+ "email-whitelist-enabled": z.boolean().optional().default(false),
+ "whitelist-users": z
+ .array(
+ z.email().or(
+ z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
+ error: "Invalid email address. Wildcard (*) must be the entire local part."
+ })
+ )
+ )
+ .max(50)
+ .transform((v) => v.map((e) => e.toLowerCase()))
+ .optional()
+ .default([]),
+ "apply-rules": z.boolean().optional().default(false),
+ rules: z.array(ResourcePolicyRuleSchema).optional().default([])
+});
+export type ResourcePolicyData = z.infer;
// Schema for the entire configuration object
export const ConfigSchema = z
.object({
"proxy-resources": z
- .record(z.string(), ResourceSchema)
+ .record(z.string(), PublicResourceSchema)
.optional()
.prefault({}),
"public-resources": z
- .record(z.string(), ResourceSchema)
+ .record(z.string(), PublicResourceSchema)
.optional()
.prefault({}),
"client-resources": z
- .record(z.string(), ClientResourceSchema)
+ .record(z.string(), PrivateResourceSchema)
.optional()
.prefault({}),
"private-resources": z
- .record(z.string(), ClientResourceSchema)
+ .record(z.string(), PrivateResourceSchema)
+ .optional()
+ .prefault({}),
+ "public-policies": z
+ .record(z.string(), ResourcePolicySchema)
.optional()
.prefault({}),
sites: z.record(z.string(), SiteSchema).optional().prefault({})
@@ -473,10 +686,17 @@ export const ConfigSchema = z
}
return data as {
- "proxy-resources": Record>;
+ "proxy-resources": Record<
+ string,
+ z.infer
+ >;
"client-resources": Record<
string,
- z.infer
+ z.infer
+ >;
+ "public-policies": Record<
+ string,
+ z.infer
>;
sites: Record>;
};
@@ -615,5 +835,6 @@ export const ConfigSchema = z
// Type inference from the schema
export type Site = z.infer;
export type Target = z.infer;
-export type Resource = z.infer;
+export type Resource = z.infer;
export type Config = z.infer;
+export type BlueprintResourcePolicy = z.infer;
diff --git a/server/lib/cache.ts b/server/lib/cache.ts
index f089a6387..498d0dd3f 100644
--- a/server/lib/cache.ts
+++ b/server/lib/cache.ts
@@ -154,8 +154,19 @@ class AdaptiveCache {
keys(): string[] {
return localCache.keys();
}
+
+ /**
+ * Get keys with a specific prefix
+ * @param prefix - Key prefix to match
+ * @returns Array of matching keys
+ */
+ async keysWithPrefix(prefix: string): Promise {
+ const allKeys = localCache.keys();
+ return allKeys.filter((key) => key.startsWith(prefix));
+ }
}
// Export singleton instance
export const cache = new AdaptiveCache();
+export const regionalCache = cache; // Alias for compatability with the private version
export default cache;
diff --git a/server/lib/calculateUserClientsForOrgs.ts b/server/lib/calculateUserClientsForOrgs.ts
index 6354dd81f..39585500a 100644
--- a/server/lib/calculateUserClientsForOrgs.ts
+++ b/server/lib/calculateUserClientsForOrgs.ts
@@ -6,6 +6,7 @@ import {
db,
olms,
orgs,
+ primaryDb,
roleClients,
roles,
Transaction,
@@ -23,422 +24,427 @@ import { rebuildClientAssociationsFromClient } from "./rebuildClientAssociations
import { OlmErrorCodes } from "@server/routers/olm/error";
import { tierMatrix } from "./billing/tierMatrix";
-export async function calculateUserClientsForOrgs(
+type ClientRow = typeof clients.$inferSelect;
+
+function runQueuedClientAssociationRebuilds(
userId: string,
- trx: Transaction | typeof db = db
-): Promise {
- const execute = async (transaction: Transaction | typeof db) => {
- const orgCache = new Map();
- const adminRoleCache = new Map<
- string,
- typeof roles.$inferSelect | null
- >();
- const exitNodesCache = new Map<
- string,
- Awaited>
- >();
- const isOrgLicensedCache = new Map();
- const existingClientCache = new Map<
- string,
- typeof clients.$inferSelect | null
- >();
- const roleClientAccessCache = new Map();
- const userClientAccessCache = new Map();
+ queuedClients: ClientRow[]
+) {
+ if (queuedClients.length === 0) {
+ return;
+ }
- const getOrgOlmKey = (orgId: string, olmId: string) =>
- `${orgId}:${olmId}`;
- const getRoleClientKey = (roleId: number, clientId: number) =>
- `${roleId}:${clientId}`;
- const getUserClientKey = (cachedUserId: string, clientId: number) =>
- `${cachedUserId}:${clientId}`;
+ const uniqueClientsById = new Map();
+ for (const client of queuedClients) {
+ uniqueClientsById.set(client.clientId, client);
+ }
- const getOrg = async (orgId: string) => {
- if (orgCache.has(orgId)) {
- return orgCache.get(orgId) ?? null;
- }
-
- const [org] = await transaction
- .select()
- .from(orgs)
- .where(eq(orgs.orgId, orgId));
- orgCache.set(orgId, org ?? null);
-
- return org ?? null;
- };
-
- const getAdminRole = async (orgId: string) => {
- if (adminRoleCache.has(orgId)) {
- return adminRoleCache.get(orgId) ?? null;
- }
-
- const [adminRole] = await transaction
- .select()
- .from(roles)
- .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
- .limit(1);
- adminRoleCache.set(orgId, adminRole ?? null);
-
- return adminRole ?? null;
- };
-
- const getExitNodes = async (orgId: string) => {
- if (exitNodesCache.has(orgId)) {
- return exitNodesCache.get(orgId)!;
- }
-
- const exitNodes = await listExitNodes(orgId);
- exitNodesCache.set(orgId, exitNodes);
-
- return exitNodes;
- };
-
- const getIsOrgLicensed = async (orgId: string) => {
- if (isOrgLicensedCache.has(orgId)) {
- return isOrgLicensedCache.get(orgId)!;
- }
-
- const isOrgLicensed = await isLicensedOrSubscribed(
- orgId,
- tierMatrix.deviceApprovals
+ for (const client of uniqueClientsById.values()) {
+ rebuildClientAssociationsFromClient(client).catch((error) => {
+ logger.error(
+ `Error rebuilding client associations for client ${client.clientId} (user ${userId}): ${String(
+ error
+ )}`
);
- isOrgLicensedCache.set(orgId, isOrgLicensed);
-
- return isOrgLicensed;
- };
-
- const getExistingClient = async (orgId: string, olmId: string) => {
- const key = getOrgOlmKey(orgId, olmId);
- if (existingClientCache.has(key)) {
- return existingClientCache.get(key) ?? null;
- }
-
- const [existingClient] = await transaction
- .select()
- .from(clients)
- .where(
- and(
- eq(clients.userId, userId),
- eq(clients.orgId, orgId),
- eq(clients.olmId, olmId)
- )
- )
- .limit(1);
-
- existingClientCache.set(key, existingClient ?? null);
-
- return existingClient ?? null;
- };
-
- const hasRoleClientAccess = async (
- roleId: number,
- clientId: number
- ) => {
- const key = getRoleClientKey(roleId, clientId);
- if (roleClientAccessCache.has(key)) {
- return roleClientAccessCache.get(key)!;
- }
-
- const [existingRoleClient] = await transaction
- .select()
- .from(roleClients)
- .where(
- and(
- eq(roleClients.roleId, roleId),
- eq(roleClients.clientId, clientId)
- )
- )
- .limit(1);
-
- const hasAccess = Boolean(existingRoleClient);
- roleClientAccessCache.set(key, hasAccess);
-
- return hasAccess;
- };
-
- const hasUserClientAccess = async (
- cachedUserId: string,
- clientId: number
- ) => {
- const key = getUserClientKey(cachedUserId, clientId);
- if (userClientAccessCache.has(key)) {
- return userClientAccessCache.get(key)!;
- }
-
- const [existingUserClient] = await transaction
- .select()
- .from(userClients)
- .where(
- and(
- eq(userClients.userId, cachedUserId),
- eq(userClients.clientId, clientId)
- )
- )
- .limit(1);
-
- const hasAccess = Boolean(existingUserClient);
- userClientAccessCache.set(key, hasAccess);
-
- return hasAccess;
- };
-
- // Get all OLMs for this user
- const userOlms = await transaction
- .select()
- .from(olms)
- .where(eq(olms.userId, userId));
-
- if (userOlms.length === 0) {
- // No OLMs for this user, but we should still clean up any orphaned clients
- await cleanupOrphanedClients(userId, transaction);
- return;
- }
-
- // Get all user orgs with all roles (for org list and role-based logic)
- const userOrgRoleRows = await transaction
- .select()
- .from(userOrgs)
- .innerJoin(
- userOrgRoles,
- and(
- eq(userOrgs.userId, userOrgRoles.userId),
- eq(userOrgs.orgId, userOrgRoles.orgId)
- )
- )
- .innerJoin(roles, eq(userOrgRoles.roleId, roles.roleId))
- .where(eq(userOrgs.userId, userId));
-
- const userOrgIds = [
- ...new Set(userOrgRoleRows.map((r) => r.userOrgs.orgId))
- ];
- const orgIdToRoleRows = new Map<
- string,
- (typeof userOrgRoleRows)[0][]
- >();
- for (const r of userOrgRoleRows) {
- const list = orgIdToRoleRows.get(r.userOrgs.orgId) ?? [];
- list.push(r);
- orgIdToRoleRows.set(r.userOrgs.orgId, list);
- }
- const orgRequiresDeviceApprovalRole = new Map();
- for (const [orgId, roleRowsForOrg] of orgIdToRoleRows.entries()) {
- orgRequiresDeviceApprovalRole.set(
- orgId,
- roleRowsForOrg.some((r) => r.roles.requireDeviceApproval)
- );
- }
-
- // For each OLM, ensure there's a client in each org the user is in
- for (const olm of userOlms) {
- for (const orgId of orgIdToRoleRows.keys()) {
- const roleRowsForOrg = orgIdToRoleRows.get(orgId)!;
- const userOrg = roleRowsForOrg[0].userOrgs;
-
- const org = await getOrg(orgId);
-
- if (!org) {
- logger.warn(
- `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): org not found`
- );
- continue;
- }
-
- if (!org.subnet) {
- logger.warn(
- `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): org has no subnet configured`
- );
- continue;
- }
-
- // Get admin role for this org (needed for access grants)
- const adminRole = await getAdminRole(orgId);
-
- if (!adminRole) {
- logger.warn(
- `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): no admin role found`
- );
- continue;
- }
-
- // Check if a client already exists for this OLM+user+org combination
- const existingClient = await getExistingClient(
- orgId,
- olm.olmId
- );
-
- if (existingClient) {
- // Ensure admin role has access to the client
- const hasRoleAccess = await hasRoleClientAccess(
- adminRole.roleId,
- existingClient.clientId
- );
-
- if (!hasRoleAccess) {
- await transaction.insert(roleClients).values({
- roleId: adminRole.roleId,
- clientId: existingClient.clientId
- });
- roleClientAccessCache.set(
- getRoleClientKey(
- adminRole.roleId,
- existingClient.clientId
- ),
- true
- );
- logger.debug(
- `Granted admin role access to existing client ${existingClient.clientId} for OLM ${olm.olmId} in org ${orgId} (user ${userId})`
- );
- }
-
- // Ensure user has access to the client
- const hasUserAccess = await hasUserClientAccess(
- userId,
- existingClient.clientId
- );
-
- if (!hasUserAccess) {
- await transaction.insert(userClients).values({
- userId,
- clientId: existingClient.clientId
- });
- userClientAccessCache.set(
- getUserClientKey(userId, existingClient.clientId),
- true
- );
- logger.debug(
- `Granted user access to existing client ${existingClient.clientId} for OLM ${olm.olmId} in org ${orgId} (user ${userId})`
- );
- }
-
- logger.debug(
- `Client already exists for OLM ${olm.olmId} in org ${orgId} (user ${userId}), skipping creation`
- );
- continue;
- }
-
- // Get exit nodes for this org
- const exitNodesList = await getExitNodes(orgId);
-
- if (exitNodesList.length === 0) {
- logger.warn(
- `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): no exit nodes found`
- );
- continue;
- }
-
- const randomExitNode =
- exitNodesList[
- Math.floor(Math.random() * exitNodesList.length)
- ];
-
- // Get next available subnet
- const newSubnet = await getNextAvailableClientSubnet(
- orgId,
- transaction
- );
- if (!newSubnet) {
- logger.warn(
- `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): no available subnet found`
- );
- continue;
- }
-
- const subnet = newSubnet.split("/")[0];
- const updatedSubnet = `${subnet}/${org.subnet.split("/")[1]}`;
-
- const niceId = await getUniqueClientName(orgId);
-
- const isOrgLicensed = await getIsOrgLicensed(userOrg.orgId);
- const requireApproval =
- build !== "oss" &&
- isOrgLicensed &&
- orgRequiresDeviceApprovalRole.get(orgId) === true;
-
- const newClientData: InferInsertModel = {
- userId,
- orgId: userOrg.orgId,
- exitNodeId: randomExitNode.exitNodeId,
- name: olm.name || "User Client",
- subnet: updatedSubnet,
- olmId: olm.olmId,
- type: "olm",
- niceId,
- approvalState: requireApproval ? "pending" : null
- };
-
- // Create the client
- const [newClient] = await transaction
- .insert(clients)
- .values(newClientData)
- .returning();
- existingClientCache.set(
- getOrgOlmKey(orgId, olm.olmId),
- newClient
- );
-
- // create approval request
- if (requireApproval) {
- await transaction
- .insert(approvals)
- .values({
- timestamp: Math.floor(new Date().getTime() / 1000),
- orgId: userOrg.orgId,
- clientId: newClient.clientId,
- userId,
- type: "user_device"
- })
- .returning();
- }
-
- await rebuildClientAssociationsFromClient(
- newClient,
- transaction
- );
-
- // Grant admin role access to the client
- await transaction.insert(roleClients).values({
- roleId: adminRole.roleId,
- clientId: newClient.clientId
- });
- roleClientAccessCache.set(
- getRoleClientKey(adminRole.roleId, newClient.clientId),
- true
- );
-
- // Grant user access to the client
- await transaction.insert(userClients).values({
- userId,
- clientId: newClient.clientId
- });
- userClientAccessCache.set(
- getUserClientKey(userId, newClient.clientId),
- true
- );
-
- logger.debug(
- `Created client for OLM ${olm.olmId} in org ${orgId} (user ${userId}) with access granted to admin role and user`
- );
- }
- }
-
- // Clean up clients in orgs the user is no longer in
- await cleanupOrphanedClients(userId, transaction, userOrgIds);
- };
-
- if (trx) {
- // Use provided transaction
- await execute(trx);
- } else {
- // Create new transaction
- await db.transaction(async (transaction) => {
- await execute(transaction);
});
}
+
+ logger.debug(
+ `Queued association rebuild completed for ${uniqueClientsById.size} client(s) (user ${userId})`
+ );
+}
+
+export async function calculateUserClientsForOrgs(
+ userId: string
+): Promise {
+ const trx = primaryDb;
+
+ const queuedAssociationRebuilds: ClientRow[] = [];
+ const orgCache = new Map();
+ const adminRoleCache = new Map();
+ const exitNodesCache = new Map<
+ string,
+ Awaited>
+ >();
+ const isOrgLicensedCache = new Map();
+ const existingClientCache = new Map<
+ string,
+ typeof clients.$inferSelect | null
+ >();
+ const roleClientAccessCache = new Map();
+ const userClientAccessCache = new Map();
+
+ const getOrgOlmKey = (orgId: string, olmId: string) => `${orgId}:${olmId}`;
+ const getRoleClientKey = (roleId: number, clientId: number) =>
+ `${roleId}:${clientId}`;
+ const getUserClientKey = (cachedUserId: string, clientId: number) =>
+ `${cachedUserId}:${clientId}`;
+
+ const getOrg = async (orgId: string) => {
+ if (orgCache.has(orgId)) {
+ return orgCache.get(orgId) ?? null;
+ }
+
+ const [org] = await trx
+ .select()
+ .from(orgs)
+ .where(eq(orgs.orgId, orgId));
+ orgCache.set(orgId, org ?? null);
+
+ return org ?? null;
+ };
+
+ const getAdminRole = async (orgId: string) => {
+ if (adminRoleCache.has(orgId)) {
+ return adminRoleCache.get(orgId) ?? null;
+ }
+
+ const [adminRole] = await trx
+ .select()
+ .from(roles)
+ .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+ .limit(1);
+ adminRoleCache.set(orgId, adminRole ?? null);
+
+ return adminRole ?? null;
+ };
+
+ const getExitNodes = async (orgId: string) => {
+ if (exitNodesCache.has(orgId)) {
+ return exitNodesCache.get(orgId)!;
+ }
+
+ const exitNodes = await listExitNodes(orgId);
+ exitNodesCache.set(orgId, exitNodes);
+
+ return exitNodes;
+ };
+
+ const getIsOrgLicensed = async (orgId: string) => {
+ if (isOrgLicensedCache.has(orgId)) {
+ return isOrgLicensedCache.get(orgId)!;
+ }
+
+ const isOrgLicensed = await isLicensedOrSubscribed(
+ orgId,
+ tierMatrix.deviceApprovals
+ );
+ isOrgLicensedCache.set(orgId, isOrgLicensed);
+
+ return isOrgLicensed;
+ };
+
+ const getExistingClient = async (orgId: string, olmId: string) => {
+ const key = getOrgOlmKey(orgId, olmId);
+ if (existingClientCache.has(key)) {
+ return existingClientCache.get(key) ?? null;
+ }
+
+ const [existingClient] = await trx
+ .select()
+ .from(clients)
+ .where(
+ and(
+ eq(clients.userId, userId),
+ eq(clients.orgId, orgId),
+ eq(clients.olmId, olmId)
+ )
+ )
+ .limit(1);
+
+ existingClientCache.set(key, existingClient ?? null);
+
+ return existingClient ?? null;
+ };
+
+ const hasRoleClientAccess = async (roleId: number, clientId: number) => {
+ const key = getRoleClientKey(roleId, clientId);
+ if (roleClientAccessCache.has(key)) {
+ return roleClientAccessCache.get(key)!;
+ }
+
+ const [existingRoleClient] = await trx
+ .select()
+ .from(roleClients)
+ .where(
+ and(
+ eq(roleClients.roleId, roleId),
+ eq(roleClients.clientId, clientId)
+ )
+ )
+ .limit(1);
+
+ const hasAccess = Boolean(existingRoleClient);
+ roleClientAccessCache.set(key, hasAccess);
+
+ return hasAccess;
+ };
+
+ const hasUserClientAccess = async (
+ cachedUserId: string,
+ clientId: number
+ ) => {
+ const key = getUserClientKey(cachedUserId, clientId);
+ if (userClientAccessCache.has(key)) {
+ return userClientAccessCache.get(key)!;
+ }
+
+ const [existingUserClient] = await trx
+ .select()
+ .from(userClients)
+ .where(
+ and(
+ eq(userClients.userId, cachedUserId),
+ eq(userClients.clientId, clientId)
+ )
+ )
+ .limit(1);
+
+ const hasAccess = Boolean(existingUserClient);
+ userClientAccessCache.set(key, hasAccess);
+
+ return hasAccess;
+ };
+
+ // Get all OLMs for this user
+ const userOlms = await trx
+ .select()
+ .from(olms)
+ .where(eq(olms.userId, userId));
+
+ if (userOlms.length === 0) {
+ // No OLMs for this user, but we should still clean up any orphaned clients
+ await cleanupOrphanedClients(
+ userId,
+ trx,
+ [],
+ queuedAssociationRebuilds
+ );
+ return;
+ }
+
+ // Get all user orgs with all roles (for org list and role-based logic)
+ const userOrgRoleRows = await trx
+ .select()
+ .from(userOrgs)
+ .innerJoin(
+ userOrgRoles,
+ and(
+ eq(userOrgs.userId, userOrgRoles.userId),
+ eq(userOrgs.orgId, userOrgRoles.orgId)
+ )
+ )
+ .innerJoin(roles, eq(userOrgRoles.roleId, roles.roleId))
+ .where(eq(userOrgs.userId, userId));
+
+ const userOrgIds = [
+ ...new Set(userOrgRoleRows.map((r) => r.userOrgs.orgId))
+ ];
+ const orgIdToRoleRows = new Map();
+ for (const r of userOrgRoleRows) {
+ const list = orgIdToRoleRows.get(r.userOrgs.orgId) ?? [];
+ list.push(r);
+ orgIdToRoleRows.set(r.userOrgs.orgId, list);
+ }
+ const orgRequiresDeviceApprovalRole = new Map();
+ for (const [orgId, roleRowsForOrg] of orgIdToRoleRows.entries()) {
+ orgRequiresDeviceApprovalRole.set(
+ orgId,
+ roleRowsForOrg.some((r) => r.roles.requireDeviceApproval)
+ );
+ }
+
+ // For each OLM, ensure there's a client in each org the user is in
+ for (const olm of userOlms) {
+ for (const orgId of orgIdToRoleRows.keys()) {
+ const roleRowsForOrg = orgIdToRoleRows.get(orgId)!;
+ const userOrg = roleRowsForOrg[0].userOrgs;
+
+ const org = await getOrg(orgId);
+
+ if (!org) {
+ logger.warn(
+ `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): org not found`
+ );
+ continue;
+ }
+
+ if (!org.subnet) {
+ logger.warn(
+ `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): org has no subnet configured`
+ );
+ continue;
+ }
+
+ // Get admin role for this org (needed for access grants)
+ const adminRole = await getAdminRole(orgId);
+
+ if (!adminRole) {
+ logger.warn(
+ `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): no admin role found`
+ );
+ continue;
+ }
+
+ // Check if a client already exists for this OLM+user+org combination
+ const existingClient = await getExistingClient(orgId, olm.olmId);
+
+ if (existingClient) {
+ // Ensure admin role has access to the client
+ const hasRoleAccess = await hasRoleClientAccess(
+ adminRole.roleId,
+ existingClient.clientId
+ );
+
+ if (!hasRoleAccess) {
+ await trx.insert(roleClients).values({
+ roleId: adminRole.roleId,
+ clientId: existingClient.clientId
+ });
+ roleClientAccessCache.set(
+ getRoleClientKey(
+ adminRole.roleId,
+ existingClient.clientId
+ ),
+ true
+ );
+ logger.debug(
+ `Granted admin role access to existing client ${existingClient.clientId} for OLM ${olm.olmId} in org ${orgId} (user ${userId})`
+ );
+ }
+
+ // Ensure user has access to the client
+ const hasUserAccess = await hasUserClientAccess(
+ userId,
+ existingClient.clientId
+ );
+
+ if (!hasUserAccess) {
+ await trx.insert(userClients).values({
+ userId,
+ clientId: existingClient.clientId
+ });
+ userClientAccessCache.set(
+ getUserClientKey(userId, existingClient.clientId),
+ true
+ );
+ logger.debug(
+ `Granted user access to existing client ${existingClient.clientId} for OLM ${olm.olmId} in org ${orgId} (user ${userId})`
+ );
+ }
+
+ logger.debug(
+ `Client already exists for OLM ${olm.olmId} in org ${orgId} (user ${userId}), skipping creation`
+ );
+ continue;
+ }
+
+ // Get exit nodes for this org
+ const exitNodesList = await getExitNodes(orgId);
+
+ if (exitNodesList.length === 0) {
+ logger.warn(
+ `Skipping org ${orgId} for OLM ${olm.olmId} (user ${userId}): no exit nodes found`
+ );
+ continue;
+ }
+
+ const randomExitNode =
+ exitNodesList[Math.floor(Math.random() * exitNodesList.length)];
+
+ // Get next available subnet
+ const { value: newSubnet, release: releaseSubnetLock } =
+ await getNextAvailableClientSubnet(orgId, trx);
+
+ const subnet = newSubnet.split("/")[0];
+ const updatedSubnet = `${subnet}/${org.subnet.split("/")[1]}`;
+
+ const niceId = await getUniqueClientName(orgId);
+
+ const isOrgLicensed = await getIsOrgLicensed(userOrg.orgId);
+ const requireApproval =
+ build !== "oss" &&
+ isOrgLicensed &&
+ orgRequiresDeviceApprovalRole.get(orgId) === true;
+
+ const newClientData: InferInsertModel = {
+ userId,
+ orgId: userOrg.orgId,
+ exitNodeId: randomExitNode.exitNodeId,
+ name: olm.name || "User Client",
+ subnet: updatedSubnet,
+ olmId: olm.olmId,
+ type: "olm",
+ niceId,
+ approvalState: requireApproval ? "pending" : null
+ };
+
+ // Create the client
+ const [newClient] = await trx
+ .insert(clients)
+ .values(newClientData)
+ .returning();
+ await releaseSubnetLock();
+ existingClientCache.set(getOrgOlmKey(orgId, olm.olmId), newClient);
+
+ // create approval request
+ if (requireApproval) {
+ await trx
+ .insert(approvals)
+ .values({
+ timestamp: Math.floor(new Date().getTime() / 1000),
+ orgId: userOrg.orgId,
+ clientId: newClient.clientId,
+ userId,
+ type: "user_device"
+ })
+ .returning();
+ }
+
+ queuedAssociationRebuilds.push(newClient);
+
+ // Grant admin role access to the client
+ await trx.insert(roleClients).values({
+ roleId: adminRole.roleId,
+ clientId: newClient.clientId
+ });
+ roleClientAccessCache.set(
+ getRoleClientKey(adminRole.roleId, newClient.clientId),
+ true
+ );
+
+ // Grant user access to the client
+ await trx.insert(userClients).values({
+ userId,
+ clientId: newClient.clientId
+ });
+ userClientAccessCache.set(
+ getUserClientKey(userId, newClient.clientId),
+ true
+ );
+
+ logger.debug(
+ `Created client for OLM ${olm.olmId} in org ${orgId} (user ${userId}) with access granted to admin role and user`
+ );
+ }
+ }
+
+ // Clean up clients in orgs the user is no longer in
+ await cleanupOrphanedClients(
+ userId,
+ trx,
+ userOrgIds,
+ queuedAssociationRebuilds
+ );
+
+ runQueuedClientAssociationRebuilds(userId, queuedAssociationRebuilds);
}
async function cleanupOrphanedClients(
userId: string,
trx: Transaction | typeof db,
- userOrgIds: string[] = []
+ userOrgIds: string[] = [],
+ queuedAssociationRebuilds: ClientRow[] = []
): Promise {
// Find all OLM clients for this user that should be deleted
// If userOrgIds is empty, delete all OLM clients (user has no orgs)
@@ -468,9 +474,9 @@ async function cleanupOrphanedClients(
)
.returning();
- // Rebuild associations for each deleted client to clean up related data
+ // Queue deleted clients for post-trx association cleanup.
for (const deletedClient of deletedClients) {
- await rebuildClientAssociationsFromClient(deletedClient, trx);
+ queuedAssociationRebuilds.push(deletedClient);
if (deletedClient.olmId) {
await sendTerminateClient(
diff --git a/server/lib/consts.ts b/server/lib/consts.ts
index e33ea52b9..57a4836b8 100644
--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
import { fileURLToPath } from "url";
// This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.18.4";
+export const APP_VERSION = "1.20.0";
export const __FILENAME = fileURLToPath(import.meta.url);
export const __DIRNAME = path.dirname(__FILENAME);
diff --git a/server/lib/dbRetry.ts b/server/lib/dbRetry.ts
new file mode 100644
index 000000000..7f8d1eea8
--- /dev/null
+++ b/server/lib/dbRetry.ts
@@ -0,0 +1,83 @@
+import logger from "@server/logger";
+
+const MAX_RETRIES = 5;
+const BASE_DELAY_MS = 50;
+
+/**
+ * Detect transient errors that are safe to retry (connection drops, deadlocks,
+ * serialization failures). PostgreSQL deadlocks (40P01) are always safe to
+ * retry: the database guarantees exactly one winner per deadlock pair, so the
+ * loser just needs to try again.
+ */
+export function isTransientError(error: any): boolean {
+ if (!error) return false;
+
+ const message = (error.message || "").toLowerCase();
+ const causeMessage = (error.cause?.message || "").toLowerCase();
+ const code = error.code || error.cause?.code || "";
+
+ // Connection timeout / terminated
+ if (
+ message.includes("connection timeout") ||
+ message.includes("connection terminated") ||
+ message.includes("timeout exceeded when trying to connect") ||
+ causeMessage.includes("connection terminated unexpectedly") ||
+ causeMessage.includes("connection timeout")
+ ) {
+ return true;
+ }
+
+ // PostgreSQL deadlock detected - always safe to retry (one winner guaranteed)
+ if (code === "40P01" || message.includes("deadlock")) {
+ return true;
+ }
+
+ // PostgreSQL serialization failure
+ if (code === "40001") {
+ return true;
+ }
+
+ // ECONNRESET, ECONNREFUSED, EPIPE, ETIMEDOUT
+ if (
+ code === "ECONNRESET" ||
+ code === "ECONNREFUSED" ||
+ code === "EPIPE" ||
+ code === "ETIMEDOUT"
+ ) {
+ return true;
+ }
+
+ return false;
+}
+
+/**
+ * Simple retry wrapper with exponential backoff for transient errors
+ * (deadlocks, connection timeouts, unexpected disconnects).
