Add fosrl

Merge pull request #1801 from fosrl/revert-1792-main
Revert "Refactor CI/CD workflow for improved release process"
2026-01-29 14:20:44 +00:00 · 2025-11-02 15:35:02 -08:00 · 2025-11-02 15:22:12 -08:00 · 2025-11-02 15:22:03 -08:00 · 2025-11-02 15:00:09 -08:00 · 2025-11-02 14:56:19 -08:00
533 changed files with 33917 additions and 13253 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -29,4 +29,6 @@ CONTRIBUTING.md
 dist
 .git
 migrations/
-config/
+config/
+build.ts
+tsconfig.json
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -1,34 +1,62 @@
 name: CI/CD Pipeline

+# CI/CD workflow for building, publishing, mirroring, signing container images and building release binaries.
+# Actions are pinned to specific SHAs to reduce supply-chain risk. This workflow triggers on tag push events.
+
+permissions:
+  contents: read
+  packages: write      # for GHCR push
+  id-token: write      # for Cosign Keyless (OIDC) Signing
+
+# Required secrets:
+# - DOCKER_HUB_USERNAME / DOCKER_HUB_ACCESS_TOKEN: push to Docker Hub
+# - GITHUB_TOKEN: used for GHCR login and OIDC keyless signing
+# - COSIGN_PRIVATE_KEY / COSIGN_PASSWORD / COSIGN_PUBLIC_KEY: for key-based signing
+
 on:
    push:
        tags:
-            - "*"
+            - "[0-9]+.[0-9]+.[0-9]+"
+            - "[0-9]+.[0-9]+.[0-9]+.rc.[0-9]+"
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true

 jobs:
    release:
        name: Build and Release
-        runs-on: ubuntu-latest
+        runs-on: [self-hosted, linux, x64]
+        # Job-level timeout to avoid runaway or stuck runs
+        timeout-minutes: 120
+        env:
+          # Target images
+          DOCKERHUB_IMAGE: docker.io/fosrl/${{ github.event.repository.name }}
+          GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}

        steps:
            - name: Checkout code
-              uses: actions/checkout@v5
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+              uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

            - name: Log in to Docker Hub
-              uses: docker/login-action@v3
+              uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
              with:
+                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
                  password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
            - name: Extract tag name
              id: get-tag
              run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+              shell: bash

            - name: Install Go
-              uses: actions/setup-go@v6
+              uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
              with:
                  go-version: 1.24

@@ -37,18 +65,21 @@ jobs:
                  TAG=${{ env.TAG }}
                  sed -i "s/export const APP_VERSION = \".*\";/export const APP_VERSION = \"$TAG\";/" server/lib/consts.ts
                  cat server/lib/consts.ts
+              shell: bash

            - name: Pull latest Gerbil version
              id: get-gerbil-tag
              run: |
                  LATEST_TAG=$(curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name')
                  echo "LATEST_GERBIL_TAG=$LATEST_TAG" >> $GITHUB_ENV
+              shell: bash

            - name: Pull latest Badger version
              id: get-badger-tag
              run: |
                  LATEST_TAG=$(curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name')
                  echo "LATEST_BADGER_TAG=$LATEST_TAG" >> $GITHUB_ENV
+              shell: bash

            - name: Update install/main.go
              run: |
@@ -60,6 +91,7 @@ jobs:
                  sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"$BADGER_VERSION\"/" install/main.go
                  echo "Updated install/main.go with Pangolin version $PANGOLIN_VERSION, Gerbil version $GERBIL_VERSION, and Badger version $BADGER_VERSION"
                  cat install/main.go
+              shell: bash

            - name: Build installer
              working-directory: install
@@ -67,12 +99,82 @@ jobs:
                  make go-build-release 

            - name: Upload artifacts from /install/bin
-              uses: actions/upload-artifact@v4
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
              with:
                  name: install-bin
                  path: install/bin/

-            - name: Build and push Docker images
+            - name: Build and push Docker images (Docker Hub)
              run: |
                  TAG=${{ env.TAG }}
                  make build-release tag=$TAG
+                  echo "Built & pushed to: ${{ env.DOCKERHUB_IMAGE }}:${TAG}"
+              shell: bash
+
+            - name: Install skopeo + jq
+              # skopeo: copy/inspect images between registries
+              # jq: JSON parsing tool used to extract digest values
+              run: |
+                  sudo apt-get update -y
+                  sudo apt-get install -y skopeo jq
+                  skopeo --version
+              shell: bash
+
+            - name: Login to GHCR
+              run: |
+                  skopeo login ghcr.io -u "${{ github.actor }}" -p "${{ secrets.GITHUB_TOKEN }}"
+              shell: bash
+
+            - name: Copy tag from Docker Hub to GHCR
+              # Mirror the already-built image (all architectures) to GHCR so we can sign it
+              run: |
+                  set -euo pipefail
+                  TAG=${{ env.TAG }}
+                  echo "Copying ${{ env.DOCKERHUB_IMAGE }}:${TAG} -> ${{ env.GHCR_IMAGE }}:${TAG}"
+                  skopeo copy --all --retry-times 3 \
+                    docker://$DOCKERHUB_IMAGE:$TAG \
+                    docker://$GHCR_IMAGE:$TAG
+              shell: bash
+
+            - name: Install cosign
+              # cosign is used to sign and verify container images (key and keyless)
+              uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+            - name: Dual-sign and verify (GHCR & Docker Hub)
+              # Sign each image by digest using keyless (OIDC) and key-based signing,
+              # then verify both the public key signature and the keyless OIDC signature.
+              env:
+                  TAG: ${{ env.TAG }}
+                  COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+                  COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+                  COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
+                  COSIGN_YES: "true"
+              run: |
+                  set -euo pipefail
+
+                  issuer="https://token.actions.githubusercontent.com"
+                  id_regex="^https://github.com/${{ github.repository }}/.+"  # accept this repo (all workflows/refs)
+
+                  for IMAGE in "${GHCR_IMAGE}" "${DOCKERHUB_IMAGE}"; do
+                    echo "Processing ${IMAGE}:${TAG}"
+
+                    DIGEST="$(skopeo inspect --retry-times 3 docker://${IMAGE}:${TAG} | jq -r '.Digest')"
+                    REF="${IMAGE}@${DIGEST}"
+                    echo "Resolved digest: ${REF}"
+
+                    echo "==> cosign sign (keyless) --recursive ${REF}"
+                    cosign sign --recursive "${REF}"
+
+                    echo "==> cosign sign (key) --recursive ${REF}"
+                    cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
+
+                    echo "==> cosign verify (public key) ${REF}"
+                    cosign verify --key env://COSIGN_PUBLIC_KEY "${REF}" -o text
+
+                    echo "==> cosign verify (keyless policy) ${REF}"
+                    cosign verify \
+                      --certificate-oidc-issuer "${issuer}" \
+                      --certificate-identity-regexp "${id_regex}" \
+                      "${REF}" -o text
+                  done
+              shell: bash
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,5 +1,8 @@
 name: ESLint

+permissions:
+  contents: read
+
 on:
    pull_request:
        paths:
@@ -18,10 +21,10 @@ jobs:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout code
-              uses: actions/checkout@v5
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

            - name: Set up Node.js
-              uses: actions/setup-node@v5
+              uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
              with:
                node-version: '22'

@@ -32,4 +35,4 @@ jobs:
              run: npm run set:oss

            - name: Run ESLint
-              run: npx eslint . --ext .js,.jsx,.ts,.tsx
+              run: npx eslint . --ext .js,.jsx,.ts,.tsx
--- a/.github/workflows/mirror.yaml
+++ b/.github/workflows/mirror.yaml
@@ -0,0 +1,132 @@
+name: Mirror & Sign (Docker Hub to GHCR)
+
+on:
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write   # for keyless OIDC
+
+env:
+  SOURCE_IMAGE: docker.io/fosrl/pangolin
+  DEST_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
+
+jobs:
+  mirror-and-dual-sign:
+    runs-on: amd64-runner
+    steps:
+      - name: Install skopeo + jq
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y skopeo jq
+          skopeo --version
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Input check
+        run: |
+          test -n "${SOURCE_IMAGE}" || (echo "SOURCE_IMAGE is empty" && exit 1)
+          echo "Source : ${SOURCE_IMAGE}"
+          echo "Target : ${DEST_IMAGE}"
+
+      # Auth for skopeo (containers-auth)
+      - name: Skopeo login to GHCR
+        run: |
+          skopeo login ghcr.io -u "${{ github.actor }}" -p "${{ secrets.GITHUB_TOKEN }}"
+
+      # Auth for cosign (docker-config)
+      - name: Docker login to GHCR (for cosign)
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
+
+      - name: List source tags
+        run: |
+          set -euo pipefail
+          skopeo list-tags --retry-times 3 docker://"${SOURCE_IMAGE}" \
+            | jq -r '.Tags[]' | sort -u > src-tags.txt
+          echo "Found source tags: $(wc -l < src-tags.txt)"
+          head -n 20 src-tags.txt || true
+
+      - name: List destination tags (skip existing)
+        run: |
+          set -euo pipefail
+          if skopeo list-tags --retry-times 3 docker://"${DEST_IMAGE}" >/tmp/dst.json 2>/dev/null; then
+            jq -r '.Tags[]' /tmp/dst.json | sort -u > dst-tags.txt
+          else
+            : > dst-tags.txt
+          fi
+          echo "Existing destination tags: $(wc -l < dst-tags.txt)"
+
+      - name: Mirror, dual-sign, and verify
+        env:
+          # keyless
+          COSIGN_YES: "true"
+          # key-based
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD:    ${{ secrets.COSIGN_PASSWORD }}
+          # verify
+          COSIGN_PUBLIC_KEY:  ${{ secrets.COSIGN_PUBLIC_KEY }}
+        run: |
+          set -euo pipefail
+          copied=0; skipped=0; v_ok=0; errs=0
+
+          issuer="https://token.actions.githubusercontent.com"
+          id_regex="^https://github.com/${{ github.repository }}/.+"
+
+          while read -r tag; do
+            [ -z "$tag" ] && continue
+
+            if grep -Fxq "$tag" dst-tags.txt; then
+              echo "::notice ::Skip (exists) ${DEST_IMAGE}:${tag}"
+              skipped=$((skipped+1))
+              continue
+            fi
+
+            echo "==> Copy ${SOURCE_IMAGE}:${tag} → ${DEST_IMAGE}:${tag}"
+            if ! skopeo copy --all --retry-times 3 \
+                 docker://"${SOURCE_IMAGE}:${tag}" docker://"${DEST_IMAGE}:${tag}"; then
+              echo "::warning title=Copy failed::${SOURCE_IMAGE}:${tag}"
+              errs=$((errs+1)); continue
+            fi
+            copied=$((copied+1))
+
+            digest="$(skopeo inspect --retry-times 3 docker://"${DEST_IMAGE}:${tag}" | jq -r '.Digest')"
+            ref="${DEST_IMAGE}@${digest}"
+
+            echo "==> cosign sign (keyless) --recursive ${ref}"
+            if ! cosign sign --recursive "${ref}"; then
+              echo "::warning title=Keyless sign failed::${ref}"
+              errs=$((errs+1))
+            fi
+
+            echo "==> cosign sign (key) --recursive ${ref}"
+            if ! cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${ref}"; then
+              echo "::warning title=Key sign failed::${ref}"
+              errs=$((errs+1))
+            fi
+
+            echo "==> cosign verify (public key) ${ref}"
+            if ! cosign verify --key env://COSIGN_PUBLIC_KEY "${ref}" -o text; then
+              echo "::warning title=Verify(pubkey) failed::${ref}"
+              errs=$((errs+1))
+            fi
+
+            echo "==> cosign verify (keyless policy) ${ref}"
+            if ! cosign verify \
+                 --certificate-oidc-issuer "${issuer}" \
+                 --certificate-identity-regexp "${id_regex}" \
+                 "${ref}" -o text; then
+              echo "::warning title=Verify(keyless) failed::${ref}"
+              errs=$((errs+1))
+            else
+              v_ok=$((v_ok+1))
+            fi
+          done < src-tags.txt
+
+          echo "---- Summary ----"
+          echo "Copied        : $copied"
+          echo "Skipped       : $skipped"
+          echo "Verified OK   : $v_ok"
+          echo "Errors        : $errs"
--- a/.github/workflows/stale-bot.yml
+++ b/.github/workflows/stale-bot.yml
@@ -14,7 +14,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
        with:
          days-before-stale: 14
          days-before-close: 14
@@ -34,4 +34,4 @@ jobs:
          operations-per-run: 100
          remove-stale-when-updated: true
          delete-branch: false
-          enable-statistics: true
+          enable-statistics: true
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,8 @@
 name: Run Tests

+permissions:
+  contents: read
+
 on:
  pull_request:
    branches:
@@ -11,9 +14,9 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: '22'

@@ -35,6 +38,9 @@ jobs:
      - name: Apply database migrations
        run: npm run db:sqlite:push

+      - name: Test with tsc
+        run: npx tsc --noEmit
+
      - name: Start app in background
        run: nohup npm run dev &

--- a/.gitignore
+++ b/.gitignore
@@ -47,4 +47,6 @@ server/db/index.ts
 server/build.ts
 postgres/
 dynamic/
-*.mmdb
+*.mmdb
+scratch/
+tsconfig.json
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,7 +4,7 @@ Contributions are welcome!

 Please see the contribution and local development guide on the docs page before getting started:

-https://docs.digpangolin.com/development/contributing
+https://docs.pangolin.net/development/contributing

 ### Licensing Considerations

--- a/24
+++ b/24
@@ -15,9 +15,29 @@ RUN echo "export * from \"./$DATABASE\";" > server/db/index.ts

 RUN echo "export const build = \"$BUILD\" as any;" > server/build.ts

-RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema.ts --out init; fi
+# Copy the appropriate TypeScript configuration based on build type
+RUN if [ "$BUILD" = "oss" ]; then cp tsconfig.oss.json tsconfig.json; \
+    elif [ "$BUILD" = "saas" ]; then cp tsconfig.saas.json tsconfig.json; \
+    elif [ "$BUILD" = "enterprise" ]; then cp tsconfig.enterprise.json tsconfig.json; \
+    fi
+
+# if the build is oss then remove the server/private directory
+RUN if [ "$BUILD" = "oss" ]; then rm -rf server/private; fi
+
+RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema --out init; fi
+
+RUN mkdir -p dist
+RUN npm run next:build
+RUN node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD
+RUN if [ "$DATABASE" = "pg" ]; then \
+        node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs; \
+    else \
+        node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs; \
+    fi
+
+# test to make sure the build output is there and error if not
+RUN test -f dist/server.mjs

-RUN npm run build:$DATABASE
 RUN npm run build:cli

 FROM node:22-alpine AS runner
--- a/50
+++ b/50
@@ -8,6 +8,7 @@ build-release:
 		exit 1; \
 	fi
 	docker buildx build \
+		--build-arg BUILD=oss \
 		--build-arg DATABASE=sqlite \
 		--platform linux/arm64,linux/amd64 \
 		--tag fosrl/pangolin:latest \
@@ -16,6 +17,7 @@ build-release:
 		--tag fosrl/pangolin:$(tag) \
 		--push .
 	docker buildx build \
+		--build-arg BUILD=oss \
 		--build-arg DATABASE=pg \
 		--platform linux/arm64,linux/amd64 \
 		--tag fosrl/pangolin:postgresql-latest \
@@ -23,6 +25,54 @@ build-release:
 		--tag fosrl/pangolin:postgresql-$(minor_tag) \
 		--tag fosrl/pangolin:postgresql-$(tag) \
 		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=sqlite \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-latest \
+		--tag fosrl/pangolin:ee-$(major_tag) \
+		--tag fosrl/pangolin:ee-$(minor_tag) \
+		--tag fosrl/pangolin:ee-$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=pg \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-postgresql-latest \
+		--tag fosrl/pangolin:ee-postgresql-$(major_tag) \
+		--tag fosrl/pangolin:ee-postgresql-$(minor_tag) \
+		--tag fosrl/pangolin:ee-postgresql-$(tag) \
+		--push .
+
+build-rc:
+	@if [ -z "$(tag)" ]; then \
+		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
+		exit 1; \
+	fi
+	docker buildx build \
+		--build-arg BUILD=oss \
+		--build-arg DATABASE=sqlite \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=oss \
+		--build-arg DATABASE=pg \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:postgresql-$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=sqlite \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=pg \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-postgresql-$(tag) \
+		--push .

 build-arm:
 	docker buildx build --platform linux/arm64 -t fosrl/pangolin:latest .
--- a/README.md
+++ b/README.md
@@ -1,157 +1,91 @@
 <div align="center">
    <h2>
-      <picture>
-          <source media="(prefers-color-scheme: dark)" srcset="public/logo/word_mark_white.png">
-          <img alt="Pangolin Logo" src="public/logo/word_mark_black.png" width="250">
+    <a href="https://pangolin.net/">
+        <picture>
+            <source media="(prefers-color-scheme: dark)" srcset="public/logo/word_mark_white.png">
+            <img alt="Pangolin Logo" src="public/logo/word_mark_black.png" width="350">
        </picture>
+    </a>
    </h2>
 </div>

-<h4 align="center">Secure gateway to your private networks</h4>
-<div align="center">
-
-_Pangolin tunnels your services to the internet so you can access anything from anywhere._
-
-</div>
-
 <div align="center">
  <h5>
-      <a href="https://digpangolin.com">
+      <a href="https://pangolin.net/">
        Website
      </a>
      <span> | </span>
-      <a href="https://docs.digpangolin.com/self-host/quick-install-managed">
-        Quick Install Guide
+      <a href="https://docs.pangolin.net/">
+        Documentation
      </a>
      <span> | </span>
-      <a href="mailto:contact@fossorial.io">
+      <a href="mailto:contact@pangolin.net">
        Contact Us
      </a>
-      <span> | </span>
-      <a href="https://digpangolin.com/slack">
-        Slack
-      </a>
-      <span> | </span>
-      <a href="https://discord.gg/HCJR8Xhme4">
-        Discord
-      </a>
  </h5>
+</div>

-[![Slack](https://img.shields.io/badge/chat-slack-yellow?style=flat-square&logo=slack)](https://digpangolin.com/slack)
+<div align="center">
+
+[![Discord](https://img.shields.io/discord/1325658630518865980?logo=discord&style=flat-square)](https://discord.gg/HCJR8Xhme4)
+[![Slack](https://img.shields.io/badge/chat-slack-yellow?style=flat-square&logo=slack)](https://pangolin.net/slack)
 [![Docker](https://img.shields.io/docker/pulls/fosrl/pangolin?style=flat-square)](https://hub.docker.com/r/fosrl/pangolin)
 ![Stars](https://img.shields.io/github/stars/fosrl/pangolin?style=flat-square)
-[![Discord](https://img.shields.io/discord/1325658630518865980?logo=discord&style=flat-square)](https://discord.gg/HCJR8Xhme4)
 [![YouTube](https://img.shields.io/badge/YouTube-red?logo=youtube&logoColor=white&style=flat-square)](https://www.youtube.com/@fossorial-app)

 </div>

 <p align="center">
    <strong>
-        Start testing Pangolin at <a href="https://pangolin.fossorial.io/auth/signup">pangolin.fossorial.io</a>
+        Start testing Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
    </strong>
 </p>

-Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
+Pangolin is a self-hosted tunneled reverse proxy server with identity and context aware access control, designed to easily expose and protect applications running anywhere. Pangolin acts as a central hub and connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports or requiring a VPN.

-<img src="public/screenshots/hero.png" alt="Preview"/>
+## Installation

-![gif](public/clip.gif)
+- Check out the [quick install guide](https://docs.pangolin.net/self-host/quick-install) for how to install and set up Pangolin.
+- Install from the [DigitalOcean marketplace](https://marketplace.digitalocean.com/apps/pangolin-ce-1?refcode=edf0480eeb81) for a one-click pre-configured installer.

-## Key Features
-
-### Reverse Proxy Through WireGuard Tunnel
-
- Expose private resources on your network **without opening ports** (firewall punching).
- Secure and easy to configure private connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
- Built-in support for any WireGuard client.
- Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
- Support for HTTP/HTTPS and **raw TCP/UDP services**.
- Load balancing.
- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock).
-    - **Automatically install and configure Crowdsec via Pangolin's installer script.**
- Attach as many sites to the central server as you wish.
-
-### Identity & Access Management
-
- Centralized authentication system using platform SSO. **Users will only have to manage one login.**
- **Define access control rules for IPs, IP ranges, and URL paths per resource.**
- TOTP with backup codes for two-factor authentication.
- Create organizations, each with multiple sites, users, and roles.
- **Role-based access control** to manage resource access permissions.
- Additional authentication options include:
-    - Email whitelisting with **one-time passcodes.**
-    - **Temporary, self-destructing share links.**
-    - Resource specific pin codes.
-    - Resource specific passwords.
-    - Passkeys
- External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
-    - Auto-provision users and roles from your IdP.
-
-<img src="public/auth-diagram1.png" alt="Auth and diagram"/>
-
-## Use Cases
-
-### Manage Access to Internal Apps
-
- Grant users access to your apps from anywhere using just a web browser. No client software required.
-
-### Developers and DevOps
-
- Expose and test internal tools and dashboards like **Grafana**. Bring localhost or private IPs online for easy access.
-
-### Secure API Gateway
-
- One application load balancer across multiple clouds and on-premises.
-
-### IoT and Edge Devices
-
- Easily expose **IoT devices**, **edge servers**, or **Raspberry Pi** to the internet for field equipment monitoring.
-
-<img src="public/screenshots/sites.png" alt="Sites"/>
+<img src="public/screenshots/hero.png" />

 ## Deployment Options

-### Fully Self Hosted
+| <img width=500 /> | Description |
+|-----------------|--------------|
+| **Self-Host: Community Edition** | Free, open source, and licensed under AGPL-3. |
+| **Self-Host: Enterprise Edition** | Licensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under \$100K USD annually. |
+| **Pangolin Cloud** | Fully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own [remote node](https://docs.pangolin.net/manage/remote-node/nodes) and connect to our control plane. |

-Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.digpangolin.com/self-host/quick-install) to get started.
+## Key Features

-> Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can get a [**VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**](https://my.racknerd.com/aff.php?aff=13788&pid=912). That's a great deal!
+Pangolin packages everything you need for seamless application access and exposure into one cohesive platform.

-### Pangolin Cloud
+| <img width=500 />                                                                                                                                                                                                                                                                                                                                                                | <img width=500 />                                                  |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
+| **Manage applications in one place**<br /><br /> Pangolin provides a unified dashboard where you can monitor, configure, and secure all of your services regardless of where they are hosted.                                                                                                                                                                                    | <img src="public/screenshots/hero.png" width=500 /><tr></tr> |
+| **Reverse proxy across networks anywhere**<br /><br />Route traffic via tunnels to any private network. Pangolin works like a reverse proxy that spans multiple networks and handles routing, load balancing, health checking, and more to the right services on the other end.                                                                                                  | <img src="public/screenshots/sites.png" width=500 /><tr></tr>          |
+| **Enforce identity and context aware rules**<br /><br />Protect your applications with identity and context aware rules such as SSO, OIDC, PIN, password, temporary share links, geolocation, IP, and more.                                                                                                                                                                                                | <img src="public/auth-diagram1.png" width=500 /><tr></tr>               |
+| **Quickly connect Pangolin sites**<br /><br />Pangolin's lightweight [Newt](https://github.com/fosrl/newt) client runs in userspace and can run anywhere. Use it as a site connector to route traffic to backends across all of your environments.                                                                                                                                                                                   | <img src="public/clip.gif" width=500 /><tr></tr>               |

-Easy to use with simple [pay as you go pricing](https://digpangolin.com/pricing). [Check it out here](https://pangolin.fossorial.io/auth/signup). 
+## Get Started

- Everything you get with self hosted Pangolin, but fully managed for you.
+### Check out the docs

-### Managed & High Availability
+We encourage everyone to read the full documentation first, which is
+available at [docs.pangolin.net](https://docs.pangolin.net). This README provides only a very brief subset of
+the docs to illustrate some basic ideas.

-Managed control plane, your infrastructure
+### Sign up and try now

- We manage database and control plane.
- You self-host lightweight exit-node.
- Traffic flows through your infra.
- We coordinate failover between your nodes or to Cloud when things go bad.
-
-Try it out using [Pangolin Cloud](https://pangolin.fossorial.io)
-
-### Full Enterprise On-Premises
-
-[Contact us](mailto:numbat@fossorial.io) for a full distributed and enterprise deployments on your infrastructure controlled by your team.
-
-## Project Development / Roadmap
-
-We want to hear your feature requests! Add them to the [discussion board](https://github.com/orgs/fosrl/discussions/categories/feature-requests).
+For Pangolin's managed service, you will first need to create an account at
+[app.pangolin.net](https://app.pangolin.net). We have a generous free tier to get started.

 ## Licensing

-Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us at [numbat@fossorial.io](mailto:numbat@fossorial.io).
+Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).

 ## Contributions

-Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22). Also take a look through the freature requests in Discussions - any are available and some are marked as a good first issue.
-
 Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices.
-
-Please post bug reports and other functional issues in the [Issues](https://github.com/fosrl/pangolin/issues) section of the repository.
-
-If you are looking to help with translations, please contribute [on Crowdin](https://crowdin.com/project/fossorial-pangolin) or open a PR with changes to the translations files found in `messages/`.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,7 +3,7 @@
 If you discover a security vulnerability, please follow the steps below to responsibly disclose it to us:

 1. **Do not create a public GitHub issue or discussion post.** This could put the security of other users at risk.
-2. Send a detailed report to [security@fossorial.io](mailto:security@fossorial.io) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
+2. Send a detailed report to [security@pangolin.net](mailto:security@pangolin.net) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:

 -   Description and location of the vulnerability.
 -   Potential impact of the vulnerability.
--- a/blueprint.py
+++ b/blueprint.py
@@ -8,7 +8,7 @@ import base64
 YAML_FILE_PATH = 'blueprint.yaml'

 # The API endpoint and headers from the curl request
-API_URL = 'http://api.pangolin.fossorial.io/v1/org/test/blueprint'
+API_URL = 'http://api.pangolin.net/v1/org/test/blueprint'
 HEADERS = {
    'accept': '*/*',
    'Authorization': 'Bearer <your_token_here>',
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -28,9 +28,9 @@ proxy-resources:
      # sso-roles:
      #   - Member
      # sso-users:
-      #   - owen@fossorial.io
+      #   - owen@pangolin.net
      # whitelist-users:
-      #   - owen@fossorial.io
+      #   - owen@pangolin.net
    headers:
      - name: X-Example-Header
        value: example-value
--- a/bruno/Auth/login.bru
+++ b/bruno/Auth/login.bru
@@ -12,7 +12,7 @@ post {

 body:json {
  {
-    "email": "owen@fossorial.io",
+    "email": "owen@pangolin.net",
    "password": "Password123!"
  }
 }
--- a/bruno/Auth/reset-password-request.bru
+++ b/bruno/Auth/reset-password-request.bru
@@ -12,6 +12,6 @@ post {

 body:json {
  {
-      "email": "milo@fossorial.io"
+      "email": "milo@pangolin.net"
  }
 }
--- a/bruno/Auth/signup.bru
+++ b/bruno/Auth/signup.bru
@@ -12,7 +12,7 @@ put {

 body:json {
  {
-    "email": "numbat@fossorial.io",
+    "email": "numbat@pangolin.net",
    "password": "Password123!"
  }
 }
--- a/cli/commands/setAdminCredentials.ts
+++ b/cli/commands/setAdminCredentials.ts
@@ -90,7 +90,8 @@ export const setAdminCredentials: CommandModule<{}, SetAdminCredentialsArgs> = {
                            passwordHash,
                            dateCreated: moment().toISOString(),
                            serverAdmin: true,
-                            emailVerified: true
+                            emailVerified: true,
+                            lastPasswordChange: new Date().getTime()
                        });

                        console.log("Server admin created");
--- a/config/config.example.yml
+++ b/config/config.example.yml
@@ -1,5 +1,5 @@
 # To see all available options, please visit the docs:
-# https://docs.digpangolin.com/self-host/advanced/config-file
+# https://docs.pangolin.net/self-host/advanced/config-file

 app:
  dashboard_url: http://localhost:3002
--- a/docker-compose.drizzle.yml
+++ b/docker-compose.drizzle.yml
@@ -0,0 +1,15 @@
+services:
+  drizzle-gateway:
+    image: ghcr.io/drizzle-team/gateway:latest
+    ports:
+      - "4984:4983"
+    depends_on:
+      - db
+    environment:
+      - STORE_PATH=/app
+      - DATABASE_URL=postgresql://postgres:password@db:5432/postgres
+    volumes:
+      - drizzle-gateway-data:/app
+
+volumes:
+  drizzle-gateway-data:
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -20,7 +20,7 @@ services:
      pangolin:
        condition: service_healthy
    command:
-      - --reachableAt=http://gerbil:3003
+      - --reachableAt=http://gerbil:3004
      - --generateAndSaveKeyTo=/var/config/key
      - --remoteConfig=http://pangolin:3001/api/v1/
    volumes:
--- a/docker-compose.pgr.yml
+++ b/docker-compose.pgr.yml
@@ -11,7 +11,7 @@ services:
      - ./config/postgres:/var/lib/postgresql/data
    ports:
      - "5432:5432" # Map host port 5432 to container port 5432
-    restart: no 
+    restart: no

  redis:
    image: redis:latest # Use the latest Redis image
--- a/drizzle.pg.config.ts
+++ b/drizzle.pg.config.ts
@@ -1,16 +1,9 @@
 import { defineConfig } from "drizzle-kit";
 import path from "path";
-import { build } from "@server/build";

-let schema;
-if (build === "oss") {
-    schema = [path.join("server", "db", "pg", "schema.ts")];
-} else {
-    schema = [
-        path.join("server", "db", "pg", "schema.ts"),
-        path.join("server", "db", "pg", "privateSchema.ts")
-    ];
-}
+const schema = [
+    path.join("server", "db", "pg", "schema"),
+];

 export default defineConfig({
    dialect: "postgresql",
--- a/drizzle.sqlite.config.ts
+++ b/drizzle.sqlite.config.ts
@@ -1,17 +1,10 @@
-import { build } from "@server/build";
 import { APP_PATH } from "@server/lib/consts";
 import { defineConfig } from "drizzle-kit";
 import path from "path";

-let schema;
-if (build === "oss") {
-    schema = [path.join("server", "db", "sqlite", "schema.ts")];
-} else {
-    schema = [
-        path.join("server", "db", "sqlite", "schema.ts"),
-        path.join("server", "db", "sqlite", "privateSchema.ts")
-    ];
-}
+const schema = [
+    path.join("server", "db", "sqlite", "schema"),
+];

 export default defineConfig({
    dialect: "sqlite",
--- a/esbuild.mjs
+++ b/esbuild.mjs
@@ -2,8 +2,9 @@ import esbuild from "esbuild";
 import yargs from "yargs";
 import { hideBin } from "yargs/helpers";
 import { nodeExternalsPlugin } from "esbuild-node-externals";
+import path from "path";
+import fs from "fs";
 // import { glob } from "glob";
-// import path from "path";

 const banner = `
 // patch __dirname
@@ -18,7 +19,7 @@ const require = topLevelCreateRequire(import.meta.url);
 `;

 const argv = yargs(hideBin(process.argv))
-    .usage("Usage: $0 -entry [string] -out [string]")
+    .usage("Usage: $0 -entry [string] -out [string] -build [string]")
    .option("entry", {
        alias: "e",
        describe: "Entry point file",
@@ -31,6 +32,13 @@ const argv = yargs(hideBin(process.argv))
        type: "string",
        demandOption: true,
    })
+    .option("build", {
+        alias: "b",
+        describe: "Build type (oss, saas, enterprise)",
+        type: "string",
+        choices: ["oss", "saas", "enterprise"],
+        default: "oss",
+    })
    .help()
    .alias("help", "h").argv;

@@ -46,6 +54,179 @@ function getPackagePaths() {
    return ["package.json"];
 }

+// Plugin to guard against bad imports from #private
+function privateImportGuardPlugin() {
+    return {
+        name: "private-import-guard",
+        setup(build) {
+            const violations = [];
+
+            build.onResolve({ filter: /^#private\// }, (args) => {
+                const importingFile = args.importer;
+
+                // Check if the importing file is NOT in server/private
+                const normalizedImporter = path.normalize(importingFile);
+                const isInServerPrivate = normalizedImporter.includes(path.normalize("server/private"));
+
+                if (!isInServerPrivate) {
+                    const violation = {
+                        file: importingFile,
+                        importPath: args.path,
+                        resolveDir: args.resolveDir
+                    };
+                    violations.push(violation);
+
+                    console.log(`PRIVATE IMPORT VIOLATION:`);
+                    console.log(`   File: ${importingFile}`);
+                    console.log(`   Import: ${args.path}`);
+                    console.log(`   Resolve dir: ${args.resolveDir || 'N/A'}`);
+                    console.log('');
+                }
+
+                // Return null to let the default resolver handle it
+                return null;
+            });
+
+            build.onEnd((result) => {
+                if (violations.length > 0) {
+                    console.log(`\nSUMMARY: Found ${violations.length} private import violation(s):`);
+                    violations.forEach((v, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), v.file)} imports ${v.importPath}`);
+                    });
+                    console.log('');
+
+                    result.errors.push({
+                        text: `Private import violations detected: ${violations.length} violation(s) found`,
+                        location: null,
+                        notes: violations.map(v => ({
+                            text: `${path.relative(process.cwd(), v.file)} imports ${v.importPath}`,
+                            location: null
+                        }))
+                    });
+                }
+            });
+        }
+    };
+}
+
+// Plugin to guard against bad imports from #private
+function dynamicImportGuardPlugin() {
+    return {
+        name: "dynamic-import-guard",
+        setup(build) {
+            const violations = [];
+
+            build.onResolve({ filter: /^#dynamic\// }, (args) => {
+                const importingFile = args.importer;
+
+                // Check if the importing file is NOT in server/private
+                const normalizedImporter = path.normalize(importingFile);
+                const isInServerPrivate = normalizedImporter.includes(path.normalize("server/private"));
+
+                if (isInServerPrivate) {
+                    const violation = {
+                        file: importingFile,
+                        importPath: args.path,
+                        resolveDir: args.resolveDir
+                    };
+                    violations.push(violation);
+
+                    console.log(`DYNAMIC IMPORT VIOLATION:`);
+                    console.log(`   File: ${importingFile}`);
+                    console.log(`   Import: ${args.path}`);
+                    console.log(`   Resolve dir: ${args.resolveDir || 'N/A'}`);
+                    console.log('');
+                }
+
+                // Return null to let the default resolver handle it
+                return null;
+            });
+
+            build.onEnd((result) => {
+                if (violations.length > 0) {
+                    console.log(`\nSUMMARY: Found ${violations.length} dynamic import violation(s):`);
+                    violations.forEach((v, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), v.file)} imports ${v.importPath}`);
+                    });
+                    console.log('');
+
+                    result.errors.push({
+                        text: `Dynamic import violations detected: ${violations.length} violation(s) found`,
+                        location: null,
+                        notes: violations.map(v => ({
+                            text: `${path.relative(process.cwd(), v.file)} imports ${v.importPath}`,
+                            location: null
+                        }))
+                    });
+                }
+            });
+        }
+    };
+}
+
+// Plugin to dynamically switch imports based on build type
+function dynamicImportSwitcherPlugin(buildValue) {
+    return {
+        name: "dynamic-import-switcher",
+        setup(build) {
+            const switches = [];
+
+            build.onStart(() => {
+                console.log(`Dynamic import switcher using build type: ${buildValue}`);
+            });
+
+            build.onResolve({ filter: /^#dynamic\// }, (args) => {
+                // Extract the path after #dynamic/
+                const dynamicPath = args.path.replace(/^#dynamic\//, '');
+
+                // Determine the replacement based on build type
+                let replacement;
+                if (buildValue === "oss") {
+                    replacement = `#open/${dynamicPath}`;
+                } else if (buildValue === "saas" || buildValue === "enterprise") {
+                    replacement = `#closed/${dynamicPath}`; // We use #closed here so that the route guards dont complain after its been changed but this is the same as #private
+                } else {
+                    console.warn(`Unknown build type '${buildValue}', defaulting to #open/`);
+                    replacement = `#open/${dynamicPath}`;
+                }
+
+                const switchInfo = {
+                    file: args.importer,
+                    originalPath: args.path,
+                    replacementPath: replacement,
+                    buildType: buildValue
+                };
+                switches.push(switchInfo);
+
+                console.log(`DYNAMIC IMPORT SWITCH:`);
+                console.log(`   File: ${args.importer}`);
+                console.log(`   Original: ${args.path}`);
+                console.log(`   Switched to: ${replacement} (build: ${buildValue})`);
+                console.log('');
+
+                // Rewrite the import path and let the normal resolution continue
+                return build.resolve(replacement, {
+                    importer: args.importer,
+                    namespace: args.namespace,
+                    resolveDir: args.resolveDir,
+                    kind: args.kind
+                });
+            });
+
+            build.onEnd((result) => {
+                if (switches.length > 0) {
+                    console.log(`\nDYNAMIC IMPORT SUMMARY: Switched ${switches.length} import(s) for build type '${buildValue}':`);
+                    switches.forEach((s, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), s.file)}`);
+                        console.log(`      ${s.originalPath} → ${s.replacementPath}`);
+                    });
+                    console.log('');
+                }
+            });
+        }
+    };
+}
+
 esbuild
    .build({
        entryPoints: [argv.entry],
@@ -59,6 +240,9 @@ esbuild
        platform: "node",
        external: ["body-parser"],
        plugins: [
+            privateImportGuardPlugin(),
+            dynamicImportGuardPlugin(),
+            dynamicImportSwitcherPlugin(argv.build),
            nodeExternalsPlugin({
                packagePath: getPackagePaths(),
            }),
@@ -66,7 +250,27 @@ esbuild
        sourcemap: "inline",
        target: "node22",
    })
-    .then(() => {
+    .then((result) => {
+        // Check if there were any errors in the build result
+        if (result.errors && result.errors.length > 0) {
+            console.error(`Build failed with ${result.errors.length} error(s):`);
+            result.errors.forEach((error, i) => {
+                console.error(`${i + 1}. ${error.text}`);
+                if (error.notes) {
+                    error.notes.forEach(note => {
+                        console.error(`   - ${note.text}`);
+                    });
+                }
+            });
+
+            // remove the output file if it was created
+            if (fs.existsSync(argv.out)) {
+                fs.unlinkSync(argv.out);
+            }
+
+            process.exit(1);
+        }
+
        console.log("Build completed successfully");
    })
    .catch((error) => {
--- a/install/Makefile
+++ b/install/Makefile
@@ -18,7 +18,11 @@ put-back:
 	mv main.go.bak main.go

 dev-update-versions:
-	PANGOLIN_VERSION=$$(curl -s https://api.github.com/repos/fosrl/pangolin/tags | jq -r '.[0].name') && \
+	if [ -z "$(tag)" ]; then \
+		PANGOLIN_VERSION=$$(curl -s https://api.github.com/repos/fosrl/pangolin/tags | jq -r '.[0].name'); \
+	else \
+		PANGOLIN_VERSION=$(tag); \
+	fi && \
 	GERBIL_VERSION=$$(curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name') && \
 	BADGER_VERSION=$$(curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name') && \
 	echo "Latest versions - Pangolin: $$PANGOLIN_VERSION, Gerbil: $$GERBIL_VERSION, Badger: $$BADGER_VERSION" && \
--- a/install/config/config.yml
+++ b/install/config/config.yml
@@ -1,15 +1,10 @@
 # To see all available options, please visit the docs:
-# https://docs.digpangolin.com/self-host/advanced/config-file 
+# https://docs.pangolin.net/

 gerbil:
    start_port: 51820
    base_endpoint: "{{.DashboardDomain}}"
-{{if .HybridMode}}
-managed:
-    id: "{{.HybridId}}"
-    secret: "{{.HybridSecret}}"
-  
-{{else}}
+
 app:
    dashboard_url: "https://{{.DashboardDomain}}"
    log_level: "info"
@@ -19,7 +14,6 @@ app:
 domains:
    domain1:
        base_domain: "{{.BaseDomain}}"
-        cert_resolver: "letsencrypt"

 server:
    secret: "{{.Secret}}"
@@ -28,6 +22,7 @@ server:
        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
        allowed_headers: ["X-CSRF-Token", "Content-Type"]
        credentials: false
+    {{if .EnableGeoblocking}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
 {{if .EnableEmail}}
 email:
    smtp_host: "{{.EmailSMTPHost}}"
@@ -41,4 +36,3 @@ flags:
    disable_signup_without_invite: true
    disable_user_create_org: false
    allow_raw_resources: true
-{{end}}
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -6,8 +6,6 @@ services:
    restart: unless-stopped
    volumes:
      - ./config:/app/config
-      - pangolin-data:/var/certificates
-      - pangolin-data:/var/dynamic
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "10s"
@@ -22,7 +20,7 @@ services:
      pangolin:
        condition: service_healthy
    command:
-      - --reachableAt=http://gerbil:3003
+      - --reachableAt=http://gerbil:3004
      - --generateAndSaveKeyTo=/var/config/key
      - --remoteConfig=http://pangolin:3001/api/v1/
    volumes:
@@ -33,7 +31,7 @@ services:
    ports:
      - 51820:51820/udp
      - 21820:21820/udp
-      - 443:{{if .HybridMode}}8443{{else}}443{{end}}
+      - 443:443
      - 80:80
 {{end}}
  traefik:
@@ -56,15 +54,9 @@ services:
      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
-      # Shared volume for certificates and dynamic config in file mode 
-      - pangolin-data:/var/certificates:ro
-      - pangolin-data:/var/dynamic:ro

 networks:
  default:
    driver: bridge
    name: pangolin
-{{if .EnableIPv6}}    enable_ipv6: true{{end}}
-
-volumes:
-  pangolin-data:
+{{if .EnableIPv6}}    enable_ipv6: true{{end}}
--- a/install/config/traefik/dynamic_config.yml
+++ b/install/config/traefik/dynamic_config.yml
@@ -51,3 +51,12 @@ http:
      loadBalancer:
        servers:
          - url: "http://pangolin:3000"  # API/WebSocket server
+
+tcp:
+  serversTransports:
+    pp-transport-v1:
+      proxyProtocol:
+        version: 1
+    pp-transport-v2:
+      proxyProtocol:
+        version: 2
--- a/install/config/traefik/traefik_config.yml
+++ b/install/config/traefik/traefik_config.yml
@@ -3,17 +3,12 @@ api:
  dashboard: true

 providers:
-{{if not .HybridMode}}
  http:
    endpoint: "http://pangolin:3001/api/v1/traefik-config"
    pollInterval: "5s"
  file:
    filename: "/etc/traefik/dynamic_config.yml"
-{{else}}
-  file:
-    directory: "/var/dynamic"
-    watch: true
-{{end}}
+
 experimental:
  plugins:
    badger:
@@ -27,7 +22,7 @@ log:
  maxBackups: 3
  maxAge: 3
  compress: true
-{{if not .HybridMode}}
+
 certificatesResolvers:
  letsencrypt:
    acme:
@@ -36,22 +31,18 @@ certificatesResolvers:
      email: "{{.LetsEncryptEmail}}"
      storage: "/letsencrypt/acme.json"
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-{{end}}
+
 entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
-{{if .HybridMode}}    proxyProtocol:
-      trustedIPs:
-        - 0.0.0.0/0
-        - ::1/128{{end}}
    transport:
      respondingTimeouts:
        readTimeout: "30m"
-{{if not .HybridMode}}    http:
+    http:
      tls:
-        certResolver: "letsencrypt"{{end}}
+        certResolver: "letsencrypt"

 serversTransport:
  insecureSkipVerify: true
--- a/install/get-installer.sh
+++ b/install/get-installer.sh
@@ -0,0 +1,180 @@
+#!/bin/bash
+
+# Get installer - Cross-platform installation script
+# Usage: curl -fsSL https://raw.githubusercontent.com/fosrl/installer/refs/heads/main/get-installer.sh | bash
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# GitHub repository info
+REPO="fosrl/pangolin"
+GITHUB_API_URL="https://api.github.com/repos/${REPO}/releases/latest"
+
+# Function to print colored output
+print_status() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Function to get latest version from GitHub API
+get_latest_version() {
+    local latest_info
+    
+    if command -v curl >/dev/null 2>&1; then
+        latest_info=$(curl -fsSL "$GITHUB_API_URL" 2>/dev/null)
+    elif command -v wget >/dev/null 2>&1; then
+        latest_info=$(wget -qO- "$GITHUB_API_URL" 2>/dev/null)
+    else
+        print_error "Neither curl nor wget is available. Please install one of them." >&2
+        exit 1
+    fi
+    
+    if [ -z "$latest_info" ]; then
+        print_error "Failed to fetch latest version information" >&2
+        exit 1
+    fi
+    
+    # Extract version from JSON response (works without jq)
+    local version=$(echo "$latest_info" | grep '"tag_name"' | head -1 | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/')
+    
+    if [ -z "$version" ]; then
+        print_error "Could not parse version from GitHub API response" >&2
+        exit 1
+    fi
+    
+    # Remove 'v' prefix if present
+    version=$(echo "$version" | sed 's/^v//')
+    
+    echo "$version"
+}
+
+# Detect OS and architecture
+detect_platform() {
+    local os arch
+    
+    # Detect OS - only support Linux
+    case "$(uname -s)" in
+        Linux*)     os="linux" ;;
+        *)
+            print_error "Unsupported operating system: $(uname -s). Only Linux is supported."
+            exit 1
+            ;;
+    esac
+    
+    # Detect architecture - only support amd64 and arm64
+    case "$(uname -m)" in
+        x86_64|amd64)   arch="amd64" ;;
+        arm64|aarch64)  arch="arm64" ;;
+        *)
+            print_error "Unsupported architecture: $(uname -m). Only amd64 and arm64 are supported on Linux."
+            exit 1
+            ;;
+    esac
+    
+    echo "${os}_${arch}"
+}
+
+# Get installation directory
+get_install_dir() {
+    # Install to the current directory 
+    local install_dir="$(pwd)"
+    if [ ! -d "$install_dir" ]; then
+        print_error "Installation directory does not exist: $install_dir"
+        exit 1
+    fi
+    echo "$install_dir"
+}
+
+# Download and install installer
+install_installer() {
+    local platform="$1"
+    local install_dir="$2"
+    local binary_name="installer_${platform}"
+    
+    local download_url="${BASE_URL}/${binary_name}"
+    local temp_file="/tmp/installer"
+    local final_path="${install_dir}/installer"
+    
+    print_status "Downloading installer from ${download_url}"
+    
+    # Download the binary
+    if command -v curl >/dev/null 2>&1; then
+        curl -fsSL "$download_url" -o "$temp_file"
+    elif command -v wget >/dev/null 2>&1; then
+        wget -q "$download_url" -O "$temp_file"
+    else
+        print_error "Neither curl nor wget is available. Please install one of them."
+        exit 1
+    fi
+    
+    # Create install directory if it doesn't exist
+    mkdir -p "$install_dir"
+    
+    # Move binary to install directory
+    mv "$temp_file" "$final_path"
+    
+    # Make executable
+    chmod +x "$final_path"
+    
+    print_status "Installer downloaded to ${final_path}"
+}
+
+# Verify installation
+verify_installation() {
+    local install_dir="$1"
+    local installer_path="${install_dir}/installer"
+    
+    if [ -f "$installer_path" ] && [ -x "$installer_path" ]; then
+        print_status "Installation successful!"
+        return 0
+    else
+        print_error "Installation failed. Binary not found or not executable."
+        return 1
+    fi
+}
+
+# Main installation process
+main() {
+    print_status "Installing latest version of installer..."
+    
+    # Get latest version
+    print_status "Fetching latest version from GitHub..."
+    VERSION=$(get_latest_version)
+    print_status "Latest version: v${VERSION}"
+    
+    # Set base URL with the fetched version
+    BASE_URL="https://github.com/${REPO}/releases/download/${VERSION}"
+    
+    # Detect platform
+    PLATFORM=$(detect_platform)
+    print_status "Detected platform: ${PLATFORM}"
+    
+    # Get install directory
+    INSTALL_DIR=$(get_install_dir)
+    print_status "Install directory: ${INSTALL_DIR}"
+    
+    # Install installer
+    install_installer "$PLATFORM" "$INSTALL_DIR"
+    
+    # Verify installation
+    if verify_installation "$INSTALL_DIR"; then
+        print_status "Installer is ready to use!"
+    else
+        exit 1
+    fi
+}
+
+# Run main function
+main "$@"
--- a/install/go.mod
+++ b/install/go.mod
@@ -3,8 +3,8 @@ module installer
 go 1.24.0

 require (
-	golang.org/x/term v0.35.0
+	golang.org/x/term v0.36.0
 	gopkg.in/yaml.v3 v3.0.1
 )

-require golang.org/x/sys v0.36.0 // indirect
+require golang.org/x/sys v0.37.0 // indirect
--- a/install/go.sum
+++ b/install/go.sum
@@ -1,7 +1,7 @@
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/install/main.go
+++ b/install/main.go
@@ -2,7 +2,6 @@ package main

 import (
 	"bufio"
-	"bytes"
 	"embed"
 	"fmt"
 	"io"
@@ -48,10 +47,8 @@ type Config struct {
 	InstallGerbil             bool
 	TraefikBouncerKey         string
 	DoCrowdsecInstall         bool
+	EnableGeoblocking         bool
 	Secret                    string
-	HybridMode                bool
-	HybridId                  string
-	HybridSecret              string
 }

 type SupportedContainer string
@@ -98,24 +95,6 @@ func main() {

 		fmt.Println("\n=== Generating Configuration Files ===")

-		// If the secret and id are not generated then generate them
-		if config.HybridMode && (config.HybridId == "" || config.HybridSecret == "") {
-			// fmt.Println("Requesting hybrid credentials from cloud...")
-			credentials, err := requestHybridCredentials()
-			if err != nil {
-				fmt.Printf("Error requesting hybrid credentials: %v\n", err)
-				fmt.Println("Please obtain credentials manually from the dashboard and run the installer again.")
-				os.Exit(1)
-			}
-			config.HybridId = credentials.RemoteExitNodeId
-			config.HybridSecret = credentials.Secret
-			fmt.Printf("Your managed credentials have been obtained successfully.\n")
-			fmt.Printf("	ID:     %s\n", config.HybridId)
-			fmt.Printf("	Secret: %s\n", config.HybridSecret)
-			fmt.Println("Take these to the Pangolin dashboard https://pangolin.fossorial.io to adopt your node.")
-			readBool(reader, "Have you adopted your node?", true)
-		}
-
 		if err := createConfigFiles(config); err != nil {
 			fmt.Printf("Error creating config files: %v\n", err)
 			os.Exit(1)
@@ -125,6 +104,15 @@ func main() {

 		fmt.Println("\nConfiguration files created successfully!")

+		// Download MaxMind database if requested
+		if config.EnableGeoblocking {
+			fmt.Println("\n=== Downloading MaxMind Database ===")
+			if err := downloadMaxMindDatabase(); err != nil {
+				fmt.Printf("Error downloading MaxMind database: %v\n", err)
+				fmt.Println("You can download it manually later if needed.")
+			}
+		}
+
 		fmt.Println("\n=== Starting installation ===")

 		if readBool(reader, "Would you like to install and start the containers?", true) {
@@ -172,9 +160,34 @@ func main() {
 	} else {
 		alreadyInstalled = true
 		fmt.Println("Looks like you already installed Pangolin!")
+		
+		// Check if MaxMind database exists and offer to update it
+		fmt.Println("\n=== MaxMind Database Update ===")
+		if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
+			fmt.Println("MaxMind GeoLite2 Country database found.")
+			if readBool(reader, "Would you like to update the MaxMind database to the latest version?", false) {
+				if err := downloadMaxMindDatabase(); err != nil {
+					fmt.Printf("Error updating MaxMind database: %v\n", err)
+					fmt.Println("You can try updating it manually later if needed.")
+				}
+			}
+		} else {
+			fmt.Println("MaxMind GeoLite2 Country database not found.")
+			if readBool(reader, "Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
+				if err := downloadMaxMindDatabase(); err != nil {
+					fmt.Printf("Error downloading MaxMind database: %v\n", err)
+					fmt.Println("You can try downloading it manually later if needed.")
+				}
+				// Now you need to update your config file accordingly to enable geoblocking
+				fmt.Println("Please remember to update your config/config.yml file to enable geoblocking! \n")
+				// add   maxmind_db_path: "./config/GeoLite2-Country.mmdb" under server
+				fmt.Println("Add the following line under the 'server' section:")
+				fmt.Println("  maxmind_db_path: \"./config/GeoLite2-Country.mmdb\"")
+			}
+		}
 	}

-	if !checkIsCrowdsecInstalledInCompose() && !checkIsPangolinInstalledWithHybrid() {
+	if !checkIsCrowdsecInstalledInCompose() {
 		fmt.Println("\n=== CrowdSec Install ===")
 		// check if crowdsec is installed
 		if readBool(reader, "Would you like to install CrowdSec?", false) {
@@ -230,7 +243,7 @@ func main() {
 		}
 	}

-	if !config.HybridMode && !alreadyInstalled {
+	if !alreadyInstalled {
 		// Setup Token Section
 		fmt.Println("\n=== Setup Token ===")

@@ -251,9 +264,7 @@ func main() {

 	fmt.Println("\nInstallation complete!")

-	if !config.HybridMode && !checkIsPangolinInstalledWithHybrid() {
-		fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
-	}
+	fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
 }

 func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
@@ -328,66 +339,38 @@ func collectUserInput(reader *bufio.Reader) Config {

 	// Basic configuration
 	fmt.Println("\n=== Basic Configuration ===")
-	for {
-		response := readString(reader, "Do you want to install Pangolin as a cloud-managed (beta) node? (yes/no)", "")
-		if strings.EqualFold(response, "yes") || strings.EqualFold(response, "y") {
-			config.HybridMode = true
-			break
-		} else if strings.EqualFold(response, "no") || strings.EqualFold(response, "n") {
-			config.HybridMode = false
-			break
-		}
-		fmt.Println("Please answer 'yes' or 'no'")
+
+	config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
+
+	// Set default dashboard domain after base domain is collected
+	defaultDashboardDomain := ""
+	if config.BaseDomain != "" {
+		defaultDashboardDomain = "pangolin." + config.BaseDomain
+	}
+	config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
+	config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
+	config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
+
+	// Email configuration
+	fmt.Println("\n=== Email Configuration ===")
+	config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
+
+	if config.EnableEmail {
+		config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
+		config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
+		config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
+		config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
+		config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
 	}

-	if config.HybridMode {
-		alreadyHaveCreds := readBool(reader, "Do you already have credentials from the dashboard? If not, we will create them later", false)
-
-		if alreadyHaveCreds {
-			config.HybridId = readString(reader, "Enter your ID", "")
-			config.HybridSecret = readString(reader, "Enter your secret", "")
-		}
-
-		// Try to get public IP as default
-		publicIP := getPublicIP()
-		if publicIP != "" {
-			fmt.Printf("Detected public IP: %s\n", publicIP)
-		}
-		config.DashboardDomain = readString(reader, "The public addressable IP address for this node or a domain pointing to it", publicIP)
-		config.InstallGerbil = true
-	} else {
-		config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
-
-		// Set default dashboard domain after base domain is collected
-		defaultDashboardDomain := ""
-		if config.BaseDomain != "" {
-			defaultDashboardDomain = "pangolin." + config.BaseDomain
-		}
-		config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
-		config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
-		config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
-
-		// Email configuration
-		fmt.Println("\n=== Email Configuration ===")
-		config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
-
-		if config.EnableEmail {
-			config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
-			config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
-			config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
-			config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
-			config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
-		}
-
-		// Validate required fields
-		if config.BaseDomain == "" {
-			fmt.Println("Error: Domain name is required")
-			os.Exit(1)
-		}
-		if config.LetsEncryptEmail == "" {
-			fmt.Println("Error: Let's Encrypt email is required")
-			os.Exit(1)
-		}
+	// Validate required fields
+	if config.BaseDomain == "" {
+		fmt.Println("Error: Domain name is required")
+		os.Exit(1)
+	}
+	if config.LetsEncryptEmail == "" {
+		fmt.Println("Error: Let's Encrypt email is required")
+		os.Exit(1)
 	}

 	// Advanced configuration
@@ -395,6 +378,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 	fmt.Println("\n=== Advanced Configuration ===")

 	config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true)
+	config.EnableGeoblocking = readBool(reader, "Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)

 	if config.DashboardDomain == "" {
 		fmt.Println("Error: Dashboard Domain name is required")
@@ -429,11 +413,6 @@ func createConfigFiles(config Config) error {
 			return nil
 		}

-		// the hybrid does not need the dynamic config
-		if config.HybridMode && strings.Contains(path, "dynamic_config.yml") {
-			return nil
-		}
-
 		// skip .DS_Store
 		if strings.Contains(path, ".DS_Store") {
 			return nil
@@ -663,18 +642,30 @@ func checkPortsAvailable(port int) error {
 	return nil
 }