+ */
+export async function withRetry(
+ operation: () => Promise,
+ context: string,
+ maxRetries: number = MAX_RETRIES,
+ baseDelayMs: number = BASE_DELAY_MS
+): Promise {
+ let attempt = 0;
+ while (true) {
+ try {
+ return await operation();
+ } catch (error: any) {
+ if (isTransientError(error) && attempt < maxRetries) {
+ attempt++;
+ const baseDelay = Math.pow(2, attempt - 1) * baseDelayMs;
+ const jitter = Math.random() * baseDelay;
+ const delay = baseDelay + jitter;
+ logger.warn(
+ `Transient DB error in ${context}, retrying attempt ${attempt}/${maxRetries} after ${delay.toFixed(0)}ms`,
+ { code: error?.code ?? error?.cause?.code }
+ );
+ await new Promise((resolve) => setTimeout(resolve, delay));
+ continue;
+ }
+ throw error;
+ }
+ }
+}
diff --git a/server/lib/deleteOrg.ts b/server/lib/deleteOrg.ts
index 065f216a1..20c8a3e23 100644
--- a/server/lib/deleteOrg.ts
+++ b/server/lib/deleteOrg.ts
@@ -24,7 +24,7 @@ import { deletePeer } from "@server/routers/gerbil/peers";
import { OlmErrorCodes } from "@server/routers/olm/error";
import { sendTerminateClient } from "@server/routers/client/terminate";
import { usageService } from "./billing/usageService";
-import { FeatureId } from "./billing";
+import { LimitId } from "./billing";
export type DeleteOrgByIdResult = {
deletedNewtIds: string[];
@@ -140,7 +140,9 @@ export async function deleteOrgById(
.select({ count: count() })
.from(orgDomains)
.where(eq(orgDomains.domainId, domainId));
- logger.info(`Found ${orgCount.count} orgs using domain ${domainId}`);
+ logger.info(
+ `Found ${orgCount.count} orgs using domain ${domainId}`
+ );
if (orgCount.count === 1) {
domainIdsToDelete.push(domainId);
}
@@ -152,7 +154,7 @@ export async function deleteOrgById(
.where(inArray(domains.domainId, domainIdsToDelete));
}
- await usageService.add(orgId, FeatureId.ORGINIZATIONS, -1, trx); // here we are decreasing the org count BEFORE deleting the org because we need to still be able to get the org to get the billing org inside of here
+ await usageService.add(orgId, LimitId.ORGANIZATIONS, -1, trx); // here we are decreasing the org count BEFORE deleting the org because we need to still be able to get the org to get the billing org inside of here
await trx.delete(orgs).where(eq(orgs.orgId, orgId));
@@ -199,22 +201,22 @@ export async function deleteOrgById(
if (org.billingOrgId) {
usageService.updateCount(
org.billingOrgId,
- FeatureId.DOMAINS,
+ LimitId.DOMAINS,
domainCount ?? 0
);
usageService.updateCount(
org.billingOrgId,
- FeatureId.SITES,
+ LimitId.SITES,
siteCount ?? 0
);
usageService.updateCount(
org.billingOrgId,
- FeatureId.USERS,
+ LimitId.USERS,
userCount ?? 0
);
usageService.updateCount(
org.billingOrgId,
- FeatureId.REMOTE_EXIT_NODES,
+ LimitId.REMOTE_EXIT_NODES,
remoteExitNodeCount ?? 0
);
}
diff --git a/server/lib/deleteResource.ts b/server/lib/deleteResource.ts
new file mode 100644
index 000000000..b2ffa0f0f
--- /dev/null
+++ b/server/lib/deleteResource.ts
@@ -0,0 +1,144 @@
+import { eq, inArray } from "drizzle-orm";
+import {
+ db,
+ newts,
+ resourcePolicies,
+ resources,
+ sites,
+ targetHealthCheck,
+ targets,
+ type Resource,
+ type Target,
+ type TargetHealthCheck,
+ type Transaction
+} from "@server/db";
+import logger from "@server/logger";
+import { removeTargets } from "@server/routers/newt/targets";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export type DeleteResourceResult = {
+ deletedResource: Resource;
+ targetsToBeRemoved: Target[];
+ healthChecksToBeRemoved: TargetHealthCheck[];
+};
+
+export async function performDeleteResources(
+ resourceIds: number[],
+ trx: Transaction | typeof db = db
+): Promise {
+ if (resourceIds.length === 0) {
+ return [];
+ }
+
+ const targetsToBeRemoved = await trx
+ .select()
+ .from(targets)
+ .where(inArray(targets.resourceId, resourceIds));
+
+ const targetIds = targetsToBeRemoved.map((t) => t.targetId);
+ const healthChecksToBeRemoved =
+ targetIds.length > 0
+ ? await trx
+ .select()
+ .from(targetHealthCheck)
+ .where(inArray(targetHealthCheck.targetId, targetIds))
+ : [];
+
+ const deletedResources = await trx
+ .delete(resources)
+ .where(inArray(resources.resourceId, resourceIds))
+ .returning();
+
+ const policyIds = deletedResources
+ .map((resource) => resource.defaultResourcePolicyId)
+ .filter((id): id is number => id != null);
+
+ if (policyIds.length > 0) {
+ await trx
+ .delete(resourcePolicies)
+ .where(inArray(resourcePolicies.resourcePolicyId, policyIds));
+ }
+
+ if (deletedResources.length > 0) {
+ logger.debug(`Deleted ${deletedResources.length} resources`);
+ }
+
+ const targetsByResourceId = new Map();
+ for (const target of targetsToBeRemoved) {
+ const existing = targetsByResourceId.get(target.resourceId) ?? [];
+ existing.push(target);
+ targetsByResourceId.set(target.resourceId, existing);
+ }
+
+ const targetIdToResourceId = new Map(
+ targetsToBeRemoved.map((target) => [target.targetId, target.resourceId])
+ );
+
+ const healthChecksByResourceId = new Map();
+ for (const healthCheck of healthChecksToBeRemoved) {
+ const resourceId = targetIdToResourceId.get(healthCheck.targetId!);
+ if (resourceId == null) {
+ continue;
+ }
+ const existing = healthChecksByResourceId.get(resourceId) ?? [];
+ existing.push(healthCheck);
+ healthChecksByResourceId.set(resourceId, existing);
+ }
+
+ return deletedResources.map((deletedResource) => ({
+ deletedResource,
+ targetsToBeRemoved:
+ targetsByResourceId.get(deletedResource.resourceId) ?? [],
+ healthChecksToBeRemoved:
+ healthChecksByResourceId.get(deletedResource.resourceId) ?? []
+ }));
+}
+
+export async function performDeleteResource(
+ resourceId: number,
+ trx: Transaction | typeof db = db
+): Promise {
+ const [result] = await performDeleteResources([resourceId], trx);
+ return result ?? null;
+}
+
+export async function runResourceDeleteSideEffects(
+ result: DeleteResourceResult
+): Promise {
+ const { deletedResource, targetsToBeRemoved, healthChecksToBeRemoved } =
+ result;
+
+ for (const target of targetsToBeRemoved) {
+ const [site] = await db
+ .select()
+ .from(sites)
+ .where(eq(sites.siteId, target.siteId))
+ .limit(1);
+
+ if (!site) {
+ throw createHttpError(
+ HttpCode.NOT_FOUND,
+ `Site with ID ${target.siteId} not found`
+ );
+ }
+
+ if (site.pubKey && site.type === "newt") {
+ const [newt] = await db
+ .select()
+ .from(newts)
+ .where(eq(newts.siteId, site.siteId))
+ .limit(1);
+
+ if (newt) {
+ await removeTargets(
+ newt.newtId,
+ [],
+ healthChecksToBeRemoved,
+ deletedResource.mode === "udp" ? "udp" : "tcp",
+ newt.version
+ );
+ }
+ }
+ }
+}
diff --git a/server/lib/deleteSiteAssociatedResources.ts b/server/lib/deleteSiteAssociatedResources.ts
new file mode 100644
index 000000000..61da82f58
--- /dev/null
+++ b/server/lib/deleteSiteAssociatedResources.ts
@@ -0,0 +1,126 @@
+import { and, eq, sql } from "drizzle-orm";
+import {
+ db,
+ siteNetworks,
+ siteResources,
+ targets,
+ type SiteResource,
+ type Transaction
+} from "@server/db";
+import {
+ performDeleteResources,
+ runResourceDeleteSideEffects,
+ type DeleteResourceResult
+} from "@server/lib/deleteResource";
+import {
+ performDeleteSiteResources,
+ runSiteResourceDeleteSideEffects
+} from "@server/lib/deleteSiteResource";
+import logger from "@server/logger";
+
+export const MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE = 250;
+
+export type DeleteSiteAssociatedResourcesSideEffects = {
+ resources: DeleteResourceResult[];
+ siteResources: SiteResource[];
+};
+
+export async function getResourceIdsForSite(
+ siteId: number,
+ trx: Transaction | typeof db = db
+): Promise {
+ const rows = await trx
+ .selectDistinct({ resourceId: targets.resourceId })
+ .from(targets)
+ .where(eq(targets.siteId, siteId));
+
+ return rows.map((row) => row.resourceId);
+}
+
+export async function getSiteResourceIdsForSite(
+ siteId: number,
+ orgId: string,
+ trx: Transaction | typeof db = db
+): Promise {
+ const rows = await trx
+ .selectDistinct({ siteResourceId: siteResources.siteResourceId })
+ .from(siteNetworks)
+ .innerJoin(
+ siteResources,
+ eq(siteResources.networkId, siteNetworks.networkId)
+ )
+ .where(
+ and(eq(siteNetworks.siteId, siteId), eq(siteResources.orgId, orgId))
+ );
+
+ return rows.map((row) => row.siteResourceId);
+}
+
+export async function getAssociatedResourceCountForSite(
+ siteId: number,
+ orgId: string,
+ trx: Transaction | typeof db = db
+): Promise {
+ const [publicCountResult, privateCountResult] = await Promise.all([
+ trx
+ .select({
+ count: sql`count(distinct ${targets.resourceId})`
+ })
+ .from(targets)
+ .where(eq(targets.siteId, siteId)),
+ trx
+ .select({
+ count: sql`count(distinct ${siteResources.siteResourceId})`
+ })
+ .from(siteNetworks)
+ .innerJoin(
+ siteResources,
+ eq(siteResources.networkId, siteNetworks.networkId)
+ )
+ .where(
+ and(
+ eq(siteNetworks.siteId, siteId),
+ eq(siteResources.orgId, orgId)
+ )
+ )
+ ]);
+
+ return (
+ Number(publicCountResult[0]?.count ?? 0) +
+ Number(privateCountResult[0]?.count ?? 0)
+ );
+}
+
+export function exceedsSiteAssociatedResourceDeleteLimit(
+ resourceCount: number
+): boolean {
+ return resourceCount > MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE;
+}
+
+export async function deleteAssociatedResourcesForSite(
+ siteId: number,
+ orgId: string,
+ trx: Transaction | typeof db = db
+): Promise {
+ const resourceIds = await getResourceIdsForSite(siteId, trx);
+ const siteResourceIds = await getSiteResourceIdsForSite(siteId, orgId, trx);
+
+ const [resources, siteResourcesDeleted] = await Promise.all([
+ performDeleteResources(resourceIds, trx),
+ performDeleteSiteResources(siteResourceIds, trx)
+ ]);
+
+ return { resources, siteResources: siteResourcesDeleted };
+}
+
+export async function runDeleteSiteAssociatedResourcesSideEffects(
+ sideEffects: DeleteSiteAssociatedResourcesSideEffects
+): Promise {
+ for (const result of sideEffects.resources) {
+ await runResourceDeleteSideEffects(result);
+ }
+
+ for (const removed of sideEffects.siteResources) {
+ runSiteResourceDeleteSideEffects(removed);
+ }
+}
diff --git a/server/lib/deleteSiteResource.ts b/server/lib/deleteSiteResource.ts
new file mode 100644
index 000000000..9db5bd902
--- /dev/null
+++ b/server/lib/deleteSiteResource.ts
@@ -0,0 +1,53 @@
+import { inArray } from "drizzle-orm";
+import {
+ db,
+ siteResources,
+ type SiteResource,
+ type Transaction
+} from "@server/db";
+import logger from "@server/logger";
+import { rebuildClientAssociationsFromSiteResource } from "@server/lib/rebuildClientAssociations";
+
+export async function performDeleteSiteResources(
+ siteResourceIds: number[],
+ trx: Transaction | typeof db = db
+): Promise {
+ if (siteResourceIds.length === 0) {
+ return [];
+ }
+
+ const removedSiteResources = await trx
+ .delete(siteResources)
+ .where(inArray(siteResources.siteResourceId, siteResourceIds))
+ .returning();
+
+ if (removedSiteResources.length > 0) {
+ logger.debug(`Deleted ${removedSiteResources.length} site resources`);
+ }
+
+ return removedSiteResources;
+}
+
+export async function performDeleteSiteResource(
+ siteResourceId: number,
+ trx: Transaction | typeof db = db
+): Promise {
+ const [removedSiteResource] = await performDeleteSiteResources(
+ [siteResourceId],
+ trx
+ );
+ return removedSiteResource ?? null;
+}
+
+export function runSiteResourceDeleteSideEffects(
+ removedSiteResource: SiteResource
+): void {
+ rebuildClientAssociationsFromSiteResource(removedSiteResource).catch(
+ (err) => {
+ logger.error(
+ `Error rebuilding client associations for site resource ${removedSiteResource.siteResourceId}:`,
+ err
+ );
+ }
+ );
+}
diff --git a/server/lib/exitNodes/exitNodes.ts b/server/lib/exitNodes/exitNodes.ts
index fb32f4f72..f405a1114 100644
--- a/server/lib/exitNodes/exitNodes.ts
+++ b/server/lib/exitNodes/exitNodes.ts
@@ -19,7 +19,11 @@ export async function verifyExitNodeOrgAccess(
export async function listExitNodes(
orgId: string,
filterOnline = false,
- noCloud = false
+ noCloud = false,
+ // Accepted for parity with the enterprise implementation (used there for
+ // site-label filtering of remote exit nodes). The OSS build has no remote
+ // exit nodes, so it is unused here.
+ siteId?: number
) {
// TODO: pick which nodes to send and ping better than just all of them that are not remote
const allExitNodes = await db
diff --git a/server/lib/exitNodes/subnet.ts b/server/lib/exitNodes/subnet.ts
index 49e28bd57..8c4f3e99e 100644
--- a/server/lib/exitNodes/subnet.ts
+++ b/server/lib/exitNodes/subnet.ts
@@ -1,30 +1,55 @@
-import { db, exitNodes } from "@server/db";
+import { db, exitNodes, Transaction } from "@server/db";
import config from "@server/lib/config";
import { findNextAvailableCidr } from "@server/lib/ip";
+import { lockManager } from "#dynamic/lib/lock";
-export async function getNextAvailableSubnet(): Promise {
- // Get all existing subnets from routes table
- const existingAddresses = await db
- .select({
- address: exitNodes.address
- })
- .from(exitNodes);
-
- const addresses = existingAddresses.map((a) => a.address);
- let subnet = findNextAvailableCidr(
- addresses,
- config.getRawConfig().gerbil.block_size,
- config.getRawConfig().gerbil.subnet_group
- );
- if (!subnet) {
- throw new Error("No available subnets remaining in space");
+/**
+ * Reserves the next available exit node subnet.
+ *
+ * Exit node subnets must never overlap with one another - regardless of
+ * which org(s) they belong to - since HA exit nodes can end up routing for
+ * the same org. This acquires a lock that the caller MUST release (via the
+ * returned `release`) only after the chosen address has been durably
+ * persisted (e.g. after the enclosing transaction commits), otherwise
+ * concurrent callers can race and pick the same subnet.
+ */
+export async function getNextAvailableSubnet(
+ trx: Transaction | typeof db = db
+): Promise<{ value: string; release: () => Promise }> {
+ const lockKey = "exit-node-subnet-allocation";
+ const acquired = await lockManager.acquireLockWithRetry(lockKey, 6000);
+ if (!acquired) {
+ throw new Error(`Failed to acquire lock: ${lockKey}`);
}
+ const release = () => lockManager.releaseLock(lockKey, acquired);
- // replace the last octet with 1
- subnet =
- subnet.split(".").slice(0, 3).join(".") +
- ".1" +
- "/" +
- subnet.split("/")[1];
- return subnet;
+ try {
+ // Get all existing subnets from routes table
+ const existingAddresses = await trx
+ .select({
+ address: exitNodes.address
+ })
+ .from(exitNodes);
+
+ const addresses = existingAddresses.map((a) => a.address);
+ let subnet = findNextAvailableCidr(
+ addresses,
+ config.getRawConfig().gerbil.block_size,
+ config.getRawConfig().gerbil.subnet_group
+ );
+ if (!subnet) {
+ throw new Error("No available subnets remaining in space");
+ }
+
+ // replace the last octet with 1
+ subnet =
+ subnet.split(".").slice(0, 3).join(".") +
+ ".1" +
+ "/" +
+ subnet.split("/")[1];
+ return { value: subnet, release };
+ } catch (e) {
+ await release();
+ throw e;
+ }
}
diff --git a/server/lib/ip.ts b/server/lib/ip.ts
index 170b63ad4..56576282a 100644
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -327,127 +327,145 @@ export function doCidrsOverlap(cidr1: string, cidr2: string): boolean {
export async function getNextAvailableClientSubnet(
orgId: string,
transaction: Transaction | typeof db = db
-): Promise {
- return await lockManager.withLock(
- `client-subnet-allocation:${orgId}`,
- async () => {
- const [org] = await transaction
- .select()
- .from(orgs)
- .where(eq(orgs.orgId, orgId));
+): Promise<{ value: string; release: () => Promise }> {
+ const lockKey = `client-subnet-allocation:${orgId}`;
+ const acquired = await lockManager.acquireLockWithRetry(lockKey, 6000);
+ if (!acquired) {
+ throw new Error(`Failed to acquire lock: ${lockKey}`);
+ }
+ const release = () => lockManager.releaseLock(lockKey, acquired);
- if (!org) {
- throw new Error(`Organization with ID ${orgId} not found`);
- }
+ try {
+ const [org] = await transaction
+ .select()
+ .from(orgs)
+ .where(eq(orgs.orgId, orgId));
- if (!org.subnet) {
- throw new Error(
- `Organization with ID ${orgId} has no subnet defined`
- );
- }
-
- const existingAddressesSites = await transaction
- .select({
- address: sites.address
- })
- .from(sites)
- .where(and(isNotNull(sites.address), eq(sites.orgId, orgId)));
-
- const existingAddressesClients = await transaction
- .select({
- address: clients.subnet
- })
- .from(clients)
- .where(
- and(isNotNull(clients.subnet), eq(clients.orgId, orgId))
- );
-
- const addresses = [
- ...existingAddressesSites.map(
- (site) => `${site.address?.split("/")[0]}/32`
- ), // we are overriding the 32 so that we pick individual addresses in the subnet of the org for the site and the client even though they are stored with the /block_size of the org
- ...existingAddressesClients.map(
- (client) => `${client.address.split("/")}/32`
- )
- ].filter((address) => address !== null) as string[];
-
- const subnet = findNextAvailableCidr(addresses, 32, org.subnet); // pick the sites address in the org
- if (!subnet) {
- throw new Error("No available subnets remaining in space");
- }
-
- return subnet;
+ if (!org) {
+ throw new Error(`Organization with ID ${orgId} not found`);
}
- );
+
+ if (!org.subnet) {
+ throw new Error(
+ `Organization with ID ${orgId} has no subnet defined`
+ );
+ }
+
+ const existingAddressesSites = await transaction
+ .select({
+ address: sites.address
+ })
+ .from(sites)
+ .where(and(isNotNull(sites.address), eq(sites.orgId, orgId)));
+
+ const existingAddressesClients = await transaction
+ .select({
+ address: clients.subnet
+ })
+ .from(clients)
+ .where(and(isNotNull(clients.subnet), eq(clients.orgId, orgId)));
+
+ const addresses = [
+ ...existingAddressesSites.map(
+ (site) => `${site.address?.split("/")[0]}/32`
+ ), // we are overriding the 32 so that we pick individual addresses in the subnet of the org for the site and the client even though they are stored with the /block_size of the org
+ ...existingAddressesClients.map(
+ (client) => `${client.address.split("/")[0]}/32`
+ )
+ ].filter((address) => address !== null) as string[];
+
+ const subnet = findNextAvailableCidr(addresses, 32, org.subnet); // pick the sites address in the org
+ if (!subnet) {
+ throw new Error("No available subnets remaining in space");
+ }
+
+ return { value: subnet, release };
+ } catch (e) {
+ await release();
+ throw e;
+ }
}
export async function getNextAvailableAliasAddress(
orgId: string,
trx: Transaction | typeof db = db
-): Promise {
- return await lockManager.withLock(
- `alias-address-allocation:${orgId}`,
- async () => {
- const [org] = await trx
- .select()
- .from(orgs)
- .where(eq(orgs.orgId, orgId));
+): Promise<{ value: string; release: () => Promise }> {
+ const lockKey = `alias-address-allocation:${orgId}`;
+ const acquired = await lockManager.acquireLockWithRetry(lockKey, 6000);
+ if (!acquired) {
+ throw new Error(`Failed to acquire lock: ${lockKey}`);
+ }
+ const release = () => lockManager.releaseLock(lockKey, acquired);
- if (!org) {
- throw new Error(`Organization with ID ${orgId} not found`);
- }
+ try {
+ const [org] = await trx
+ .select()
+ .from(orgs)
+ .where(eq(orgs.orgId, orgId));
- if (!org.subnet) {
- throw new Error(
- `Organization with ID ${orgId} has no subnet defined`
- );
- }
-
- if (!org.utilitySubnet) {
- throw new Error(
- `Organization with ID ${orgId} has no utility subnet defined`
- );
- }
-
- const existingAddresses = await trx
- .select({
- aliasAddress: siteResources.aliasAddress
- })
- .from(siteResources)
- .where(
- and(
- isNotNull(siteResources.aliasAddress),
- eq(siteResources.orgId, orgId)
- )
- );
-
- const addresses = [
- ...existingAddresses.map(
- (site) => `${site.aliasAddress?.split("/")[0]}/32`
- ),
- // reserve a /29 for the dns server and other stuff
- `${org.utilitySubnet.split("/")[0]}/29`
- ].filter((address) => address !== null) as string[];
-
- let subnet = findNextAvailableCidr(
- addresses,
- 32,
- org.utilitySubnet
- );
- if (!subnet) {
- throw new Error("No available subnets remaining in space");
- }
-
- // remove the cidr
- subnet = subnet.split("/")[0];
-
- return subnet;
+ if (!org) {
+ throw new Error(`Organization with ID ${orgId} not found`);
}
- );
+
+ if (!org.subnet) {
+ throw new Error(
+ `Organization with ID ${orgId} has no subnet defined`
+ );
+ }
+
+ if (!org.utilitySubnet) {
+ throw new Error(
+ `Organization with ID ${orgId} has no utility subnet defined`
+ );
+ }
+
+ const existingAddresses = await trx
+ .select({
+ aliasAddress: siteResources.aliasAddress
+ })
+ .from(siteResources)
+ .where(
+ and(
+ isNotNull(siteResources.aliasAddress),
+ eq(siteResources.orgId, orgId)
+ )
+ );
+
+ const addresses = [
+ ...existingAddresses.map(
+ (site) => `${site.aliasAddress?.split("/")[0]}/32`
+ ),
+ // reserve a /29 for the dns server and other stuff
+ `${org.utilitySubnet.split("/")[0]}/29`
+ ].filter((address) => address !== null) as string[];
+
+ let subnet = findNextAvailableCidr(addresses, 32, org.utilitySubnet);
+ if (!subnet) {
+ throw new Error("No available subnets remaining in space");
+ }
+
+ // remove the cidr
+ subnet = subnet.split("/")[0];
+
+ return { value: subnet, release };
+ } catch (e) {
+ await release();
+ throw e;
+ }
}
-export async function getNextAvailableOrgSubnet(): Promise {
- return await lockManager.withLock("org-subnet-allocation", async () => {
+export async function getNextAvailableOrgSubnet(): Promise<{
+ value: string;
+ release: () => Promise;
+}> {
+ const lockKey = "org-subnet-allocation";
+ const acquired = await lockManager.acquireLockWithRetry(lockKey, 6000);
+ if (!acquired) {
+ throw new Error(`Failed to acquire lock: ${lockKey}`);
+ }
+ const release = () => lockManager.releaseLock(lockKey, acquired);
+
+ try {
const existingAddresses = await db
.select({
subnet: orgs.subnet
@@ -466,8 +484,11 @@ export async function getNextAvailableOrgSubnet(): Promise {
throw new Error("No available subnets remaining in space");
}
- return subnet;
- });
+ return { value: subnet, release };
+ } catch (e) {
+ await release();
+ throw e;
+ }
}
export function generateRemoteSubnets(
@@ -475,13 +496,15 @@ export function generateRemoteSubnets(
): string[] {
const remoteSubnets = allSiteResources
.filter((sr) => {
+ if (!sr.destination) return false;
+
if (sr.mode === "cidr") {
// check if its a valid CIDR using zod
const cidrSchema = z.union([z.cidrv4(), z.cidrv6()]);
const parseResult = cidrSchema.safeParse(sr.destination);
return parseResult.success;
}
- if (sr.mode === "host") {
+ if (sr.mode === "host" || sr.mode === "ssh") {
// check if its a valid IP using zod
const ipSchema = z.union([z.ipv4(), z.ipv6()]);
const parseResult = ipSchema.safeParse(sr.destination);
@@ -491,12 +514,12 @@ export function generateRemoteSubnets(
})
.map((sr) => {
if (sr.mode === "cidr") return sr.destination;
- if (sr.mode === "host") {
+ if (sr.mode === "host" || sr.mode === "ssh") {
return `${sr.destination}/32`;
}
return ""; // This should never be reached due to filtering, but satisfies TypeScript
})
- .filter((subnet) => subnet !== ""); // Remove empty strings just to be safe
+ .filter((subnet): subnet is string => subnet !== "" && subnet !== null); // Remove invalid values just to be safe
// remove duplicates
return Array.from(new Set(remoteSubnets));
}
@@ -508,7 +531,7 @@ export function generateAliasConfig(allSiteResources: SiteResource[]): Alias[] {
.filter(
(sr) =>
sr.aliasAddress &&
- ((sr.alias && sr.mode == "host") ||
+ ((sr.alias && (sr.mode == "host" || sr.mode == "ssh")) ||
(sr.fullDomain && sr.mode == "http"))
)
.map((sr) => ({
@@ -554,6 +577,10 @@ export function generateSubnetProxyTargets(
continue;
}
+ if (!siteResource.destination) {
+ continue;
+ }
+
const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`;
const portRange = [
...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"),
@@ -561,7 +588,7 @@ export function generateSubnetProxyTargets(
];
const disableIcmp = siteResource.disableIcmp ?? false;
- if (siteResource.mode == "host") {
+ if (siteResource.mode == "host" || siteResource.mode == "ssh") {
let destination = siteResource.destination;
// check if this is a valid ip
const ipSchema = z.union([z.ipv4(), z.ipv6()]);
@@ -581,7 +608,7 @@ export function generateSubnetProxyTargets(
targets.push({
sourcePrefix: clientPrefix,
destPrefix: `${siteResource.aliasAddress}/32`,
- rewriteTo: destination,
+ rewriteTo: destination!,
portRange,
disableIcmp
});
@@ -589,7 +616,7 @@ export function generateSubnetProxyTargets(
} else if (siteResource.mode == "cidr") {
targets.push({
sourcePrefix: clientPrefix,
- destPrefix: siteResource.destination,
+ destPrefix: siteResource.destination!,
portRange,
disableIcmp
});
@@ -642,7 +669,12 @@ export async function generateSubnetProxyTargetV2(
return;
}
- let targets: SubnetProxyTargetV2[] = [];
+ if (!siteResource.destination) {
+ // ssh can have no destination
+ return;
+ }
+
+ const targets: SubnetProxyTargetV2[] = [];
const portRange = [
...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"),
@@ -650,7 +682,7 @@ export async function generateSubnetProxyTargetV2(
];
const disableIcmp = siteResource.disableIcmp ?? false;
- if (siteResource.mode == "host") {
+ if (siteResource.mode == "host" || siteResource.mode == "ssh") {
let destination = siteResource.destination;
// check if this is a valid ip
const ipSchema = z.union([z.ipv4(), z.ipv6()]);
@@ -671,7 +703,7 @@ export async function generateSubnetProxyTargetV2(
targets.push({
sourcePrefixes: [],
destPrefix: `${siteResource.aliasAddress}/32`,
- rewriteTo: destination,
+ rewriteTo: destination!,
portRange,
disableIcmp,
resourceId: siteResource.siteResourceId
@@ -680,7 +712,7 @@ export async function generateSubnetProxyTargetV2(
} else if (siteResource.mode == "cidr") {
targets.push({
sourcePrefixes: [],
- destPrefix: siteResource.destination,
+ destPrefix: siteResource.destination!,
portRange,
disableIcmp,
resourceId: siteResource.siteResourceId
@@ -738,7 +770,7 @@ export async function generateSubnetProxyTargetV2(
protocol: siteResource.ssl ? "https" : "http",
httpTargets: [
{
- destAddr: siteResource.destination,
+ destAddr: siteResource.destination!,
destPort: siteResource.destinationPort,
scheme: siteResource.scheme
}
diff --git a/server/lib/lock.ts b/server/lib/lock.ts
index 7eea89084..2f6fad673 100644
--- a/server/lib/lock.ts
+++ b/server/lib/lock.ts
@@ -1,28 +1,87 @@
+import { randomUUID } from "crypto";
+
+const instanceId = `local-${Math.random().toString(36).slice(2)}-${Date.now()}`;
+
+type LocalLockRecord = {
+ owner: string;
+ expiresAt: number;
+};
+
+const localLocks = new Map();
+
export class LockManager {
- /**
- * Acquire a distributed lock using Redis SET with NX and PX options
- * @param lockKey - Unique identifier for the lock
- * @param ttlMs - Time to live in milliseconds
- * @returns Promise - true if lock acquired, false otherwise
- */
- async acquireLock(
- lockKey: string,
- ttlMs: number = 30000
- ): Promise {
- return true;
+ private clearExpiredLocalLock(lockKey: string): void {
+ const current = localLocks.get(lockKey);
+ if (current && current.expiresAt <= Date.now()) {
+ localLocks.delete(lockKey);
+ }
}
/**
- * Release a lock using Lua script to ensure atomicity
+ * Acquire a local in-process lock using an optimistic Map-based check.
* @param lockKey - Unique identifier for the lock
+ * @param ttlMs - Time to live in milliseconds
+ * @returns Promise - a token identifying this specific acquisition
+ * (truthy) on success, or null if the lock could not be acquired.
*/
- async releaseLock(lockKey: string): Promise {}
+ async acquireLock(
+ lockKey: string,
+ ttlMs: number = 30000,
+ maxRetries: number = 3,
+ retryDelayMs: number = 100
+ ): Promise {
+ for (let attempt = 0; attempt < maxRetries; attempt++) {
+ this.clearExpiredLocalLock(lockKey);
+
+ const existing = localLocks.get(lockKey);
+ if (!existing) {
+ const token = `${instanceId}:${randomUUID()}`;
+ localLocks.set(lockKey, {
+ owner: token,
+ expiresAt: Date.now() + ttlMs
+ });
+ return token;
+ }
+
+ // The lock is currently held -- possibly by a different, unrelated
+ // caller in this same process. We intentionally do NOT treat
+ // same-process holders as automatically reentrant here: two
+ // independent logical operations (e.g. two different API requests)
+ // running concurrently in the same process must not both believe
+ // they hold the lock, or their writes under it can interleave
+ // unguarded. Just retry with backoff like any other contended lock.
+ if (attempt < maxRetries - 1) {
+ const delay = retryDelayMs * Math.pow(2, attempt);
+ await new Promise((resolve) => setTimeout(resolve, delay));
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Release a lock previously acquired via acquireLock/acquireLockWithRetry.
+ * @param lockKey - Unique identifier for the lock
+ * @param token - the exact token returned by the acquisition being released.
+ * Required so a caller whose TTL already expired can't delete a
+ * different, currently-active holder's lock.
+ */
+ async releaseLock(lockKey: string, token: string): Promise {
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+
+ if (existing && existing.owner === token) {
+ localLocks.delete(lockKey);
+ }
+ }
/**
* Force release a lock regardless of owner (use with caution)
* @param lockKey - Unique identifier for the lock
*/
- async forceReleaseLock(lockKey: string): Promise {}
+ async forceReleaseLock(lockKey: string): Promise {
+ localLocks.delete(lockKey);
+ }
/**
* Check if a lock exists and get its info
@@ -35,16 +94,44 @@ export class LockManager {
ttl: number;
owner?: string;
}> {
- return { exists: true, ownedByMe: true, ttl: 0 };
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+
+ if (!existing) {
+ return { exists: false, ownedByMe: false, ttl: 0 };
+ }
+
+ const ttl = Math.max(0, existing.expiresAt - Date.now());
+ return {
+ exists: true,
+ ownedByMe: existing.owner.startsWith(`${instanceId}:`),
+ ttl,
+ owner: existing.owner.split(":")[0]
+ };
}
/**
- * Extend the TTL of an existing lock owned by this worker
+ * Extend the TTL of an existing lock, provided the token matches the
+ * acquisition currently holding it.