-func checkIsPangolinInstalledWithHybrid() bool {
-	// Check if config/config.yml exists and contains hybrid section
-	if _, err := os.Stat("config/config.yml"); err != nil {
-		return false
+func downloadMaxMindDatabase() error {
+	fmt.Println("Downloading MaxMind GeoLite2 Country database...")
+	
+	// Download the GeoLite2 Country database
+	if err := run("curl", "-L", "-o", "GeoLite2-Country.tar.gz", 
+		"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-Country.tar.gz"); err != nil {
+		return fmt.Errorf("failed to download GeoLite2 database: %v", err)
 	}
-
-	// Read config file to check for hybrid section
-	content, err := os.ReadFile("config/config.yml")
-	if err != nil {
-		return false
+	
+	// Extract the database
+	if err := run("tar", "-xzf", "GeoLite2-Country.tar.gz"); err != nil {
+		return fmt.Errorf("failed to extract GeoLite2 database: %v", err)
 	}
-
-	// Check for hybrid section
-	return bytes.Contains(content, []byte("managed:"))
+	
+	// Find the .mmdb file and move it to the config directory
+	if err := run("bash", "-c", "mv GeoLite2-Country_*/GeoLite2-Country.mmdb config/"); err != nil {
+		return fmt.Errorf("failed to move GeoLite2 database to config directory: %v", err)
+	}
+	
+	// Clean up the downloaded files
+	if err := run("rm", "-rf", "GeoLite2-Country.tar.gz", "GeoLite2-Country_*"); err != nil {
+		fmt.Printf("Warning: failed to clean up temporary files: %v\n", err)
+	}
+	
+	fmt.Println("MaxMind GeoLite2 Country database downloaded successfully!")
+	return nil
 }
--- a/install/quickStart.go
+++ b/install/quickStart.go
@@ -1,110 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"time"
-)
-
-const (
-	FRONTEND_SECRET_KEY = "af4e4785-7e09-11f0-b93a-74563c4e2a7e"
-	// CLOUD_API_URL       = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start"
-	CLOUD_API_URL = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start"
-)
-
-// HybridCredentials represents the response from the cloud API
-type HybridCredentials struct {
-	RemoteExitNodeId string `json:"remoteExitNodeId"`
-	Secret           string `json:"secret"`
-}
-
-// APIResponse represents the full response structure from the cloud API
-type APIResponse struct {
-	Data HybridCredentials `json:"data"`
-}
-
-// RequestPayload represents the request body structure
-type RequestPayload struct {
-	Token string `json:"token"`
-}
-
-func generateValidationToken() string {
-	timestamp := time.Now().UnixMilli()
-	data := fmt.Sprintf("%s|%d", FRONTEND_SECRET_KEY, timestamp)
-	obfuscated := make([]byte, len(data))
-	for i, char := range []byte(data) {
-		obfuscated[i] = char + 5
-	}
-	return base64.StdEncoding.EncodeToString(obfuscated)
-}
-
-// requestHybridCredentials makes an HTTP POST request to the cloud API
-// to get hybrid credentials (ID and secret)
-func requestHybridCredentials() (*HybridCredentials, error) {
-	// Generate validation token
-	token := generateValidationToken()
-
-	// Create request payload
-	payload := RequestPayload{
-		Token: token,
-	}
-
-	// Marshal payload to JSON
-	jsonData, err := json.Marshal(payload)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal request payload: %v", err)
-	}
-
-	// Create HTTP request
-	req, err := http.NewRequest("POST", CLOUD_API_URL, bytes.NewBuffer(jsonData))
-	if err != nil {
-		return nil, fmt.Errorf("failed to create HTTP request: %v", err)
-	}
-
-	// Set headers
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-CSRF-Token", "x-csrf-protection")
-
-	// Create HTTP client with timeout
-	client := &http.Client{
-		Timeout: 30 * time.Second,
-	}
-
-	// Make the request
-	resp, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("failed to make HTTP request: %v", err)
-	}
-	defer resp.Body.Close()
-
-	// Check response status
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("API request failed with status code: %d", resp.StatusCode)
-	}
-
-	// Read response body for debugging
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read response body: %v", err)
-	}
-
-	// Print the raw JSON response for debugging
-	// fmt.Printf("Raw JSON response: %s\n", string(body))
-
-	// Parse response
-	var apiResponse APIResponse
-	if err := json.Unmarshal(body, &apiResponse); err != nil {
-		return nil, fmt.Errorf("failed to decode API response: %v", err)
-	}
-
-	// Validate response data
-	if apiResponse.Data.RemoteExitNodeId == "" || apiResponse.Data.Secret == "" {
-		return nil, fmt.Errorf("invalid response: missing remoteExitNodeId or secret")
-	}
-
-	return &apiResponse.Data, nil
-}
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -47,9 +47,8 @@
    "edit": "Редактиране",
    "siteConfirmDelete": "Потвърждение на изтриване на сайта",
    "siteDelete": "Изтриване на сайта",
-    "siteMessageRemove": "След изтриване, сайтът няма повече да бъде достъпен. Всички ресурси и цели, свързани със сайта, също ще бъдат премахнати.",
-    "siteMessageConfirm": "За потвърждение, моля, напишете името на сайта по-долу.",
-    "siteQuestionRemove": "Сигурни ли сте, че искате да премахнете сайта {selectedSite} от организацията?",
+    "siteMessageRemove": "След премахване, сайтът вече няма да бъде достъпен. Всички цели, свързани със сайта, също ще бъдат премахнати.",
+    "siteQuestionRemove": "Сигурни ли сте, че искате да премахнете сайта от организацията?",
    "siteManageSites": "Управление на сайтове",
    "siteDescription": "Позволете свързване към вашата мрежа чрез сигурни тунели",
    "siteCreate": "Създайте сайт",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required. ONLY WORKS ON SELF HOSTED NODES",
    "siteWgDescriptionSaas": "Използвайте всеки WireGuard клиент за установяване на тунел. Ръчно нат задаване е необходимо. РАБОТИ САМО НА СОБСТВЕНИ УЗЛИ.",
    "siteLocalDescription": "Local resources only. No tunneling. ONLY WORKS ON SELF HOSTED NODES",
-    "siteLocalDescriptionSaas": "Само локални ресурси. Без тунелиране. РАБОТИ САМО НА СОБСТВЕНИ УЗЛИ.",
+    "siteLocalDescriptionSaas": "Само локални ресурси. Без тунелиране. Достъпно само на отдалечени възли.",
    "siteSeeAll": "Вижте всички сайтове",
    "siteTunnelDescription": "Определете как искате да се свържете с вашия сайт",
    "siteNewtCredentials": "Newt Удостоверения",
@@ -154,8 +153,7 @@
    "protected": "Защита",
    "notProtected": "Не защитен",
    "resourceMessageRemove": "След като се премахне, ресурсът няма повече да бъде достъпен. Всички цели, свързани с ресурса, също ще бъдат премахнати.",
-    "resourceMessageConfirm": "За потвърждение, моля, напишете името на ресурса по-долу.",
-    "resourceQuestionRemove": "Сигурни ли сте, че искате да премахнете ресурса {selectedResource} от организацията?",
+    "resourceQuestionRemove": "Сигурни ли сте, че искате да премахнете ресурса от организацията?",
    "resourceHTTP": "HTTPS ресурс",
    "resourceHTTPDescription": "Прокси заявки към вашето приложение през HTTPS с помощта на субдомейн или базов домейн.",
    "resourceRaw": "Суров TCP/UDP ресурс",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Потвърдете изтриване на организация",
    "orgMessageRemove": "Това действие е необратимо и ще изтрие всички свързани данни.",
    "orgMessageConfirm": "За потвърждение, моля, напишете името на организацията по-долу.",
-    "orgQuestionRemove": "Сигурни ли сте, че искате да премахнете организацията {selectedOrg}?",
+    "orgQuestionRemove": "Сигурни ли сте, че искате да премахнете организацията?",
    "orgUpdated": "Организацията е актуализирана",
    "orgUpdatedDescription": "Организацията е обновена.",
    "orgErrorUpdate": "Неуспешно актуализиране на организацията",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Генерирайте API ключ",
    "apiKeysErrorDelete": "Грешка при изтриване на API ключ",
    "apiKeysErrorDeleteMessage": "Грешка при изтриване на API ключ",
-    "apiKeysQuestionRemove": "Сигурни ли сте, че искате да премахнете API ключа {selectedApiKey} от организацията?",
+    "apiKeysQuestionRemove": "Сигурни ли сте, че искате да премахнете API ключа от организацията?",
    "apiKeysMessageRemove": "След като бъде премахнат, API ключът няма вече да може да се използва.",
-    "apiKeysMessageConfirm": "За потвърждение, моля, напишете името на API ключа по-долу.",
    "apiKeysDeleteConfirm": "Потвърдете изтриване на API ключ",
    "apiKeysDelete": "Изтрийте API ключа",
    "apiKeysManage": "Управление на API ключове",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Потвърдете изтриването на потребител",
    "userDeleteServer": "Изтрийте потребителя от сървъра",
    "userMessageRemove": "Потребителят ще бъде премахнат от всички организации и напълно заличен от сървъра.",
-    "userMessageConfirm": "За да потвърдите, въведете името на потребителя по-долу.",
-    "userQuestionRemove": "Сигурни ли сте, че искате да изтриете завинаги {selectedUser} от сървъра?",
+    "userQuestionRemove": "Сигурни ли сте, че искате да изтриете потребител от сървъра?",
    "licenseKey": "Ключ за лиценз",
    "valid": "Валиден",
    "numberOfSites": "Брой сайтове",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Преглед на търговски условия и абонамент за Fossorial",
    "licenseMessageRemove": "Това ще премахне лицензионния ключ и всички свързани права, предоставени от него.",
    "licenseMessageConfirm": "За да потвърдите, въведете лицензионния ключ по-долу.",
-    "licenseQuestionRemove": "Сигурни ли сте, че искате да изтриете лицензионния ключ {selectedKey}?",
+    "licenseQuestionRemove": "Сигурни ли сте, че искате да премахнете лицензионния ключ?",
    "licenseKeyDelete": "Изтриване на лицензионен ключ",
    "licenseKeyDeleteConfirm": "Потвърдете изтриването на лицензионен ключ",
    "licenseTitle": "Управление на лицензионния статус",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Възникна грешка при премахване на поканата.",
    "inviteRemoved": "Поканата е премахната",
    "inviteRemovedDescription": "Поканата за {имейл} е премахната.",
-    "inviteQuestionRemove": "Сигурни ли сте, че искате да премахнете поканата {email}?",
+    "inviteQuestionRemove": "Сигурни ли сте, че искате да премахнете поканата?",
    "inviteMessageRemove": "След като бъде премахната, тази покана няма да е валидна. Винаги можете да поканите потребителя отново по-късно.",
    "inviteMessageConfirm": "За да потвърдите, въведете имейл адреса на поканата по-долу.",
    "inviteQuestionRegenerate": "Сигурни ли сте, че искате да регенерирате поканата за {email}? Това ще отмени предишната покана.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Възникна грешка при премахване на потребителя.",
    "userOrgRemoved": "Потребителят е премахнат",
    "userOrgRemovedDescription": "Потребителят {email} беше премахнат от организацията.",
-    "userQuestionOrgRemove": "Сигурни ли сте, че искате да премахнете {email} от организацията?",
+    "userQuestionOrgRemove": "Сигурни ли сте, че искате да премахнете този потребител от организацията?",
    "userMessageOrgRemove": "След като бъде премахнат, този потребител няма да има достъп до организацията. Винаги можете да го поканите отново по-късно, но той ще трябва да приеме отново поканата.",
-    "userMessageOrgConfirm": "За да потвърдите, въведете името на потребителя по-долу.",
    "userRemoveOrgConfirm": "Потвърдете премахването на потребителя",
    "userRemoveOrg": "Премахване на потребителя от организацията",
    "users": "Потребители",
@@ -468,7 +463,10 @@
    "createdAt": "Създаден на",
    "proxyErrorInvalidHeader": "Невалидна стойност за заглавие на хоста. Използвайте формат на име на домейн, или оставете празно поле за да премахнете персонализирано заглавие на хост.",
    "proxyErrorTls": "Невалидно име на TLS сървър. Използвайте формат на име на домейн, или оставете празно за да премахнете името на TLS сървъра.",
-    "proxyEnableSSL": "Активиране на SSL (https)",
+    "proxyEnableSSL": "Активиране на SSL",
+    "proxyEnableSSLDescription": "Активиране на SSL/TLS криптиране за сигурни HTTPS връзки към вашите цели.",
+    "target": "Цел",
+    "configureTarget": "Конфигуриране на цели",
    "targetErrorFetch": "Неуспешно извличане на цели",
    "targetErrorFetchDescription": "Възникна грешка при извличане на целите",
    "siteErrorFetch": "Неуспешно извличане на ресурс",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Конфигурация на защитена връзка",
    "targetTlsSettingsDescription": "Конфигурирайте SSL/TLS настройките за вашия ресурс",
    "targetTlsSettingsAdvanced": "Разширени TLS настройки",
-    "targetTlsSni": "Име на TLS сървър (SNI)",
+    "targetTlsSni": "Имя на TLS сървър",
    "targetTlsSniDescription": "Името на TLS сървъра за използване за SNI. Оставете празно, за да използвате подразбиране.",
    "targetTlsSubmit": "Запазване на настройките",
    "targets": "Конфигурация на целите",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Запазване на връзките със същото задно целево място за цялата сесия.",
    "methodSelect": "Изберете метод",
    "targetSubmit": "Добавяне на цел",
-    "targetNoOne": "Няма цели. Добавете цел чрез формата.",
+    "targetNoOne": "Този ресурс няма цели. Добавете цел, за да конфигурирате къде да изпращате заявки към вашия бекенд.",
    "targetNoOneDescription": "Добавянето на повече от една цел ще активира натоварването на баланса.",
    "targetsSubmit": "Запазване на целите",
+    "addTarget": "Добавете цел",
+    "targetErrorInvalidIp": "Невалиден IP адрес",
+    "targetErrorInvalidIpDescription": "Моля, въведете валиден IP адрес или име на хост",
+    "targetErrorInvalidPort": "Невалиден порт",
+    "targetErrorInvalidPortDescription": "Моля, въведете валиден номер на порт",
+    "targetErrorNoSite": "Няма избран сайт",
+    "targetErrorNoSiteDescription": "Моля, изберете сайт за целта",
+    "targetCreated": "Целта е създадена",
+    "targetCreatedDescription": "Целта беше успешно създадена",
+    "targetErrorCreate": "Неуспешно създаване на целта",
+    "targetErrorCreateDescription": "Възникна грешка при създаването на целта",
+    "save": "Запази",
    "proxyAdditional": "Допълнителни настройки на прокси",
    "proxyAdditionalDescription": "Конфигурирайте как вашият ресурс обработва прокси настройки",
    "proxyCustomHeader": "Персонализиран хост заглавие",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Администратор на сървър - Панголин",
    "licenseTierProfessional": "Професионален лиценз",
    "licenseTierEnterprise": "Предприятие лиценз",
-    "licenseTierCommercial": "Търговски лиценз",
+    "licenseTierPersonal": "Персонален лиценз",
    "licensed": "Лицензиран",
    "yes": "Да",
    "no": "Не",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Прегледайте и управлявайте доставчици на идентичност в системата",
    "idpDeletedDescription": "Доставчик на идентичност успешно изтрит",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Сигурни ли сте, че искате да изтриете трайно доставчика на идентичност {name}",
+    "idpQuestionRemove": "Сигурни ли сте, че искате да изтриете доставчика за идентичност?",
    "idpMessageRemove": "Това ще премахне доставчика на идентичност и всички свързани конфигурации. Потребителите, които се удостоверяват през този доставчик, вече няма да могат да влязат.",
    "idpMessageConfirm": "За потвърждение, моля въведете името на доставчика на идентичност по-долу.",
    "idpConfirmDelete": "Потвърдите изтриването на доставчик на идентичност",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Име за показване за този доставчик на идентичност",
    "idpAutoProvisionUsers": "Автоматично потребителско създаване",
    "idpAutoProvisionUsersDescription": "Когато е активирано, потребителите ще бъдат автоматично създадени в системата при първо влизане с възможност за свързване на потребителите с роли и организации.",
-    "licenseBadge": "Професионален",
+    "licenseBadge": "ЕЕ",
    "idpType": "Тип доставчик",
    "idpTypeDescription": "Изберете типа доставчик на идентичност, който искате да конфигурирате",
    "idpOidcConfigure": "Конфигурация на OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Проверете имейла си за код за нулиране.",
    "passwordNew": "Нова парола",
    "passwordNewConfirm": "Потвърдете новата парола",
+    "changePassword": "Промяна на парола",
+    "changePasswordDescription": "Актуализиране на паролата на акаунта",
+    "oldPassword": "Текуща парола",
+    "newPassword": "Нова парола",
+    "confirmNewPassword": "Потвърдете новата парола",
+    "changePasswordError": "Неуспешна промяна на парола",
+    "changePasswordErrorDescription": "Възникна грешка при промяна на вашата парола",
+    "changePasswordSuccess": "Паролата беше успешно променена",
+    "changePasswordSuccessDescription": "Вашата парола беше успешно актуализирана",
+    "passwordExpiryRequired": "Изисква се изтичане на срока на годност на паролата",
+    "passwordExpiryDescription": "Тази организация изисква да сменяте паролата си на всеки {maxDays} дни.",
+    "changePasswordNow": "Сменете паролата сега",
    "pincodeAuth": "Код на удостоверителя",
    "pincodeSubmit2": "Изпрати код",
    "passwordResetSubmit": "Заявка за нулиране",
@@ -1084,7 +1106,6 @@
    "navbar": "Навигационно меню",
    "navbarDescription": "Главно навигационно меню за приложението",
    "navbarDocsLink": "Документация",
-    "commercialEdition": "Търговско издание",
    "otpErrorEnable": "Не може да се активира 2FA",
    "otpErrorEnableDescription": "Възникна грешка при активиране на 2FA",
    "otpSetupCheckCode": "Моля, въведете 6-цифрен код",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Всички потребители",
    "sidebarIdentityProviders": "Идентификационни доставчици",
    "sidebarLicense": "Лиценз",
-    "sidebarClients": "Клиенти (Бета)",
+    "sidebarClients": "Клиенти",
    "sidebarDomains": "Домейни",
+    "sidebarBluePrints": "Чертежи",
+    "blueprints": "Чертежи",
+    "blueprintsDescription": "Чертежите са декларативни YAML конфигурации, които определят вашите ресурси и техните настройки",
+    "blueprintAdd": "Добави Чертеж",
+    "blueprintGoBack": "Виж всички Чертежи",
+    "blueprintCreate": "Създай Чертеж",
+    "blueprintCreateDescription2": "Следвайте стъпките по-долу, за да създадете и приложите нов чертеж",
+    "blueprintDetails": "Детайли за Чертежа",
+    "blueprintDetailsDescription": "Вижте детайлите за изпълнението на чертежа",
+    "blueprintInfo": "Информация за Чертежа",
+    "message": "Съобщение",
+    "blueprintContentsDescription": "Дефинирайте YAML съдържанието, описващо вашата инфраструктура",
+    "blueprintErrorCreateDescription": "Възникна грешка при прилагането на чертежа",
+    "blueprintErrorCreate": "Грешка при създаването на чертеж",
+    "searchBlueprintProgress": "Търси чертежи...",
+    "appliedAt": "Приложено във",
+    "source": "Източник",
+    "contents": "Съдържание",
+    "parsedContents": "Анализирано съдържание",
    "enableDockerSocket": "Активиране на Docker Чернова",
    "enableDockerSocketDescription": "Активиране на Docker Socket маркировка за изтегляне на етикети на чернова. Пътят на гнездото трябва да бъде предоставен на Newt.",
    "enableDockerSocketLink": "Научете повече",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Създаване на домейн",
    "domainCreatedDescription": "Домейнът е създаден успешно",
    "domainDeletedDescription": "Домейнът е изтрит успешно",
-    "domainQuestionRemove": "Сигурни ли сте, че искате да премахнете домейна {domain} от вашия профил?",
+    "domainQuestionRemove": "Сигурни ли сте, че искате да премахнете домейна от вашия профил?",
    "domainMessageRemove": "След премахването, домейнът вече няма да бъде свързан с вашия профил.",
-    "domainMessageConfirm": "За потвърждение, моля въведете името на домейна по-долу.",
    "domainConfirmDelete": "Потвърдете изтриването на домейн",
    "domainDelete": "Изтриване на домейн",
    "domain": "Домейн",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Безплатен план",
    "billingWarningOverLimit": "Предупреждение: Превишили сте една или повече лимити за използване. Вашите сайтове няма да се свържат, докато не промените абонамента си или не коригирате използването.",
    "billingUsageLimitsOverview": "Преглед на лимитите за използване",
-    "billingMonitorUsage": "Следете използването спрямо конфигурираните лимити. Ако ви е необходимо увеличаване на лимитите, моля, свържете се с нас на support@fossorial.io.",
+    "billingMonitorUsage": "Следете своята употреба спрямо конфигурираните лимити. Ако имате нужда от увеличаване на лимитите, моля свържете се с нас support@pangolin.net.",
    "billingDataUsage": "Използване на данни",
    "billingOnlineTime": "Време на работа на сайта",
    "billingUsers": "Активни потребители",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Възникна проблем при използването на ключа за сигурност. Моля, опитайте отново.",
    "twoFactorRequired": "Двуфакторното удостоверяване е необходимо за регистрация на ключ за защита.",
    "twoFactor": "Двуфакторно удостоверяване",
+    "twoFactorAuthentication": "Двуфакторно удостоверяване",
+    "twoFactorDescription": "Тази организация изисква двуфакторно удостоверяване.",
+    "enableTwoFactor": "Активиране на двуфакторно удостоверяване",
+    "organizationSecurityPolicy": "Политика за сигурност на организацията",
+    "organizationSecurityPolicyDescription": "Тази организация има изисквания за сигурност, които трябва да бъдат изпълнени, за да имате достъп до нея.",
+    "securityRequirements": "Изисквания за сигурност",
+    "allRequirementsMet": "Всички изисквания са изпълнени",
+    "completeRequirementsToContinue": "Завършете изискванията по-долу, за да продължите достъпа до тази организация",
+    "youCanNowAccessOrganization": "Вече можете да получите достъп до тази организация",
+    "reauthenticationRequired": "Продължителност на сесията",
+    "reauthenticationDescription": "Тази организация изисква да влизате на всеки {maxDays} дни.",
+    "reauthenticationDescriptionHours": "Тази организация изисква да влизате на всеки {maxHours} часа.",
+    "reauthenticateNow": "Влезте отново",
    "adminEnabled2FaOnYourAccount": "Вашият администратор е активирал двуфакторно удостоверяване за {email}. Моля, завършете процеса по настройка, за да продължите.",
-    "continueToApplication": "Продължаване към приложението",
    "securityKeyAdd": "Добавяне на ключ за сигурност",
    "securityKeyRegisterTitle": "Регистриране на нов ключ за сигурност",
    "securityKeyRegisterDescription": "Свържете ключа за сигурност и въведете име, по което да го идентифицирате",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Външен прокси разрешен",
    "addNewTarget": "Добави нова цел",
    "targetsList": "Списък с цели",
+    "advancedMode": "Разширен режим",
    "targetErrorDuplicateTargetFound": "Дублирана цел намерена",
    "healthCheckHealthy": "Здрав",
    "healthCheckUnhealthy": "Нездрав",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Грешка при автоматично влизане",
    "autoLoginErrorNoRedirectUrl": "Не е получен URL за пренасочване от доставчика на идентификационни данни.",
    "autoLoginErrorGeneratingUrl": "Неуспешно генериране на URL за удостоверяване.",
-    "remoteExitNodeManageRemoteExitNodes": "Управление на самостоятелно хоствани",
-    "remoteExitNodeDescription": "Управление на възли за разширяване на мрежовата ви свързаност",
+    "remoteExitNodeManageRemoteExitNodes": "Отдалечени възли",
+    "remoteExitNodeDescription": "Самостоятелно хоствайте един или повече отдалечени възли, за да разширите своята мрежова връзка и намалите зависимостта от облака.",
    "remoteExitNodes": "Възли",
    "searchRemoteExitNodes": "Търсене на възли...",
    "remoteExitNodeAdd": "Добавяне на възел",
    "remoteExitNodeErrorDelete": "Грешка при изтриване на възел",
-    "remoteExitNodeQuestionRemove": "Сигурни ли сте, че искате да премахнете възела {selectedNode} от организацията?",
+    "remoteExitNodeQuestionRemove": "Сигурни ли сте, че искате да премахнете възела от организацията?",
    "remoteExitNodeMessageRemove": "След премахване, възелът вече няма да бъде достъпен.",
-    "remoteExitNodeMessageConfirm": "За потвърждение, моля въведете името на възела по-долу.",
    "remoteExitNodeConfirmDelete": "Потвърдете изтриването на възела (\"Confirm Delete Site\" match)",
    "remoteExitNodeDelete": "Изтрийте възела (\"Delete Site\" match)",
-    "sidebarRemoteExitNodes": "Възли (\"Local\" match)",
+    "sidebarRemoteExitNodes": "Отдалечени възли",
    "remoteExitNodeCreate": {
        "title": "Създаване на възел",
        "description": "Създайте нов възел, за да разширите мрежовата си свързаност",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Редактиране на файл: docker-compose.yml",
    "emailVerificationRequired": "Потвърждението на Email е необходимо. Моля, влезте отново чрез {dashboardUrl}/auth/login, за да завършите тази стъпка. След това, върнете се тук.",
    "twoFactorSetupRequired": "Необходима е настройка на двуфакторно удостоверяване. Моля, влезте отново чрез {dashboardUrl}/auth/login, за да завършите тази стъпка. След това, върнете се тук.",
+    "additionalSecurityRequired": "Необходима е допълнителна сигурност",
+    "organizationRequiresAdditionalSteps": "Тази организация изисква допълнителни стъпки за сигурност, за да получите достъп до ресурсите.",
+    "completeTheseSteps": "Завършете тези стъпки",
+    "enableTwoFactorAuthentication": "Активирайте двуфакторното удостоверяване",
+    "completeSecuritySteps": "Завършете стъпките за сигурност",
+    "securitySettings": "Настройки за сигурност",
+    "securitySettingsDescription": "Конфигурирайте политиките за сигурност на вашата организация",
+    "requireTwoFactorForAllUsers": "Изисквайте двуфакторно удостоверяване за всички потребители",
+    "requireTwoFactorDescription": "Когато е активирано, всички вътрешни потребители в организацията трябва да имат активирано двуфакторно удостоверяване, за да имат достъп до организацията.",
+    "requireTwoFactorDisabledDescription": "Тази функция изисква валиден лиценз (Enterprise) или активен абонамент (SaaS).",
+    "requireTwoFactorCannotEnableDescription": "Трябва да активирате двуфакторното удостоверяване за вашия акаунт, преди да го наложите за всички потребители.",
+    "maxSessionLength": "Максимална продължителност на сесията",
+    "maxSessionLengthDescription": "Задайте максималната продължителност на потребителските сесии. След това време потребителите ще трябва да се удостоверят отново.",
+    "maxSessionLengthDisabledDescription": "Тази функция изисква валиден лиценз (Enterprise) или активен абонамент (SaaS).",
+    "selectSessionLength": "Изберете продължителност на сесията",
+    "unenforced": "Неналожено",
+    "1Hour": "1 час",
+    "3Hours": "3 часа",
+    "6Hours": "6 часа",
+    "12Hours": "12 часа",
+    "1DaySession": "1 ден",
+    "3Days": "3 дни",
+    "7Days": "7 дни",
+    "14Days": "14 дни",
+    "30DaysSession": "30 дни",
+    "90DaysSession": "90 дни",
+    "180DaysSession": "180 дни",
+    "passwordExpiryDays": "Изтичане на парола",
+    "editPasswordExpiryDescription": "Задайте броя дни, след които потребителите трябва да сменят паролата си.",
+    "selectPasswordExpiry": "Изберете изтичането на парола",
+    "30Days": "30 дни",
+    "1Day": "1 ден",
+    "60Days": "60 дни",
+    "90Days": "90 дни",
+    "180Days": "180 дни",
+    "1Year": "1 година",
+    "subscriptionBadge": "Изисква се абонамент",
+    "securityPolicyChangeWarning": "Предупреждение за промяна на политиката за сигурност",
+    "securityPolicyChangeDescription": "Ще променяте настройките на политиката за сигурност. След запазване може да се наложи да се удостоверите отново, за да се съобразите с тези актуализации. Всички потребители, които не са съвместими, също ще трябва да се удостоверят отново.",
+    "securityPolicyChangeConfirmMessage": "Потвърждавам",
+    "securityPolicyChangeWarningText": "Това ще засегне всички потребители в организацията",
    "authPageErrorUpdateMessage": "Възникна грешка при актуализирането на настройките на страницата за удостоверяване",
+    "authPageErrorUpdate": "Неуспешно актуализиране на страницата за удостоверяване",
    "authPageUpdated": "Страницата за удостоверяване е актуализирана успешно",
    "healthCheckNotAvailable": "Локална",
    "rewritePath": "Пренапиши път",
-    "rewritePathDescription": "По избор пренапиши пътя преди пренасочване към целта."
+    "rewritePathDescription": "По избор пренапиши пътя преди пренасочване към целта.",
+    "continueToApplication": "Продължете до приложението",
+    "checkingInvite": "Проверка на поканата",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Премахване на автентикация в заглавката",
+    "resourceHeaderAuthRemoveDescription": "Автентикацията в заглавката беше премахната успешно.",
+    "resourceErrorHeaderAuthRemove": "Неуспешно премахване на автентикация в заглавката",
+    "resourceErrorHeaderAuthRemoveDescription": "Не беше възможно премахването на автентикацията в заглавката за ресурса.",
+    "resourceHeaderAuthProtectionEnabled": "Активирано удостоверяване чрез заглавие",
+    "resourceHeaderAuthProtectionDisabled": "Деактивирано удостоверяване чрез заглавие",
+    "headerAuthRemove": "Премахни удостоверяване чрез заглавие",
+    "headerAuthAdd": "Добави удостоверяване чрез заглавие",
+    "resourceErrorHeaderAuthSetup": "Неуспешно задаване на автентикация в заглавката",
+    "resourceErrorHeaderAuthSetupDescription": "Не беше възможно задаването на автентикация в заглавката за ресурса.",
+    "resourceHeaderAuthSetup": "Автентикацията в заглавката беше зададена успешно",
+    "resourceHeaderAuthSetupDescription": "Автентикацията в заглавката беше успешно зададена.",
+    "resourceHeaderAuthSetupTitle": "Задаване на автентикация в заглавката",
+    "resourceHeaderAuthSetupTitleDescription": "Задайте базови идентификационни данни (потребителско име и парола), за да защитите този ресурс чрез HTTP удостоверяване чрез заглавие. Достъпете до него, използвайки формата https://потребител:парола@ресурс.example.com",
+    "resourceHeaderAuthSubmit": "Задаване на автентикация в заглавката",
+    "actionSetResourceHeaderAuth": "Задаване на автентикация в заглавката",
+    "enterpriseEdition": "Корпоративно издание",
+    "unlicensed": "Без лиценз",
+    "beta": "Бета",
+    "manageClients": "Управление на клиенти",
+    "manageClientsDescription": "Клиентите са устройства, които могат да се свързват към вашите сайтове",
+    "licenseTableValidUntil": "Валиден до",
+    "saasLicenseKeysSettingsTitle": "Корпоративни лицензи",
+    "saasLicenseKeysSettingsDescription": "Генериране и управление на корпоративни лицензионни ключове за самостоятелно хоствани инстанции на Pangolin",
+    "sidebarEnterpriseLicenses": "Лицензи",
+    "generateLicenseKey": "Генерация на лицензионен ключ",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Моля въведете валиден имейл адрес",
+            "useCaseTypeRequired": "Моля изберете тип на употреба",
+            "firstNameRequired": "Името е задължително",
+            "lastNameRequired": "Фамилията е задължителна",
+            "primaryUseRequired": "Моля опишете основната си употреба",
+            "jobTitleRequiredBusiness": "Позицията е задължителна за бизнес изполване",
+            "industryRequiredBusiness": "Индустрията е задължителна за бизнес изполване",
+            "stateProvinceRegionRequired": "Държава/Област/Регион е задължително",
+            "postalZipCodeRequired": "Пощенски/ЗИП Код е задължителен",
+            "companyNameRequiredBusiness": "Фирменото име е задължително за бизнес изполване",
+            "countryOfResidenceRequiredBusiness": "Държавата на пребиваване е задължителна за бизнес изполване",
+            "countryRequiredPersonal": "Държавата е задължителна за лична употреба",
+            "agreeToTermsRequired": "Трябва да се съгласите с условията",
+            "complianceConfirmationRequired": "Трябва да потвърдите съответствието с Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Лична употреба",
+                "description": "За индивидуална, некомерсиална употреба като учене, лични проекти или експериментиране."
+            },
+            "business": {
+                "title": "Бизнес употреба",
+                "description": "За вътрешно използване във фирми, компании или комерсиални или доходоносни дейности."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Имейл и тип лиценз",
+                "description": "Въведете своя имейл и изберете вид на лиценза"
+            },
+            "personalInformation": {
+                "title": "Лична информация",
+                "description": "Разкажете ни за себе си"
+            },
+            "contactInformation": {
+                "title": "Контактна информация",
+                "description": "Вашите контактни данни"
+            },
+            "termsGenerate": {
+                "title": "Условия и генериране",
+                "description": "Прегледайте и приемете условията, за да генерирате своя лиценз"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Разкриване на употреба",
+                "description": "Изберете лицензионен клас, който точно отразява вашата целена употреба. Персоналният лиценз позволява безплатно ползване на софтуера за индивидуална, некомерсиална или маломащабна комерсиална дейност с годишен брутен приход под 100,000 USD. Всяко ползване извън тези граници — включително ползване във фирма, организация или друга доходоносна среда — изисква валиден корпоративен лиценз и плащане на съответната лицензионна такса. Всички потребители, независимо дали са лични или корпоративни, трябва да спазват Условията на Fossorial Commercial License."
+            },
+            "trialPeriodInformation": {
+                "title": "Информация за пробен период",
+                "description": "Този лицензионен ключ предоставя функции на Enterprise за 7-дневен пробен период. За продължен достъп до платени функции след изтичането на пробния период е необходима активация под валиден персонален или корпоративен лиценз. За корпоративно лицензиране се свържете с sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Използвате ли Pangolin за лична или бизнес употреба?",
+            "firstName": "Име",
+            "lastName": "Фамилия",
+            "jobTitle": "Позиция",
+            "primaryUseQuestion": "Каква е основната ви цел да използвате Pangolin?",
+            "industryQuestion": "Какъв е вашият отрасъл?",
+            "prospectiveUsersQuestion": "Колко потенциални потребители очаквате да имате?",
+            "prospectiveSitesQuestion": "Колко потенциални сайтове (тунели) очаквате да имате?",
+            "companyName": "Фирмено име",
+            "countryOfResidence": "Държава на пребиваване",
+            "stateProvinceRegion": "Държава / Област / Регион",
+            "postalZipCode": "Пощенски / ЗИП код",
+            "companyWebsite": "Фирмен уебсайт",
+            "companyPhoneNumber": "Фирмен телефонен номер",
+            "country": "Държава",
+            "phoneNumberOptional": "Телефонен номер (по избор)",
+            "complianceConfirmation": "Потвърждавам, че предоставената от мен информация е точна и че съм в съответствие с търговския лиценз Fossorial. Съобщаването на неточна информация или неправилното идентифициране на използването на продукта е нарушение на лиценза и може да доведе до анулиране на вашия ключ."
+        },
+        "buttons": {
+            "close": "Затвори",
+            "previous": "Предишен",
+            "next": "Следващ",
+            "generateLicenseKey": "Генериране на лицензионен ключ"
+        },
+        "toasts": {
+            "success": {
+                "title": "Лицензионният ключ е успешно генериран",
+                "description": "Вашият лицензионен ключ е генериран и готов за употреба."
+            },
+            "error": {
+                "title": "Грешка при генериране на лицензионен ключ",
+                "description": "Възникна грешка при генериране на лицензионния ключ."
+            }
+        }
+    },
+    "priority": "Приоритет",
+    "priorityDescription": "По-високите приоритетни маршрути се оценяват първи. Приоритет = 100 означава автоматично подреждане (системата решава). Използвайте друго число, за да наложите ръчен приоритет.",
+    "instanceName": "Име на инстанция",
+    "pathMatchModalTitle": "Конфигурация на съвпадение по пътека",
+    "pathMatchModalDescription": "Настройте как трябва да бъдат съвпадани входящите заявки въз основа на техния път.",
+    "pathMatchType": "Вид на съвпадението",
+    "pathMatchPrefix": "Префикс",
+    "pathMatchExact": "Точно",
+    "pathMatchRegex": "Регекс",
+    "pathMatchValue": "Стойност на пътя",
+    "clear": "Изчисти",
+    "saveChanges": "Запиши промените",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/път",
+    "pathMatchPrefixHelp": "Пример: /api съвпада /api, /api/потребители и т.н.",
+    "pathMatchExactHelp": "Пример: /api съвпада само с /api",
+    "pathMatchRegexHelp": "Пример: ^/api/.* съвпада с /api/всичко",
+    "pathRewriteModalTitle": "Конфигурация на пренаписване на пътя",
+    "pathRewriteModalDescription": "Преобразуване на съвпаднатия път преди препращане към целта.",
+    "pathRewriteType": "Вид на пренаписването",
+    "pathRewritePrefixOption": "Префикс - Подмяна на префикса",
+    "pathRewriteExactOption": "Точно - Замяна на целия път",
+    "pathRewriteRegexOption": "Регекс - Смяна на модела",
+    "pathRewriteStripPrefixOption": "Премахване на префикса",
+    "pathRewriteValue": "Стойност на пренаписването",
+    "pathRewriteRegexPlaceholder": "/нов/$1",
+    "pathRewriteDefaultPlaceholder": "/нов-пътека",
+    "pathRewritePrefixHelp": "Заменете съвпаднатия префикс с тази стойност",
+    "pathRewriteExactHelp": "Заменете целия път с тази стойност, когато пътят съвпада точно",
+    "pathRewriteRegexHelp": "Използвайте групи за улавяне като $1, $2 за заместване",
+    "pathRewriteStripPrefixHelp": "Оставете празно, за да премахнете префикса или предоставете нов префикс",
+    "pathRewritePrefix": "Префикс",
+    "pathRewriteExact": "Точно",
+    "pathRewriteRegex": "Регекс",
+    "pathRewriteStrip": "Премахване",
+    "pathRewriteStripLabel": "премахване",
+    "sidebarEnableEnterpriseLicense": "Активиране на корпоративен лиценз",
+    "cannotbeUndone": "Това не може да се отмени.",
+    "toConfirm": "за потвърждение",
+    "deleteClientQuestion": "Сигурни ли сте, че искате да премахнете клиента от сайта и организацията?",
+    "clientMessageRemove": "След като клиентът бъде премахнат, той вече няма да може да се свързва с сайта.",
+    "sidebarLogs": "Логове",
+    "request": "Изискване",
+    "logs": "Логове",
+    "logsSettingsDescription": "Следете логовете, събрани от тази организация",
+    "searchLogs": "Търсете в логовете...",
+    "action": "Действие",
+    "actor": "Извършващ",
+    "timestamp": "Отбелязано време",
+    "accessLogs": "Достъп до логове",
+    "exportCsv": "Експортиране в CSV",
+    "actorId": "ID на извършващия",
+    "allowedByRule": "Разрешено от правило",
+    "allowedNoAuth": "Разрешено без удостоверение",
+    "validAccessToken": "Валиден токен за достъп",
+    "validHeaderAuth": "Валиден заглавен авто",
+    "validPincode": "Валиден ПИН код",
+    "validPassword": "Валидна парола",
+    "validEmail": "Валиден имейл",
+    "validSSO": "Валидно SSO",
+    "resourceBlocked": "Блокирани ресурси",
+    "droppedByRule": "Прекратено от правило",
+    "noSessions": "Няма сесии",
+    "temporaryRequestToken": "Временен токен на заявка",
+    "noMoreAuthMethods": "Няма валидни методи за удостоверение",
+    "ip": "IP",
+    "reason": "Причина",
+    "requestLogs": "Заявка за логове",
+    "host": "Хост",
+    "location": "Местоположение",
+    "actionLogs": "Дневници на действията",
+    "sidebarLogsRequest": "Заявка за логове",
+    "sidebarLogsAccess": "Достъп до логове",
+    "sidebarLogsAction": "Дневници на действията",
+    "logRetention": "Задържане на логове",
+    "logRetentionDescription": "Управлявайте времето за задържане на различни видове логове за тази организация или ги деактивирайте",
+    "requestLogsDescription": "Прегледайте подробни логове на заявки за ресурси в тази организация",
+    "logRetentionRequestLabel": "Задържане на логове на заявки",
+    "logRetentionRequestDescription": "Колко дълго да се задържат логовете на заявките",
+    "logRetentionAccessLabel": "Задържане на логове за достъп",
+    "logRetentionAccessDescription": "Колко дълго да се задържат логовете за достъп",
+    "logRetentionActionLabel": "Задържане на логове за действия",
+    "logRetentionActionDescription": "Колко дълго да се задържат логовете за действия",
+    "logRetentionDisabled": "Деактивирано",
+    "logRetention3Days": "3 дни",
+    "logRetention7Days": "7 дни",
+    "logRetention14Days": "14 дни",
+    "logRetention30Days": "30 дни",
+    "logRetention90Days": "90 дни",
+    "logRetentionForever": "Завинаги",
+    "actionLogsDescription": "Прегледайте историята на действията, извършени в тази организация",
+    "accessLogsDescription": "Прегледайте заявките за удостоверяване на достъпа до ресурсите в тази организация",
+    "licenseRequiredToUse": "Необходим е лиценз Enterprise, за да се използва тази функция.",
+    "certResolver": "Решавач на сертификати",
+    "certResolverDescription": "Изберете решавач на сертификати за използване за този ресурс.",
+    "selectCertResolver": "Изберете решавач на сертификати",
+    "enterCustomResolver": "Въведете персонализиран решавач",
+    "preferWildcardCert": "Предпочитайте универсален сертификат",
+    "unverified": "Невалидиран",
+    "domainSetting": "Настройки на домейните",
+    "domainSettingDescription": "Конфигурирайте настройките за вашия домейн",
+    "preferWildcardCertDescription": "Опит за генериране на универсален сертификат (изисква правилно конфигуриран решавач на сертификати).",
+    "recordName": "Име на запис",
+    "auto": "Автоматично",
+    "TTL": "TTL",
+    "howToAddRecords": "Как да добавите записи",
+    "dnsRecord": "DNS записи",
+    "required": "Задължително",
+    "domainSettingsUpdated": "Настройките на домейна са успешно актуализирани",
+    "orgOrDomainIdMissing": "Липсва идентификатор на организация или домейн",
+    "loadingDNSRecords": "Зареждане на DNS записи...",
+    "olmUpdateAvailableInfo": "Налична е актуализирана версия на Olm. Моля, актуализирайте до най-новата версия за най-добро преживяване.",
+    "client": "Клиент",
+    "proxyProtocol": "Настройки на прокси протокол",
+    "proxyProtocolDescription": "Конфигурирайте прокси протокол за запазване на IP адресите на клиентите за TCP/UDP услуги.",
+    "enableProxyProtocol": "Активирайте прокси протокола",
+    "proxyProtocolInfo": "Запазете IP адресите на клиентите за TCP/UDP бекенди",
+    "proxyProtocolVersion": "Версия на прокси протокола",
+    "version1": "Версия 1 (Препоръчително)",
+    "version2": "Версия 2",
+    "versionDescription": "Версия 1 е текстово-базирана и широко поддържана. Версия 2 е бърна и по-ефективна, но по-малко съвместима.",
+    "warning": "Предупреждение",
+    "proxyProtocolWarning": "Вашето бекенд приложение трябва да бъде конфигурирано да приема прокси протоколни връзки. Ако вашият бекенд не поддържа прокси протокол, активирането му ще прекъсне всички връзки. Уверете се, че сте конфигурирали вашия бекенд да се доверява на заглавията на прокси протокола от Traefik.",
+    "restarting": "Рестартиране...",
+    "manual": "Ръководство",
+    "messageSupport": "Съобщение до поддръжката",
+    "supportNotAvailableTitle": "Поддръжката не е налична",
+    "supportNotAvailableDescription": "Поддръжката не е налична в момента. Можете да изпратите имейл на support@pangolin.net.",
+    "supportRequestSentTitle": "Заявката за поддръжка е изпратена",
+    "supportRequestSentDescription": "Вашето съобщение беше изпратено успешно.",
+    "supportRequestFailedTitle": "Неуспешно изпращане на заявка",
+    "supportRequestFailedDescription": "Възникна грешка при изпращането на вашата заявка за поддръжка.",
+    "supportSubjectRequired": "Необходимо е въведеното описание",
+    "supportSubjectMaxLength": "Темата трябва да бъде до 255 символа",
+    "supportMessageRequired": "Необходимо е съобщение",
+    "supportReplyTo": "Отговор до",
+    "supportSubject": "Тема",
+    "supportSubjectPlaceholder": "Въведете тема",
+    "supportMessage": "Съобщение",
+    "supportMessagePlaceholder": "Въведете вашето съобщение",
+    "supportSending": "Изпращане...",
+    "supportSend": "Изпрати",
+    "supportMessageSent": "Съобщението е изпратено!",
+    "supportWillContact": "Ще се свържем с вас скоро!"
 }
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -47,9 +47,8 @@
    "edit": "Upravit",
    "siteConfirmDelete": "Potvrdit odstranění lokality",
    "siteDelete": "Odstranění lokality",
-    "siteMessageRemove": "Jakmile lokalitu odstraníte, nebude dostupná. Všechny související služby a cíle budou také odstraněny.",
-    "siteMessageConfirm": "Pro potvrzení zadejte prosím název lokality.",
-    "siteQuestionRemove": "Opravdu chcete odstranit lokalitu {selectedSite} z organizace?",
+    "siteMessageRemove": "Po odstranění webu již nebude přístupný. Všechny cíle spojené s webem budou také odstraněny.",
+    "siteQuestionRemove": "Jste si jisti, že chcete odstranit tuto stránku z organizace?",
    "siteManageSites": "Správa lokalit",
    "siteDescription": "Umožní připojení k vaší síti prostřednictvím zabezpečených tunelů",
    "siteCreate": "Vytvořit lokalitu",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT.",
    "siteWgDescriptionSaas": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT. FUNGUJE POUZE NA SELF-HOSTED SERVERECH",
    "siteLocalDescription": "Pouze lokální zdroje. Žádný tunel.",
-    "siteLocalDescriptionSaas": "Pouze lokální zdroje. Žádný tunel. FUNGUJE POUZE NA SELF-HOSTED SERVERECH",
+    "siteLocalDescriptionSaas": "Pouze místní zdroje. Žádný tunel. Dostupné pouze na vzdálených uzlech.",
    "siteSeeAll": "Zobrazit všechny lokality",
    "siteTunnelDescription": "Určete jak se chcete připojit k vaší lokalitě",
    "siteNewtCredentials": "Přihlašovací údaje Newt",
@@ -154,8 +153,7 @@
    "protected": "Chráněno",
    "notProtected": "Nechráněno",
    "resourceMessageRemove": "Jakmile zdroj odstraníte, nebude dostupný. Všechny související služby a cíle budou také odstraněny.",
-    "resourceMessageConfirm": "Pro potvrzení zadejte prosím název zdroje.",
-    "resourceQuestionRemove": "Opravdu chcete odstranit zdroj {selectedResource} z organizace?",
+    "resourceQuestionRemove": "Jste si jisti, že chcete odstranit zdroj z organizace?",
    "resourceHTTP": "Zdroj HTTPS",
    "resourceHTTPDescription": "Požadavky na proxy pro vaši aplikaci přes HTTPS pomocí subdomény nebo základní domény.",
    "resourceRaw": "Surový TCP/UDP zdroj",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Potvrdit odstranění organizace",
    "orgMessageRemove": "Tato akce je nevratná a odstraní všechna související data.",
    "orgMessageConfirm": "Pro potvrzení zadejte níže uvedený název organizace.",
-    "orgQuestionRemove": "Opravdu chcete odstranit organizaci {selectedOrg}?",
+    "orgQuestionRemove": "Jste si jisti, že chcete odstranit organizaci?",
    "orgUpdated": "Organizace byla aktualizována",
    "orgUpdatedDescription": "Organizace byla aktualizována.",
    "orgErrorUpdate": "Aktualizace organizace se nezdařila",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Generovat API klíč",
    "apiKeysErrorDelete": "Chyba při odstraňování API klíče",
    "apiKeysErrorDeleteMessage": "Chyba při odstraňování API klíče",
-    "apiKeysQuestionRemove": "Opravdu chcete odstranit API klíč {selectedApiKey} z organizace?",
+    "apiKeysQuestionRemove": "Jste si jisti, že chcete odstranit klíč API z organizace?",
    "apiKeysMessageRemove": "Po odstranění klíče API již nebude možné použít.",
-    "apiKeysMessageConfirm": "Pro potvrzení zadejte název klíče API.",
    "apiKeysDeleteConfirm": "Potvrdit odstranění API klíče",
    "apiKeysDelete": "Odstranit klíč API",
    "apiKeysManage": "Správa API klíčů",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Potvrdit odstranění uživatele",
    "userDeleteServer": "Odstranit uživatele ze serveru",
    "userMessageRemove": "Uživatel bude odstraněn ze všech organizací a bude zcela odstraněn ze serveru.",
-    "userMessageConfirm": "Pro potvrzení zadejte níže uvedené jméno uživatele.",
-    "userQuestionRemove": "Opravdu chcete trvale odstranit {selectedUser} ze serveru?",
+    "userQuestionRemove": "Jste si jisti, že chcete trvale odstranit uživatele ze serveru?",
    "licenseKey": "Licenční klíč",
    "valid": "Valid",
    "numberOfSites": "Počet stránek",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Zobrazit Fossorial Commercial License & Subscription terms",
    "licenseMessageRemove": "Tímto odstraníte licenční klíč a všechna s ním spojená oprávnění, která mu byla udělena.",
    "licenseMessageConfirm": "Pro potvrzení zadejte licenční klíč níže.",
-    "licenseQuestionRemove": "Jste si jisti, že chcete odstranit licenční klíč {selectedKey}?",
+    "licenseQuestionRemove": "Jste si jisti, že chcete odstranit licenční klíč?",
    "licenseKeyDelete": "Odstranit licenční klíč",
    "licenseKeyDeleteConfirm": "Potvrdit odstranění licenčního klíče",
    "licenseTitle": "Správa stavu licence",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Došlo k chybě při odstraňování pozvánky.",
    "inviteRemoved": "Pozvánka odstraněna",
    "inviteRemovedDescription": "Pozvánka pro {email} byla odstraněna.",
-    "inviteQuestionRemove": "Jste si jisti, že chcete odstranit pozvánku {email}?",
+    "inviteQuestionRemove": "Jste si jisti, že chcete odstranit pozvánku?",
    "inviteMessageRemove": "Po odstranění, tato pozvánka již nebude platná. Později můžete uživatele znovu pozvat.",
    "inviteMessageConfirm": "Pro potvrzení zadejte prosím níže uvedenou e-mailovou adresu.",
    "inviteQuestionRegenerate": "Jste si jisti, že chcete obnovit pozvánku pro {email}? Tato akce zruší předchozí pozvánku.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Došlo k chybě při odebírání uživatele.",
    "userOrgRemoved": "Uživatel odstraněn",
    "userOrgRemovedDescription": "Uživatel {email} byl odebrán z organizace.",
-    "userQuestionOrgRemove": "Jste si jisti, že chcete odstranit {email} z organizace?",
+    "userQuestionOrgRemove": "Jste si jisti, že chcete odstranit tohoto uživatele z organizace?",
    "userMessageOrgRemove": "Po odstranění tohoto uživatele již nebude mít přístup k organizaci. Vždy je můžete znovu pozvat později, ale budou muset pozvání znovu přijmout.",
-    "userMessageOrgConfirm": "Pro potvrzení, zadejte prosím jméno uživatele níže.",
    "userRemoveOrgConfirm": "Potvrdit odebrání uživatele",
    "userRemoveOrg": "Odebrat uživatele z organizace",
    "users": "Uživatelé",
@@ -468,7 +463,10 @@
    "createdAt": "Vytvořeno v",
    "proxyErrorInvalidHeader": "Neplatná hodnota hlavičky hostitele. Použijte formát názvu domény, nebo uložte prázdné pro zrušení vlastního hlavičky hostitele.",
    "proxyErrorTls": "Neplatné jméno TLS serveru. Použijte formát doménového jména nebo uložte prázdné pro odstranění názvu TLS serveru.",
-    "proxyEnableSSL": "Povolit SSL (https)",
+    "proxyEnableSSL": "Povolit SSL",
+    "proxyEnableSSLDescription": "Povolit šifrování SSL/TLS pro zabezpečená HTTPS připojení k vašim cílům.",
+    "target": "Target",
+    "configureTarget": "Konfigurace cílů",
    "targetErrorFetch": "Nepodařilo se načíst cíle",
    "targetErrorFetchDescription": "Při načítání cílů došlo k chybě",
    "siteErrorFetch": "Nepodařilo se načíst zdroj",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Nastavení bezpečného připojení",
    "targetTlsSettingsDescription": "Konfigurace nastavení SSL/TLS pro váš dokument",
    "targetTlsSettingsAdvanced": "Pokročilé nastavení TLS",
-    "targetTlsSni": "Název serveru TLS (SNI)",
+    "targetTlsSni": "Název serveru TLS",
    "targetTlsSniDescription": "Název serveru TLS pro použití v SNI. Ponechte prázdné pro použití výchozího nastavení.",
    "targetTlsSubmit": "Uložit nastavení",
    "targets": "Konfigurace cílů",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Zachovat spojení na stejném cíli pro celou relaci.",
    "methodSelect": "Vyberte metodu",
    "targetSubmit": "Add Target",
-    "targetNoOne": "Žádné cíle. Přidejte cíl pomocí formuláře.",
+    "targetNoOne": "Tento zdroj nemá žádné cíle. Přidejte cíl pro konfiguraci kam poslat žádosti na vaši backend.",
    "targetNoOneDescription": "Přidáním více než jednoho cíle se umožní vyvážení zatížení.",
    "targetsSubmit": "Uložit cíle",
+    "addTarget": "Add Target",
+    "targetErrorInvalidIp": "Neplatná IP adresa",
+    "targetErrorInvalidIpDescription": "Zadejte prosím platnou IP adresu nebo název hostitele",
+    "targetErrorInvalidPort": "Neplatný port",
+    "targetErrorInvalidPortDescription": "Zadejte platné číslo portu",
+    "targetErrorNoSite": "Není vybrán žádný web",
+    "targetErrorNoSiteDescription": "Vyberte prosím web pro cíl",
+    "targetCreated": "Cíl byl vytvořen",
+    "targetCreatedDescription": "Cíl byl úspěšně vytvořen",
+    "targetErrorCreate": "Nepodařilo se vytvořit cíl",
+    "targetErrorCreateDescription": "Došlo k chybě při vytváření cíle",
+    "save": "Uložit",
    "proxyAdditional": "Další nastavení proxy",
    "proxyAdditionalDescription": "Konfigurovat nastavení proxy zpracování vašeho zdroje",
    "proxyCustomHeader": "Vlastní hlavička hostitele",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Správce serveru - Pangolin",
    "licenseTierProfessional": "Profesionální licence",
    "licenseTierEnterprise": "Podniková licence",
-    "licenseTierCommercial": "Obchodní licence",
+    "licenseTierPersonal": "Osobní licence",
    "licensed": "Licencováno",
    "yes": "Ano",
    "no": "Ne",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Zobrazit a spravovat poskytovatele identity v systému",
    "idpDeletedDescription": "Poskytovatel identity byl úspěšně odstraněn",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Jste si jisti, že chcete trvale odstranit poskytovatele identity {name}?",
+    "idpQuestionRemove": "Jste si jisti, že chcete trvale odstranit poskytovatele identity?",
    "idpMessageRemove": "Tímto odstraníte poskytovatele identity a všechny přidružené konfigurace. Uživatelé, kteří se autentizují prostřednictvím tohoto poskytovatele, se již nebudou moci přihlásit.",
    "idpMessageConfirm": "Pro potvrzení zadejte níže uvedené jméno poskytovatele identity.",
    "idpConfirmDelete": "Potvrdit odstranění poskytovatele identity",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Zobrazované jméno tohoto poskytovatele identity",
    "idpAutoProvisionUsers": "Automatická úprava uživatelů",
    "idpAutoProvisionUsersDescription": "Pokud je povoleno, uživatelé budou automaticky vytvářeni v systému při prvním přihlášení, s možností namapovat uživatele na role a organizace.",
-    "licenseBadge": "Profesionální",
+    "licenseBadge": "PE",
    "idpType": "Typ poskytovatele",
    "idpTypeDescription": "Vyberte typ poskytovatele identity, který chcete nakonfigurovat",
    "idpOidcConfigure": "Nastavení OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Zkontrolujte svůj e-mail pro kód pro obnovení.",
    "passwordNew": "Nové heslo",
    "passwordNewConfirm": "Potvrdit nové heslo",
+    "changePassword": "Změnit heslo",
+    "changePasswordDescription": "Aktualizujte heslo k účtu",
+    "oldPassword": "Aktuální heslo",
+    "newPassword": "Nové heslo",
+    "confirmNewPassword": "Potvrdit nové heslo",
+    "changePasswordError": "Změna hesla se nezdařila",
+    "changePasswordErrorDescription": "Došlo k chybě při změně hesla",
+    "changePasswordSuccess": "Heslo úspěšně změněno",
+    "changePasswordSuccessDescription": "Vaše heslo bylo úspěšně aktualizováno",
+    "passwordExpiryRequired": "Vyžaduje vypršení platnosti hesla",
+    "passwordExpiryDescription": "Tato organizace vyžaduje změnu hesla každých {maxDays} dní.",
+    "changePasswordNow": "Změnit heslo",
    "pincodeAuth": "Ověřovací kód",
    "pincodeSubmit2": "Odeslat kód",
    "passwordResetSubmit": "Žádost o obnovení",
@@ -1084,7 +1106,6 @@
    "navbar": "Navigation Menu",
    "navbarDescription": "Hlavní navigační menu aplikace",
    "navbarDocsLink": "Dokumentace",
-    "commercialEdition": "Obchodní vydání",
    "otpErrorEnable": "2FA nelze povolit",
    "otpErrorEnableDescription": "Došlo k chybě při povolování 2FA",
    "otpSetupCheckCode": "Zadejte 6místný kód",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Všichni uživatelé",
    "sidebarIdentityProviders": "Poskytovatelé identity",
    "sidebarLicense": "Licence",
-    "sidebarClients": "Klienti (Beta)",
+    "sidebarClients": "Klienti",
    "sidebarDomains": "Domény",
+    "sidebarBluePrints": "Plány",
+    "blueprints": "Plány",
+    "blueprintsDescription": "Plány jsou deklarativní YAML konfigurace, které definují vaše zdroje a jejich nastavení",
+    "blueprintAdd": "Přidat plán",
+    "blueprintGoBack": "Zobrazit všechny plány",
+    "blueprintCreate": "Vytvořit plán",
+    "blueprintCreateDescription2": "Postupujte podle níže uvedených kroků pro vytvoření a použití nového plánu",
+    "blueprintDetails": "Podrobnosti plánu",
+    "blueprintDetailsDescription": "Podívejte se na detaily běhu plánu",
+    "blueprintInfo": "Informace o plánu",
+    "message": "Zpráva",
+    "blueprintContentsDescription": "Definujte obsah YAML popisující vaši infrastrukturu",
+    "blueprintErrorCreateDescription": "Při aplikaci plánu došlo k chybě",
+    "blueprintErrorCreate": "Chyba při vytváření plánu",
+    "searchBlueprintProgress": "Hledat plány...",
+    "appliedAt": "Použito v",
+    "source": "Zdroj",
+    "contents": "Obsah",
+    "parsedContents": "Parsovaný obsah",
    "enableDockerSocket": "Povolit Docker plán",
    "enableDockerSocketDescription": "Povolte seškrábání štítků na Docker Socket pro popisky plánů. Nová cesta musí být k dispozici.",
    "enableDockerSocketLink": "Zjistit více",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Vytvořit doménu",
    "domainCreatedDescription": "Doména byla úspěšně vytvořena",
    "domainDeletedDescription": "Doména byla úspěšně odstraněna",
-    "domainQuestionRemove": "Opravdu chcete odstranit doménu {domain} z vašeho účtu?",
+    "domainQuestionRemove": "Opravdu chcete odstranit doménu z vašeho účtu?",
    "domainMessageRemove": "Po odstranění domény již nebude přiřazena k vašemu účtu.",
-    "domainMessageConfirm": "Pro potvrzení zadejte název domény níže.",
    "domainConfirmDelete": "Potvrdit odstranění domény",
    "domainDelete": "Odstranit doménu",
    "domain": "Doména",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Volná úroveň",
    "billingWarningOverLimit": "Upozornění: Překročili jste jeden nebo více omezení používání. Vaše stránky se nepřipojí dokud nezměníte předplatné nebo neupravíte své používání.",
    "billingUsageLimitsOverview": "Přehled omezení použití",
-    "billingMonitorUsage": "Sledujte vaše využití pomocí nastavených limitů. Pokud potřebujete zvýšit limity, kontaktujte nás prosím support@fossorial.io.",
+    "billingMonitorUsage": "Sledujte vaše využití pomocí nastavených limitů. Pokud potřebujete zvýšit limity, kontaktujte nás prosím support@pangolin.net.",
    "billingDataUsage": "Využití dat",
    "billingOnlineTime": "Stránka online čas",
    "billingUsers": "Aktivní uživatelé",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Vyskytl se problém s použitím bezpečnostního klíče. Zkuste to prosím znovu.",
    "twoFactorRequired": "Pro registraci bezpečnostního klíče je nutné dvoufaktorové ověření.",
    "twoFactor": "Dvoufaktorové ověření",
+    "twoFactorAuthentication": "Dvoufaktorové ověření",
+    "twoFactorDescription": "Tato organizace vyžaduje dvoufaktorové ověření.",
+    "enableTwoFactor": "Povolit dvoufaktorové ověření",
+    "organizationSecurityPolicy": "Bezpečnostní politika organizace",
+    "organizationSecurityPolicyDescription": "Tato organizace má bezpečnostní požadavky, které musí být splněny, než k ní budete mít přístup",
+    "securityRequirements": "Bezpečnostní požadavky",
+    "allRequirementsMet": "Všechny požadavky byly splněny",
+    "completeRequirementsToContinue": "Pro pokračování v přístupu k této organizaci splněte níže uvedené požadavky",
+    "youCanNowAccessOrganization": "Nyní můžete přistupovat k této organizaci",
+    "reauthenticationRequired": "Délka relace",
+    "reauthenticationDescription": "Tato organizace vyžaduje, abyste se přihlásili každých {maxDays} dní.",
+    "reauthenticationDescriptionHours": "Tato organizace vyžaduje, abyste se přihlásili každých {maxHours} hodin.",
+    "reauthenticateNow": "Přihlásit se znovu",
    "adminEnabled2FaOnYourAccount": "Váš správce povolil dvoufaktorové ověřování pro {email}. Chcete-li pokračovat, dokončete proces nastavení.",
-    "continueToApplication": "Pokračovat do aplikace",
    "securityKeyAdd": "Přidat bezpečnostní klíč",
    "securityKeyRegisterTitle": "Registrovat nový bezpečnostní klíč",
    "securityKeyRegisterDescription": "Připojte svůj bezpečnostní klíč a zadejte jméno pro jeho identifikaci",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Externí proxy povolen",
    "addNewTarget": "Add New Target",
    "targetsList": "Seznam cílů",
+    "advancedMode": "Pokročilý režim",
    "targetErrorDuplicateTargetFound": "Byl nalezen duplicitní cíl",
    "healthCheckHealthy": "Zdravé",
    "healthCheckUnhealthy": "Nezdravé",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Automatická chyba přihlášení",
    "autoLoginErrorNoRedirectUrl": "Od poskytovatele identity nebyla obdržena žádná adresa URL.",
    "autoLoginErrorGeneratingUrl": "Nepodařilo se vygenerovat ověřovací URL.",
-    "remoteExitNodeManageRemoteExitNodes": "Spravovat vlastní hostování",
-    "remoteExitNodeDescription": "Spravujte uzly pro rozšíření připojení k síti",
+    "remoteExitNodeManageRemoteExitNodes": "Vzdálené uzly",