* @param lockKey - Unique identifier for the lock
* @param ttlMs - New TTL in milliseconds
+ * @param token - the token returned by the acquisition being extended
* @returns Promise - true if extended successfully
*/
- async extendLock(lockKey: string, ttlMs: number): Promise {
+ async extendLock(
+ lockKey: string,
+ ttlMs: number,
+ token: string
+ ): Promise {
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+
+ if (!existing || existing.owner !== token) {
+ return false;
+ }
+
+ existing.expiresAt = Date.now() + ttlMs;
+ localLocks.set(lockKey, existing);
return true;
}
@@ -54,15 +141,34 @@ export class LockManager {
* @param ttlMs - Time to live in milliseconds
* @param maxRetries - Maximum number of retry attempts
* @param baseDelayMs - Base delay between retries in milliseconds
- * @returns Promise - true if lock acquired
+ * @returns Promise - token if acquired, null otherwise
*/
async acquireLockWithRetry(
lockKey: string,
ttlMs: number = 30000,
maxRetries: number = 5,
baseDelayMs: number = 100
- ): Promise {
- return true;
+ ): Promise {
+ for (let attempt = 0; attempt <= maxRetries; attempt++) {
+ const acquired = await this.acquireLock(
+ lockKey,
+ ttlMs,
+ 1,
+ baseDelayMs
+ );
+
+ if (acquired) {
+ return acquired;
+ }
+
+ if (attempt < maxRetries) {
+ const delay =
+ baseDelayMs * Math.pow(2, attempt) + Math.random() * 100;
+ await new Promise((resolve) => setTimeout(resolve, delay));
+ }
+ }
+
+ return null;
}
/**
@@ -77,16 +183,16 @@ export class LockManager {
fn: () => Promise,
ttlMs: number = 30000
): Promise {
- const acquired = await this.acquireLock(lockKey, ttlMs);
+ const token = await this.acquireLock(lockKey, ttlMs);
- if (!acquired) {
+ if (!token) {
throw new Error(`Failed to acquire lock: ${lockKey}`);
}
try {
return await fn();
} finally {
- await this.releaseLock(lockKey);
+ await this.releaseLock(lockKey, token);
}
}
@@ -99,7 +205,21 @@ export class LockManager {
activeLocksCount: number;
locksOwnedByMe: number;
}> {
- return { activeLocksCount: 0, locksOwnedByMe: 0 };
+ const now = Date.now();
+ for (const [key, value] of localLocks.entries()) {
+ if (value.expiresAt <= now) {
+ localLocks.delete(key);
+ }
+ }
+
+ let locksOwnedByMe = 0;
+ for (const value of localLocks.values()) {
+ if (value.owner.startsWith(`${instanceId}:`)) {
+ locksOwnedByMe++;
+ }
+ }
+
+ return { activeLocksCount: localLocks.size, locksOwnedByMe };
}
/**
diff --git a/server/lib/orgRebuildCounter.ts b/server/lib/orgRebuildCounter.ts
new file mode 100644
index 000000000..40edd0aa0
--- /dev/null
+++ b/server/lib/orgRebuildCounter.ts
@@ -0,0 +1,24 @@
+export const ORG_REBUILD_CONCURRENCY_LIMIT = 10;
+
+const orgActiveRebuilds = new Map();
+
+export async function incrementOrgRebuildCount(orgId: string): Promise {
+ orgActiveRebuilds.set(orgId, (orgActiveRebuilds.get(orgId) ?? 0) + 1);
+}
+
+export async function decrementOrgRebuildCount(orgId: string): Promise {
+ const current = orgActiveRebuilds.get(orgId) ?? 0;
+ if (current <= 1) {
+ orgActiveRebuilds.delete(orgId);
+ } else {
+ orgActiveRebuilds.set(orgId, current - 1);
+ }
+}
+
+export async function getOrgActiveRebuildCount(orgId: string): Promise {
+ return orgActiveRebuilds.get(orgId) ?? 0;
+}
+
+export async function checkOrgRebuildRateLimit(orgId: string): Promise {
+ return (orgActiveRebuilds.get(orgId) ?? 0) >= ORG_REBUILD_CONCURRENCY_LIMIT;
+}
diff --git a/server/lib/pathMatch.ts b/server/lib/pathMatch.ts
new file mode 100644
index 000000000..a007f9ec3
--- /dev/null
+++ b/server/lib/pathMatch.ts
@@ -0,0 +1,74 @@
+const MAX_RECURSION_DEPTH = 100;
+
+const segmentRegexCache = new Map();
+
+function getSegmentRegex(patternPart: string): RegExp {
+ let regex = segmentRegexCache.get(patternPart);
+ if (!regex) {
+ const regexPattern = patternPart
+ .replace(/[.+^${}()|[\]\\]/g, "\\$&")
+ .replace(/\*/g, ".*")
+ .replace(/\?/g, ".");
+ regex = new RegExp(`^${regexPattern}$`);
+ segmentRegexCache.set(patternPart, regex);
+ }
+ return regex;
+}
+
+export function isPathAllowed(pattern: string, path: string): boolean {
+ const normalize = (p: string) => p.split("/").filter(Boolean);
+ const patternParts = normalize(pattern);
+ const pathParts = normalize(path);
+
+ function matchSegments(
+ patternIndex: number,
+ pathIndex: number,
+ depth: number = 0
+ ): boolean {
+ if (depth > MAX_RECURSION_DEPTH) {
+ return false;
+ }
+
+ const currentPatternPart = patternParts[patternIndex];
+ const currentPathPart = pathParts[pathIndex];
+
+ if (patternIndex >= patternParts.length) {
+ return pathIndex >= pathParts.length;
+ }
+
+ if (pathIndex >= pathParts.length) {
+ return patternParts.slice(patternIndex).every((p) => p === "*");
+ }
+
+ if (currentPatternPart === "*") {
+ if (matchSegments(patternIndex + 1, pathIndex, depth + 1)) {
+ return true;
+ }
+ if (matchSegments(patternIndex, pathIndex + 1, depth + 1)) {
+ return true;
+ }
+ return false;
+ }
+
+ if (currentPatternPart.includes("*")) {
+ const regex = getSegmentRegex(currentPatternPart);
+
+ if (regex.test(currentPathPart)) {
+ return matchSegments(
+ patternIndex + 1,
+ pathIndex + 1,
+ depth + 1
+ );
+ }
+ return false;
+ }
+
+ if (currentPatternPart !== currentPathPart) {
+ return false;
+ }
+
+ return matchSegments(patternIndex + 1, pathIndex + 1, depth + 1);
+ }
+
+ return matchSegments(0, 0, 0);
+}
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index c3e796fc1..6b6ac95aa 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -184,7 +184,8 @@ export const configSchema = z
.number()
.positive()
.optional()
- .default(5000)
+ .default(5000),
+ jit_mode: z.boolean().default(true)
})
.optional()
.prefault({})
diff --git a/server/lib/rebuildClientAssociations.ts b/server/lib/rebuildClientAssociations.ts
index e5543d5ef..efb856825 100644
--- a/server/lib/rebuildClientAssociations.ts
+++ b/server/lib/rebuildClientAssociations.ts
@@ -8,6 +8,7 @@ import {
exitNodes,
newts,
olms,
+ primaryDb,
roleSiteResources,
Site,
SiteResource,
@@ -20,10 +21,10 @@ import {
} from "@server/db";
import { and, count, eq, inArray, ne } from "drizzle-orm";
-import { deletePeer as newtDeletePeer } from "@server/routers/newt/peers";
+import { deletePeersBatch as newtDeletePeersBatch } from "@server/routers/newt/peers";
import {
- initPeerAddHandshake,
- deletePeer as olmDeletePeer
+ initPeerAddHandshakeBatch,
+ deletePeersBatch as olmDeletePeersBatch
} from "@server/routers/olm/peers";
import { sendToExitNode } from "#dynamic/lib/exitNodes";
import logger from "@server/logger";
@@ -35,16 +36,139 @@ import {
} from "@server/lib/ip";
import {
addPeerData,
- addTargets as addSubnetProxyTargets,
- removePeerData,
- removeTargets as removeSubnetProxyTargets
+ addPeerDataBatch,
+ addTargetsBatch as addSubnetProxyTargetsBatch,
+ removePeerDataBatch,
+ removeTargetsBatch as removeSubnetProxyTargetsBatch,
+ updatePeerDataBatch,
+ updateTargets
} from "@server/routers/client/targets";
import { lockManager } from "#dynamic/lib/lock";
+import { rebuildQueue } from "#dynamic/lib/rebuildQueue";
+import { withRetry, isTransientError } from "@server/lib/dbRetry";
+import {
+ checkOrgRebuildRateLimit,
+ decrementOrgRebuildCount,
+ incrementOrgRebuildCount,
+ ORG_REBUILD_CONCURRENCY_LIMIT
+} from "#dynamic/lib/orgRebuildCounter";
+
+export { ORG_REBUILD_CONCURRENCY_LIMIT };
// TTL for rebuild-association locks. These functions can fan out into many
// peer/proxy updates, so give them a generous window.
const REBUILD_ASSOCIATIONS_LOCK_TTL_MS = 120000;
+export async function isOrgRebuildRateLimited(orgId: string): Promise {
+ return checkOrgRebuildRateLimit(orgId);
+}
+
+const REBUILD_IDLE_POLL_INTERVAL_MS = 300;
+const REBUILD_IDLE_DEFAULT_TIMEOUT_MS = 130_000; // slightly longer than lock TTL
+const REBUILD_IDLE_HANDLER_TIMEOUT_MS = 5_000;
+
+/**
+ * Returns true if a rebuild for the given site resource is currently active
+ * (holding the distributed lock) or is pending in the rebuild queue.
+ */
+export async function hasActiveSiteResourceRebuild(
+ siteResourceId: number
+): Promise {
+ const lockKey = `rebuild-client-associations:site-resource:${siteResourceId}`;
+ const lockInfo = await lockManager.getLockInfo(lockKey);
+ if (lockInfo.exists) return true;
+ return rebuildQueue.isQueued({ type: "site-resource", id: siteResourceId });
+}
+
+/**
+ * Resolves once there is no active or queued rebuild for the given site resource.
+ * Logs a warning and resolves early if the timeout is reached.
+ */
+export async function waitForSiteResourceRebuildIdle(
+ siteResourceId: number,
+ timeoutMs = REBUILD_IDLE_DEFAULT_TIMEOUT_MS
+): Promise {
+ const deadline = Date.now() + timeoutMs;
+ while (Date.now() < deadline) {
+ if (!(await hasActiveSiteResourceRebuild(siteResourceId))) return;
+ await new Promise((r) =>
+ setTimeout(r, REBUILD_IDLE_POLL_INTERVAL_MS)
+ );
+ }
+ logger.warn(
+ `waitForSiteResourceRebuildIdle: timed out after ${timeoutMs}ms waiting for siteResourceId=${siteResourceId}`
+ );
+}
+
+/**
+ * Resolves once there are no active or queued rebuilds for any site resource
+ * associated with the given site.
+ */
+export async function waitForSiteRebuildIdle(
+ siteId: number,
+ timeoutMs = REBUILD_IDLE_HANDLER_TIMEOUT_MS
+): Promise {
+ const deadline = Date.now() + timeoutMs;
+ while (Date.now() < deadline) {
+ const resourceRows = await db
+ .select({ siteResourceId: siteResources.siteResourceId })
+ .from(siteResources)
+ .innerJoin(
+ siteNetworks,
+ eq(siteNetworks.networkId, siteResources.networkId)
+ )
+ .where(eq(siteNetworks.siteId, siteId));
+ let allIdle = true;
+ for (const { siteResourceId } of resourceRows) {
+ if (await hasActiveSiteResourceRebuild(siteResourceId)) {
+ allIdle = false;
+ break;
+ }
+ }
+ if (allIdle) return;
+ await new Promise((r) =>
+ setTimeout(r, REBUILD_IDLE_POLL_INTERVAL_MS)
+ );
+ }
+ logger.warn(
+ `waitForSiteRebuildIdle: timed out after ${timeoutMs}ms waiting for siteId=${siteId}`
+ );
+}
+
+/**
+ * Resolves once there are no active or queued rebuilds for any site resource
+ * associated with the given client.
+ */
+export async function waitForClientRebuildIdle(
+ clientId: number,
+ timeoutMs = REBUILD_IDLE_HANDLER_TIMEOUT_MS
+): Promise {
+ const deadline = Date.now() + timeoutMs;
+ while (Date.now() < deadline) {
+ const resourceRows = await db
+ .select({
+ siteResourceId:
+ clientSiteResourcesAssociationsCache.siteResourceId
+ })
+ .from(clientSiteResourcesAssociationsCache)
+ .where(eq(clientSiteResourcesAssociationsCache.clientId, clientId));
+ let allIdle = true;
+ for (const { siteResourceId } of resourceRows) {
+ if (await hasActiveSiteResourceRebuild(siteResourceId)) {
+ allIdle = false;
+ break;
+ }
+ }
+ if (allIdle) return;
+ await new Promise((r) =>
+ setTimeout(r, REBUILD_IDLE_POLL_INTERVAL_MS)
+ );
+ }
+ logger.warn(
+ `waitForClientRebuildIdle: timed out after ${timeoutMs}ms waiting for clientId=${clientId}`
+ );
+}
+
export async function getClientSiteResourceAccess(
siteResource: SiteResource,
trx: Transaction | typeof db = db
@@ -158,32 +282,61 @@ export async function getClientSiteResourceAccess(
}
export async function rebuildClientAssociationsFromSiteResource(
- siteResource: SiteResource,
- trx: Transaction | typeof db = db
-): Promise<{
- mergedAllClients: {
- clientId: number;
- pubKey: string | null;
- subnet: string | null;
- }[];
-}> {
- return await lockManager.withLock(
- `rebuild-client-associations:site-resource:${siteResource.siteResourceId}`,
- () => rebuildClientAssociationsFromSiteResourceImpl(siteResource, trx),
- REBUILD_ASSOCIATIONS_LOCK_TTL_MS
- );
+ siteResource: SiteResource
+) {
+ await incrementOrgRebuildCount(siteResource.orgId);
+ try {
+ // The whole locked rebuild is idempotent (it diffs full expected vs.
+ // actual state each time), so on a transient DB error it's safe to
+ // retry the entire thing rather than just the failed query.
+ return await withRetry(
+ () =>
+ lockManager.withLock(
+ `rebuild-client-associations:site-resource:${siteResource.siteResourceId}`,
+ () =>
+ rebuildClientAssociationsFromSiteResourceImpl(
+ siteResource
+ ),
+ REBUILD_ASSOCIATIONS_LOCK_TTL_MS
+ ),
+ `rebuildClientAssociationsFromSiteResource:${siteResource.siteResourceId}`
+ );
+ } catch (err: any) {
+ if (
+ typeof err?.message === "string" &&
+ err.message.startsWith("Failed to acquire lock")
+ ) {
+ logger.warn(
+ `rebuildClientAssociations: could not acquire lock for site resource ${siteResource.siteResourceId}, queuing for deferred processing`
+ );
+ await rebuildQueue.enqueue({
+ type: "site-resource",
+ id: siteResource.siteResourceId
+ });
+ return { mergedAllClients: [] };
+ }
+ if (isTransientError(err)) {
+ logger.warn(
+ `rebuildClientAssociations: transient DB error rebuilding site resource ${siteResource.siteResourceId} persisted after retries, queuing for deferred processing:`,
+ err
+ );
+ await rebuildQueue.enqueue({
+ type: "site-resource",
+ id: siteResource.siteResourceId
+ });
+ return { mergedAllClients: [] };
+ }
+ throw err;
+ } finally {
+ await decrementOrgRebuildCount(siteResource.orgId);
+ }
}
async function rebuildClientAssociationsFromSiteResourceImpl(
- siteResource: SiteResource,
- trx: Transaction | typeof db = db
-): Promise<{
- mergedAllClients: {
- clientId: number;
- pubKey: string | null;
- subnet: string | null;
- }[];
-}> {
+ siteResource: SiteResource
+) {
+ const trx = primaryDb;
+
logger.debug(
`rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] START siteResourceId=${siteResource.siteResourceId} networkId=${siteResource.networkId} orgId=${siteResource.orgId}`
);
@@ -197,14 +350,62 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
/////////// process the client-siteResource associations ///////////
+ const existingClientSiteResources = await trx
+ .select({
+ clientId: clientSiteResourcesAssociationsCache.clientId
+ })
+ .from(clientSiteResourcesAssociationsCache)
+ .where(
+ eq(
+ clientSiteResourcesAssociationsCache.siteResourceId,
+ siteResource.siteResourceId
+ )
+ );
+
+ const existingClientSiteResourceIds = existingClientSiteResources.map(
+ (row) => row.clientId
+ );
+
// get all of the clients associated with other site resources that share
// any of the same sites as this site resource (via siteNetworks). We can't
// simply filter by networkId since each site resource has its own network;
// two site resources serving the same site typically belong to different
// networks that both happen to include the site through siteNetworks.
const sitesListSiteIds = sitesList.map((s) => s.siteId);
+
+ // We must also consider sites where these clients are currently cached,
+ // otherwise removing a site from this resource can leave stale
+ // client-site cache entries behind for the removed site.
+ const cachedSiteRowsForResourceClients =
+ existingClientSiteResourceIds.length > 0
+ ? await trx
+ .select({ siteId: clientSitesAssociationsCache.siteId })
+ .from(clientSitesAssociationsCache)
+ .where(
+ inArray(
+ clientSitesAssociationsCache.clientId,
+ existingClientSiteResourceIds
+ )
+ )
+ : [];
+
+ const allCandidateSiteIds = Array.from(
+ new Set([
+ ...sitesListSiteIds,
+ ...cachedSiteRowsForResourceClients.map((r) => r.siteId)
+ ])
+ );
+
+ const sitesToProcess =
+ allCandidateSiteIds.length > 0
+ ? await trx
+ .select()
+ .from(sites)
+ .where(inArray(sites.siteId, allCandidateSiteIds))
+ : [];
+ const currentSiteIdSet = new Set(sitesListSiteIds);
const allUpdatedClientsFromOtherResourcesOnThisSite =
- sitesListSiteIds.length > 0
+ allCandidateSiteIds.length > 0
? await trx
.select({
clientId: clientSiteResourcesAssociationsCache.clientId,
@@ -224,7 +425,7 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
)
.where(
and(
- inArray(siteNetworks.siteId, sitesListSiteIds),
+ inArray(siteNetworks.siteId, allCandidateSiteIds),
ne(
siteResources.siteResourceId,
siteResource.siteResourceId
@@ -243,22 +444,6 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
clientsFromOtherResourcesBySite.get(row.siteId)!.add(row.clientId);
}
- const existingClientSiteResources = await trx
- .select({
- clientId: clientSiteResourcesAssociationsCache.clientId
- })
- .from(clientSiteResourcesAssociationsCache)
- .where(
- eq(
- clientSiteResourcesAssociationsCache.siteResourceId,
- siteResource.siteResourceId
- )
- );
-
- const existingClientSiteResourceIds = existingClientSiteResources.map(
- (row) => row.clientId
- );
-
logger.debug(
`rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteResourceId=${siteResource.siteResourceId} existingResourceClientIds=[${existingClientSiteResourceIds.join(", ")}]`
);
@@ -300,6 +485,7 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
await trx
.insert(clientSiteResourcesAssociationsCache)
.values(clientSiteResourcesToInsert)
+ .onConflictDoNothing()
.returning();
logger.debug(
`rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteResourceId=${siteResource.siteResourceId} inserted clientSiteResource associations`
@@ -341,121 +527,154 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
/////////// process the client-site associations ///////////
logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteResourceId=${siteResource.siteResourceId} beginning client-site association loop over ${sitesList.length} site(s)`
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteResourceId=${siteResource.siteResourceId} beginning client-site association loop over ${sitesToProcess.length} site(s) (current=${sitesList.length})`
);
- for (const site of sitesList) {
+ for (const site of sitesToProcess) {
const siteId = site.siteId;
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] processing siteId=${siteId} for siteResourceId=${siteResource.siteResourceId}`
- );
+ try {
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] processing siteId=${siteId} for siteResourceId=${siteResource.siteResourceId}`
+ );
- const existingClientSites = await trx
- .select({
- clientId: clientSitesAssociationsCache.clientId
- })
- .from(clientSitesAssociationsCache)
- .where(eq(clientSitesAssociationsCache.siteId, siteId));
+ const existingClientSites = await trx
+ .select({
+ clientId: clientSitesAssociationsCache.clientId
+ })
+ .from(clientSitesAssociationsCache)
+ .where(eq(clientSitesAssociationsCache.siteId, siteId));
- const existingClientSiteIds = existingClientSites.map(
- (row) => row.clientId
- );
+ const existingClientSiteIds = existingClientSites.map(
+ (row) => row.clientId
+ );
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} existingClientSiteIds=[${existingClientSiteIds.join(", ")}]`
- );
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} existingClientSiteIds=[${existingClientSiteIds.join(", ")}]`
+ );
- // Get full client details for existing clients (needed for sending delete messages)
- const existingClients =
- existingClientSiteIds.length > 0
- ? await trx
- .select({
- clientId: clients.clientId,
- pubKey: clients.pubKey,
- subnet: clients.subnet
- })
- .from(clients)
- .where(inArray(clients.clientId, existingClientSiteIds))
+ // Get full client details for existing clients (needed for sending delete messages)
+ const existingClients =
+ existingClientSiteIds.length > 0
+ ? await trx
+ .select({
+ clientId: clients.clientId,
+ pubKey: clients.pubKey,
+ subnet: clients.subnet
+ })
+ .from(clients)
+ .where(
+ inArray(clients.clientId, existingClientSiteIds)
+ )
+ : [];
+
+ const otherResourceClientIds =
+ clientsFromOtherResourcesBySite.get(siteId) ??
+ new Set();
+
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} otherResourceClientIds=[${[...otherResourceClientIds].join(", ")}] mergedAllClientIds=[${mergedAllClientIds.join(", ")}]`
+ );
+
+ // Expected clients from this resource are site-scoped: if this site is
+ // no longer attached to the resource, the expected set is empty.
+ const expectedClientIdsForSite = currentSiteIdSet.has(siteId)
+ ? mergedAllClientIds
: [];
- const otherResourceClientIds =
- clientsFromOtherResourcesBySite.get(siteId) ?? new Set();
-
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} otherResourceClientIds=[${[...otherResourceClientIds].join(", ")}] mergedAllClientIds=[${mergedAllClientIds.join(", ")}]`
- );
-
- const clientSitesToAdd = mergedAllClientIds.filter(
- (clientId) =>
- !existingClientSiteIds.includes(clientId) &&
- !otherResourceClientIds.has(clientId) // dont add if already connected via another site resource
- );
-
- const clientSitesToInsert = clientSitesToAdd.map((clientId) => ({
- clientId,
- siteId
- }));
-
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} clientSites toAdd=[${clientSitesToAdd.join(", ")}]`
- );
-
- if (clientSitesToInsert.length > 0) {
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} inserting ${clientSitesToInsert.length} clientSite association(s)`
+ // Note: we deliberately do NOT exclude clients covered by another
+ // site resource here (unlike clientSitesToRemove below). Doing so
+ // previously caused a permanent gap: if resource A saw resource B's
+ // cache row and skipped adding (assuming B would maintain it), and
+ // B's own rebuild made the same assumption about A, the site-level
+ // row could end up never inserted by anyone even though both
+ // resources' client associations were otherwise correct.
+ // onConflictDoNothing makes a redundant insert harmless, so there's
+ // no correctness reason to skip here.
+ const clientSitesToAdd = expectedClientIdsForSite.filter(
+ (clientId) => !existingClientSiteIds.includes(clientId)
);
- await trx
- .insert(clientSitesAssociationsCache)
- .values(clientSitesToInsert)
- .returning();
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} inserted clientSite associations`
- );
- } else {
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} no clientSite associations to insert`
- );
- }
- // Now remove any client-site associations that should no longer exist
- const clientSitesToRemove = existingClientSiteIds.filter(
- (clientId) =>
- !mergedAllClientIds.includes(clientId) &&
- !otherResourceClientIds.has(clientId) // dont remove if there is still another connection for another site resource
- );
+ const clientSitesToInsert = clientSitesToAdd.map((clientId) => ({
+ clientId,
+ siteId
+ }));
- logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} clientSites toRemove=[${clientSitesToRemove.join(", ")}]`
- );
-
- if (clientSitesToRemove.length > 0) {
logger.debug(
- `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} deleting ${clientSitesToRemove.length} clientSite association(s)`
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} clientSites toAdd=[${clientSitesToAdd.join(", ")}]`
);
- await trx
- .delete(clientSitesAssociationsCache)
- .where(
- and(
- eq(clientSitesAssociationsCache.siteId, siteId),
- inArray(
- clientSitesAssociationsCache.clientId,
- clientSitesToRemove
- )
- )
+
+ if (clientSitesToInsert.length > 0) {
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} inserting ${clientSitesToInsert.length} clientSite association(s)`
);
- }
+ await trx
+ .insert(clientSitesAssociationsCache)
+ .values(clientSitesToInsert)
+ .onConflictDoNothing()
+ .returning();
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} inserted clientSite associations`
+ );
+ } else {
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} no clientSite associations to insert`
+ );
+ }
- // Now handle the messages to add/remove peers on both the newt and olm sides
- await handleMessagesForSiteClients(
- site,
- siteId,
- mergedAllClients,
- existingClients,
- clientSitesToAdd,
- clientSitesToRemove,
- trx
- );
+ // Now remove any client-site associations that should no longer exist
+ const clientSitesToRemove = existingClientSiteIds.filter(
+ (clientId) =>
+ !expectedClientIdsForSite.includes(clientId) &&
+ !otherResourceClientIds.has(clientId) // dont remove if there is still another connection for another site resource
+ );
+
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} clientSites toRemove=[${clientSitesToRemove.join(", ")}]`
+ );
+
+ if (clientSitesToRemove.length > 0) {
+ logger.debug(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} deleting ${clientSitesToRemove.length} clientSite association(s)`
+ );
+ await trx
+ .delete(clientSitesAssociationsCache)
+ .where(
+ and(
+ eq(clientSitesAssociationsCache.siteId, siteId),
+ inArray(
+ clientSitesAssociationsCache.clientId,
+ clientSitesToRemove
+ )
+ )
+ );
+ }
+
+ // Now handle the messages to add/remove peers on both the newt and olm sides
+ await handleMessagesForSiteClients(
+ site,
+ siteId,
+ mergedAllClients,
+ existingClients,
+ clientSitesToAdd,
+ clientSitesToRemove,
+ trx
+ );
+ } catch (err) {
+ // Don't let a failure on one site abort processing of every
+ // other site queued after it in this run. Since we're not
+ // re-throwing, the outer wrapper's retry/requeue logic never
+ // sees this failure, so explicitly queue this resource for a
+ // follow-up pass to reconcile whatever this site didn't get to.