+    "remoteExitNodeDescription": "Hostujte jeden nebo více vlastních vzdálených uzlů, abyste rozšířili síťová připojení a snížili závislost na cloudu",
    "remoteExitNodes": "Uzly",
    "searchRemoteExitNodes": "Hledat uzly...",
    "remoteExitNodeAdd": "Přidat uzel",
    "remoteExitNodeErrorDelete": "Chyba při odstraňování uzlu",
-    "remoteExitNodeQuestionRemove": "Jste si jisti, že chcete odstranit uzel {selectedNode} z organizace?",
+    "remoteExitNodeQuestionRemove": "Jste si jisti, že chcete odstranit uzel z organizace?",
    "remoteExitNodeMessageRemove": "Po odstranění uzel již nebude přístupný.",
-    "remoteExitNodeMessageConfirm": "Pro potvrzení zadejte název uzlu níže.",
    "remoteExitNodeConfirmDelete": "Potvrdit odstranění uzlu",
    "remoteExitNodeDelete": "Odstranit uzel",
-    "sidebarRemoteExitNodes": "Uzly",
+    "sidebarRemoteExitNodes": "Vzdálené uzly",
    "remoteExitNodeCreate": {
        "title": "Vytvořit uzel",
        "description": "Vytvořit nový uzel pro rozšíření síťového připojení",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Upravit soubor: docker-compose.yml",
    "emailVerificationRequired": "Je vyžadováno ověření e-mailu. Přihlaste se znovu pomocí {dashboardUrl}/auth/login dokončete tento krok. Poté se vraťte zde.",
    "twoFactorSetupRequired": "Je vyžadováno nastavení dvoufaktorového ověřování. Přihlaste se znovu pomocí {dashboardUrl}/autentizace/přihlášení dokončí tento krok. Poté se vraťte zde.",
+    "additionalSecurityRequired": "Vyžadováno další zabezpečení",
+    "organizationRequiresAdditionalSteps": "Tato organizace vyžaduje další bezpečnostní kroky, než budete moci přistupovat ke zdrojům.",
+    "completeTheseSteps": "Dokončete tyto kroky",
+    "enableTwoFactorAuthentication": "Povolit dvoufaktorové ověření",
+    "completeSecuritySteps": "Dokončit bezpečnostní kroky",
+    "securitySettings": "Nastavení zabezpečení",
+    "securitySettingsDescription": "Konfigurace bezpečnostních zásad pro vaši organizaci",
+    "requireTwoFactorForAllUsers": "Vyžadovat dvoufaktorové ověření pro všechny uživatele",
+    "requireTwoFactorDescription": "Pokud je povoleno, všichni interní uživatelé v této organizaci musí mít dvoufaktorové ověření povoleno pro přístup k organizaci.",
+    "requireTwoFactorDisabledDescription": "Tato funkce vyžaduje platnou licenci (Enterprise) nebo aktivní předplatné (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Před vynucením dvoufaktorového ověření vašeho účtu musíte povolit dvoufaktorové ověření pro všechny uživatele",
+    "maxSessionLength": "Maximální délka relace",
+    "maxSessionLengthDescription": "Nastavte maximální dobu trvání relace uživatele. Po této době se uživatelé budou muset znovu přihlásit.",
+    "maxSessionLengthDisabledDescription": "Tato funkce vyžaduje platnou licenci (Enterprise) nebo aktivní předplatné (SaaS)",
+    "selectSessionLength": "Vyberte délku relace",
+    "unenforced": "Nevynucené",
+    "1Hour": "1 hodina",
+    "3Hours": "3 hodiny",
+    "6Hours": "6 hodin",
+    "12Hours": "12 hodin",
+    "1DaySession": "1 den",
+    "3Days": "3 dny",
+    "7Days": "7 dní",
+    "14Days": "14 dní",
+    "30DaysSession": "30 dní",
+    "90DaysSession": "90 dní",
+    "180DaysSession": "180 dní",
+    "passwordExpiryDays": "Platnost hesla",
+    "editPasswordExpiryDescription": "Nastavte počet dní před tím, než jsou uživatelé povinni změnit své heslo.",
+    "selectPasswordExpiry": "Vyberte vypršení platnosti hesla",
+    "30Days": "30 dní",
+    "1Day": "1 den",
+    "60Days": "60 dní",
+    "90Days": "90 dní",
+    "180Days": "180 dní",
+    "1Year": "1 rok",
+    "subscriptionBadge": "Vyžadováno předplatné",
+    "securityPolicyChangeWarning": "Upozornění na změnu bezpečnostní politiky",
+    "securityPolicyChangeDescription": "Chystáte se změnit nastavení bezpečnostních pravidel. Po uložení bude možná nutné znovu ověřit, abyste dodrželi tyto aktualizace přístupových práv. Všichni uživatelé, kteří nevyhovují, se také budou muset znovu přihlásit.",
+    "securityPolicyChangeConfirmMessage": "Potvrzuji",
+    "securityPolicyChangeWarningText": "Toto ovlivní všechny uživatele v organizaci",
    "authPageErrorUpdateMessage": "Při aktualizaci nastavení autentizační stránky došlo k chybě",
+    "authPageErrorUpdate": "Nelze aktualizovat ověřovací stránku",
    "authPageUpdated": "Autentizační stránka byla úspěšně aktualizována",
    "healthCheckNotAvailable": "Místní",
    "rewritePath": "Přepsat cestu",
-    "rewritePathDescription": "Volitelně přepište cestu před odesláním na cíl."
+    "rewritePathDescription": "Volitelně přepište cestu před odesláním na cíl.",
+    "continueToApplication": "Pokračovat v aplikaci",
+    "checkingInvite": "Kontrola pozvánky",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Odstranit Autentizaci Záhlaví",
+    "resourceHeaderAuthRemoveDescription": "Úspěšně odstraněna autentizace záhlaví.",
+    "resourceErrorHeaderAuthRemove": "Nepodařilo se odstranit Autentizaci Záhlaví",
+    "resourceErrorHeaderAuthRemoveDescription": "Nepodařilo se odstranit autentizaci záhlaví ze zdroje.",
+    "resourceHeaderAuthProtectionEnabled": "Ověřování pomocí hlaviček zapnuto",
+    "resourceHeaderAuthProtectionDisabled": "Ověřování pomocí hlaviček vypnuto",
+    "headerAuthRemove": "Odstranit ověřování pomocí hlaviček",
+    "headerAuthAdd": "Přidat ověřování pomocí hlaviček",
+    "resourceErrorHeaderAuthSetup": "Nepodařilo se nastavit Autentizaci Záhlaví",
+    "resourceErrorHeaderAuthSetupDescription": "Nepodařilo se nastavit autentizaci záhlaví ze zdroje.",
+    "resourceHeaderAuthSetup": "Úspěšně nastavena Autentizace Záhlaví",
+    "resourceHeaderAuthSetupDescription": "Autentizace záhlaví byla úspěšně nastavena.",
+    "resourceHeaderAuthSetupTitle": "Nastavit Autentizaci Záhlaví",
+    "resourceHeaderAuthSetupTitleDescription": "Nastavte přihlašovací údaje basic auth (uživatelské jméno a heslo) abyste tento zdroj chránili ověřováním pomocí HTTP hlaviček. Pro přístup použijte adresu ve formátu https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Nastavit Autentizaci Záhlaví",
+    "actionSetResourceHeaderAuth": "Nastavit Autentizaci Záhlaví",
+    "enterpriseEdition": "Podniková edice",
+    "unlicensed": "Nelicencováno",
+    "beta": "Beta",
+    "manageClients": "Spravovat klienty",
+    "manageClientsDescription": "Klienti jsou zařízení, která se mohou připojit k vašim lokalitám",
+    "licenseTableValidUntil": "Platná do",
+    "saasLicenseKeysSettingsTitle": "Podniková licence",
+    "saasLicenseKeysSettingsDescription": "Vygenerovat a spravovat podnikové licence pro instance Pangolin na vlastním hostingu",
+    "sidebarEnterpriseLicenses": "Licence",
+    "generateLicenseKey": "Vygenerovat licenční klíč",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Prosím zadejte platnou emailovou adresu",
+            "useCaseTypeRequired": "Vyberte prosím typ použití",
+            "firstNameRequired": "Zadejte křestní jméno",
+            "lastNameRequired": "Zadejte příjmení",
+            "primaryUseRequired": "Popište prosím účel použití",
+            "jobTitleRequiredBusiness": "Pro komerční využití zadejte název pracovní pozice",
+            "industryRequiredBusiness": "Pro komerční využití zadejte odvětví společnosti",
+            "stateProvinceRegionRequired": "Zadejte stát/provincii/oblast",
+            "postalZipCodeRequired": "Zadejte PSČ",
+            "companyNameRequiredBusiness": "Pro komerční využití zadejte název společnosti",
+            "countryOfResidenceRequiredBusiness": "Pro komerční využití zadejte zemi sídla společnosti",
+            "countryRequiredPersonal": "Pro osobní využití zadejte zemi",
+            "agreeToTermsRequired": "Musíte souhlasit s podmínkami",
+            "complianceConfirmationRequired": "Musíte potvrdit dodržování Fossorial Commercial Licence"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Osobní využití",
+                "description": "Pro osobní nekomerční využití jako je vzdělávání, osobní projekty nebo experimentování."
+            },
+            "business": {
+                "title": "Podnikové využití",
+                "description": "Pro použití v organizacích, společnostech nebo při činnostech generujících zisk."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email a typ licence",
+                "description": "Zadejte svůj email a vyberte typ licence"
+            },
+            "personalInformation": {
+                "title": "Osobní údaje",
+                "description": "Povězte nám něco o sobě"
+            },
+            "contactInformation": {
+                "title": "Kontaktní údaje",
+                "description": "Vaše kontaktní údaje"
+            },
+            "termsGenerate": {
+                "title": "Podmínky a vygenerovat",
+                "description": "Zkontrolujte a přijměte podmínky pro vygenerování vaší licence"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Poskytnutí využití",
+                "description": "Vyberte si typ licence který odráží způsob využití. Osobní licence dovoluje používat aplikaci pro osobní využití, nekomerční využití nebo v malých organizacích do ročního obratu pod 100 000 USD. Jakékoliv jiné využití včetně využití pro podnikání, organizace nebo jiná prostředí generující zisk vyžaduje platnou podnikovou licenci a platbu licenčních poplatků. Všichni uživatelé, ať už osobních nebo podnikových licencí, musí souhlasit s Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Informace o zkušební době",
+                "description": "Tento licenční klíč umožňuje používat podnikové funkce po dobu sedmidenní zkušební doby. Abyste zachovali přístup k placeným funkcím po skončení zkušební doby, musíte aktivovat platnou osobní nebo podnikovou licenci. Pro podnikové licence kontaktujte sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Používáte Pangolin pro osobní nebo obchodní účely?",
+            "firstName": "Křestní jméno",
+            "lastName": "Příjmení",
+            "jobTitle": "Pracovní pozice",
+            "primaryUseQuestion": "Na co budete především používat Pangolin?",
+            "industryQuestion": "Jaké je vaše odvětví?",
+            "prospectiveUsersQuestion": "Kolik potenciálních uživatelů předpokládáte?",
+            "prospectiveSitesQuestion": "Kolik předpokládáte lokalit (tunelů)?",
+            "companyName": "Název společnosti",
+            "countryOfResidence": "Země sídla společnosti",
+            "stateProvinceRegion": "Stát / kraj / oblast",
+            "postalZipCode": "PSČ",
+            "companyWebsite": "Stránky společnosti",
+            "companyPhoneNumber": "Telefonní číslo společnosti",
+            "country": "Země",
+            "phoneNumberOptional": "Telefonní číslo (nepovinné)",
+            "complianceConfirmation": "Potvrzuji, že informace které jsem poskytl jsou přesné a že jsem v souladu s licencí Fossorial Commercial License. Poskutnutí nepřesných informací nebo nesprávné určení použití produktu je porušením licence a může vést ke zrušení platnosti klíče."
+        },
+        "buttons": {
+            "close": "Zavřít",
+            "previous": "Předchozí",
+            "next": "Následující",
+            "generateLicenseKey": "Vygenerovat licenční klíč"
+        },
+        "toasts": {
+            "success": {
+                "title": "Licenční klíč byl úspěšně vytvořen",
+                "description": "Váš licenční klíč byl vytvořen a je připraven k použití."
+            },
+            "error": {
+                "title": "Nepodařilo se vytvořit licenční klíč",
+                "description": "Při generování licenčního klíče došlo k chybě."
+            }
+        }
+    },
+    "priority": "Priorita",
+    "priorityDescription": "Vyšší priorita je vyhodnocena jako první. Priorita = 100 znamená automatické řazení (rozhodnutí systému). Pro vynucení manuální priority použijte jiné číslo.",
+    "instanceName": "Název instance",
+    "pathMatchModalTitle": "Nastavit porovnávání cest",
+    "pathMatchModalDescription": "Nastavte jak se bude ověřovat, ze cesty příchozích požadavků se shodují.",
+    "pathMatchType": "Typ shody",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Přesná",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Hodnota cesty",
+    "clear": "Smazat",
+    "saveChanges": "Uložit změny",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/cesta",
+    "pathMatchPrefixHelp": "Příklad: /api se shoduje s cestami /api, /api/users atd.",
+    "pathMatchExactHelp": "Příklad: /api se shoduje pouze s cestou /api",
+    "pathMatchRegexHelp": "Příklad: ^/api/.* se shoduje s /api/cokoliv",
+    "pathRewriteModalTitle": "Nastavit přepis cesty",
+    "pathRewriteModalDescription": "Upravit shodující se cestu před odesláním požadavku do cíle.",
+    "pathRewriteType": "Typ přepisu",
+    "pathRewritePrefixOption": "Prefix - Nahradí prefix",
+    "pathRewriteExactOption": "Přesný - Nahradí celou cestu",
+    "pathRewriteRegexOption": "Regex - Nahrazení pomocí vzorů",
+    "pathRewriteStripPrefixOption": "Odstranit prefix - Odstraní prefix",
+    "pathRewriteValue": "Přepisovaná hodnota",
+    "pathRewriteRegexPlaceholder": "/nová/$1",
+    "pathRewriteDefaultPlaceholder": "/nová-cesta",
+    "pathRewritePrefixHelp": "Nahradit odpovídající prefix touto hodnotou",
+    "pathRewriteExactHelp": "Nahradit celou cestu touto hodnotou, pokud cesta přesně odpovídá",
+    "pathRewriteRegexHelp": "K nahrazení použít capture groups jako $1, $2",
+    "pathRewriteStripPrefixHelp": "Ponechte prázdné pro odstranění prefixu nebo zadejte nový prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Přesný",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Odstranit",
+    "pathRewriteStripLabel": "odstranit",
+    "sidebarEnableEnterpriseLicense": "Použít podnikovou licenci",
+    "cannotbeUndone": "To nelze vrátit zpět.",
+    "toConfirm": "Potvrdit",
+    "deleteClientQuestion": "Jste si jisti, že chcete odstranit klienta z webu a organizace?",
+    "clientMessageRemove": "Po odstranění se klient již nebude moci připojit k webu.",
+    "sidebarLogs": "Logy",
+    "request": "Žádost",
+    "logs": "Logy",
+    "logsSettingsDescription": "Monitorovat logy shromážděné z této orginizace",
+    "searchLogs": "Hledat logy...",
+    "action": "Akce",
+    "actor": "Aktér",
+    "timestamp": "Časové razítko",
+    "accessLogs": "Protokoly přístupu",
+    "exportCsv": "Exportovat CSV",
+    "actorId": "ID aktéra",
+    "allowedByRule": "Povoleno pomocí pravidla",
+    "allowedNoAuth": "Povoleno bez ověření",
+    "validAccessToken": "Platný přístupový token",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Platné heslo",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Zablokované zdroje",
+    "droppedByRule": "Zrušeno pravidlem",
+    "noSessions": "Žádné relace",
+    "temporaryRequestToken": "Dočasný požadavek token",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP adresa",
+    "reason": "Důvod",
+    "requestLogs": "Záznamy požadavků",
+    "host": "Hostitel",
+    "location": "Poloha",
+    "actionLogs": "Záznamy akcí",
+    "sidebarLogsRequest": "Záznamy požadavků",
+    "sidebarLogsAccess": "Protokoly přístupu",
+    "sidebarLogsAction": "Záznamy akcí",
+    "logRetention": "Zaznamenávání záznamu",
+    "logRetentionDescription": "Spravovat, jak dlouho jsou různé typy logů uloženy pro tuto organizaci nebo je zakázat",
+    "requestLogsDescription": "Zobrazit podrobné protokoly požadavků pro zdroje v této organizaci",
+    "logRetentionRequestLabel": "Zachování logu žádosti",
+    "logRetentionRequestDescription": "Jak dlouho uchovávat záznamy požadavků",
+    "logRetentionAccessLabel": "Zachování záznamu přístupu",
+    "logRetentionAccessDescription": "Jak dlouho uchovávat přístupové záznamy",
+    "logRetentionActionLabel": "Uchovávání protokolu akcí",
+    "logRetentionActionDescription": "Jak dlouho uchovávat záznamy akcí",
+    "logRetentionDisabled": "Zakázáno",
+    "logRetention3Days": "3 dny",
+    "logRetention7Days": "7 dní",
+    "logRetention14Days": "14 dní",
+    "logRetention30Days": "30 dní",
+    "logRetention90Days": "90 dní",
+    "logRetentionForever": "Navždy",
+    "actionLogsDescription": "Zobrazit historii akcí provedených v této organizaci",
+    "accessLogsDescription": "Zobrazit žádosti o ověření přístupu pro zdroje v této organizaci",
+    "licenseRequiredToUse": "Pro použití této funkce je vyžadována licence pro podnikání.",
+    "certResolver": "Oddělovač certifikátů",
+    "certResolverDescription": "Vyberte řešitele certifikátů pro tento dokument.",
+    "selectCertResolver": "Vyberte řešič certifikátů",
+    "enterCustomResolver": "Zadejte vlastní rozlišovač",
+    "preferWildcardCert": "Preferovat Wildcard certifikát",
+    "unverified": "Neověřeno",
+    "domainSetting": "Nastavení domény",
+    "domainSettingDescription": "Konfigurace nastavení pro vaši doménu",
+    "preferWildcardCertDescription": "Pokus o vygenerování zástupného certifikátu (vyžaduje správně nakonfigurovaný certifikát).",
+    "recordName": "Název záznamu",
+    "auto": "Automaticky",
+    "TTL": "TTL",
+    "howToAddRecords": "Jak přidat záznamy",
+    "dnsRecord": "Záznamy DNS",
+    "required": "Požadováno",
+    "domainSettingsUpdated": "Nastavení domény bylo úspěšně aktualizováno",
+    "orgOrDomainIdMissing": "Chybí ID organizace nebo domény",
+    "loadingDNSRecords": "Načítání DNS záznamů...",
+    "olmUpdateAvailableInfo": "Je k dispozici aktualizovaná verze Olm. Pro nejlepší zážitek prosím aktualizujte na nejnovější verzi.",
+    "client": "Zákazník",
+    "proxyProtocol": "Nastavení proxy protokolu",
+    "proxyProtocolDescription": "Konfigurace Proxy protokolu pro zachování klientských IP adres pro služby TCP/UDP.",
+    "enableProxyProtocol": "Povolit Proxy protokol",
+    "proxyProtocolInfo": "Zachovat IP adresy klienta pro TCP/UDP backends",
+    "proxyProtocolVersion": "Verze proxy protokolu",
+    "version1": " Verze 1 (doporučeno)",
+    "version2": "Verze 2",
+    "versionDescription": "Verze 1 je textová a široce podporovaná. Verze 2 je binární a efektivnější, ale méně kompatibilní.",
+    "warning": "Varování",
+    "proxyProtocolWarning": "Vaše backend aplikace musí být nakonfigurována, aby mohla být přijata spojení s Proxy protokolem. Pokud vaše backend nepodporuje Proxy protokol, povolením tohoto protokolu dojde k přerušení všech připojení. Ujistěte se, že nastavíte svou backend a důvěřujte hlavičkám Proxy protokolu z Traefik.",
+    "restarting": "Restartování...",
+    "manual": "Ruční",
+    "messageSupport": "Podpora zpráv",
+    "supportNotAvailableTitle": "Podpora není k dispozici",
+    "supportNotAvailableDescription": "Podpora není momentálně k dispozici. Můžete poslat e-mail na support@pangolin.net.",
+    "supportRequestSentTitle": "Žádost o podporu odeslána",
+    "supportRequestSentDescription": "Vaše zpráva byla úspěšně odeslána.",
+    "supportRequestFailedTitle": "Nepodařilo se odeslat žádost",
+    "supportRequestFailedDescription": "Při odesílání vaší žádosti o podporu došlo k chybě.",
+    "supportSubjectRequired": "Předmět je povinný",
+    "supportSubjectMaxLength": "Předmět musí být 255 znaků nebo méně",
+    "supportMessageRequired": "Je vyžadována zpráva",
+    "supportReplyTo": "Odpovědět na",
+    "supportSubject": "Předmět",
+    "supportSubjectPlaceholder": "Zadejte předmět",
+    "supportMessage": "Zpráva",
+    "supportMessagePlaceholder": "Zadejte svou zprávu",
+    "supportSending": "Odesílání...",
+    "supportSend": "Poslat",
+    "supportMessageSent": "Zpráva odeslána!",
+    "supportWillContact": "Brzy budeme v kontaktu!"
 }
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -10,7 +10,7 @@
    "setupErrorIdentifier": "Organisations-ID ist bereits vergeben. Bitte wähle eine andere.",
    "componentsErrorNoMemberCreate": "Du bist derzeit kein Mitglied einer Organisation. Erstelle eine Organisation, um zu starten.",
    "componentsErrorNoMember": "Du bist aktuell kein Mitglied einer Organisation.",
-    "welcome": "Willkommen zu Pangolin",
+    "welcome": "Willkommen bei Pangolin!",
    "welcomeTo": "Willkommen bei",
    "componentsCreateOrg": "Erstelle eine Organisation",
    "componentsMember": "Du bist Mitglied von {count, plural, =0 {keiner Organisation} one {einer Organisation} other {# Organisationen}}.",
@@ -27,7 +27,7 @@
    "inviteLogInOtherUser": "Als anderer Benutzer anmelden",
    "createAnAccount": "Konto erstellen",
    "inviteNotAccepted": "Einladung nicht angenommen",
-    "authCreateAccount": "Erstellen ein Konto um loszulegen",
+    "authCreateAccount": "Erstelle ein Konto um loszulegen",
    "authNoAccount": "Du besitzt noch kein Konto?",
    "email": "E-Mail",
    "password": "Passwort",
@@ -47,9 +47,8 @@
    "edit": "Bearbeiten",
    "siteConfirmDelete": "Standort löschen bestätigen",
    "siteDelete": "Standort löschen",
-    "siteMessageRemove": "Sobald dieser Standort entfernt ist, wird er nicht mehr zugänglich sein. Alle Ressourcen und Ziele, die mit diesem Standort verbunden sind, werden ebenfalls entfernt.",
-    "siteMessageConfirm": "Um zu bestätigen, gib den Namen des Standortes unten ein.",
-    "siteQuestionRemove": "Bist du sicher, dass der Standort {selectedSite} aus der Organisation entfernt werden soll?",
+    "siteMessageRemove": "Sobald die Site entfernt ist, wird sie nicht mehr zugänglich sein. Alle mit der Site verbundenen Ziele werden ebenfalls entfernt.",
+    "siteQuestionRemove": "Sind Sie sicher, dass Sie die Site aus der Organisation entfernen möchten?",
    "siteManageSites": "Standorte verwalten",
    "siteDescription": "Verbindung zum Netzwerk durch sichere Tunnel erlauben",
    "siteCreate": "Standort erstellen",
@@ -64,7 +63,7 @@
    "siteLearnNewt": "Wie du Newt auf deinem System installieren kannst",
    "siteSeeConfigOnce": "Du kannst die Konfiguration nur einmalig ansehen.",
    "siteLoadWGConfig": "Lade WireGuard Konfiguration...",
-    "siteDocker": "Erweitern für Docker Details",
+    "siteDocker": "Docker-Details anzeigen",
    "toggle": "Umschalten",
    "dockerCompose": "Docker Compose",
    "dockerRun": "Docker Run",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Verwende jeden WireGuard-Client, um einen Tunnel einzurichten. Manuelles NAT-Setup erforderlich.",
    "siteWgDescriptionSaas": "Verwenden Sie jeden WireGuard-Client, um einen Tunnel zu erstellen. Manuelles NAT-Setup erforderlich. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN",
    "siteLocalDescription": "Nur lokale Ressourcen. Kein Tunneling.",
-    "siteLocalDescriptionSaas": "Nur lokale Ressourcen. Keine Tunneldurchführung. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN",
+    "siteLocalDescriptionSaas": "Nur lokale Ressourcen. Kein Tunneling. Nur für entfernte Knoten verfügbar.",
    "siteSeeAll": "Alle Standorte anzeigen",
    "siteTunnelDescription": "Lege fest, wie du dich mit deinem Standort verbinden möchtest",
    "siteNewtCredentials": "Neue Newt Zugangsdaten",
@@ -119,7 +118,7 @@
    "tokenId": "Token-ID",
    "requestHeades": "Anfrage-Header",
    "queryParameter": "Abfrageparameter",
-    "importantNote": "Wichtige Notiz",
+    "importantNote": "Wichtiger Hinweis",
    "shareImportantDescription": "Aus Sicherheitsgründen wird die Verwendung von Headern über Abfrageparameter empfohlen, wenn möglich, da Abfrageparameter in Server-Logs oder Browserverlauf protokolliert werden können.",
    "token": "Token",
    "shareTokenSecurety": "Halten Sie Ihr Zugangs-Token sicher. Teilen Sie es nicht in öffentlich zugänglichen Bereichen oder Client-seitigem Code.",
@@ -132,7 +131,7 @@
    "expireIn": "Verfällt in",
    "neverExpire": "Nie ablaufen",
    "shareExpireDescription": "Ablaufzeit ist, wie lange der Link verwendet werden kann und bietet Zugriff auf die Ressource. Nach dieser Zeit wird der Link nicht mehr funktionieren und Benutzer, die diesen Link benutzt haben, verlieren den Zugriff auf die Ressource.",
-    "shareSeeOnce": "Sie können diese Linie nur sehen. Bitte kopieren Sie sie.",
+    "shareSeeOnce": "Sie können diesen Link nur ein einziges Mal sehen. Bitte kopieren Sie ihn.",
    "shareAccessHint": "Jeder mit diesem Link kann auf die Ressource zugreifen. Teilen Sie sie mit Vorsicht.",
    "shareTokenUsage": "Zugriffstoken-Nutzung anzeigen",
    "createLink": "Link erstellen",
@@ -154,11 +153,10 @@
    "protected": "Geschützt",
    "notProtected": "Nicht geschützt",
    "resourceMessageRemove": "Einmal entfernt, wird die Ressource nicht mehr zugänglich sein. Alle mit der Ressource verbundenen Ziele werden ebenfalls entfernt.",
-    "resourceMessageConfirm": "Um zu bestätigen, geben Sie bitte den Namen der Ressource unten ein.",
-    "resourceQuestionRemove": "Sind Sie sicher, dass Sie die Ressource {selectedResource} aus der Organisation entfernen möchten?",
+    "resourceQuestionRemove": "Sind Sie sicher, dass Sie die Ressource aus der Organisation entfernen möchten?",
    "resourceHTTP": "HTTPS-Ressource",
    "resourceHTTPDescription": "Proxy-Anfragen an Ihre App über HTTPS unter Verwendung einer Subdomain oder einer Basis-Domain.",
-    "resourceRaw": "Rohe TCP/UDP Ressource",
+    "resourceRaw": "Direkte TCP/UDP Ressource (raw)",
    "resourceRawDescription": "Proxy-Anfragen an Ihre App über TCP/UDP mit einer Portnummer.",
    "resourceCreate": "Ressource erstellen",
    "resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen",
@@ -176,10 +174,10 @@
    "resourceTypeDescription": "Legen Sie fest, wie Sie auf Ihre Ressource zugreifen möchten",
    "resourceHTTPSSettings": "HTTPS-Einstellungen",
    "resourceHTTPSSettingsDescription": "Konfigurieren Sie den Zugriff auf Ihre Ressource über HTTPS",
-    "domainType": "Domänentyp",
+    "domainType": "Domain-Typ",
    "subdomain": "Subdomain",
-    "baseDomain": "Basisdomäne",
-    "subdomnainDescription": "Die Subdomäne, auf die Ihre Ressource zugegriffen werden soll.",
+    "baseDomain": "Basis-Domain",
+    "subdomnainDescription": "Die Subdomain, auf der Ihre Ressource erreichbar sein soll.",
    "resourceRawSettings": "TCP/UDP Einstellungen",
    "resourceRawSettingsDescription": "Konfigurieren Sie den Zugriff auf Ihre Ressource über TCP/UDP",
    "protocol": "Protokoll",
@@ -190,7 +188,7 @@
    "resourceConfig": "Konfiguration Snippets",
    "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurations-Snippets ein, um Ihre TCP/UDP Ressource einzurichten",
    "resourceAddEntrypoints": "Traefik: Einstiegspunkte hinzufügen",
-    "resourceExposePorts": "Gerbil: Ports im Docker Compose ausblenden",
+    "resourceExposePorts": "Gerbil: Ports im Docker Compose freigeben",
    "resourceLearnRaw": "Lernen Sie, wie Sie TCP/UDP Ressourcen konfigurieren",
    "resourceBack": "Zurück zu den Ressourcen",
    "resourceGoTo": "Zu Ressource gehen",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Organisation löschen bestätigen",
    "orgMessageRemove": "Diese Aktion ist unwiderruflich und löscht alle zugehörigen Daten.",
    "orgMessageConfirm": "Um zu bestätigen, geben Sie bitte den Namen der Organisation unten ein.",
-    "orgQuestionRemove": "Sind Sie sicher, dass Sie die Organisation {selectedOrg} entfernen möchten?",
+    "orgQuestionRemove": "Sind Sie sicher, dass Sie die Organisation entfernen möchten?",
    "orgUpdated": "Organisation aktualisiert",
    "orgUpdatedDescription": "Die Organisation wurde aktualisiert.",
    "orgErrorUpdate": "Fehler beim Aktualisieren der Organisation",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "API-Schlüssel generieren",
    "apiKeysErrorDelete": "Fehler beim Löschen des API-Schlüssels",
    "apiKeysErrorDeleteMessage": "Fehler beim Löschen des API-Schlüssels",
-    "apiKeysQuestionRemove": "Sind Sie sicher, dass Sie den API-Schlüssel {selectedApiKey} aus der Organisation entfernen möchten?",
+    "apiKeysQuestionRemove": "Sind Sie sicher, dass Sie den API-Schlüssel aus der Organisation entfernen möchten?",
    "apiKeysMessageRemove": "Einmal entfernt, kann der API-Schlüssel nicht mehr verwendet werden.",
-    "apiKeysMessageConfirm": "Zur Bestätigung geben Sie bitte den Namen des API-Schlüssels unten ein.",
    "apiKeysDeleteConfirm": "Löschen des API-Schlüssels bestätigen",
    "apiKeysDelete": "API-Schlüssel löschen",
    "apiKeysManage": "API-Schlüssel verwalten",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Benutzer löschen bestätigen",
    "userDeleteServer": "Benutzer vom Server löschen",
    "userMessageRemove": "Der Benutzer wird von allen Organisationen entfernt und vollständig vom Server entfernt.",
-    "userMessageConfirm": "Um zu bestätigen, geben Sie bitte den Namen des Benutzers unten ein.",
-    "userQuestionRemove": "Sind Sie sicher, dass Sie {selectedUser} dauerhaft vom Server löschen möchten?",
+    "userQuestionRemove": "Sind Sie sicher, dass Sie den Benutzer dauerhaft vom Server löschen möchten?",
    "licenseKey": "Lizenzschlüssel",
    "valid": "Gültig",
    "numberOfSites": "Anzahl der Standorte",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Fossorial Gewerbelizenz & Abonnementbedingungen anzeigen",
    "licenseMessageRemove": "Dadurch werden der Lizenzschlüssel und alle zugehörigen Berechtigungen entfernt.",
    "licenseMessageConfirm": "Um zu bestätigen, geben Sie bitte den Lizenzschlüssel unten ein.",
-    "licenseQuestionRemove": "Sind Sie sicher, dass Sie den Lizenzschlüssel {selectedKey} löschen möchten?",
+    "licenseQuestionRemove": "Sind Sie sicher, dass Sie den Lizenzschlüssel löschen möchten?",
    "licenseKeyDelete": "Lizenzschlüssel löschen",
    "licenseKeyDeleteConfirm": "Lizenzschlüssel löschen bestätigen",
    "licenseTitle": "Lizenzstatus verwalten",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Beim Entfernen der Einladung ist ein Fehler aufgetreten.",
    "inviteRemoved": "Einladung entfernt",
    "inviteRemovedDescription": "Die Einladung für {email} wurde entfernt.",
-    "inviteQuestionRemove": "Sind Sie sicher, dass Sie die Einladung {email} entfernen möchten?",
+    "inviteQuestionRemove": "Sind Sie sicher, dass Sie die Einladung entfernen möchten?",
    "inviteMessageRemove": "Sobald entfernt, wird diese Einladung nicht mehr gültig sein. Sie können den Benutzer später jederzeit erneut einladen.",
    "inviteMessageConfirm": "Bitte geben Sie zur Bestätigung die E-Mail-Adresse der Einladung unten ein.",
    "inviteQuestionRegenerate": "Sind Sie sicher, dass Sie die Einladung {email} neu generieren möchten? Dies wird die vorherige Einladung widerrufen.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Beim Entfernen des Benutzers ist ein Fehler aufgetreten.",
    "userOrgRemoved": "Benutzer entfernt",
    "userOrgRemovedDescription": "Der Benutzer {email} wurde aus der Organisation entfernt.",
-    "userQuestionOrgRemove": "Sind Sie sicher, dass Sie {email} aus der Organisation entfernen möchten?",
+    "userQuestionOrgRemove": "Sind Sie sicher, dass Sie diesen Benutzer aus der Organisation entfernen möchten?",
    "userMessageOrgRemove": "Nach dem Entfernen hat dieser Benutzer keinen Zugriff mehr auf die Organisation. Sie können ihn später jederzeit wieder einladen, aber er muss die Einladung erneut annehmen.",
-    "userMessageOrgConfirm": "Geben Sie zur Bestätigung den Namen des Benutzers unten ein.",
    "userRemoveOrgConfirm": "Entfernen des Benutzers bestätigen",
    "userRemoveOrg": "Benutzer aus der Organisation entfernen",
    "users": "Benutzer",
@@ -466,9 +461,12 @@
    "accessUsersRolesDescription": "Laden Sie Benutzer ein und fügen Sie sie zu Rollen hinzu, um den Zugriff auf Ihre Organisation zu verwalten",
    "key": "Schlüssel",
    "createdAt": "Erstellt am",
-    "proxyErrorInvalidHeader": "Ungültiger benutzerdefinierter Host-Header-Wert. Verwenden Sie das Domänennamensformat oder speichern Sie leer, um den benutzerdefinierten Host-Header zu deaktivieren.",
-    "proxyErrorTls": "Ungültiger TLS-Servername. Verwenden Sie das Domänennamensformat oder speichern Sie leer, um den TLS-Servernamen zu entfernen.",
-    "proxyEnableSSL": "SSL aktivieren (https)",
+    "proxyErrorInvalidHeader": "Ungültiger benutzerdefinierter Host-Header-Wert. Verwenden Sie das Domain-Namensformat oder speichern Sie leer, um den benutzerdefinierten Host-Header zu deaktivieren.",
+    "proxyErrorTls": "Ungültiger TLS-Servername. Verwenden Sie das Domain-Namensformat oder speichern Sie leer, um den TLS-Servernamen zu entfernen.",
+    "proxyEnableSSL": "SSL aktivieren",
+    "proxyEnableSSLDescription": "Aktiviere SSL/TLS-Verschlüsselung für sichere HTTPS-Verbindungen zu deinen Zielen.",
+    "target": "Target",
+    "configureTarget": "Ziele konfigurieren",
    "targetErrorFetch": "Fehler beim Abrufen der Ziele",
    "targetErrorFetchDescription": "Beim Abrufen der Ziele ist ein Fehler aufgetreten",
    "siteErrorFetch": "Fehler beim Abrufen der Ressource",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Sicherheitskonfiguration",
    "targetTlsSettingsDescription": "Konfiguriere SSL/TLS Einstellungen für deine Ressource",
    "targetTlsSettingsAdvanced": "Erweiterte TLS-Einstellungen",
-    "targetTlsSni": "TLS-Servername (SNI)",
+    "targetTlsSni": "TLS Servername",
    "targetTlsSniDescription": "Der zu verwendende TLS-Servername für SNI. Leer lassen, um den Standard zu verwenden.",
    "targetTlsSubmit": "Einstellungen speichern",
    "targets": "Ziel-Konfiguration",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Verbindungen für die gesamte Sitzung auf demselben Backend-Ziel halten.",
    "methodSelect": "Methode auswählen",
    "targetSubmit": "Ziel hinzufügen",
-    "targetNoOne": "Keine Ziele. Fügen Sie ein Ziel über das Formular hinzu.",
+    "targetNoOne": "Diese Ressource hat keine Ziele. Fügen Sie ein Ziel hinzu, um zu konfigurieren, wo Anfragen an Ihr Backend gesendet werden sollen.",
    "targetNoOneDescription": "Das Hinzufügen von mehr als einem Ziel aktiviert den Lastausgleich.",
    "targetsSubmit": "Ziele speichern",
+    "addTarget": "Ziel hinzufügen",
+    "targetErrorInvalidIp": "Ungültige IP-Adresse",
+    "targetErrorInvalidIpDescription": "Bitte geben Sie eine gültige IP-Adresse oder einen Hostnamen ein",
+    "targetErrorInvalidPort": "Ungültiger Port",
+    "targetErrorInvalidPortDescription": "Bitte geben Sie eine gültige Portnummer ein",
+    "targetErrorNoSite": "Keine Site ausgewählt",
+    "targetErrorNoSiteDescription": "Bitte wähle eine Seite für das Ziel aus",
+    "targetCreated": "Ziel erstellt",
+    "targetCreatedDescription": "Ziel wurde erfolgreich erstellt",
+    "targetErrorCreate": "Fehler beim Erstellen des Ziels",
+    "targetErrorCreateDescription": "Beim Erstellen des Ziels ist ein Fehler aufgetreten",
+    "save": "Speichern",
    "proxyAdditional": "Zusätzliche Proxy-Einstellungen",
    "proxyAdditionalDescription": "Konfigurieren Sie, wie Ihre Ressource mit Proxy-Einstellungen umgeht",
    "proxyCustomHeader": "Benutzerdefinierter Host-Header",
@@ -516,7 +526,7 @@
    "ipAddressErrorInvalidFormat": "Ungültiges IP-Adressformat",
    "ipAddressErrorInvalidOctet": "Ungültiges IP-Adress-Oktett",
    "path": "Pfad",
-    "matchPath": "Spielpfad",
+    "matchPath": "Match-Pfad",
    "ipAddressRange": "IP-Bereich",
    "rulesErrorFetch": "Fehler beim Abrufen der Regeln",
    "rulesErrorFetchDescription": "Beim Abrufen der Regeln ist ein Fehler aufgetreten",
@@ -576,7 +586,7 @@
    "none": "Keine",
    "unknown": "Unbekannt",
    "resources": "Ressourcen",
-    "resourcesDescription": "Ressourcen sind Proxies zu Anwendungen in Ihrem privaten Netzwerk. Erstellen Sie eine Ressource für jeden HTTP/HTTPS- oder rohen TCP/UDP-Dienst in Ihrem privaten Netzwerk. Jede Ressource muss mit einer Site verbunden sein, um private, sichere Konnektivität über einen verschlüsselten WireGuard-Tunnel zu ermöglichen.",
+    "resourcesDescription": "Ressourcen sind Proxies zu Anwendungen in Ihrem privaten Netzwerk. Erstellen Sie eine Ressource für jeden HTTP/HTTPS- oder direkten TCP/UDP-Dienst in Ihrem privaten Netzwerk. Jede Ressource muss mit einer Site verbunden sein, um private, sichere Konnektivität über einen verschlüsselten WireGuard-Tunnel zu ermöglichen.",
    "resourcesWireGuardConnect": "Sichere Verbindung mit WireGuard-Verschlüsselung",
    "resourcesMultipleAuthenticationMethods": "Mehrere Authentifizierungsmethoden konfigurieren",
    "resourcesUsersRolesAccess": "Benutzer- und rollenbasierte Zugriffskontrolle",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Server-Admin - Pangolin",
    "licenseTierProfessional": "Professional Lizenz",
    "licenseTierEnterprise": "Enterprise Lizenz",
-    "licenseTierCommercial": "Gewerbliche Lizenz",
+    "licenseTierPersonal": "Persönliche Lizenz",
    "licensed": "Lizenziert",
    "yes": "Ja",
    "no": "Nein",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Identitätsanbieter im System anzeigen und verwalten",
    "idpDeletedDescription": "Identitätsanbieter erfolgreich gelöscht",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Sind Sie sicher, dass Sie den Identitätsanbieter {name} dauerhaft löschen möchten?",
+    "idpQuestionRemove": "Sind Sie sicher, dass Sie den Identitätsanbieter dauerhaft löschen möchten?",
    "idpMessageRemove": "Dies wird den Identitätsanbieter und alle zugehörigen Konfigurationen entfernen. Benutzer, die sich über diesen Anbieter authentifizieren, können sich nicht mehr anmelden.",
    "idpMessageConfirm": "Bitte geben Sie zur Bestätigung den Namen des Identitätsanbieters unten ein.",
    "idpConfirmDelete": "Löschen des Identitätsanbieters bestätigen",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Ein Anzeigename für diesen Identitätsanbieter",
    "idpAutoProvisionUsers": "Automatische Benutzerbereitstellung",
    "idpAutoProvisionUsersDescription": "Wenn aktiviert, werden Benutzer beim ersten Login automatisch im System erstellt, mit der Möglichkeit, Benutzer Rollen und Organisationen zuzuordnen.",
-    "licenseBadge": "Profi",
+    "licenseBadge": "EE",
    "idpType": "Anbietertyp",
    "idpTypeDescription": "Wählen Sie den Typ des Identitätsanbieters, den Sie konfigurieren möchten",
    "idpOidcConfigure": "OAuth2/OIDC Konfiguration",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Prüfen Sie Ihre E-Mail für den Reset-Code.",
    "passwordNew": "Neues Passwort",
    "passwordNewConfirm": "Neues Passwort bestätigen",
+    "changePassword": "Passwort ändern",
+    "changePasswordDescription": "Passwort des Kontos aktualisieren",
+    "oldPassword": "Aktuelles Passwort",
+    "newPassword": "Neues Passwort",
+    "confirmNewPassword": "Neues Passwort bestätigen",
+    "changePasswordError": "Fehler beim Ändern des Passworts",
+    "changePasswordErrorDescription": "Fehler beim Ändern Ihres Passworts",
+    "changePasswordSuccess": "Passwort erfolgreich geändert",
+    "changePasswordSuccessDescription": "Ihr Passwort wurde erfolgreich aktualisiert",
+    "passwordExpiryRequired": "Passwortablauf erforderlich",
+    "passwordExpiryDescription": "Diese Organisation erfordert, dass Sie Ihr Passwort alle {maxDays} Tage ändern.",
+    "changePasswordNow": "Passwort jetzt ändern",
    "pincodeAuth": "Authentifizierungscode",
    "pincodeSubmit2": "Code absenden",
    "passwordResetSubmit": "Zurücksetzung anfordern",
@@ -994,7 +1016,7 @@
    "actionUpdateUser": "Benutzer aktualisieren",
    "actionGetUser": "Benutzer abrufen",
    "actionGetOrgUser": "Organisationsbenutzer abrufen",
-    "actionListOrgDomains": "Organisationsdomänen auflisten",
+    "actionListOrgDomains": "Organisationsdomains auflisten",
    "actionCreateSite": "Standort erstellen",
    "actionDeleteSite": "Standort löschen",
    "actionGetSite": "Standort abrufen",
@@ -1084,7 +1106,6 @@
    "navbar": "Navigationsmenü",
    "navbarDescription": "Hauptnavigationsmenü für die Anwendung",
    "navbarDocsLink": "Dokumentation",
-    "commercialEdition": "Kommerzielle Edition",
    "otpErrorEnable": "2FA konnte nicht aktiviert werden",
    "otpErrorEnableDescription": "Beim Aktivieren der 2FA ist ein Fehler aufgetreten",
    "otpSetupCheckCode": "Bitte geben Sie einen 6-stelligen Code ein",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Alle Benutzer",
    "sidebarIdentityProviders": "Identitätsanbieter",
    "sidebarLicense": "Lizenz",
-    "sidebarClients": "Kunden (Beta)",
+    "sidebarClients": "Kunden",
    "sidebarDomains": "Domänen",
+    "sidebarBluePrints": "Baupläne",
+    "blueprints": "Baupläne",
+    "blueprintsDescription": "Blaupausen sind deklarative YAML-Konfigurationen, die deine Ressourcen und deren Einstellungen definieren",
+    "blueprintAdd": "Blaupause hinzufügen",
+    "blueprintGoBack": "Alle Blaupausen ansehen",
+    "blueprintCreate": "Blaupause erstellen",
+    "blueprintCreateDescription2": "Folge den Schritten unten, um eine neue Blaupause zu erstellen und anzuwenden",
+    "blueprintDetails": "Blaupausendetails",
+    "blueprintDetailsDescription": "Siehe die Blaupausenlauf-Details",
+    "blueprintInfo": "Blaupauseninformation",
+    "message": "Nachricht",
+    "blueprintContentsDescription": "Definieren Sie den YAML-Inhalt, der Ihre Infrastruktur beschreibt",
+    "blueprintErrorCreateDescription": "Fehler beim Anwenden der Blaupause",
+    "blueprintErrorCreate": "Fehler beim Erstellen der Blaupause",
+    "searchBlueprintProgress": "Blaupausen suchen...",
+    "appliedAt": "Angewandt am",
+    "source": "Quelle",
+    "contents": "Inhalt",
+    "parsedContents": "Analysierte Inhalte",
    "enableDockerSocket": "Docker Blaupause aktivieren",
    "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blaupausenbeschriftungen. Der Socket-Pfad muss neu angegeben werden.",
    "enableDockerSocketLink": "Mehr erfahren",
@@ -1149,15 +1189,15 @@
    "containersIn": "Container in {siteName}",
    "selectContainerDescription": "Wählen Sie einen Container, der als Hostname für dieses Ziel verwendet werden soll. Klicken Sie auf einen Port, um einen Port zu verwenden.",
    "containerName": "Name",
-    "containerImage": "Bild",
-    "containerState": "Bundesland",
+    "containerImage": "Image",
+    "containerState": "Status",
    "containerNetworks": "Netzwerke",
    "containerHostnameIp": "Hostname/IP",
    "containerLabels": "Etiketten",
    "containerLabelsCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
    "containerLabelsTitle": "Container-Labels",
    "containerLabelEmpty": "<leer>",
-    "containerPorts": "Häfen",
+    "containerPorts": "Ports",
    "containerPortsMore": "+{count} mehr",
    "containerActions": "Aktionen",
    "select": "Auswählen",
@@ -1169,7 +1209,7 @@
    "searchResultsCount": "{count, plural, one {# Ergebnis} other {# Ergebnisse}}",
    "filters": "Filter",
    "filterOptions": "Filteroptionen",
-    "filterPorts": "Häfen",
+    "filterPorts": "Ports",
    "filterStopped": "Stoppt",
    "clearAllFilters": "Alle Filter löschen",
    "columns": "Spalten",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Domain erstellen",
    "domainCreatedDescription": "Domain erfolgreich erstellt",
    "domainDeletedDescription": "Domain erfolgreich gelöscht",
-    "domainQuestionRemove": "Möchten Sie die Domain {domain} wirklich aus Ihrem Konto entfernen?",
+    "domainQuestionRemove": "Sind Sie sicher, dass Sie die Domain von Ihrem Konto entfernen möchten?",
    "domainMessageRemove": "Nach dem Entfernen wird die Domain nicht mehr mit Ihrem Konto verknüpft.",
-    "domainMessageConfirm": "Um zu bestätigen, geben Sie bitte den Domainnamen unten ein.",
    "domainConfirmDelete": "Domain-Löschung bestätigen",
    "domainDelete": "Domain löschen",
    "domain": "Domäne",
@@ -1239,13 +1278,13 @@
    "settingsErrorUpdate": "Einstellungen konnten nicht aktualisiert werden",
    "settingsErrorUpdateDescription": "Beim Aktualisieren der Einstellungen ist ein Fehler aufgetreten",
    "sidebarCollapse": "Zusammenklappen",
-    "sidebarExpand": "Erweitern",
+    "sidebarExpand": "Aufklappen",
    "newtUpdateAvailable": "Update verfügbar",
    "newtUpdateAvailableInfo": "Eine neue Version von Newt ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
    "domainPickerEnterDomain": "Domäne",
    "domainPickerPlaceholder": "myapp.example.com",
-    "domainPickerDescription": "Geben Sie die vollständige Domäne der Ressource ein, um verfügbare Optionen zu sehen.",
-    "domainPickerDescriptionSaas": "Geben Sie eine vollständige Domäne, Subdomäne oder einfach einen Namen ein, um verfügbare Optionen zu sehen",
+    "domainPickerDescription": "Geben Sie die vollständige Domain der Ressource ein, um verfügbare Optionen zu sehen.",
+    "domainPickerDescriptionSaas": "Geben Sie eine vollständige Domain, Subdomain oder einfach einen Namen ein, um verfügbare Optionen zu sehen",
    "domainPickerTabAll": "Alle",
    "domainPickerTabOrganization": "Organisation",
    "domainPickerTabProvided": "Bereitgestellt",
@@ -1266,11 +1305,11 @@
    "billingFreeTier": "Kostenlose Stufe",
    "billingWarningOverLimit": "Warnung: Sie haben ein oder mehrere Nutzungslimits überschritten. Ihre Webseiten werden nicht verbunden, bis Sie Ihr Abonnement ändern oder Ihren Verbrauch anpassen.",
    "billingUsageLimitsOverview": "Übersicht über Nutzungsgrenzen",
-    "billingMonitorUsage": "Überwachen Sie Ihren Verbrauch im Vergleich zu konfigurierten Grenzwerten. Wenn Sie eine Erhöhung der Limits benötigen, kontaktieren Sie uns bitte support@fossorial.io.",
+    "billingMonitorUsage": "Überwachen Sie Ihren Verbrauch im Vergleich zu konfigurierten Grenzwerten. Wenn Sie eine Erhöhung der Limits benötigen, kontaktieren Sie uns bitte support@pangolin.net.",
    "billingDataUsage": "Datenverbrauch",
    "billingOnlineTime": "Online-Zeit der Seite",
    "billingUsers": "Aktive Benutzer",
-    "billingDomains": "Aktive Domänen",
+    "billingDomains": "Aktive Domains",
    "billingRemoteExitNodes": "Aktive selbstgehostete Nodes",
    "billingNoLimitConfigured": "Kein Limit konfiguriert",
    "billingEstimatedPeriod": "Geschätzter Abrechnungszeitraum",
@@ -1298,7 +1337,7 @@
    "billingDataUsageInfo": "Wenn Sie mit der Cloud verbunden sind, werden alle Daten über Ihre sicheren Tunnel belastet. Dies schließt eingehenden und ausgehenden Datenverkehr über alle Ihre Websites ein. Wenn Sie Ihr Limit erreichen, werden Ihre Seiten die Verbindung trennen, bis Sie Ihr Paket upgraden oder die Nutzung verringern. Daten werden nicht belastet, wenn Sie Knoten verwenden.",
    "billingOnlineTimeInfo": "Sie werden belastet, abhängig davon, wie lange Ihre Seiten mit der Cloud verbunden bleiben. Zum Beispiel 44.640 Minuten entspricht einer Site, die 24 Stunden am Tag des Monats läuft. Wenn Sie Ihr Limit erreichen, werden Ihre Seiten die Verbindung trennen, bis Sie Ihr Paket upgraden oder die Nutzung verringern. Die Zeit wird nicht belastet, wenn Sie Knoten verwenden.",
    "billingUsersInfo": "Ihnen wird für jeden Benutzer in Ihrer Organisation berechnet. Die Abrechnung erfolgt täglich basierend auf der Anzahl der aktiven Benutzerkonten in Ihrer Organisation.",
-    "billingDomainInfo": "Ihnen wird für jede Domäne in Ihrer Organisation berechnet. Die Abrechnung erfolgt täglich basierend auf der Anzahl der aktiven Domänenkonten in Ihrer Organisation.",
+    "billingDomainInfo": "Ihnen wird jede Domain in Ihrer Organisation berechnet. Die Abrechnung erfolgt täglich, basierend auf der Anzahl der aktiven Domain-Konten in Ihrer Organisation.",
    "billingRemoteExitNodesInfo": "Ihnen wird für jeden verwalteten Node in Ihrer Organisation berechnet. Die Abrechnung erfolgt täglich basierend auf der Anzahl der aktiven verwalteten Nodes in Ihrer Organisation.",
    "domainNotFound": "Domain nicht gefunden",
    "domainNotFoundDescription": "Diese Ressource ist deaktiviert, weil die Domain nicht mehr in unserem System existiert. Bitte setzen Sie eine neue Domain für diese Ressource.",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Es gab ein Problem mit Ihrem Sicherheitsschlüssel. Bitte versuchen Sie es erneut.",
    "twoFactorRequired": "Zur Registrierung eines Sicherheitsschlüssels ist eine Zwei-Faktor-Authentifizierung erforderlich.",
    "twoFactor": "Zwei-Faktor-Authentifizierung",
+    "twoFactorAuthentication": "Zwei-Faktor-Authentifizierung",
+    "twoFactorDescription": "Diese Organisation erfordert Zwei-Faktor-Authentifizierung.",
+    "enableTwoFactor": "Zwei-Faktor-Authentifizierung aktivieren",
+    "organizationSecurityPolicy": "Sicherheitsrichtlinien der Organisation",
+    "organizationSecurityPolicyDescription": "Diese Organisation hat Sicherheitsanforderungen, die erfüllt werden müssen, bevor Sie darauf zugreifen können",
+    "securityRequirements": "Sicherheitsanforderungen",
+    "allRequirementsMet": "Alle Anforderungen wurden erfüllt",
+    "completeRequirementsToContinue": "Erfülle die folgenden Anforderungen, um weiterhin auf diese Organisation zuzugreifen",
+    "youCanNowAccessOrganization": "Sie können nun auf diese Organisation zugreifen",
+    "reauthenticationRequired": "Sitzungslänge",
+    "reauthenticationDescription": "Diese Organisation erfordert, dass Sie sich alle {maxDays} Tage anmelden.",
+    "reauthenticationDescriptionHours": "Diese Organisation erfordert, dass Sie sich alle {maxHours} Stunden einloggen.",
+    "reauthenticateNow": "Erneut anmelden",
    "adminEnabled2FaOnYourAccount": "Ihr Administrator hat die Zwei-Faktor-Authentifizierung für {email} aktiviert. Bitte schließen Sie den Einrichtungsprozess ab, um fortzufahren.",
-    "continueToApplication": "Weiter zur Anwendung",
    "securityKeyAdd": "Sicherheitsschlüssel hinzufügen",
    "securityKeyRegisterTitle": "Neuen Sicherheitsschlüssel registrieren",
    "securityKeyRegisterDescription": "Verbinden Sie Ihren Sicherheitsschlüssel und geben Sie einen Namen ein, um ihn zu identifizieren",
@@ -1374,7 +1425,7 @@
    "olmTunnel": "Olm-Tunnel",
    "olmTunnelDescription": "Nutzen Sie Olm für die Kundenverbindung",
    "errorCreatingClient": "Fehler beim Erstellen des Clients",
-    "clientDefaultsNotFound": "Kundenvorgaben nicht gefunden",
+    "clientDefaultsNotFound": "Standardeinstellungen des Clients nicht gefunden",
    "createClient": "Client erstellen",
    "createClientDescription": "Erstellen Sie einen neuen Client für die Verbindung zu Ihren Standorten.",
    "seeAllClients": "Alle Clients anzeigen",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Externer Proxy aktiviert",
    "addNewTarget": "Neues Ziel hinzufügen",
    "targetsList": "Ziel-Liste",
+    "advancedMode": "Erweiterter Modus",
    "targetErrorDuplicateTargetFound": "Doppeltes Ziel gefunden",
    "healthCheckHealthy": "Gesund",
    "healthCheckUnhealthy": "Ungesund",
@@ -1450,13 +1502,13 @@
    "httpMethod": "HTTP-Methode",
    "selectHttpMethod": "HTTP-Methode auswählen",
    "domainPickerSubdomainLabel": "Subdomain",
-    "domainPickerBaseDomainLabel": "Basisdomäne",
+    "domainPickerBaseDomainLabel": "Basisdomain",
    "domainPickerSearchDomains": "Domains suchen...",
    "domainPickerNoDomainsFound": "Keine Domains gefunden",
    "domainPickerLoadingDomains": "Domains werden geladen...",
-    "domainPickerSelectBaseDomain": "Basisdomäne auswählen...",
+    "domainPickerSelectBaseDomain": "Basisdomain auswählen...",
    "domainPickerNotAvailableForCname": "Für CNAME-Domains nicht verfügbar",
-    "domainPickerEnterSubdomainOrLeaveBlank": "Geben Sie eine Subdomain ein oder lassen Sie das Feld leer, um die Basisdomäne zu verwenden.",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Geben Sie eine Subdomain ein oder lassen Sie das Feld leer, um die Basisdomain zu verwenden.",
    "domainPickerEnterSubdomainToSearch": "Geben Sie eine Subdomain ein, um verfügbare freie Domains zu suchen und auszuwählen.",
    "domainPickerFreeDomains": "Freie Domains",
    "domainPickerSearchForAvailableDomains": "Verfügbare Domains suchen",
@@ -1471,7 +1523,7 @@
    "resourcesTableNoInternalResourcesFound": "Keine internen Ressourcen gefunden.",
    "resourcesTableDestination": "Ziel",
    "resourcesTableTheseResourcesForUseWith": "Diese Ressourcen sind zur Verwendung mit",
-    "resourcesTableClients": "Kunden",
+    "resourcesTableClients": "Clients",
    "resourcesTableAndOnlyAccessibleInternally": "und sind nur intern zugänglich, wenn mit einem Client verbunden.",
    "editInternalResourceDialogEditClientResource": "Client-Ressource bearbeiten",
    "editInternalResourceDialogUpdateResourceProperties": "Aktualisieren Sie die Ressourceneigenschaften und die Zielkonfiguration für {resourceName}.",
@@ -1543,21 +1595,20 @@
    "autoLoginError": "Fehler bei der automatischen Anmeldung",
    "autoLoginErrorNoRedirectUrl": "Keine Weiterleitungs-URL vom Identitätsanbieter erhalten.",
    "autoLoginErrorGeneratingUrl": "Fehler beim Generieren der Authentifizierungs-URL.",
-    "remoteExitNodeManageRemoteExitNodes": "Selbst-Hosted verwalten",
-    "remoteExitNodeDescription": "Knoten verwalten, um die Netzwerkverbindung zu erweitern",
+    "remoteExitNodeManageRemoteExitNodes": "Entfernte Knoten",
+    "remoteExitNodeDescription": "Self-Hosten Sie einen oder mehrere entfernte Knoten, um Ihr Netzwerk zu erweitern und die Abhängigkeit von der Cloud zu verringern",
    "remoteExitNodes": "Knoten",
    "searchRemoteExitNodes": "Knoten suchen...",
    "remoteExitNodeAdd": "Knoten hinzufügen",
    "remoteExitNodeErrorDelete": "Fehler beim Löschen des Knotens",
-    "remoteExitNodeQuestionRemove": "Sind Sie sicher, dass Sie den Knoten {selectedNode} aus der Organisation entfernen möchten?",
+    "remoteExitNodeQuestionRemove": "Sind Sie sicher, dass Sie den Knoten aus der Organisation entfernen möchten?",
    "remoteExitNodeMessageRemove": "Einmal entfernt, wird der Knoten nicht mehr zugänglich sein.",
-    "remoteExitNodeMessageConfirm": "Um zu bestätigen, geben Sie bitte den Namen des Knotens unten ein.",
    "remoteExitNodeConfirmDelete": "Löschknoten bestätigen",
    "remoteExitNodeDelete": "Knoten löschen",
-    "sidebarRemoteExitNodes": "Knoten",
+    "sidebarRemoteExitNodes": "Entfernte Knoten",
    "remoteExitNodeCreate": {
        "title": "Knoten erstellen",
-        "description": "Erstellen Sie einen neuen Knoten, um Ihre Netzwerkverbindung zu erweitern",
+        "description": "Erstellen Sie einen neuen Knoten, um Ihr Netzwerk zu erweitern",
        "viewAllButton": "Alle Knoten anzeigen",
        "strategy": {
            "title": "Erstellungsstrategie",
@@ -1665,7 +1716,7 @@
    "idpAzureConfigurationDescription": "Konfigurieren Sie Ihre Azure Entra ID OAuth2 Zugangsdaten",
    "idpTenantId": "Mandanten-ID",
    "idpTenantIdPlaceholder": "deine Mandant-ID",
-    "idpAzureTenantIdDescription": "Ihre Azure Mieter-ID (gefunden in Azure Active Directory Übersicht)",
+    "idpAzureTenantIdDescription": "Ihre Azure Tenant-ID (gefunden in Azure Active Directory Übersicht)",
    "idpAzureClientIdDescription": "Ihre Azure App Registration Client ID",
    "idpAzureClientSecretDescription": "Ihr Azure App Registration Client Secret",
    "idpGoogleTitle": "Google",
@@ -1684,7 +1735,7 @@
    "authPage": "Auth Seite",
    "authPageDescription": "Konfigurieren Sie die Auth-Seite für Ihre Organisation",
    "authPageDomain": "Domain der Auth Seite",
-    "noDomainSet": "Keine Domäne gesetzt",
+    "noDomainSet": "Keine Domain gesetzt",
    "changeDomain": "Domain ändern",
    "selectDomain": "Domain auswählen",
    "restartCertificate": "Zertifikat neu starten",
@@ -1700,7 +1751,7 @@
    "domainPickerUnverified": "Nicht verifiziert",
    "domainPickerInvalidSubdomainStructure": "Diese Subdomain enthält ungültige Zeichen oder Struktur. Sie wird beim Speichern automatisch bereinigt.",
    "domainPickerError": "Fehler",
-    "domainPickerErrorLoadDomains": "Fehler beim Laden der Organisations-Domänen",
+    "domainPickerErrorLoadDomains": "Fehler beim Laden der Organisations-Domains",
    "domainPickerErrorCheckAvailability": "Fehler beim Prüfen der Domain-Verfügbarkeit",
    "domainPickerInvalidSubdomain": "Ungültige Subdomain",
    "domainPickerInvalidSubdomainRemoved": "Die Eingabe \"{sub}\" wurde entfernt, weil sie nicht gültig ist.",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Datei bearbeiten: docker-compose.yml",
    "emailVerificationRequired": "E-Mail-Verifizierung ist erforderlich. Bitte melden Sie sich erneut über {dashboardUrl}/auth/login an. Kommen Sie dann wieder hierher.",
    "twoFactorSetupRequired": "Die Zwei-Faktor-Authentifizierung ist erforderlich. Bitte melden Sie sich erneut über {dashboardUrl}/auth/login an. Dann kommen Sie hierher zurück.",
+    "additionalSecurityRequired": "Zusätzliche Sicherheit erforderlich",
+    "organizationRequiresAdditionalSteps": "Diese Organisation erfordert zusätzliche Sicherheitsschritte, bevor Sie auf Ressourcen zugreifen können.",
+    "completeTheseSteps": "Schließe diese Schritte ab",
+    "enableTwoFactorAuthentication": "Zwei-Faktor-Authentifizierung aktivieren",
+    "completeSecuritySteps": "Schließe Sicherheitsschritte ab",
+    "securitySettings": "Sicherheitseinstellungen",
+    "securitySettingsDescription": "Konfigurieren Sie Sicherheitsrichtlinien für Ihre Organisation",
+    "requireTwoFactorForAllUsers": "Zwei-Faktor-Authentifizierung für alle Benutzer erforderlich",
+    "requireTwoFactorDescription": "Wenn aktiviert, müssen alle internen Benutzer in dieser Organisation die Zwei-Faktor-Authentifizierung aktiviert haben, um auf die Organisation zuzugreifen.",
+    "requireTwoFactorDisabledDescription": "Diese Funktion erfordert eine gültige Lizenz (Unternehmen) oder ein aktives Abonnement (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Sie müssen die Zwei-Faktor-Authentifizierung für Ihr Konto aktivieren, bevor Sie es für alle Benutzer erzwingen können",
+    "maxSessionLength": "Maximale Sitzungslänge",
+    "maxSessionLengthDescription": "Legen Sie die maximale Dauer für Benutzersitzungen fest. Nach dieser Zeit müssen Benutzer erneut authentifizieren.",
+    "maxSessionLengthDisabledDescription": "Diese Funktion erfordert eine gültige Lizenz (Unternehmen) oder ein aktives Abonnement (SaaS)",
+    "selectSessionLength": "Sitzungslänge auswählen",
+    "unenforced": "Unerzwungen",
+    "1Hour": "1 Stunde",
+    "3Hours": "3 Stunden",
+    "6Hours": "6 Stunden",
+    "12Hours": "12 Stunden",
+    "1DaySession": "1 Tag",
+    "3Days": "3 Tage",
+    "7Days": "7 Tage",
+    "14Days": "14 Tage",
+    "30DaysSession": "30 Tage",
+    "90DaysSession": "90 Tage",
+    "180DaysSession": "180 Tage",
+    "passwordExpiryDays": "Passwortablauf",
+    "editPasswordExpiryDescription": "Legen Sie die Anzahl der Tage fest, bevor Benutzer ihr Passwort ändern müssen.",
+    "selectPasswordExpiry": "Ablauf des Passworts auswählen",
+    "30Days": "30 Tage",
+    "1Day": "1 Tag",
+    "60Days": "60 Tage",
+    "90Days": "90 Tage",
+    "180Days": "180 Tage",
+    "1Year": "1 Jahr",
+    "subscriptionBadge": "Abonnement erforderlich",
+    "securityPolicyChangeWarning": "Sicherheitsrichtlinienänderungs-Warnung",
+    "securityPolicyChangeDescription": "Sie sind dabei, die Sicherheitseinstellungen zu ändern. Nach dem Speichern müssen Sie sich erneut authentifizieren, um diesen Richtlinien-Aktualisierungen nachzukommen. Alle Benutzer, die nicht konform sind, müssen sich ebenfalls neu authentifizieren.",
+    "securityPolicyChangeConfirmMessage": "Ich bestätige",
+    "securityPolicyChangeWarningText": "Dies betrifft alle Benutzer in der Organisation",
    "authPageErrorUpdateMessage": "Beim Aktualisieren der Auth-Seiten-Einstellungen ist ein Fehler aufgetreten",
+    "authPageErrorUpdate": "Auth Seite kann nicht aktualisiert werden",
    "authPageUpdated": "Auth-Seite erfolgreich aktualisiert",
    "healthCheckNotAvailable": "Lokal",
    "rewritePath": "Pfad neu schreiben",
-    "rewritePathDescription": "Optional den Pfad umschreiben, bevor er an das Ziel weitergeleitet wird."
+    "rewritePathDescription": "Optional den Pfad umschreiben, bevor er an das Ziel weitergeleitet wird.",
+    "continueToApplication": "Weiter zur Anwendung",
+    "checkingInvite": "Einladung wird überprüft",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Header-Auth entfernen",
+    "resourceHeaderAuthRemoveDescription": "Header-Authentifizierung erfolgreich entfernt.",
+    "resourceErrorHeaderAuthRemove": "Fehler beim Entfernen der Header-Authentifizierung",
+    "resourceErrorHeaderAuthRemoveDescription": "Die Headerauthentifizierung für die Ressource konnte nicht entfernt werden.",
+    "resourceHeaderAuthProtectionEnabled": "Header-Authentifizierung aktiviert",
+    "resourceHeaderAuthProtectionDisabled": "Header-Authentifizierung deaktiviert",
+    "headerAuthRemove": "Header-Auth entfernen",
+    "headerAuthAdd": "Header-Auth hinzufügen",
+    "resourceErrorHeaderAuthSetup": "Fehler beim Setzen der Header-Authentifizierung",
+    "resourceErrorHeaderAuthSetupDescription": "Konnte Header-Authentifizierung für die Ressource nicht festlegen.",
+    "resourceHeaderAuthSetup": "Header-Authentifizierung erfolgreich festgelegt",
+    "resourceHeaderAuthSetupDescription": "Header-Authentifizierung wurde erfolgreich festgelegt.",
+    "resourceHeaderAuthSetupTitle": "Header-Authentifizierung festlegen",
+    "resourceHeaderAuthSetupTitleDescription": "Legen Sie die grundlegenden Authentifizierungsdaten (Benutzername und Passwort) fest, um diese Ressource mit HTTP-Header-Authentifizierung zu schützen. Greifen Sie auf sie mit dem Format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Header-Authentifizierung festlegen",
+    "actionSetResourceHeaderAuth": "Header-Authentifizierung festlegen",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Nicht lizenziert",
+    "beta": "Beta",
+    "manageClients": "Clients verwalten",
+    "manageClientsDescription": "Clients sind Geräte, die sich mit Ihren Websites verbinden können",
+    "licenseTableValidUntil": "Gültig bis",
+    "saasLicenseKeysSettingsTitle": "Enterprise-Lizenzen",
+    "saasLicenseKeysSettingsDescription": "Erstelle und verwalte Enterprise-Lizenzschlüssel für selbst gehostete Pangolin-Instanzen",
+    "sidebarEnterpriseLicenses": "Lizenzen",
+    "generateLicenseKey": "Lizenzschlüssel generieren",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Bitte geben Sie eine gültige E-Mail-Adresse ein",
+            "useCaseTypeRequired": "Bitte wählen Sie einen Anwendungsfall",
+            "firstNameRequired": "Vorname ist erforderlich",
+            "lastNameRequired": "Nachname ist erforderlich",
+            "primaryUseRequired": "Bitte beschreiben Sie Ihre primäre Verwendung",
+            "jobTitleRequiredBusiness": "Job-Titel ist für die geschäftliche Nutzung erforderlich",
+            "industryRequiredBusiness": "Industrie ist für die geschäftliche Nutzung erforderlich",
+            "stateProvinceRegionRequired": "Bundesland/Provinz/Region ist erforderlich",
+            "postalZipCodeRequired": "Postleitzahl ist erforderlich",
+            "companyNameRequiredBusiness": "Firmenname ist erforderlich für den geschäftlichen Gebrauch",
+            "countryOfResidenceRequiredBusiness": "Land des Wohnsitzes ist für die geschäftliche Nutzung erforderlich",
+            "countryRequiredPersonal": "Land ist für den persönlichen Gebrauch erforderlich",
+            "agreeToTermsRequired": "Sie müssen den Bedingungen zustimmen",
+            "complianceConfirmationRequired": "Sie müssen die Einhaltung der Fossorial Commercial License bestätigen"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Persönliche Nutzung",
+                "description": "Für den individuellen, nicht-kommerziellen Gebrauch wie Lernen, persönliche Projekte oder Experimente."
+            },
+            "business": {
+                "title": "Business-Nutzung",
+                "description": "Für den Einsatz innerhalb von Organisationen, Unternehmen oder kommerziellen oder einkommensfördernden Aktivitäten."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "E-Mail & Lizenztyp",
+                "description": "Geben Sie Ihre E-Mail ein und wählen Sie Ihren Lizenztyp"
+            },
+            "personalInformation": {
+                "title": "Persönliche Informationen",
+                "description": "Erzählen Sie uns über sich selbst"
+            },
+            "contactInformation": {
+                "title": "Kontaktinformationen",
+                "description": "Ihre Kontaktdaten"
+            },
+            "termsGenerate": {
+                "title": "Begriffe & Generieren",
+                "description": "Bedingungen überprüfen und akzeptieren, um Ihre Lizenz zu generieren"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Verwendungsanzeige",
+                "description": "Wählen Sie die Lizenz-Ebene, die Ihre beabsichtigte Nutzung genau widerspiegelt. Die Persönliche Lizenz erlaubt die freie Nutzung der Software für individuelle, nicht-kommerzielle oder kleine kommerzielle Aktivitäten mit jährlichen Brutto-Einnahmen von 100.000 USD. Über diese Grenzen hinausgehende Verwendungszwecke – einschließlich der Verwendung innerhalb eines Unternehmens, einer Organisation, oder eine andere umsatzgenerierende Umgebung — erfordert eine gültige Enterprise-Lizenz und die Zahlung der Lizenzgebühr. Alle Benutzer, ob Personal oder Enterprise, müssen die Fossorial Commercial License Bedingungen einhalten."
+            },
+            "trialPeriodInformation": {
+                "title": "Testperiode Information",
+                "description": "Dieser Lizenzschlüssel ermöglicht Enterprise-Funktionen für einen 7-tägigen Bewertungszeitraum. Der fortgesetzte Zugriff auf kostenpflichtige Funktionen über den Bewertungszeitraum hinaus erfordert die Aktivierung unter einer gültigen Personen- oder Enterprise-Lizenz. Für die Enterprise-Lizenzierung wenden Sie sich bitte an sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Benutzen Sie Pangolin für den persönlichen oder geschäftlichen Gebrauch?",
+            "firstName": "Vorname",
+            "lastName": "Nachname",
+            "jobTitle": "Job Titel",
+            "primaryUseQuestion": "Wofür planen Sie in erster Linie Pangolin zu benutzen?",
+            "industryQuestion": "Was ist Ihre Branche?",
+            "prospectiveUsersQuestion": "Wie viele Interessenten erwarten Sie?",
+            "prospectiveSitesQuestion": "Wie viele potentielle Standorte (Tunnel) erwarten Sie?",
+            "companyName": "Firmenname",
+            "countryOfResidence": "Land des Wohnsitzes",
+            "stateProvinceRegion": "Bundesland / Provinz / Region",
+            "postalZipCode": "Postleitzahl",
+            "companyWebsite": "Firmen-Webseite",
+            "companyPhoneNumber": "Firmennummer",
+            "country": "Land",
+            "phoneNumberOptional": "Telefonnummer (optional)",
+            "complianceConfirmation": "Ich bestätige, dass die von mir übermittelten Informationen korrekt sind und dass ich im Einklang mit der Fossorial Commercial License bin. Die Meldung ungenauer Informationen oder die falsche Identifizierung der Nutzung des Produkts stellt eine Verletzung der Lizenz dar und kann dazu führen, dass Ihr Schlüssel widerrufen wird."
+        },
+        "buttons": {
+            "close": "Schließen",
+            "previous": "Vorherige",
+            "next": "Nächste",
+            "generateLicenseKey": "Lizenzschlüssel generieren"
+        },
+        "toasts": {
+            "success": {
+                "title": "Lizenzschlüssel erfolgreich erstellt",
+                "description": "Ihr Lizenzschlüssel wurde generiert und kann verwendet werden."
+            },
+            "error": {
+                "title": "Fehler beim Generieren des Lizenzschlüssels",
+                "description": "Beim Generieren des Lizenzschlüssels ist ein Fehler aufgetreten."
+            }
+        }
+    },
+    "priority": "Priorität",
+    "priorityDescription": "Die Routen mit höherer Priorität werden zuerst ausgewertet. Priorität = 100 bedeutet automatische Bestellung (Systementscheidung). Verwenden Sie eine andere Nummer, um manuelle Priorität zu erzwingen.",
+    "instanceName": "Instanzname",
+    "pathMatchModalTitle": "Pfad anpassen konfigurieren",
+    "pathMatchModalDescription": "Legen Sie fest, wie eingehende Anfragen basierend auf ihrem Pfad übereinstimmen sollen.",
+    "pathMatchType": "Übereinstimmungstyp",
+    "pathMatchPrefix": "Präfix",
+    "pathMatchExact": "Exakt",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Pfadwert",
+    "clear": "Leeren",
+    "saveChanges": "Änderungen speichern",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/Pfad",
+    "pathMatchPrefixHelp": "Beispiel: /api trifft /api, /api/users etc.",
+    "pathMatchExactHelp": "Beispiel: /api passt nur auf /api",
+    "pathMatchRegexHelp": "Beispiel: ^/api/.* entspricht /api/anything",
+    "pathRewriteModalTitle": "Pfad Rewriting konfigurieren",
+    "pathRewriteModalDescription": "Transformieren Sie den übereinstimmenden Pfad bevor Sie zum Ziel weiterleiten.",
+    "pathRewriteType": "Rewrite Typ",
+    "pathRewritePrefixOption": "Präfix - Präfix ersetzen",
+    "pathRewriteExactOption": "Exakt - Gesamten Pfad ersetzen",
+    "pathRewriteRegexOption": "Regex - Musterersetzung",
+    "pathRewriteStripPrefixOption": "Präfix entfernen - Präfix entfernen",
+    "pathRewriteValue": "Wert umschreiben",
+    "pathRewriteRegexPlaceholder": "/neu/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Ersetze das passende Präfix mit diesem Wert",
+    "pathRewriteExactHelp": "Ersetze den gesamten Pfad mit diesem Wert, wenn der Pfad genau zutrifft",
+    "pathRewriteRegexHelp": "Capture-Gruppen wie $1, $2 zum Ersetzen verwenden",
+    "pathRewriteStripPrefixHelp": "Leer lassen, um Präfix zu entfernen oder neues Präfix anzugeben",
+    "pathRewritePrefix": "Präfix",
+    "pathRewriteExact": "Exakt",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Entfernen",
+    "pathRewriteStripLabel": "entfernen",
+    "sidebarEnableEnterpriseLicense": "Enterprise-Lizenz aktivieren",
+    "cannotbeUndone": "Dies kann nicht rückgängig gemacht werden.",
+    "toConfirm": "bestätigen",
+    "deleteClientQuestion": "Sind Sie sicher, dass Sie den Client von der Website und der Organisation entfernen möchten?",
+    "clientMessageRemove": "Nach dem Entfernen kann sich der Client nicht mehr mit der Website verbinden.",
+    "sidebarLogs": "Logs",
+    "request": "Anfrage",
+    "logs": "Logs",
+    "logsSettingsDescription": "Aus dieser Orginisierung gesammelte Logs überwachen",
+    "searchLogs": "Logs suchen...",
+    "action": "Aktion",
+    "actor": "Akteur",
+    "timestamp": "Zeitstempel",
+    "accessLogs": "Zugriffsprotokolle",
+    "exportCsv": "CSV exportieren",
+    "actorId": "Akteur-ID",
+    "allowedByRule": "Erlaubt durch Regel",
+    "allowedNoAuth": "Keine Auth erlaubt",
+    "validAccessToken": "Gültiges Zugriffstoken",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Gültiges Passwort",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Ressource blockiert",
+    "droppedByRule": "Abgelegt durch Regel",
+    "noSessions": "Keine Sitzungen",
+    "temporaryRequestToken": "Temporäres Anfrage-Token",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Grund",
+    "requestLogs": "Logs anfordern",
+    "host": "Host",
+    "location": "Standort",
+    "actionLogs": "Aktionsprotokolle",
+    "sidebarLogsRequest": "Logs anfordern",
+    "sidebarLogsAccess": "Zugriffsprotokolle",
+    "sidebarLogsAction": "Aktionsprotokolle",
+    "logRetention": "Log-Speicherung",
+    "logRetentionDescription": "Verwalten, wie lange verschiedene Logs für diese Organisation gespeichert werden oder deaktivieren",
+    "requestLogsDescription": "Detaillierte Request-Logs für Ressourcen in dieser Organisation anzeigen",
+    "logRetentionRequestLabel": "Log-Speicherung anfordern",
+    "logRetentionRequestDescription": "Wie lange sollen Request-Logs gespeichert werden",
+    "logRetentionAccessLabel": "Zugriffsprotokoll-Speicherung",
+    "logRetentionAccessDescription": "Wie lange Zugriffsprotokolle beibehalten werden sollen",
+    "logRetentionActionLabel": "Aktionsprotokoll-Speicherung",
+    "logRetentionActionDescription": "Dauer des Action-Logs",
+    "logRetentionDisabled": "Deaktiviert",
+    "logRetention3Days": "3 Tage",
+    "logRetention7Days": "7 Tage",
+    "logRetention14Days": "14 Tage",
+    "logRetention30Days": "30 Tage",
+    "logRetention90Days": "90 Tage",
+    "logRetentionForever": "Für immer",
+    "actionLogsDescription": "Verlauf der in dieser Organisation durchgeführten Aktionen anzeigen",
+    "accessLogsDescription": "Zugriffsauth-Anfragen für Ressourcen in dieser Organisation anzeigen",
+    "licenseRequiredToUse": "Um diese Funktion nutzen zu können, ist eine Enterprise-Lizenz erforderlich.",
+    "certResolver": "Zertifikatsauflöser",
+    "certResolverDescription": "Wählen Sie den Zertifikatslöser aus, der für diese Ressource verwendet werden soll.",
+    "selectCertResolver": "Zertifikatsauflöser auswählen",
+    "enterCustomResolver": "Eigenen Auflöser eingeben",
+    "preferWildcardCert": "Wildcard-Zertifikat bevorzugen",
+    "unverified": "Nicht verifiziert",
+    "domainSetting": "Domänen-Einstellungen",
+    "domainSettingDescription": "Einstellungen für Ihre Domain konfigurieren",
+    "preferWildcardCertDescription": "Versuch ein Platzhalterzertifikat zu generieren (erfordert einen richtig konfigurierten Zertifikatslöser).",
+    "recordName": "Name des Datensatzes",
+    "auto": "Auto",
+    "TTL": "TTL",
+    "howToAddRecords": "So kann man Datensätze hinzufügen",
+    "dnsRecord": "DNS-Einträge",
+    "required": "Benötigt",
+    "domainSettingsUpdated": "Domain-Einstellungen erfolgreich aktualisiert",
+    "orgOrDomainIdMissing": "Organisation oder Domänen-ID fehlt",
+    "loadingDNSRecords": "Lade DNS-Einträge...",
+    "olmUpdateAvailableInfo": "Eine aktualisierte Version von Olm ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für die beste Erfahrung.",
+    "client": "Kunde",
+    "proxyProtocol": "Proxy-Protokoll-Einstellungen",
+    "proxyProtocolDescription": "Konfigurieren Sie das Proxy-Protokoll, um die IP-Adressen des Clients für TCP/UDP-Dienste zu erhalten.",
+    "enableProxyProtocol": "Proxy-Protokoll aktivieren",
+    "proxyProtocolInfo": "Client-IP-Adressen für TCP/UDP Backends beibehalten",
+    "proxyProtocolVersion": "Proxy-Protokollversion",
+    "version1": " Version 1 (empfohlen)",
+    "version2": "Version 2",
+    "versionDescription": "Die Version 1 ist textbasiert und unterstützt die Version 2, ist binär und effizienter, aber weniger kompatibel.",
+    "warning": "Warnung",
+    "proxyProtocolWarning": "Ihre Backend-Anwendung muss so konfiguriert sein, dass sie Proxy-Protokoll-Verbindungen akzeptiert. Wenn Ihr Backend das Proxy-Protokoll nicht unterstützt, wird die Aktivierung dieser Option alle Verbindungen zerstören. Stellen Sie sicher, dass Sie Ihr Backend so konfigurieren, dass es Proxy-Protokoll-Header von Traefik vertraut.",
+    "restarting": "Neustarten...",
+    "manual": "Manuell",
+    "messageSupport": "Nachrichtenunterstützung",
+    "supportNotAvailableTitle": "Support nicht verfügbar",
+    "supportNotAvailableDescription": "Support ist momentan nicht verfügbar. Sie können eine E-Mail an support@pangolin.net senden.",
+    "supportRequestSentTitle": "Supportanfrage gesendet",
+    "supportRequestSentDescription": "Ihre Nachricht wurde erfolgreich gesendet.",
+    "supportRequestFailedTitle": "Senden der Anfrage fehlgeschlagen",
+    "supportRequestFailedDescription": "Beim Senden Ihrer Supportanfrage ist ein Fehler aufgetreten.",
+    "supportSubjectRequired": "Betreff ist erforderlich",
+    "supportSubjectMaxLength": "Betreff muss mindestens 255 Zeichen lang sein",
+    "supportMessageRequired": "Nachricht ist erforderlich",
+    "supportReplyTo": "Antwort an",
+    "supportSubject": "Betreff",
+    "supportSubjectPlaceholder": "Betreff eingeben",
+    "supportMessage": "Nachricht",
+    "supportMessagePlaceholder": "Geben Sie Ihre Nachricht ein",
+    "supportSending": "Senden...",
+    "supportSend": "Senden",
+    "supportMessageSent": "Nachricht gesendet!",
+    "supportWillContact": "Wir werden in Kürze kontaktieren!"
 }
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1,4 +1,3 @@
-
 {
    "setupCreate": "Create your organization, site, and resources",
    "setupNewOrg": "New Organization",
@@ -48,9 +47,8 @@
    "edit": "Edit",
    "siteConfirmDelete": "Confirm Delete Site",
    "siteDelete": "Delete Site",
-    "siteMessageRemove": "Once removed, the site will no longer be accessible. All resources and targets associated with the site will also be removed.",
-    "siteMessageConfirm": "To confirm, please type the name of the site below.",
-    "siteQuestionRemove": "Are you sure you want to remove the site {selectedSite} from the organization?",
+    "siteMessageRemove": "Once removed the site will no longer be accessible. All targets associated with the site will also be removed.",
+    "siteQuestionRemove": "Are you sure you want to remove the site from the organization?",
    "siteManageSites": "Manage Sites",
    "siteDescription": "Allow connectivity to your network through secure tunnels",
    "siteCreate": "Create Site",
@@ -97,7 +95,7 @@
    "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
    "siteWgDescriptionSaas": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
    "siteLocalDescription": "Local resources only. No tunneling.",
-    "siteLocalDescriptionSaas": "Local resources only. No tunneling.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
    "siteSeeAll": "See All Sites",
    "siteTunnelDescription": "Determine how you want to connect to your site",
    "siteNewtCredentials": "Newt Credentials",
@@ -155,8 +153,7 @@
    "protected": "Protected",
    "notProtected": "Not Protected",
    "resourceMessageRemove": "Once removed, the resource will no longer be accessible. All targets associated with the resource will also be removed.",
-    "resourceMessageConfirm": "To confirm, please type the name of the resource below.",
-    "resourceQuestionRemove": "Are you sure you want to remove the resource {selectedResource} from the organization?",
+    "resourceQuestionRemove": "Are you sure you want to remove the resource from the organization?",
    "resourceHTTP": "HTTPS Resource",
    "resourceHTTPDescription": "Proxy requests to your app over HTTPS using a subdomain or base domain.",
    "resourceRaw": "Raw TCP/UDP Resource",
@@ -210,7 +207,7 @@
    "alwaysAllow": "Always Allow",
    "alwaysDeny": "Always Deny",
    "passToAuth": "Pass to Auth",
-    "orgSettingsDescription": "Configure your organization's general settings",
+    "orgSettingsDescription": "Configure your organization's settings",
    "orgGeneralSettings": "Organization Settings",
    "orgGeneralSettingsDescription": "Manage your organization details and configuration",
    "saveGeneralSettings": "Save General Settings",
@@ -221,7 +218,7 @@
    "orgDeleteConfirm": "Confirm Delete Organization",
    "orgMessageRemove": "This action is irreversible and will delete all associated data.",
    "orgMessageConfirm": "To confirm, please type the name of the organization below.",
-    "orgQuestionRemove": "Are you sure you want to remove the organization {selectedOrg}?",
+    "orgQuestionRemove": "Are you sure you want to remove the organization?",
    "orgUpdated": "Organization updated",
    "orgUpdatedDescription": "The organization has been updated.",
    "orgErrorUpdate": "Failed to update organization",
@@ -288,9 +285,8 @@
    "apiKeysAdd": "Generate API Key",
    "apiKeysErrorDelete": "Error deleting API key",
    "apiKeysErrorDeleteMessage": "Error deleting API key",
-    "apiKeysQuestionRemove": "Are you sure you want to remove the API key {selectedApiKey} from the organization?",
+    "apiKeysQuestionRemove": "Are you sure you want to remove the API key from the organization?",
    "apiKeysMessageRemove": "Once removed, the API key will no longer be able to be used.",
-    "apiKeysMessageConfirm": "To confirm, please type the name of the API key below.",
    "apiKeysDeleteConfirm": "Confirm Delete API Key",
    "apiKeysDelete": "Delete API Key",
    "apiKeysManage": "Manage API Keys",
@@ -306,8 +302,7 @@
    "userDeleteConfirm": "Confirm Delete User",
    "userDeleteServer": "Delete User from Server",
    "userMessageRemove": "The user will be removed from all organizations and be completely removed from the server.",
-    "userMessageConfirm": "To confirm, please type the name of the user below.",
-    "userQuestionRemove": "Are you sure you want to permanently delete {selectedUser} from the server?",
+    "userQuestionRemove": "Are you sure you want to permanently delete user from the server?",
    "licenseKey": "License Key",
    "valid": "Valid",
    "numberOfSites": "Number of Sites",
@@ -340,7 +335,7 @@
    "fossorialLicense": "View Fossorial Commercial License & Subscription Terms",
    "licenseMessageRemove": "This will remove the license key and all associated permissions granted by it.",
    "licenseMessageConfirm": "To confirm, please type the license key below.",
-    "licenseQuestionRemove": "Are you sure you want to delete the license key {selectedKey} ?",
+    "licenseQuestionRemove": "Are you sure you want to delete the license key ?",
    "licenseKeyDelete": "Delete License Key",
    "licenseKeyDeleteConfirm": "Confirm Delete License Key",
    "licenseTitle": "Manage License Status",
@@ -373,7 +368,7 @@
    "inviteRemoveErrorDescription": "An error occurred while removing the invitation.",
    "inviteRemoved": "Invitation removed",
    "inviteRemovedDescription": "The invitation for {email} has been removed.",
-    "inviteQuestionRemove": "Are you sure you want to remove the invitation {email}?",
+    "inviteQuestionRemove": "Are you sure you want to remove the invitation?",
    "inviteMessageRemove": "Once removed, this invitation will no longer be valid. You can always re-invite the user later.",
    "inviteMessageConfirm": "To confirm, please type the email address of the invitation below.",
    "inviteQuestionRegenerate": "Are you sure you want to regenerate the invitation for {email}? This will revoke the previous invitation.",
@@ -399,9 +394,8 @@
    "userErrorOrgRemoveDescription": "An error occurred while removing the user.",
    "userOrgRemoved": "User removed",
    "userOrgRemovedDescription": "The user {email} has been removed from the organization.",
-    "userQuestionOrgRemove": "Are you sure you want to remove {email} from the organization?",
+    "userQuestionOrgRemove": "Are you sure you want to remove this user from the organization?",
    "userMessageOrgRemove": "Once removed, this user will no longer have access to the organization. You can always re-invite them later, but they will need to accept the invitation again.",
-    "userMessageOrgConfirm": "To confirm, please type the name of the of the user below.",
    "userRemoveOrgConfirm": "Confirm Remove User",
    "userRemoveOrg": "Remove User from Organization",
    "users": "Users",
@@ -469,7 +463,10 @@
    "createdAt": "Created At",
    "proxyErrorInvalidHeader": "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header.",
    "proxyErrorTls": "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name.",
-    "proxyEnableSSL": "Enable SSL (https)",
+    "proxyEnableSSL": "Enable SSL",
+    "proxyEnableSSLDescription": "Enable SSL/TLS encryption for secure HTTPS connections to your targets.",
+    "target": "Target",
+    "configureTarget": "Configure Targets",
    "targetErrorFetch": "Failed to fetch targets",
    "targetErrorFetchDescription": "An error occurred while fetching targets",
    "siteErrorFetch": "Failed to fetch resource",
@@ -496,7 +493,7 @@
    "targetTlsSettings": "Secure Connection Configuration",
    "targetTlsSettingsDescription": "Configure SSL/TLS settings for your resource",
    "targetTlsSettingsAdvanced": "Advanced TLS Settings",
-    "targetTlsSni": "TLS Server Name (SNI)",
+    "targetTlsSni": "TLS Server Name",
    "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.",
    "targetTlsSubmit": "Save Settings",
    "targets": "Targets Configuration",
@@ -505,9 +502,21 @@
    "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.",
    "methodSelect": "Select method",
    "targetSubmit": "Add Target",
-    "targetNoOne": "No targets. Add a target using the form.",
+    "targetNoOne": "This resource doesn't have any targets. Add a target to configure where to send requests to your backend.",
    "targetNoOneDescription": "Adding more than one target above will enable load balancing.",
    "targetsSubmit": "Save Targets",
+    "addTarget": "Add Target",
+    "targetErrorInvalidIp": "Invalid IP address",
+    "targetErrorInvalidIpDescription": "Please enter a valid IP address or hostname",
+    "targetErrorInvalidPort": "Invalid port",
+    "targetErrorInvalidPortDescription": "Please enter a valid port number",
+    "targetErrorNoSite": "No site selected",
+    "targetErrorNoSiteDescription": "Please select a site for the target",
+    "targetCreated": "Target created",
+    "targetCreatedDescription": "Target has been created successfully",
+    "targetErrorCreate": "Failed to create target",
+    "targetErrorCreateDescription": "An error occurred while creating the target",
+    "save": "Save",
    "proxyAdditional": "Additional Proxy Settings",
    "proxyAdditionalDescription": "Configure how your resource handles proxy settings",
    "proxyCustomHeader": "Custom Host Header",
@@ -716,7 +725,7 @@
    "pangolinServerAdmin": "Server Admin - Pangolin",
    "licenseTierProfessional": "Professional License",
    "licenseTierEnterprise": "Enterprise License",
-    "licenseTierCommercial": "Commercial License",
+    "licenseTierPersonal": "Personal License",
    "licensed": "Licensed",
    "yes": "Yes",
    "no": "No",
@@ -728,7 +737,7 @@
    "idpManageDescription": "View and manage identity providers in the system",
    "idpDeletedDescription": "Identity provider deleted successfully",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider {name}?",
+    "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider?",
    "idpMessageRemove": "This will remove the identity provider and all associated configurations. Users who authenticate through this provider will no longer be able to log in.",
    "idpMessageConfirm": "To confirm, please type the name of the identity provider below.",
    "idpConfirmDelete": "Confirm Delete Identity Provider",
@@ -751,7 +760,7 @@
    "idpDisplayName": "A display name for this identity provider",
    "idpAutoProvisionUsers": "Auto Provision Users",
    "idpAutoProvisionUsersDescription": "When enabled, users will be automatically created in the system upon first login with the ability to map users to roles and organizations.",
-    "licenseBadge": "Professional",
+    "licenseBadge": "EE",
    "idpType": "Provider Type",
    "idpTypeDescription": "Select the type of identity provider you want to configure",
    "idpOidcConfigure": "OAuth2/OIDC Configuration",
@@ -902,6 +911,18 @@
    "passwordResetCodeDescription": "Check your email for the reset code.",
    "passwordNew": "New Password",
    "passwordNewConfirm": "Confirm New Password",
+    "changePassword": "Change Password",
+    "changePasswordDescription": "Update your account password",
+    "oldPassword": "Current Password",
+    "newPassword": "New Password",
+    "confirmNewPassword": "Confirm New Password",
+    "changePasswordError": "Failed to change password",
+    "changePasswordErrorDescription": "An error occurred while changing your password",
+    "changePasswordSuccess": "Password Changed Successfully",
+    "changePasswordSuccessDescription": "Your password has been updated successfully",
+    "passwordExpiryRequired": "Password Expiry Required",
+    "passwordExpiryDescription": "This organization requires you to change your password every {maxDays} days.",
+    "changePasswordNow": "Change Password Now",
    "pincodeAuth": "Authenticator Code",
    "pincodeSubmit2": "Submit Code",
    "passwordResetSubmit": "Request Reset",
@@ -1085,7 +1106,6 @@
    "navbar": "Navigation Menu",
    "navbarDescription": "Main navigation menu for the application",
    "navbarDocsLink": "Documentation",
-    "commercialEdition": "Commercial Edition",
    "otpErrorEnable": "Unable to enable 2FA",
    "otpErrorEnableDescription": "An error occurred while enabling 2FA",
    "otpSetupCheckCode": "Please enter a 6-digit code",
@@ -1141,8 +1161,27 @@
    "sidebarAllUsers": "All Users",
    "sidebarIdentityProviders": "Identity Providers",
    "sidebarLicense": "License",
-    "sidebarClients": "Clients (Beta)",
+    "sidebarClients": "Clients",
    "sidebarDomains": "Domains",
+    "sidebarBluePrints": "Blueprints",
+    "blueprints": "Blueprints",
+    "blueprintsDescription": "Blueprints are declarative YAML configurations that define your resources and their settings",
+    "blueprintAdd": "Add Blueprint",
+    "blueprintGoBack": "See all Blueprints",
+    "blueprintCreate": "Create Blueprint",
+    "blueprintCreateDescription2": "Follow the steps below to create and apply a new blueprint",
+    "blueprintDetails": "Blueprint details",
+    "blueprintDetailsDescription": "See the blueprint run details",
+    "blueprintInfo": "Blueprint Information",
+    "message": "Message",
+    "blueprintContentsDescription": "Define the YAML content describing your infrastructure",
+    "blueprintErrorCreateDescription": "An error occurred when applying the blueprint",
+    "blueprintErrorCreate": "Error creating blueprint",
+    "searchBlueprintProgress": "Search blueprints...",
+    "appliedAt": "Applied At",
+    "source": "Source",
+    "contents": "Contents",
+    "parsedContents": "Parsed Contents",
    "enableDockerSocket": "Enable Docker Blueprint",
    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt.",
    "enableDockerSocketLink": "Learn More",
@@ -1198,9 +1237,8 @@
    "domainCreate": "Create Domain",
    "domainCreatedDescription": "Domain created successfully",
    "domainDeletedDescription": "Domain deleted successfully",
-    "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
+    "domainQuestionRemove": "Are you sure you want to remove the domain from your account?",
    "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
-    "domainMessageConfirm": "To confirm, please type the domain name below.",
    "domainConfirmDelete": "Confirm Delete Domain",
    "domainDelete": "Delete Domain",
    "domain": "Domain",
@@ -1267,7 +1305,7 @@
    "billingFreeTier": "Free Tier",
    "billingWarningOverLimit": "Warning: You have exceeded one or more usage limits. Your sites will not connect until you modify your subscription or adjust your usage.",
    "billingUsageLimitsOverview": "Usage Limits Overview",
-    "billingMonitorUsage": "Monitor your usage against configured limits. If you need limits increased please contact us support@fossorial.io.",
+    "billingMonitorUsage": "Monitor your usage against configured limits. If you need limits increased please contact us support@pangolin.net.",
    "billingDataUsage": "Data Usage",
    "billingOnlineTime": "Site Online Time",
    "billingUsers": "Active Users",
@@ -1333,8 +1371,20 @@
    "securityKeyUnknownError": "There was a problem using your security key. Please try again.",
    "twoFactorRequired": "Two-factor authentication is required to register a security key.",
    "twoFactor": "Two-Factor Authentication",
+    "twoFactorAuthentication": "Two-Factor Authentication",
+    "twoFactorDescription": "This organization requires two-factor authentication.",
+    "enableTwoFactor": "Enable Two-Factor Authentication",
+    "organizationSecurityPolicy": "Organization Security Policy",
+    "organizationSecurityPolicyDescription": "This organization has security requirements that must be met before you can access it",
+    "securityRequirements": "Security Requirements",
+    "allRequirementsMet": "All requirements have been met",
+    "completeRequirementsToContinue": "Complete the requirements below to continue accessing this organization",
+    "youCanNowAccessOrganization": "You can now access this organization",
+    "reauthenticationRequired": "Session Length",
+    "reauthenticationDescription": "This organization requires you to log in every {maxDays} days.",
+    "reauthenticationDescriptionHours": "This organization requires you to log in every {maxHours} hours.",
+    "reauthenticateNow": "Log In Again",
    "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
-    "continueToApplication": "Continue to Application",
    "securityKeyAdd": "Add Security Key",
    "securityKeyRegisterTitle": "Register New Security Key",
    "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
@@ -1412,6 +1462,7 @@
    "externalProxyEnabled": "External Proxy Enabled",
    "addNewTarget": "Add New Target",
    "targetsList": "Targets List",
+    "advancedMode": "Advanced Mode",
    "targetErrorDuplicateTargetFound": "Duplicate target found",
    "healthCheckHealthy": "Healthy",
    "healthCheckUnhealthy": "Unhealthy",
@@ -1544,18 +1595,17 @@
    "autoLoginError": "Auto Login Error",
    "autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.",
    "autoLoginErrorGeneratingUrl": "Failed to generate authentication URL.",
-    "remoteExitNodeManageRemoteExitNodes": "Manage Self-Hosted",
-    "remoteExitNodeDescription": "Manage nodes to extend your network connectivity",
+    "remoteExitNodeManageRemoteExitNodes": "Remote Nodes",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
    "remoteExitNodes": "Nodes",
    "searchRemoteExitNodes": "Search nodes...",
    "remoteExitNodeAdd": "Add Node",
    "remoteExitNodeErrorDelete": "Error deleting node",
-    "remoteExitNodeQuestionRemove": "Are you sure you want to remove the node {selectedNode} from the organization?",
+    "remoteExitNodeQuestionRemove": "Are you sure you want to remove the node from the organization?",
    "remoteExitNodeMessageRemove": "Once removed, the node will no longer be accessible.",
-    "remoteExitNodeMessageConfirm": "To confirm, please type the name of the node below.",
    "remoteExitNodeConfirmDelete": "Confirm Delete Node",
    "remoteExitNodeDelete": "Delete Node",
-    "sidebarRemoteExitNodes": "Nodes",
+    "sidebarRemoteExitNodes": "Remote Nodes",
    "remoteExitNodeCreate": {
        "title": "Create Node",
        "description": "Create a new node to extend your network connectivity",
@@ -1720,10 +1770,316 @@
    "resourceExposePortsEditFile": "Edit file: docker-compose.yml",
    "emailVerificationRequired": "Email verification is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
    "twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
+    "additionalSecurityRequired": "Additional Security Required",
+    "organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.",
+    "completeTheseSteps": "Complete these steps",
+    "enableTwoFactorAuthentication": "Enable two-factor authentication",
+    "completeSecuritySteps": "Complete Security Steps",
+    "securitySettings": "Security Settings",
+    "securitySettingsDescription": "Configure security policies for your organization",
+    "requireTwoFactorForAllUsers": "Require Two-Factor Authentication for All Users",
+    "requireTwoFactorDescription": "When enabled, all internal users in this organization must have two-factor authentication enabled to access the organization.",
+    "requireTwoFactorDisabledDescription": "This feature requires a valid license (Enterprise) or active subscription (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "You must enable two-factor authentication for your account before enforcing it for all users",
+    "maxSessionLength": "Maximum Session Length",
+    "maxSessionLengthDescription": "Set the maximum duration for user sessions. After this time, users will need to re-authenticate.",
+    "maxSessionLengthDisabledDescription": "This feature requires a valid license (Enterprise) or active subscription (SaaS)",
+    "selectSessionLength": "Select session length",
+    "unenforced": "Unenforced",
+    "1Hour": "1 hour",
+    "3Hours": "3 hours",
+    "6Hours": "6 hours",
+    "12Hours": "12 hours",
+    "1DaySession": "1 day",
+    "3Days": "3 days",
+    "7Days": "7 days",
+    "14Days": "14 days",
+    "30DaysSession": "30 days",
+    "90DaysSession": "90 days",
+    "180DaysSession": "180 days",
+    "passwordExpiryDays": "Password Expiry",
+    "editPasswordExpiryDescription": "Set the number of days before users are required to change their password.",
+    "selectPasswordExpiry": "Select password expiry",
+    "30Days": "30 days",
+    "1Day": "1 day",
+    "60Days": "60 days",
+    "90Days": "90 days",
+    "180Days": "180 days",
+    "1Year": "1 year",
+    "subscriptionBadge": "Subscription Required",
+    "securityPolicyChangeWarning": "Security Policy Change Warning",
+    "securityPolicyChangeDescription": "You are about to change security policy settings. After saving, you may need to reauthenticate to comply with these policy updates. All users who are not compliant will also need to reauthenticate.",
+    "securityPolicyChangeConfirmMessage": "I confirm",
+    "securityPolicyChangeWarningText": "This will affect all users in the organization",
    "authPageErrorUpdateMessage": "An error occurred while updating the auth page settings",
+    "authPageErrorUpdate": "Unable to update auth page",
    "authPageUpdated": "Auth page updated successfully",
    "healthCheckNotAvailable": "Local",
    "rewritePath": "Rewrite Path",
    "rewritePathDescription": "Optionally rewrite the path before forwarding to the target.",
-    "continueToApplication": "Continue to application"
+    "continueToApplication": "Continue to application",
+    "checkingInvite": "Checking Invite",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Remove Header Auth",
+    "resourceHeaderAuthRemoveDescription": "Header authentication removed successfully.",
+    "resourceErrorHeaderAuthRemove": "Failed to remove Header Authentication",
+    "resourceErrorHeaderAuthRemoveDescription": "Could not remove header authentication for the resource.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Failed to set Header Authentication",
+    "resourceErrorHeaderAuthSetupDescription": "Could not set header authentication for the resource.",
+    "resourceHeaderAuthSetup": "Header Authentication set successfully",
+    "resourceHeaderAuthSetupDescription": "Header authentication has been successfully set.",
+    "resourceHeaderAuthSetupTitle": "Set Header Authentication",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Set Header Authentication",
+    "actionSetResourceHeaderAuth": "Set Header Authentication",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that the information I provided is accurate and that I am in compliance with the Fossorial Commercial License. Reporting inaccurate information or misidentifying use of the product is a violation of the license and may result in your key getting revoked."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Priority",
+    "priorityDescription": "Higher priority routes are evaluated first. Priority = 100 means automatic ordering (system decides). Use another number to enforce manual priority.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip",
+    "sidebarEnableEnterpriseLicense": "Enable Enterprise License",
+    "cannotbeUndone": "This can not be undone.",
+    "toConfirm": "to confirm",
+    "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
+    "sidebarLogs": "Logs",
+    "request": "Request",
+    "logs": "Logs",
+    "logsSettingsDescription": "Monitor logs collected from this orginization",
+    "searchLogs": "Search logs...",
+    "action": "Action",
+    "actor": "Actor",
+    "timestamp": "Timestamp",
+    "accessLogs": "Access Logs",
+    "exportCsv": "Export CSV",
+    "actorId": "Actor ID",
+    "allowedByRule": "Allowed by Rule",
+    "allowedNoAuth": "Allowed No Auth",
+    "validAccessToken": "Valid Access Token",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Valid Password",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Resource Blocked",
+    "droppedByRule": "Dropped by Rule",
+    "noSessions": "No Sessions",
+    "temporaryRequestToken": "Temporary Request Token",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Reason",
+    "requestLogs": "Request Logs",
+    "host": "Host",
+    "location": "Location",
+    "actionLogs": "Action Logs",
+    "sidebarLogsRequest": "Request Logs",
+    "sidebarLogsAccess": "Access Logs",
+    "sidebarLogsAction": "Action Logs",
+    "logRetention": "Log Retention",
+    "logRetentionDescription": "Manage how long different types of logs are retained for this organization or disable them",
+    "requestLogsDescription": "View detailed request logs for resources in this organization",
+    "logRetentionRequestLabel": "Request Log Retention",
+    "logRetentionRequestDescription": "How long to retain request logs",
+    "logRetentionAccessLabel": "Access Log Retention",
+    "logRetentionAccessDescription": "How long to retain access logs",
+    "logRetentionActionLabel": "Action Log Retention",
+    "logRetentionActionDescription": "How long to retain action logs",
+    "logRetentionDisabled": "Disabled",
+    "logRetention3Days": "3 days",
+    "logRetention7Days": "7 days",
+    "logRetention14Days": "14 days",
+    "logRetention30Days": "30 days",
+    "logRetention90Days": "90 days",
+    "logRetentionForever": "Forever",
+    "actionLogsDescription": "View a history of actions performed in this organization",
+    "accessLogsDescription": "View access auth requests for resources in this organization",
+    "licenseRequiredToUse": "An Enterprise license is required to use this feature.",
+    "certResolver": "Certificate Resolver",
+    "certResolverDescription": "Select the certificate resolver to use for this resource.",
+    "selectCertResolver": "Select Certificate Resolver",
+    "enterCustomResolver": "Enter Custom Resolver",
+    "preferWildcardCert": "Prefer Wildcard Certificate",
+    "unverified": "Unverified",
+    "domainSetting": "Domain Settings",
+    "domainSettingDescription": "Configure settings for your domain",
+    "preferWildcardCertDescription": "Attempt to generate a wildcard certificate (require a properly configured certificate resolver).",
+    "recordName": "Record Name",
+    "auto": "Auto",
+    "TTL": "TTL",
+    "howToAddRecords": "How to Add Records",
+    "dnsRecord": "DNS Records",
+    "required": "Required",
+    "domainSettingsUpdated": "Domain settings updated successfully",
+    "orgOrDomainIdMissing": "Organization or Domain ID is missing",
+    "loadingDNSRecords": "Loading DNS records...",
+    "olmUpdateAvailableInfo": "An updated version of Olm is available. Please update to the latest version for the best experience.",
+    "client": "Client",
+    "proxyProtocol": "Proxy Protocol Settings",
+    "proxyProtocolDescription": "Configure Proxy Protocol to preserve client IP addresses for TCP/UDP services.",
+    "enableProxyProtocol": "Enable Proxy Protocol",
+    "proxyProtocolInfo": "Preserve client IP addresses for TCP/UDP backends",
+    "proxyProtocolVersion": "Proxy Protocol Version",
+    "version1": " Version 1 (Recommended)",
+    "version2": "Version 2",
+    "versionDescription": "Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible. Make sure servers transport is added to dynamic config.",
+    "warning": "Warning",
+    "proxyProtocolWarning": "Your backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections so only enable this if you know what you're doing. Make sure to configure your backend to trust Proxy Protocol headers from Traefik.",
+    "restarting": "Restarting...",
+    "manual": "Manual",
+    "messageSupport": "Message Support",
+    "supportNotAvailableTitle": "Support Not Available",
+    "supportNotAvailableDescription": "Support is not available right now. You can send an email to support@pangolin.net.",
+    "supportRequestSentTitle": "Support Request Sent",
+    "supportRequestSentDescription": "Your message has been sent successfully.",
+    "supportRequestFailedTitle": "Failed to Send Request",
+    "supportRequestFailedDescription": "An error occurred while sending your support request.",
+    "supportSubjectRequired": "Subject is required",
+    "supportSubjectMaxLength": "Subject must be 255 characters or less",
+    "supportMessageRequired": "Message is required",
+    "supportReplyTo": "Reply To",
+    "supportSubject": "Subject",
+    "supportSubjectPlaceholder": "Enter subject",
+    "supportMessage": "Message",
+    "supportMessagePlaceholder": "Enter your message",
+    "supportSending": "Sending...",
+    "supportSend": "Send",
+    "supportMessageSent": "Message Sent!",
+    "supportWillContact": "We'll be in touch shortly!",
+    "selectLogRetention": "Select log retention"
 }
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -47,9 +47,8 @@
    "edit": "Editar",
    "siteConfirmDelete": "Confirmar Borrar Sitio",
    "siteDelete": "Eliminar sitio",
-    "siteMessageRemove": "Una vez eliminado, el sitio ya no será accesible. Todos los recursos y objetivos asociados con el sitio también serán eliminados.",
-    "siteMessageConfirm": "Para confirmar, por favor escriba el nombre del sitio a continuación.",
-    "siteQuestionRemove": "¿Está seguro de que desea eliminar el sitio {selectedSite} de la organización?",
+    "siteMessageRemove": "Una vez eliminado, el sitio ya no será accesible. Todos los objetivos asociados con el sitio también serán eliminados.",
+    "siteQuestionRemove": "¿Está seguro que desea eliminar el sitio de la organización?",
    "siteManageSites": "Administrar Sitios",
    "siteDescription": "Permitir conectividad a tu red a través de túneles seguros",
    "siteCreate": "Crear sitio",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Utilice cualquier cliente Wirex Guard para establecer un túnel. Se requiere una configuración manual de NAT.",
    "siteWgDescriptionSaas": "Utilice cualquier cliente de WireGuard para establecer un túnel. Se requiere configuración manual de NAT. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS",
    "siteLocalDescription": "Solo recursos locales. Sin túneles.",
-    "siteLocalDescriptionSaas": "Solo recursos locales. Sin túneles. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS",
+    "siteLocalDescriptionSaas": "Solo recursos locales. No hay túneles. Sólo disponible en nodos remotos.",
    "siteSeeAll": "Ver todos los sitios",
    "siteTunnelDescription": "Determina cómo quieres conectarte a tu sitio",
    "siteNewtCredentials": "Credenciales nuevas",
@@ -154,8 +153,7 @@
    "protected": "Protegido",
    "notProtected": "No protegido",
    "resourceMessageRemove": "Una vez eliminado, el recurso ya no será accesible. Todos los objetivos asociados con el recurso también serán eliminados.",
-    "resourceMessageConfirm": "Para confirmar, por favor escriba el nombre del recurso a continuación.",
-    "resourceQuestionRemove": "¿Está seguro de que desea eliminar el recurso {selectedResource} de la organización?",
+    "resourceQuestionRemove": "¿Está seguro que desea eliminar el recurso de la organización?",
    "resourceHTTP": "HTTPS Recurso",
    "resourceHTTPDescription": "Solicitudes de proxy a tu aplicación sobre HTTPS usando un subdominio o dominio base.",
    "resourceRaw": "Recurso TCP/UDP sin procesar",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Confirmar eliminación de organización",
    "orgMessageRemove": "Esta acción es irreversible y eliminará todos los datos asociados.",
    "orgMessageConfirm": "Para confirmar, por favor escriba el nombre de la organización a continuación.",
-    "orgQuestionRemove": "¿Está seguro que desea eliminar la organización {selectedOrg}?",
+    "orgQuestionRemove": "¿Está seguro que desea eliminar la organización?",
    "orgUpdated": "Organización actualizada",
    "orgUpdatedDescription": "La organización ha sido actualizada.",
    "orgErrorUpdate": "Error al actualizar la organización",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Generar clave API",
    "apiKeysErrorDelete": "Error al eliminar la clave API",
    "apiKeysErrorDeleteMessage": "Error al eliminar la clave API",
-    "apiKeysQuestionRemove": "¿Está seguro de que desea eliminar la clave de API {selectedApiKey} de la organización?",
+    "apiKeysQuestionRemove": "¿Está seguro que desea eliminar la clave API de la organización?",
    "apiKeysMessageRemove": "Una vez eliminada, la clave API ya no podrá ser utilizada.",
-    "apiKeysMessageConfirm": "Para confirmar, por favor escriba el nombre de la clave API a continuación.",
    "apiKeysDeleteConfirm": "Confirmar Borrar Clave API",
    "apiKeysDelete": "Borrar Clave API",
    "apiKeysManage": "Administrar claves API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Confirmar Borrar Usuario",
    "userDeleteServer": "Eliminar usuario del servidor",
    "userMessageRemove": "El usuario será eliminado de todas las organizaciones y será eliminado completamente del servidor.",
-    "userMessageConfirm": "Para confirmar, por favor escriba el nombre del usuario a continuación.",
-    "userQuestionRemove": "¿Está seguro que desea eliminar permanentemente {selectedUser} del servidor?",
+    "userQuestionRemove": "¿Está seguro que desea eliminar permanentemente al usuario del servidor?",
    "licenseKey": "Clave de licencia",
    "valid": "Válido",
    "numberOfSites": "Número de sitios",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Ver Términos de suscripción y licencia comercial",
    "licenseMessageRemove": "Esto eliminará la clave de licencia y todos los permisos asociados otorgados por ella.",
    "licenseMessageConfirm": "Para confirmar, por favor escriba la clave de licencia a continuación.",
-    "licenseQuestionRemove": "¿Está seguro que desea eliminar la clave de licencia {selectedKey}?",
+    "licenseQuestionRemove": "¿Está seguro que desea eliminar la clave de licencia?",
    "licenseKeyDelete": "Eliminar clave de licencia",
    "licenseKeyDeleteConfirm": "Confirmar eliminar clave de licencia",
    "licenseTitle": "Administrar estado de licencia",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Ocurrió un error mientras se eliminaba la invitación.",
    "inviteRemoved": "Invitación eliminada",
    "inviteRemovedDescription": "La invitación para {email} ha sido eliminada.",
-    "inviteQuestionRemove": "¿Está seguro de que desea eliminar la invitación {email}?",
+    "inviteQuestionRemove": "¿Está seguro de que desea eliminar la invitación?",
    "inviteMessageRemove": "Una vez eliminada, esta invitación ya no será válida. Siempre puede volver a invitar al usuario más tarde.",
    "inviteMessageConfirm": "Para confirmar, por favor escriba la dirección de correo electrónico de la invitación a continuación.",
    "inviteQuestionRegenerate": "¿Estás seguro de que quieres regenerar la invitación para {email}? Esto revocará la invitación anterior.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Ocurrió un error mientras se eliminaba el usuario.",
    "userOrgRemoved": "Usuario eliminado",
    "userOrgRemovedDescription": "El usuario {email} ha sido eliminado de la organización.",
-    "userQuestionOrgRemove": "¿Estás seguro de que quieres eliminar {email} de la organización?",
+    "userQuestionOrgRemove": "¿Está seguro que desea eliminar este usuario de la organización?",
    "userMessageOrgRemove": "Una vez eliminado, este usuario ya no tendrá acceso a la organización. Siempre puede volver a invitarlos más tarde, pero tendrán que aceptar la invitación de nuevo.",
-    "userMessageOrgConfirm": "Para confirmar, por favor escriba el nombre del usuario a continuación.",
    "userRemoveOrgConfirm": "Confirmar eliminar usuario",
    "userRemoveOrg": "Eliminar usuario de la organización",
    "users": "Usuarios",
@@ -468,7 +463,10 @@
    "createdAt": "Creado el",
    "proxyErrorInvalidHeader": "Valor de cabecera de host personalizado no válido. Utilice el formato de nombre de dominio, o guarde en blanco para desestablecer cabecera de host personalizada.",
    "proxyErrorTls": "Nombre de servidor TLS inválido. Utilice el formato de nombre de dominio o guarde en blanco para eliminar el nombre de servidor TLS.",
-    "proxyEnableSSL": "Habilitar SSL (https)",
+    "proxyEnableSSL": "Activar SSL",
+    "proxyEnableSSLDescription": "Activa el cifrado SSL/TLS para conexiones seguras HTTPS a tus objetivos.",
+    "target": "Target",
+    "configureTarget": "Configurar objetivos",
    "targetErrorFetch": "Error al recuperar los objetivos",
    "targetErrorFetchDescription": "Se ha producido un error al recuperar los objetivos",
    "siteErrorFetch": "No se pudo obtener el recurso",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Configuración de conexión segura",
    "targetTlsSettingsDescription": "Configurar ajustes SSL/TLS para su recurso",
    "targetTlsSettingsAdvanced": "Ajustes avanzados de TLS",
-    "targetTlsSni": "Nombre del servidor TLS (SNI)",
+    "targetTlsSni": "Nombre del servidor TLS",
    "targetTlsSniDescription": "El nombre del servidor TLS a usar para SNI. Deje en blanco para usar el valor predeterminado.",
    "targetTlsSubmit": "Guardar ajustes",
    "targets": "Configuración de objetivos",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Mantener conexiones en el mismo objetivo de backend para toda su sesión.",
    "methodSelect": "Seleccionar método",
    "targetSubmit": "Añadir destino",
-    "targetNoOne": "No hay objetivos. Agregue un objetivo usando el formulario.",
+    "targetNoOne": "Este recurso no tiene ningún objetivo. Agrega un objetivo para configurar dónde enviar peticiones al backend.",
    "targetNoOneDescription": "Si se añade más de un objetivo anterior se activará el balance de carga.",
    "targetsSubmit": "Guardar objetivos",
+    "addTarget": "Añadir destino",
+    "targetErrorInvalidIp": "Dirección IP inválida",
+    "targetErrorInvalidIpDescription": "Por favor, introduzca una dirección IP válida o nombre de host",
+    "targetErrorInvalidPort": "Puerto inválido",
+    "targetErrorInvalidPortDescription": "Por favor, introduzca un número de puerto válido",
+    "targetErrorNoSite": "Ningún sitio seleccionado",
+    "targetErrorNoSiteDescription": "Por favor, seleccione un sitio para el objetivo",
+    "targetCreated": "Objetivo creado",
+    "targetCreatedDescription": "El objetivo se ha creado correctamente",
+    "targetErrorCreate": "Error al crear el objetivo",
+    "targetErrorCreateDescription": "Se ha producido un error al crear el objetivo",
+    "save": "Guardar",
    "proxyAdditional": "Ajustes adicionales del proxy",
    "proxyAdditionalDescription": "Configura cómo tu recurso maneja la configuración del proxy",
    "proxyCustomHeader": "Cabecera de host personalizada",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Admin Servidor - Pangolin",
    "licenseTierProfessional": "Licencia profesional",
    "licenseTierEnterprise": "Licencia Enterprise",
-    "licenseTierCommercial": "Licencia comercial",
+    "licenseTierPersonal": "Licencia personal",
    "licensed": "Licenciado",
    "yes": "Sí",
    "no": "Nu",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Ver y administrar proveedores de identidad en el sistema",
    "idpDeletedDescription": "Proveedor de identidad eliminado correctamente",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "¿Está seguro que desea eliminar permanentemente el proveedor de identidad {name}?",
+    "idpQuestionRemove": "¿Está seguro que desea eliminar permanentemente el proveedor de identidad?",
    "idpMessageRemove": "Esto eliminará el proveedor de identidad y todas las configuraciones asociadas. Los usuarios que se autentifiquen a través de este proveedor ya no podrán iniciar sesión.",
    "idpMessageConfirm": "Para confirmar, por favor escriba el nombre del proveedor de identidad a continuación.",
    "idpConfirmDelete": "Confirmar eliminar proveedor de identidad",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Un nombre mostrado para este proveedor de identidad",
    "idpAutoProvisionUsers": "Auto-Provisión de Usuarios",
    "idpAutoProvisionUsersDescription": "Cuando está habilitado, los usuarios serán creados automáticamente en el sistema al iniciar sesión con la capacidad de asignar a los usuarios a roles y organizaciones.",
-    "licenseBadge": "Profesional",
+    "licenseBadge": "EE",
    "idpType": "Tipo de proveedor",
    "idpTypeDescription": "Seleccione el tipo de proveedor de identidad que desea configurar",
    "idpOidcConfigure": "Configuración OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Revisa tu correo electrónico para ver el código de restablecimiento.",
    "passwordNew": "Nueva contraseña",
    "passwordNewConfirm": "Confirmar nueva contraseña",
+    "changePassword": "Cambiar Contraseña",
+    "changePasswordDescription": "Actualizar la contraseña de tu cuenta",
+    "oldPassword": "Contraseña Actual",
+    "newPassword": "Nueva Contraseña",
+    "confirmNewPassword": "Confirme Nueva Contraseña",
+    "changePasswordError": "Error al cambiar la contraseña",
+    "changePasswordErrorDescription": "Se ha producido un error al cambiar la contraseña",
+    "changePasswordSuccess": "La contraseña ha sido cambiada correctamente",
+    "changePasswordSuccessDescription": "Su contraseña ha sido actualizada correctamente",
+    "passwordExpiryRequired": "Contraseña con caducidad requerida",
+    "passwordExpiryDescription": "Esta organización requiere que cambies tu contraseña cada {maxDays} días.",
+    "changePasswordNow": "Cambiar Contraseña Ahora",
    "pincodeAuth": "Código de autenticación",
    "pincodeSubmit2": "Enviar código",
    "passwordResetSubmit": "Reiniciar Solicitud",
@@ -1084,7 +1106,6 @@
    "navbar": "Menú de navegación",
    "navbarDescription": "Menú de navegación principal para la aplicación",
    "navbarDocsLink": "Documentación",
-    "commercialEdition": "Edición Comercial",
    "otpErrorEnable": "No se puede habilitar 2FA",
    "otpErrorEnableDescription": "Se ha producido un error al habilitar 2FA",
    "otpSetupCheckCode": "Por favor, introduzca un código de 6 dígitos",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Todos los usuarios",
    "sidebarIdentityProviders": "Proveedores de identidad",
    "sidebarLicense": "Licencia",
-    "sidebarClients": "Clientes (Beta)",
+    "sidebarClients": "Clientes",
    "sidebarDomains": "Dominios",
+    "sidebarBluePrints": "Planos",
+    "blueprints": "Planos",
+    "blueprintsDescription": "Los planos son configuraciones YAML declarativas que definen sus recursos y sus configuraciones",
+    "blueprintAdd": "Añadir plano",
+    "blueprintGoBack": "Ver todos los Planos",
+    "blueprintCreate": "Crear Plano",
+    "blueprintCreateDescription2": "Siga los siguientes pasos para crear y aplicar un nuevo plano",
+    "blueprintDetails": "Detalles del plano",
+    "blueprintDetailsDescription": "Ver los detalles de la ejecución del plano",
+    "blueprintInfo": "Información del plano",
+    "message": "Mensaje",
+    "blueprintContentsDescription": "Defina el contenido YAML describiendo su infraestructura",
+    "blueprintErrorCreateDescription": "Se ha producido un error al aplicar el plano",
+    "blueprintErrorCreate": "Error al crear el plano",
+    "searchBlueprintProgress": "Buscar planos...",
+    "appliedAt": "Aplicado en",
+    "source": "Fuente",
+    "contents": "Contenido",
+    "parsedContents": "Contenido analizado",
    "enableDockerSocket": "Habilitar Plano Docker",
    "enableDockerSocketDescription": "Activar el raspado de etiquetas de Socket Docker para etiquetas de planos. La ruta del Socket debe proporcionarse a Newt.",
    "enableDockerSocketLink": "Saber más",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Crear dominio",
    "domainCreatedDescription": "Dominio creado con éxito",
    "domainDeletedDescription": "Dominio eliminado exitosamente",
-    "domainQuestionRemove": "¿Está seguro de que desea eliminar el dominio {domain} de su cuenta?",
+    "domainQuestionRemove": "¿Está seguro que desea eliminar el dominio de su cuenta?",
    "domainMessageRemove": "Una vez eliminado, el dominio ya no estará asociado con su cuenta.",
-    "domainMessageConfirm": "Para confirmar, por favor escriba el nombre del dominio abajo.",
    "domainConfirmDelete": "Confirmar eliminación del dominio",
    "domainDelete": "Eliminar dominio",
    "domain": "Dominio",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Nivel Gratis",
    "billingWarningOverLimit": "Advertencia: Has excedido uno o más límites de uso. Tus sitios no se conectarán hasta que modifiques tu suscripción o ajustes tu uso.",
    "billingUsageLimitsOverview": "Descripción general de los límites de uso",
-    "billingMonitorUsage": "Monitorea tu uso comparado con los límites configurados. Si necesitas que aumenten los límites, contáctanos a soporte@fossorial.io.",
+    "billingMonitorUsage": "Monitorea tu uso comparado con los límites configurados. Si necesitas que aumenten los límites, contáctanos a soporte@pangolin.net.",
    "billingDataUsage": "Uso de datos",
    "billingOnlineTime": "Tiempo en línea del sitio",
    "billingUsers": "Usuarios activos",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Hubo un problema al usar tu llave de seguridad. Por favor, inténtalo de nuevo.",
    "twoFactorRequired": "Se requiere autenticación de dos factores para registrar una llave de seguridad.",
    "twoFactor": "Autenticación de dos factores",
+    "twoFactorAuthentication": "Autenticación de Dos Factores",
+    "twoFactorDescription": "Esta organización requiere autenticación de dos factores.",
+    "enableTwoFactor": "Habilitar autenticación de dos factores",
+    "organizationSecurityPolicy": "Política de Seguridad de la Organización",
+    "organizationSecurityPolicyDescription": "Esta organización tiene requisitos de seguridad que deben cumplirse antes de poder acceder a ella",
+    "securityRequirements": "Requisitos de seguridad",
+    "allRequirementsMet": "Todos los requisitos han sido cumplidos",
+    "completeRequirementsToContinue": "Completa los siguientes requisitos para seguir accediendo a esta organización",
+    "youCanNowAccessOrganization": "Ahora puedes acceder a esta organización",
+    "reauthenticationRequired": "Longitud de la sesión",
+    "reauthenticationDescription": "Esta organización requiere que inicies sesión cada {maxDays} días.",
+    "reauthenticationDescriptionHours": "Esta organización requiere que inicies sesión cada {maxHours} horas.",
+    "reauthenticateNow": "Iniciar sesión de nuevo",
    "adminEnabled2FaOnYourAccount": "Su administrador ha habilitado la autenticación de dos factores para {email}. Por favor, complete el proceso de configuración para continuar.",
-    "continueToApplication": "Continuar a la aplicación",
    "securityKeyAdd": "Agregar llave de seguridad",
    "securityKeyRegisterTitle": "Registrar nueva llave de seguridad",
    "securityKeyRegisterDescription": "Conecta tu llave de seguridad y escribe un nombre para identificarla",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Proxy externo habilitado",
    "addNewTarget": "Agregar nuevo destino",
    "targetsList": "Lista de destinos",
+    "advancedMode": "Modo avanzado",
    "targetErrorDuplicateTargetFound": "Se encontró un destino duplicado",
    "healthCheckHealthy": "Saludable",
    "healthCheckUnhealthy": "No saludable",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Error de inicio de sesión automático",
    "autoLoginErrorNoRedirectUrl": "No se recibió URL de redirección del proveedor de identidad.",