+ logger.error(
+ `rebuildClientAssociations: [rebuildClientAssociationsFromSiteResource] siteId=${siteId} failed while processing site for siteResourceId=${siteResource.siteResourceId}, continuing with remaining sites and queuing a follow-up pass:`,
+ err
+ );
+ await rebuildQueue.enqueue({
+ type: "site-resource",
+ id: siteResource.siteResourceId
+ });
+ }
}
// Handle subnet proxy target updates for the resource associations
@@ -468,10 +687,6 @@ async function rebuildClientAssociationsFromSiteResourceImpl(
clientSiteResourcesToRemove,
trx
);
-
- return {
- mergedAllClients
- };
}
async function handleMessagesForSiteClients(
@@ -492,7 +707,7 @@ async function handleMessagesForSiteClients(
trx: Transaction | typeof db = db
): Promise {
if (!site.exitNodeId) {
- logger.warn(
+ logger.debug(
`Exit node ID not on site ${site.siteId} so there is no reason to update clients because it must be offline`
);
return;
@@ -506,14 +721,14 @@ async function handleMessagesForSiteClients(
.limit(1);
if (!exitNode) {
- logger.warn(
+ logger.debug(
`Exit node not found for site ${site.siteId} so there is no reason to update clients because it must be offline`
);
return;
}
if (!site.publicKey) {
- logger.warn(
+ logger.debug(
`Site publicKey not set for site ${site.siteId} so cannot add peers to clients`
);
return;
@@ -527,7 +742,7 @@ async function handleMessagesForSiteClients(
.where(eq(newts.siteId, siteId))
.limit(1);
if (!newt) {
- logger.warn(
+ logger.debug(
`Newt not found for site ${siteId} so cannot add peers to clients`
);
return;
@@ -536,6 +751,28 @@ async function handleMessagesForSiteClients(
const newtJobs: Promise[] = [];
const olmJobs: Promise[] = [];
const exitNodeJobs: Promise[] = [];
+ const newtPeerDeletes: {
+ siteId: number;
+ publicKey: string;
+ newtId: string;
+ }[] = [];
+ const olmPeerDeletes: {
+ clientId: number;
+ siteId: number;
+ publicKey: string;
+ olmId: string;
+ }[] = [];
+ const olmPeerAddHandshakes: {
+ clientId: number;
+ peer: {
+ siteId: number;
+ exitNode: {
+ publicKey: string;
+ endpoint: string;
+ };
+ };
+ olmId: string;
+ }[] = [];
// Combine all clients that need processing (those being added or removed)
const clientsToProcess = new Map<
@@ -584,6 +821,21 @@ async function handleMessagesForSiteClients(
}
}
+ // Batch-fetch all olm IDs for the clients we need to process
+ const clientIdsToProcess = Array.from(clientsToProcess.keys());
+ const olmRows =
+ clientIdsToProcess.length > 0
+ ? await trx
+ .select({ olmId: olms.olmId, clientId: olms.clientId })
+ .from(olms)
+ .where(inArray(olms.clientId, clientIdsToProcess))
+ : [];
+ const olmByClientId = new Map(
+ olmRows
+ .filter((r) => r.clientId !== null)
+ .map((r) => [r.clientId as number, r.olmId])
+ );
+
for (const client of clientsToProcess.values()) {
// UPDATE THE NEWT
if (!client.subnet || !client.pubKey) {
@@ -600,14 +852,8 @@ async function handleMessagesForSiteClients(
continue;
}
- const [olm] = await trx
- .select({
- olmId: olms.olmId
- })
- .from(olms)
- .where(eq(olms.clientId, client.clientId))
- .limit(1);
- if (!olm) {
+ const olmId = olmByClientId.get(client.clientId);
+ if (!olmId) {
logger.warn(
`Olm not found for client ${client.clientId} so cannot add/delete peers`
);
@@ -615,15 +861,17 @@ async function handleMessagesForSiteClients(
}
if (isDelete) {
- newtJobs.push(newtDeletePeer(siteId, client.pubKey, newt.newtId));
- olmJobs.push(
- olmDeletePeer(
- client.clientId,
- siteId,
- site.publicKey,
- olm.olmId
- )
- );
+ newtPeerDeletes.push({
+ siteId,
+ publicKey: client.pubKey,
+ newtId: newt.newtId
+ });
+ olmPeerDeletes.push({
+ clientId: client.clientId,
+ siteId,
+ publicKey: site.publicKey,
+ olmId
+ });
}
if (isAdd) {
@@ -635,23 +883,34 @@ async function handleMessagesForSiteClients(
continue;
}
- await initPeerAddHandshake(
- // this will kick off the add peer process for the client
- client.clientId,
- {
+ olmPeerAddHandshakes.push({
+ clientId: client.clientId,
+ peer: {
siteId,
exitNode: {
publicKey: exitNode.publicKey,
endpoint: exitNode.endpoint
}
},
- olm.olmId
- );
+ olmId
+ });
}
exitNodeJobs.push(updateClientSiteDestinations(client, trx));
}
+ if (newtPeerDeletes.length > 0) {
+ newtJobs.push(newtDeletePeersBatch(newtPeerDeletes));
+ }
+
+ if (olmPeerDeletes.length > 0) {
+ olmJobs.push(olmDeletePeersBatch(olmPeerDeletes));
+ }
+
+ if (olmPeerAddHandshakes.length > 0) {
+ olmJobs.push(initPeerAddHandshakeBatch(olmPeerAddHandshakes));
+ }
+
Promise.all(exitNodeJobs).catch((error) => {
logger.error(
`rebuildClientAssociations: Error updating client site destinations for site ${site.siteId}:`,
@@ -708,7 +967,7 @@ export async function updateClientSiteDestinations(
for (const site of sitesData) {
if (!site.sites.subnet) {
- logger.warn(`Site ${site.sites.siteId} has no subnet, skipping`);
+ logger.debug(`Site ${site.sites.siteId} has no subnet, skipping`);
continue;
}
@@ -812,6 +1071,20 @@ async function handleSubnetProxyTargetUpdates(
): Promise {
const proxyJobs: Promise[] = [];
const olmJobs: Promise[] = [];
+ const targetsToAddBatch: {
+ newtId: string;
+ targets: NonNullable<
+ Awaited>
+ >;
+ version: string | null;
+ }[] = [];
+ const targetsToRemoveBatch: {
+ newtId: string;
+ targets: NonNullable<
+ Awaited>
+ >;
+ version: string | null;
+ }[] = [];
for (const siteData of sitesList) {
const siteId = siteData.siteId;
@@ -843,25 +1116,25 @@ async function handleSubnetProxyTargetUpdates(
);
if (targetsToAdd) {
- proxyJobs.push(
- addSubnetProxyTargets(
- newt.newtId,
- targetsToAdd,
- newt.version
- )
- );
+ targetsToAddBatch.push({
+ newtId: newt.newtId,
+ targets: targetsToAdd,
+ version: newt.version
+ });
}
- for (const client of addedClients) {
- olmJobs.push(
- addPeerData(
- client.clientId,
+ olmJobs.push(
+ addPeerDataBatch(
+ addedClients.map((client) => ({
+ clientId: client.clientId,
siteId,
- generateRemoteSubnets([siteResource]),
- generateAliasConfig([siteResource])
- )
- );
- }
+ remoteSubnets: generateRemoteSubnets([
+ siteResource
+ ]),
+ aliases: generateAliasConfig([siteResource])
+ }))
+ )
+ );
}
}
@@ -880,16 +1153,24 @@ async function handleSubnetProxyTargetUpdates(
);
if (targetsToRemove) {
- proxyJobs.push(
- removeSubnetProxyTargets(
- newt.newtId,
- targetsToRemove,
- newt.version
- )
- );
+ targetsToRemoveBatch.push({
+ newtId: newt.newtId,
+ targets: targetsToRemove,
+ version: newt.version
+ });
}
+ const peerDataRemovals: {
+ clientId: number;
+ siteId: number;
+ remoteSubnets: string[];
+ aliases: ReturnType;
+ }[] = [];
+
for (const client of removedClients) {
+ if (!siteResource.destination) {
+ continue;
+ }
// Check if this client still has access to another resource
// on this specific site with the same destination. We scope
// by siteId (via siteNetworks) rather than networkId because
@@ -933,31 +1214,539 @@ async function handleSubnetProxyTargetUpdates(
? []
: generateRemoteSubnets([siteResource]);
- olmJobs.push(
- removePeerData(
- client.clientId,
- siteId,
- remoteSubnetsToRemove,
- generateAliasConfig([siteResource])
- )
- );
+ peerDataRemovals.push({
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: remoteSubnetsToRemove,
+ aliases: generateAliasConfig([siteResource])
+ });
+ }
+
+ if (peerDataRemovals.length > 0) {
+ olmJobs.push(removePeerDataBatch(peerDataRemovals));
}
}
}
}
- await Promise.all(proxyJobs);
+ if (targetsToAddBatch.length > 0) {
+ proxyJobs.push(addSubnetProxyTargetsBatch(targetsToAddBatch));
+ }
+
+ if (targetsToRemoveBatch.length > 0) {
+ proxyJobs.push(removeSubnetProxyTargetsBatch(targetsToRemoveBatch));
+ }
+
+ await Promise.all([...proxyJobs, ...olmJobs]);
+}
+
+export async function handleMessagingForUpdatedSiteResource(
+ existingSiteResource: SiteResource | undefined,
+ updatedSiteResource: SiteResource,
+ existingSiteIds: number[],
+ updatedSiteIds: number[]
+) {
+ const trx = primaryDb;
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: START siteResourceId=${updatedSiteResource.siteResourceId} existingSiteIds=[${existingSiteIds.join(", ")}] updatedSiteIds=[${updatedSiteIds.join(", ")}]`
+ );
+
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: existingSiteResource is: ",
+ existingSiteResource
+ );
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: updatedSiteResource is: ",
+ updatedSiteResource
+ );
+
+ const allSiteIds = [...new Set([...existingSiteIds, ...updatedSiteIds])];
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: allSiteIds=[${allSiteIds.join(", ")}] count=${allSiteIds.length}`
+ );
+
+ const newtsForSites =
+ allSiteIds.length > 0
+ ? await trx
+ .select()
+ .from(newts)
+ .where(inArray(newts.siteId, allSiteIds))
+ : [];
+ const newtBySiteId = new Map(
+ newtsForSites.map((newt) => [newt.siteId, newt])
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: fetched newts for ${newtsForSites.length}/${allSiteIds.length} site(s)`
+ );
+
+ // WARNING: THIS RELIES ON THE CACHE TABLES BEING UP TO DATE, SO CALL THIS AFTER THE ASSOCIATION CACHE IS UPDATED
+ const mergedAllClients = await trx
+ .select({
+ clientId: clientSiteResourcesAssociationsCache.clientId,
+ pubKey: clients.pubKey,
+ subnet: clients.subnet
+ })
+ .from(clientSiteResourcesAssociationsCache)
+ .innerJoin(
+ clients,
+ eq(clientSiteResourcesAssociationsCache.clientId, clients.clientId)
+ )
+ .where(
+ eq(
+ clientSiteResourcesAssociationsCache.siteResourceId,
+ updatedSiteResource.siteResourceId
+ )
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: resolved merged clients count=${mergedAllClients.length} clientIds=[${mergedAllClients.map((c) => c.clientId).join(", ")}]`
+ );
+
+ const targets = await generateSubnetProxyTargetV2(
+ updatedSiteResource,
+ mergedAllClients
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: generated updated targets count=${targets ? targets.length : 0}`
+ );
+
+ const oldDestinationStillInUseClientSitePairs = new Set();
+ if (
+ existingSiteResource?.destination &&
+ allSiteIds.length > 0 &&
+ mergedAllClients.length > 0
+ ) {
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: checking old destination reuse destination=${existingSiteResource.destination} across siteCount=${allSiteIds.length} clientCount=${mergedAllClients.length}`
+ );
+
+ // we need to do this because the client only knows about peers not resources so we need to make sure that we dont remove it if there is still a another resource
+ const oldDestinationStillInUseRows = await trx
+ .select({
+ clientId: clientSiteResourcesAssociationsCache.clientId,
+ siteId: siteNetworks.siteId
+ })
+ .from(siteResources)
+ .innerJoin(
+ clientSiteResourcesAssociationsCache,
+ eq(
+ clientSiteResourcesAssociationsCache.siteResourceId,
+ siteResources.siteResourceId
+ )
+ )
+ .innerJoin(
+ siteNetworks,
+ eq(siteNetworks.networkId, siteResources.networkId)
+ )
+ .where(
+ and(
+ inArray(
+ clientSiteResourcesAssociationsCache.clientId,
+ mergedAllClients.map((c) => c.clientId)
+ ),
+ inArray(siteNetworks.siteId, allSiteIds),
+ eq(
+ siteResources.destination,
+ existingSiteResource.destination
+ ),
+ ne(
+ siteResources.siteResourceId,
+ existingSiteResource.siteResourceId
+ )
+ )
+ );
+
+ for (const row of oldDestinationStillInUseRows) {
+ oldDestinationStillInUseClientSitePairs.add(
+ `${row.clientId}:${row.siteId}`
+ );
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: old destination still in use rows=${oldDestinationStillInUseRows.length} uniqueClientSitePairs=${oldDestinationStillInUseClientSitePairs.size}`
+ );
+ } else {
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: skipping old destination reuse check (missing existing destination or no sites/clients)"
+ );
+ }
+
+ //////////////////////////// FROM HERE DOWN WE ARE DEALING WITH REMOVING SITES
+ const removedSiteIds = existingSiteIds.filter(
+ (id) => !updatedSiteIds.includes(id)
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: removing sites removedSiteIds=[${removedSiteIds.join(", ")}] count=${removedSiteIds.length}`
+ );
+
+ const targetsToRemoveBatch: {
+ newtId: string;
+ targets: any[];
+ version: string | null;
+ }[] = [];
+ const peerDataRemoves: {
+ clientId: number;
+ siteId: number;
+ remoteSubnets: string[];
+ aliases: ReturnType;
+ }[] = [];
+ if (targets) {
+ for (const siteId of removedSiteIds) {
+ const newt = newtBySiteId.get(siteId);
+ if (!newt) {
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: skipping remove for siteId=${siteId} because no newt found`
+ );
+ continue;
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: preparing remove batches for siteId=${siteId} newtId=${newt.newtId}`
+ );
+
+ targetsToRemoveBatch.push({
+ newtId: newt.newtId,
+ targets: targets,
+ version: newt.version
+ });
+ for (const client of mergedAllClients) {
+ // we need to do this because the client only knows about peers not resources so we need to make sure that we dont remove it if there is still a another resource
+ const oldDestinationStillInUseBySite =
+ oldDestinationStillInUseClientSitePairs.has(
+ `${client.clientId}:${siteId}`
+ );
+
+ if (existingSiteResource) {
+ peerDataRemoves.push({
+ // this might happen twice after the rebuild function but that is okay
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: !oldDestinationStillInUseBySite
+ ? generateRemoteSubnets([existingSiteResource])
+ : [],
+ aliases: generateAliasConfig([existingSiteResource])
+ });
+ }
+ }
+ }
+ } else {
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: skipping removal batch generation because targets were empty"
+ );
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: remove batches prepared targetBatchCount=${targetsToRemoveBatch.length} peerDataCount=${peerDataRemoves.length}`
+ );
+
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: dispatching removeSubnetProxyTargetsBatch"
+ );
+
+ removeSubnetProxyTargetsBatch(targetsToRemoveBatch);
+
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: dispatching removePeerDataBatch"
+ );
+
+ removePeerDataBatch(peerDataRemoves);
+
+ //////////////////////////// FROM HERE DOWN WE ARE DEALING WITH ADDING NEW SITES
+ const addedSiteIds = updatedSiteIds.filter(
+ (id) => !existingSiteIds.includes(id)
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: adding sites addedSiteIds=[${addedSiteIds.join(", ")}] count=${addedSiteIds.length}`
+ );
+
+ const targetsToAddBatch: {
+ newtId: string;
+ targets: any[];
+ version: string | null;
+ }[] = [];
+ const peerDataAdds: {
+ clientId: number;
+ siteId: number;
+ remoteSubnets: string[];
+ aliases: ReturnType;
+ }[] = [];
+ if (targets) {
+ for (const siteId of addedSiteIds) {
+ const newt = newtBySiteId.get(siteId);
+ if (!newt) {
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: skipping add for siteId=${siteId} because no newt found`
+ );
+ continue;
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: preparing add batches for siteId=${siteId} newtId=${newt.newtId}`
+ );
+
+ targetsToAddBatch.push({
+ newtId: newt.newtId,
+ targets: targets,
+ version: newt.version
+ });
+ for (const client of mergedAllClients) {
+ peerDataAdds.push({
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: generateRemoteSubnets([updatedSiteResource]),
+ aliases: generateAliasConfig([updatedSiteResource])
+ });
+ }
+ }
+ } else {
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: skipping add batch generation because targets were empty"
+ );
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: add batches prepared targetBatchCount=${targetsToAddBatch.length} peerDataCount=${peerDataAdds.length}`
+ );
+
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: dispatching addSubnetProxyTargetsBatch"
+ );
+
+ addSubnetProxyTargetsBatch(targetsToAddBatch);
+
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: dispatching addPeerDataBatch"
+ );
+
+ addPeerDataBatch(peerDataAdds);
+
+ //////////////////////////// FROM HERE DOWN WE ARE DEALING WITH UPDATING THE EXISTING SITES
+
+ const unchangedSiteIds = existingSiteIds.filter((id) =>
+ updatedSiteIds.includes(id)
+ );
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: unchangedSiteIds=[${unchangedSiteIds.join(", ")}] count=${unchangedSiteIds.length}`
+ );
+
+ // after everything is rebuilt above we still need to update the targets and remote subnets if the destination changed
+ const destinationChanged =
+ existingSiteResource &&
+ existingSiteResource.destination !== updatedSiteResource.destination;
+ const destinationPortChanged =
+ existingSiteResource &&
+ existingSiteResource.destinationPort !==
+ updatedSiteResource.destinationPort;
+ const aliasChanged =
+ existingSiteResource &&
+ existingSiteResource.alias !== updatedSiteResource.alias;
+ const fullDomainChanged =
+ existingSiteResource &&
+ existingSiteResource.fullDomain !== updatedSiteResource.fullDomain;
+ const sslChanged =
+ existingSiteResource &&
+ existingSiteResource.ssl !== updatedSiteResource.ssl;
+ const portRangesChanged =
+ existingSiteResource &&
+ (existingSiteResource.tcpPortRangeString !==
+ updatedSiteResource.tcpPortRangeString ||
+ existingSiteResource.udpPortRangeString !==
+ updatedSiteResource.udpPortRangeString ||
+ existingSiteResource.disableIcmp !==
+ updatedSiteResource.disableIcmp);
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: change flags destinationChanged=${Boolean(destinationChanged)} destinationPortChanged=${Boolean(destinationPortChanged)} aliasChanged=${Boolean(aliasChanged)} fullDomainChanged=${Boolean(fullDomainChanged)} sslChanged=${Boolean(sslChanged)} portRangesChanged=${Boolean(portRangesChanged)}`
+ );
+
+ // if the existingSiteResource is undefined (new resource) we don't need to do anything here, the rebuild above handled it all
+
+ if (
+ destinationChanged ||
+ aliasChanged ||
+ fullDomainChanged ||
+ sslChanged ||
+ portRangesChanged ||
+ destinationPortChanged
+ ) {
+ const shouldUpdateTargets =
+ destinationChanged ||
+ sslChanged ||
+ portRangesChanged ||
+ fullDomainChanged ||
+ destinationPortChanged;
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: entering unchanged-site update path shouldUpdateTargets=${shouldUpdateTargets}`
+ );
+
+ const oldTargets = shouldUpdateTargets
+ ? await generateSubnetProxyTargetV2(
+ existingSiteResource,
+ mergedAllClients
+ )
+ : [];
+ const newTargets = shouldUpdateTargets
+ ? await generateSubnetProxyTargetV2(
+ updatedSiteResource,
+ mergedAllClients
+ )
+ : [];
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: target update payload sizes oldTargets=${oldTargets ? oldTargets.length : 0} newTargets=${newTargets ? newTargets.length : 0}`
+ );
+
+ const peerDataUpdateBatch: Parameters[0] =
+ [];
+
+ for (const siteId of unchangedSiteIds) {
+ const newt = newtBySiteId.get(siteId);
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: processing unchanged siteId=${siteId}`
+ );
+
+ if (!newt) {
+ logger.error(
+ `handleMessagingForUpdatedSiteResource: missing newt for unchanged siteId=${siteId}`
+ );
+ throw new Error(
+ "Newt not found for site during site resource update"
+ );
+ }
+
+ // Only update targets on newt if these items change
+ if (shouldUpdateTargets) {
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: updating targets for siteId=${siteId} newtId=${newt.newtId}`
+ );
+ await updateTargets(
+ newt.newtId,
+ {
+ oldTargets: oldTargets ? oldTargets : [],
+ newTargets: newTargets ? newTargets : []
+ },
+ newt.version
+ );
+ }
+
+ for (const client of mergedAllClients) {
+ // does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
+ if (!existingSiteResource.destination) {
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: skipping peerData update for clientId=${client.clientId} siteId=${siteId} because existing destination is empty`
+ );
+ continue;
+ }
+
+ // we need to do this because the client only knows about peers not resources so we need to make sure that we dont remove it if there is still a another resource
+ const oldDestinationStillInUseBySite =
+ oldDestinationStillInUseClientSitePairs.has(
+ `${client.clientId}:${siteId}`
+ );
+
+ // we also need to update the remote subnets on the olms for each client that has access to this site
+ peerDataUpdateBatch.push({
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: destinationChanged
+ ? {
+ oldRemoteSubnets: !oldDestinationStillInUseBySite
+ ? generateRemoteSubnets([
+ existingSiteResource
+ ])
+ : [],
+ newRemoteSubnets: generateRemoteSubnets([
+ updatedSiteResource
+ ])
+ }
+ : undefined,
+ aliases:
+ aliasChanged || fullDomainChanged // the full domain is sent down as an alias
+ ? {
+ oldAliases: generateAliasConfig([
+ existingSiteResource
+ ]),
+ newAliases: generateAliasConfig([
+ updatedSiteResource
+ ])
+ }
+ : undefined
+ });
+ }
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: dispatching updatePeerDataBatch count=${peerDataUpdateBatch.length}`
+ );
+
+ updatePeerDataBatch(peerDataUpdateBatch);
+ } else {
+ logger.debug(
+ "handleMessagingForUpdatedSiteResource: no unchanged-site update required because no relevant fields changed"
+ );
+ }
+
+ logger.debug(
+ `handleMessagingForUpdatedSiteResource: DONE siteResourceId=${updatedSiteResource.siteResourceId}`
+ );
}
export async function rebuildClientAssociationsFromClient(
- client: Client,
- trx: Transaction | typeof db = db
+ client: Client
): Promise {
- return await lockManager.withLock(
- `rebuild-client-associations:client:${client.clientId}`,
- () => rebuildClientAssociationsFromClientImpl(client, trx),
- REBUILD_ASSOCIATIONS_LOCK_TTL_MS
- );
+ await incrementOrgRebuildCount(client.orgId);
+ try {
+ const trx = primaryDb;
+ // The whole locked rebuild is idempotent (it diffs full expected vs.
+ // actual state each time), so on a transient DB error it's safe to
+ // retry the entire thing rather than just the failed query.
+ return await withRetry(
+ () =>
+ lockManager.withLock(
+ `rebuild-client-associations:client:${client.clientId}`,
+ () => rebuildClientAssociationsFromClientImpl(client, trx),
+ REBUILD_ASSOCIATIONS_LOCK_TTL_MS
+ ),
+ `rebuildClientAssociationsFromClient:${client.clientId}`
+ );
+ } catch (err: any) {
+ if (
+ typeof err?.message === "string" &&
+ err.message.startsWith("Failed to acquire lock")
+ ) {
+ logger.warn(
+ `rebuildClientAssociations: could not acquire lock for client ${client.clientId}, queuing for deferred processing`
+ );
+ await rebuildQueue.enqueue({
+ type: "client",
+ id: client.clientId
+ });
+ return;
+ }
+ if (isTransientError(err)) {
+ logger.warn(
+ `rebuildClientAssociations: transient DB error rebuilding client ${client.clientId} persisted after retries, queuing for deferred processing:`,
+ err
+ );
+ await rebuildQueue.enqueue({
+ type: "client",
+ id: client.clientId
+ });
+ return;
+ }
+ throw err;
+ } finally {
+ await decrementOrgRebuildCount(client.orgId);
+ }
}
async function rebuildClientAssociationsFromClientImpl(
@@ -1105,12 +1894,15 @@ async function rebuildClientAssociationsFromClientImpl(
// Insert new associations
if (resourcesToAdd.length > 0) {
- await trx.insert(clientSiteResourcesAssociationsCache).values(
- resourcesToAdd.map((siteResourceId) => ({
- clientId: client.clientId,
- siteResourceId
- }))
- );
+ await trx
+ .insert(clientSiteResourcesAssociationsCache)
+ .values(
+ resourcesToAdd.map((siteResourceId) => ({
+ clientId: client.clientId,
+ siteResourceId
+ }))
+ )
+ .onConflictDoNothing();
}
// Remove old associations
@@ -1148,12 +1940,15 @@ async function rebuildClientAssociationsFromClientImpl(
// Insert new site associations
if (sitesToAdd.length > 0) {
- await trx.insert(clientSitesAssociationsCache).values(
- sitesToAdd.map((siteId) => ({
- clientId: client.clientId,
- siteId
- }))
- );
+ await trx
+ .insert(clientSitesAssociationsCache)
+ .values(
+ sitesToAdd.map((siteId) => ({
+ clientId: client.clientId,
+ siteId
+ }))
+ )
+ .onConflictDoNothing();
}
// Remove old site associations
@@ -1234,6 +2029,28 @@ async function handleMessagesForClientSites(
const newtJobs: Promise[] = [];
const olmJobs: Promise[] = [];
const exitNodeJobs: Promise[] = [];
+ const newtPeerDeletes: {
+ siteId: number;
+ publicKey: string;
+ newtId: string;
+ }[] = [];
+ const olmPeerDeletes: {
+ clientId: number;
+ siteId: number;
+ publicKey: string;
+ olmId: string;
+ }[] = [];
+ const olmPeerAddHandshakes: {
+ clientId: number;
+ peer: {
+ siteId: number;
+ exitNode: {
+ publicKey: string;
+ endpoint: string;
+ };
+ };
+ olmId: string;
+ }[] = [];
const totalSitesOnClient = await trx
.select({ count: count(clientSitesAssociationsCache.siteId) })
@@ -1265,19 +2082,19 @@ async function handleMessagesForClientSites(
if (isRemove) {
// Remove peer from newt
- newtJobs.push(
- newtDeletePeer(site.siteId, client.pubKey, newt.newtId)
- );
+ newtPeerDeletes.push({
+ siteId: site.siteId,
+ publicKey: client.pubKey,
+ newtId: newt.newtId
+ });
try {
// Remove peer from olm
- olmJobs.push(
- olmDeletePeer(
- client.clientId,
- site.siteId,
- site.publicKey,
- olmId
- )
- );
+ olmPeerDeletes.push({
+ clientId: client.clientId,
+ siteId: site.siteId,
+ publicKey: site.publicKey,
+ olmId
+ });
} catch (error) {
// if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
if (
@@ -1309,10 +2126,9 @@ async function handleMessagesForClientSites(
continue;
}
- await initPeerAddHandshake(
- // this will kick off the add peer process for the client
- client.clientId,
- {
+ olmPeerAddHandshakes.push({
+ clientId: client.clientId,
+ peer: {
siteId: site.siteId,
exitNode: {
publicKey: exitNode.publicKey,
@@ -1320,7 +2136,7 @@ async function handleMessagesForClientSites(
}
},
olmId
- );
+ });
}
// Update exit node destinations
@@ -1336,6 +2152,18 @@ async function handleMessagesForClientSites(
);
}
+ if (newtPeerDeletes.length > 0) {
+ newtJobs.push(newtDeletePeersBatch(newtPeerDeletes));
+ }
+
+ if (olmPeerDeletes.length > 0) {
+ olmJobs.push(olmDeletePeersBatch(olmPeerDeletes));
+ }
+
+ if (olmPeerAddHandshakes.length > 0) {
+ olmJobs.push(initPeerAddHandshakeBatch(olmPeerAddHandshakes));
+ }
+
Promise.all(exitNodeJobs).catch((error) => {
logger.error(
`rebuildClientAssociations: Error updating client site destinations for client ${client.clientId}:`,
@@ -1434,6 +2262,20 @@ async function handleMessagesForClientResources(
continue;
}
+ const targetsToAddBatch: {
+ newtId: string;
+ targets: NonNullable<
+ Awaited>
+ >;
+ version: string | null;
+ }[] = [];
+ const peerDataAdds: {
+ clientId: number;
+ siteId: number;
+ remoteSubnets: string[];
+ aliases: ReturnType;
+ }[] = [];
+
for (const resource of resources) {
const targets = await generateSubnetProxyTargetV2(resource, [
{
@@ -1444,25 +2286,21 @@ async function handleMessagesForClientResources(
]);
if (targets) {
- proxyJobs.push(
- addSubnetProxyTargets(
- newt.newtId,
- targets,
- newt.version
- )
- );
+ targetsToAddBatch.push({
+ newtId: newt.newtId,
+ targets,
+ version: newt.version
+ });
}
try {
// Add peer data to olm
- olmJobs.push(
- addPeerData(
- client.clientId,
- siteId,
- generateRemoteSubnets([resource]),
- generateAliasConfig([resource])
- )
- );
+ peerDataAdds.push({
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: generateRemoteSubnets([resource]),
+ aliases: generateAliasConfig([resource])
+ });
} catch (error) {
// if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
if (
@@ -1477,6 +2315,14 @@ async function handleMessagesForClientResources(
}
}
}
+
+ if (targetsToAddBatch.length > 0) {
+ proxyJobs.push(addSubnetProxyTargetsBatch(targetsToAddBatch));
+ }
+
+ if (peerDataAdds.length > 0) {
+ olmJobs.push(addPeerDataBatch(peerDataAdds));
+ }
}
}
@@ -1543,6 +2389,20 @@ async function handleMessagesForClientResources(
continue;
}
+ const targetsToRemoveBatch: {
+ newtId: string;
+ targets: NonNullable<
+ Awaited>
+ >;
+ version: string | null;
+ }[] = [];
+ const peerDataRemovals: {
+ clientId: number;
+ siteId: number;
+ remoteSubnets: string[];
+ aliases: ReturnType;
+ }[] = [];
+
for (const resource of resources) {
const targets = await generateSubnetProxyTargetV2(resource, [
{
@@ -1553,16 +2413,17 @@ async function handleMessagesForClientResources(
]);
if (targets) {
- proxyJobs.push(
- removeSubnetProxyTargets(
- newt.newtId,
- targets,
- newt.version
- )
- );
+ targetsToRemoveBatch.push({
+ newtId: newt.newtId,
+ targets,
+ version: newt.version
+ });
}
try {
+ if (!resource.destination) {
+ continue;
+ }
// Check if this client still has access to another resource
// on this specific site with the same destination. We scope
// by siteId (via siteNetworks) rather than networkId because
@@ -1600,21 +2461,19 @@ async function handleMessagesForClientResources(
)
);
- // Only remove remote subnet if no other resource uses the same destination
+ // Only remove remote subnet if no other resource uses the same destination on the same site
const remoteSubnetsToRemove =
destinationStillInUse.length > 0
? []
: generateRemoteSubnets([resource]);
// Remove peer data from olm
- olmJobs.push(
- removePeerData(
- client.clientId,
- siteId,
- remoteSubnetsToRemove,
- generateAliasConfig([resource])
- )
- );
+ peerDataRemovals.push({
+ clientId: client.clientId,
+ siteId,
+ remoteSubnets: remoteSubnetsToRemove,
+ aliases: generateAliasConfig([resource])
+ });
} catch (error) {
// if the error includes not found then its just because the olm does not exist anymore or yet and its fine if we dont send
if (
@@ -1629,6 +2488,16 @@ async function handleMessagesForClientResources(
}
}
}
+
+ if (targetsToRemoveBatch.length > 0) {
+ proxyJobs.push(
+ removeSubnetProxyTargetsBatch(targetsToRemoveBatch)
+ );
+ }
+
+ if (peerDataRemovals.length > 0) {
+ olmJobs.push(removePeerDataBatch(peerDataRemovals));
+ }
}
}
@@ -1878,11 +2747,20 @@ export async function cleanupSiteAssociations(
// 7. Fire all removal messages in parallel.
const jobs: Promise[] = [];
+ const olmPeerDeletes: {
+ clientId: number;
+ siteId: number;
+ publicKey: string;
+ }[] = [];
for (const client of allClients) {
// Tell each olm to drop the site's WireGuard peer.
if (site.publicKey) {
- jobs.push(olmDeletePeer(client.clientId, siteId, site.publicKey));
+ olmPeerDeletes.push({
+ clientId: client.clientId,
+ siteId,
+ publicKey: site.publicKey
+ });
}
// Recompute and push updated relay destinations (now excluding this site).
@@ -1891,6 +2769,10 @@ export async function cleanupSiteAssociations(
}
}
+ if (olmPeerDeletes.length > 0) {
+ jobs.push(olmDeletePeersBatch(olmPeerDeletes));
+ }
+
await Promise.all(jobs).catch((error) => {
logger.error(
`cleanupSiteAssociations: error sending cleanup messages for siteId=${siteId}:`,
@@ -1900,3 +2782,44 @@ export async function cleanupSiteAssociations(
logger.debug(`cleanupSiteAssociations: DONE siteId=${siteId}`);
}
+
+/**
+ * Start the background rebuild queue processor. This should be called once
+ * during server startup. Only one server instance at a time will actively
+ * consume the queue (enforced via a distributed Redis lock); all other
+ * instances will poll and wait until the lock becomes available.
+ */
+export function startRebuildQueueProcessor(): void {
+ rebuildQueue.startProcessing({
+ onSiteResource: async (siteResourceId: number) => {
+ const [siteResource] = await primaryDb
+ .select()
+ .from(siteResources)
+ .where(eq(siteResources.siteResourceId, siteResourceId));
+
+ if (!siteResource) {
+ logger.warn(
+ `Rebuild queue: site resource ${siteResourceId} not found, skipping`
+ );
+ return;
+ }
+
+ await rebuildClientAssociationsFromSiteResource(siteResource);
+ },
+ onClient: async (clientId: number) => {
+ const [client] = await primaryDb
+ .select()
+ .from(clients)
+ .where(eq(clients.clientId, clientId));
+
+ if (!client) {
+ logger.warn(
+ `Rebuild queue: client ${clientId} not found, skipping`
+ );
+ return;
+ }
+
+ await rebuildClientAssociationsFromClient(client);
+ }
+ });
+}
diff --git a/server/lib/rebuildQueue.ts b/server/lib/rebuildQueue.ts
new file mode 100644
index 000000000..7491f5f52
--- /dev/null
+++ b/server/lib/rebuildQueue.ts
@@ -0,0 +1,148 @@
+import logger from "@server/logger";
+import { isTransientError } from "@server/lib/dbRetry";
+
+export type RebuildJobType = "site-resource" | "client";
+
+export interface RebuildJob {
+ type: RebuildJobType;
+ id: number;
+ // Number of times this job has already been re-queued after a transient
+ // failure. Absent/0 means it has not failed yet.
+ attempt?: number;
+}
+
+export interface RebuildJobHandlers {
+ onSiteResource(siteResourceId: number): Promise;
+ onClient(clientId: number): Promise;
+}
+
+export interface RebuildQueueManager {
+ enqueue(job: RebuildJob): Promise;
+ startProcessing(handlers: RebuildJobHandlers): void;
+ isQueued(job: RebuildJob): Promise;
+}
+
+// In-process FIFO used when there is no Redis to back a distributed queue
+// (OSS build, or Redis unavailable). A job that loses the per-resource
+// rebuild lock race lands here instead of being silently dropped, and gets
+// retried shortly after against fresh DB state.
+const POLL_INTERVAL_MS = 500;
+const BATCH_SIZE = 5;
+// A job that fails with a transient DB error gets re-queued with backoff
+// instead of being dropped, up to this many times.
+const MAX_JOB_ATTEMPTS = 5;
+const JOB_RETRY_BASE_DELAY_MS = 1000;
+
+function dedupeKey(job: RebuildJob): string {
+ return `${job.type}:${job.id}`;
+}
+
+class InMemoryRebuildQueue implements RebuildQueueManager {
+ private queue: RebuildJob[] = [];
+ private queuedSet = new Set();
+ private processing = false;
+ private processingStarted = false;
+ private handlers: RebuildJobHandlers | null = null;
+
+ async isQueued(job: RebuildJob): Promise {
+ return this.queuedSet.has(dedupeKey(job));
+ }
+
+ async enqueue(job: RebuildJob): Promise {
+ const key = dedupeKey(job);
+ if (this.queuedSet.has(key)) {
+ logger.debug(
+ `Rebuild queue: skipped duplicate queued job ${job.type}:${job.id}`
+ );
+ return;
+ }
+ this.queuedSet.add(key);
+ this.queue.push(job);
+ logger.debug(
+ `Rebuild queue: enqueued ${job.type}:${job.id} (queue position: tail)`
+ );
+ }
+
+ startProcessing(handlers: RebuildJobHandlers): void {
+ if (this.processingStarted) return;
+ this.processingStarted = true;
+ this.handlers = handlers;
+
+ setInterval(() => {
+ this.tryProcessBatch().catch((err) => {
+ logger.error(
+ "Rebuild queue: unhandled error in process loop:",
+ err
+ );
+ });
+ }, POLL_INTERVAL_MS);
+
+ logger.info("Rebuild queue processor started (in-memory)");
+ }
+
+ private async tryProcessBatch(): Promise {
+ if (this.processing || !this.handlers || this.queue.length === 0) {
+ return;
+ }
+
+ this.processing = true;
+ try {
+ for (let i = 0; i < BATCH_SIZE; i++) {
+ const job = this.queue.shift();
+ if (!job) break; // queue drained
+
+ // Remove from the dedupe set once dequeued so the same job
+ // can be re-queued while this one is in progress.