    "autoLoginErrorGeneratingUrl": "Error al generar URL de autenticación.",
-    "remoteExitNodeManageRemoteExitNodes": "Administrar Nodos Autogestionados",
-    "remoteExitNodeDescription": "Administrar nodos para extender la conectividad de red",
+    "remoteExitNodeManageRemoteExitNodes": "Nodos remotos",
+    "remoteExitNodeDescription": "Autoalojar uno o más nodos remotos para extender la conectividad de red y reducir la dependencia de la nube",
    "remoteExitNodes": "Nodos",
    "searchRemoteExitNodes": "Buscar nodos...",
    "remoteExitNodeAdd": "Añadir Nodo",
    "remoteExitNodeErrorDelete": "Error al eliminar el nodo",
-    "remoteExitNodeQuestionRemove": "¿Está seguro de que desea eliminar el nodo {selectedNode} de la organización?",
+    "remoteExitNodeQuestionRemove": "¿Está seguro que desea eliminar el nodo de la organización?",
    "remoteExitNodeMessageRemove": "Una vez eliminado, el nodo ya no será accesible.",
-    "remoteExitNodeMessageConfirm": "Para confirmar, por favor escriba el nombre del nodo a continuación.",
    "remoteExitNodeConfirmDelete": "Confirmar eliminar nodo",
    "remoteExitNodeDelete": "Eliminar Nodo",
-    "sidebarRemoteExitNodes": "Nodos",
+    "sidebarRemoteExitNodes": "Nodos remotos",
    "remoteExitNodeCreate": {
        "title": "Crear Nodo",
        "description": "Crear un nuevo nodo para extender la conectividad de red",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Editar archivo: docker-compose.yml",
    "emailVerificationRequired": "Se requiere verificación de correo electrónico. Por favor, inicie sesión de nuevo a través de {dashboardUrl}/auth/login complete este paso. Luego, vuelva aquí.",
    "twoFactorSetupRequired": "La configuración de autenticación de doble factor es requerida. Por favor, inicia sesión de nuevo a través de {dashboardUrl}/auth/login completa este paso. Luego, vuelve aquí.",
+    "additionalSecurityRequired": "Seguridad adicional requerida",
+    "organizationRequiresAdditionalSteps": "Esta organización requiere pasos de seguridad adicionales antes de poder acceder a los recursos.",
+    "completeTheseSteps": "Completa estos pasos",
+    "enableTwoFactorAuthentication": "Habilitar autenticación de doble factor",
+    "completeSecuritySteps": "Pasos de seguridad completos",
+    "securitySettings": "Ajustes de seguridad",
+    "securitySettingsDescription": "Configurar políticas de seguridad para su organización",
+    "requireTwoFactorForAllUsers": "Requiere autenticación de doble factor para todos los usuarios",
+    "requireTwoFactorDescription": "Cuando está activado, todos los usuarios internos de esta organización deben tener habilitada la autenticación de dos factores para acceder a la organización.",
+    "requireTwoFactorDisabledDescription": "Esta característica requiere una licencia válida (Enterprise) o una suscripción activa (SaBudget)",
+    "requireTwoFactorCannotEnableDescription": "Debes habilitar la autenticación de doble factor para tu cuenta antes de aplicarla a todos los usuarios",
+    "maxSessionLength": "Longitud máxima de la sesión",
+    "maxSessionLengthDescription": "Establecer la duración máxima de las sesiones de usuario. Después de este tiempo, los usuarios tendrán que volver a autenticarse.",
+    "maxSessionLengthDisabledDescription": "Esta característica requiere una licencia válida (Enterprise) o una suscripción activa (SaBudget)",
+    "selectSessionLength": "Seleccionar duración de sesión",
+    "unenforced": "No aplicado",
+    "1Hour": "1 hora",
+    "3Hours": "3 horas",
+    "6Hours": "6 horas",
+    "12Hours": "12 horas",
+    "1DaySession": "1 día",
+    "3Days": "3 días",
+    "7Days": "7 días",
+    "14Days": "14 días",
+    "30DaysSession": "30 días",
+    "90DaysSession": "90 días",
+    "180DaysSession": "180 días",
+    "passwordExpiryDays": "Caduca la contraseña",
+    "editPasswordExpiryDescription": "Establecer el número de días antes de que los usuarios tengan que cambiar su contraseña.",
+    "selectPasswordExpiry": "Seleccione la contraseña expirada",
+    "30Days": "30 días",
+    "1Day": "1 día",
+    "60Days": "60 días",
+    "90Days": "90 días",
+    "180Days": "180 días",
+    "1Year": "1 año",
+    "subscriptionBadge": "Suscripción requerida",
+    "securityPolicyChangeWarning": "Advertencia de cambio de política de seguridad",
+    "securityPolicyChangeDescription": "Está a punto de cambiar la configuración de la política de seguridad. Después de guardar, puede que necesite volver a autenticarse para cumplir con estas actualizaciones de política. Todos los usuarios que no cumplan con los requisitos también tendrán que volver a autenticarse.",
+    "securityPolicyChangeConfirmMessage": "Confirmo",
+    "securityPolicyChangeWarningText": "Esto afectará a todos los usuarios de la organización",
    "authPageErrorUpdateMessage": "Ocurrió un error mientras se actualizaban los ajustes de la página auth",
+    "authPageErrorUpdate": "No se puede actualizar la página de autenticación",
    "authPageUpdated": "Página auth actualizada correctamente",
    "healthCheckNotAvailable": "Local",
    "rewritePath": "Reescribir Ruta",
-    "rewritePathDescription": "Opcionalmente reescribe la ruta antes de reenviar al destino."
+    "rewritePathDescription": "Opcionalmente reescribe la ruta antes de reenviar al destino.",
+    "continueToApplication": "Continuar a la aplicación",
+    "checkingInvite": "Comprobando invitación",
+    "setResourceHeaderAuth": "set-Resource HeaderAuth",
+    "resourceHeaderAuthRemove": "Eliminar Auth del Encabezado",
+    "resourceHeaderAuthRemoveDescription": "Autenticación de cabecera eliminada correctamente.",
+    "resourceErrorHeaderAuthRemove": "Error al eliminar autenticación de cabecera",
+    "resourceErrorHeaderAuthRemoveDescription": "No se pudo eliminar la autenticación de cabecera del recurso.",
+    "resourceHeaderAuthProtectionEnabled": "Autenticación de cabecera habilitada",
+    "resourceHeaderAuthProtectionDisabled": "Autenticación de cabecera desactivada",
+    "headerAuthRemove": "Eliminar Auth del Encabezado",
+    "headerAuthAdd": "Añadir autenticación de cabecera",
+    "resourceErrorHeaderAuthSetup": "Error al establecer autenticación de cabecera",
+    "resourceErrorHeaderAuthSetupDescription": "No se pudo establecer autenticación de cabecera para el recurso.",
+    "resourceHeaderAuthSetup": "Autenticación de cabecera establecida correctamente",
+    "resourceHeaderAuthSetupDescription": "La autenticación de cabecera se ha establecido correctamente.",
+    "resourceHeaderAuthSetupTitle": "Establecer autenticación de cabecera",
+    "resourceHeaderAuthSetupTitleDescription": "Establezca las credenciales básicas de autenticación (nombre de usuario y contraseña) para proteger este recurso con autenticación de HTTP Header. Acceda a él usando el formato https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Establecer autenticación de cabecera",
+    "actionSetResourceHeaderAuth": "Establecer autenticación de cabecera",
+    "enterpriseEdition": "Edición corporativa",
+    "unlicensed": "Sin licencia",
+    "beta": "Beta",
+    "manageClients": "Administrar clientes",
+    "manageClientsDescription": "Los clientes son dispositivos que pueden conectarse a sus sitios",
+    "licenseTableValidUntil": "Válido hasta",
+    "saasLicenseKeysSettingsTitle": "Licencias empresariales",
+    "saasLicenseKeysSettingsDescription": "Generar y administrar claves de licencia Enterprise para instancias Pangolin autoalojadas",
+    "sidebarEnterpriseLicenses": "Licencias",
+    "generateLicenseKey": "Generar clave de licencia",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Por favor, introduzca una dirección de correo válida",
+            "useCaseTypeRequired": "Por favor, seleccione un tipo de caso de uso",
+            "firstNameRequired": "El nombre es obligatorio",
+            "lastNameRequired": "Se requiere apellido",
+            "primaryUseRequired": "Por favor describa su uso principal",
+            "jobTitleRequiredBusiness": "El título de la tarea es obligatorio para uso empresarial",
+            "industryRequiredBusiness": "La industria es necesaria para uso comercial",
+            "stateProvinceRegionRequired": "Se requiere estado/Province/región",
+            "postalZipCodeRequired": "Código Postal/ZIP es requerido",
+            "companyNameRequiredBusiness": "El nombre de la empresa es obligatorio para uso comercial",
+            "countryOfResidenceRequiredBusiness": "El país de residencia es obligatorio para uso de negocios",
+            "countryRequiredPersonal": "El país es obligatorio para uso personal",
+            "agreeToTermsRequired": "Debe aceptar los términos",
+            "complianceConfirmationRequired": "Debe confirmar el cumplimiento de la Licencia Comercial Fossorial"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Uso personal",
+                "description": "Para uso individual y no comercial, tales como aprendizaje, proyectos personales o experimentación."
+            },
+            "business": {
+                "title": "Uso de Negocio",
+                "description": "Para uso dentro de organizaciones, empresas o actividades comerciales o generadoras de ingresos."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email y tipo de licencia",
+                "description": "Introduzca su correo electrónico y elija su tipo de licencia"
+            },
+            "personalInformation": {
+                "title": "Información Personal",
+                "description": "Cuéntanos acerca de ti"
+            },
+            "contactInformation": {
+                "title": "Información de contacto",
+                "description": "Sus datos de contacto"
+            },
+            "termsGenerate": {
+                "title": "Términos y Generar",
+                "description": "Revisar y aceptar términos para generar su licencia"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Divulgación de uso",
+                "description": "Seleccione el nivel de licencia que refleje con precisión su uso previsto. La Licencia Personal permite el uso libre del Software para actividades comerciales individuales, no comerciales o de pequeña escala con ingresos brutos anuales inferiores a $100,000 USD. Cualquier uso más allá de estos límites — incluyendo el uso dentro de una empresa, organización, u otro entorno de generación de ingresos — requiere una Licencia Empresarial válida y el pago de la cuota de licencia aplicable. Todos los usuarios, ya sean personales o empresariales, deben cumplir con las Condiciones de Licencia Comercial Fossorial."
+            },
+            "trialPeriodInformation": {
+                "title": "Información del período de prueba",
+                "description": "Esta Clave de Licencia permite las funciones de la Empresa durante un período de evaluación de 7 días. El acceso continuado a las características de pago más allá del período de evaluación requiere una activación bajo una Licencia Personal o Empresarial válida. Para licencias de la Empresa, póngase en contacto con sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "¿Estás usando Pangolin para uso personal o de negocios?",
+            "firstName": "Nombre",
+            "lastName": "Apellido",
+            "jobTitle": "Trabajo",
+            "primaryUseQuestion": "¿Para qué planeas usar principalmente Pangolin?",
+            "industryQuestion": "¿Cuál es su industria?",
+            "prospectiveUsersQuestion": "¿Cuántos usuarios potenciales esperas tener?",
+            "prospectiveSitesQuestion": "¿Cuántos sitios potenciales (túneles) esperas tener?",
+            "companyName": "Nombre de la empresa",
+            "countryOfResidence": "País de residencia",
+            "stateProvinceRegion": "Estado / Province / Región",
+            "postalZipCode": "Código postal",
+            "companyWebsite": "Sitio web de la empresa",
+            "companyPhoneNumber": "Número de teléfono de la empresa",
+            "country": "País",
+            "phoneNumberOptional": "Número de teléfono (opcional)",
+            "complianceConfirmation": "Confirmo que la información que he proporcionado es exacta y que estoy en conformidad con la Licencia Comercial Fossorial. Informar de información inexacta o identificar mal el uso del producto es una violación de la licencia y puede resultar en que su clave sea revocada."
+        },
+        "buttons": {
+            "close": "Cerrar",
+            "previous": "Anterior",
+            "next": "Siguiente",
+            "generateLicenseKey": "Generar clave de licencia"
+        },
+        "toasts": {
+            "success": {
+                "title": "Clave de licencia generada con éxito",
+                "description": "Su clave de licencia ha sido generada y está lista para usar."
+            },
+            "error": {
+                "title": "Error al generar la clave de licencia",
+                "description": "Se ha producido un error al generar la clave de licencia."
+            }
+        }
+    },
+    "priority": "Prioridad",
+    "priorityDescription": "Las rutas de prioridad más alta son evaluadas primero. Prioridad = 100 significa orden automático (decisiones del sistema). Utilice otro número para hacer cumplir la prioridad manual.",
+    "instanceName": "Nombre de instancia",
+    "pathMatchModalTitle": "Configurar ruta coincidente",
+    "pathMatchModalDescription": "Configurar cómo deben coincidir las peticiones entrantes en función de su ruta.",
+    "pathMatchType": "Tipo de partida",
+    "pathMatchPrefix": "Prefijo",
+    "pathMatchExact": "Exacto",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Valor de ruta",
+    "clear": "Claro",
+    "saveChanges": "Guardar Cambios",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/ruta",
+    "pathMatchPrefixHelp": "Ejemplo: /api coincide con /api, /api/users, etc.",
+    "pathMatchExactHelp": "Ejemplo: /api coincide sólo con /api",
+    "pathMatchRegexHelp": "Ejemplo: ^/api/.* coincide con /api/anything",
+    "pathRewriteModalTitle": "Configurar ruta de reescritura",
+    "pathRewriteModalDescription": "Transforma la ruta coincidente antes de reenviarla al objetivo.",
+    "pathRewriteType": "Tipo de reescritura",
+    "pathRewritePrefixOption": "Prefijo - Reemplazar prefijo",
+    "pathRewriteExactOption": "Exacto - Reemplazar toda la ruta",
+    "pathRewriteRegexOption": "Regex - Reemplazo de patrón",
+    "pathRewriteStripPrefixOption": "Prefijo de clip - Quitar prefijo",
+    "pathRewriteValue": "Reescribir valor",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Reemplazar el prefijo coincidente con este valor",
+    "pathRewriteExactHelp": "Reemplaza toda la ruta con este valor cuando la ruta coincida exactamente",
+    "pathRewriteRegexHelp": "Usar grupos de captura como $1, $2 para reemplazar",
+    "pathRewriteStripPrefixHelp": "Dejar en blanco para el prefijo strip o proporcionar un nuevo prefijo",
+    "pathRewritePrefix": "Prefijo",
+    "pathRewriteExact": "Exacto",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Clip",
+    "pathRewriteStripLabel": "clip",
+    "sidebarEnableEnterpriseLicense": "Activar licencia corporativa",
+    "cannotbeUndone": "Esto no se puede deshacer.",
+    "toConfirm": "confirmar",
+    "deleteClientQuestion": "¿Está seguro que desea eliminar el cliente del sitio y la organización?",
+    "clientMessageRemove": "Una vez eliminado, el cliente ya no podrá conectarse al sitio.",
+    "sidebarLogs": "Registros",
+    "request": "Solicitud",
+    "logs": "Registros",
+    "logsSettingsDescription": "Monitorear registros recogidos de esta orginización",
+    "searchLogs": "Buscar registros...",
+    "action": "Accin",
+    "actor": "Actor",
+    "timestamp": "Timestamp",
+    "accessLogs": "Registros de acceso",
+    "exportCsv": "Exportar CSV",
+    "actorId": "ID de Actor",
+    "allowedByRule": "Permitido por regla",
+    "allowedNoAuth": "No se permite autorización",
+    "validAccessToken": "Token de Acceso Válido",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Contraseña válida",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Recurso bloqueado",
+    "droppedByRule": "Soltado por regla",
+    "noSessions": "No hay sesiones",
+    "temporaryRequestToken": "Token de solicitud temporal",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Razón",
+    "requestLogs": "Registros de Solicitud",
+    "host": "Anfitrión",
+    "location": "Ubicación",
+    "actionLogs": "Registros de acción",
+    "sidebarLogsRequest": "Registros de Solicitud",
+    "sidebarLogsAccess": "Registros de acceso",
+    "sidebarLogsAction": "Registros de acción",
+    "logRetention": "Retención de Log",
+    "logRetentionDescription": "Administrar cuánto tiempo se conservan los diferentes tipos de registros para esta organización o desactivarlos",
+    "requestLogsDescription": "Ver registros de solicitudes detallados para los recursos de esta organización",
+    "logRetentionRequestLabel": "Retención de Registro de Solicitud",
+    "logRetentionRequestDescription": "Cuánto tiempo conservar los registros de solicitudes",
+    "logRetentionAccessLabel": "Retención de Log de Acceso",
+    "logRetentionAccessDescription": "Cuánto tiempo retener los registros de acceso",
+    "logRetentionActionLabel": "Retención de registro de acción",
+    "logRetentionActionDescription": "Cuánto tiempo retener los registros de acción",
+    "logRetentionDisabled": "Deshabilitado",
+    "logRetention3Days": "3 días",
+    "logRetention7Days": "7 días",
+    "logRetention14Days": "14 días",
+    "logRetention30Days": "30 días",
+    "logRetention90Days": "90 días",
+    "logRetentionForever": "Para siempre",
+    "actionLogsDescription": "Ver un historial de acciones realizadas en esta organización",
+    "accessLogsDescription": "Ver solicitudes de acceso a los recursos de esta organización",
+    "licenseRequiredToUse": "Se requiere una licencia Enterprise para utilizar esta función.",
+    "certResolver": "Resolver certificado",
+    "certResolverDescription": "Seleccione la resolución de certificados a utilizar para este recurso.",
+    "selectCertResolver": "Seleccionar Resolver Certificado",
+    "enterCustomResolver": "Introducir resolución personalizada",
+    "preferWildcardCert": "Certificado de comodín preferido",
+    "unverified": "Sin verificar",
+    "domainSetting": "Ajustes de dominio",
+    "domainSettingDescription": "Configurar ajustes para tu dominio",
+    "preferWildcardCertDescription": "Intento de generar un certificado comodín (requiere una resolución de certificados correctamente configurada).",
+    "recordName": "Nombre del registro",
+    "auto": "Auto",
+    "TTL": "TTL",
+    "howToAddRecords": "Cómo añadir registros",
+    "dnsRecord": "Registros DNS",
+    "required": "Requerido",
+    "domainSettingsUpdated": "Configuración de dominio actualizada correctamente",
+    "orgOrDomainIdMissing": "Falta el ID de organización o dominio",
+    "loadingDNSRecords": "Cargando registros DNS...",
+    "olmUpdateAvailableInfo": "Una versión actualizada de Olm está disponible. Por favor, actualice a la última versión para obtener la mejor experiencia.",
+    "client": "Cliente",
+    "proxyProtocol": "Configuración del Protocolo Proxy",
+    "proxyProtocolDescription": "Configurar el protocolo de proxy para preservar las direcciones IP del cliente para los servicios TCP/UDP.",
+    "enableProxyProtocol": "Habilitar protocolo proxy",
+    "proxyProtocolInfo": "Conservar direcciones IP del cliente para backends TCP/UDP",
+    "proxyProtocolVersion": "Versión del Protocolo Proxy",
+    "version1": " Versión 1 (Recomendado)",
+    "version2": "Versión 2",
+    "versionDescription": "La versión 1 está basada en texto y es ampliamente soportada. La versión 2 es binaria y más eficiente pero menos compatible.",
+    "warning": "Advertencia",
+    "proxyProtocolWarning": "Su aplicación de backend debe estar configurada para aceptar conexiones Proxy Protocol. Si su backend no soporta Proxy Protocol, habilitando esto romperá todas las conexiones. Asegúrese de configurar su backend para que confíe en las cabeceras del protocolo Proxy de Traefik.",
+    "restarting": "Reiniciando...",
+    "manual": "Manual",
+    "messageSupport": "Soporte de mensajes",
+    "supportNotAvailableTitle": "Soporte no disponible",
+    "supportNotAvailableDescription": "El soporte no está disponible en este momento. Puedes enviar un correo electrónico a support@pangolin.net.",
+    "supportRequestSentTitle": "Solicitud de soporte enviada",
+    "supportRequestSentDescription": "Su mensaje ha sido enviado con éxito.",
+    "supportRequestFailedTitle": "Error al enviar la solicitud",
+    "supportRequestFailedDescription": "Se ha producido un error al enviar su solicitud de soporte.",
+    "supportSubjectRequired": "El asunto es obligatorio",
+    "supportSubjectMaxLength": "El asunto debe tener 255 caracteres o menos",
+    "supportMessageRequired": "El mensaje es obligatorio",
+    "supportReplyTo": "Responder a",
+    "supportSubject": "Asunto",
+    "supportSubjectPlaceholder": "Introducir asunto",
+    "supportMessage": "Mensaje",
+    "supportMessagePlaceholder": "Introduce tu mensaje",
+    "supportSending": "Enviando...",
+    "supportSend": "Enviar",
+    "supportMessageSent": "¡Mensaje enviado!",
+    "supportWillContact": "¡Estaremos en contacto en breve!"
 }
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -47,9 +47,8 @@
    "edit": "Editer",
    "siteConfirmDelete": "Confirmer la suppression du site",
    "siteDelete": "Supprimer le site",
-    "siteMessageRemove": "Une fois supprimé, le site ne sera plus accessible. Toutes les ressources et cibles associées au site seront également supprimées.",
-    "siteMessageConfirm": "Pour confirmer, veuillez saisir le nom du site ci-dessous.",
-    "siteQuestionRemove": "Êtes-vous sûr de vouloir supprimer le site {selectedSite} de l'organisation ?",
+    "siteMessageRemove": "Une fois supprimé, le site ne sera plus accessible. Toutes les cibles associées au site seront également supprimées.",
+    "siteQuestionRemove": "Êtes-vous sûr de vouloir supprimer le site de l'organisation ?",
    "siteManageSites": "Gérer les sites",
    "siteDescription": "Autoriser la connectivité à votre réseau via des tunnels sécurisés",
    "siteCreate": "Créer un site",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise.",
    "siteWgDescriptionSaas": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES",
    "siteLocalDescription": "Ressources locales seulement. Pas de tunneling.",
-    "siteLocalDescriptionSaas": "Ressources locales uniquement. Pas de tunneling. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES",
+    "siteLocalDescriptionSaas": "Ressources locales uniquement. Pas de tunneling. Disponible uniquement sur les nœuds distants.",
    "siteSeeAll": "Voir tous les sites",
    "siteTunnelDescription": "Déterminez comment vous voulez vous connecter à votre site",
    "siteNewtCredentials": "Identifiants Newt",
@@ -154,8 +153,7 @@
    "protected": "Protégé",
    "notProtected": "Non Protégé",
    "resourceMessageRemove": "Une fois supprimée, la ressource ne sera plus accessible. Toutes les cibles associées à la ressource seront également supprimées.",
-    "resourceMessageConfirm": "Pour confirmer, veuillez saisir le nom de la ressource ci-dessous.",
-    "resourceQuestionRemove": "Êtes-vous sûr de vouloir supprimer la ressource {selectedResource} de l'organisation ?",
+    "resourceQuestionRemove": "Êtes-vous sûr de vouloir supprimer la ressource de l'organisation ?",
    "resourceHTTP": "Ressource HTTPS",
    "resourceHTTPDescription": "Requêtes de proxy à votre application via HTTPS en utilisant un sous-domaine ou un domaine de base.",
    "resourceRaw": "Ressource TCP/UDP brute",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Confirmer la suppression de l'organisation",
    "orgMessageRemove": "Cette action est irréversible et supprimera toutes les données associées.",
    "orgMessageConfirm": "Pour confirmer, veuillez saisir le nom de l'organisation ci-dessous.",
-    "orgQuestionRemove": "Êtes-vous sûr de vouloir supprimer l'organisation {selectedOrg}?",
+    "orgQuestionRemove": "Êtes-vous sûr de vouloir supprimer l'organisation ?",
    "orgUpdated": "Organisation mise à jour",
    "orgUpdatedDescription": "L'organisation a été mise à jour.",
    "orgErrorUpdate": "Échec de la mise à jour de l'organisation",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Générer une clé API",
    "apiKeysErrorDelete": "Erreur lors de la suppression de la clé API",
    "apiKeysErrorDeleteMessage": "Erreur lors de la suppression de la clé API",
-    "apiKeysQuestionRemove": "Êtes-vous sûr de vouloir supprimer la clé API {selectedApiKey} de l'organisation ?",
+    "apiKeysQuestionRemove": "Êtes-vous sûr de vouloir supprimer la clé API de l'organisation ?",
    "apiKeysMessageRemove": "Une fois supprimée, la clé API ne pourra plus être utilisée.",
-    "apiKeysMessageConfirm": "Pour confirmer, veuillez saisir le nom de la clé API ci-dessous.",
    "apiKeysDeleteConfirm": "Confirmer la suppression de la clé API",
    "apiKeysDelete": "Supprimer la clé API",
    "apiKeysManage": "Gérer les clés API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Confirmer la suppression de l'utilisateur",
    "userDeleteServer": "Supprimer l'utilisateur du serveur",
    "userMessageRemove": "L'utilisateur sera retiré de toutes les organisations et sera complètement retiré du serveur.",
-    "userMessageConfirm": "Pour confirmer, veuillez saisir le nom de l'utilisateur ci-dessous.",
-    "userQuestionRemove": "Êtes-vous sûr de vouloir supprimer définitivement {selectedUser} du serveur?",
+    "userQuestionRemove": "Êtes-vous sûr de vouloir supprimer définitivement l'utilisateur du serveur?",
    "licenseKey": "Clé de licence",
    "valid": "Valide",
    "numberOfSites": "Nombre de sites",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Voir les conditions de licence commerciale et d'abonnement Fossorial",
    "licenseMessageRemove": "Cela supprimera la clé de licence et toutes les autorisations qui lui sont associées.",
    "licenseMessageConfirm": "Pour confirmer, veuillez saisir la clé de licence ci-dessous.",
-    "licenseQuestionRemove": "Êtes-vous sûr de vouloir supprimer la clé de licence {selectedKey}?",
+    "licenseQuestionRemove": "Êtes-vous sûr de vouloir supprimer la clé de licence ?",
    "licenseKeyDelete": "Supprimer la clé de licence",
    "licenseKeyDeleteConfirm": "Confirmer la suppression de la clé de licence",
    "licenseTitle": "Gérer le statut de la licence",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Une erreur s'est produite lors de la suppression de l'invitation.",
    "inviteRemoved": "Invitation supprimée",
    "inviteRemovedDescription": "L'invitation pour {email} a été supprimée.",
-    "inviteQuestionRemove": "Êtes-vous sûr de vouloir supprimer l'invitation {email}?",
+    "inviteQuestionRemove": "Êtes-vous sûr de vouloir supprimer l'invitation?",
    "inviteMessageRemove": "Une fois supprimée, cette invitation ne sera plus valide. Vous pourrez toujours réinviter l'utilisateur plus tard.",
    "inviteMessageConfirm": "Pour confirmer, veuillez saisir l'adresse e-mail de l'invitation ci-dessous.",
    "inviteQuestionRegenerate": "Êtes-vous sûr de vouloir régénérer l'invitation {email}? Cela révoquera l'invitation précédente.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Une erreur s'est produite lors de la suppression de l'utilisateur.",
    "userOrgRemoved": "Utilisateur supprimé",
    "userOrgRemovedDescription": "L'utilisateur {email} a été retiré de l'organisation.",
-    "userQuestionOrgRemove": "Êtes-vous sûr de vouloir retirer {email} de l'organisation ?",
+    "userQuestionOrgRemove": "Êtes-vous sûr de vouloir supprimer cet utilisateur de l'organisation ?",
    "userMessageOrgRemove": "Une fois retiré, cet utilisateur n'aura plus accès à l'organisation. Vous pouvez toujours le réinviter plus tard, mais il devra accepter l'invitation à nouveau.",
-    "userMessageOrgConfirm": "Pour confirmer, veuillez saisir le nom de l'utilisateur ci-dessous.",
    "userRemoveOrgConfirm": "Confirmer la suppression de l'utilisateur",
    "userRemoveOrg": "Retirer l'utilisateur de l'organisation",
    "users": "Utilisateurs",
@@ -468,7 +463,10 @@
    "createdAt": "Créé le",
    "proxyErrorInvalidHeader": "Valeur d'en-tête Host personnalisée invalide. Utilisez le format de nom de domaine, ou laissez vide pour désactiver l'en-tête Host personnalisé.",
    "proxyErrorTls": "Nom de serveur TLS invalide. Utilisez le format de nom de domaine, ou laissez vide pour supprimer le nom de serveur TLS.",
-    "proxyEnableSSL": "Activer SSL (https)",
+    "proxyEnableSSL": "Activer SSL",
+    "proxyEnableSSLDescription": "Activez le cryptage SSL/TLS pour des connexions HTTPS sécurisées vers vos cibles.",
+    "target": "Target",
+    "configureTarget": "Configurer les cibles",
    "targetErrorFetch": "Échec de la récupération des cibles",
    "targetErrorFetchDescription": "Une erreur s'est produite lors de la récupération des cibles",
    "siteErrorFetch": "Échec de la récupération de la ressource",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Configuration sécurisée de connexion",
    "targetTlsSettingsDescription": "Configurer les paramètres SSL/TLS pour votre ressource",
    "targetTlsSettingsAdvanced": "Paramètres TLS avancés",
-    "targetTlsSni": "Nom de serveur TLS (SNI)",
+    "targetTlsSni": "Nom du serveur TLS",
    "targetTlsSniDescription": "Le nom de serveur TLS à utiliser pour SNI. Laissez vide pour utiliser la valeur par défaut.",
    "targetTlsSubmit": "Enregistrer les paramètres",
    "targets": "Configuration des cibles",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Maintenir les connexions sur la même cible backend pendant toute leur session.",
    "methodSelect": "Sélectionner la méthode",
    "targetSubmit": "Ajouter une cible",
-    "targetNoOne": "Aucune cible. Ajoutez une cible en utilisant le formulaire.",
+    "targetNoOne": "Cette ressource n'a aucune cible. Ajoutez une cible pour configurer où envoyer des requêtes à votre backend.",
    "targetNoOneDescription": "L'ajout de plus d'une cible ci-dessus activera l'équilibrage de charge.",
    "targetsSubmit": "Enregistrer les cibles",
+    "addTarget": "Ajouter une cible",
+    "targetErrorInvalidIp": "Adresse IP invalide",
+    "targetErrorInvalidIpDescription": "Veuillez entrer une adresse IP ou un nom d'hôte valide",
+    "targetErrorInvalidPort": "Port invalide",
+    "targetErrorInvalidPortDescription": "Veuillez entrer un numéro de port valide",
+    "targetErrorNoSite": "Aucun site sélectionné",
+    "targetErrorNoSiteDescription": "Veuillez sélectionner un site pour la cible",
+    "targetCreated": "Cible créée",
+    "targetCreatedDescription": "La cible a été créée avec succès",
+    "targetErrorCreate": "Impossible de créer la cible",
+    "targetErrorCreateDescription": "Une erreur s'est produite lors de la création de la cible",
+    "save": "Enregistrer",
    "proxyAdditional": "Paramètres de proxy supplémentaires",
    "proxyAdditionalDescription": "Configurer la façon dont votre ressource gère les paramètres de proxy",
    "proxyCustomHeader": "En-tête Host personnalisé",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Admin Serveur - Pangolin",
    "licenseTierProfessional": "Licence Professionnelle",
    "licenseTierEnterprise": "Licence Entreprise",
-    "licenseTierCommercial": "Licence commerciale",
+    "licenseTierPersonal": "Licence personnelle",
    "licensed": "Sous licence",
    "yes": "Oui",
    "no": "Non",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Voir et gérer les fournisseurs d'identité dans le système",
    "idpDeletedDescription": "Fournisseur d'identité supprimé avec succès",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Êtes-vous sûr de vouloir supprimer définitivement le fournisseur d'identité {name}?",
+    "idpQuestionRemove": "Êtes-vous sûr de vouloir supprimer définitivement le fournisseur d'identité?",
    "idpMessageRemove": "Cela supprimera le fournisseur d'identité et toutes les configurations associées. Les utilisateurs qui s'authentifient via ce fournisseur ne pourront plus se connecter.",
    "idpMessageConfirm": "Pour confirmer, veuillez saisir le nom du fournisseur d'identité ci-dessous.",
    "idpConfirmDelete": "Confirmer la suppression du fournisseur d'identité",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Un nom d'affichage pour ce fournisseur d'identité",
    "idpAutoProvisionUsers": "Approvisionnement automatique des utilisateurs",
    "idpAutoProvisionUsersDescription": "Lorsque cette option est activée, les utilisateurs seront automatiquement créés dans le système lors de leur première connexion avec la possibilité de mapper les utilisateurs aux rôles et aux organisations.",
-    "licenseBadge": "Professionnel",
+    "licenseBadge": "EE",
    "idpType": "Type de fournisseur",
    "idpTypeDescription": "Sélectionnez le type de fournisseur d'identité que vous souhaitez configurer",
    "idpOidcConfigure": "Configuration OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Vérifiez votre e-mail pour le code de réinitialisation.",
    "passwordNew": "Nouveau mot de passe",
    "passwordNewConfirm": "Confirmer le nouveau mot de passe",
+    "changePassword": "Changer le mot de passe",
+    "changePasswordDescription": "Mettre à jour le mot de passe de votre compte",
+    "oldPassword": "Mot de passe actuel",
+    "newPassword": "Nouveau mot de passe",
+    "confirmNewPassword": "Confirmer le nouveau mot de passe",
+    "changePasswordError": "Impossible de changer le mot de passe",
+    "changePasswordErrorDescription": "Une erreur s'est produite lors de la modification de votre mot de passe",
+    "changePasswordSuccess": "Mot de passe modifié avec succès",
+    "changePasswordSuccessDescription": "Votre mot de passe a été mis à jour avec succès",
+    "passwordExpiryRequired": "Expiration du mot de passe requise",
+    "passwordExpiryDescription": "Cette organisation vous demande de changer votre mot de passe tous les {maxDays} jours.",
+    "changePasswordNow": "Changer le mot de passe maintenant",
    "pincodeAuth": "Code d'authentification",
    "pincodeSubmit2": "Soumettre le code",
    "passwordResetSubmit": "Demander la réinitialisation",
@@ -1084,7 +1106,6 @@
    "navbar": "Menu de navigation",
    "navbarDescription": "Menu de navigation principal de l'application",
    "navbarDocsLink": "Documentation",
-    "commercialEdition": "Édition Commerciale",
    "otpErrorEnable": "Impossible d'activer l'A2F",
    "otpErrorEnableDescription": "Une erreur s'est produite lors de l'activation de l'A2F",
    "otpSetupCheckCode": "Veuillez entrer un code à 6 chiffres",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Tous les utilisateurs",
    "sidebarIdentityProviders": "Fournisseurs d'identité",
    "sidebarLicense": "Licence",
-    "sidebarClients": "Clients (Bêta)",
+    "sidebarClients": "Clients",
    "sidebarDomains": "Domaines",
+    "sidebarBluePrints": "Plans",
+    "blueprints": "Plans",
+    "blueprintsDescription": "Les plans sont des configurations YAML déclaratives qui définissent vos ressources et leurs paramètres",
+    "blueprintAdd": "Ajouter un Plan",
+    "blueprintGoBack": "Voir tous les plans",
+    "blueprintCreate": "Créer un Plan",
+    "blueprintCreateDescription2": "Suivez les étapes ci-dessous pour créer et appliquer un nouveau plan",
+    "blueprintDetails": "Détails du Plan",
+    "blueprintDetailsDescription": "Voir les détails de l'exécution des plans",
+    "blueprintInfo": "Informations sur le Plan",
+    "message": "Message",
+    "blueprintContentsDescription": "Définissez le contenu YAML décrivant votre infrastructure",
+    "blueprintErrorCreateDescription": "Une erreur s'est produite lors de l'application du plan",
+    "blueprintErrorCreate": "Erreur lors de la création du plan",
+    "searchBlueprintProgress": "Rechercher des plans...",
+    "appliedAt": "Appliqué à",
+    "source": "Source",
+    "contents": "Contenus",
+    "parsedContents": "Contenu analysé",
    "enableDockerSocket": "Activer le Plan Docker",
    "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin de socket doit être fourni à Newt.",
    "enableDockerSocketLink": "En savoir plus",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Créer un domaine",
    "domainCreatedDescription": "Domaine créé avec succès",
    "domainDeletedDescription": "Domaine supprimé avec succès",
-    "domainQuestionRemove": "Êtes-vous sûr de vouloir supprimer le domaine {domain} de votre compte ?",
+    "domainQuestionRemove": "Êtes-vous sûr de vouloir supprimer le domaine de votre compte ?",
    "domainMessageRemove": "Une fois supprimé, le domaine ne sera plus associé à votre compte.",
-    "domainMessageConfirm": "Pour confirmer, veuillez taper le nom du domaine ci-dessous.",
    "domainConfirmDelete": "Confirmer la suppression du domaine",
    "domainDelete": "Supprimer le domaine",
    "domain": "Domaine",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Niveau gratuit",
    "billingWarningOverLimit": "Attention : Vous avez dépassé une ou plusieurs limites d'utilisation. Vos sites ne se connecteront pas tant que vous n'avez pas modifié votre abonnement ou ajusté votre utilisation.",
    "billingUsageLimitsOverview": "Vue d'ensemble des limites d'utilisation",
-    "billingMonitorUsage": "Surveillez votre consommation par rapport aux limites configurées. Si vous avez besoin d'une augmentation des limites, veuillez nous contacter à support@fossorial.io.",
+    "billingMonitorUsage": "Surveillez votre consommation par rapport aux limites configurées. Si vous avez besoin d'une augmentation des limites, veuillez nous contacter à support@pangolin.net.",
    "billingDataUsage": "Utilisation des données",
    "billingOnlineTime": "Temps en ligne du site",
    "billingUsers": "Utilisateurs actifs",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Un problème est survenu avec votre clé de sécurité. Veuillez réessayer.",
    "twoFactorRequired": "L'authentification à deux facteurs est requise pour enregistrer une clé de sécurité.",
    "twoFactor": "Authentification à deux facteurs",
+    "twoFactorAuthentication": "Authentification à deux facteurs",
+    "twoFactorDescription": "Cette organisation nécessite une authentification à deux facteurs.",
+    "enableTwoFactor": "Activer l'authentification à deux facteurs",
+    "organizationSecurityPolicy": "Politique de sécurité de l'organisation",
+    "organizationSecurityPolicyDescription": "Cette organisation a des exigences de sécurité qui doivent être remplies avant que vous puissiez y accéder",
+    "securityRequirements": "Exigences de sécurité",
+    "allRequirementsMet": "Toutes les conditions ont été remplies",
+    "completeRequirementsToContinue": "Remplissez les conditions ci-dessous pour continuer à accéder à cette organisation",
+    "youCanNowAccessOrganization": "Vous pouvez maintenant accéder à cette organisation",
+    "reauthenticationRequired": "Durée de la session",
+    "reauthenticationDescription": "Cette organisation vous demande de vous connecter tous les {maxDays} jours.",
+    "reauthenticationDescriptionHours": "Cette organisation vous demande de vous connecter toutes les {maxHours} heures.",
+    "reauthenticateNow": "Reconnectez-vous",
    "adminEnabled2FaOnYourAccount": "Votre administrateur a activé l'authentification à deux facteurs pour {email}. Veuillez terminer le processus d'installation pour continuer.",
-    "continueToApplication": "Continuer vers l'application",
    "securityKeyAdd": "Ajouter une clé de sécurité",
    "securityKeyRegisterTitle": "Enregistrer une nouvelle clé de sécurité",
    "securityKeyRegisterDescription": "Connectez votre clé de sécurité et saisissez un nom pour l'identifier",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Proxy externe activé",
    "addNewTarget": "Ajouter une nouvelle cible",
    "targetsList": "Liste des cibles",
+    "advancedMode": "Mode Avancé",
    "targetErrorDuplicateTargetFound": "Cible en double trouvée",
    "healthCheckHealthy": "Sain",
    "healthCheckUnhealthy": "En mauvaise santé",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Erreur de connexion automatique",
    "autoLoginErrorNoRedirectUrl": "Aucune URL de redirection reçue du fournisseur d'identité.",
    "autoLoginErrorGeneratingUrl": "Échec de la génération de l'URL d'authentification.",
-    "remoteExitNodeManageRemoteExitNodes": "Gérer auto-hébergé",
-    "remoteExitNodeDescription": "Gérer les nœuds pour étendre votre connectivité réseau",
+    "remoteExitNodeManageRemoteExitNodes": "Nœuds distants",
+    "remoteExitNodeDescription": "Héberger un ou plusieurs nœuds distants pour étendre votre connectivité réseau et réduire la dépendance sur le cloud",
    "remoteExitNodes": "Nœuds",
    "searchRemoteExitNodes": "Rechercher des nœuds...",
    "remoteExitNodeAdd": "Ajouter un noeud",
    "remoteExitNodeErrorDelete": "Erreur lors de la suppression du noeud",
-    "remoteExitNodeQuestionRemove": "Êtes-vous sûr de vouloir supprimer le noeud {selectedNode} de l'organisation ?",
+    "remoteExitNodeQuestionRemove": "Êtes-vous sûr de vouloir supprimer le noeud de l'organisation ?",
    "remoteExitNodeMessageRemove": "Une fois supprimé, le noeud ne sera plus accessible.",
-    "remoteExitNodeMessageConfirm": "Pour confirmer, veuillez saisir le nom du noeud ci-dessous.",
    "remoteExitNodeConfirmDelete": "Confirmer la suppression du noeud",
    "remoteExitNodeDelete": "Supprimer le noeud",
-    "sidebarRemoteExitNodes": "Nœuds",
+    "sidebarRemoteExitNodes": "Nœuds distants",
    "remoteExitNodeCreate": {
        "title": "Créer un noeud",
        "description": "Créer un nouveau nœud pour étendre votre connectivité réseau",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Modifier le fichier : docker-compose.yml",
    "emailVerificationRequired": "La vérification de l'e-mail est requise. Veuillez vous reconnecter via {dashboardUrl}/auth/login terminé cette étape. Puis revenez ici.",
    "twoFactorSetupRequired": "La configuration d'authentification à deux facteurs est requise. Veuillez vous reconnecter via {dashboardUrl}/auth/login terminé cette étape. Puis revenez ici.",
+    "additionalSecurityRequired": "Sécurité supplémentaire requise",
+    "organizationRequiresAdditionalSteps": "Cette organisation nécessite des étapes de sécurité supplémentaires avant de pouvoir accéder aux ressources.",
+    "completeTheseSteps": "Compléter ces étapes",
+    "enableTwoFactorAuthentication": "Activer l'authentification à deux facteurs",
+    "completeSecuritySteps": "Compléter les étapes de sécurité",
+    "securitySettings": "Paramètres de sécurité",
+    "securitySettingsDescription": "Configurer les politiques de sécurité de votre organisation",
+    "requireTwoFactorForAllUsers": "Exiger une authentification à deux facteurs pour tous les utilisateurs",
+    "requireTwoFactorDescription": "Lorsque cette option est activée, tous les utilisateurs internes de cette organisation doivent avoir l'authentification à deux facteurs pour accéder à l'organisation.",
+    "requireTwoFactorDisabledDescription": "Cette fonctionnalité nécessite une licence valide (Entreprise) ou un abonnement actif (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Vous devez activer l'authentification à deux facteurs pour votre compte avant de l'appliquer pour tous les utilisateurs",
+    "maxSessionLength": "Longueur maximale de la session",
+    "maxSessionLengthDescription": "Définissez la durée maximale des sessions utilisateur. Après cette période, les utilisateurs devront se ré-authentifier.",
+    "maxSessionLengthDisabledDescription": "Cette fonctionnalité nécessite une licence valide (Entreprise) ou un abonnement actif (SaaS)",
+    "selectSessionLength": "Sélectionnez la durée de la session",
+    "unenforced": "Non appliqué",
+    "1Hour": "1 heure",
+    "3Hours": "3heures",
+    "6Hours": "6 heures",
+    "12Hours": "12 heures",
+    "1DaySession": "1 jour",
+    "3Days": "3 jours",
+    "7Days": "7 jours",
+    "14Days": "14 jours",
+    "30DaysSession": "30 jours",
+    "90DaysSession": "90 jours",
+    "180DaysSession": "180 jours",
+    "passwordExpiryDays": "Expiration du mot de passe",
+    "editPasswordExpiryDescription": "Définissez le nombre de jours avant que les utilisateurs ne soient tenus de changer leur mot de passe.",
+    "selectPasswordExpiry": "Sélectionnez l'expiration du mot de passe",
+    "30Days": "30 jours",
+    "1Day": "1 jour",
+    "60Days": "60 jours",
+    "90Days": "90 jours",
+    "180Days": "180 jours",
+    "1Year": "1 an",
+    "subscriptionBadge": "Abonnement Requis",
+    "securityPolicyChangeWarning": "Avertissement de changement de politique de sécurité",
+    "securityPolicyChangeDescription": "Vous êtes sur le point de modifier les paramètres de la politique de sécurité. Une fois enregistré, vous devrez peut-être vous authentifier à nouveau pour vous conformer à ces mises à jour de règles. Tous les utilisateurs qui ne sont pas conformes devront également se réauthentifier.",
+    "securityPolicyChangeConfirmMessage": "Je confirme",
+    "securityPolicyChangeWarningText": "Cela affectera tous les utilisateurs de l'organisation",
    "authPageErrorUpdateMessage": "Une erreur s'est produite lors de la mise à jour de la page d\u000027authentification",
+    "authPageErrorUpdate": "Impossible de mettre à jour la page d'authentification",
    "authPageUpdated": "Page d\u000027authentification mise à jour avec succès",
    "healthCheckNotAvailable": "Locale",
    "rewritePath": "Réécrire le chemin",
-    "rewritePathDescription": "Réécrivez éventuellement le chemin avant de le transmettre à la cible."
+    "rewritePathDescription": "Réécrivez éventuellement le chemin avant de le transmettre à la cible.",
+    "continueToApplication": "Continuer vers l'application",
+    "checkingInvite": "Vérification de l'invitation",
+    "setResourceHeaderAuth": "Définir l\\'authentification d\\'en-tête de la ressource",
+    "resourceHeaderAuthRemove": "Supprimer l'authentification de l'en-tête",
+    "resourceHeaderAuthRemoveDescription": "Authentification de l'en-tête supprimée avec succès.",
+    "resourceErrorHeaderAuthRemove": "Échec de la suppression de l'authentification de l'en-tête",
+    "resourceErrorHeaderAuthRemoveDescription": "Impossible de supprimer l'authentification de l'en-tête de la ressource.",
+    "resourceHeaderAuthProtectionEnabled": "Authentification de l'en-tête activée",
+    "resourceHeaderAuthProtectionDisabled": "L'authentification de l'en-tête est désactivée",
+    "headerAuthRemove": "Supprimer l'authentification de l'en-tête",
+    "headerAuthAdd": "Ajouter l'authentification de l'en-tête",
+    "resourceErrorHeaderAuthSetup": "Impossible de définir l'authentification de l'en-tête",
+    "resourceErrorHeaderAuthSetupDescription": "Impossible de définir l'authentification de l'en-tête pour la ressource.",
+    "resourceHeaderAuthSetup": "Authentification de l'en-tête définie avec succès",
+    "resourceHeaderAuthSetupDescription": "L'authentification de l'en-tête a été définie avec succès.",
+    "resourceHeaderAuthSetupTitle": "Authentification de l'en-tête",
+    "resourceHeaderAuthSetupTitleDescription": "Définissez les identifiants d'authentification de base (nom d'utilisateur et mot de passe) pour protéger cette ressource avec l'authentification de l'en-tête HTTP. Accédez-y en utilisant le format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Authentification de l'en-tête",
+    "actionSetResourceHeaderAuth": "Authentification de l'en-tête",
+    "enterpriseEdition": "Édition Entreprise",
+    "unlicensed": "Sans licence",
+    "beta": "Bêta",
+    "manageClients": "Gérer les clients",
+    "manageClientsDescription": "Les clients sont des appareils qui peuvent se connecter à vos sites",
+    "licenseTableValidUntil": "Valable jusqu'au",
+    "saasLicenseKeysSettingsTitle": "Licences Entreprise",
+    "saasLicenseKeysSettingsDescription": "Générer et gérer les clés de licence Entreprise pour les instances Pangolin auto-hébergées",
+    "sidebarEnterpriseLicenses": "Licences",
+    "generateLicenseKey": "Générer une clé de licence",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Veuillez entrer une adresse e-mail valide",
+            "useCaseTypeRequired": "Veuillez sélectionner un type de cas d'utilisation",
+            "firstNameRequired": "Le prénom est requis",
+            "lastNameRequired": "Le nom est requis",
+            "primaryUseRequired": "Veuillez décrire votre utilisation principale",
+            "jobTitleRequiredBusiness": "Le titre du poste est requis pour un usage professionnel",
+            "industryRequiredBusiness": "L'industrie est requise pour une utilisation commerciale",
+            "stateProvinceRegionRequired": "État/Province/Région est obligatoire",
+            "postalZipCodeRequired": "Le code postal est requis",
+            "companyNameRequiredBusiness": "Le nom de la société est requis pour une utilisation commerciale",
+            "countryOfResidenceRequiredBusiness": "Le pays de résidence est requis pour un usage professionnel",
+            "countryRequiredPersonal": "Le pays est requis pour un usage personnel",
+            "agreeToTermsRequired": "Vous devez accepter les conditions",
+            "complianceConfirmationRequired": "Vous devez confirmer le respect de la licence commerciale Fossorial"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Utilisation personnelle",
+                "description": "Pour une utilisation individuelle et non commerciale telle que l'apprentissage, les projets personnels ou l'expérimentation."
+            },
+            "business": {
+                "title": "Utilisation de l'entreprise",
+                "description": "Pour utilisation au sein d’organisations, d’entreprises ou d’activités commerciales ou génératrices de revenus."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & Type de licence",
+                "description": "Entrez votre adresse e-mail et choisissez votre type de licence"
+            },
+            "personalInformation": {
+                "title": "Informations personnelles",
+                "description": "Parlez-nous de vous-même"
+            },
+            "contactInformation": {
+                "title": "Coordonnées",
+                "description": "Vos coordonnées"
+            },
+            "termsGenerate": {
+                "title": "Termes & Générer",
+                "description": "Examinez et acceptez les conditions pour générer votre licence"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Divulgation d'utilisation",
+                "description": "Sélectionnez le niveau de licence qui correspond exactement à votre utilisation prévue. La Licence Personnelle autorise l'utilisation libre du Logiciel pour des activités commerciales individuelles, non commerciales ou à petite échelle avec un revenu annuel brut inférieur à 100 000 USD. Toute utilisation au-delà de ces limites — y compris l'utilisation au sein d'une entreprise, d'une organisation, ou tout autre environnement générateur de revenus — nécessite une licence d’entreprise valide et le paiement des droits de licence applicables. Tous les utilisateurs, qu'ils soient personnels ou d'entreprise, doivent se conformer aux conditions de licence commerciale Fossorial."
+            },
+            "trialPeriodInformation": {
+                "title": "Informations sur la période d'essai",
+                "description": "Cette clé de licence permet aux entreprises de bénéficier de fonctionnalités pour une période d'évaluation de 7 jours. L'accès continu aux fonctionnalités payantes au-delà de la période d'évaluation nécessite une activation sous une licence personnelle ou d'entreprise valide. Pour une licence d'entreprise, contactez sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Utilisez-vous Pangolin à des fins personnelles ou professionnelles?",
+            "firstName": "Prénom",
+            "lastName": "Nom de famille",
+            "jobTitle": "Titre du poste",
+            "primaryUseQuestion": "À quoi comptez-vous avant tout utiliser le Pangolin ?",
+            "industryQuestion": "Quelle est votre industrie?",
+            "prospectiveUsersQuestion": "Combien d'utilisateurs vous attendez-vous à avoir ?",
+            "prospectiveSitesQuestion": "Combien de sites potentiels (tunnels) voulez-vous avoir?",
+            "companyName": "Nom de la société",
+            "countryOfResidence": "Pays de résidence",
+            "stateProvinceRegion": "Etat / Province / Région",
+            "postalZipCode": "Code postal / ZIP",
+            "companyWebsite": "Site web de l'entreprise",
+            "companyPhoneNumber": "Numéro de téléphone de la société",
+            "country": "Pays",
+            "phoneNumberOptional": "Numéro de téléphone (facultatif)",
+            "complianceConfirmation": "Je confirme que les renseignements que j'ai fournis sont exacts et que je suis en conformité avec la licence commerciale Fossorial. Signaler des informations inexactes ou une mauvaise identification de l'utilisation du produit constitue une violation de la licence et peut entraîner la révocation de votre clé."
+        },
+        "buttons": {
+            "close": "Fermer",
+            "previous": "Précédent",
+            "next": "Suivant",
+            "generateLicenseKey": "Générer une clé de licence"
+        },
+        "toasts": {
+            "success": {
+                "title": "Clé de licence générée avec succès",
+                "description": "Votre clé de licence a été générée et est prête à l'emploi."
+            },
+            "error": {
+                "title": "Impossible de générer la clé de licence",
+                "description": "Une erreur s'est produite lors de la génération de la clé de licence."
+            }
+        }
+    },
+    "priority": "Priorité",
+    "priorityDescription": "Les routes de haute priorité sont évaluées en premier. La priorité = 100 signifie l'ordre automatique (décision du système). Utilisez un autre nombre pour imposer la priorité manuelle.",
+    "instanceName": "Nom de l'instance",
+    "pathMatchModalTitle": "Configurer le chemin correspondant",
+    "pathMatchModalDescription": "Définissez comment les requêtes entrantes doivent être trouvées en fonction de leur chemin.",
+    "pathMatchType": "Type de correspondance",
+    "pathMatchPrefix": "Préfixe",
+    "pathMatchExact": "Exactement",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Valeur du chemin",
+    "clear": "Nettoyer",
+    "saveChanges": "Enregistrer les modifications",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/chemin d'accès",
+    "pathMatchPrefixHelp": "Exemple: /api correspond à /api, /api/users, etc.",
+    "pathMatchExactHelp": "Exemple: /api ne correspond qu'à /api",
+    "pathMatchRegexHelp": "Exemple: ^/api/.* correspond à /api/anything",
+    "pathRewriteModalTitle": "Configurer la réécriture du chemin",
+    "pathRewriteModalDescription": "Transformez le chemin correspondant avant de l'envoyer à la cible.",
+    "pathRewriteType": "Type de réécriture",
+    "pathRewritePrefixOption": "Préfixe - Remplacer le préfixe",
+    "pathRewriteExactOption": "Exactement - Remplacer le chemin entier",
+    "pathRewriteRegexOption": "Regex - Remplacement de patron",
+    "pathRewriteStripPrefixOption": "Retirer le préfixe - Supprimer le préfixe",
+    "pathRewriteValue": "Réécrire la valeur",
+    "pathRewriteRegexPlaceholder": "/fr/new/$1",
+    "pathRewriteDefaultPlaceholder": "/fr/new-path",
+    "pathRewritePrefixHelp": "Remplacer le préfixe correspondant par cette valeur",
+    "pathRewriteExactHelp": "Remplacer le chemin entier par cette valeur lorsque le chemin correspond exactement",
+    "pathRewriteRegexHelp": "Utiliser des groupes de capture comme $1, $2 pour le remplacement",
+    "pathRewriteStripPrefixHelp": "Laisser vide pour supprimer le préfixe ou fournir un nouveau préfixe",
+    "pathRewritePrefix": "Préfixe",
+    "pathRewriteExact": "Exactement",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Retirer",
+    "pathRewriteStripLabel": "bande",
+    "sidebarEnableEnterpriseLicense": "Activer la licence Entreprise",
+    "cannotbeUndone": "Cela ne peut pas être annulé.",
+    "toConfirm": "pour confirmer",
+    "deleteClientQuestion": "Êtes-vous sûr de vouloir supprimer le client du site et de l'organisation ?",
+    "clientMessageRemove": "Une fois supprimé, le client ne pourra plus se connecter au site.",
+    "sidebarLogs": "Journaux",
+    "request": "Demander",
+    "logs": "Journaux",
+    "logsSettingsDescription": "Surveiller les logs collectés à partir de cette organisation",
+    "searchLogs": "Rechercher dans les journaux...",
+    "action": "Action",
+    "actor": "Acteur",
+    "timestamp": "Horodatage",
+    "accessLogs": "Journaux d'accès",
+    "exportCsv": "Exporter CSV",
+    "actorId": "ID de l'acteur",
+    "allowedByRule": "Autorisé par la règle",
+    "allowedNoAuth": "Aucune authentification autorisée",
+    "validAccessToken": "Jeton d'accès valide",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Mot de passe valide",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Ressource bloquée",
+    "droppedByRule": "Abandonné par la règle",
+    "noSessions": "Aucune session",
+    "temporaryRequestToken": "Jeton de requête temporaire",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Raison",
+    "requestLogs": "Journal des requêtes",
+    "host": "Hôte",
+    "location": "Localisation",
+    "actionLogs": "Journaux des actions",
+    "sidebarLogsRequest": "Journal des requêtes",
+    "sidebarLogsAccess": "Journaux d'accès",
+    "sidebarLogsAction": "Journaux des actions",
+    "logRetention": "Journaliser la rétention",
+    "logRetentionDescription": "Gérer la durée de conservation des différents types de logs pour cette organisation ou les désactiver",
+    "requestLogsDescription": "Voir les journaux détaillés des requêtes pour les ressources de cette organisation",
+    "logRetentionRequestLabel": "Demander la rétention des journaux",
+    "logRetentionRequestDescription": "Durée de conservation des journaux de requêtes",
+    "logRetentionAccessLabel": "Rétention du journal d'accès",
+    "logRetentionAccessDescription": "Durée de conservation des journaux d'accès",
+    "logRetentionActionLabel": "Retention du journal des actions",
+    "logRetentionActionDescription": "Durée de conservation du journal des actions",
+    "logRetentionDisabled": "Désactivé",
+    "logRetention3Days": "3 jours",
+    "logRetention7Days": "7 jours",
+    "logRetention14Days": "14 jours",
+    "logRetention30Days": "30 jours",
+    "logRetention90Days": "90 jours",
+    "logRetentionForever": "Pour toujours",
+    "actionLogsDescription": "Voir l'historique des actions effectuées dans cette organisation",
+    "accessLogsDescription": "Voir les demandes d'authentification d'accès aux ressources de cette organisation",
+    "licenseRequiredToUse": "Une licence Entreprise est nécessaire pour utiliser cette fonctionnalité.",
+    "certResolver": "Résolveur de certificat",
+    "certResolverDescription": "Sélectionnez le solveur de certificat à utiliser pour cette ressource.",
+    "selectCertResolver": "Sélectionnez le résolveur de certificat",
+    "enterCustomResolver": "Entrez le résolveur personnalisé",
+    "preferWildcardCert": "Préférez le certificat Wildcard",
+    "unverified": "Non vérifié",
+    "domainSetting": "Paramètres de domaine",
+    "domainSettingDescription": "Configurer les paramètres de votre domaine",
+    "preferWildcardCertDescription": "Tentative de génération d'un certificat générique (nécessite un résolveur de certificat correctement configuré).",
+    "recordName": "Nom de l'enregistrement",
+    "auto": "Automatique",
+    "TTL": "TTC",
+    "howToAddRecords": "Comment ajouter des enregistrements",
+    "dnsRecord": "Enregistrements DNS",
+    "required": "Requis",
+    "domainSettingsUpdated": "Paramètres de domaine mis à jour avec succès",
+    "orgOrDomainIdMissing": "L'organisation ou l'identifiant de domaine est manquant",
+    "loadingDNSRecords": "Chargement des enregistrements DNS...",
+    "olmUpdateAvailableInfo": "Une version mise à jour de Olm est disponible. Veuillez mettre à jour vers la dernière version pour la meilleure expérience.",
+    "client": "Client",
+    "proxyProtocol": "Paramètres du protocole proxy",
+    "proxyProtocolDescription": "Configurer le protocole Proxy pour préserver les adresses IP du client pour les services TCP/UDP.",
+    "enableProxyProtocol": "Activer le protocole Proxy",
+    "proxyProtocolInfo": "Conserver les adresses IP du client pour les backends TCP/UDP",
+    "proxyProtocolVersion": "Version du protocole proxy",
+    "version1": " Version 1 (Recommandé)",
+    "version2": "Version 2",
+    "versionDescription": "La version 1 est basée sur du texte et est largement supportée. La version 2 est binaire et plus efficace mais moins compatible.",
+    "warning": "Avertissement",
+    "proxyProtocolWarning": "Votre application backend doit être configurée pour accepter les connexions Proxy Protocol. Si votre backend ne prend pas en charge le protocole Proxy, activer ceci va casser toutes les connexions. Assurez-vous de configurer votre backend pour faire confiance aux en-têtes du protocole Proxy de Traefik.",
+    "restarting": "Redémarrage...",
+    "manual": "Manuelle",
+    "messageSupport": "Soutien aux messages",
+    "supportNotAvailableTitle": "Support non disponible",