+ this.queuedSet.delete(dedupeKey(job));
+
+ logger.debug(
+ `Rebuild queue: processing ${job.type}:${job.id}`
+ );
+
+ try {
+ if (job.type === "site-resource") {
+ await this.handlers.onSiteResource(job.id);
+ } else if (job.type === "client") {
+ await this.handlers.onClient(job.id);
+ } else {
+ logger.warn(
+ `Rebuild queue: unknown job type "${(job as any).type}", discarding`
+ );
+ }
+
+ logger.debug(
+ `Rebuild queue: completed ${job.type}:${job.id}`
+ );
+ } catch (err) {
+ const attempt = (job.attempt ?? 0) + 1;
+ if (isTransientError(err) && attempt <= MAX_JOB_ATTEMPTS) {
+ const delay =
+ JOB_RETRY_BASE_DELAY_MS * Math.pow(2, attempt - 1);
+ logger.warn(
+ `Rebuild queue: job ${job.type}:${job.id} hit a transient error (attempt ${attempt}/${MAX_JOB_ATTEMPTS}), re-queuing in ${delay}ms:`,
+ err
+ );
+ setTimeout(() => {
+ this.enqueue({ ...job, attempt }).catch(
+ (enqueueErr) =>
+ logger.error(
+ `Rebuild queue: failed to re-queue ${job.type}:${job.id} after transient error:`,
+ enqueueErr
+ )
+ );
+ }, delay);
+ } else {
+ logger.error(
+ `Rebuild queue: job ${job.type}:${job.id} threw an error:`,
+ err
+ );
+ }
+ }
+ }
+ } finally {
+ this.processing = false;
+ }
+ }
+}
+
+export const rebuildQueue: RebuildQueueManager = new InMemoryRebuildQueue();
diff --git a/server/lib/statusHistory.ts b/server/lib/statusHistory.ts
index 7239601c0..7c5b5c370 100644
--- a/server/lib/statusHistory.ts
+++ b/server/lib/statusHistory.ts
@@ -1,7 +1,7 @@
import { z } from "zod";
import { db, logsDb, statusHistory } from "@server/db";
-import { and, eq, gte, asc } from "drizzle-orm";
-import cache from "@server/lib/cache";
+import { and, eq, gte, lt, asc, desc } from "drizzle-orm";
+import { regionalCache as cache } from "#dynamic/lib/cache";
const STATUS_HISTORY_CACHE_TTL = 60; // seconds
@@ -42,7 +42,29 @@ export async function getCachedStatusHistory(
)
.orderBy(asc(statusHistory.timestamp));
- const { buckets, totalDowntime } = computeBuckets(events, days);
+ // Fetch the last known state before the window so that entities that
+ // haven't changed status recently still show the correct status rather
+ // than appearing as "no_data".
+ const [lastKnownEvent] = await logsDb
+ .select()
+ .from(statusHistory)
+ .where(
+ and(
+ eq(statusHistory.entityType, entityType),
+ eq(statusHistory.entityId, entityId),
+ lt(statusHistory.timestamp, startSec)
+ )
+ )
+ .orderBy(desc(statusHistory.timestamp))
+ .limit(1);
+
+ const priorStatus = lastKnownEvent?.status ?? null;
+
+ const { buckets, totalDowntime } = computeBuckets(
+ events,
+ days,
+ priorStatus
+ );
const totalWindow = days * 86400;
const overallUptime =
totalWindow > 0
@@ -66,7 +88,7 @@ export async function invalidateStatusHistoryCache(
entityId: number
): Promise {
const prefix = `statusHistory:${entityType}:${entityId}:`;
- const keys = cache.keys().filter((k) => k.startsWith(prefix));
+ const keys = await cache.keysWithPrefix(prefix);
if (keys.length > 0) {
await cache.del(keys);
}
@@ -110,7 +132,8 @@ export function computeBuckets(
timestamp: number;
id: number;
}[],
- days: number
+ days: number,
+ priorStatus: string | null = null
): { buckets: StatusHistoryDayBucket[]; totalDowntime: number } {
const nowSec = Math.floor(Date.now() / 1000);
@@ -136,7 +159,10 @@ export function computeBuckets(
.filter((e) => e.timestamp < dayStartSec)
.at(-1);
- const currentStatus = lastBeforeDay?.status ?? null;
+ // Fall back to the last known state before the entire query window
+ // so that entities that haven't generated events recently still show
+ // as their actual status rather than "no_data".
+ const currentStatus = lastBeforeDay?.status ?? priorStatus ?? null;
const windows: { start: number; end: number | null; status: string }[] =
[];
diff --git a/server/lib/telemetry.ts b/server/lib/telemetry.ts
index 55c01c6b1..4f1adbd53 100644
--- a/server/lib/telemetry.ts
+++ b/server/lib/telemetry.ts
@@ -2,7 +2,14 @@ import { PostHog } from "posthog-node";
import config from "./config";
import { getHostMeta } from "./hostMeta";
import logger from "@server/logger";
-import { alertRules, apiKeys, blueprints, db, roles, siteResources } from "@server/db";
+import {
+ alertRules,
+ apiKeys,
+ blueprints,
+ db,
+ roles,
+ siteResources
+} from "@server/db";
import { sites, users, orgs, resources, clients, idp } from "@server/db";
import { eq, count, notInArray, and, isNotNull, isNull } from "drizzle-orm";
import { APP_VERSION } from "./consts";
@@ -143,8 +150,7 @@ class TelemetryClient {
.select({
name: resources.name,
sso: resources.sso,
- protocol: resources.protocol,
- http: resources.http
+ mode: resources.mode
})
.from(resources);
@@ -175,6 +181,7 @@ class TelemetryClient {
let numPrivResourceHosts = 0;
let numPrivResourceCidr = 0;
let numPrivResourceHttp = 0;
+ let numPrivResourceSsh = 0;
for (const res of allPrivateResources) {
if (res.mode === "host") {
numPrivResourceHosts += 1;
@@ -182,6 +189,8 @@ class TelemetryClient {
numPrivResourceCidr += 1;
} else if (res.mode === "http") {
numPrivResourceHttp += 1;
+ } else if (res.mode === "ssh") {
+ numPrivResourceSsh += 1;
}
if (res.alias) {
@@ -201,6 +210,7 @@ class TelemetryClient {
numPrivateResourceHosts: numPrivResourceHosts,
numPrivateResourceCidr: numPrivResourceCidr,
numPrivateResourceHttp: numPrivResourceHttp,
+ numPrivateResourceSsh: numPrivResourceSsh,
numAlertRules: numAlertRules.count,
numUserDevices: userDevicesCount.count,
numMachineClients: machineClients.count,
@@ -311,7 +321,7 @@ class TelemetryClient {
(r) => r.sso
).length,
num_resources_non_http: stats.resources.filter(
- (r) => !r.http
+ (r) => r.mode !== "http"
).length,
num_newt_sites: stats.sites.filter((s) => s.type === "newt")
.length,
diff --git a/server/lib/traefik/TraefikConfigManager.ts b/server/lib/traefik/TraefikConfigManager.ts
index 64a263097..cc7299ff7 100644
--- a/server/lib/traefik/TraefikConfigManager.ts
+++ b/server/lib/traefik/TraefikConfigManager.ts
@@ -511,6 +511,12 @@ export class TraefikConfigManager {
let traefikConfig;
try {
const currentExitNode = await getCurrentExitNodeId();
+
+ const maintenancePort = config.getRawConfig().server.next_port;
+ const maintenanceHost =
+ config.getRawConfig().server.internal_hostname;
+ const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
+
// logger.debug(`Fetching traefik config for exit node: ${currentExitNode}`);
traefikConfig = await getTraefikConfig(
// this is called by the local exit node to get its own config
@@ -520,7 +526,9 @@ export class TraefikConfigManager {
build != "oss", // generate the login pages on the cloud and hybrid,
build == "saas"
? false
- : config.getRawConfig().traefik.allow_raw_resources // dont allow raw resources on saas otherwise use config
+ : config.getRawConfig().traefik.allow_raw_resources, // dont allow raw resources on saas otherwise use config
+ pangolinUIUrl, // generate maintenance pages on cloud and hybrid
+ pangolinUIUrl // generate browser gateway targets on cloud and hybrid
);
const domains = new Set();
diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 7379cad7f..c63b5b718 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -44,7 +44,8 @@ export async function getTraefikConfig(
filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
allowRawResources = true,
- allowMaintenancePage = true // UNUSED BUT USED IN PRIVATE
+ maintenancePageUiUrl: string | null = null, // UNUSED BUT USED IN PRIVATE
+ browserGatewayUiUrl: string | null = null // UNUSED BUT USED IN PRIVATE
): Promise {
// Get resources with their targets and sites in a single optimized query
// Start from sites on this exit node, then join to targets and resources
@@ -55,9 +56,7 @@ export async function getTraefikConfig(
resourceName: resources.name,
fullDomain: resources.fullDomain,
ssl: resources.ssl,
- http: resources.http,
proxyPort: resources.proxyPort,
- protocol: resources.protocol,
subdomain: resources.subdomain,
domainId: resources.domainId,
enabled: resources.enabled,
@@ -68,6 +67,7 @@ export async function getTraefikConfig(
headers: resources.headers,
proxyProtocol: resources.proxyProtocol,
proxyProtocolVersion: resources.proxyProtocolVersion,
+ mode: resources.mode,
// Target fields
targetId: targets.targetId,
@@ -115,8 +115,8 @@ export async function getTraefikConfig(
),
inArray(sites.type, siteTypes),
allowRawResources
- ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
- : eq(resources.http, true)
+ ? inArray(resources.mode, ["http", "udp", "tcp"]) // allow all three
+ : eq(resources.mode, "http")
)
)
.orderBy(desc(targets.priority), targets.targetId); // stable ordering
@@ -166,9 +166,8 @@ export async function getTraefikConfig(
key: key,
fullDomain: row.fullDomain,
ssl: row.ssl,
- http: row.http,
+ mode: row.mode,
proxyPort: row.proxyPort,
- protocol: row.protocol,
subdomain: row.subdomain,
domainId: row.domainId,
enabled: row.enabled,
@@ -242,7 +241,7 @@ export async function getTraefikConfig(
continue;
}
- if (resource.http) {
+ if (resource.mode === "http") {
if (!resource.domainId || !resource.fullDomain) {
continue;
}
@@ -574,13 +573,13 @@ export async function getTraefikConfig(
serviceName
].loadBalancer.serversTransport = transportName;
}
- } else {
+ } else if (resource.mode === "tcp" || resource.mode === "udp") {
// Non-HTTP (TCP/UDP) configuration
if (!resource.enableProxy || !resource.proxyPort) {
continue;
}
- const protocol = resource.protocol.toLowerCase();
+ const protocol = resource.mode === "udp" ? "udp" : "tcp"; // all of the other ones are tcp
const port = resource.proxyPort;
if (!port) {
diff --git a/server/lib/userOrg.ts b/server/lib/userOrg.ts
index 809266b73..4bff40c13 100644
--- a/server/lib/userOrg.ts
+++ b/server/lib/userOrg.ts
@@ -14,7 +14,7 @@ import {
} from "@server/db";
import { eq, and, inArray, ne, exists } from "drizzle-orm";
import { usageService } from "@server/lib/billing/usageService";
-import { FeatureId } from "@server/lib/billing";
+import { LimitId } from "@server/lib/billing";
export async function assignUserToOrg(
org: Org,
@@ -61,7 +61,7 @@ export async function assignUserToOrg(
);
if (orgsInBillingDomainThatTheUserIsStillIn.length === 0) {
- await usageService.add(org.orgId, FeatureId.USERS, 1, trx);
+ await usageService.add(org.orgId, LimitId.USERS, 1, trx);
}
}
}
@@ -157,7 +157,7 @@ export async function removeUserFromOrg(
);
if (orgsInBillingDomainThatTheUserIsStillIn.length === 0) {
- await usageService.add(org.orgId, FeatureId.USERS, -1, trx);
+ await usageService.add(org.orgId, LimitId.USERS, -1, trx);
}
}
}
diff --git a/server/lib/validators.test.ts b/server/lib/validators.test.ts
index c4c564cf7..ac95184a5 100644
--- a/server/lib/validators.test.ts
+++ b/server/lib/validators.test.ts
@@ -1,4 +1,7 @@
-import { isValidUrlGlobPattern } from "./validators";
+import {
+ getResourceRuleValueValidationError,
+ isValidUrlGlobPattern
+} from "./validators";
import { assertEquals } from "@test/assert";
function runTests() {
@@ -236,6 +239,43 @@ function runTests() {
"Path with isolated percent sign should be invalid"
);
+ // ASN validation tests
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", "AS15169"),
+ null,
+ "Standard ASN should be valid"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", " As15169 "),
+ null,
+ "Standard ASN should be valid with mixed case and whitespace"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", "ALL"),
+ null,
+ "ALL ASN selector should be valid"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", " all "),
+ null,
+ "ALL ASN selector should be valid with mixed case and whitespace"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", "AS0"),
+ null,
+ "AS0 alias should be valid"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", " as0 "),
+ null,
+ "AS0 alias should be valid with mixed case and whitespace"
+ );
+ assertEquals(
+ getResourceRuleValueValidationError("ASN", "not-an-asn"),
+ "Invalid ASN provided",
+ "Invalid ASN should return an error"
+ );
+
console.log("All tests passed!");
}
@@ -244,4 +284,5 @@ try {
runTests();
} catch (error) {
console.error("Test failed:", error);
+ process.exit(1);
}
diff --git a/server/lib/validators.ts b/server/lib/validators.ts
index b1efe8b38..ff0c5fb3d 100644
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -1,5 +1,7 @@
import z from "zod";
import ipaddr from "ipaddr.js";
+import { COUNTRIES } from "@server/db/countries";
+import { isValidRegionId } from "@server/db/regions";
export function isValidCIDR(cidr: string): boolean {
return (
@@ -67,6 +69,50 @@ export function isValidUrlGlobPattern(pattern: string): boolean {
return true;
}
+export const RESOURCE_RULE_MATCH_TYPES = [
+ "CIDR",
+ "IP",
+ "PATH",
+ "COUNTRY",
+ "COUNTRY_IS_NOT",
+ "ASN",
+ "REGION"
+] as const;
+
+export type ResourceRuleMatchType = (typeof RESOURCE_RULE_MATCH_TYPES)[number];
+
+export function getResourceRuleValueValidationError(
+ match: ResourceRuleMatchType,
+ value: string
+): string | null {
+ switch (match) {
+ case "CIDR":
+ return isValidCIDR(value) ? null : "Invalid CIDR provided";
+ case "IP":
+ return isValidIP(value) ? null : "Invalid IP provided";
+ case "PATH":
+ return isValidUrlGlobPattern(value)
+ ? null
+ : "Invalid URL glob pattern provided";
+ case "REGION":
+ return isValidRegionId(value) ? null : "Invalid region ID provided";
+ case "COUNTRY":
+ case "COUNTRY_IS_NOT":
+ return COUNTRIES.some((country) => country.code === value)
+ ? null
+ : "Invalid country code provided";
+ case "ASN":
+ const normalizedValue = value.trim().toUpperCase();
+ return /^AS\d+$/.test(normalizedValue) ||
+ normalizedValue === "ALL" ||
+ normalizedValue === "AS0"
+ ? null
+ : "Invalid ASN provided";
+ default:
+ return "Invalid rule match type provided";
+ }
+}
+
export function isUrlValid(url: string | undefined) {
if (!url) return true; // the link is optional in the schema so if it's empty it's valid
var pattern = new RegExp(
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index 48025e8e7..a7f3ae125 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -28,7 +28,9 @@ export * from "./verifyApiKeyAccess";
export * from "./verifySiteProvisioningKeyAccess";
export * from "./verifyDomainAccess";
export * from "./verifyUserIsOrgOwner";
+export * from "./verifyUserFromResourceSession";
export * from "./verifySiteResourceAccess";
export * from "./logActionAudit";
export * from "./verifyOlmAccess";
export * from "./verifyLimits";
+export * from "./verifyResourcePolicyAccess";
diff --git a/server/middlewares/integration/index.ts b/server/middlewares/integration/index.ts
index 8a213c6d2..d43854eab 100644
--- a/server/middlewares/integration/index.ts
+++ b/server/middlewares/integration/index.ts
@@ -16,3 +16,4 @@ export * from "./verifyApiKeyClientAccess";
export * from "./verifyApiKeySiteResourceAccess";
export * from "./verifyApiKeyIdpAccess";
export * from "./verifyApiKeyDomainAccess";
+export * from "./verifyApiKeyResourcePolicyAccess";
diff --git a/server/middlewares/integration/verifyApiKeyResourcePolicyAccess.ts b/server/middlewares/integration/verifyApiKeyResourcePolicyAccess.ts
new file mode 100644
index 000000000..2d997de53
--- /dev/null
+++ b/server/middlewares/integration/verifyApiKeyResourcePolicyAccess.ts
@@ -0,0 +1,92 @@
+import { Request, Response, NextFunction } from "express";
+import { db } from "@server/db";
+import { resourcePolicies, apiKeyOrg } from "@server/db";
+import { eq, and } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export async function verifyApiKeyResourcePolicyAccess(
+ req: Request,
+ res: Response,
+ next: NextFunction
+) {
+ const apiKey = req.apiKey;
+ const resourcePolicyId =
+ req.params.resourcePolicyId ||
+ req.body.resourcePolicyId ||
+ req.query.resourcePolicyId;
+
+ if (!apiKey) {
+ return next(
+ createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
+ );
+ }
+
+ try {
+ // Retrieve the resource policy
+ const [policy] = await db
+ .select()
+ .from(resourcePolicies)
+ .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId))
+ .limit(1);
+
+ if (!policy) {
+ return next(
+ createHttpError(
+ HttpCode.NOT_FOUND,
+ `Resource policy with ID ${resourcePolicyId} not found`
+ )
+ );
+ }
+
+ if (apiKey.isRoot) {
+ // Root keys can access any resource policy in any org
+ return next();
+ }
+
+ if (!policy.orgId) {
+ return next(
+ createHttpError(
+ HttpCode.INTERNAL_SERVER_ERROR,
+ `Resource policy with ID ${resourcePolicyId} does not have an organization ID`
+ )
+ );
+ }
+
+ // Verify that the API key is linked to the resource policy's organization
+ if (!req.apiKeyOrg) {
+ const apiKeyOrgResult = await db
+ .select()
+ .from(apiKeyOrg)
+ .where(
+ and(
+ eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
+ eq(apiKeyOrg.orgId, policy.orgId)
+ )
+ )
+ .limit(1);
+
+ if (apiKeyOrgResult.length > 0) {
+ req.apiKeyOrg = apiKeyOrgResult[0];
+ }
+ }
+
+ if (!req.apiKeyOrg) {
+ return next(
+ createHttpError(
+ HttpCode.FORBIDDEN,
+ "Key does not have access to this organization"
+ )
+ );
+ }
+
+ return next();
+ } catch (error) {
+ return next(
+ createHttpError(
+ HttpCode.INTERNAL_SERVER_ERROR,
+ "Error verifying resource policy access"
+ )
+ );
+ }
+}
diff --git a/server/middlewares/verifyAccessTokenAccess.ts b/server/middlewares/verifyAccessTokenAccess.ts
index 528298727..07786e87d 100644
--- a/server/middlewares/verifyAccessTokenAccess.ts
+++ b/server/middlewares/verifyAccessTokenAccess.ts
@@ -119,8 +119,7 @@ export async function verifyAccessTokenAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyAdmin.ts b/server/middlewares/verifyAdmin.ts
index 0dbeac2cb..da4f88af9 100644
--- a/server/middlewares/verifyAdmin.ts
+++ b/server/middlewares/verifyAdmin.ts
@@ -56,8 +56,7 @@ export async function verifyAdmin(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyApiKeyAccess.ts b/server/middlewares/verifyApiKeyAccess.ts
index 2522a1e8b..ea1bdac18 100644
--- a/server/middlewares/verifyApiKeyAccess.ts
+++ b/server/middlewares/verifyApiKeyAccess.ts
@@ -113,8 +113,7 @@ export async function verifyApiKeyAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyClientAccess.ts b/server/middlewares/verifyClientAccess.ts
index 1d994b53f..3aee4f38c 100644
--- a/server/middlewares/verifyClientAccess.ts
+++ b/server/middlewares/verifyClientAccess.ts
@@ -107,8 +107,7 @@ export async function verifyClientAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
@@ -129,10 +128,7 @@ export async function verifyClientAccess(
.where(
and(
eq(roleClients.clientId, client.clientId),
- inArray(
- roleClients.roleId,
- req.userOrgRoleIds!
- )
+ inArray(roleClients.roleId, req.userOrgRoleIds!)
)
)
.limit(1)
diff --git a/server/middlewares/verifyDomainAccess.ts b/server/middlewares/verifyDomainAccess.ts
index 783132a1a..173c3a54b 100644
--- a/server/middlewares/verifyDomainAccess.ts
+++ b/server/middlewares/verifyDomainAccess.ts
@@ -88,8 +88,7 @@ export async function verifyDomainAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyOrgAccess.ts b/server/middlewares/verifyOrgAccess.ts
index e464f7b89..be6242f6d 100644
--- a/server/middlewares/verifyOrgAccess.ts
+++ b/server/middlewares/verifyOrgAccess.ts
@@ -7,6 +7,7 @@ import HttpCode from "@server/types/HttpCode";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
import { getFirstString } from "@server/lib/requestParams";
+import logger from "@server/logger";
export async function verifyOrgAccess(
req: Request,
@@ -59,8 +60,7 @@ export async function verifyOrgAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyResourceAccess.ts b/server/middlewares/verifyResourceAccess.ts
index ba49f02e3..2689cdb2d 100644
--- a/server/middlewares/verifyResourceAccess.ts
+++ b/server/middlewares/verifyResourceAccess.ts
@@ -1,11 +1,15 @@
import { Request, Response, NextFunction } from "express";
import { db, Resource } from "@server/db";
-import { resources, userOrgs, userResources, roleResources } from "@server/db";
-import { and, eq, inArray } from "drizzle-orm";
+import { resources, userOrgs } from "@server/db";
+import { and, eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+import {
+ getRoleResourceAccess,
+ getUserResourceAccess
+} from "@server/db/queries/verifySessionQueries";
export async function verifyResourceAccess(
req: Request,
@@ -101,8 +105,7 @@ export async function verifyResourceAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
@@ -116,37 +119,22 @@ export async function verifyResourceAccess(
const roleResourceAccess =
(req.userOrgRoleIds?.length ?? 0) > 0
- ? await db
- .select()
- .from(roleResources)
- .where(
- and(
- eq(roleResources.resourceId, resource.resourceId),
- inArray(
- roleResources.roleId,
- req.userOrgRoleIds!
- )
- )
- )
- .limit(1)
- : [];
+ ? await getRoleResourceAccess(
+ resource.resourceId,
+ req.userOrgRoleIds!
+ )
+ : null;
- if (roleResourceAccess.length > 0) {
+ if (roleResourceAccess) {
return next();
}
- const userResourceAccess = await db
- .select()
- .from(userResources)
- .where(
- and(
- eq(userResources.userId, userId),
- eq(userResources.resourceId, resource.resourceId)
- )
- )
- .limit(1);
+ const userResourceAccess = await getUserResourceAccess(
+ userId,
+ resource.resourceId
+ );
- if (userResourceAccess.length > 0) {
+ if (userResourceAccess) {
return next();
}
diff --git a/server/middlewares/verifyResourcePolicyAccess.ts b/server/middlewares/verifyResourcePolicyAccess.ts
new file mode 100644
index 000000000..667680c0f
--- /dev/null
+++ b/server/middlewares/verifyResourcePolicyAccess.ts
@@ -0,0 +1,126 @@
+import { Request, Response, NextFunction } from "express";
+import { db } from "@server/db";
+import { resourcePolicies, userOrgs } from "@server/db";
+import { and, eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
+import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+
+export async function verifyResourcePolicyAccess(
+ req: Request,
+ res: Response,
+ next: NextFunction
+) {
+ const userId = req.user!.userId;
+ const resourcePolicyIdStr =
+ req.params?.resourcePolicyId ||
+ req.body?.resourcePolicyId ||
+ req.query?.resourcePolicyId;
+ const niceId = req.params?.niceId || req.body?.niceId || req.query?.niceId;
+ const orgId = req.params?.orgId || req.body?.orgId || req.query?.orgId;
+
+ try {
+ if (!userId) {
+ return next(
+ createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
+ );
+ }
+
+ let policy: typeof resourcePolicies.$inferSelect | null = null;
+
+ if (orgId && niceId) {
+ const [policyRes] = await db
+ .select()
+ .from(resourcePolicies)
+ .where(
+ and(
+ eq(resourcePolicies.niceId, niceId),
+ eq(resourcePolicies.orgId, orgId)
+ )
+ )
+ .limit(1);
+ policy = policyRes ?? null;
+ } else {
+ const resourcePolicyId = parseInt(resourcePolicyIdStr);
+ if (isNaN(resourcePolicyId)) {
+ return next(
+ createHttpError(
+ HttpCode.BAD_REQUEST,
+ "Invalid resource policy ID"
+ )
+ );
+ }
+ const [policyRes] = await db
+ .select()
+ .from(resourcePolicies)
+ .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId))
+ .limit(1);
+ policy = policyRes ?? null;
+ }
+
+ if (!policy) {
+ return next(
+ createHttpError(
+ HttpCode.NOT_FOUND,
+ `Resource policy with ID ${resourcePolicyIdStr ?? niceId} not found`
+ )
+ );
+ }
+
+ if (!req.userOrg) {
+ const userOrgRes = await db
+ .select()
+ .from(userOrgs)
+ .where(
+ and(
+ eq(userOrgs.userId, userId),
+ eq(userOrgs.orgId, policy.orgId)
+ )
+ )
+ .limit(1);
+ req.userOrg = userOrgRes[0];
+ }
+
+ if (!req.userOrg || req.userOrg.orgId !== policy.orgId) {
+ return next(
+ createHttpError(
+ HttpCode.FORBIDDEN,
+ "User does not have access to this organization"
+ )
+ );
+ }
+
+ if (req.orgPolicyAllowed === undefined && req.userOrg.orgId) {
+ const policyCheck = await checkOrgAccessPolicy({
+ orgId: req.userOrg.orgId,
+ userId,
+ session: req.session
+ });
+ req.orgPolicyAllowed = policyCheck.allowed;
+ if (!policyCheck.allowed || policyCheck.error) {
+ return next(
+ createHttpError(
+ HttpCode.FORBIDDEN,
+ "" + (policyCheck.error || "Unknown error")
+ )
+ );
+ }
+ }
+
+ req.userOrgRoleIds = await getUserOrgRoleIds(
+ req.userOrg.userId,
+ policy.orgId
+ );
+ req.userOrgId = policy.orgId;
+
+ return next();
+ } catch (error) {
+ return next(
+ createHttpError(
+ HttpCode.INTERNAL_SERVER_ERROR,
+ "Error verifying resource policy access"
+ )
+ );
+ }
+}
diff --git a/server/middlewares/verifyRoleAccess.ts b/server/middlewares/verifyRoleAccess.ts
index 380b82048..3264a3bd9 100644
--- a/server/middlewares/verifyRoleAccess.ts
+++ b/server/middlewares/verifyRoleAccess.ts
@@ -132,8 +132,7 @@ export async function verifyRoleAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifySetResourceClients.ts b/server/middlewares/verifySetResourceClients.ts
index 8f9c1ecaf..443483a28 100644
--- a/server/middlewares/verifySetResourceClients.ts
+++ b/server/middlewares/verifySetResourceClients.ts
@@ -45,8 +45,7 @@ export async function verifySetResourceClients(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifySetResourceUsers.ts b/server/middlewares/verifySetResourceUsers.ts
index 94600b9b4..cc9375e4a 100644
--- a/server/middlewares/verifySetResourceUsers.ts
+++ b/server/middlewares/verifySetResourceUsers.ts
@@ -40,8 +40,7 @@ export async function verifySetResourceUsers(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifySiteAccess.test.ts b/server/middlewares/verifySiteAccess.test.ts
new file mode 100644
index 000000000..6a08eda18
--- /dev/null
+++ b/server/middlewares/verifySiteAccess.test.ts
@@ -0,0 +1,322 @@
+import { assertEquals } from "@test/assert";
+
+/**
+ * Tests for the cross-organization site binding prevention in verifySiteAccess.
+ *
+ * verifySiteAccess now includes a check: if req.userOrgId is already set by a
+ * previous middleware (e.g. verifyResourceAccess or verifyTargetAccess), and the
+ * loaded site's orgId differs from req.userOrgId, the request is rejected with
+ * 403 Forbidden.
+ *
+ * Route stacks after fix:
+ * PUT /resource/:resourceId/target
+ * → verifyResourceAccess → verifySiteAccess → verifyLimits → ...
+ * POST /target/:targetId
+ * → verifyTargetAccess → verifySiteAccess → verifyLimits → ...
+ *
+ * verifyResourceAccess sets req.userOrgId to the resource's org.
+ * verifyTargetAccess sets req.userOrgId to the target's resource org.
+ * verifySiteAccess then checks site.orgId against req.userOrgId before
+ * overwriting it with the site's org.
+ */
+
+// --- Core org-matching logic (mirrors the check in verifySiteAccess) ---
+function siteOrgMatchesExpectedOrg(
+ siteOrgId: string | null | undefined,
+ expectedOrgId: string | null | undefined
+): boolean {
+ if (!siteOrgId || !expectedOrgId) {
+ return false;
+ }
+ return siteOrgId === expectedOrgId;
+}
+
+// Simulates the condition check in verifySiteAccess:
+// if (req.userOrgId && site.orgId !== req.userOrgId) { reject }
+function shouldRejectCrossOrgSite(
+ siteOrgId: string,
+ reqUserOrgId: string | undefined
+): boolean {
+ // The actual check in verifySiteAccess is:
+ // if (req.userOrgId && site.orgId !== req.userOrgId) { reject }
+ return !!(reqUserOrgId && siteOrgId !== reqUserOrgId);
+}
+
+// --- Tests ---
+
+function testSiteOrgMatchLogic() {
+ console.log("Running verifySiteAccess org-match logic tests...");
+
+ // Test 1: Same org — should match
+ {
+ const result = siteOrgMatchesExpectedOrg(
+ "org-attacker",
+ "org-attacker"
+ );
+ assertEquals(result, true, "Same org should match");
+ }
+
+ // Test 2: Different org — should NOT match (cross-org bypass scenario)
+ {
+ const result = siteOrgMatchesExpectedOrg("org-victim", "org-attacker");
+ assertEquals(
+ result,
+ false,
+ "Cross-org site should NOT match expected org"
+ );
+ }
+
+ // Test 3: Site orgId is null — should NOT match
+ {
+ const result = siteOrgMatchesExpectedOrg(null, "org-attacker");
+ assertEquals(result, false, "Null site orgId should NOT match");
+ }
+
+ // Test 4: Expected orgId is null — should NOT match
+ {
+ const result = siteOrgMatchesExpectedOrg("org-attacker", null);
+ assertEquals(result, false, "Null expected orgId should NOT match");
+ }
+
+ // Test 5: Both null — should NOT match
+ {
+ const result = siteOrgMatchesExpectedOrg(null, null);
+ assertEquals(result, false, "Both null should NOT match");
+ }
+
+ // Test 6: Empty string orgIds — should NOT match (empty string is falsy)
+ {
+ const result = siteOrgMatchesExpectedOrg("", "org-attacker");
+ assertEquals(result, false, "Empty site orgId should NOT match");
+ }
+
+ // Test 7: Undefined orgIds — should NOT match
+ {
+ const result = siteOrgMatchesExpectedOrg(undefined, "org-attacker");
+ assertEquals(result, false, "Undefined site orgId should NOT match");
+ }
+
+ console.log("All verifySiteAccess org-match logic tests passed.");
+}
+
+function testShouldRejectCrossOrgSite() {
+ console.log(
+ "Running shouldRejectCrossOrgSite tests (mirrors verifySiteAccess check)..."
+ );
+
+ // Test: No prior org context (undefined) — should NOT reject
+ // This is the normal case for site-only routes (e.g. PUT /site/:siteId)
+ // where verifySiteAccess runs without a prior verifyResourceAccess.
+ {
+ const shouldReject = shouldRejectCrossOrgSite("org-victim", undefined);
+ assertEquals(
+ shouldReject,
+ false,
+ "No prior org context should NOT reject (normal site routes)"
+ );
+ }
+
+ // Test: Same org — should NOT reject
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org-attacker",
+ "org-attacker"
+ );
+ assertEquals(shouldReject, false, "Same org should NOT reject");
+ }
+
+ // Test: Different org — should reject
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org-victim",
+ "org-attacker"
+ );
+ assertEquals(shouldReject, true, "Cross-org site should be rejected");
+ }
+
+ // Test: Empty string userOrgId — should NOT reject (falsy, check is skipped)
+ {
+ const shouldReject = shouldRejectCrossOrgSite("org-victim", "");
+ assertEquals(
+ shouldReject,
+ false,
+ "Empty string userOrgId should NOT reject (check is skipped)"
+ );
+ }
+
+ console.log("All shouldRejectCrossOrgSite tests passed.");
+}
+
+// --- Route stack validation tests ---
+
+function testRouteStackOrdering() {
+ console.log("Running route stack ordering tests...");
+
+ const createTargetStack = [
+ "verifyResourceAccess",
+ "verifySiteAccess",
+ "verifyLimits",
+ "verifyUserHasAction",
+ "logActionAudit",
+ "createTarget"
+ ];
+
+ const updateTargetStack = [
+ "verifyTargetAccess",
+ "verifySiteAccess",
+ "verifyLimits",
+ "verifyUserHasAction",
+ "logActionAudit",
+ "updateTarget"
+ ];
+
+ // Verify verifySiteAccess comes after resource/target access middleware
+ {
+ const siteAccessIndex = createTargetStack.indexOf("verifySiteAccess");
+ const resourceAccessIndex = createTargetStack.indexOf(
+ "verifyResourceAccess"
+ );
+ assertEquals(
+ siteAccessIndex > resourceAccessIndex,
+ true,
+ "verifySiteAccess must come after verifyResourceAccess in create target stack"
+ );
+ }
+
+ {
+ const siteAccessIndex = updateTargetStack.indexOf("verifySiteAccess");
+ const targetAccessIndex =
+ updateTargetStack.indexOf("verifyTargetAccess");
+ assertEquals(
+ siteAccessIndex > targetAccessIndex,
+ true,
+ "verifySiteAccess must come after verifyTargetAccess in update target stack"
+ );
+ }
+
+ // Verify verifySiteAccess comes before the handler
+ {
+ const siteAccessIndex = createTargetStack.indexOf("verifySiteAccess");
+ const handlerIndex = createTargetStack.indexOf("createTarget");
+ assertEquals(
+ siteAccessIndex < handlerIndex,
+ true,
+ "verifySiteAccess must come before createTarget handler"
+ );
+ }
+
+ {
+ const siteAccessIndex = updateTargetStack.indexOf("verifySiteAccess");
+ const handlerIndex = updateTargetStack.indexOf("updateTarget");
+ assertEquals(
+ siteAccessIndex < handlerIndex,
+ true,
+ "verifySiteAccess must come before updateTarget handler"
+ );
+ }
+
+ console.log("All route stack ordering tests passed.");
+}
+
+// --- Security scenario tests ---
+
+function testSecurityScenarios() {
+ console.log("Running security scenario tests...");
+
+ // Scenario 1: Attacker has resource access in org_attacker, but tries to
+ // bind target to a site in org_victim.
+ // verifyResourceAccess passes (sets req.userOrgId = "org_attacker").
+ // verifySiteAccess loads site (org_victim), checks site.orgId !== req.userOrgId.
+ // Expected: 403 Forbidden.
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org_victim",
+ "org_attacker"
+ );
+ assertEquals(
+ shouldReject,
+ true,
+ "Scenario 1: Cross-org site binding must be rejected"
+ );
+ }
+
+ // Scenario 2: Attacker has resource access AND site access in another org.
+ // Even though the user has site access, verifySiteAccess rejects because
+ // the org-match check runs before the site access check.
+ // Expected: 403 Forbidden (org mismatch caught before site access check).
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org_victim",
+ "org_attacker"
+ );
+ assertEquals(
+ shouldReject,
+ true,
+ "Scenario 2: Cross-org site must be rejected even if user has site access"
+ );
+ }
+
+ // Scenario 3: Legitimate user creates target with site in same org.
+ // verifyResourceAccess passes, verifySiteAccess org-match passes (same org),
+ // verifySiteAccess site access passes.
+ // Expected: 201 Created.
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org_attacker",
+ "org_attacker"
+ );
+ assertEquals(
+ shouldReject,
+ false,
+ "Scenario 3: Same-org site must be allowed"
+ );
+ }
+
+ // Scenario 4: WireGuard site in victim org — org mismatch is caught before
+ // any DB write, pickPort, addPeer, or addTargets side effect.
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org_victim",
+ "org_attacker"
+ );
+ assertEquals(
+ shouldReject,
+ true,
+ "Scenario 4: WireGuard cross-org site must be rejected before addPeer"
+ );
+ }
+
+ // Scenario 5: Newt site in victim org — same as scenario 4 but for newt.
+ {
+ const shouldReject = shouldRejectCrossOrgSite(
+ "org_victim",
+ "org_attacker"
+ );
+ assertEquals(
+ shouldReject,
+ true,
+ "Scenario 5: Newt cross-org site must be rejected before addTargets"
+ );
+ }
+
+ // Scenario 6: Normal site-only route (e.g. PUT /site/:siteId) where
+ // verifySiteAccess runs without a prior verifyResourceAccess.
+ // req.userOrgId is undefined, so the org-match check is skipped.
+ // Normal site access verification proceeds.
+ {
+ const shouldReject = shouldRejectCrossOrgSite("org_victim", undefined);
+ assertEquals(
+ shouldReject,
+ false,
+ "Scenario 6: Site-only routes should skip org-match check"
+ );
+ }
+
+ console.log("All security scenario tests passed.");
+}
+
+// Run all tests
+testSiteOrgMatchLogic();
+testShouldRejectCrossOrgSite();
+testRouteStackOrdering();
+testSecurityScenarios();
diff --git a/server/middlewares/verifySiteAccess.ts b/server/middlewares/verifySiteAccess.ts
index e630cf0f1..50a940855 100644
--- a/server/middlewares/verifySiteAccess.ts
+++ b/server/middlewares/verifySiteAccess.ts
@@ -71,6 +71,15 @@ export async function verifySiteAccess(
);
}
+ if (req.userOrgId && site.orgId !== req.userOrgId) {
+ return next(
+ createHttpError(
+ HttpCode.FORBIDDEN,
+ "User does not have access to this site"
+ )
+ );
+ }
+
if (!req.userOrg) {
// Get user's role ID in the organization
const userOrgRole = await db
@@ -106,8 +115,7 @@ export async function verifySiteAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
@@ -128,10 +136,7 @@ export async function verifySiteAccess(
.where(
and(
eq(roleSites.siteId, site.siteId),
- inArray(
- roleSites.roleId,
- req.userOrgRoleIds!
- )
+ inArray(roleSites.roleId, req.userOrgRoleIds!)
)
)
.limit(1)
diff --git a/server/middlewares/verifySiteProvisioningKeyAccess.ts b/server/middlewares/verifySiteProvisioningKeyAccess.ts
index 73393e1e9..9cb9a28f3 100644
--- a/server/middlewares/verifySiteProvisioningKeyAccess.ts
+++ b/server/middlewares/verifySiteProvisioningKeyAccess.ts
@@ -115,8 +115,7 @@ export async function verifySiteProvisioningKeyAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifySiteResourceAccess.ts b/server/middlewares/verifySiteResourceAccess.ts
index 8d5bd656f..c87518a9e 100644
--- a/server/middlewares/verifySiteResourceAccess.ts
+++ b/server/middlewares/verifySiteResourceAccess.ts
@@ -103,8 +103,7 @@ export async function verifySiteResourceAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyTargetAccess.ts b/server/middlewares/verifyTargetAccess.ts
index 8bbed6fca..24b8abd22 100644
--- a/server/middlewares/verifyTargetAccess.ts
+++ b/server/middlewares/verifyTargetAccess.ts
@@ -122,8 +122,7 @@ export async function verifyTargetAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyUserAccess.ts b/server/middlewares/verifyUserAccess.ts
index fcc4d0cb9..83c344ae0 100644
--- a/server/middlewares/verifyUserAccess.ts
+++ b/server/middlewares/verifyUserAccess.ts
@@ -59,8 +59,7 @@ export async function verifyUserAccess(
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "Failed organization access policy check: " +
- (policyCheck.error || "Unknown error")
+ "" + (policyCheck.error || "Unknown error")
)
);
}
diff --git a/server/middlewares/verifyUserCanSetUserOrgRoles.ts b/server/middlewares/verifyUserCanSetUserOrgRoles.ts
index 1a7554ab3..3b8687b96 100644
--- a/server/middlewares/verifyUserCanSetUserOrgRoles.ts
+++ b/server/middlewares/verifyUserCanSetUserOrgRoles.ts
@@ -38,7 +38,7 @@ export function verifyUserCanSetUserOrgRoles() {
return next(
createHttpError(
HttpCode.FORBIDDEN,
- "User does not have permission perform this action"
+ "User does not have permission to set user organization roles"
)
);
} catch (error) {
diff --git a/server/middlewares/verifyUserFromResourceSession.ts b/server/middlewares/verifyUserFromResourceSession.ts
new file mode 100644
index 000000000..515b979e7
--- /dev/null
+++ b/server/middlewares/verifyUserFromResourceSession.ts
@@ -0,0 +1,102 @@
+import { Response, NextFunction } from "express";
+import { db } from "@server/db";
+import { resourceSessions, users } from "@server/db";
+import { eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+import { getUserSessionWithUser } from "@server/db/queries/verifySessionQueries";
+import { encodeHexLowerCase } from "@oslojs/encoding";
+import { sha256 } from "@oslojs/crypto/sha2";
+import config from "@server/lib/config";
+import logger from "@server/logger";
+
+export const verifyUserFromResourceSessionMiddleware = async (
+ req: any,
+ res: Response,
+ next: NextFunction
+) => {
+ if (!req.user) {
+ const sessionCookieName =
+ config.getRawConfig().server.session_cookie_name;
+
+ // Collect all resource session cookies (format: {name}[_s].{timestamp}=token)
+ const cookieHeader: string | undefined = req.headers.cookie;
+ const candidates: { timestamp: number; token: string }[] = [];
+
+ if (cookieHeader) {
+ for (const part of cookieHeader.split(";")) {
+ const trimmed = part.trim();
+ const eqIdx = trimmed.indexOf("=");
+ if (eqIdx === -1) continue;
+
+ const cookieName = trimmed.slice(0, eqIdx).trim();
+ const cookieValue = trimmed.slice(eqIdx + 1).trim();
+
+ // Match both secure (_s.timestamp) and non-secure (.timestamp) variants
+ const securePrefix = `${sessionCookieName}_s.`;
+ const httpPrefix = `${sessionCookieName}.`;
+
+ let timestampStr: string | null = null;
+ if (cookieName.startsWith(securePrefix)) {
+ timestampStr = cookieName.slice(securePrefix.length);
+ } else if (cookieName.startsWith(httpPrefix)) {
+ timestampStr = cookieName.slice(httpPrefix.length);
+ }
+
+ if (timestampStr !== null && /^\d+$/.test(timestampStr)) {
+ candidates.push({
+ timestamp: parseInt(timestampStr, 10),
+ token: cookieValue
+ });
+ }
+ }
+ }
+
+ // Pick the most recently issued session (highest timestamp)
+ candidates.sort((a, b) => b.timestamp - a.timestamp);
+ const best = candidates[0];
+
+ if (best) {
+ try {
+ const sessionId = encodeHexLowerCase(
+ sha256(new TextEncoder().encode(best.token))
+ );
+
+ const [resourceSession] = await db
+ .select()
+ .from(resourceSessions)
+ .where(eq(resourceSessions.sessionId, sessionId))
+ .limit(1);
+
+ if (resourceSession && Date.now() < resourceSession.expiresAt) {
+ if (resourceSession.userSessionId) {
+ const result = await getUserSessionWithUser(
+ resourceSession.userSessionId
+ );
+
+ if (result?.user && result?.session) {
+ req.user = result.user;
+ req.session = result.session;
+ }
+ }
+ }
+ } catch (e) {
+ logger.error(
+ "verifyUserFromResourceSessionMiddleware: failed to validate resource session",
+ e
+ );
+ }
+ }
+ }
+
+ // Populate userOrgRoleIds if an orgId is available in route params
+ if (req.user && req.params?.orgId && !req.userOrgRoleIds) {
+ req.userOrgRoleIds = await getUserOrgRoleIds(
+ req.user.userId,
+ req.params.orgId
+ );
+ }
+
+ next();
+};
diff --git a/server/openApi.ts b/server/openApi.ts
index 26c9e2f2e..7132a0327 100644
--- a/server/openApi.ts
+++ b/server/openApi.ts
@@ -7,6 +7,7 @@ export enum OpenAPITags {
Org = "Organization",
PublicResource = "Public Resource",
PrivateResource = "Private Resource",
+ Policy = "Policy",
Role = "Role",
User = "User",
Invitation = "User Invitation",
diff --git a/server/private/lib/acmeCertSync.ts b/server/private/lib/acmeCertSync.ts
index b69c2ae89..56105ac38 100644
--- a/server/private/lib/acmeCertSync.ts
+++ b/server/private/lib/acmeCertSync.ts
@@ -693,9 +693,9 @@ async function syncAcmeCerts(acmeJsonPath: string): Promise {
);
continue;
}
- logger.debug(
- `acmeCertSync: found ${resolverData.Certificates.length} certificate(s) for resolver "${resolver}"`
- );
+ // logger.debug(
+ // `acmeCertSync: found ${resolverData.Certificates.length} certificate(s) for resolver "${resolver}"`
+ // );
for (const cert of resolverData.Certificates) {
allCerts.push(cert);
}
@@ -780,9 +780,9 @@ async function syncAcmeCerts(acmeJsonPath: string): Promise {
}
}
- logger.debug(
- `acmeCertSync: cert for ${mainDomain} covers ${allDomains.size} domain(s): ${[...allDomains].join(", ")}`
- );
+ // logger.debug(
+ // `acmeCertSync: cert for ${mainDomain} covers ${allDomains.size} domain(s): ${[...allDomains].join(", ")}`
+ // );
for (const domain of allDomains) {
try {
@@ -863,9 +863,9 @@ export function initAcmeCertSync(): void {
);
return;
}
- logger.debug(
- `acmeCertSync: found ${files.length} acme.json file(s) in directory "${acmeJsonPath}"`
- );
+ // logger.debug(
+ // `acmeCertSync: found ${files.length} acme.json file(s) in directory "${acmeJsonPath}"`
+ // );
for (const file of files) {
syncAcmeCerts(file).catch((err) => {
logger.error(
diff --git a/server/private/lib/cache.ts b/server/private/lib/cache.ts
index 2d49d2e40..9c94109c2 100644
--- a/server/private/lib/cache.ts
+++ b/server/private/lib/cache.ts
@@ -13,7 +13,7 @@
import NodeCache from "node-cache";
import logger from "@server/logger";
-import { redisManager } from "@server/private/lib/redis";
+import { redisManager, regionalRedisManager } from "@server/private/lib/redis";
// Create local cache with maxKeys limit to prevent memory leaks
// With ~10k requests/day and 5min TTL, 10k keys should be more than sufficient
@@ -298,3 +298,147 @@ class AdaptiveCache {
// Export singleton instance
export const cache = new AdaptiveCache();
export default cache;
+
+/**
+ * Regional adaptive cache backed by the in-cluster Redis instance.
+ * Falls back to a local NodeCache when the regional Redis is unavailable.
+ * Use this for data that is regional in nature (e.g. status history) so
+ * reads are served from the same cluster the user is hitting.
+ */
+const regionalLocalCache = new NodeCache({
+ stdTTL: 3600,
+ checkperiod: 120,
+ maxKeys: 10000
+});
+
+class RegionalAdaptiveCache {
+ private useRedis(): boolean {
+ return (
+ regionalRedisManager.isRedisEnabled() &&
+ regionalRedisManager.getHealthStatus().isHealthy
+ );
+ }
+
+ async set(key: string, value: any, ttl?: number): Promise {
+ const effectiveTtl = ttl === 0 ? undefined : ttl;
+ const redisTtl = ttl === 0 ? undefined : (ttl ?? 3600);
+
+ if (this.useRedis()) {
+ try {
+ const serialized = JSON.stringify(value);
+ const success = await regionalRedisManager.set(
+ key,
+ serialized,
+ redisTtl
+ );
+ if (success) {
+ logger.debug(`[regional] Set key in Redis: ${key}`);
+ return true;
+ }
+ } catch (error) {
+ logger.error(
+ `[regional] Redis set error for key ${key}:`,
+ error
+ );
+ }
+ }
+
+ const success = regionalLocalCache.set(key, value, effectiveTtl || 0);
+ if (success) logger.debug(`[regional] Set key in local cache: ${key}`);
+ return success;
+ }
+
+ async get(key: string): Promise {
+ if (this.useRedis()) {
+ try {
+ const value = await regionalRedisManager.get(key);
+ if (value !== null) {
+ logger.debug(`[regional] Cache hit in Redis: ${key}`);
+ return JSON.parse(value) as T;
+ }
+ logger.debug(`[regional] Cache miss in Redis: ${key}`);
+ return undefined;
+ } catch (error) {
+ logger.error(
+ `[regional] Redis get error for key ${key}:`,
+ error
+ );
+ }
+ }
+
+ const value = regionalLocalCache.get(key);
+ if (value !== undefined) {
+ logger.debug(`[regional] Cache hit in local cache: ${key}`);
+ } else {
+ logger.debug(`[regional] Cache miss in local cache: ${key}`);
+ }
+ return value;
+ }
+
+ async del(key: string | string[]): Promise {
+ const keys = Array.isArray(key) ? key : [key];
+ let deletedCount = 0;
+
+ if (this.useRedis()) {
+ try {
+ for (const k of keys) {
+ const success = await regionalRedisManager.del(k);
+ if (success) {
+ deletedCount++;
+ logger.debug(`[regional] Deleted key from Redis: ${k}`);
+ }
+ }
+ if (deletedCount === keys.length) return deletedCount;
+ deletedCount = 0;
+ } catch (error) {
+ logger.error(`[regional] Redis del error:`, error);
+ deletedCount = 0;
+ }
+ }
+
+ for (const k of keys) {
+ const count = regionalLocalCache.del(k);
+ if (count > 0) {
+ deletedCount++;
+ logger.debug(`[regional] Deleted key from local cache: ${k}`);
+ }
+ }
+ return deletedCount;
+ }
+
+ async has(key: string): Promise {
+ if (this.useRedis()) {
+ try {
+ const value = await regionalRedisManager.get(key);
+ return value !== null;
+ } catch (error) {
+ logger.error(
+ `[regional] Redis has error for key ${key}:`,
+ error
+ );
+ }
+ }
+ return regionalLocalCache.has(key);
+ }
+
+ /**
+ * Returns keys matching the given prefix from whichever backend is active.
+ * Redis uses a KEYS scan; local cache filters in-memory keys.
+ */
+ async keysWithPrefix(prefix: string): Promise {
+ if (this.useRedis()) {
+ try {
+ return await regionalRedisManager.keys(`${prefix}*`);
+ } catch (error) {
+ logger.error(`[regional] Redis keys error:`, error);
+ }
+ }
+ return regionalLocalCache.keys().filter((k) => k.startsWith(prefix));
+ }
+
+ getCurrentBackend(): "redis" | "local" {
+ return this.useRedis() ? "redis" : "local";
+ }
+}
+
+export const regionalCache = new RegionalAdaptiveCache();
diff --git a/server/private/lib/certificates.ts b/server/private/lib/certificates.ts
index 8875addda..03ea6a58c 100644
--- a/server/private/lib/certificates.ts
+++ b/server/private/lib/certificates.ts
@@ -17,7 +17,7 @@ import { certificates, db } from "@server/db";
import { and, eq, isNotNull, or, inArray, sql } from "drizzle-orm";
import { decrypt } from "@server/lib/crypto";
import logger from "@server/logger";
-import cache from "#private/lib/cache";
+import { regionalCache as cache } from "#private/lib/cache";
import { build } from "@server/build";
// Define the return type for clarity and type safety
@@ -36,8 +36,6 @@ export async function getValidCertificatesForDomains(
domains: Set,
useCache: boolean = true
): Promise> {
-
-
const finalResults: CertificateResult[] = [];
const domainsToQuery = new Set();
@@ -49,7 +47,26 @@ export async function getValidCertificatesForDomains(
if (cachedCert) {
finalResults.push(cachedCert); // Valid cache hit
} else {
- domainsToQuery.add(domain); // Cache miss or expired
+ // Also check for a wildcard cache entry covering this domain's parent
+ const parts = domain.split(".");
+ let wildcardHit = false;
+ if (parts.length > 1) {
+ const parentDomain = parts.slice(1).join(".");
+ const wildcardCacheKey = `cert:*.${parentDomain}`;
+ const cachedWildcard =
+ await cache.get(wildcardCacheKey);
+ if (cachedWildcard) {
+ // Re-stamp queriedDomain so callers see the originally requested domain
+ finalResults.push({
+ ...cachedWildcard,
+ queriedDomain: domain
+ });
+ wildcardHit = true;
+ }
+ }
+ if (!wildcardHit) {
+ domainsToQuery.add(domain); // Cache miss or expired
+ }
}
}
} else {
@@ -59,7 +76,10 @@ export async function getValidCertificatesForDomains(
// 2. If all domains were resolved from the cache, return early
if (domainsToQuery.size === 0) {
- const decryptedResults = decryptFinalResults(finalResults, config.getRawConfig().server.secret!);
+ const decryptedResults = decryptFinalResults(
+ finalResults,
+ config.getRawConfig().server.secret!
+ );
return decryptedResults;
}
@@ -78,7 +98,8 @@ export async function getValidCertificatesForDomains(
const parentDomainsArray = Array.from(parentDomainsToQuery);
// Build wildcard variants: for each parent domain "example.com", also query "*.example.com"
- const wildcardPrefixedArray = build != "saas" ? parentDomainsArray.map((d) => `*.${d}`) : [];
+ const wildcardPrefixedArray =
+ build != "saas" ? parentDomainsArray.map((d) => `*.${d}`) : [];
// 4. Build and execute a single, efficient Drizzle query
// This query fetches all potential exact and wildcard matches in one database round-trip.
@@ -172,11 +193,24 @@ export async function getValidCertificatesForDomains(
if (useCache) {
const cacheKey = `cert:${domain}`;
await cache.set(cacheKey, resultCert, 180);
+
+ // Also cache wildcard certs under a pattern key so other subdomains
+ // can find them without a DB round-trip
+ if (resultCert.wildcard) {
+ const normalizedCertDomain = normalizeWildcardDomain(
+ resultCert.domain
+ );
+ const wildcardCacheKey = `cert:*.${normalizedCertDomain}`;
+ await cache.set(wildcardCacheKey, resultCert, 180);
+ }
}
}
}
- const decryptedResults = decryptFinalResults(finalResults, config.getRawConfig().server.secret!);
+ const decryptedResults = decryptFinalResults(
+ finalResults,
+ config.getRawConfig().server.secret!
+ );
return decryptedResults;
}
diff --git a/server/private/lib/checkOrgAccessPolicy.ts b/server/private/lib/checkOrgAccessPolicy.ts
index b861c1ae6..9a03f9e09 100644
--- a/server/private/lib/checkOrgAccessPolicy.ts
+++ b/server/private/lib/checkOrgAccessPolicy.ts
@@ -21,6 +21,49 @@ import {
} from "@server/lib/checkOrgAccessPolicy";
import { UserType } from "@server/types/UserTypes";
+function formatMaxSessionLengthRequirement(
+ maxSessionLengthHours: number
+): string {
+ if (maxSessionLengthHours < 24) {
+ return `This organization requires you to log in every ${maxSessionLengthHours} hours.`;
+ }
+
+ const maxDays = Math.round(maxSessionLengthHours / 24);
+ return `This organization requires you to log in every ${maxDays} days.`;
+}
+
+function buildOrgAccessPolicyError(
+ policies: CheckOrgAccessPolicyResult["policies"]
+): string | undefined {
+ if (!policies) {
+ return undefined;
+ }
+
+ const errors: string[] = [];
+
+ if (policies.requiredTwoFactor === false) {
+ errors.push(
+ "This organization requires two-factor authentication. Enable two-factor authentication on your account to continue."
+ );
+ }
+
+ if (policies.maxSessionLength?.compliant === false) {
+ errors.push(
+ `Your session has expired. ${formatMaxSessionLengthRequirement(
+ policies.maxSessionLength.maxSessionLengthHours
+ )}`
+ );
+ }
+
+ if (policies.passwordAge?.compliant === false) {
+ errors.push(
+ `Your password has expired. This organization requires you to change your password every ${policies.passwordAge.maxPasswordAgeDays} days.`
+ );
+ }
+
+ return errors.length > 0 ? errors.join(" ") : undefined;
+}
+
export function enforceResourceSessionLength(
resourceSession: ResourceSession,
org: Org
@@ -36,13 +79,17 @@ export function enforceResourceSessionLength(
if (sessionAgeMs > maxSessionLengthMs) {
return {
valid: false,
- error: `Resource session has expired due to organization policy (max session length: ${maxSessionLengthHours} hours)`
+ error: `Your resource session has expired. ${formatMaxSessionLengthRequirement(
+ maxSessionLengthHours
+ )}`
};
}
} else {
return {
valid: false,
- error: `Resource session is invalid due to organization policy (max session length: ${maxSessionLengthHours} hours)`
+ error: `Your resource session is invalid. ${formatMaxSessionLengthRequirement(
+ maxSessionLengthHours
+ )}`
};
}
}
@@ -60,14 +107,20 @@ export async function checkOrgAccessPolicy(
if (!orgId) {
return {
allowed: false,
- error: "Organization ID is required"
+ error: "Unable to verify organization access. Organization information is missing."
};
}
if (!userId) {
- return { allowed: false, error: "User ID is required" };
+ return {
+ allowed: false,
+ error: "Unable to verify organization access. User information is missing."
+ };
}
if (!sessionId) {
- return { allowed: false, error: "Session ID is required" };
+ return {
+ allowed: false,
+ error: "Your session is invalid. Please log in again."
+ };
}
if (build === "enterprise") {
@@ -89,7 +142,10 @@ export async function checkOrgAccessPolicy(
.where(eq(orgs.orgId, orgId));
props.org = orgQuery;
if (!props.org) {
- return { allowed: false, error: "Organization not found" };
+ return {
+ allowed: false,
+ error: "This organization could not be found."
+ };
}
}
@@ -100,7 +156,10 @@ export async function checkOrgAccessPolicy(
.where(eq(users.userId, userId));
props.user = userQuery;
if (!props.user) {
- return { allowed: false, error: "User not found" };
+ return {
+ allowed: false,
+ error: "Your account could not be found."
+ };
}
}
@@ -111,14 +170,17 @@ export async function checkOrgAccessPolicy(
.where(eq(sessions.sessionId, sessionId));
props.session = sessionQuery;
if (!props.session) {
- return { allowed: false, error: "Session not found" };
+ return {
+ allowed: false,
+ error: "Your session has expired. Please log in again."
+ };
}
}
if (props.session.userId !== props.user.userId) {
return {
allowed: false,
- error: "Session does not belong to the user"
+ error: "Your session is invalid. Please log in again."
};
}
@@ -187,8 +249,14 @@ export async function checkOrgAccessPolicy(
allowed = false;
}
+ const policyError = buildOrgAccessPolicyError(policies);
+
return {
allowed,
- policies
+ policies,
+ error: allowed
+ ? undefined
+ : (policyError ??
+ "You do not meet this organization's security requirements.")
};
}
diff --git a/server/private/lib/exitNodes/exitNodes.ts b/server/private/lib/exitNodes/exitNodes.ts
index f6417dae2..1f9517725 100644
--- a/server/private/lib/exitNodes/exitNodes.ts
+++ b/server/private/lib/exitNodes/exitNodes.ts
@@ -18,12 +18,15 @@ import {
resources,
targets,
sites,
+ siteLabels,
+ remoteExitNodes,
+ remoteExitNodePreferenceLabels,
targetHealthCheck,
Transaction
} from "@server/db";
import logger from "@server/logger";
import { ExitNodePingResult } from "@server/routers/newt";
-import { eq, and, or, ne, isNull } from "drizzle-orm";
+import { eq, and, or, ne, isNull, inArray } from "drizzle-orm";
import axios from "axios";
import config from "../config";
@@ -150,7 +153,8 @@ export async function verifyExitNodeOrgAccess(
export async function listExitNodes(
orgId: string,
filterOnline = false,
- noCloud = false
+ noCloud = false,
+ siteId?: number
) {
const allExitNodes = await db
.select({
@@ -237,7 +241,7 @@ export async function listExitNodes(
// })
// );
- const remoteExitNodes = allExitNodes.filter(
+ let remoteExitNodesList = allExitNodes.filter(
(node) =>
node.type === "remoteExitNode" && (!filterOnline || node.online)
);
@@ -246,9 +250,82 @@ export async function listExitNodes(
node.type === "gerbil" && (!filterOnline || node.online) && !noCloud
);
+ // Apply label-based filtering to remote exit nodes if siteId is provided
+ if (siteId !== undefined && remoteExitNodesList.length > 0) {
+ // Get the site's labels
+ const siteLabelRows = await db
+ .select({ labelId: siteLabels.labelId })
+ .from(siteLabels)
+ .where(eq(siteLabels.siteId, siteId));
+ const siteLabelIds = new Set(siteLabelRows.map((r) => r.labelId));
+
+ // Get the remoteExitNode records for these exit nodes so we have the remoteExitNodeId
+ const exitNodeIds = remoteExitNodesList.map((n) => n.exitNodeId);
+ const remoteNodeRows = await db
+ .select({
+ exitNodeId: remoteExitNodes.exitNodeId,
+ remoteExitNodeId: remoteExitNodes.remoteExitNodeId
+ })
+ .from(remoteExitNodes)
+ .where(inArray(remoteExitNodes.exitNodeId, exitNodeIds));
+
+ const exitNodeIdToRemoteId = new Map(
+ remoteNodeRows
+ .filter((r) => r.exitNodeId !== null)
+ .map((r) => [r.exitNodeId!, r.remoteExitNodeId])
+ );
+
+ // Get preference labels for all remote exit nodes
+ const remoteExitNodeIds = remoteNodeRows.map((r) => r.remoteExitNodeId);
+ const prefLabelRows =
+ remoteExitNodeIds.length > 0
+ ? await db
+ .select({
+ remoteExitNodeId:
+ remoteExitNodePreferenceLabels.remoteExitNodeId,
+ labelId: remoteExitNodePreferenceLabels.labelId
+ })
+ .from(remoteExitNodePreferenceLabels)
+ .where(
+ inArray(
+ remoteExitNodePreferenceLabels.remoteExitNodeId,
+ remoteExitNodeIds
+ )
+ )
+ : [];
+
+ // Build a map of remoteExitNodeId -> Set of labelIds
+ const prefLabelsMap = new Map>();
+ for (const row of prefLabelRows) {
+ if (!prefLabelsMap.has(row.remoteExitNodeId)) {
+ prefLabelsMap.set(row.remoteExitNodeId, new Set());
+ }
+ prefLabelsMap.get(row.remoteExitNodeId)!.add(row.labelId);
+ }
+
+ // Filter: include node if it has no preference labels, or if site shares at least one label
+ const filtered = remoteExitNodesList.filter((node) => {
+ const remoteId = exitNodeIdToRemoteId.get(node.exitNodeId);
+ if (!remoteId) return true; // no remoteExitNode record, don't filter
+ const prefLabels = prefLabelsMap.get(remoteId);
+ if (!prefLabels || prefLabels.size === 0) return true; // no preference labels, include
+ // include only if site has at least one matching label
+ for (const labelId of siteLabelIds) {
+ if (prefLabels.has(labelId)) return true;
+ }
+ return false;
+ });
+
+ // Only apply the filtered list if at least one remote node remains;
+ // otherwise fall through to the gerbil fallback below
+ if (filtered.length > 0 || remoteExitNodesList.length === 0) {
+ remoteExitNodesList = filtered;
+ }
+ }
+
// THIS PROVIDES THE FALL
const exitNodesList =
- remoteExitNodes.length > 0 ? remoteExitNodes : gerbilExitNodes;
+ remoteExitNodesList.length > 0 ? remoteExitNodesList : gerbilExitNodes;
return exitNodesList;
}
diff --git a/server/private/lib/lock.ts b/server/private/lib/lock.ts
index a59bbc051..94b27a337 100644
--- a/server/private/lib/lock.ts
+++ b/server/private/lib/lock.ts
@@ -11,37 +11,80 @@
* This file is not licensed under the AGPLv3.
*/
-import { config } from "@server/lib/config";
import logger from "@server/logger";
import { redis } from "#private/lib/redis";
import { v4 as uuidv4 } from "uuid";
const instanceId = uuidv4();
+type LocalLockRecord = {
+ owner: string;
+ expiresAt: number;
+};
+
+const localLocks = new Map();
+
export class LockManager {
+ private clearExpiredLocalLock(lockKey: string): void {
+ const current = localLocks.get(lockKey);
+ if (current && current.expiresAt <= Date.now()) {
+ localLocks.delete(lockKey);
+ }
+ }
+
/**
* Acquire a distributed lock using Redis SET with NX and PX options
* @param lockKey - Unique identifier for the lock
* @param ttlMs - Time to live in milliseconds
- * @returns Promise - true if lock acquired, false otherwise
+ * @returns Promise - a token identifying this specific acquisition
+ * (truthy) on success, or null if the lock could not be acquired.