+    "supportNotAvailableDescription": "L'assistance n'est pas disponible pour le moment. Vous pouvez envoyer un e-mail à support@pangolin.net.",
+    "supportRequestSentTitle": "Demande de support envoyée",
+    "supportRequestSentDescription": "Votre message a été envoyé avec succès.",
+    "supportRequestFailedTitle": "Échec de l'envoi de la demande",
+    "supportRequestFailedDescription": "Une erreur s'est produite lors de l'envoi de votre demande d'assistance.",
+    "supportSubjectRequired": "Le sujet est requis",
+    "supportSubjectMaxLength": "Le sujet doit être de 255 caractères ou moins",
+    "supportMessageRequired": "Le message est requis",
+    "supportReplyTo": "Répondre à",
+    "supportSubject": "Sujet",
+    "supportSubjectPlaceholder": "Entrez le sujet",
+    "supportMessage": "Message",
+    "supportMessagePlaceholder": "Entrez votre message",
+    "supportSending": "Envoi...",
+    "supportSend": "Envoyer",
+    "supportMessageSent": "Message envoyé !",
+    "supportWillContact": "Nous vous contacterons sous peu!"
 }
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -47,9 +47,8 @@
    "edit": "Modifica",
    "siteConfirmDelete": "Conferma Eliminazione Sito",
    "siteDelete": "Elimina Sito",
-    "siteMessageRemove": "Una volta rimosso, il sito non sarà più accessibile. Anche tutte le risorse e gli obiettivi associati al sito saranno rimossi.",
-    "siteMessageConfirm": "Per confermare, digita il nome del sito qui sotto.",
-    "siteQuestionRemove": "Sei sicuro di voler rimuovere il sito {selectedSite} dall'organizzazione?",
+    "siteMessageRemove": "Una volta rimosso il sito non sarà più accessibile. Tutti gli obiettivi associati al sito verranno rimossi.",
+    "siteQuestionRemove": "Sei sicuro di voler rimuovere il sito dall'organizzazione?",
    "siteManageSites": "Gestisci Siti",
    "siteDescription": "Consenti la connettività alla rete attraverso tunnel sicuri",
    "siteCreate": "Crea Sito",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta.",
    "siteWgDescriptionSaas": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta. FUNZIONA SOLO SU NODI AUTO-OSPITATI",
    "siteLocalDescription": "Solo risorse locali. Nessun tunneling.",
-    "siteLocalDescriptionSaas": "Solo risorse locali. Nessun tunneling. FUNZIONA SOLO SU NODI AUTO-OSPITATI",
+    "siteLocalDescriptionSaas": "Solo risorse locali. Nessun tunneling. Disponibile solo su nodi remoti.",
    "siteSeeAll": "Vedi Tutti I Siti",
    "siteTunnelDescription": "Determina come vuoi connetterti al tuo sito",
    "siteNewtCredentials": "Credenziali Newt",
@@ -154,8 +153,7 @@
    "protected": "Protetto",
    "notProtected": "Non Protetto",
    "resourceMessageRemove": "Una volta rimossa, la risorsa non sarà più accessibile. Tutti gli obiettivi associati alla risorsa saranno rimossi.",
-    "resourceMessageConfirm": "Per confermare, digita il nome della risorsa qui sotto.",
-    "resourceQuestionRemove": "Sei sicuro di voler rimuovere la risorsa {selectedResource} dall'organizzazione?",
+    "resourceQuestionRemove": "Sei sicuro di voler rimuovere la risorsa dall'organizzazione?",
    "resourceHTTP": "Risorsa HTTPS",
    "resourceHTTPDescription": "Richieste proxy alla tua app tramite HTTPS utilizzando un sottodominio o un dominio di base.",
    "resourceRaw": "Risorsa Raw TCP/UDP",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Conferma Elimina Organizzazione",
    "orgMessageRemove": "Questa azione è irreversibile e cancellerà tutti i dati associati.",
    "orgMessageConfirm": "Per confermare, digita il nome dell'organizzazione qui sotto.",
-    "orgQuestionRemove": "Sei sicuro di voler rimuovere l'organizzazione {selectedOrg}?",
+    "orgQuestionRemove": "Sei sicuro di voler rimuovere l'organizzazione?",
    "orgUpdated": "Organizzazione aggiornata",
    "orgUpdatedDescription": "L'organizzazione è stata aggiornata.",
    "orgErrorUpdate": "Impossibile aggiornare l'organizzazione",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Genera Chiave API",
    "apiKeysErrorDelete": "Errore nell'eliminazione della chiave API",
    "apiKeysErrorDeleteMessage": "Errore nell'eliminazione della chiave API",
-    "apiKeysQuestionRemove": "Sei sicuro di voler rimuovere la chiave API {selectedApiKey} dall'organizzazione?",
+    "apiKeysQuestionRemove": "Sei sicuro di voler rimuovere la chiave API dall'organizzazione?",
    "apiKeysMessageRemove": "Una volta rimossa, la chiave API non potrà più essere utilizzata.",
-    "apiKeysMessageConfirm": "Per confermare, digita il nome della chiave API qui sotto.",
    "apiKeysDeleteConfirm": "Conferma Eliminazione Chiave API",
    "apiKeysDelete": "Elimina Chiave API",
    "apiKeysManage": "Gestisci Chiavi API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Conferma Eliminazione Utente",
    "userDeleteServer": "Elimina utente dal server",
    "userMessageRemove": "L'utente verrà rimosso da tutte le organizzazioni ed essere completamente rimosso dal server.",
-    "userMessageConfirm": "Per confermare, digita il nome dell'utente qui sotto.",
-    "userQuestionRemove": "Sei sicuro di voler eliminare definitivamente {selectedUser} dal server?",
+    "userQuestionRemove": "Sei sicuro di voler eliminare definitivamente l'utente dal server?",
    "licenseKey": "Chiave Di Licenza",
    "valid": "Valido",
    "numberOfSites": "Numero di siti",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Visualizza I Termini Di Licenza Commerciale Fossorial E Abbonamento",
    "licenseMessageRemove": "Questo rimuoverà la chiave di licenza e tutti i permessi associati da essa concessi.",
    "licenseMessageConfirm": "Per confermare, digitare la chiave di licenza qui sotto.",
-    "licenseQuestionRemove": "Sei sicuro di voler eliminare la chiave di licenza {selectedKey}?",
+    "licenseQuestionRemove": "Sei sicuro di voler eliminare la chiave di licenza?",
    "licenseKeyDelete": "Elimina Chiave Di Licenza",
    "licenseKeyDeleteConfirm": "Conferma Elimina Chiave Di Licenza",
    "licenseTitle": "Gestisci Stato Licenza",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Si è verificato un errore durante la rimozione dell'invito.",
    "inviteRemoved": "Invito rimosso",
    "inviteRemovedDescription": "L'invito per {email} è stato rimosso.",
-    "inviteQuestionRemove": "Sei sicuro di voler rimuovere l'invito {email}?",
+    "inviteQuestionRemove": "Sei sicuro di voler rimuovere l'invito?",
    "inviteMessageRemove": "Una volta rimosso, questo invito non sarà più valido. Puoi sempre reinvitare l'utente in seguito.",
    "inviteMessageConfirm": "Per confermare, digita l'indirizzo email dell'invito qui sotto.",
    "inviteQuestionRegenerate": "Sei sicuro di voler rigenerare l'invito {email}? Questo revocherà l'invito precedente.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Si è verificato un errore durante la rimozione dell'utente.",
    "userOrgRemoved": "Utente rimosso",
    "userOrgRemovedDescription": "L'utente {email} è stato rimosso dall'organizzazione.",
-    "userQuestionOrgRemove": "Sei sicuro di voler rimuovere {email} dall'organizzazione?",
+    "userQuestionOrgRemove": "Sei sicuro di voler rimuovere questo utente dall'organizzazione?",
    "userMessageOrgRemove": "Una volta rimosso, questo utente non avrà più accesso all'organizzazione. Puoi sempre reinvitarlo in seguito, ma dovrà accettare nuovamente l'invito.",
-    "userMessageOrgConfirm": "Per confermare, digita il nome dell'utente qui sotto.",
    "userRemoveOrgConfirm": "Conferma Rimozione Utente",
    "userRemoveOrg": "Rimuovi Utente dall'Organizzazione",
    "users": "Utenti",
@@ -468,7 +463,10 @@
    "createdAt": "Creato Il",
    "proxyErrorInvalidHeader": "Valore dell'intestazione Host personalizzata non valido. Usa il formato nome dominio o salva vuoto per rimuovere l'intestazione Host personalizzata.",
    "proxyErrorTls": "Nome Server TLS non valido. Usa il formato nome dominio o salva vuoto per rimuovere il Nome Server TLS.",
-    "proxyEnableSSL": "Abilita SSL (https)",
+    "proxyEnableSSL": "Abilita SSL",
+    "proxyEnableSSLDescription": "Abilita la crittografia SSL/TLS per connessioni HTTPS sicure ai tuoi obiettivi.",
+    "target": "Target",
+    "configureTarget": "Configura Obiettivi",
    "targetErrorFetch": "Impossibile recuperare i target",
    "targetErrorFetchDescription": "Si è verificato un errore durante il recupero dei target",
    "siteErrorFetch": "Impossibile recuperare la risorsa",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Configurazione Connessione Sicura",
    "targetTlsSettingsDescription": "Configura le impostazioni SSL/TLS per la tua risorsa",
    "targetTlsSettingsAdvanced": "Impostazioni TLS Avanzate",
-    "targetTlsSni": "Nome Server TLS (SNI)",
+    "targetTlsSni": "Nome Server Tls",
    "targetTlsSniDescription": "Il Nome Server TLS da usare per SNI. Lascia vuoto per usare quello predefinito.",
    "targetTlsSubmit": "Salva Impostazioni",
    "targets": "Configurazione Target",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Mantieni le connessioni sullo stesso target backend per l'intera sessione.",
    "methodSelect": "Seleziona metodo",
    "targetSubmit": "Aggiungi Target",
-    "targetNoOne": "Nessun target. Aggiungi un target usando il modulo.",
+    "targetNoOne": "Questa risorsa non ha bersagli. Aggiungi un obiettivo per configurare dove inviare le richieste al tuo backend.",
    "targetNoOneDescription": "L'aggiunta di più di un target abiliterà il bilanciamento del carico.",
    "targetsSubmit": "Salva Target",
+    "addTarget": "Aggiungi Target",
+    "targetErrorInvalidIp": "Indirizzo IP non valido",
+    "targetErrorInvalidIpDescription": "Inserisci un indirizzo IP o un hostname valido",
+    "targetErrorInvalidPort": "Porta non valida",
+    "targetErrorInvalidPortDescription": "Inserisci un numero di porta valido",
+    "targetErrorNoSite": "Nessun sito selezionato",
+    "targetErrorNoSiteDescription": "Si prega di selezionare un sito per l'obiettivo",
+    "targetCreated": "Destinazione creata",
+    "targetCreatedDescription": "L'obiettivo è stato creato con successo",
+    "targetErrorCreate": "Impossibile creare l'obiettivo",
+    "targetErrorCreateDescription": "Si è verificato un errore durante la creazione del target",
+    "save": "Salva",
    "proxyAdditional": "Impostazioni Proxy Aggiuntive",
    "proxyAdditionalDescription": "Configura come la tua risorsa gestisce le impostazioni proxy",
    "proxyCustomHeader": "Intestazione Host Personalizzata",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Server Admin - Pangolina",
    "licenseTierProfessional": "Licenza Professional",
    "licenseTierEnterprise": "Licenza Enterprise",
-    "licenseTierCommercial": "Licenza Commerciale",
+    "licenseTierPersonal": "Licenza Personale",
    "licensed": "Con Licenza",
    "yes": "Sì",
    "no": "No",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Visualizza e gestisci i provider di identità nel sistema",
    "idpDeletedDescription": "Provider di identità eliminato con successo",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Sei sicuro di voler eliminare definitivamente il provider di identità {name}?",
+    "idpQuestionRemove": "Sei sicuro di voler eliminare definitivamente il provider di identità?",
    "idpMessageRemove": "Questo rimuoverà il provider di identità e tutte le configurazioni associate. Gli utenti che si autenticano tramite questo provider non potranno più accedere.",
    "idpMessageConfirm": "Per confermare, digita il nome del provider di identità qui sotto.",
    "idpConfirmDelete": "Conferma Eliminazione Provider di Identità",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Un nome visualizzato per questo provider di identità",
    "idpAutoProvisionUsers": "Provisioning Automatico Utenti",
    "idpAutoProvisionUsersDescription": "Quando abilitato, gli utenti verranno creati automaticamente nel sistema al primo accesso con la possibilità di mappare gli utenti a ruoli e organizzazioni.",
-    "licenseBadge": "Professionista",
+    "licenseBadge": "EE",
    "idpType": "Tipo di Provider",
    "idpTypeDescription": "Seleziona il tipo di provider di identità che desideri configurare",
    "idpOidcConfigure": "Configurazione OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Controlla la tua email per il codice di reset.",
    "passwordNew": "Nuova Password",
    "passwordNewConfirm": "Conferma Nuova Password",
+    "changePassword": "Cambia Password",
+    "changePasswordDescription": "Aggiorna la password del tuo account",
+    "oldPassword": "Password Attuale",
+    "newPassword": "Nuova Password",
+    "confirmNewPassword": "Conferma Nuova Password",
+    "changePasswordError": "Impossibile cambiare la password",
+    "changePasswordErrorDescription": "Si è verificato un errore durante la modifica della password",
+    "changePasswordSuccess": "Password Cambiata Con Successo",
+    "changePasswordSuccessDescription": "La password è stata aggiornata con successo",
+    "passwordExpiryRequired": "Scadenza Password Richiesta",
+    "passwordExpiryDescription": "Questa organizzazione richiede di cambiare la password ogni {maxDays} giorni.",
+    "changePasswordNow": "Cambia Password Ora",
    "pincodeAuth": "Codice Autenticatore",
    "pincodeSubmit2": "Invia Codice",
    "passwordResetSubmit": "Richiedi Reset",
@@ -1084,7 +1106,6 @@
    "navbar": "Menu di Navigazione",
    "navbarDescription": "Menu di navigazione principale dell'applicazione",
    "navbarDocsLink": "Documentazione",
-    "commercialEdition": "Edizione Commerciale",
    "otpErrorEnable": "Impossibile abilitare 2FA",
    "otpErrorEnableDescription": "Si è verificato un errore durante l'abilitazione di 2FA",
    "otpSetupCheckCode": "Inserisci un codice a 6 cifre",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Tutti Gli Utenti",
    "sidebarIdentityProviders": "Fornitori Di Identità",
    "sidebarLicense": "Licenza",
-    "sidebarClients": "Clienti (Beta)",
+    "sidebarClients": "Client",
    "sidebarDomains": "Domini",
+    "sidebarBluePrints": "Progetti",
+    "blueprints": "Progetti",
+    "blueprintsDescription": "I progetti sono configurazioni YAML dichiarative che definiscono le tue risorse e le loro impostazioni",
+    "blueprintAdd": "Aggiungi Progetto",
+    "blueprintGoBack": "Vedi tutti i progetti",
+    "blueprintCreate": "Crea Progetto",
+    "blueprintCreateDescription2": "Segui i passaggi qui sotto per creare e applicare un nuovo progetto",
+    "blueprintDetails": "Dettagli progetto",
+    "blueprintDetailsDescription": "Vedi i dettagli dell'esecuzione del progetto",
+    "blueprintInfo": "Informazioni Sul Progetto",
+    "message": "Messaggio",
+    "blueprintContentsDescription": "Definisci il contenuto di YAML che descrive la tua infrastruttura",
+    "blueprintErrorCreateDescription": "Si è verificato un errore durante l'applicazione del progetto",
+    "blueprintErrorCreate": "Errore nella creazione del progetto",
+    "searchBlueprintProgress": "Cerca progetti...",
+    "appliedAt": "Applicato Il",
+    "source": "Fonte",
+    "contents": "Contenuti",
+    "parsedContents": "Sommario Analizzato",
    "enableDockerSocket": "Abilita Progetto Docker",
    "enableDockerSocketDescription": "Abilita la raschiatura dell'etichetta Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito a Newt.",
    "enableDockerSocketLink": "Scopri di più",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Crea Dominio",
    "domainCreatedDescription": "Dominio creato con successo",
    "domainDeletedDescription": "Dominio eliminato con successo",
-    "domainQuestionRemove": "Sei sicuro di voler rimuovere il dominio {domain} dal tuo account?",
+    "domainQuestionRemove": "Sei sicuro di voler rimuovere il dominio dal tuo account?",
    "domainMessageRemove": "Una volta rimosso, il dominio non sarà più associato al tuo account.",
-    "domainMessageConfirm": "Per confermare, digita il nome del dominio qui sotto.",
    "domainConfirmDelete": "Conferma Eliminazione Dominio",
    "domainDelete": "Elimina Dominio",
    "domain": "Dominio",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Piano Gratuito",
    "billingWarningOverLimit": "Avviso: Hai superato uno o più limiti di utilizzo. I tuoi siti non si connetteranno finché non modifichi il tuo abbonamento o non adegui il tuo utilizzo.",
    "billingUsageLimitsOverview": "Panoramica dei Limiti di Utilizzo",
-    "billingMonitorUsage": "Monitora il tuo utilizzo rispetto ai limiti configurati. Se hai bisogno di aumentare i limiti, contattaci all'indirizzo support@fossorial.io.",
+    "billingMonitorUsage": "Monitora il tuo utilizzo rispetto ai limiti configurati. Se hai bisogno di aumentare i limiti, contattaci all'indirizzo support@pangolin.net.",
    "billingDataUsage": "Utilizzo dei Dati",
    "billingOnlineTime": "Tempo Online del Sito",
    "billingUsers": "Utenti Attivi",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Si è verificato un problema con la tua chiave di sicurezza. Riprova.",
    "twoFactorRequired": "È richiesta l'autenticazione a due fattori per registrare una chiave di sicurezza.",
    "twoFactor": "Autenticazione a Due Fattori",
+    "twoFactorAuthentication": "Autenticazione A Due Fattori",
+    "twoFactorDescription": "Questa organizzazione richiede l'autenticazione a due fattori.",
+    "enableTwoFactor": "Abilita Autenticazione A Due Fattori",
+    "organizationSecurityPolicy": "Politica Di Sicurezza Dell'Organizzazione",
+    "organizationSecurityPolicyDescription": "Questa organizzazione ha requisiti di sicurezza che devono essere soddisfatti prima di poter accedere",
+    "securityRequirements": "Requisiti Di Sicurezza",
+    "allRequirementsMet": "Tutti i requisiti sono stati soddisfatti",
+    "completeRequirementsToContinue": "Completa i requisiti qui sotto per continuare ad accedere a questa organizzazione",
+    "youCanNowAccessOrganization": "Ora puoi accedere a questa organizzazione",
+    "reauthenticationRequired": "Durata Sessione",
+    "reauthenticationDescription": "Questa organizzazione richiede di accedere ogni {maxDays} giorni.",
+    "reauthenticationDescriptionHours": "Questa organizzazione richiede di accedere ogni {maxHours} ore.",
+    "reauthenticateNow": "Accedi Di Nuovo",
    "adminEnabled2FaOnYourAccount": "Il tuo amministratore ha abilitato l'autenticazione a due fattori per {email}. Completa il processo di configurazione per continuare.",
-    "continueToApplication": "Continua all'Applicazione",
    "securityKeyAdd": "Aggiungi Chiave di Sicurezza",
    "securityKeyRegisterTitle": "Registra Nuova Chiave di Sicurezza",
    "securityKeyRegisterDescription": "Collega la tua chiave di sicurezza e inserisci un nome per identificarla",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Proxy Esterno Abilitato",
    "addNewTarget": "Aggiungi Nuovo Target",
    "targetsList": "Elenco dei Target",
+    "advancedMode": "Modalità Avanzata",
    "targetErrorDuplicateTargetFound": "Target duplicato trovato",
    "healthCheckHealthy": "Sano",
    "healthCheckUnhealthy": "Non Sano",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Errore di Accesso Automatico",
    "autoLoginErrorNoRedirectUrl": "Nessun URL di reindirizzamento ricevuto dal provider di identità.",
    "autoLoginErrorGeneratingUrl": "Impossibile generare l'URL di autenticazione.",
-    "remoteExitNodeManageRemoteExitNodes": "Gestisci Self-Hosted",
-    "remoteExitNodeDescription": "Gestisci i nodi per estendere la connettività di rete",
+    "remoteExitNodeManageRemoteExitNodes": "Nodi Remoti",
+    "remoteExitNodeDescription": "Self-host uno o più nodi remoti per estendere la connettività di rete e ridurre la dipendenza dal cloud",
    "remoteExitNodes": "Nodi",
    "searchRemoteExitNodes": "Cerca nodi...",
    "remoteExitNodeAdd": "Aggiungi Nodo",
    "remoteExitNodeErrorDelete": "Errore nell'eliminare il nodo",
-    "remoteExitNodeQuestionRemove": "Sei sicuro di voler rimuovere il nodo {selectedNode} dall'organizzazione?",
+    "remoteExitNodeQuestionRemove": "Sei sicuro di voler rimuovere il nodo dall'organizzazione?",
    "remoteExitNodeMessageRemove": "Una volta rimosso, il nodo non sarà più accessibile.",
-    "remoteExitNodeMessageConfirm": "Per confermare, digita il nome del nodo qui sotto.",
    "remoteExitNodeConfirmDelete": "Conferma Eliminazione Nodo",
    "remoteExitNodeDelete": "Elimina Nodo",
-    "sidebarRemoteExitNodes": "Nodi",
+    "sidebarRemoteExitNodes": "Nodi Remoti",
    "remoteExitNodeCreate": {
        "title": "Crea Nodo",
        "description": "Crea un nuovo nodo per estendere la connettività di rete",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Modifica file: docker-compose.yml",
    "emailVerificationRequired": "Verifica via email. Effettua nuovamente il login via {dashboardUrl}/auth/login completa questo passaggio. Quindi, torna qui.",
    "twoFactorSetupRequired": "È richiesta la configurazione di autenticazione a due fattori. Effettua nuovamente l'accesso tramite {dashboardUrl}/auth/login completa questo passaggio. Quindi, torna qui.",
+    "additionalSecurityRequired": "Necessaria Sicurezza Aggiuntiva",
+    "organizationRequiresAdditionalSteps": "Questa organizzazione richiede ulteriori passi di sicurezza prima di poter accedere alle risorse.",
+    "completeTheseSteps": "Completa questi passaggi",
+    "enableTwoFactorAuthentication": "Abilita autenticazione a due fattori",
+    "completeSecuritySteps": "Passi Di Sicurezza Completa",
+    "securitySettings": "Impostazioni Di Sicurezza",
+    "securitySettingsDescription": "Configura i criteri di sicurezza per la tua organizzazione",
+    "requireTwoFactorForAllUsers": "Richiede l'autenticazione a due fattori per tutti gli utenti",
+    "requireTwoFactorDescription": "Se abilitata, tutti gli utenti interni di questa organizzazione devono avere un'autenticazione a due fattori abilitata per accedere all'organizzazione.",
+    "requireTwoFactorDisabledDescription": "Questa funzione richiede una licenza valida (Enterprise) o un abbonamento attivo (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Devi abilitare l'autenticazione a due fattori per il tuo account prima di applicarla per tutti gli utenti",
+    "maxSessionLength": "Lunghezza Massima Della Sessione",
+    "maxSessionLengthDescription": "Imposta la durata massima per le sessioni utente. Dopo questo periodo, gli utenti dovranno autenticarsi.",
+    "maxSessionLengthDisabledDescription": "Questa funzione richiede una licenza valida (Enterprise) o un abbonamento attivo (SaaS)",
+    "selectSessionLength": "Seleziona lunghezza sessione",
+    "unenforced": "Non Applicato",
+    "1Hour": "1 ora",
+    "3Hours": "3 ore",
+    "6Hours": "6 ore",
+    "12Hours": "12 ore",
+    "1DaySession": "1 giorno",
+    "3Days": "3 giorni",
+    "7Days": "7 giorni",
+    "14Days": "14 giorni",
+    "30DaysSession": "30 giorni",
+    "90DaysSession": "90 giorni",
+    "180DaysSession": "180 giorni",
+    "passwordExpiryDays": "Scadenza Password",
+    "editPasswordExpiryDescription": "Imposta il numero di giorni prima che gli utenti debbano cambiare la password.",
+    "selectPasswordExpiry": "Seleziona scadenza password",
+    "30Days": "30 giorni",
+    "1Day": "1 giorno",
+    "60Days": "60 giorni",
+    "90Days": "90 giorni",
+    "180Days": "180 giorni",
+    "1Year": "1 anno",
+    "subscriptionBadge": "Abbonamento Richiesto",
+    "securityPolicyChangeWarning": "Avviso Modifica Politica Di Sicurezza",
+    "securityPolicyChangeDescription": "Si sta per modificare le impostazioni dei criteri di sicurezza. Dopo il salvataggio, potrebbe essere necessario autenticarsi nuovamente per conformarsi a questi aggiornamenti dei criteri. Tutti gli utenti che non sono conformi dovranno anche autenticarsi.",
+    "securityPolicyChangeConfirmMessage": "Confermo",
+    "securityPolicyChangeWarningText": "Questo influenzerà tutti gli utenti dell'organizzazione",
    "authPageErrorUpdateMessage": "Si è verificato un errore durante l'aggiornamento delle impostazioni della pagina di autenticazione",
+    "authPageErrorUpdate": "Impossibile aggiornare la pagina di autenticazione",
    "authPageUpdated": "Pagina di autenticazione aggiornata con successo",
    "healthCheckNotAvailable": "Locale",
    "rewritePath": "Riscrivi percorso",
-    "rewritePathDescription": "Riscrivi eventualmente il percorso prima di inoltrarlo al target."
+    "rewritePathDescription": "Riscrivi eventualmente il percorso prima di inoltrarlo al target.",
+    "continueToApplication": "Continua con l'applicazione",
+    "checkingInvite": "Controllo Invito",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Rimuovi Autenticazione Intestazione",
+    "resourceHeaderAuthRemoveDescription": "Autenticazione intestazione rimossa con successo.",
+    "resourceErrorHeaderAuthRemove": "Impossibile rimuovere l'autenticazione dell'intestazione",
+    "resourceErrorHeaderAuthRemoveDescription": "Impossibile rimuovere l'autenticazione dell'intestazione per la risorsa.",
+    "resourceHeaderAuthProtectionEnabled": "Autenticazione Intestazione Abilitata",
+    "resourceHeaderAuthProtectionDisabled": "Autenticazione Intestazione Disabilitata",
+    "headerAuthRemove": "Rimuovi Autenticazione Intestazione",
+    "headerAuthAdd": "Aggiungi Autenticazione Intestazione",
+    "resourceErrorHeaderAuthSetup": "Impossibile impostare l'autenticazione dell'intestazione",
+    "resourceErrorHeaderAuthSetupDescription": "Impossibile impostare l'autenticazione dell'intestazione per la risorsa.",
+    "resourceHeaderAuthSetup": "Autenticazione intestazione impostata con successo",
+    "resourceHeaderAuthSetupDescription": "L'autenticazione dell'intestazione è stata impostata correttamente.",
+    "resourceHeaderAuthSetupTitle": "Imposta Autenticazione Intestazione",
+    "resourceHeaderAuthSetupTitleDescription": "Imposta le credenziali di autenticazione di base (nome utente e password) per proteggere questa risorsa con Autenticazione intestazione HTTP. Accedi usando il formato https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Imposta Autenticazione Intestazione",
+    "actionSetResourceHeaderAuth": "Imposta Autenticazione Intestazione",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Senza Licenza",
+    "beta": "Beta",
+    "manageClients": "Gestisci Clienti",
+    "manageClientsDescription": "I client sono dispositivi che possono connettersi ai tuoi siti",
+    "licenseTableValidUntil": "Valido Fino A",
+    "saasLicenseKeysSettingsTitle": "Licenze Enterprise",
+    "saasLicenseKeysSettingsDescription": "Genera e gestisci le chiavi di licenza Enterprise per le istanze di Pangolin self-hosted",
+    "sidebarEnterpriseLicenses": "Licenze",
+    "generateLicenseKey": "Genera Chiave Di Licenza",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Inserisci un indirizzo email valido",
+            "useCaseTypeRequired": "Si prega di selezionare un tipo di caso di utilizzo",
+            "firstNameRequired": "Il nome è obbligatorio",
+            "lastNameRequired": "Il cognome è obbligatorio",
+            "primaryUseRequired": "Descrivi il tuo uso primario",
+            "jobTitleRequiredBusiness": "Il titolo di lavoro è richiesto per l'uso aziendale",
+            "industryRequiredBusiness": "L'industria è richiesta per l'uso commerciale",
+            "stateProvinceRegionRequired": "Stato/Provincia/Regione è richiesta",
+            "postalZipCodeRequired": "Codice postale/CAP obbligatorio",
+            "companyNameRequiredBusiness": "Il nome dell'azienda è richiesto per l'uso aziendale",
+            "countryOfResidenceRequiredBusiness": "Paese di residenza è richiesto per uso professionale",
+            "countryRequiredPersonal": "Il paese è richiesto per uso personale",
+            "agreeToTermsRequired": "Devi accettare i termini",
+            "complianceConfirmationRequired": "È necessario confermare la conformità alla licenza commerciale Fossorial"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Uso Personale",
+                "description": "Per uso individuale, non commerciale, come l'apprendimento, progetti personali o sperimentazione."
+            },
+            "business": {
+                "title": "Uso Aziendale",
+                "description": "Da utilizzare all'interno di organizzazioni, aziende o attività commerciali o generatrici di entrate."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & Tipo Di Licenza",
+                "description": "Inserisci la tua email e scegli il tipo di licenza"
+            },
+            "personalInformation": {
+                "title": "Informazioni Personali",
+                "description": "Raccontaci di te"
+            },
+            "contactInformation": {
+                "title": "Informazioni Di Contatto",
+                "description": "I tuoi dati di contatto"
+            },
+            "termsGenerate": {
+                "title": "Termini E Genera",
+                "description": "Controlla e accetta i termini per generare la tua licenza"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Trasparenza Di Utilizzo",
+                "description": "Seleziona il livello di licenza che rispecchia accuratamente il tuo utilizzo previsto. La Licenza Personale consente l'uso gratuito del Software per le attività commerciali individuali, non commerciali o su piccola scala con entrate lorde annue inferiori a $100.000 USD. Qualsiasi uso oltre questi limiti — compreso l'uso all'interno di un'azienda, organizzazione, o altro ambiente generatore di entrate — richiede una licenza Enterprise valida e il pagamento della tassa di licenza applicabile. Tutti gli utenti, siano essi personali o aziendali, devono rispettare i termini di licenza commerciale Fossorial."
+            },
+            "trialPeriodInformation": {
+                "title": "Informazioni Periodo Di Prova",
+                "description": "Questa chiave di licenza abilita le funzionalità Enterprise per un periodo di valutazione di 7 giorni. L'accesso continuo alle funzionalità a pagamento oltre il periodo di valutazione richiede l'attivazione con una licenza personale o Enterprise valida. Per la licenza Enterprise contatta sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Stai usando Pangolin per uso personale o di affari?",
+            "firstName": "Nome",
+            "lastName": "Cognome",
+            "jobTitle": "Titolo Del Lavoro",
+            "primaryUseQuestion": "Per che cosa hai in primo luogo intenzione di usare Pangolin?",
+            "industryQuestion": "Qual è la sua industria?",
+            "prospectiveUsersQuestion": "Quanti potenziali utenti si aspettano di avere?",
+            "prospectiveSitesQuestion": "Quanti siti potenziali (gallerie) ci si aspetta di avere?",
+            "companyName": "Nome della società",
+            "countryOfResidence": "Paese di residenza",
+            "stateProvinceRegion": "Stato / Provincia / Regione",
+            "postalZipCode": "Codice Postale / Zip",
+            "companyWebsite": "Sito web dell'azienda",
+            "companyPhoneNumber": "Numero di telefono dell'azienda",
+            "country": "Paese",
+            "phoneNumberOptional": "Numero di telefono (facoltativo)",
+            "complianceConfirmation": "Confermo che le informazioni che ho fornito sono accurate e che sono in conformità con la Fossorial Commercial License. La segnalazione di informazioni inesatte o l'uso errato del prodotto è una violazione della licenza e può portare alla revoca della chiave."
+        },
+        "buttons": {
+            "close": "Chiudi",
+            "previous": "Precedente",
+            "next": "Successivo",
+            "generateLicenseKey": "Genera Chiave Di Licenza"
+        },
+        "toasts": {
+            "success": {
+                "title": "Chiave di licenza generata con successo",
+                "description": "La chiave di licenza è stata generata ed è pronta per l'uso."
+            },
+            "error": {
+                "title": "Impossibile generare la chiave di licenza",
+                "description": "Si è verificato un errore nella generazione della chiave di licenza."
+            }
+        }
+    },
+    "priority": "Priorità",
+    "priorityDescription": "I percorsi prioritari più alti sono valutati prima. Priorità = 100 significa ordinamento automatico (decidi di sistema). Usa un altro numero per applicare la priorità manuale.",
+    "instanceName": "Nome Istanza",
+    "pathMatchModalTitle": "Configura Corrispondenza Percorso",
+    "pathMatchModalDescription": "Impostare come le richieste in arrivo devono essere abbinate in base al loro percorso.",
+    "pathMatchType": "Tipo di Corrispondenza",
+    "pathMatchPrefix": "Prefisso",
+    "pathMatchExact": "Esatto",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Valore Percorso",
+    "clear": "Pulisci",
+    "saveChanges": "Salva Modifiche",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Esempio: /api corrisponde /api, /api/users etc.",
+    "pathMatchExactHelp": "Esempio: /api corrisponde solo /api",
+    "pathMatchRegexHelp": "Esempio: ^/api/.* corrisponde /api/anything",
+    "pathRewriteModalTitle": "Configura La Riscrittura Percorso",
+    "pathRewriteModalDescription": "Trasforma il percorso corrispondente prima di inoltrarlo al bersaglio.",
+    "pathRewriteType": "Tipo Di Riscrittura",
+    "pathRewritePrefixOption": "Prefisso - Sostituisci prefisso",
+    "pathRewriteExactOption": "Esatto - Sostituisci l'intero percorso",
+    "pathRewriteRegexOption": "Regex - Sostituzione modello",
+    "pathRewriteStripPrefixOption": "Prefisso striscia - Rimuovi prefisso",
+    "pathRewriteValue": "Riscrittura Valore",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/nuovo-percorso",
+    "pathRewritePrefixHelp": "Sostituisci il prefisso abbinato con questo valore",
+    "pathRewriteExactHelp": "Sostituisci l'intero percorso con questo valore quando il percorso corrisponde esattamente",
+    "pathRewriteRegexHelp": "Usa gruppi di acquisizione come $1, $2 per la sostituzione",
+    "pathRewriteStripPrefixHelp": "Lasciare vuoto per strisciare il prefisso o fornire un nuovo prefisso",
+    "pathRewritePrefix": "Prefisso",
+    "pathRewriteExact": "Esatto",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Striscia",
+    "pathRewriteStripLabel": "striscia",
+    "sidebarEnableEnterpriseLicense": "Abilita Licenza Enterprise",
+    "cannotbeUndone": "Questo non può essere annullato.",
+    "toConfirm": "per confermare",
+    "deleteClientQuestion": "Sei sicuro di voler rimuovere il client dal sito e dall'organizzazione?",
+    "clientMessageRemove": "Una volta rimosso, il client non sarà più in grado di connettersi al sito.",
+    "sidebarLogs": "Registri",
+    "request": "Richiesta",
+    "logs": "Registri",
+    "logsSettingsDescription": "Monitora i registri raccolti da questa orginizzazione",
+    "searchLogs": "Cerca registro...",
+    "action": "Azione",
+    "actor": "Attore",
+    "timestamp": "Timestamp",
+    "accessLogs": "Log Accesso",
+    "exportCsv": "Esporta CSV",
+    "actorId": "Id Attore",
+    "allowedByRule": "Consentito dalla regola",
+    "allowedNoAuth": "Non Consentito Auth",
+    "validAccessToken": "Token Di Accesso Valido",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Password Valida",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Risorsa Bloccata",
+    "droppedByRule": "Eliminato dalla regola",
+    "noSessions": "Nessuna Sessione",
+    "temporaryRequestToken": "Token Di Richiesta Temporaneo",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Motivo",
+    "requestLogs": "Log Richiesta",
+    "host": "Host",
+    "location": "Posizione",
+    "actionLogs": "Log Azioni",
+    "sidebarLogsRequest": "Log Richiesta",
+    "sidebarLogsAccess": "Log Accesso",
+    "sidebarLogsAction": "Log Azioni",
+    "logRetention": "Ritenzione Registro",
+    "logRetentionDescription": "Gestisci per quanto tempo i diversi tipi di log sono mantenuti per questa organizzazione o disabilitali",
+    "requestLogsDescription": "Visualizza i registri di richiesta dettagliati per le risorse in questa organizzazione",
+    "logRetentionRequestLabel": "Richiedi Ritenzione Log",
+    "logRetentionRequestDescription": "Per quanto tempo conservare i log delle richieste",
+    "logRetentionAccessLabel": "Ritenzione Registro Accesso",
+    "logRetentionAccessDescription": "Per quanto tempo conservare i log di accesso",
+    "logRetentionActionLabel": "Ritenzione Registro Azioni",
+    "logRetentionActionDescription": "Per quanto tempo conservare i log delle azioni",
+    "logRetentionDisabled": "Disabilitato",
+    "logRetention3Days": "3 giorni",
+    "logRetention7Days": "7 giorni",
+    "logRetention14Days": "14 giorni",
+    "logRetention30Days": "30 giorni",
+    "logRetention90Days": "90 giorni",
+    "logRetentionForever": "Per Sempre",
+    "actionLogsDescription": "Visualizza una cronologia delle azioni eseguite in questa organizzazione",
+    "accessLogsDescription": "Visualizza le richieste di autenticazione di accesso per le risorse in questa organizzazione",
+    "licenseRequiredToUse": "Per utilizzare questa funzione è necessaria una licenza Enterprise.",
+    "certResolver": "Risolutore Di Certificato",
+    "certResolverDescription": "Selezionare il risolutore di certificati da usare per questa risorsa.",
+    "selectCertResolver": "Seleziona Risolutore Di Certificato",
+    "enterCustomResolver": "Inserisci Risolutore Personalizzato",
+    "preferWildcardCert": "Preferisci Certificato Wildcard",
+    "unverified": "Non Verificato",
+    "domainSetting": "Impostazioni Dominio",
+    "domainSettingDescription": "Configura le impostazioni per il tuo dominio",
+    "preferWildcardCertDescription": "Tentativo di generare un certificato jolly (richiede un risolutore di certificati correttamente configurato).",
+    "recordName": "Nome Record",
+    "auto": "Automatico",
+    "TTL": "TTL",
+    "howToAddRecords": "Come aggiungere record",
+    "dnsRecord": "Record DNS",
+    "required": "Richiesto",
+    "domainSettingsUpdated": "Impostazioni dominio aggiornate con successo",
+    "orgOrDomainIdMissing": "Manca l'ID dell'organizzazione o del dominio",
+    "loadingDNSRecords": "Caricamento record DNS...",
+    "olmUpdateAvailableInfo": "È disponibile una versione aggiornata di Olm. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
+    "client": "Client",
+    "proxyProtocol": "Impostazioni Protocollo Proxy",
+    "proxyProtocolDescription": "Configurare il protocollo proxy per preservare gli indirizzi IP client per i servizi TCP/UDP.",
+    "enableProxyProtocol": "Abilita Protocollo Proxy",
+    "proxyProtocolInfo": "Conserva gli indirizzi IP del client per i backend TCP/UDP",
+    "proxyProtocolVersion": "Versione Protocollo Proxy",
+    "version1": " Versione 1 (Consigliato)",
+    "version2": "Versione 2",
+    "versionDescription": "La versione 1 è testuale e ampiamente supportata. La versione 2 è binaria e più efficiente, ma meno compatibile.",
+    "warning": "Attenzione",
+    "proxyProtocolWarning": "La tua applicazione backend deve essere configurata per accettare le connessioni del protocollo proxy. Se il tuo backend non supporta il protocollo proxy, abilitando questa opzione si interromperanno tutte le connessioni. Assicurati di configurare il tuo backend per fidarti delle intestazioni del protocollo proxy da Traefik.",
+    "restarting": "Riavvio...",
+    "manual": "Manuale",
+    "messageSupport": "Supporto Messaggio",
+    "supportNotAvailableTitle": "Supporto Non Disponibile",
+    "supportNotAvailableDescription": "Il supporto non è disponibile in questo momento. Puoi inviare un'email a support@pangolin.net.",
+    "supportRequestSentTitle": "Richiesta Di Supporto Inviata",
+    "supportRequestSentDescription": "Il tuo messaggio è stato inviato con successo.",
+    "supportRequestFailedTitle": "Impossibile inviare la richiesta",
+    "supportRequestFailedDescription": "Si è verificato un errore durante l'invio della richiesta di supporto.",
+    "supportSubjectRequired": "L'oggetto è obbligatorio",
+    "supportSubjectMaxLength": "L'oggetto deve contenere almeno 255 caratteri",
+    "supportMessageRequired": "Il messaggio è obbligatorio",
+    "supportReplyTo": "Rispondi A",
+    "supportSubject": "Oggetto",
+    "supportSubjectPlaceholder": "Inserisci oggetto",
+    "supportMessage": "Messaggio",
+    "supportMessagePlaceholder": "Inserisci il tuo messaggio",
+    "supportSending": "Invio...",
+    "supportSend": "Invia",
+    "supportMessageSent": "Messaggio Inviato!",
+    "supportWillContact": "Saremo in contatto a breve!"
 }
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -47,9 +47,8 @@
    "edit": "편집",
    "siteConfirmDelete": "사이트 삭제 확인",
    "siteDelete": "사이트 삭제",
-    "siteMessageRemove": "제거되면 사이트에 더 이상 접근할 수 없습니다. 사이트와 관련된 모든 리소스와 대상도 제거됩니다.",
-    "siteMessageConfirm": "확인을 위해 아래에 사이트 이름을 입력해 주세요.",
-    "siteQuestionRemove": "조직에서 사이트 {selectedSite}를 제거하시겠습니까?",
+    "siteMessageRemove": "삭제되면 사이트에 더 이상 액세스할 수 없습니다. 사이트와 연결된 모든 대상도 삭제됩니다.",
+    "siteQuestionRemove": "조직에서 사이트를 제거하시겠습니까?",
    "siteManageSites": "사이트 관리",
    "siteDescription": "안전한 터널을 통해 네트워크에 연결할 수 있도록 허용",
    "siteCreate": "사이트 생성",
@@ -96,7 +95,7 @@
    "siteWgDescription": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다.",
    "siteWgDescriptionSaas": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다. 자체 호스팅 노드에서만 작동합니다.",
    "siteLocalDescription": "로컬 리소스만 사용 가능합니다. 터널링이 없습니다.",
-    "siteLocalDescriptionSaas": "로컬 리소스만. 터널링 없음. 자체 호스팅 노드에서만 작동합니다.",
+    "siteLocalDescriptionSaas": "로컬 리소스 전용. 터널링 금지. 원격 노드에서만 사용 가능합니다.",
    "siteSeeAll": "모든 사이트 보기",
    "siteTunnelDescription": "사이트에 연결하는 방법을 결정하세요",
    "siteNewtCredentials": "Newt 자격 증명",
@@ -154,8 +153,7 @@
    "protected": "보호됨",
    "notProtected": "보호되지 않음",
    "resourceMessageRemove": "제거되면 리소스에 더 이상 접근할 수 없습니다. 리소스와 연결된 모든 대상도 제거됩니다.",
-    "resourceMessageConfirm": "확인을 위해 아래에 리소스의 이름을 입력하세요.",
-    "resourceQuestionRemove": "조직에서 리소스 {selectedResource}를 제거하시겠습니까?",
+    "resourceQuestionRemove": "조직에서 리소스를 제거하시겠습니까?",
    "resourceHTTP": "HTTPS 리소스",
    "resourceHTTPDescription": "서브도메인 또는 기본 도메인을 사용하여 HTTPS를 통해 앱에 대한 요청을 프록시합니다.",
    "resourceRaw": "원시 TCP/UDP 리소스",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "조직 삭제 확인",
    "orgMessageRemove": "이 작업은 되돌릴 수 없으며 모든 관련 데이터를 삭제합니다.",
    "orgMessageConfirm": "확인을 위해 아래에 조직 이름을 입력하십시오.",
-    "orgQuestionRemove": "조직 {selectedOrg}을(를) 제거하시겠습니까?",
+    "orgQuestionRemove": "조직을 삭제하시겠습니까?",
    "orgUpdated": "조직이 업데이트되었습니다.",
    "orgUpdatedDescription": "조직이 업데이트되었습니다.",
    "orgErrorUpdate": "조직 업데이트에 실패했습니다.",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "API 키 생성",
    "apiKeysErrorDelete": "API 키 삭제 오류",
    "apiKeysErrorDeleteMessage": "API 키 삭제 오류",
-    "apiKeysQuestionRemove": "조직에서 API 키 {selectedApiKey}를 제거하시겠습니까?",
+    "apiKeysQuestionRemove": "조직에서 API 키를 제거하시겠습니까?",
    "apiKeysMessageRemove": "삭제되면 API 키를 더 이상 사용할 수 없습니다.",
-    "apiKeysMessageConfirm": "확인을 위해 아래에 API 키의 이름을 입력해 주세요.",
    "apiKeysDeleteConfirm": "API 키 삭제 확인",
    "apiKeysDelete": "API 키 삭제",
    "apiKeysManage": "API 키 관리",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "사용자 삭제 확인",
    "userDeleteServer": "서버에서 사용자 삭제",
    "userMessageRemove": "사용자가 모든 조직에서 제거되며 서버에서 완전히 삭제됩니다.",
-    "userMessageConfirm": "확인을 위해 아래에 사용자 이름을 입력하십시오.",
-    "userQuestionRemove": "정말로 {selectedUser}를 서버에서 영구적으로 삭제하시겠습니까?",
+    "userQuestionRemove": "서버에서 사용자를 영구적으로 삭제하시겠습니까?",
    "licenseKey": "라이센스 키",
    "valid": "유효",
    "numberOfSites": "사이트 수",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Fossorial 상업 라이선스 및 구독 약관 보기",
    "licenseMessageRemove": "이 작업은 라이센스 키와 그에 의해 부여된 모든 관련 권한을 제거합니다.",
    "licenseMessageConfirm": "확인을 위해 아래에 라이센스 키를 입력하세요.",
-    "licenseQuestionRemove": "라이센스 키 {selectedKey}를 삭제하시겠습니까?",
+    "licenseQuestionRemove": "라이선스 키를 삭제하시겠습니까?",
    "licenseKeyDelete": "라이센스 키 삭제",
    "licenseKeyDeleteConfirm": "라이센스 키 삭제 확인",
    "licenseTitle": "라이선스 상태 관리",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "초대를 제거하는 동안 오류가 발생했습니다.",
    "inviteRemoved": "초대가 제거되었습니다.",
    "inviteRemovedDescription": "{email}에 대한 초대가 삭제되었습니다.",
-    "inviteQuestionRemove": "초대 {email}를 제거하시겠습니까?",
+    "inviteQuestionRemove": "초대를 제거하시겠습니까?",
    "inviteMessageRemove": "한 번 제거되면 이 초대는 더 이상 유효하지 않습니다. 나중에 사용자를 다시 초대할 수 있습니다.",
    "inviteMessageConfirm": "확인을 위해 아래 초대의 이메일 주소를 입력해 주세요.",
    "inviteQuestionRegenerate": "{email}에 대한 초대장을 다시 생성하시겠습니까? 이전 초대장은 취소됩니다.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "사용자를 제거하는 동안 오류가 발생했습니다.",
    "userOrgRemoved": "사용자가 제거되었습니다.",
    "userOrgRemovedDescription": "사용자 {email}가 조직에서 제거되었습니다.",
-    "userQuestionOrgRemove": "{email}을 조직에서 제거하시겠습니까?",
+    "userQuestionOrgRemove": "조직에서 이 사용자를 제거하시겠습니까?",
    "userMessageOrgRemove": "이 사용자가 제거되면 더 이상 조직에 접근할 수 없습니다. 나중에 다시 초대할 수 있지만, 초대를 다시 수락해야 합니다.",
-    "userMessageOrgConfirm": "확인을 위해 아래에 사용자 이름을 입력하세요.",
    "userRemoveOrgConfirm": "사용자 제거 확인",
    "userRemoveOrg": "조직에서 사용자 제거",
    "users": "사용자",
@@ -468,7 +463,10 @@
    "createdAt": "생성일",
    "proxyErrorInvalidHeader": "잘못된 사용자 정의 호스트 헤더 값입니다. 도메인 이름 형식을 사용하거나 사용자 정의 호스트 헤더를 해제하려면 비워 두십시오.",
    "proxyErrorTls": "유효하지 않은 TLS 서버 이름입니다. 도메인 이름 형식을 사용하거나 비워 두어 TLS 서버 이름을 제거하십시오.",
-    "proxyEnableSSL": "SSL 활성화 (https)",
+    "proxyEnableSSL": "SSL 활성화",
+    "proxyEnableSSLDescription": "대상에 대한 안전한 HTTPS 연결을 위해 SSL/TLS 암호화를 활성화하세요.",
+    "target": "대상",
+    "configureTarget": "대상 구성",
    "targetErrorFetch": "대상 가져오는 데 실패했습니다.",
    "targetErrorFetchDescription": "대상 가져오는 중 오류가 발생했습니다",
    "siteErrorFetch": "리소스를 가져오는 데 실패했습니다",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "보안 연결 구성",
    "targetTlsSettingsDescription": "리소스에 대한 SSL/TLS 설정 구성",
    "targetTlsSettingsAdvanced": "고급 TLS 설정",
-    "targetTlsSni": "TLS 서버 이름 (SNI)",
+    "targetTlsSni": "TLS 서버 이름",
    "targetTlsSniDescription": "SNI에 사용할 TLS 서버 이름. 기본값을 사용하려면 비워 두십시오.",
    "targetTlsSubmit": "설정 저장",
    "targets": "대상 구성",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "세션 전체 동안 동일한 백엔드 대상을 유지합니다.",
    "methodSelect": "선택 방법",
    "targetSubmit": "대상 추가",
-    "targetNoOne": "대상이 없습니다. 양식을 사용하여 대상을 추가하세요.",
+    "targetNoOne": "이 리소스에는 대상이 없습니다. 백엔드로 요청을 보내려면 대상을 추가하세요.",
    "targetNoOneDescription": "위에 하나 이상의 대상을 추가하면 로드 밸런싱이 활성화됩니다.",
    "targetsSubmit": "대상 저장",
+    "addTarget": "대상 추가",
+    "targetErrorInvalidIp": "유효하지 않은 IP 주소",
+    "targetErrorInvalidIpDescription": "유효한 IP 주소 또는 호스트 이름을 입력하세요.",
+    "targetErrorInvalidPort": "유효하지 않은 포트",
+    "targetErrorInvalidPortDescription": "유효한 포트 번호를 입력하세요.",
+    "targetErrorNoSite": "선택된 사이트 없음",
+    "targetErrorNoSiteDescription": "대상을 위해 사이트를 선택하세요.",
+    "targetCreated": "대상 생성",
+    "targetCreatedDescription": "대상이 성공적으로 생성되었습니다.",
+    "targetErrorCreate": "대상 생성 실패",
+    "targetErrorCreateDescription": "대상 생성 중 오류가 발생했습니다.",
+    "save": "저장",
    "proxyAdditional": "추가 프록시 설정",
    "proxyAdditionalDescription": "리소스가 프록시 설정을 처리하는 방법 구성",
    "proxyCustomHeader": "사용자 정의 호스트 헤더",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "서버 관리자 - 판골린",
    "licenseTierProfessional": "전문 라이센스",
    "licenseTierEnterprise": "기업 라이선스",
-    "licenseTierCommercial": "상업용 라이선스",
+    "licenseTierPersonal": "개인 라이선스",
    "licensed": "라이센스",
    "yes": "예",
    "no": "아니요",
@@ -727,7 +737,7 @@
    "idpManageDescription": "시스템에서 ID 제공자를 보고 관리합니다",
    "idpDeletedDescription": "신원 공급자가 성공적으로 삭제되었습니다",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "정말로 아이덴티티 공급자 {name}를 영구적으로 삭제하시겠습니까?",
+    "idpQuestionRemove": "아이덴티티 공급자를 영구적으로 삭제하시겠습니까?",
    "idpMessageRemove": "이 작업은 아이덴티티 공급자와 모든 관련 구성을 제거합니다. 이 공급자를 통해 인증하는 사용자는 더 이상 로그인할 수 없습니다.",
    "idpMessageConfirm": "확인을 위해 아래에 아이덴티티 제공자의 이름을 입력하세요.",
    "idpConfirmDelete": "신원 제공자 삭제 확인",
@@ -750,7 +760,7 @@
    "idpDisplayName": "이 신원 공급자를 위한 표시 이름",
    "idpAutoProvisionUsers": "사용자 자동 프로비저닝",
    "idpAutoProvisionUsersDescription": "활성화되면 사용자가 첫 로그인 시 시스템에 자동으로 생성되며, 사용자와 역할 및 조직을 매핑할 수 있습니다.",
-    "licenseBadge": "전문가",
+    "licenseBadge": "EE",
    "idpType": "제공자 유형",
    "idpTypeDescription": "구성할 ID 공급자의 유형을 선택하십시오.",
    "idpOidcConfigure": "OAuth2/OIDC 구성",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "재설정 코드를 확인하려면 이메일을 확인하세요.",
    "passwordNew": "새 비밀번호",
    "passwordNewConfirm": "새 비밀번호 확인",
+    "changePassword": "비밀번호 변경",
+    "changePasswordDescription": "계정 비밀번호를 업데이트하십시오",
+    "oldPassword": "현재 비밀번호",
+    "newPassword": "새 비밀번호",
+    "confirmNewPassword": "새 비밀번호 확인",
+    "changePasswordError": "비밀번호 변경 실패",
+    "changePasswordErrorDescription": "비밀번호를 변경하는 중 오류가 발생했습니다",
+    "changePasswordSuccess": "비밀번호 변경 완료",
+    "changePasswordSuccessDescription": "비밀번호가 성공적으로 업데이트되었습니다",
+    "passwordExpiryRequired": "비밀번호 만료 필요",
+    "passwordExpiryDescription": "이 조직은 {maxDays}일마다 비밀번호 변경을 요구합니다.",
+    "changePasswordNow": "지금 비밀번호 변경",
    "pincodeAuth": "인증 코드",
    "pincodeSubmit2": "코드 제출",
    "passwordResetSubmit": "재설정 요청",
@@ -1084,7 +1106,6 @@
    "navbar": "탐색 메뉴",
    "navbarDescription": "애플리케이션의 주요 탐색 메뉴",
    "navbarDocsLink": "문서",
-    "commercialEdition": "상업용 에디션",
    "otpErrorEnable": "2FA를 활성화할 수 없습니다.",
    "otpErrorEnableDescription": "2FA를 활성화하는 동안 오류가 발생했습니다",
    "otpSetupCheckCode": "6자리 코드를 입력하세요",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "모든 사용자",
    "sidebarIdentityProviders": "신원 공급자",
    "sidebarLicense": "라이선스",
-    "sidebarClients": "클라이언트 (Beta)",
+    "sidebarClients": "클라이언트",
    "sidebarDomains": "도메인",
+    "sidebarBluePrints": "청사진",
+    "blueprints": "청사진",
+    "blueprintsDescription": "청사진은 리소스와 그 설정을 정의하는 선언적인 YAML 구성입니다",
+    "blueprintAdd": "청사진 추가",
+    "blueprintGoBack": "모든 청사진 보기",
+    "blueprintCreate": "청사진 생성",
+    "blueprintCreateDescription2": "새 청사진을 생성하고 적용하려면 아래 단계를 따르십시오",
+    "blueprintDetails": "청사진 세부 사항",
+    "blueprintDetailsDescription": "청사진 실행 세부 정보 보기",
+    "blueprintInfo": "청사진 정보",
+    "message": "메시지",
+    "blueprintContentsDescription": "인프라를 설명하는 YAML 콘텐츠를 정의하십시오",
+    "blueprintErrorCreateDescription": "청사진을 적용하는 중 오류가 발생했습니다",
+    "blueprintErrorCreate": "청사진 생성 오류",
+    "searchBlueprintProgress": "청사진 검색...",
+    "appliedAt": "적용 시점",
+    "source": "출처",
+    "contents": "콘텐츠",
+    "parsedContents": "구문 분석된 콘텐츠",
    "enableDockerSocket": "Docker 청사진 활성화",
    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 수집을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
    "enableDockerSocketLink": "자세히 알아보기",
@@ -1197,9 +1237,8 @@
    "domainCreate": "도메인 생성",
    "domainCreatedDescription": "도메인이 성공적으로 생성되었습니다",
    "domainDeletedDescription": "도메인이 성공적으로 삭제되었습니다",
-    "domainQuestionRemove": "도메인 {domain}을(를) 계정에서 제거하시겠습니까?",
+    "domainQuestionRemove": "계정에서 도메인을 제거하시겠습니까?",
    "domainMessageRemove": "제거되면 도메인이 더 이상 계정과 연관되지 않습니다.",
-    "domainMessageConfirm": "확인하려면 아래에 도메인명을 입력하세요.",
    "domainConfirmDelete": "도메인 삭제 확인",
    "domainDelete": "도메인 삭제",
    "domain": "도메인",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "무료 티어",
    "billingWarningOverLimit": "경고: 하나 이상의 사용 한도를 초과했습니다. 구독을 수정하거나 사용량을 조정하기 전까지 사이트는 연결되지 않습니다.",
    "billingUsageLimitsOverview": "사용 한도 개요",
-    "billingMonitorUsage": "설정된 한도에 대한 사용량을 모니터링합니다. 한도를 늘려야 하는 경우 support@fossorial.io로 연락하십시오.",
+    "billingMonitorUsage": "설정된 한도에 대한 사용량을 모니터링합니다. 한도를 늘려야 하는 경우 support@pangolin.net로 연락하십시오.",
    "billingDataUsage": "데이터 사용량",
    "billingOnlineTime": "사이트 온라인 시간",
    "billingUsers": "활성 사용자",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "보안 키를 사용하는 데 문제가 발생했습니다. 다시 시도하세요.",
    "twoFactorRequired": "보안 키를 등록하려면 이중 인증이 필요합니다.",
    "twoFactor": "이중 인증",
+    "twoFactorAuthentication": "이중 인증",
+    "twoFactorDescription": "이 조직은 이중 인증을 요구합니다.",
+    "enableTwoFactor": "이중 인증 활성화",
+    "organizationSecurityPolicy": "조직 보안 정책",
+    "organizationSecurityPolicyDescription": "이 조직에는 접근하기 전에 준수해야 하는 보안 요구 사항이 있습니다",
+    "securityRequirements": "보안 요구 사항",
+    "allRequirementsMet": "모든 요구 사항이 충족되었습니다",
+    "completeRequirementsToContinue": "이 조직에 계속 접근하려면 아래 요구 사항을 완료하십시오",
+    "youCanNowAccessOrganization": "이제 이 조직에 접근할 수 있습니다",
+    "reauthenticationRequired": "세션 길이",
+    "reauthenticationDescription": "이 조직은 {maxDays}일마다 로그인하는 것을 요구합니다.",
+    "reauthenticationDescriptionHours": "이 조직은 {maxHours}시간마다 로그인하는 것을 요구합니다.",
+    "reauthenticateNow": "다시 로그인",
    "adminEnabled2FaOnYourAccount": "관리자가 {email}에 대한 이중 인증을 활성화했습니다. 계속하려면 설정을 완료하세요.",
-    "continueToApplication": "응용 프로그램으로 계속",
    "securityKeyAdd": "보안 키 추가",
    "securityKeyRegisterTitle": "새 보안 키 등록",
    "securityKeyRegisterDescription": "보안 키를 연결하고 식별할 이름을 입력하세요.",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "외부 프록시 활성화됨",
    "addNewTarget": "새 대상 추가",
    "targetsList": "대상 목록",
+    "advancedMode": "고급 모드",
    "targetErrorDuplicateTargetFound": "중복 대상 발견",
    "healthCheckHealthy": "정상",
    "healthCheckUnhealthy": "비정상",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "자동 로그인 오류",
    "autoLoginErrorNoRedirectUrl": "ID 공급자로부터 리디렉션 URL을 받지 못했습니다.",
    "autoLoginErrorGeneratingUrl": "인증 URL 생성 실패.",
-    "remoteExitNodeManageRemoteExitNodes": "관리 자체 호스팅",
-    "remoteExitNodeDescription": "네트워크 연결성을 확장하기 위해 노드를 관리하세요",
+    "remoteExitNodeManageRemoteExitNodes": "원격 노드",
+    "remoteExitNodeDescription": "네트워크 연결성을 확장하고 클라우드 의존도를 줄이기 위해 하나 이상의 원격 노드를 자체 호스트하십시오.",
    "remoteExitNodes": "노드",
    "searchRemoteExitNodes": "노드 검색...",
    "remoteExitNodeAdd": "노드 추가",
    "remoteExitNodeErrorDelete": "노드 삭제 오류",
-    "remoteExitNodeQuestionRemove": "조직에서 노드 {selectedNode}를 제거하시겠습니까?",
+    "remoteExitNodeQuestionRemove": "조직에서 노드를 제거하시겠습니까?",
    "remoteExitNodeMessageRemove": "한 번 제거되면 더 이상 노드에 접근할 수 없습니다.",
-    "remoteExitNodeMessageConfirm": "확인을 위해 아래에 노드 이름을 입력해 주세요.",
    "remoteExitNodeConfirmDelete": "노드 삭제 확인",
    "remoteExitNodeDelete": "노드 삭제",
-    "sidebarRemoteExitNodes": "노드",
+    "sidebarRemoteExitNodes": "원격 노드",
    "remoteExitNodeCreate": {
        "title": "노드 생성",
        "description": "네트워크 연결성을 확장하기 위해 새 노드를 생성하세요",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "파일 편집: docker-compose.yml",
    "emailVerificationRequired": "이메일 인증이 필요합니다. 이 단계를 완료하려면 {dashboardUrl}/auth/login 통해 다시 로그인하십시오. 그런 다음 여기로 돌아오세요.",
    "twoFactorSetupRequired": "이중 인증 설정이 필요합니다. 이 단계를 완료하려면 {dashboardUrl}/auth/login 통해 다시 로그인하십시오. 그런 다음 여기로 돌아오세요.",
+    "additionalSecurityRequired": "추가 보안 필요",
+    "organizationRequiresAdditionalSteps": "이 조직은 자원에 접근하기 전에 추가 보안 단계를 요구합니다.",
+    "completeTheseSteps": "이 단계를 완료하십시오",
+    "enableTwoFactorAuthentication": "이중 인증 활성화",
+    "completeSecuritySteps": "보안 단계 완료",
+    "securitySettings": "보안 설정",
+    "securitySettingsDescription": "조직에 대한 보안 정책을 구성합니다",
+    "requireTwoFactorForAllUsers": "모든 사용자에 대해 이중 인증 요구",
+    "requireTwoFactorDescription": "활성화되면, 이 조직의 모든 내부 사용자는 조직에 접근하기 위해 이중 인증을 활성화해야 합니다.",
+    "requireTwoFactorDisabledDescription": "이 기능을 사용하려면 유효한 라이선스(Enterprise) 또는 활성 구독(SaaS)가 필요합니다.",
+    "requireTwoFactorCannotEnableDescription": "모든 사용자에게 강제하기 전에 계정에 대해 이중 인증을 활성화해야 합니다",
+    "maxSessionLength": "최대 세션 길이",
+    "maxSessionLengthDescription": "사용자 세션의 최대 지속 시간을 설정합니다. 이 시간이 지나면 사용자는 다시 인증해야 합니다.",
+    "maxSessionLengthDisabledDescription": "이 기능을 사용하려면 유효한 라이선스(Enterprise) 또는 활성 구독(SaaS)가 필요합니다.",
+    "selectSessionLength": "세션 길이 선택",
+    "unenforced": "강제되지 않음",
+    "1Hour": "1 시간",
+    "3Hours": "3 시간",
+    "6Hours": "6 시간",
+    "12Hours": "12 시간",
+    "1DaySession": "1 일",
+    "3Days": "3 일",
+    "7Days": "7 일",
+    "14Days": "14 일",
+    "30DaysSession": "30 일",
+    "90DaysSession": "90 일",
+    "180DaysSession": "180 일",
+    "passwordExpiryDays": "비밀번호 만료",
+    "editPasswordExpiryDescription": "사용자가 비밀번호를 변경해야 하는 날 수를 설정합니다.",
+    "selectPasswordExpiry": "비밀번호 만료 선택",
+    "30Days": "30 일",
+    "1Day": "1 일",
+    "60Days": "60 일",
+    "90Days": "90 일",
+    "180Days": "180 일",
+    "1Year": "1 년",
+    "subscriptionBadge": "구독 필요",
+    "securityPolicyChangeWarning": "보안 정책 변경 경고",
+    "securityPolicyChangeDescription": "보안 정책 설정을 변경하려고 합니다. 저장 후, 정책 업데이트를 준수하기 위해 다시 인증해야 할 수도 있습니다. 규정을 준수하지 않는 모든 사용자도 다시 인증해야 합니다.",
+    "securityPolicyChangeConfirmMessage": "확인합니다",
+    "securityPolicyChangeWarningText": "이 작업은 조직의 모든 사용자에게 영향을 미칩니다",
    "authPageErrorUpdateMessage": "인증 페이지 설정을 업데이트하는 동안 오류가 발생했습니다",
+    "authPageErrorUpdate": "인증 페이지를 업데이트할 수 없습니다",
    "authPageUpdated": "인증 페이지가 성공적으로 업데이트되었습니다",
    "healthCheckNotAvailable": "로컬",
    "rewritePath": "경로 재작성",
-    "rewritePathDescription": "대상으로 전달하기 전에 경로를 선택적으로 재작성합니다."
+    "rewritePathDescription": "대상으로 전달하기 전에 경로를 선택적으로 재작성합니다.",
+    "continueToApplication": "응용 프로그램으로 계속",
+    "checkingInvite": "초대 확인 중",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "헤더 인증 제거",
+    "resourceHeaderAuthRemoveDescription": "헤더 인증이 성공적으로 제거되었습니다.",
+    "resourceErrorHeaderAuthRemove": "헤더 인증 제거 실패",
+    "resourceErrorHeaderAuthRemoveDescription": "리소스의 헤더 인증을 제거할 수 없습니다.",
+    "resourceHeaderAuthProtectionEnabled": "헤더 인증 활성화됨",
+    "resourceHeaderAuthProtectionDisabled": "헤더 인증 비활성화됨",
+    "headerAuthRemove": "헤더 인증 삭제",
+    "headerAuthAdd": "헤더 인증 추가",
+    "resourceErrorHeaderAuthSetup": "헤더 인증 설정 실패",
+    "resourceErrorHeaderAuthSetupDescription": "리소스의 헤더 인증을 설정할 수 없습니다.",
+    "resourceHeaderAuthSetup": "헤더 인증이 성공적으로 설정되었습니다.",
+    "resourceHeaderAuthSetupDescription": "헤더 인증이 성공적으로 설정되었습니다.",
+    "resourceHeaderAuthSetupTitle": "헤더 인증 설정",
+    "resourceHeaderAuthSetupTitleDescription": "이 리소스를 HTTP 헤더 인증으로 보호하기 위해 기본 인증 자격 증명(사용자이름 및 비밀번호)을 설정합니다. 다음과 같은 형식으로 액세스하세요 https://사용자이름:비밀번호@resource.example.com",
+    "resourceHeaderAuthSubmit": "헤더 인증 설정",
+    "actionSetResourceHeaderAuth": "헤더 인증 설정",
+    "enterpriseEdition": "엔터프라이즈 에디션",
+    "unlicensed": "라이선스 없음",
+    "beta": "베타",
+    "manageClients": "클라이언트 관리",
+    "manageClientsDescription": "클라이언트는 당신의 사이트에 연결할 수 있는 디바이스입니다.",
+    "licenseTableValidUntil": "유효 기한",
+    "saasLicenseKeysSettingsTitle": "엔터프라이즈 라이선스",
+    "saasLicenseKeysSettingsDescription": "자체 호스팅된 Pangolin 인스턴스를 위한 엔터프라이즈 라이선스 키를 생성하고 관리합니다.",
+    "sidebarEnterpriseLicenses": "라이선스",
+    "generateLicenseKey": "라이선스 키 생성",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "유효한 이메일 주소를 입력하세요",
+            "useCaseTypeRequired": "사용 사례 유형을 선택하세요",
+            "firstNameRequired": "이름은 필수입니다.",
+            "lastNameRequired": "성은 필수입니다.",
+            "primaryUseRequired": "주요 용도를 설명하세요",
+            "jobTitleRequiredBusiness": "사업용 직책은 필수입니다.",
+            "industryRequiredBusiness": "사업용 산업은 필수입니다.",
+            "stateProvinceRegionRequired": "주/도/지역이 필수입니다.",
+            "postalZipCodeRequired": "우편번호/ZIP 코드가 필수입니다.",
+            "companyNameRequiredBusiness": "사업용 회사 이름은 필수입니다.",
+            "countryOfResidenceRequiredBusiness": "사업용 거주 국가는 필수입니다.",
+            "countryRequiredPersonal": "개인용 국가가 필수입니다.",
+            "agreeToTermsRequired": "약관에 동의해야 합니다.",
+            "complianceConfirmationRequired": "Fossorial 상용 라이선스를 준수함을 확인해야 합니다."
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "개인 용도",
+                "description": "학습, 개인 프로젝트 또는 실험과 같은 개인, 비상업적 용도로 사용합니다."
+            },
+            "business": {
+                "title": "사업 용도",
+                "description": "조직, 회사 또는 수익 창출 활동 내에서 사용됩니다."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "이메일 및 라이선스 유형",
+                "description": "이메일을 입력하고 라이선스 유형을 선택하세요"
+            },
+            "personalInformation": {
+                "title": "개인 정보",
+                "description": "자기소개를 해주세요"
+            },
+            "contactInformation": {
+                "title": "연락처 정보",
+                "description": "당신의 연락처 정보"
+            },
+            "termsGenerate": {
+                "title": "약관 및 생성",
+                "description": "라이선스를 생성하기 위해 약관을 검토하고 수락하세요"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "사용 공개",
+                "description": "당신의 의도된 사용에 정확히 맞는 라이선스 등급을 선택하세요. 개인 라이선스는 연간 총 수익 100,000 USD 이하의 개인, 비상업적 또는 소규모 상업 활동을 위한 소프트웨어의 무료 사용을 허용합니다. 이러한 제한을 넘는 모든 사용 — 비즈니스, 조직 또는 기타 수익 창출 환경 내에서의 사용 — 은 유효한 엔터프라이즈 라이선스 및 해당 라이선스 수수료의 지불이 필요합니다. 개인 또는 기업 사용자는 모두 Fossorial 상용 라이선스 조건을 준수해야 합니다."
+            },
+            "trialPeriodInformation": {
+                "title": "시험 기간 정보",
+                "description": "이 라이선스 키는 엔터프라이즈 기능을 평가판 기간 동안 7일 동안 활성화합니다. 평가 기간 이후 유료 기능에 대한 계속된 액세스는 유효한 개인 또는 엔터프라이즈 라이선스 하에서 활성화가 필요합니다. 엔터프라이즈 라이선스에 대한 정보는 sales@pangolin.net에 문의하세요."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "개인 또는 사업용으로 Pangolin을 사용하시나요?",
+            "firstName": "이름",
+            "lastName": "성",
+            "jobTitle": "직책",
+            "primaryUseQuestion": "Pangolin을 주로 무엇에 사용하려고 계획하시나요?",
+            "industryQuestion": "당신의 산업은 무엇입니까?",
+            "prospectiveUsersQuestion": "예상하는 잠재적 사용자는 몇 명입니까?",
+            "prospectiveSitesQuestion": "예상하는 잠재적 사이트(터널)는 몇 개입니까?",
+            "companyName": "회사 이름",
+            "countryOfResidence": "거주 국가",
+            "stateProvinceRegion": "주 / 도 / 지역",
+            "postalZipCode": "우편번호 / ZIP 코드",
+            "companyWebsite": "회사 웹사이트",
+            "companyPhoneNumber": "회사 전화번호",
+            "country": "국가",
+            "phoneNumberOptional": "전화번호 (선택 항목)",
+            "complianceConfirmation": "제가 제공한 정보가 정확하고 Fossorial 상용 라이선스를 준수하는지 확인합니다. 부정확한 정보를 보고하거나 제품 사용을 실수로 식별하는 것은 라이선스 위반이며, 키가 취소될 수 있습니다."
+        },
+        "buttons": {
+            "close": "닫기",
+            "previous": "이전",
+            "next": "다음",
+            "generateLicenseKey": "라이선스 키 생성"
+        },
+        "toasts": {
+            "success": {
+                "title": "라이선스 키가 성공적으로 생성되었습니다",