*/
async acquireLock(
lockKey: string,
ttlMs: number = 30000,
maxRetries: number = 3,
retryDelayMs: number = 100
- ): Promise {
+ ): Promise {
if (!redis || !redis.status || redis.status !== "ready") {
- return true;
+ for (let attempt = 0; attempt < maxRetries; attempt++) {
+ this.clearExpiredLocalLock(lockKey);
+
+ const existing = localLocks.get(lockKey);
+ if (!existing) {
+ const token = `${instanceId}:${uuidv4()}`;
+ localLocks.set(lockKey, {
+ owner: token,
+ expiresAt: Date.now() + ttlMs
+ });
+ return token;
+ }
+
+ // Do not treat a same-process holder as automatically
+ // reentrant -- see the note in the Redis branch below.
+ if (attempt < maxRetries - 1) {
+ const delay = retryDelayMs * Math.pow(2, attempt);
+ await new Promise((resolve) => setTimeout(resolve, delay));
+ }
+ }
+
+ return null;
}
- const lockValue = `${
- instanceId
- }:${Date.now()}`;
const redisKey = `lock:${lockKey}`;
for (let attempt = 0; attempt < maxRetries; attempt++) {
try {
+ // Every acquisition attempt gets its own unique token, even
+ // within the same process. Two independent logical operations
+ // (e.g. two different API requests handled by the same server)
+ // racing for this key must never both believe they hold the
+ // lock -- if we treated "existing value starts with my
+ // instanceId" as reentrant success, a second unrelated caller
+ // on this process could barge in while the first is still
+ // mid-flight, and their writes under the lock would interleave
+ // unguarded.
+ const lockValue = `${instanceId}:${uuidv4()}`;
+
// Use SET with NX (only set if not exists) and PX (expire in milliseconds)
// This is atomic and handles both setting and expiration
const result = await redis.set(
@@ -53,30 +96,8 @@ export class LockManager {
);
if (result === "OK") {
- logger.debug(
- `Lock acquired: ${lockKey} by ${
- instanceId
- }`
- );
- return true;
- }
-
- // Check if the existing lock is from this worker (reentrant behavior)
- const existingValue = await redis.get(redisKey);
- if (
- existingValue &&
- existingValue.startsWith(
- `${instanceId}:`
- )
- ) {
- // Extend the lock TTL since it's the same worker
- await redis.pexpire(redisKey, ttlMs);
- logger.debug(
- `Lock extended: ${lockKey} by ${
- instanceId
- }`
- );
- return true;
+ logger.debug(`Lock acquired: ${lockKey} by ${instanceId}`);
+ return lockValue;
}
// If this isn't our last attempt, wait before retrying with exponential backoff
@@ -88,7 +109,10 @@ export class LockManager {
await new Promise((resolve) => setTimeout(resolve, delay));
}
} catch (error) {
- logger.error(`Failed to acquire lock ${lockKey} (attempt ${attempt + 1}/${maxRetries}):`, error);
+ logger.error(
+ `Failed to acquire lock ${lockKey} (attempt ${attempt + 1}/${maxRetries}):`,
+ error
+ );
// On error, still retry if we have attempts left
if (attempt < maxRetries - 1) {
const delay = retryDelayMs * Math.pow(2, attempt);
@@ -100,27 +124,36 @@ export class LockManager {
logger.debug(
`Failed to acquire lock ${lockKey} after ${maxRetries} attempts`
);
- return false;
+ return null;
}
/**
- * Release a lock using Lua script to ensure atomicity
+ * Release a lock previously acquired via acquireLock/acquireLockWithRetry,
+ * using a Lua script to ensure we only delete it if it still matches the
+ * exact token from that acquisition (not just "owned by this process") --
+ * this ensures a caller whose TTL already expired can't delete a
+ * different, currently-active holder's lock.
* @param lockKey - Unique identifier for the lock
+ * @param token - the exact token returned by the acquisition being released
*/
- async releaseLock(lockKey: string): Promise {
+ async releaseLock(lockKey: string, token: string): Promise {
if (!redis || !redis.status || redis.status !== "ready") {
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+ if (existing && existing.owner === token) {
+ localLocks.delete(lockKey);
+ }
return;
}
const redisKey = `lock:${lockKey}`;
- // Lua script to ensure we only delete the lock if it belongs to this worker
const luaScript = `
local key = KEYS[1]
- local worker_prefix = ARGV[1]
+ local expected_value = ARGV[1]
local current_value = redis.call('GET', key)
- if current_value and string.find(current_value, worker_prefix, 1, true) == 1 then
+ if current_value and current_value == expected_value then
return redis.call('DEL', key)
else
return 0
@@ -132,20 +165,14 @@ export class LockManager {
luaScript,
1,
redisKey,
- `${instanceId}:`
+ token
)) as number;
if (result === 1) {
- logger.debug(
- `Lock released: ${lockKey} by ${
- instanceId
- }`
- );
+ logger.debug(`Lock released: ${lockKey} by ${instanceId}`);
} else {
logger.warn(
- `Lock not released - not owned by worker: ${lockKey} by ${
- instanceId
- }`
+ `Lock not released - token did not match current holder: ${lockKey} (attempted by ${instanceId})`
);
}
} catch (error) {
@@ -159,6 +186,7 @@ export class LockManager {
*/
async forceReleaseLock(lockKey: string): Promise {
if (!redis || !redis.status || redis.status !== "ready") {
+ localLocks.delete(lockKey);
return;
}
@@ -186,7 +214,20 @@ export class LockManager {
owner?: string;
}> {
if (!redis || !redis.status || redis.status !== "ready") {
- return { exists: false, ownedByMe: true, ttl: 0 };
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+
+ if (!existing) {
+ return { exists: false, ownedByMe: false, ttl: 0 };
+ }
+
+ const ttl = Math.max(0, existing.expiresAt - Date.now());
+ return {
+ exists: true,
+ ownedByMe: existing.owner.startsWith(`${instanceId}:`),
+ ttl,
+ owner: existing.owner.split(":")[0]
+ };
}
const redisKey = `lock:${lockKey}`;
@@ -198,11 +239,7 @@ export class LockManager {
]);
const exists = value !== null;
- const ownedByMe =
- exists &&
- value!.startsWith(
- `${instanceId}:`
- );
+ const ownedByMe = exists && value!.startsWith(`${instanceId}:`);
const owner = exists ? value!.split(":")[0] : undefined;
return {
@@ -218,26 +255,40 @@ export class LockManager {
}
/**
- * Extend the TTL of an existing lock owned by this worker
+ * Extend the TTL of an existing lock, provided the token matches the
+ * acquisition currently holding it.
* @param lockKey - Unique identifier for the lock
* @param ttlMs - New TTL in milliseconds
+ * @param token - the token returned by the acquisition being extended
* @returns Promise - true if extended successfully
*/
- async extendLock(lockKey: string, ttlMs: number): Promise {
+ async extendLock(
+ lockKey: string,
+ ttlMs: number,
+ token: string
+ ): Promise {
if (!redis || !redis.status || redis.status !== "ready") {
+ this.clearExpiredLocalLock(lockKey);
+ const existing = localLocks.get(lockKey);
+
+ if (!existing || existing.owner !== token) {
+ return false;
+ }
+
+ existing.expiresAt = Date.now() + ttlMs;
+ localLocks.set(lockKey, existing);
return true;
}
const redisKey = `lock:${lockKey}`;
- // Lua script to extend TTL only if lock is owned by this worker
const luaScript = `
local key = KEYS[1]
- local worker_prefix = ARGV[1]
+ local expected_value = ARGV[1]
local ttl = tonumber(ARGV[2])
local current_value = redis.call('GET', key)
- if current_value and string.find(current_value, worker_prefix, 1, true) == 1 then
+ if current_value and current_value == expected_value then
return redis.call('PEXPIRE', key, ttl)
else
return 0
@@ -249,15 +300,13 @@ export class LockManager {
luaScript,
1,
redisKey,
- `${instanceId}:`,
+ token,
ttlMs.toString()
)) as number;
if (result === 1) {
logger.debug(
- `Lock extended: ${lockKey} by ${
- instanceId
- } for ${ttlMs}ms`
+ `Lock extended: ${lockKey} by ${instanceId} for ${ttlMs}ms`
);
return true;
}
@@ -274,23 +323,24 @@ export class LockManager {
* @param ttlMs - Time to live in milliseconds
* @param maxRetries - Maximum number of retry attempts
* @param baseDelayMs - Base delay between retries in milliseconds
- * @returns Promise - true if lock acquired
+ * @returns Promise - token if acquired, null otherwise
*/
async acquireLockWithRetry(
lockKey: string,
ttlMs: number = 30000,
maxRetries: number = 5,
baseDelayMs: number = 100
- ): Promise {
- if (!redis || !redis.status || redis.status !== "ready") {
- return true;
- }
-
+ ): Promise {
for (let attempt = 0; attempt <= maxRetries; attempt++) {
- const acquired = await this.acquireLock(lockKey, ttlMs);
+ const acquired = await this.acquireLock(
+ lockKey,
+ ttlMs,
+ 1,
+ baseDelayMs
+ );
if (acquired) {
- return true;
+ return acquired;
}
if (attempt < maxRetries) {
@@ -304,7 +354,7 @@ export class LockManager {
logger.warn(
`Failed to acquire lock ${lockKey} after ${maxRetries + 1} attempts`
);
- return false;
+ return null;
}
/**
@@ -319,20 +369,16 @@ export class LockManager {
fn: () => Promise,
ttlMs: number = 30000
): Promise {
- if (!redis || !redis.status || redis.status !== "ready") {
- return await fn();
- }
+ const token = await this.acquireLock(lockKey, ttlMs);
- const acquired = await this.acquireLock(lockKey, ttlMs);
-
- if (!acquired) {
+ if (!token) {
throw new Error(`Failed to acquire lock: ${lockKey}`);
}
try {
return await fn();
} finally {
- await this.releaseLock(lockKey);
+ await this.releaseLock(lockKey, token);
}
}
@@ -346,7 +392,21 @@ export class LockManager {
locksOwnedByMe: number;
}> {
if (!redis || !redis.status || redis.status !== "ready") {
- return { activeLocksCount: 0, locksOwnedByMe: 0 };
+ const now = Date.now();
+ for (const [key, value] of localLocks.entries()) {
+ if (value.expiresAt <= now) {
+ localLocks.delete(key);
+ }
+ }
+
+ let locksOwnedByMe = 0;
+ for (const value of localLocks.values()) {
+ if (value.owner.startsWith(`${instanceId}:`)) {
+ locksOwnedByMe++;
+ }
+ }
+
+ return { activeLocksCount: localLocks.size, locksOwnedByMe };
}
try {
@@ -356,11 +416,7 @@ export class LockManager {
if (keys.length > 0) {
const values = await redis.mget(...keys);
locksOwnedByMe = values.filter(
- (value) =>
- value &&
- value.startsWith(
- `${instanceId}:`
- )
+ (value) => value && value.startsWith(`${instanceId}:`)
).length;
}
diff --git a/server/private/lib/logStreaming/index.ts b/server/private/lib/logStreaming/index.ts
index 18662a7c0..60e0db1aa 100644
--- a/server/private/lib/logStreaming/index.ts
+++ b/server/private/lib/logStreaming/index.ts
@@ -24,7 +24,8 @@ import { LogStreamingManager } from "./LogStreamingManager";
*/
export const logStreamingManager = new LogStreamingManager();
-if (build != "saas") { // this is handled separately in the saas build, so we don't want to start it here
+if (build !== "saas") {
+ // this is handled separately in the saas build, so we don't want to start it here
logStreamingManager.start();
}
diff --git a/server/private/lib/orgRebuildCounter.ts b/server/private/lib/orgRebuildCounter.ts
new file mode 100644
index 000000000..7107b9b8d
--- /dev/null
+++ b/server/private/lib/orgRebuildCounter.ts
@@ -0,0 +1,105 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { redis } from "#private/lib/redis";
+import logger from "@server/logger";
+
+export const ORG_REBUILD_CONCURRENCY_LIMIT = 10;
+
+// Safety-net TTL: slightly longer than the rebuild lock TTL (120 s). If a
+// server process dies while holding a rebuild, this ensures the counter key
+// eventually expires rather than staying inflated forever.
+const ORG_REBUILD_COUNT_TTL_MS = 180000;
+const KEY_PREFIX = "rebuild-org-count:";
+
+// In-memory fallback used when Redis is unavailable.
+const localFallback = new Map();
+
+function isRedisReady(): boolean {
+ return !!(redis && redis.status === "ready");
+}
+
+export async function incrementOrgRebuildCount(orgId: string): Promise {
+ if (!isRedisReady()) {
+ localFallback.set(orgId, (localFallback.get(orgId) ?? 0) + 1);
+ return;
+ }
+ try {
+ const key = `${KEY_PREFIX}${orgId}`;
+ await redis!.incr(key);
+ // Always refresh the TTL so the key doesn't expire while rebuilds are
+ // still in progress. The TTL is purely a crash-recovery safety net.
+ await redis!.pexpire(key, ORG_REBUILD_COUNT_TTL_MS);
+ } catch (err) {
+ logger.warn(
+ `orgRebuildCounter: Redis increment failed for org ${orgId}, falling back to local:`,
+ err
+ );
+ localFallback.set(orgId, (localFallback.get(orgId) ?? 0) + 1);
+ }
+}
+
+export async function decrementOrgRebuildCount(orgId: string): Promise {
+ if (!isRedisReady()) {
+ const current = localFallback.get(orgId) ?? 0;
+ if (current <= 1) {
+ localFallback.delete(orgId);
+ } else {
+ localFallback.set(orgId, current - 1);
+ }
+ return;
+ }
+ try {
+ const key = `${KEY_PREFIX}${orgId}`;
+ const count = await redis!.decr(key);
+ if (count <= 0) {
+ await redis!.del(key);
+ }
+ } catch (err) {
+ logger.warn(
+ `orgRebuildCounter: Redis decrement failed for org ${orgId}, falling back to local:`,
+ err
+ );
+ const current = localFallback.get(orgId) ?? 0;
+ if (current <= 1) {
+ localFallback.delete(orgId);
+ } else {
+ localFallback.set(orgId, current - 1);
+ }
+ }
+}
+
+export async function getOrgActiveRebuildCount(orgId: string): Promise {
+ if (!isRedisReady()) {
+ return localFallback.get(orgId) ?? 0;
+ }
+ try {
+ const key = `${KEY_PREFIX}${orgId}`;
+ const val = await redis!.get(key);
+ return val ? parseInt(val, 10) : 0;
+ } catch (err) {
+ logger.warn(
+ `orgRebuildCounter: Redis get failed for org ${orgId}, falling back to local:`,
+ err
+ );
+ return localFallback.get(orgId) ?? 0;
+ }
+}
+
+export async function checkOrgRebuildRateLimit(
+ orgId: string
+): Promise {
+ return (
+ (await getOrgActiveRebuildCount(orgId)) >= ORG_REBUILD_CONCURRENCY_LIMIT
+ );
+}
diff --git a/server/private/lib/rateLimit.ts b/server/private/lib/rateLimit.ts
index a8cf3c01c..32aa6419c 100644
--- a/server/private/lib/rateLimit.ts
+++ b/server/private/lib/rateLimit.ts
@@ -12,7 +12,7 @@
*/
import logger from "@server/logger";
-import redisManager from "#private/lib/redis";
+import { regionalRedisManager as redisManager } from "#private/lib/redis";
import { build } from "@server/build";
// Rate limiting configuration
@@ -152,10 +152,9 @@ export class RateLimitService {
);
// Set TTL using the client directly - this prevents the key from persisting forever
- if (redisManager.getClient()) {
- await redisManager
- .getClient()
- .expire(globalKey, RATE_LIMIT_WINDOW + 10);
+ const writeClient = redisManager.getClient();
+ if (writeClient) {
+ await writeClient.expire(globalKey, RATE_LIMIT_WINDOW + 10);
}
// Update tracking
@@ -204,10 +203,12 @@ export class RateLimitService {
);
// Set TTL using the client directly - this prevents the key from persisting forever
- if (redisManager.getClient()) {
- await redisManager
- .getClient()
- .expire(messageTypeKey, RATE_LIMIT_WINDOW + 10);
+ const writeClient = redisManager.getClient();
+ if (writeClient) {
+ await writeClient.expire(
+ messageTypeKey,
+ RATE_LIMIT_WINDOW + 10
+ );
}
// Update tracking
@@ -487,16 +488,13 @@ export class RateLimitService {
await redisManager.del(globalKey);
// Get all message type keys for this client and delete them
- const client = redisManager.getClient();
- if (client) {
- const messageTypeKeys = await client.keys(
- `ratelimit:${clientId}:*`
+ const messageTypeKeys = await redisManager.keys(
+ `ratelimit:${clientId}:*`
+ );
+ if (messageTypeKeys.length > 0) {
+ await Promise.all(
+ messageTypeKeys.map((key) => redisManager.del(key))
);
- if (messageTypeKeys.length > 0) {
- await Promise.all(
- messageTypeKeys.map((key) => redisManager.del(key))
- );
- }
}
}
}
diff --git a/server/private/lib/readConfigFile.ts b/server/private/lib/readConfigFile.ts
index 974e8e590..565a0151a 100644
--- a/server/private/lib/readConfigFile.ts
+++ b/server/private/lib/readConfigFile.ts
@@ -73,6 +73,25 @@ export const privateConfigSchema = z
.object({
rejectUnauthorized: z.boolean().optional().default(true)
})
+ .optional(),
+ regional_redis: z
+ .object({
+ host: z.string(),
+ port: portSchema,
+ password: z
+ .string()
+ .optional()
+ .transform(getEnvOrYaml("REGIONAL_REDIS_PASSWORD")),
+ db: z.int().nonnegative().optional().default(0),
+ tls: z
+ .object({
+ rejectUnauthorized: z
+ .boolean()
+ .optional()
+ .default(true)
+ })
+ .optional()
+ })
.optional()
})
.optional(),
@@ -90,7 +109,11 @@ export const privateConfigSchema = z
enable_redis: z.boolean().optional().default(false),
use_pangolin_dns: z.boolean().optional().default(false),
use_org_only_idp: z.boolean().optional(),
- enable_acme_cert_sync: z.boolean().optional().default(true)
+ enable_acme_cert_sync: z.boolean().optional().default(true),
+ disable_private_http_placeholder: z
+ .boolean()
+ .optional()
+ .default(false)
})
.optional()
.prefault({}),
diff --git a/server/private/lib/rebuildQueue.ts b/server/private/lib/rebuildQueue.ts
new file mode 100644
index 000000000..87da95f60
--- /dev/null
+++ b/server/private/lib/rebuildQueue.ts
@@ -0,0 +1,241 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { redis } from "#private/lib/redis";
+import { lockManager } from "#private/lib/lock";
+import logger from "@server/logger";
+import { isTransientError } from "@server/lib/dbRetry";
+
+export type RebuildJobType = "site-resource" | "client";
+
+export interface RebuildJob {
+ type: RebuildJobType;
+ id: number;
+ // Number of times this job has already been re-queued after a transient
+ // failure. Absent/0 means it has not failed yet.
+ attempt?: number;
+}
+
+export interface RebuildJobHandlers {
+ onSiteResource(siteResourceId: number): Promise;
+ onClient(clientId: number): Promise;
+}
+
+// Redis list holding pending rebuild jobs (RPUSH to enqueue, LPOP to dequeue — FIFO order).
+const QUEUE_KEY = "rebuild-client-associations:queue";
+const QUEUED_SET_KEY = "rebuild-client-associations:queued";
+
+// Distributed lock that serialises queue consumption to a single server instance
+// at a time. TTL is generous enough to cover a full batch of expensive rebuilds.
+const PROCESSOR_LOCK_KEY = "rebuild-client-associations:processor";
+
+// Each rebuild can take up to REBUILD_ASSOCIATIONS_LOCK_TTL_MS (120 s) per
+// resource. Allow BATCH_SIZE resources per processor-lock acquisition, plus a
+// small buffer.
+const BATCH_SIZE = 5;
+const PROCESSOR_LOCK_TTL_MS = 120000 * BATCH_SIZE + 30000; // ~630 s
+
+const POLL_INTERVAL_MS = 500;
+
+// A job that fails with a transient DB error gets re-queued with backoff
+// instead of being dropped, up to this many times.
+const MAX_JOB_ATTEMPTS = 5;
+const JOB_RETRY_BASE_DELAY_MS = 1000;
+
+class RedisRebuildQueue {
+ private processingStarted = false;
+
+ async isQueued(job: RebuildJob): Promise {
+ if (!redis || redis.status !== "ready") return false;
+ const dedupeKey = `${job.type}:${job.id}`;
+ try {
+ const member = await redis.sismember(QUEUED_SET_KEY, dedupeKey);
+ return member === 1;
+ } catch {
+ return false;
+ }
+ }
+
+ async enqueue(job: RebuildJob): Promise {
+ if (!redis || redis.status !== "ready") {
+ logger.warn(
+ `Rebuild queue: Redis not available — rebuild for ${job.type}:${job.id} will not be retried`
+ );
+ return;
+ }
+
+ try {
+ const dedupeKey = `${job.type}:${job.id}`;
+ const added = await redis.sadd(QUEUED_SET_KEY, dedupeKey);
+ if (added === 0) {
+ logger.debug(
+ `Rebuild queue: skipped duplicate queued job ${job.type}:${job.id}`
+ );
+ return;
+ }
+
+ await redis.rpush(QUEUE_KEY, JSON.stringify(job));
+ logger.debug(
+ `Rebuild queue: enqueued ${job.type}:${job.id} (queue position: tail)`
+ );
+ } catch (err) {
+ await redis
+ .srem(QUEUED_SET_KEY, `${job.type}:${job.id}`)
+ .catch((cleanupErr) =>
+ logger.warn(
+ `Rebuild queue: failed to cleanup dedupe key for ${job.type}:${job.id} after enqueue failure:`,
+ cleanupErr
+ )
+ );
+ logger.error(
+ `Rebuild queue: failed to enqueue ${job.type}:${job.id}:`,
+ err
+ );
+ }
+ }
+
+ startProcessing(handlers: RebuildJobHandlers): void {
+ if (this.processingStarted) return;
+ this.processingStarted = true;
+
+ this.processLoop(handlers).catch((err) => {
+ logger.error("Rebuild queue processor loop crashed:", err);
+ });
+
+ logger.info("Rebuild queue processor started");
+ }
+
+ private async processLoop(handlers: RebuildJobHandlers): Promise {
+ while (true) {
+ try {
+ await this.tryProcessBatch(handlers);
+ } catch (err) {
+ logger.error(
+ "Rebuild queue: unhandled error in process loop:",
+ err
+ );
+ }
+ await new Promise((resolve) =>
+ setTimeout(resolve, POLL_INTERVAL_MS)
+ );
+ }
+ }
+
+ private async tryProcessBatch(handlers: RebuildJobHandlers): Promise {
+ if (!redis || redis.status !== "ready") return;
+
+ // Peek before acquiring the processor lock to avoid unnecessary Redis
+ // round-trips and lock contention when the queue is idle.
+ const queueLength = await redis.llen(QUEUE_KEY).catch(() => 0);
+ if (queueLength === 0) return;
+
+ try {
+ await lockManager.withLock(
+ PROCESSOR_LOCK_KEY,
+ async () => {
+ for (let i = 0; i < BATCH_SIZE; i++) {
+ if (!redis || redis.status !== "ready") break;
+
+ const payload = await redis.lpop(QUEUE_KEY);
+ if (payload === null) break; // queue drained
+
+ let job: RebuildJob;
+ try {
+ job = JSON.parse(payload) as RebuildJob;
+ } catch {
+ logger.error(
+ `Rebuild queue: could not parse job payload, discarding: ${payload}`
+ );
+ continue;
+ }
+
+ // Remove from dedupe set once dequeued so the same job
+ // can be re-queued while this one is in progress.
+ await redis
+ .srem(QUEUED_SET_KEY, `${job.type}:${job.id}`)
+ .catch((cleanupErr) =>
+ logger.warn(
+ `Rebuild queue: failed to remove dedupe key for ${job.type}:${job.id} on dequeue:`,
+ cleanupErr
+ )
+ );
+
+ logger.debug(
+ `Rebuild queue: processing ${job.type}:${job.id}`
+ );
+
+ try {
+ if (job.type === "site-resource") {
+ await handlers.onSiteResource(job.id);
+ } else if (job.type === "client") {
+ await handlers.onClient(job.id);
+ } else {
+ logger.warn(
+ `Rebuild queue: unknown job type "${(job as any).type}", discarding`
+ );
+ }
+
+ logger.debug(
+ `Rebuild queue: completed ${job.type}:${job.id}`
+ );
+ } catch (err) {
+ const attempt = (job.attempt ?? 0) + 1;
+ if (
+ isTransientError(err) &&
+ attempt <= MAX_JOB_ATTEMPTS
+ ) {
+ const delay =
+ JOB_RETRY_BASE_DELAY_MS *
+ Math.pow(2, attempt - 1);
+ logger.warn(
+ `Rebuild queue: job ${job.type}:${job.id} hit a transient error (attempt ${attempt}/${MAX_JOB_ATTEMPTS}), re-queuing in ${delay}ms:`,
+ err
+ );
+ setTimeout(() => {
+ this.enqueue({ ...job, attempt }).catch(
+ (enqueueErr) =>
+ logger.error(
+ `Rebuild queue: failed to re-queue ${job.type}:${job.id} after transient error:`,
+ enqueueErr
+ )
+ );
+ }, delay);
+ } else {
+ logger.error(
+ `Rebuild queue: job ${job.type}:${job.id} threw an error:`,
+ err
+ );
+ }
+ }
+ }
+ },
+ PROCESSOR_LOCK_TTL_MS
+ );
+ } catch (err: any) {
+ if (
+ typeof err?.message === "string" &&
+ err.message.startsWith("Failed to acquire lock")
+ ) {
+ // Another server instance currently holds the processor lock and
+ // is consuming the queue — nothing to do this cycle.
+ logger.debug(
+ "Rebuild queue: processor lock held by another instance, skipping this cycle"
+ );
+ } else {
+ throw err;
+ }
+ }
+ }
+}
+
+export const rebuildQueue: RedisRebuildQueue = new RedisRebuildQueue();
diff --git a/server/private/lib/redis.ts b/server/private/lib/redis.ts
index 57e73474a..7ff24ba93 100644
--- a/server/private/lib/redis.ts
+++ b/server/private/lib/redis.ts
@@ -109,14 +109,14 @@ class RedisManager {
password: redisConfig.password,
db: redisConfig.db
};
-
+
// Enable TLS if configured (required for AWS ElastiCache in-transit encryption)
if (redisConfig.tls) {
opts.tls = {
rejectUnauthorized: redisConfig.tls.rejectUnauthorized ?? true
};
}
-
+
return opts;
}
@@ -135,14 +135,14 @@ class RedisManager {
password: replica.password,
db: replica.db || redisConfig.db
};
-
+
// Enable TLS if configured (required for AWS ElastiCache in-transit encryption)
if (redisConfig.tls) {
opts.tls = {
rejectUnauthorized: redisConfig.tls.rejectUnauthorized ?? true
};
}
-
+
return opts;
}
@@ -855,3 +855,225 @@ class RedisManager {
export const redisManager = new RedisManager();
export const redis = redisManager.getClient();
export default redisManager;
+
+/**
+ * Lightweight Redis manager for the regional (in-cluster) Redis instance.
+ * Connects only when `redis.regional_redis` is present in the private config
+ * and `flags.enable_redis` is true. No pub/sub — designed for low-latency
+ * caching of regionally-scoped data.
+ */
+class RegionalRedisManager {
+ private writeClient: Redis | null = null;
+ private readClient: Redis | null = null;
+ private isEnabled: boolean = false;
+ private isHealthy: boolean = false;
+ private connectionTimeout: number = 5000;
+ private commandTimeout: number = 5000;
+
+ constructor() {
+ if (build === "oss") return;
+
+ const cfg = privateConfig.getRawPrivateConfig();
+ if (!cfg.flags.enable_redis || !cfg.redis?.regional_redis) return;
+
+ this.isEnabled = true;
+ this.initializeClients();
+ }
+
+ private getConfig(): RedisOptions {
+ const r = privateConfig.getRawPrivateConfig().redis!.regional_redis!;
+ const opts: RedisOptions = {
+ host: r.host,
+ port: r.port,
+ password: r.password,
+ db: r.db
+ };
+ if (r.tls) {
+ opts.tls = { rejectUnauthorized: r.tls.rejectUnauthorized ?? true };
+ }
+ return opts;
+ }
+
+ // The regional Redis StatefulSet's "redis" service pins to pod redis-0
+ // (primary). The replica (redis-1) is only reachable through the
+ // per-pod headless service: ..svc.cluster.local ->
+ // redis-1.redis-headless..svc.cluster.local. Returns null
+ // if the configured host doesn't match that pattern (e.g. local dev),
+ // in which case callers should fall back to the primary for reads.
+ private getReplicaHost(primaryHost: string): string | null {
+ const match = primaryHost.match(/^redis\.([^.]+)\.svc\.cluster\.local$/);
+ if (!match) return null;
+ const namespace = match[1];
+ return `redis-1.redis-headless.${namespace}.svc.cluster.local`;
+ }
+
+ private initializeClients(): void {
+ const cfg = this.getConfig();
+ const baseOpts = {
+ ...cfg,
+ enableReadyCheck: false,
+ maxRetriesPerRequest: 3,
+ keepAlive: 10000,
+ connectTimeout: this.connectionTimeout,
+ commandTimeout: this.commandTimeout
+ };
+
+ try {
+ this.writeClient = new Redis(baseOpts);
+
+ const replicaHost = this.getReplicaHost(cfg.host!);
+ this.readClient = replicaHost
+ ? new Redis({ ...baseOpts, host: replicaHost })
+ : this.writeClient;
+
+ this.writeClient.on("ready", () => {
+ logger.info("Regional Redis write client ready");
+ this.isHealthy = true;
+ });
+ this.writeClient.on("error", (err) => {
+ logger.error("Regional Redis write client error:", err);
+ this.isHealthy = false;
+ });
+ this.writeClient.on("reconnecting", () => {
+ logger.info("Regional Redis write client reconnecting...");
+ this.isHealthy = false;
+ });
+
+ if (this.readClient !== this.writeClient) {
+ this.readClient.on("ready", () => {
+ logger.info("Regional Redis read client ready");
+ });
+ this.readClient.on("error", (err) => {
+ logger.error("Regional Redis read client error:", err);
+ });
+ this.readClient.on("reconnecting", () => {
+ logger.info("Regional Redis read client reconnecting...");
+ });
+ }
+
+ logger.info(
+ replicaHost
+ ? `Regional Redis client initialized (reads routed to replica ${replicaHost})`
+ : "Regional Redis client initialized (no replica resolvable, reads routed to primary)"
+ );
+ } catch (error) {
+ logger.error("Failed to initialize regional Redis client:", error);
+ this.isEnabled = false;
+ }
+ }
+
+ public isRedisEnabled(): boolean {
+ return this.isEnabled && this.writeClient !== null && this.isHealthy;
+ }
+
+ public getHealthStatus() {
+ return { isEnabled: this.isEnabled, isHealthy: this.isHealthy };
+ }
+
+ public async set(
+ key: string,
+ value: string,
+ ttl?: number
+ ): Promise {
+ if (!this.isRedisEnabled() || !this.writeClient) return false;
+ try {
+ if (ttl) {
+ await this.writeClient.setex(key, ttl, value);
+ } else {
+ await this.writeClient.set(key, value);
+ }
+ return true;
+ } catch (error) {
+ logger.error("Regional Redis SET error:", error);
+ return false;
+ }
+ }
+
+ public async get(key: string): Promise {
+ if (!this.isRedisEnabled() || !this.readClient) return null;
+ try {
+ return await this.readClient.get(key);
+ } catch (error) {
+ logger.error("Regional Redis GET error:", error);
+ return null;
+ }
+ }
+
+ public async del(key: string): Promise {
+ if (!this.isRedisEnabled() || !this.writeClient) return false;
+ try {
+ await this.writeClient.del(key);
+ return true;
+ } catch (error) {
+ logger.error("Regional Redis DEL error:", error);
+ return false;
+ }
+ }
+
+ public async keys(pattern: string): Promise {
+ if (!this.isRedisEnabled() || !this.readClient) return [];
+ try {
+ return await this.readClient.keys(pattern);
+ } catch (error) {
+ logger.error("Regional Redis KEYS error:", error);
+ return [];
+ }
+ }
+
+ public getClient(): Redis | null {
+ return this.writeClient;
+ }
+
+ public async hget(key: string, field: string): Promise {
+ if (!this.isRedisEnabled() || !this.readClient) return null;
+ try {
+ return await this.readClient.hget(key, field);
+ } catch (error) {
+ logger.error("Regional Redis HGET error:", error);
+ return null;
+ }
+ }
+
+ public async hset(
+ key: string,
+ field: string,
+ value: string
+ ): Promise {
+ if (!this.isRedisEnabled() || !this.writeClient) return false;
+ try {
+ await this.writeClient.hset(key, field, value);
+ return true;
+ } catch (error) {
+ logger.error("Regional Redis HSET error:", error);
+ return false;
+ }
+ }
+
+ public async hgetall(key: string): Promise> {
+ if (!this.isRedisEnabled() || !this.readClient) return {};
+ try {
+ return await this.readClient.hgetall(key);
+ } catch (error) {
+ logger.error("Regional Redis HGETALL error:", error);
+ return {};
+ }
+ }
+
+ public async disconnect(): Promise {
+ try {
+ if (this.readClient && this.readClient !== this.writeClient) {
+ await this.readClient.quit();
+ }
+ this.readClient = null;
+ if (this.writeClient) {
+ await this.writeClient.quit();
+ this.writeClient = null;
+ }
+ logger.info("Regional Redis client disconnected");
+ } catch (error) {
+ logger.error("Error disconnecting regional Redis client:", error);
+ }
+ }
+}
+
+export const regionalRedisManager = new RegionalRedisManager();
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 481192fb5..d47352e04 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -84,7 +84,8 @@ export async function getTraefikConfig(
filterOutNamespaceDomains = false,
generateLoginPageRouters = false,
allowRawResources = true,
- allowMaintenancePage = true
+ maintenancePageUiUrl: string | null = null,
+ browserGatewayUiUrl: string | null = null
): Promise {
// Get resources with their targets and sites in a single optimized query
// Start from sites on this exit node, then join to targets and resources
@@ -95,9 +96,7 @@ export async function getTraefikConfig(
resourceName: resources.name,
fullDomain: resources.fullDomain,
ssl: resources.ssl,
- http: resources.http,
proxyPort: resources.proxyPort,
- protocol: resources.protocol,
subdomain: resources.subdomain,
domainId: resources.domainId,
enabled: resources.enabled,
@@ -109,6 +108,7 @@ export async function getTraefikConfig(
proxyProtocol: resources.proxyProtocol,
proxyProtocolVersion: resources.proxyProtocolVersion,
wildcard: resources.wildcard,
+ mode: resources.mode,
maintenanceModeEnabled: resources.maintenanceModeEnabled,
maintenanceModeType: resources.maintenanceModeType,
@@ -171,8 +171,15 @@ export async function getTraefikConfig(
),
inArray(sites.type, siteTypes),
allowRawResources
- ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
- : eq(resources.http, true)
+ ? inArray(resources.mode, [
+ "http",
+ "udp",
+ "tcp",
+ "vnc",
+ "ssh",
+ "rdp"
+ ]) // allow all three
+ : inArray(resources.mode, ["http", "vnc", "ssh", "rdp"])
)
)
.orderBy(desc(targets.priority), targets.targetId); // stable ordering
@@ -180,7 +187,10 @@ export async function getTraefikConfig(
// Group by resource and include targets with their unique site data
const resourcesMap = new Map();
- resourcesWithTargetsAndSites.forEach((row) => {
+ for (const row of resourcesWithTargetsAndSites) {
+ if (!["http", "tcp", "udp"].includes(row.mode)) {
+ continue;
+ }
const resourceId = row.resourceId;
const resourceName = sanitize(row.resourceName) || "";
const targetPath = encodePath(row.path); // Use encodePath to avoid collisions (e.g. "/a/b" vs "/a-b")
@@ -190,7 +200,7 @@ export async function getTraefikConfig(
const priority = row.priority ?? 100;
if (filterOutNamespaceDomains && row.domainNamespaceId) {
- return;
+ continue;
}
// Create a unique key combining resourceId, path config, and rewrite config
@@ -217,7 +227,7 @@ export async function getTraefikConfig(
logger.debug(
`Invalid path rewrite configuration for resource ${resourceId}: ${validation.error}`
);
- return;
+ continue;
}
resourcesMap.set(mapKey, {
@@ -226,9 +236,8 @@ export async function getTraefikConfig(
key: key,
fullDomain: row.fullDomain,
ssl: row.ssl,
- http: row.http,
proxyPort: row.proxyPort,
- protocol: row.protocol,
+ mode: row.mode,
subdomain: row.subdomain,
domainId: row.domainId,
enabled: row.enabled,
@@ -275,14 +284,88 @@ export async function getTraefikConfig(
online: row.siteOnline
}
});
- });
+ }
+
+ // Group browser gateway targets by resource
+ type BrowserGatewayResourceEntry = {
+ resourceId: number;
+ name: string;
+ fullDomain: string | null;
+ ssl: boolean | null;
+ subdomain: string | null;
+ domainId: string | null;
+ enabled: boolean | null;
+ wildcard: boolean | null;
+ domainCertResolver: string | null;
+ preferWildcardCert: boolean | null;
+ maintenanceModeEnabled: boolean | null;
+ maintenanceModeType: string | null;
+ maintenanceTitle: string | null;
+ maintenanceMessage: string | null;
+ maintenanceEstimatedTime: string | null;
+ targets: {
+ targetId: number;
+ bgType: string;
+ siteId: number;
+ siteType: string;
+ siteOnline: boolean | null;
+ subnet: string | null;
+ }[];
+ };
+ const browserGatewayResourcesMap = new Map<
+ number,
+ BrowserGatewayResourceEntry
+ >();
+
+ if (browserGatewayUiUrl) {
+ for (const row of resourcesWithTargetsAndSites) {
+ if (!["ssh", "vnc", "rdp"].includes(row.mode)) {
+ continue;
+ }
+ if (filterOutNamespaceDomains && row.domainNamespaceId) {
+ continue;
+ }
+ if (!browserGatewayResourcesMap.has(row.resourceId)) {
+ browserGatewayResourcesMap.set(row.resourceId, {
+ resourceId: row.resourceId,
+ name: sanitize(row.resourceName) || "",
+ fullDomain: row.fullDomain,
+ ssl: row.ssl,
+ subdomain: row.subdomain,
+ domainId: row.domainId,
+ enabled: row.enabled,
+ wildcard: row.wildcard,
+ domainCertResolver: row.domainCertResolver,
+ preferWildcardCert: row.preferWildcardCert,
+ maintenanceModeEnabled: row.maintenanceModeEnabled,
+ maintenanceModeType: row.maintenanceModeType,
+ maintenanceTitle: row.maintenanceTitle,
+ maintenanceMessage: row.maintenanceMessage,
+ maintenanceEstimatedTime: row.maintenanceEstimatedTime,
+ targets: []
+ });
+ }
+ browserGatewayResourcesMap.get(row.resourceId)!.targets.push({
+ targetId: row.targetId,
+ bgType: row.mode,
+ siteId: row.siteId,
+ siteType: row.siteType,
+ siteOnline: row.siteOnline,
+ subnet: row.subnet
+ });
+ }
+ }
let siteResourcesWithFullDomain: {
siteResourceId: number;
fullDomain: string | null;
- mode: "http" | "host" | "cidr";
+ mode: "http" | "host" | "cidr" | "ssh";
}[] = [];
- if (build == "enterprise") {
+ if (
+ build == "enterprise" &&
+ !privateConfig.getRawPrivateConfig().flags
+ .disable_private_http_placeholder
+ ) {
// we dont want to do this on the cloud
// Query siteResources in HTTP mode with SSL enabled and aliases - cert generation / HTTPS edge
siteResourcesWithFullDomain = await db
@@ -324,6 +407,12 @@ export async function getTraefikConfig(
domains.add(sr.fullDomain);
}
}
+ // Include browser gateway resource domains
+ for (const bgResource of browserGatewayResourcesMap.values()) {
+ if (bgResource.enabled && bgResource.ssl && bgResource.fullDomain) {
+ domains.add(bgResource.fullDomain);
+ }
+ }
// get the valid certs for these domains
validCerts = await getValidCertificatesForDomains(domains, true); // we are caching here because this is called often
// logger.debug(`Valid certs for domains: ${JSON.stringify(validCerts)}`);
@@ -359,16 +448,29 @@ export async function getTraefikConfig(
const transportName = `${key}-transport`;
const headersMiddlewareName = `${key}-headers-middleware`;
+ logger.debug(
+ `Processing resource ${resource.name} with domain ${fullDomain} and ${targets.length} targets`
+ );
+
if (!resource.enabled) {
+ logger.debug(
+ `Resource ${resource.name} is disabled, skipping Traefik config`
+ );
continue;
}
- if (resource.http) {
+ if (resource.mode == "http") {
if (!resource.domainId) {
+ logger.debug(
+ `Resource ${resource.name} does not have a domainId, skipping Traefik config`
+ );
continue;
}
if (!resource.fullDomain) {
+ logger.debug(
+ `Resource ${resource.name} does not have a fullDomain, skipping Traefik config`
+ );
continue;
}
@@ -528,10 +630,11 @@ export async function getTraefikConfig(
}
}
- if (showMaintenancePage && allowMaintenancePage) {
+ if (showMaintenancePage && maintenancePageUiUrl) {
const maintenanceServiceName = `${key}-maintenance-service`;
const maintenanceRouterName = `${key}-maintenance-router`;
const rewriteMiddlewareName = `${key}-maintenance-rewrite`;
+ const maintenanceHeadersMiddlewareName = `${key}-maintenance-headers`;
const entrypointHttp =
config.getRawConfig().traefik.http_entrypoint;
@@ -544,15 +647,11 @@ export async function getTraefikConfig(
? `*.${domainParts.slice(1).join(".")}`
: fullDomain;
- const maintenancePort = config.getRawConfig().server.next_port;
- const maintenanceHost =
- config.getRawConfig().server.internal_hostname;
-
config_output.http.services[maintenanceServiceName] = {
loadBalancer: {
servers: [
{
- url: `http://${maintenanceHost}:${maintenancePort}`
+ url: maintenancePageUiUrl
}
],
passHostHeader: true
@@ -571,12 +670,26 @@ export async function getTraefikConfig(
}
};
+ config_output.http.middlewares[
+ maintenanceHeadersMiddlewareName
+ ] = {
+ headers: {
+ customRequestHeaders: {
+ Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+ "p-host": fullDomain
+ }
+ }
+ };
+
config_output.http.routers[maintenanceRouterName] = {
entryPoints: [
resource.ssl ? entrypointHttps : entrypointHttp
],
service: maintenanceServiceName,
- middlewares: [rewriteMiddlewareName],
+ middlewares: [
+ rewriteMiddlewareName,
+ maintenanceHeadersMiddlewareName
+ ],
rule: rule,
priority: 2000,
...(resource.ssl ? { tls } : {})
@@ -589,7 +702,8 @@ export async function getTraefikConfig(
resource.ssl ? entrypointHttps : entrypointHttp
],
service: maintenanceServiceName,
- rule: `${rule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`))`,
+ middlewares: [maintenanceHeadersMiddlewareName],
+ rule: `${rule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`)) `,
priority: 2001,
...(resource.ssl ? { tls } : {})
};
@@ -824,13 +938,13 @@ export async function getTraefikConfig(
serviceName
].loadBalancer.serversTransport = transportName;
}
- } else {
+ } else if (resource.mode == "tcp" || resource.mode == "udp") {
// Non-HTTP (TCP/UDP) configuration
if (!resource.enableProxy) {
continue;
}
- const protocol = resource.protocol.toLowerCase();
+ const protocol = resource.mode == "udp" ? "udp" : "tcp";
const port = resource.proxyPort;
if (!port) {
@@ -925,6 +1039,293 @@ export async function getTraefikConfig(
}
}
+ if (browserGatewayUiUrl) {
+ // Generate Traefik config for browser gateway resources
+ const browserGatewayPort = 39999;
+ for (const [, bgResource] of browserGatewayResourcesMap.entries()) {
+ if (!bgResource.enabled) continue;
+ if (!bgResource.domainId) continue;
+ if (!bgResource.fullDomain) continue;
+
+ if (!config_output.http.routers) config_output.http.routers = {};
+ if (!config_output.http.services) config_output.http.services = {};
+
+ const fullDomain = bgResource.fullDomain;
+ const additionalMiddlewares =
+ config.getRawConfig().traefik.additional_middlewares || [];
+ const routerMiddlewares = [
+ badgerMiddlewareName,
+ ...additionalMiddlewares
+ ];
+
+ const hostRule = `Host(\`${fullDomain}\`)`;
+
+ // Build TLS config
+ let tls = {};
+ if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
+ const domainParts = fullDomain.split(".");
+ let wildCard: string;
+ if (domainParts.length <= 2) {
+ wildCard = `*.${domainParts.join(".")}`;
+ } else {
+ wildCard = `*.${domainParts.slice(1).join(".")}`;
+ }
+ if (!bgResource.subdomain) {
+ wildCard = fullDomain;
+ }
+
+ const globalDefaultResolver =
+ config.getRawConfig().traefik.cert_resolver;
+ const globalDefaultPreferWildcard =
+ config.getRawConfig().traefik.prefer_wildcard_cert;
+ const resolverName = bgResource.domainCertResolver
+ ? bgResource.domainCertResolver.trim()
+ : globalDefaultResolver;
+ const preferWildcard =
+ bgResource.preferWildcardCert !== undefined &&
+ bgResource.preferWildcardCert !== null
+ ? bgResource.preferWildcardCert
+ : globalDefaultPreferWildcard;
+
+ tls = {
+ certResolver: resolverName,
+ ...(preferWildcard ? { domains: [{ main: wildCard }] } : {})
+ };
+ } else {
+ const matchingCert = validCerts.find(
+ (cert) => cert.queriedDomain === fullDomain
+ );
+ if (!matchingCert) {
+ logger.debug(
+ `No matching certificate found for browser gateway domain: ${fullDomain}`
+ );
+ continue;
+ }
+ }
+
+ const bgUiServiceName = `bg-r${bgResource.resourceId}-ui-service`;
+
+ if (bgResource.ssl) {
+ const redirectRouterName = `bg-r${bgResource.resourceId}-redirect`;
+ config_output.http.routers![redirectRouterName] = {
+ entryPoints: [
+ config.getRawConfig().traefik.http_entrypoint
+ ],
+ middlewares: [redirectHttpsMiddlewareName],
+ service: bgUiServiceName,
+ rule: hostRule,
+ priority: 100
+ };
+ }
+
+ // Collect online sites for this resource (for any type)
+ const anySiteOnline = bgResource.targets.some((t) => t.siteOnline);
+
+ // Maintenance page logic for browser gateway resources
+ let showBgMaintenancePage = false;
+ if (bgResource.maintenanceModeEnabled) {
+ if (bgResource.maintenanceModeType === "forced") {
+ showBgMaintenancePage = true;
+ } else if (bgResource.maintenanceModeType === "automatic") {
+ showBgMaintenancePage = !anySiteOnline;
+ }
+ }
+
+ if (showBgMaintenancePage && maintenancePageUiUrl) {
+ const bgMaintenanceServiceName = `bg-r${bgResource.resourceId}-maintenance-service`;
+ const bgMaintenanceRouterName = `bg-r${bgResource.resourceId}-maintenance-router`;
+ const bgRewriteMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-rewrite`;
+ const bgMaintenanceHeadersMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-headers`;
+
+ const entrypointHttp =
+ config.getRawConfig().traefik.http_entrypoint;
+ const entrypointHttps =
+ config.getRawConfig().traefik.https_entrypoint;
+
+ if (!config_output.http.services)
+ config_output.http.services = {};
+ if (!config_output.http.middlewares)
+ config_output.http.middlewares = {};
+ if (!config_output.http.routers)
+ config_output.http.routers = {};
+
+ config_output.http.services![bgMaintenanceServiceName] = {
+ loadBalancer: {
+ servers: [
+ {
+ url: maintenancePageUiUrl
+ }
+ ],
+ passHostHeader: true
+ }
+ };
+
+ config_output.http.middlewares![bgRewriteMiddlewareName] = {
+ replacePathRegex: {
+ regex: "^/(.*)",
+ replacement: "/maintenance-screen"
+ }
+ };
+
+ config_output.http.middlewares![
+ bgMaintenanceHeadersMiddlewareName
+ ] = {
+ headers: {
+ customRequestHeaders: {
+ Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+ "p-host": fullDomain
+ }
+ }
+ };
+
+ config_output.http.routers![bgMaintenanceRouterName] = {
+ entryPoints: [
+ bgResource.ssl ? entrypointHttps : entrypointHttp
+ ],
+ service: bgMaintenanceServiceName,
+ middlewares: [
+ bgRewriteMiddlewareName,
+ bgMaintenanceHeadersMiddlewareName
+ ],
+ rule: hostRule,
+ priority: 2000,
+ ...(bgResource.ssl ? { tls } : {})
+ };
+
+ config_output.http.routers![
+ `${bgMaintenanceRouterName}-assets`
+ ] = {
+ entryPoints: [
+ bgResource.ssl ? entrypointHttps : entrypointHttp
+ ],
+ service: bgMaintenanceServiceName,
+ middlewares: [bgMaintenanceHeadersMiddlewareName],
+ rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
+ priority: 2001,
+ ...(bgResource.ssl ? { tls } : {})
+ };
+
+ continue;
+ }
+
+ // Group targets by type and generate per-type websocket routers and services
+ const typeMap = new Map();
+ for (const t of bgResource.targets) {
+ if (!typeMap.has(t.bgType)) typeMap.set(t.bgType, []);
+ typeMap.get(t.bgType)!.push(t);
+ }
+
+ for (const [bgType, typedTargets] of typeMap.entries()) {
+ const bgKey = `bg-r${bgResource.resourceId}-${bgType}`;
+ const bgRouterName = `${bgKey}-router`;
+ const bgServiceName = `${bgKey}-service`;
+ const bgRule = `${hostRule} && PathPrefix(\`/gateway/${bgType}\`)`;
+
+ const servers = typedTargets
+ .filter((t) => {
+ if (!t.siteOnline && anySiteOnline) return false;
+ if (t.siteType === "newt") return !!t.subnet;
+ return false; // browser gateway only supported on newt sites
+ })
+ .map((t) => ({
+ url: `http://${t.subnet!.split("/")[0]}:${browserGatewayPort}`
+ }))
+ .filter(
+ (v, i, a) => a.findIndex((u) => u.url === v.url) === i
+ );
+
+ config_output.http.routers![bgRouterName] = {
+ entryPoints: [
+ bgResource.ssl
+ ? config.getRawConfig().traefik.https_entrypoint
+ : config.getRawConfig().traefik.http_entrypoint
+ ],
+ middlewares: routerMiddlewares,
+ service: bgServiceName,
+ rule: bgRule,
+ priority: 110, // highest - websocket path takes precedence
+ ...(bgResource.ssl ? { tls } : {})
+ };
+
+ config_output.http.services![bgServiceName] = {
+ loadBalancer: {
+ servers
+ }
+ };
+ }
+
+ // UI: serve the browser gateway page from the internal pangolin instance.
+ // The primary type is used for the path rewrite (e.g. /rdp), mirroring
+ // how the maintenance page rewrites everything to /maintenance-screen.
+ const primaryType = typeMap.keys().next().value as string;
+ const uiRewriteMiddlewareName = `bg-r${bgResource.resourceId}-ui-rewrite`;
+ const uiHeadersMiddlewareName = `bg-r${bgResource.resourceId}-ui-headers`;
+ const entrypoint = bgResource.ssl
+ ? config.getRawConfig().traefik.https_entrypoint
+ : config.getRawConfig().traefik.http_entrypoint;
+
+ if (!config_output.http.middlewares) {
+ config_output.http.middlewares = {};
+ }
+
+ config_output.http.middlewares![uiRewriteMiddlewareName] = {
+ replacePathRegex: {
+ regex: "^/(.*)",
+ replacement: `/${primaryType}`
+ }
+ };
+
+ config_output.http.middlewares![uiHeadersMiddlewareName] = {
+ headers: {
+ customRequestHeaders: {
+ Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+ "p-host": fullDomain
+ }
+ }
+ };
+
+ config_output.http.services![bgUiServiceName] = {
+ loadBalancer: {
+ servers: [
+ {
+ url: browserGatewayUiUrl
+ }
+ ]
+ }
+ };
+
+ // Assets router at higher priority so /_next files load without rewrite.
+ // Do NOT apply the path-rewrite middleware here — static assets must
+ // keep their original path; only the host headers are needed.
+ config_output.http.routers![
+ `bg-r${bgResource.resourceId}-assets-router`
+ ] = {
+ entryPoints: [entrypoint],
+ middlewares: [...routerMiddlewares, uiHeadersMiddlewareName],
+ service: bgUiServiceName,
+ rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
+ priority: 101,
+ ...(bgResource.ssl ? { tls } : {})
+ };
+
+ // Catch-all router rewrites everything on the domain to /{primaryType}
+ config_output.http.routers![
+ `bg-r${bgResource.resourceId}-ui-router`
+ ] = {
+ entryPoints: [entrypoint],
+ middlewares: [
+ ...routerMiddlewares,
+ uiRewriteMiddlewareName,
+ uiHeadersMiddlewareName
+ ],
+ service: bgUiServiceName,
+ rule: hostRule,
+ priority: 100,
+ ...(bgResource.ssl ? { tls } : {})
+ };
+ }
+ }
+
// Add Traefik routes for siteResource aliases (HTTP mode + SSL) so that
// Traefik generates TLS certificates for those domains even when no
// matching resource exists yet.
@@ -949,10 +1350,6 @@ export async function getTraefikConfig(
const siteResourceRouterName = `${srKey}-router`;
const siteResourceRewriteMiddlewareName = `${srKey}-rewrite`;
- const maintenancePort = config.getRawConfig().server.next_port;
- const maintenanceHost =
- config.getRawConfig().server.internal_hostname;
-
if (!config_output.http.routers) {
config_output.http.routers = {};
}
@@ -968,7 +1365,7 @@ export async function getTraefikConfig(
loadBalancer: {
servers: [
{
- url: `http://${maintenanceHost}:${maintenancePort}`
+ url: maintenancePageUiUrl
}
],
passHostHeader: true
@@ -1040,7 +1437,7 @@ export async function getTraefikConfig(
config_output.http.routers[`${siteResourceRouterName}-assets`] = {
entryPoints: [config.getRawConfig().traefik.https_entrypoint],
service: siteResourceServiceName,
- rule: `Host(\`${fullDomain}\`) && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`))`,
+ rule: `Host(\`${fullDomain}\`) && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
priority: 101,
tls
};
@@ -1143,7 +1540,7 @@ export async function getTraefikConfig(
config.getRawConfig().traefik.https_entrypoint
],
service: "landing-service",
- rule: `Host(\`${fullDomain}\`) && (PathRegexp(\`^/auth/resource/[^/]+$\`) || PathRegexp(\`^/auth/idp/[0-9]+/oidc/callback\`) || PathPrefix(\`/_next\`) || Path(\`/auth/org\`) || PathRegexp(\`^/__nextjs*\`))`,
+ rule: `Host(\`${fullDomain}\`) && (PathRegexp(\`^/auth/resource/[^/]+$\`) || PathRegexp(\`^/auth/idp/[0-9]+/oidc/callback\`) || PathPrefix(\`/_next\`) || Path(\`/auth/org\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
priority: 203,
tls: tls
};
diff --git a/server/private/middlewares/verifySubscription.ts b/server/private/middlewares/verifySubscription.ts
index 27bd25dfe..3ae01b338 100644
--- a/server/private/middlewares/verifySubscription.ts
+++ b/server/private/middlewares/verifySubscription.ts
@@ -17,6 +17,7 @@ import HttpCode from "@server/types/HttpCode";
import { build } from "@server/build";
import { getOrgTierData } from "#private/lib/billing";
import { Tier } from "@server/types/Tiers";
+import logger from "@server/logger";
export function verifyValidSubscription(tiers: Tier[]) {
return async function (
@@ -25,14 +26,14 @@ export function verifyValidSubscription(tiers: Tier[]) {
next: NextFunction
): Promise {
try {
- if (build != "saas") {
+ if (build !== "saas") {
return next();
}
const orgId =
- req.params.orgId ||
- req.body.orgId ||
- req.query.orgId ||
+ req.params?.orgId ||
+ req.body?.orgId ||
+ req.query?.orgId ||
req.userOrgId;
if (!orgId) {
@@ -65,6 +66,7 @@ export function verifyValidSubscription(tiers: Tier[]) {
return next();
} catch (e) {
+ logger.error(e);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
diff --git a/server/private/routers/alertRule/createAlertRule.ts b/server/private/routers/alertRule/createAlertRule.ts
index f4a11ad3d..7a46c84ff 100644
--- a/server/private/routers/alertRule/createAlertRule.ts
+++ b/server/private/routers/alertRule/createAlertRule.ts
@@ -208,7 +208,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/private/routers/alertRule/deleteAlertRule.ts b/server/private/routers/alertRule/deleteAlertRule.ts
index b475bb6c3..0439a6622 100644
--- a/server/private/routers/alertRule/deleteAlertRule.ts
+++ b/server/private/routers/alertRule/deleteAlertRule.ts
@@ -44,7 +44,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
@@ -112,4 +112,4 @@ export async function deleteAlertRule(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
-}
\ No newline at end of file
+}
diff --git a/server/private/routers/alertRule/getAlertRule.ts b/server/private/routers/alertRule/getAlertRule.ts
index dde9093fb..fcbd44f11 100644
--- a/server/private/routers/alertRule/getAlertRule.ts
+++ b/server/private/routers/alertRule/getAlertRule.ts
@@ -32,7 +32,10 @@ import { OpenAPITags, registry } from "@server/openApi";
import { and, eq } from "drizzle-orm";
import { decrypt } from "@server/lib/crypto";
import config from "@server/lib/config";
-import { GetAlertRuleResponse, WebhookAlertConfig } from "@server/routers/alertRule/types";
+import {
+ GetAlertRuleResponse,
+ WebhookAlertConfig
+} from "@server/routers/alertRule/types";
const paramsSchema = z
.object({
@@ -55,7 +58,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/private/routers/alertRule/listAlertRules.ts b/server/private/routers/alertRule/listAlertRules.ts
index 3931da44c..0fc720d66 100644
--- a/server/private/routers/alertRule/listAlertRules.ts
+++ b/server/private/routers/alertRule/listAlertRules.ts
@@ -101,7 +101,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/private/routers/auditLogs/exportAccessAuditLog.ts b/server/private/routers/auditLogs/exportAccessAuditLog.ts
index b83673b33..5c6240b2e 100644
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts
index 0d707c41e..112f03fb4 100644
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
diff --git a/server/private/routers/auditLogs/exportConnectionAuditLog.ts b/server/private/routers/auditLogs/exportConnectionAuditLog.ts
index 1115d23ad..a20d4052a 100644
--- a/server/private/routers/auditLogs/exportConnectionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportConnectionAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
content: {
"application/json": {
schema: z.object({
- data: z.unknown().nullable(),
+ data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
@@ -72,7 +72,9 @@ export async function exportConnectionAuditLogs(
);
}
- const parsedParams = queryConnectionAuditLogsParams.safeParse(req.params);
+ const parsedParams = queryConnectionAuditLogsParams.safeParse(
+ req.params
+ );
if (!parsedParams.success) {
return next(
createHttpError(
@@ -112,4 +114,4 @@ export async function exportConnectionAuditLogs(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
-}
\ No newline at end of file
+}
diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
index aacd37635..5fffa2b86 100644
--- a/server/private/routers/auditLogs/index.ts
+++ b/server/private/routers/auditLogs/index.ts
@@ -17,3 +17,4 @@ export * from "./queryAccessAuditLog";
export * from "./exportAccessAuditLog";
export * from "./queryConnectionAuditLog";
export * from "./exportConnectionAuditLog";
+export * from "./logAccessAuditAttempt";
diff --git a/server/private/routers/auditLogs/logAccessAuditAttempt.ts b/server/private/routers/auditLogs/logAccessAuditAttempt.ts
new file mode 100644
index 000000000..5b0fb9c92
--- /dev/null
+++ b/server/private/routers/auditLogs/logAccessAuditAttempt.ts
@@ -0,0 +1,95 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+import { logAccessAudit } from "#private/lib/logAccessAudit";
+
+export const logAccessAuditAttemptSchema = z.object({
+ resourceId: z.number().int().positive(),
+ action: z.boolean(),
+ type: z.enum(["login", "ssh", "vnc", "rdp"])
+});
+
+export const logAccessAuditAttemptParams = z.object({
+ orgId: z.string()
+});
+
+export async function logAccessAuditAttempt(
+ req: Request,
+ res: Response,
+ next: NextFunction
+): Promise {
+ try {
+ const parsedBody = logAccessAuditAttemptSchema.safeParse(req.body);
+ if (!parsedBody.success) {
+ return next(
+ createHttpError(
+ HttpCode.BAD_REQUEST,
+ fromError(parsedBody.error)
+ )
+ );
+ }
+ const parsedParams = logAccessAuditAttemptParams.safeParse(req.params);
+ if (!parsedParams.success) {
+ return next(
+ createHttpError(
+ HttpCode.BAD_REQUEST,
+ fromError(parsedParams.error)
+ )
+ );
+ }
+
+ const { orgId } = parsedParams.data;
+ const { resourceId, action, type } = parsedBody.data;
+
+ const username = req.user?.username;
+ const userId = req.user?.userId;
+
+ await logAccessAudit({
+ orgId: orgId,
+ resourceId: resourceId,
+ action: action,
+ ...(username && userId
+ ? {
+ user: {
+ username,
+ userId
+ }
+ }
+ : {}),
+ type: type,
+ userAgent: req.headers["user-agent"],
+ requestIp: req.ip
+ });
+
+ return response(res, {
+ data: null,
+ success: true,
+ error: false,
+ message: "Access audit attempt logged successfully",
+ status: HttpCode.OK
+ });
+ } catch (error) {
+ logger.error(error);
+ return next(
+ createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+ );
+ }
+}
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
index 570621216..9e819db64 100644
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -11,11 +11,18 @@
* This file is not licensed under the AGPLv3.
*/
-import { accessAuditLog, logsDb, resources, siteResources, db, primaryDb } from "@server/db";
+import {
+ accessAuditLog,
+ logsDb,
+ resources,
+ siteResources,
+ db,
+ primaryDb
+} from "@server/db";
import { registry } from "@server/openApi";
import { NextFunction } from "express";
import { Request, Response } from "express";
-import { eq, gt, lt, and, count, desc, inArray, isNull } from "drizzle-orm";
+import { eq, gt, lt, and, count, desc, inArray, isNull, or } from "drizzle-orm";
import { OpenAPITags } from "@server/openApi";
import { z } from "zod";
import createHttpError from "http-errors";
@@ -113,7 +120,10 @@ function getWhere(data: Q) {
lt(accessAuditLog.timestamp, data.timeEnd),
eq(accessAuditLog.orgId, data.orgId),
data.resourceId
- ? eq(accessAuditLog.resourceId, data.resourceId)
+ ? or(
+ eq(accessAuditLog.resourceId, data.resourceId),
+ eq(accessAuditLog.siteResourceId, data.resourceId)
+ )
: undefined,
data.actor ? eq(accessAuditLog.actor, data.actor) : undefined,
data.actorType
@@ -150,21 +160,30 @@ export function queryAccess(data: Q) {
.orderBy(desc(accessAuditLog.timestamp), desc(accessAuditLog.id));
}
-async function enrichWithResourceDetails(logs: Awaited>) {
+async function enrichWithResourceDetails(
+ logs: Awaited