+                "description": "당신의 라이선스 키가 생성되었으며 사용 준비가 되었습니다."
+            },
+            "error": {
+                "title": "라이선스 키 생성에 실패했습니다",
+                "description": "라이선스 키를 생성하는 동안 오류가 발생했습니다."
+            }
+        }
+    },
+    "priority": "우선순위",
+    "priorityDescription": "우선 순위가 높은 경로가 먼저 평가됩니다. 우선 순위 = 100은 자동 정렬(시스템 결정)이 의미합니다. 수동 우선 순위를 적용하려면 다른 숫자를 사용하세요.",
+    "instanceName": "인스턴스 이름",
+    "pathMatchModalTitle": "경로 매칭 설정",
+    "pathMatchModalDescription": "경로별로 들어오는 요청을 어떻게 매칭할지 설정합니다.",
+    "pathMatchType": "일치 유형",
+    "pathMatchPrefix": "접두사",
+    "pathMatchExact": "정확하게",
+    "pathMatchRegex": "정규 표현식",
+    "pathMatchValue": "경로 값",
+    "clear": "지우기",
+    "saveChanges": "변경 사항 저장",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/경로",
+    "pathMatchPrefixHelp": "예: /api 는 /api, /api/users 등을 매칭합니다.",
+    "pathMatchExactHelp": "예: /api 는 /api 만 매칭합니다.",
+    "pathMatchRegexHelp": "예: ^/api/.* 는 /api/anything를 매칭합니다",
+    "pathRewriteModalTitle": "경로 재작성 설정",
+    "pathRewriteModalDescription": "대상으로 전달하기 전에 매칭된 경로를 변환합니다.",
+    "pathRewriteType": "재작성 유형",
+    "pathRewritePrefixOption": "접두사 - 접두사 대체",
+    "pathRewriteExactOption": "정확 - 전체 경로 대체",
+    "pathRewriteRegexOption": "정규 표현식 - 패턴 대체",
+    "pathRewriteStripPrefixOption": "접두사 제거 - 접두사 삭제",
+    "pathRewriteValue": "재작성 값",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/새-경로",
+    "pathRewritePrefixHelp": "일치하는 접두사를 이 값으로 대체합니다",
+    "pathRewriteExactHelp": "경로가 정확히 일치할 때 전체 경로를 이 값으로 대체합니다",
+    "pathRewriteRegexHelp": "$1, $2와 같은 캡처 그룹을 사용하여 대체",
+    "pathRewriteStripPrefixHelp": "접두사를 제거하거나 새 접두사를 제공하려면 비워 둡니다",
+    "pathRewritePrefix": "접두사",
+    "pathRewriteExact": "정확하게",
+    "pathRewriteRegex": "정규 표현식",
+    "pathRewriteStrip": "제거",
+    "pathRewriteStripLabel": "제거",
+    "sidebarEnableEnterpriseLicense": "엔터프라이즈 라이선스 활성화",
+    "cannotbeUndone": "이 작업은 되돌릴 수 없습니다.",
+    "toConfirm": "확인하려면",
+    "deleteClientQuestion": "고객을 사이트와 조직에서 제거하시겠습니까?",
+    "clientMessageRemove": "제거되면 클라이언트는 사이트에 더 이상 연결할 수 없습니다.",
+    "sidebarLogs": "로그",
+    "request": "요청",
+    "logs": "로그",
+    "logsSettingsDescription": "이 조직에서 수집된 로그를 모니터링합니다",
+    "searchLogs": "로그 검색...",
+    "action": "작업",
+    "actor": "행위자",
+    "timestamp": "타임스탬프",
+    "accessLogs": "접근 로그",
+    "exportCsv": "CSV 내보내기",
+    "actorId": "행위자 ID",
+    "allowedByRule": "룰에 의해 허용됨",
+    "allowedNoAuth": "인증 없음 허용됨",
+    "validAccessToken": "유효한 접근 토큰",
+    "validHeaderAuth": "유효한 헤더 인증",
+    "validPincode": "유효한 핀코드",
+    "validPassword": "유효한 비밀번호",
+    "validEmail": "유효한 이메일",
+    "validSSO": "유효한 SSO",
+    "resourceBlocked": "리소스 차단됨",
+    "droppedByRule": "룰에 의해 드롭됨",
+    "noSessions": "세션 없음",
+    "temporaryRequestToken": "임시 요청 토큰",
+    "noMoreAuthMethods": "유효한 인증 없음",
+    "ip": "IP",
+    "reason": "이유",
+    "requestLogs": "요청 로그",
+    "host": "호스트",
+    "location": "위치",
+    "actionLogs": "작업 로그",
+    "sidebarLogsRequest": "요청 로그",
+    "sidebarLogsAccess": "접근 로그",
+    "sidebarLogsAction": "작업 로그",
+    "logRetention": "로그 보관",
+    "logRetentionDescription": "다양한 유형의 로그를 이 조직에 대해 얼마나 오래 보관할지 관리하거나 비활성화합니다",
+    "requestLogsDescription": "이 조직의 자원에 대한 상세한 요청 로그를 봅니다",
+    "logRetentionRequestLabel": "요청 로그 보관",
+    "logRetentionRequestDescription": "요청 로그를 얼마나 오래 보관할지",
+    "logRetentionAccessLabel": "접근 로그 보관",
+    "logRetentionAccessDescription": "접근 로그를 얼마나 오래 보관할지",
+    "logRetentionActionLabel": "작업 로그 보관",
+    "logRetentionActionDescription": "작업 로그를 얼마나 오래 보관할지",
+    "logRetentionDisabled": "비활성화됨",
+    "logRetention3Days": "3 일",
+    "logRetention7Days": "7 일",
+    "logRetention14Days": "14 일",
+    "logRetention30Days": "30 일",
+    "logRetention90Days": "90 일",
+    "logRetentionForever": "영구",
+    "actionLogsDescription": "이 조직에서 수행된 작업의 기록을 봅니다",
+    "accessLogsDescription": "이 조직의 자원에 대한 접근 인증 요청을 확인합니다",
+    "licenseRequiredToUse": "이 기능을 사용하려면 Enterprise 라이선스가 필요합니다.",
+    "certResolver": "인증서 해결사",
+    "certResolverDescription": "이 리소스에 사용할 인증서 해결사를 선택하세요.",
+    "selectCertResolver": "인증서 해결사 선택",
+    "enterCustomResolver": "사용자 정의 해결사 입력",
+    "preferWildcardCert": "와일드카드 인증서 선호",
+    "unverified": "검증되지 않음",
+    "domainSetting": "도메인 설정",
+    "domainSettingDescription": "도메인에 대한 설정을 구성하세요.",
+    "preferWildcardCertDescription": "와일드카드 인증서를 생성하려고 시도합니다 (올바르게 구성된 인증서 해결사가 필요합니다).",
+    "recordName": "레코드 이름",
+    "auto": "자동",
+    "TTL": "TTL",
+    "howToAddRecords": "레코드 추가 방법",
+    "dnsRecord": "DNS 레코드",
+    "required": "필수",
+    "domainSettingsUpdated": "도메인 설정이 성공적으로 업데이트되었습니다",
+    "orgOrDomainIdMissing": "조직 ID 또는 도메인 ID가 누락되었습니다",
+    "loadingDNSRecords": "DNS 레코드를 로드하는 중...",
+    "olmUpdateAvailableInfo": "올름의 새 버전이 이용 가능합니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
+    "client": "클라이언트",
+    "proxyProtocol": "프록시 프로토콜 설정",
+    "proxyProtocolDescription": "프록시 프로토콜을 구성하여 TCP/UDP 서비스에 대한 클라이언트 IP 주소를 보존하십시오.",
+    "enableProxyProtocol": "프록시 프로토콜 활성화",
+    "proxyProtocolInfo": "TCP/UDP 백엔드의 클라이언트 IP 주소를 보존합니다",
+    "proxyProtocolVersion": "프록시 프로토콜 버전",
+    "version1": " 버전 1 (추천)",
+    "version2": "버전 2",
+    "versionDescription": "버전 1은 텍스트 기반으로 널리 지원됩니다. 버전 2는 이진 기반으로 더 효율적이지만 호환성이 낮습니다.",
+    "warning": "경고",
+    "proxyProtocolWarning": "백엔드 애플리케이션이 프록시 프로토콜 연결을 허용하도록 구성되어야 합니다. 백엔드가 프록시 프로토콜을 지원하지 않으면, 이를 활성화하면 모든 연결이 끊어집니다. 트래픽에서 온 프록시 프로토콜 헤더를 백엔드가 신뢰하도록 구성하십시오.",
+    "restarting": "재시작 중...",
+    "manual": "수동",
+    "messageSupport": "지원 메시지",
+    "supportNotAvailableTitle": "지원 불가",
+    "supportNotAvailableDescription": "현재 지원을 받을 수 없습니다. support@pangolin.net으로 이메일을 보낼 수 있습니다.",
+    "supportRequestSentTitle": "지원 요청 전송 완료",
+    "supportRequestSentDescription": "메시지가 성공적으로 전송되었습니다.",
+    "supportRequestFailedTitle": "요청 전송 실패",
+    "supportRequestFailedDescription": "지원 요청을 보내는 중 오류가 발생했습니다.",
+    "supportSubjectRequired": "제목은 필수입니다",
+    "supportSubjectMaxLength": "제목은 255자 이내여야 합니다",
+    "supportMessageRequired": "메시지는 필수입니다",
+    "supportReplyTo": "회신",
+    "supportSubject": "제목",
+    "supportSubjectPlaceholder": "제목 입력",
+    "supportMessage": "메시지",
+    "supportMessagePlaceholder": "메시지를 입력하십시오",
+    "supportSending": "발송 중...",
+    "supportSend": "보내기",
+    "supportMessageSent": "메시지 전송 완료!",
+    "supportWillContact": "곧 연락드리겠습니다!"
 }
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -47,9 +47,8 @@
    "edit": "Rediger",
    "siteConfirmDelete": "Bekreft Sletting av Område",
    "siteDelete": "Slett Område",
-    "siteMessageRemove": "Når området slettes, vil det ikke lenger være tilgjengelig. Alle ressurser og mål assosiert med området vil også bli slettet.",
-    "siteMessageConfirm": "For å bekrefte, vennligst skriv inn navnet i området nedenfor.",
-    "siteQuestionRemove": "Er du sikker på at du vil slette området {selectedSite} fra organisasjonen?",
+    "siteMessageRemove": "Når nettstedet er fjernet, vil det ikke lenger være tilgjengelig. Alle målene for nettstedet vil også bli fjernet.",
+    "siteQuestionRemove": "Er du sikker på at du vil fjerne nettstedet fra organisasjonen?",
    "siteManageSites": "Administrer Områder",
    "siteDescription": "Tillat tilkobling til nettverket ditt gjennom sikre tunneler",
    "siteCreate": "Opprett område",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Bruk hvilken som helst WireGuard-klient for å etablere en tunnel. Manuell NAT-oppsett kreves.",
    "siteWgDescriptionSaas": "Bruk hvilken som helst WireGuard-klient for å etablere en tunnel. Manuell NAT-oppsett er nødvendig. FUNGERER KUN PÅ SELVHOSTEDE NODER",
    "siteLocalDescription": "Kun lokale ressurser. Ingen tunnelering.",
-    "siteLocalDescriptionSaas": "Kun lokale ressurser. Ingen tunneling. FUNGERER KUN PÅ SELVHOSTEDE NODER",
+    "siteLocalDescriptionSaas": "Lokale ressurser. Ingen tunnelering. Bare tilgjengelig på eksterne noder.",
    "siteSeeAll": "Se alle områder",
    "siteTunnelDescription": "Bestem hvordan du vil koble deg til ditt område",
    "siteNewtCredentials": "Newt påloggingsinformasjon",
@@ -154,8 +153,7 @@
    "protected": "Beskyttet",
    "notProtected": "Ikke beskyttet",
    "resourceMessageRemove": "Når den er fjernet, vil ressursen ikke lenger være tilgjengelig. Alle mål knyttet til ressursen vil også bli fjernet.",
-    "resourceMessageConfirm": "For å bekrefte, skriv inn navnet på ressursen nedenfor.",
-    "resourceQuestionRemove": "Er du sikker på at du vil fjerne ressursen {selectedResource} fra organisasjonen?",
+    "resourceQuestionRemove": "Er du sikker på at du vil fjerne ressursen fra organisasjonen?",
    "resourceHTTP": "HTTPS-ressurs",
    "resourceHTTPDescription": "Proxy-forespørsler til appen din over HTTPS ved bruk av et underdomene eller grunndomene.",
    "resourceRaw": "Rå TCP/UDP-ressurs",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Bekreft Sletting av Organisasjon",
    "orgMessageRemove": "Denne handlingen er irreversibel og vil slette alle tilknyttede data.",
    "orgMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på organisasjonen nedenfor.",
-    "orgQuestionRemove": "Er du sikker på at du vil fjerne organisasjonen {selectedOrg}?",
+    "orgQuestionRemove": "Er du sikker på at du vil fjerne organisasjonen?",
    "orgUpdated": "Organisasjon oppdatert",
    "orgUpdatedDescription": "Organisasjonen har blitt oppdatert.",
    "orgErrorUpdate": "Kunne ikke oppdatere organisasjonen",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Generer API-nøkkel",
    "apiKeysErrorDelete": "Feil under sletting av API-nøkkel",
    "apiKeysErrorDeleteMessage": "Feil ved sletting av API-nøkkel",
-    "apiKeysQuestionRemove": "Er du sikker på at du vil fjerne API-nøkkelen {selectedApiKey} fra organisasjonen?",
+    "apiKeysQuestionRemove": "Er du sikker på at du vil fjerne API-nøkkelen fra organisasjonen?",
    "apiKeysMessageRemove": "Når den er fjernet, vil API-nøkkelen ikke lenger kunne brukes.",
-    "apiKeysMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på API-nøkkelen nedenfor.",
    "apiKeysDeleteConfirm": "Bekreft sletting av API-nøkkel",
    "apiKeysDelete": "Slett API-nøkkel",
    "apiKeysManage": "Administrer API-nøkler",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Bekreft sletting av bruker",
    "userDeleteServer": "Slett bruker fra server",
    "userMessageRemove": "Brukeren vil bli fjernet fra alle organisasjoner og vil bli fullstendig fjernet fra serveren.",
-    "userMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på brukeren nedenfor.",
-    "userQuestionRemove": "Er du sikker på at du vil slette {selectedUser} permanent fra serveren?",
+    "userQuestionRemove": "Er du sikker på at du vil slette brukeren permanent fra serveren?",
    "licenseKey": "Lisensnøkkel",
    "valid": "Gyldig",
    "numberOfSites": "Antall områder",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Vis Fossorial kommersiell lisens og abonnementsvilkår",
    "licenseMessageRemove": "Dette vil fjerne lisensnøkkelen og alle tilknyttede tillatelser gitt av den.",
    "licenseMessageConfirm": "For å bekrefte, vennligst skriv inn lisensnøkkelen nedenfor.",
-    "licenseQuestionRemove": "Er du sikker på at du vil slette lisensnøkkelen {selectedKey} ?",
+    "licenseQuestionRemove": "Er du sikker på at du vil slette lisensnøkkelen?",
    "licenseKeyDelete": "Slett Lisensnøkkel",
    "licenseKeyDeleteConfirm": "Bekreft sletting av lisensnøkkel",
    "licenseTitle": "Behandle lisensstatus",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Det oppstod en feil under fjerning av invitasjonen.",
    "inviteRemoved": "Invitasjon fjernet",
    "inviteRemovedDescription": "Invitasjonen for {email} er fjernet.",
-    "inviteQuestionRemove": "Er du sikker på at du vil fjerne invitasjonen {email}?",
+    "inviteQuestionRemove": "Er du sikker på at du vil fjerne invitasjonen?",
    "inviteMessageRemove": "Når fjernet, vil denne invitasjonen ikke lenger være gyldig. Du kan alltid invitere brukeren på nytt senere.",
    "inviteMessageConfirm": "For å bekrefte, vennligst tast inn invitasjonens e-postadresse nedenfor.",
    "inviteQuestionRegenerate": "Er du sikker på at du vil generere invitasjonen på nytt for {email}? Dette vil ugyldiggjøre den forrige invitasjonen.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Det oppstod en feil under fjerning av brukeren.",
    "userOrgRemoved": "Bruker fjernet",
    "userOrgRemovedDescription": "Brukeren {email} er fjernet fra organisasjonen.",
-    "userQuestionOrgRemove": "Er du sikker på at du vil fjerne {email} fra organisasjonen?",
+    "userQuestionOrgRemove": "Er du sikker på at du vil fjerne denne brukeren fra organisasjonen?",
    "userMessageOrgRemove": "Når denne brukeren er fjernet, vil de ikke lenger ha tilgang til organisasjonen. Du kan alltid invitere dem på nytt senere, men de vil måtte godta invitasjonen på nytt.",
-    "userMessageOrgConfirm": "For å bekrefte, vennligst skriv inn navnet på brukeren nedenfor.",
    "userRemoveOrgConfirm": "Bekreft fjerning av bruker",
    "userRemoveOrg": "Fjern bruker fra organisasjon",
    "users": "Brukere",
@@ -468,7 +463,10 @@
    "createdAt": "Opprettet",
    "proxyErrorInvalidHeader": "Ugyldig verdi for egendefinert vertsoverskrift. Bruk domenenavnformat, eller lagre tomt for å fjerne den egendefinerte vertsoverskriften.",
    "proxyErrorTls": "Ugyldig TLS-servernavn. Bruk domenenavnformat, eller la stå tomt for å fjerne TLS-servernavnet.",
-    "proxyEnableSSL": "Aktiver SSL (https)",
+    "proxyEnableSSL": "Aktiver SSL",
+    "proxyEnableSSLDescription": "Aktiver SSL/TLS-kryptering for sikre HTTPS-tilkoblinger til dine mål.",
+    "target": "Target",
+    "configureTarget": "Konfigurer mål",
    "targetErrorFetch": "Kunne ikke hente mål",
    "targetErrorFetchDescription": "Det oppsto en feil under henting av mål",
    "siteErrorFetch": "Klarte ikke å hente ressurs",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Sikker tilkoblings-konfigurasjon",
    "targetTlsSettingsDescription": "Konfigurer SSL/TLS-innstillinger for ressursen din",
    "targetTlsSettingsAdvanced": "Avanserte TLS-innstillinger",
-    "targetTlsSni": "TLS Servernavn (SNI)",
+    "targetTlsSni": "TLS servernavn",
    "targetTlsSniDescription": "TLS-servernavnet som skal brukes for SNI. La stå tomt for å bruke standardverdien.",
    "targetTlsSubmit": "Lagre innstillinger",
    "targets": "Målkonfigurasjon",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Behold tilkoblinger på samme bakend-mål gjennom hele sesjonen.",
    "methodSelect": "Velg metode",
    "targetSubmit": "Legg til mål",
-    "targetNoOne": "Ingen mål. Legg til et mål ved hjelp av skjemaet.",
+    "targetNoOne": "Denne ressursen har ikke noen mål. Legg til et mål for å konfigurere hvor du vil sende forespørsler til din backend.",
    "targetNoOneDescription": "Å legge til mer enn ett mål ovenfor vil aktivere lastbalansering.",
    "targetsSubmit": "Lagre mål",
+    "addTarget": "Legg til mål",
+    "targetErrorInvalidIp": "Ugyldig IP-adresse",
+    "targetErrorInvalidIpDescription": "Skriv inn en gyldig IP-adresse eller vertsnavn",
+    "targetErrorInvalidPort": "Ugyldig port",
+    "targetErrorInvalidPortDescription": "Vennligst skriv inn et gyldig portnummer",
+    "targetErrorNoSite": "Ingen nettsted valgt",
+    "targetErrorNoSiteDescription": "Velg et nettsted for målet",
+    "targetCreated": "Mål opprettet",
+    "targetCreatedDescription": "Målet har blitt opprettet",
+    "targetErrorCreate": "Kunne ikke opprette målet",
+    "targetErrorCreateDescription": "Det oppstod en feil under oppretting av målet",
+    "save": "Lagre",
    "proxyAdditional": "Ytterligere Proxy-innstillinger",
    "proxyAdditionalDescription": "Konfigurer hvordan ressursen din håndterer proxy-innstillinger",
    "proxyCustomHeader": "Tilpasset verts-header",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Server Admin - Pangolin",
    "licenseTierProfessional": "Profesjonell lisens",
    "licenseTierEnterprise": "Bedriftslisens",
-    "licenseTierCommercial": "Kommersiell lisens",
+    "licenseTierPersonal": "Personlig lisens",
    "licensed": "Lisensiert",
    "yes": "Ja",
    "no": "Nei",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Vis og administrer identitetsleverandører i systemet",
    "idpDeletedDescription": "Identitetsleverandør slettet vellykket",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Er du sikker på at du vil slette identitetsleverandøren {name} permanent?",
+    "idpQuestionRemove": "Er du sikker på at du vil slette identitetsleverandøren permanent?",
    "idpMessageRemove": "Dette vil fjerne identitetsleverandøren og alle tilhørende konfigurasjoner. Brukere som autentiserer seg via denne leverandøren vil ikke lenger kunne logge inn.",
    "idpMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på identitetsleverandøren nedenfor.",
    "idpConfirmDelete": "Bekreft Sletting av Identitetsleverandør",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Et visningsnavn for denne identitetsleverandøren",
    "idpAutoProvisionUsers": "Automatisk brukerklargjøring",
    "idpAutoProvisionUsersDescription": "Når aktivert, opprettes brukere automatisk i systemet ved første innlogging, med mulighet til å tilordne brukere til roller og organisasjoner.",
-    "licenseBadge": "Profesjonell",
+    "licenseBadge": "EE",
    "idpType": "Leverandørtype",
    "idpTypeDescription": "Velg typen identitetsleverandør du ønsker å konfigurere",
    "idpOidcConfigure": "OAuth2/OIDC-konfigurasjon",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Sjekk e-posten din for tilbakestillingskoden.",
    "passwordNew": "Nytt passord",
    "passwordNewConfirm": "Bekreft nytt passord",
+    "changePassword": "Endre passord",
+    "changePasswordDescription": "Oppdater passordet for din konto",
+    "oldPassword": "Nåværende passord",
+    "newPassword": "Nytt passord",
+    "confirmNewPassword": "Bekreft nytt passord",
+    "changePasswordError": "Kunne ikke endre passord",
+    "changePasswordErrorDescription": "Det oppstod en feil under endring av passordet",
+    "changePasswordSuccess": "Passordet er endret",
+    "changePasswordSuccessDescription": "Ditt passord ble oppdatert",
+    "passwordExpiryRequired": "Passordutløp kreves",
+    "passwordExpiryDescription": "Denne organisasjonen krever at du bytter passord hver {maxDays} dag.",
+    "changePasswordNow": "Bytt passord nå",
    "pincodeAuth": "Autentiseringskode",
    "pincodeSubmit2": "Send inn kode",
    "passwordResetSubmit": "Be om tilbakestilling",
@@ -1084,7 +1106,6 @@
    "navbar": "Navigasjonsmeny",
    "navbarDescription": "Hovednavigasjonsmeny for applikasjonen",
    "navbarDocsLink": "Dokumentasjon",
-    "commercialEdition": "Kommersiell utgave",
    "otpErrorEnable": "Kunne ikke aktivere 2FA",
    "otpErrorEnableDescription": "En feil oppstod under aktivering av 2FA",
    "otpSetupCheckCode": "Vennligst skriv inn en 6-sifret kode",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Alle brukere",
    "sidebarIdentityProviders": "Identitetsleverandører",
    "sidebarLicense": "Lisens",
-    "sidebarClients": "Klienter (Beta)",
+    "sidebarClients": "Klienter",
    "sidebarDomains": "Domener",
+    "sidebarBluePrints": "Tegninger",
+    "blueprints": "Tegninger",
+    "blueprintsDescription": "Tegninger er deklarative YAML konfigurasjoner som definerer dine ressurser og deres innstillinger",
+    "blueprintAdd": "Legg til blåkopi",
+    "blueprintGoBack": "Se alle blåkopier",
+    "blueprintCreate": "Opprette mal",
+    "blueprintCreateDescription2": "Følg trinnene nedenfor for å opprette og bruke en ny plantegning",
+    "blueprintDetails": "Blåkopi detaljer",
+    "blueprintDetailsDescription": "Se detaljer om plantegning",
+    "blueprintInfo": "Blåkopi informasjon",
+    "message": "Melding",
+    "blueprintContentsDescription": "Definer innhold av YAML som beskriver din infrastruktur",
+    "blueprintErrorCreateDescription": "Det oppstod en feil da plantegningen ble lagt til",
+    "blueprintErrorCreate": "Feil ved opprettelse av plantegning",
+    "searchBlueprintProgress": "Søk etter plantegninger...",
+    "appliedAt": "Anvendt på",
+    "source": "Kilde",
+    "contents": "Innhold",
+    "parsedContents": "Parket innhold",
    "enableDockerSocket": "Aktiver Docker blåkopi",
    "enableDockerSocketDescription": "Aktiver skraping av Docker Socket for blueprint Etiketter. Socket bane må brukes for nye.",
    "enableDockerSocketLink": "Lær mer",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Opprett domene",
    "domainCreatedDescription": "Domene ble opprettet",
    "domainDeletedDescription": "Domene ble slettet",
-    "domainQuestionRemove": "Er du sikker på at du vil fjerne domenet {domain} fra kontoen din?",
+    "domainQuestionRemove": "Er du sikker på at du vil fjerne domenet fra kontoen din?",
    "domainMessageRemove": "Når domenet er fjernet, vil det ikke lenger være knyttet til kontoen din.",
-    "domainMessageConfirm": "For å bekrefte, vennligst skriv inn domenenavnet nedenfor.",
    "domainConfirmDelete": "Bekreft sletting av domene",
    "domainDelete": "Slett domene",
    "domain": "Domene",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Gratis nivå",
    "billingWarningOverLimit": "Advarsel: Du har overskredet en eller flere bruksgrenser. Nettstedene dine vil ikke koble til før du endrer abonnementet ditt eller justerer bruken.",
    "billingUsageLimitsOverview": "Oversikt over bruksgrenser",
-    "billingMonitorUsage": "Overvåk bruken din i forhold til konfigurerte grenser. Hvis du trenger økte grenser, vennligst kontakt support@fossorial.io.",
+    "billingMonitorUsage": "Overvåk bruken din i forhold til konfigurerte grenser. Hvis du trenger økte grenser, vennligst kontakt support@pangolin.net.",
    "billingDataUsage": "Databruk",
    "billingOnlineTime": "Online tid for nettsteder",
    "billingUsers": "Aktive brukere",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Det oppstod et problem med å bruke sikkerhetsnøkkelen din. Vennligst prøv igjen.",
    "twoFactorRequired": "Tofaktorautentisering er påkrevd for å registrere en sikkerhetsnøkkel.",
    "twoFactor": "Tofaktorautentisering",
+    "twoFactorAuthentication": "To-faktor autentisering",
+    "twoFactorDescription": "Denne organisasjonen krever to-faktor-autentisering.",
+    "enableTwoFactor": "Aktiver to-faktor autentisering",
+    "organizationSecurityPolicy": "Retningslinjer for organisasjons sikkerhet",
+    "organizationSecurityPolicyDescription": "Denne organisasjonen har sikkerhetskrav som må oppfylles før du får tilgang til den",
+    "securityRequirements": "Krav Til Sikkerhet",
+    "allRequirementsMet": "Alle krav er oppfylt",
+    "completeRequirementsToContinue": "Fullfør kravene nedenfor for å fortsette tilgangen til denne organisasjonen",
+    "youCanNowAccessOrganization": "Du har nå tilgang til denne organisasjonen",
+    "reauthenticationRequired": "Økt lengde",
+    "reauthenticationDescription": "Denne organisasjonen krever at du logger på alle {maxDays} dager.",
+    "reauthenticationDescriptionHours": "Denne organisasjonen krever at du logger inn hver {maxHours} time.",
+    "reauthenticateNow": "Logg inn igjen",
    "adminEnabled2FaOnYourAccount": "Din administrator har aktivert tofaktorautentisering for {email}. Vennligst fullfør oppsettsprosessen for å fortsette.",
-    "continueToApplication": "Fortsett til applikasjonen",
    "securityKeyAdd": "Legg til sikkerhetsnøkkel",
    "securityKeyRegisterTitle": "Registrer ny sikkerhetsnøkkel",
    "securityKeyRegisterDescription": "Koble til sikkerhetsnøkkelen og skriv inn et navn for å identifisere den",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Ekstern proxy aktivert",
    "addNewTarget": "Legg til nytt mål",
    "targetsList": "Liste over mål",
+    "advancedMode": "Avansert modus",
    "targetErrorDuplicateTargetFound": "Duplikat av mål funnet",
    "healthCheckHealthy": "Sunn",
    "healthCheckUnhealthy": "Usunn",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Feil ved automatisk innlogging",
    "autoLoginErrorNoRedirectUrl": "Ingen omdirigerings-URL mottatt fra identitetsleverandøren.",
    "autoLoginErrorGeneratingUrl": "Kunne ikke generere autentiserings-URL.",
-    "remoteExitNodeManageRemoteExitNodes": "Administrer Selv-Hostet",
-    "remoteExitNodeDescription": "Administrer noder for å forlenge nettverkstilkoblingen din",
+    "remoteExitNodeManageRemoteExitNodes": "Eksterne Noder",
+    "remoteExitNodeDescription": "Selvbetjent én eller flere eksterne noder for å utvide nettverkstilkoblingen din og redusere avhengighet på skyen",
    "remoteExitNodes": "Noder",
    "searchRemoteExitNodes": "Søk noder...",
    "remoteExitNodeAdd": "Legg til Node",
    "remoteExitNodeErrorDelete": "Feil ved sletting av node",
-    "remoteExitNodeQuestionRemove": "Er du sikker på at du vil fjerne noden {selectedNode} fra organisasjonen?",
+    "remoteExitNodeQuestionRemove": "Er du sikker på at du vil fjerne noden fra organisasjonen?",
    "remoteExitNodeMessageRemove": "Når noden er fjernet, vil ikke lenger være tilgjengelig.",
-    "remoteExitNodeMessageConfirm": "For å bekrefte, skriv inn navnet på noden nedenfor.",
    "remoteExitNodeConfirmDelete": "Bekreft sletting av Node",
    "remoteExitNodeDelete": "Slett Node",
-    "sidebarRemoteExitNodes": "Noder",
+    "sidebarRemoteExitNodes": "Eksterne Noder",
    "remoteExitNodeCreate": {
        "title": "Opprett node",
        "description": "Opprett en ny node for å utvide nettverkstilkoblingen din",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Rediger fil: docker-compose.yml",
    "emailVerificationRequired": "E-postbekreftelse er nødvendig. Logg inn på nytt via {dashboardUrl}/auth/login og fullfør dette trinnet. Kom deretter tilbake her.",
    "twoFactorSetupRequired": "To-faktor autentiseringsoppsett er nødvendig. Vennligst logg inn igjen via {dashboardUrl}/auth/login og fullfør dette steget. Kom deretter tilbake her.",
+    "additionalSecurityRequired": "Ekstra sikkerhet kreves",
+    "organizationRequiresAdditionalSteps": "Denne organisasjonen krever ytterligere sikkerhetstrinn før du får tilgang til ressurser.",
+    "completeTheseSteps": "Fullfør disse trinnene",
+    "enableTwoFactorAuthentication": "Aktiver to-faktor autentisering",
+    "completeSecuritySteps": "Fullfør sikkerhetstrinnene",
+    "securitySettings": "Sikkerhet innstillinger",
+    "securitySettingsDescription": "Konfigurere sikkerhetspolicyer for din organisasjon",
+    "requireTwoFactorForAllUsers": "Krev to-faktor autentisering for alle brukere",
+    "requireTwoFactorDescription": "Når aktivert må alle interne brukere i denne organisasjonen ha to-faktorautentisering aktivert for å få tilgang til organisasjonen.",
+    "requireTwoFactorDisabledDescription": "Denne funksjonen krever en gyldig lisens (Enterprise) eller aktivt abonnement (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Du må aktivere to-faktor-autentisering for din konto før det håndheves for alle brukere",
+    "maxSessionLength": "Maksimal øktlengde",
+    "maxSessionLengthDescription": "Angi maksimal varighet for brukerøkter. Etter denne gangen må brukerne logge inn på nytt.",
+    "maxSessionLengthDisabledDescription": "Denne funksjonen krever en gyldig lisens (Enterprise) eller aktivt abonnement (SaaS)",
+    "selectSessionLength": "Velg øktlengde",
+    "unenforced": "Tvungen",
+    "1Hour": "1 time",
+    "3Hours": "3 timer",
+    "6Hours": "6 timer",
+    "12Hours": "12 timer",
+    "1DaySession": "1 dag",
+    "3Days": "3 dager",
+    "7Days": "7 dager",
+    "14Days": "14 dager",
+    "30DaysSession": "30 dager",
+    "90DaysSession": "90 dager",
+    "180DaysSession": "180 dager",
+    "passwordExpiryDays": "Passord utløper",
+    "editPasswordExpiryDescription": "Angi antall dager før brukere må endre passordet sitt.",
+    "selectPasswordExpiry": "Velg passordutløp",
+    "30Days": "30 dager",
+    "1Day": "1 dag",
+    "60Days": "60 dager",
+    "90Days": "90 dager",
+    "180Days": "180 dager",
+    "1Year": "1 år",
+    "subscriptionBadge": "Abonnement kreves",
+    "securityPolicyChangeWarning": "Sikkerhetsregler forandring advarsel",
+    "securityPolicyChangeDescription": "Du er i ferd med å endre innstillingene for sikkerhetspolicy. Etter å ha spart må du kanskje gjenopplogge deg på for å oppfylle disse policyoppdateringene. Alle brukere som ikke samsvarer vil også måtte autentisere.",
+    "securityPolicyChangeConfirmMessage": "Jeg bekrefter",
+    "securityPolicyChangeWarningText": "Dette vil påvirke alle brukere i organisasjonen",
    "authPageErrorUpdateMessage": "Det oppstod en feil under oppdatering av innstillingene for godkjenningssiden",
+    "authPageErrorUpdate": "Kunne ikke oppdatere autoriseringssiden",
    "authPageUpdated": "Godkjenningsside oppdatert",
    "healthCheckNotAvailable": "Lokal",
    "rewritePath": "Omskriv sti",
-    "rewritePathDescription": "Valgfritt omskrive stien før videresending til målet."
+    "rewritePathDescription": "Valgfritt omskrive stien før videresending til målet.",
+    "continueToApplication": "Fortsett til applikasjonen",
+    "checkingInvite": "Sjekker invitasjon",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Fjern topptekst Auth",
+    "resourceHeaderAuthRemoveDescription": "Topplinje autentisering fjernet.",
+    "resourceErrorHeaderAuthRemove": "Kunne ikke fjerne topptekst autentisering",
+    "resourceErrorHeaderAuthRemoveDescription": "Kunne ikke fjerne topptekst autentisering for ressursen.",
+    "resourceHeaderAuthProtectionEnabled": "Topplinje autentisering aktivert",
+    "resourceHeaderAuthProtectionDisabled": "Topplinje autentisering deaktivert",
+    "headerAuthRemove": "Fjern topptekst Auth",
+    "headerAuthAdd": "Legg til topptekst godkjenning",
+    "resourceErrorHeaderAuthSetup": "Kunne ikke sette topptekst autentisering",
+    "resourceErrorHeaderAuthSetupDescription": "Kunne ikke sette topplinje autentisering for ressursen.",
+    "resourceHeaderAuthSetup": "Header godkjenningssett var vellykket",
+    "resourceHeaderAuthSetupDescription": "Topplinje autentisering har blitt lagret.",
+    "resourceHeaderAuthSetupTitle": "Angi topptekst godkjenning",
+    "resourceHeaderAuthSetupTitleDescription": "Angi grunnleggende auth legitimasjon (brukernavn og passord) for å beskytte denne ressursen med HTTP Header autentisering. Tilgang til det ved hjelp av formatet https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Angi topptekst godkjenning",
+    "actionSetResourceHeaderAuth": "Angi topptekst godkjenning",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Ikke lisensiert",
+    "beta": "beta",
+    "manageClients": "Administrer klienter",
+    "manageClientsDescription": "Klienter er enheter som kan koble seg til nettstedet ditt",
+    "licenseTableValidUntil": "Gyldig til",
+    "saasLicenseKeysSettingsTitle": "Bedriftstillatelse Lisenser",
+    "saasLicenseKeysSettingsDescription": "Generer og administrer Enterprise lisensnøkler for selvbetjente Pangolin forekomster",
+    "sidebarEnterpriseLicenses": "Lisenser",
+    "generateLicenseKey": "Generer lisensnøkkel",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Vennligst skriv inn en gyldig e-postadresse",
+            "useCaseTypeRequired": "Vennligst velg en bruk sakstype",
+            "firstNameRequired": "Fornavn er påkrevd",
+            "lastNameRequired": "Etternavn er påkrevd",
+            "primaryUseRequired": "Beskriv din primære bruk",
+            "jobTitleRequiredBusiness": "Jobbtittel er påkrevd for forretningsbruk",
+            "industryRequiredBusiness": "Næringslivet må til forretningsbruk",
+            "stateProvinceRegionRequired": "Stat/provins/region kreves",
+            "postalZipCodeRequired": "Postnummer er påkrevd",
+            "companyNameRequiredBusiness": "Firmanavn er påkrevd for bedriftens bruk",
+            "countryOfResidenceRequiredBusiness": "Land som skal oppholde seg er nødvendig for bruk til forretningsdrift",
+            "countryRequiredPersonal": "Land er påkrevd for personlig bruk",
+            "agreeToTermsRequired": "Du må godta vilkårene",
+            "complianceConfirmationRequired": "Du må bekrefte at du overholder Fossorial Kommersiell lisens"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personlig bruk",
+                "description": "For enkeltpersoner, ikke-kommersiell bruk som læring, personlige prosjekter eller eksperimentering."
+            },
+            "business": {
+                "title": "Forretningsmessig bruk",
+                "description": "Til bruk innenfor organisasjoner eller virksomheter eller forretningsmessige inntekter eller aktiviteter."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "E-post & lisenstype",
+                "description": "Skriv inn e-postadressen din og velg lisenstypen din"
+            },
+            "personalInformation": {
+                "title": "Personlig Informasjon",
+                "description": "Fortell oss om deg selv"
+            },
+            "contactInformation": {
+                "title": "Kontakt Informasjon",
+                "description": "Dine kontaktopplysninger"
+            },
+            "termsGenerate": {
+                "title": "Vilkår og generere",
+                "description": "Se gjennom og godta vilkårene for å generere lisensen"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Bruk utlevering",
+                "description": "Velg lisensnivået som reflekterer nøyaktig din tiltenkte bruk. Personlige lisenser tillater fri bruk av programvare for enkelte, ikke-kommersielle eller småskala kommersielle aktiviteter, med en årlig brutto inntekt på under 100 000 amerikanske dollar. All bruk ut over disse grensene – inkludert bruk innenfor en virksomhet, organisasjon eller andre inntekter miljø - krever en gyldig Enterprise lisens og betaling av gjeldende lisensavgift. Alle brukere, enten personlig eller Enterprise, må overholde de kommersielle tillatelsene på Fossorial."
+            },
+            "trialPeriodInformation": {
+                "title": "Informasjon om prøveperiode",
+                "description": "Denne lisensnøkkelen tillater funksjoner i Enterprise for en 7-dagers evalueringsperiode. Fortsatt tilgang til betalt funksjoner utenfor evalueringsperioden krever aktivering under en gyldig Personlig eller Enterprise License. For Enterprise licensing, kontakt sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Bruker du Pangolin for personlig eller forretningsbruk?",
+            "firstName": "Fornavn",
+            "lastName": "Etternavn (Automatic Translation)",
+            "jobTitle": "Jobb tittel",
+            "primaryUseQuestion": "Hva planlegger du først og fremst å bruke Pangolin for?",
+            "industryQuestion": "Hva er din industri?",
+            "prospectiveUsersQuestion": "Hvor mange prospektive brukere forventer du å ha?",
+            "prospectiveSitesQuestion": "Hvor mange prospektive nettsteder (tunnels) forventer du å ha?",
+            "companyName": "Navn på bedrift",
+            "countryOfResidence": "Oppholdsland",
+            "stateProvinceRegion": "Fylke / Region",
+            "postalZipCode": "Postnummer / postnummer",
+            "companyWebsite": "Firmaets hjemmeside",
+            "companyPhoneNumber": "Firmaets telefonnummer",
+            "country": "Land",
+            "phoneNumberOptional": "Telefonnummer (valgfritt)",
+            "complianceConfirmation": "Jeg bekrefter at opplysningene jeg oppga er korrekte og at jeg er i samsvar med Fossorial Kommersiell Lisens. Rapportering av unøyaktig informasjon eller feilidentifisering av bruk av produktet bryter lisensen, og kan føre til at nøkkelen din blir opphevet."
+        },
+        "buttons": {
+            "close": "Lukk",
+            "previous": "Forrige",
+            "next": "Neste",
+            "generateLicenseKey": "Generer lisensnøkkel"
+        },
+        "toasts": {
+            "success": {
+                "title": "Lisensnøkkel ble generert",
+                "description": "Din lisensnøkkel har blitt generert og er klar til bruk."
+            },
+            "error": {
+                "title": "Kan ikke generere lisensnøkkel",
+                "description": "Det oppstod en feil ved generering av lisensnøkkelen."
+            }
+        }
+    },
+    "priority": "Prioritet",
+    "priorityDescription": "Høyere prioriterte ruter evalueres først. Prioritet = 100 betyr automatisk bestilling (systembeslutninger). Bruk et annet nummer til å håndheve manuell prioritet.",
+    "instanceName": "Forekomst navn",
+    "pathMatchModalTitle": "Konfigurere matching av sti",
+    "pathMatchModalDescription": "Sett opp hvordan innkommende forespørsler skal matches basert på deres bane.",
+    "pathMatchType": "Trefftype",
+    "pathMatchPrefix": "Prefiks",
+    "pathMatchExact": "Nøyaktig",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Verdi for sti",
+    "clear": "Tøm",
+    "saveChanges": "Lagre endringer",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/sti",
+    "pathMatchPrefixHelp": "Eksempel: /api matcher /api, /api/users, etc.",
+    "pathMatchExactHelp": "Eksempel: /api passer bare /api",
+    "pathMatchRegexHelp": "Eksempel: ^/api/.* matcher /api/alt",
+    "pathRewriteModalTitle": "Konfigurer ferdigskriving av sti",
+    "pathRewriteModalDescription": "Overfør banen som passet før den videresendes til målet.",
+    "pathRewriteType": "Omskriv type",
+    "pathRewritePrefixOption": "Prefiks - erstatt prefiks",
+    "pathRewriteExactOption": "Eksakt - Erstatt hele banen",
+    "pathRewriteRegexOption": "Regex - Ekkobilde",
+    "pathRewriteStripPrefixOption": "Ta bort prefiks - fjern prefiks",
+    "pathRewriteValue": "Omskriv verdi",
+    "pathRewriteRegexPlaceholder": "/ny/$1",
+    "pathRewriteDefaultPlaceholder": "/ny sti",
+    "pathRewritePrefixHelp": "Erstatt det samsvarende prefikset med denne verdien",
+    "pathRewriteExactHelp": "Erstatt hele banen med denne verdien når stien samsvarer nøyaktig",
+    "pathRewriteRegexHelp": "Bruk opptaksgrupper som $1, $2 for erstatning",
+    "pathRewriteStripPrefixHelp": "La stå tomt for å ta opp prefiks eller legge til nytt prefiks",
+    "pathRewritePrefix": "Prefiks",
+    "pathRewriteExact": "Nøyaktig",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Stripe",
+    "pathRewriteStripLabel": "stripe",
+    "sidebarEnableEnterpriseLicense": "Aktiver Enterprise lisens",
+    "cannotbeUndone": "Dette kan ikke angres.",
+    "toConfirm": "å bekrefte",
+    "deleteClientQuestion": "Er du sikker på at du vil fjerne klienten fra nettstedet og organisasjonen?",
+    "clientMessageRemove": "Når klienten er fjernet, kan den ikke lenger koble seg til nettstedet.",
+    "sidebarLogs": "Logger",
+    "request": "Forespørsel",
+    "logs": "Logger",
+    "logsSettingsDescription": "Overvåk logger samlet fra denne orginiasjonen",
+    "searchLogs": "Søk i logger...",
+    "action": "Handling",
+    "actor": "Aktør",
+    "timestamp": "Tidsstempel",
+    "accessLogs": "Tilgangslogger (Automatic Translation)",
+    "exportCsv": "Eksportere CSV",
+    "actorId": "Skuespiller ID",
+    "allowedByRule": "Tillatt etter regel",
+    "allowedNoAuth": "Tillatt Ingen Auth",
+    "validAccessToken": "Gyldig tilgangsnøkkel",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Gyldig passord",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Ressurs blokkert",
+    "droppedByRule": "Legg i regelen",
+    "noSessions": "Ingen økter",
+    "temporaryRequestToken": "Midlertidig forespørsel Token",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Grunn",
+    "requestLogs": "Forespørselslogger (Automatic Translation)",
+    "host": "Vert",
+    "location": "Sted",
+    "actionLogs": "Handlingslogger",
+    "sidebarLogsRequest": "Forespørselslogger (Automatic Translation)",
+    "sidebarLogsAccess": "Tilgangslogger (Automatic Translation)",
+    "sidebarLogsAction": "Handlingslogger",
+    "logRetention": "Logg tilbaketrekning",
+    "logRetentionDescription": "Håndter hvor lenge ulike typer logger beholdes for denne organisasjonen, eller deaktiver dem",
+    "requestLogsDescription": "Se detaljerte forespørselslogger for ressurser i denne organisasjonen",
+    "logRetentionRequestLabel": "Be om loggoverføring",
+    "logRetentionRequestDescription": "Hvor lenge du vil beholde forespørselslogger",
+    "logRetentionAccessLabel": "Få tilgang til loggoverføring",
+    "logRetentionAccessDescription": "Hvor lenge du vil beholde adgangslogger",
+    "logRetentionActionLabel": "Handlings logg nytt",
+    "logRetentionActionDescription": "Hvor lenge handlingen skal lagres",
+    "logRetentionDisabled": "Deaktivert",
+    "logRetention3Days": "3 dager",
+    "logRetention7Days": "7 dager",
+    "logRetention14Days": "14 dager",
+    "logRetention30Days": "30 dager",
+    "logRetention90Days": "90 dager",
+    "logRetentionForever": "Alltid",
+    "actionLogsDescription": "Vis historikk for handlinger som er utført i denne organisasjonen",
+    "accessLogsDescription": "Vis autoriseringsforespørsler for ressurser i denne organisasjonen",
+    "licenseRequiredToUse": "En Enterprise lisens er påkrevd for å bruke denne funksjonen.",
+    "certResolver": "Sertifikat løser",
+    "certResolverDescription": "Velg sertifikatløser som skal brukes for denne ressursen.",
+    "selectCertResolver": "Velg sertifikatløser",
+    "enterCustomResolver": "Legg inn egendefinert løser",
+    "preferWildcardCert": "Foretrekk Wildcard sertifikat",
+    "unverified": "Uverifisert",
+    "domainSetting": "Domene innstillinger",
+    "domainSettingDescription": "Konfigurer innstillinger for ditt domene",
+    "preferWildcardCertDescription": "Forsøk på å generere et jokertegn (krever en riktig konfigurert sertifikatløsning).",
+    "recordName": "Lagre navn",
+    "auto": "Automatisk",
+    "TTL": "TTL",
+    "howToAddRecords": "Hvordan legge til poster",
+    "dnsRecord": "DNS registre",
+    "required": "Påkrevd",
+    "domainSettingsUpdated": "Domene innstillinger ble oppdatert",
+    "orgOrDomainIdMissing": "ID for organisasjon eller domene mangler",
+    "loadingDNSRecords": "Laster DNS-poster...",
+    "olmUpdateAvailableInfo": "En oppdatert versjon av Olm er tilgjengelig. Oppdater til den nyeste versjonen for å få den beste opplevelsen.",
+    "client": "Klient",
+    "proxyProtocol": "Protokoll innstillinger for Protokoll",
+    "proxyProtocolDescription": "Konfigurer Proxy-protokoll for å bevare klientens IP-adresser til TCP/UDP tjenester.",
+    "enableProxyProtocol": "Aktiver Proxy-protokoll",
+    "proxyProtocolInfo": "Bevar klientens IP-adresser for TCP/UDP bakover",
+    "proxyProtocolVersion": "Proxy protokoll versjon",
+    "version1": " Versjon 1 (Anbefalt)",
+    "version2": "Versjon 2",
+    "versionDescription": "Versjon 1 er tekstbasert og støttet. Versjon 2 er binært og mer effektivt, men mindre kompatibel.",
+    "warning": "Advarsel",
+    "proxyProtocolWarning": "Din backend applikasjon må være konfigurert for å godta Proxy Protokoller. Hvis din backend ikke støtter Proxy Protocol, vil aktivering av dette bryte alle tilkoblinger. Sørg for å konfigurere backend til å stole på Proxy Protokoll overskrifter fra Traefik.",
+    "restarting": "Restarter...",
+    "manual": "Manuell",
+    "messageSupport": "Støtte for melding",
+    "supportNotAvailableTitle": "Støtte ikke tilgjengelig",
+    "supportNotAvailableDescription": "Støtte er ikke tilgjengelig akkurat nå. Du kan sende en e-post til support@pangolin.net.",
+    "supportRequestSentTitle": "Supportforespørsel sendt",
+    "supportRequestSentDescription": "Din melding er sendt.",
+    "supportRequestFailedTitle": "Kunne ikke sende forespørsel",
+    "supportRequestFailedDescription": "En feil oppstod under sending av din forespørsel om støtte.",
+    "supportSubjectRequired": "Emne er påkrevd",
+    "supportSubjectMaxLength": "Emne må være 255 tegn eller mindre",
+    "supportMessageRequired": "Melding er påkrevd",
+    "supportReplyTo": "Svar til",
+    "supportSubject": "Emne",
+    "supportSubjectPlaceholder": "Angi emne",
+    "supportMessage": "Melding",
+    "supportMessagePlaceholder": "Skriv din melding",
+    "supportSending": "Sender...",
+    "supportSend": "Sende",
+    "supportMessageSent": "Melding sendt!",
+    "supportWillContact": "Vi kommer raskt til å ta kontakt!"
 }
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -47,9 +47,8 @@
    "edit": "Bewerken",
    "siteConfirmDelete": "Verwijderen van site bevestigen",
    "siteDelete": "Site verwijderen",
-    "siteMessageRemove": "Eenmaal verwijderd, zal de site niet langer toegankelijk zijn. Alle bronnen en doelen die aan de site zijn gekoppeld, zullen ook worden verwijderd.",
-    "siteMessageConfirm": "Typ ter bevestiging de naam van de site hieronder.",
-    "siteQuestionRemove": "Weet u zeker dat u de site {selectedSite} uit de organisatie wilt verwijderen?",
+    "siteMessageRemove": "Eenmaal verwijderd zal de site niet langer toegankelijk zijn. Alle aan de site gekoppelde doelen zullen ook worden verwijderd.",
+    "siteQuestionRemove": "Weet u zeker dat u de site wilt verwijderen uit de organisatie?",
    "siteManageSites": "Sites beheren",
    "siteDescription": "Verbindt met uw netwerk via beveiligde tunnels",
    "siteCreate": "Site maken",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.",
    "siteWgDescriptionSaas": "Gebruik elke WireGuard-client om een tunnel op te zetten. Handmatige NAT-instelling vereist. WERKT ALLEEN OP SELF HOSTED NODES",
    "siteLocalDescription": "Alleen lokale bronnen. Geen tunneling.",
-    "siteLocalDescriptionSaas": "Alleen lokale bronnen. Geen tunneling. WERKT ALLEEN OP SELF HOSTED NODES",
+    "siteLocalDescriptionSaas": "Enkel lokale bronnen. Geen tunneling. Alleen beschikbaar op externe knooppunten.",
    "siteSeeAll": "Alle sites bekijken",
    "siteTunnelDescription": "Bepaal hoe u verbinding wilt maken met uw site",
    "siteNewtCredentials": "Nieuwste aanmeldgegevens",
@@ -154,8 +153,7 @@
    "protected": "Beschermd",
    "notProtected": "Niet beveiligd",
    "resourceMessageRemove": "Eenmaal verwijderd, zal het bestand niet langer toegankelijk zijn. Alle doelen die gekoppeld zijn aan het hulpbron, zullen ook verwijderd worden.",
-    "resourceMessageConfirm": "Om te bevestigen, typ de naam van de bron hieronder.",
-    "resourceQuestionRemove": "Weet u zeker dat u de resource {selectedResource} uit de organisatie wilt verwijderen?",
+    "resourceQuestionRemove": "Weet u zeker dat u het document van de organisatie wilt verwijderen?",
    "resourceHTTP": "HTTPS bron",
    "resourceHTTPDescription": "Proxy verzoeken aan uw app via HTTPS via een subdomein of basisdomein.",
    "resourceRaw": "TCP/UDP bron",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Bevestig Verwijderen Organisatie",
    "orgMessageRemove": "Deze actie is onomkeerbaar en zal alle bijbehorende gegevens verwijderen.",
    "orgMessageConfirm": "Om te bevestigen, typ de naam van de onderstaande organisatie in.",
-    "orgQuestionRemove": "Weet u zeker dat u de organisatie {selectedOrg} wilt verwijderen?",
+    "orgQuestionRemove": "Weet u zeker dat u de organisatie wilt verwijderen?",
    "orgUpdated": "Organisatie bijgewerkt",
    "orgUpdatedDescription": "De organisatie is bijgewerkt.",
    "orgErrorUpdate": "Bijwerken organisatie mislukt",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "API-sleutel genereren",
    "apiKeysErrorDelete": "Fout bij verwijderen API-sleutel",
    "apiKeysErrorDeleteMessage": "Fout bij verwijderen API-sleutel",
-    "apiKeysQuestionRemove": "Weet u zeker dat u de API-sleutel {selectedApiKey} van de organisatie wilt verwijderen?",
+    "apiKeysQuestionRemove": "Weet u zeker dat u de API-sleutel van de organisatie wilt verwijderen?",
    "apiKeysMessageRemove": "Eenmaal verwijderd, kan de API-sleutel niet meer worden gebruikt.",
-    "apiKeysMessageConfirm": "Om dit te bevestigen, typt u de naam van de API-sleutel hieronder.",
    "apiKeysDeleteConfirm": "Bevestig Verwijderen API-sleutel",
    "apiKeysDelete": "API-sleutel verwijderen",
    "apiKeysManage": "API-sleutels beheren",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Bevestig verwijderen gebruiker",
    "userDeleteServer": "Gebruiker verwijderen van de server",
    "userMessageRemove": "De gebruiker zal uit alle organisaties verwijderd worden en volledig verwijderd worden van de server.",
-    "userMessageConfirm": "Typ de naam van de gebruiker hieronder om te bevestigen.",
-    "userQuestionRemove": "Weet je zeker dat je {selectedUser} permanent van de server wilt verwijderen?",
+    "userQuestionRemove": "Weet u zeker dat u de gebruiker permanent van de server wilt verwijderen?",
    "licenseKey": "Licentie sleutel",
    "valid": "Geldig",
    "numberOfSites": "Aantal sites",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Fossorial Commerciële licentie- en abonnementsvoorwaarden bekijken",
    "licenseMessageRemove": "Dit zal de licentiesleutel en alle bijbehorende machtigingen verwijderen die hierdoor zijn verleend.",
    "licenseMessageConfirm": "Typ de licentiesleutel hieronder om te bevestigen.",
-    "licenseQuestionRemove": "Weet u zeker dat u de licentiesleutel {selectedKey} wilt verwijderen?",
+    "licenseQuestionRemove": "Weet u zeker dat u de licentiesleutel wilt verwijderen?",
    "licenseKeyDelete": "Licentiesleutel verwijderen",
    "licenseKeyDeleteConfirm": "Bevestig verwijderen licentiesleutel",
    "licenseTitle": "Licentiestatus beheren",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Er is een fout opgetreden tijdens het verwijderen van de uitnodiging.",
    "inviteRemoved": "Uitnodiging verwijderd",
    "inviteRemovedDescription": "De uitnodiging voor {email} is verwijderd.",
-    "inviteQuestionRemove": "Weet u zeker dat u de uitnodiging {email} wilt verwijderen?",
+    "inviteQuestionRemove": "Weet je zeker dat je de uitnodiging wilt verwijderen?",
    "inviteMessageRemove": "Eenmaal verwijderd, zal deze uitnodiging niet meer geldig zijn. U kunt de gebruiker later altijd opnieuw uitnodigen.",
    "inviteMessageConfirm": "Om dit te bevestigen, typ dan het e-mailadres van onderstaande uitnodiging.",
    "inviteQuestionRegenerate": "Weet u zeker dat u de uitnodiging voor {email}opnieuw wilt genereren? Dit zal de vorige uitnodiging intrekken.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Er is een fout opgetreden tijdens het verwijderen van de gebruiker.",
    "userOrgRemoved": "Gebruiker verwijderd",
    "userOrgRemovedDescription": "De gebruiker {email} is verwijderd uit de organisatie.",
-    "userQuestionOrgRemove": "Weet u zeker dat u {email} wilt verwijderen uit de organisatie?",
+    "userQuestionOrgRemove": "Weet u zeker dat u deze gebruiker wilt verwijderen uit de organisatie?",
    "userMessageOrgRemove": "Eenmaal verwijderd, heeft deze gebruiker geen toegang meer tot de organisatie. Je kunt ze later altijd opnieuw uitnodigen, maar ze zullen de uitnodiging opnieuw moeten accepteren.",
-    "userMessageOrgConfirm": "Typ om te bevestigen de naam van de gebruiker hieronder.",
    "userRemoveOrgConfirm": "Bevestig verwijderen gebruiker",
    "userRemoveOrg": "Gebruiker uit organisatie verwijderen",
    "users": "Gebruikers",
@@ -468,7 +463,10 @@
    "createdAt": "Aangemaakt op",
    "proxyErrorInvalidHeader": "Ongeldige aangepaste Header waarde. Gebruik het domeinnaam formaat, of sla leeg op om de aangepaste Host header ongedaan te maken.",
    "proxyErrorTls": "Ongeldige TLS servernaam. Gebruik de domeinnaam of sla leeg op om de TLS servernaam te verwijderen.",
-    "proxyEnableSSL": "SSL (https) inschakelen",
+    "proxyEnableSSL": "SSL inschakelen",
+    "proxyEnableSSLDescription": "SSL/TLS-versleuteling inschakelen voor beveiligde HTTPS-verbindingen naar uw doelen.",
+    "target": "Target",
+    "configureTarget": "Doelstellingen configureren",
    "targetErrorFetch": "Ophalen van doelen mislukt",
    "targetErrorFetchDescription": "Er is een fout opgetreden bij het ophalen van de objecten",
    "siteErrorFetch": "Mislukt om resource op te halen",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "HTTPS & TLS instellingen",
    "targetTlsSettingsDescription": "SSL/TLS-instellingen voor uw bron configureren",
    "targetTlsSettingsAdvanced": "Geavanceerde TLS instellingen",
-    "targetTlsSni": "TLS Server Naam (SNI)",
+    "targetTlsSni": "TLS servernaam",
    "targetTlsSniDescription": "De TLS servernaam om te gebruiken voor SNI. Laat leeg om de standaard te gebruiken.",
    "targetTlsSubmit": "Instellingen opslaan",
    "targets": "Doelstellingen configuratie",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.",
    "methodSelect": "Selecteer methode",
    "targetSubmit": "Doelwit toevoegen",
-    "targetNoOne": "Geen doel toegevoegd. Voeg deze toe via dit formulier.",
+    "targetNoOne": "Deze bron heeft geen doelen. Voeg een doel toe om te configureren waar verzoeken naar uw backend.",
    "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
    "targetsSubmit": "Doelstellingen opslaan",
+    "addTarget": "Doelwit toevoegen",
+    "targetErrorInvalidIp": "Ongeldig IP-adres",
+    "targetErrorInvalidIpDescription": "Voer een geldig IP-adres of hostnaam in",
+    "targetErrorInvalidPort": "Ongeldige poort",
+    "targetErrorInvalidPortDescription": "Voer een geldig poortnummer in",
+    "targetErrorNoSite": "Geen site geselecteerd",
+    "targetErrorNoSiteDescription": "Selecteer een site voor het doel",
+    "targetCreated": "Doel aangemaakt",
+    "targetCreatedDescription": "Doel is succesvol aangemaakt",
+    "targetErrorCreate": "Kan doel niet aanmaken",
+    "targetErrorCreateDescription": "Fout opgetreden tijdens het aanmaken van het doel",
+    "save": "Opslaan",
    "proxyAdditional": "Extra Proxy-instellingen",
    "proxyAdditionalDescription": "Configureer hoe de proxy-instellingen van uw bron worden afgehandeld",
    "proxyCustomHeader": "Aangepaste Host-header",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Serverbeheer - Pangolin",
    "licenseTierProfessional": "Professionele licentie",
    "licenseTierEnterprise": "Enterprise Licentie",
-    "licenseTierCommercial": "Commerciële licentie",
+    "licenseTierPersonal": "Persoonlijke licentie",
    "licensed": "Gelicentieerd",
    "yes": "ja",
    "no": "Neen",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Identiteitsaanbieders in het systeem bekijken en beheren",
    "idpDeletedDescription": "Identity provider succesvol verwijderd",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Weet u zeker dat u de identiteitsprovider {name} permanent wilt verwijderen?",
+    "idpQuestionRemove": "Weet u zeker dat u de identiteitsprovider permanent wilt verwijderen?",
    "idpMessageRemove": "Dit zal de identiteitsprovider en alle bijbehorende configuraties verwijderen. Gebruikers die via deze provider authenticeren, kunnen niet langer inloggen.",
    "idpMessageConfirm": "Om dit te bevestigen, typt u de naam van onderstaande identiteitsprovider.",
    "idpConfirmDelete": "Bevestig verwijderen identiteit provider",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Een weergavenaam voor deze identiteitsprovider",
    "idpAutoProvisionUsers": "Auto Provisie Gebruikers",
    "idpAutoProvisionUsersDescription": "Wanneer ingeschakeld, worden gebruikers automatisch in het systeem aangemaakt wanneer ze de eerste keer inloggen met de mogelijkheid om gebruikers toe te wijzen aan rollen en organisaties.",
-    "licenseBadge": "Professioneel",
+    "licenseBadge": "EE",
    "idpType": "Type provider",
    "idpTypeDescription": "Selecteer het type identiteitsprovider dat u wilt configureren",
    "idpOidcConfigure": "OAuth2/OIDC configuratie",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Controleer je e-mail voor de reset code.",
    "passwordNew": "Nieuw wachtwoord",
    "passwordNewConfirm": "Bevestig nieuw wachtwoord",
+    "changePassword": "Wachtwoord wijzigen",
+    "changePasswordDescription": "Uw wachtwoord bijwerken",
+    "oldPassword": "Huidig wachtwoord",
+    "newPassword": "Nieuw wachtwoord",
+    "confirmNewPassword": "Bevestig nieuw wachtwoord",
+    "changePasswordError": "Wachtwoord wijzigen mislukt",
+    "changePasswordErrorDescription": "Er is een fout opgetreden tijdens het wijzigen van uw wachtwoord",
+    "changePasswordSuccess": "Wachtwoord succesvol gewijzigd",
+    "changePasswordSuccessDescription": "Uw wachtwoord is met succes bijgewerkt",
+    "passwordExpiryRequired": "Wachtwoord vervalt verplicht",
+    "passwordExpiryDescription": "Deze organisatie vereist dat u om de {maxDays} dagen uw wachtwoord wijzigt.",
+    "changePasswordNow": "Wijzig wachtwoord nu",
    "pincodeAuth": "Authenticatiecode",
    "pincodeSubmit2": "Code indienen",
    "passwordResetSubmit": "Opnieuw instellen aanvragen",
@@ -1084,7 +1106,6 @@
    "navbar": "Navigatiemenu",
    "navbarDescription": "Hoofd navigatie menu voor de applicatie",
    "navbarDocsLink": "Documentatie",
-    "commercialEdition": "Commerciële editie",
    "otpErrorEnable": "Kan 2FA niet inschakelen",
    "otpErrorEnableDescription": "Er is een fout opgetreden tijdens het inschakelen van 2FA",
    "otpSetupCheckCode": "Voer een 6-cijferige code in",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Alle gebruikers",
    "sidebarIdentityProviders": "Identiteit aanbieders",
    "sidebarLicense": "Licentie",
-    "sidebarClients": "Clients (Bèta)",
+    "sidebarClients": "Clienten",
    "sidebarDomains": "Domeinen",
+    "sidebarBluePrints": "Blauwdrukken",
+    "blueprints": "Blauwdrukken",
+    "blueprintsDescription": "Blauwdrukken zijn declaratieve YAML-configuraties die je bronnen en hun instellingen bepalen",
+    "blueprintAdd": "Blauwdruk toevoegen",
+    "blueprintGoBack": "Bekijk alle Blauwdrukken",
+    "blueprintCreate": "Creëer blauwdruk",
+    "blueprintCreateDescription2": "Volg de onderstaande stappen om een nieuwe blauwdruk te maken en toe te passen",
+    "blueprintDetails": "Blauwdruk details",
+    "blueprintDetailsDescription": "Bekijk de blauwdruk run details",
+    "blueprintInfo": "Blauwdruk Informatie",
+    "message": "bericht",
+    "blueprintContentsDescription": "Definieer de YAML content die je infrastructuur beschrijft",
+    "blueprintErrorCreateDescription": "Er is een fout opgetreden bij het toepassen van de blauwdruk",
+    "blueprintErrorCreate": "Fout bij maken blauwdruk",
+    "searchBlueprintProgress": "Blauwdrukken zoeken...",
+    "appliedAt": "Toegepast op",
+    "source": "Bron",
+    "contents": "Inhoud",
+    "parsedContents": "Geparseerde inhoud",
    "enableDockerSocket": "Schakel Docker Blauwdruk in",
    "enableDockerSocketDescription": "Schakel Docker Socket label in voor blauwdruk labels. Pad naar Nieuw.",
    "enableDockerSocketLink": "Meer informatie",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Domein aanmaken",
    "domainCreatedDescription": "Domein succesvol aangemaakt",
    "domainDeletedDescription": "Domein succesvol verwijderd",
-    "domainQuestionRemove": "Weet je zeker dat je het domein {domain} uit je account wilt verwijderen?",
+    "domainQuestionRemove": "Weet u zeker dat u het domein uit uw account wilt verwijderen?",
    "domainMessageRemove": "Na verwijdering zal het domein niet langer aan je account gekoppeld zijn.",
-    "domainMessageConfirm": "Om te bevestigen, typ hieronder de domeinnaam.",
    "domainConfirmDelete": "Bevestig verwijdering van domein",
    "domainDelete": "Domein verwijderen",
    "domain": "Domein",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Gratis Niveau",
    "billingWarningOverLimit": "Waarschuwing: U hebt een of meer gebruikslimieten overschreden. Uw sites maken geen verbinding totdat u uw abonnement aanpast of uw gebruik aanpast.",
    "billingUsageLimitsOverview": "Overzicht gebruikslimieten",
-    "billingMonitorUsage": "Houd uw gebruik in de gaten ten opzichte van de ingestelde limieten. Als u verhoogde limieten nodig heeft, neem dan contact met ons op support@fossorial.io.",
+    "billingMonitorUsage": "Houd uw gebruik in de gaten ten opzichte van de ingestelde limieten. Als u verhoogde limieten nodig heeft, neem dan contact met ons op support@pangolin.net.",
    "billingDataUsage": "Gegevensgebruik",
    "billingOnlineTime": "Site Online Tijd",
    "billingUsers": "Actieve Gebruikers",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Er was een probleem met het gebruik van je beveiligingssleutel. Probeer het opnieuw.",
    "twoFactorRequired": "Tweestapsverificatie is vereist om een beveiligingssleutel te registreren.",
    "twoFactor": "Tweestapsverificatie",
+    "twoFactorAuthentication": "Tweestapsverificatie verificatie",
+    "twoFactorDescription": "Deze organisatie vereist tweestapsverificatie.",
+    "enableTwoFactor": "Tweestapsverificatie inschakelen",
+    "organizationSecurityPolicy": "Organisatie Veiligheidsbeleid",
+    "organizationSecurityPolicyDescription": "Deze organisatie heeft beveiligingsvereisten waaraan moet worden voldaan voordat u deze kunt openen",
+    "securityRequirements": "Veiligheidsvereisten",
+    "allRequirementsMet": "Aan alle vereisten is voldaan",
+    "completeRequirementsToContinue": "Voltooi de onderstaande vereisten om toegang te blijven krijgen tot deze organisatie",
+    "youCanNowAccessOrganization": "U heeft nu toegang tot deze organisatie",
+    "reauthenticationRequired": "Sessie Lengte",
+    "reauthenticationDescription": "Deze organisatie vereist dat u elke {maxDays} dagen inlogt.",
+    "reauthenticationDescriptionHours": "Deze organisatie vereist dat u elke {maxHours} uur inlogt.",
+    "reauthenticateNow": "Opnieuw inloggen",
    "adminEnabled2FaOnYourAccount": "Je beheerder heeft tweestapsverificatie voor {email} ingeschakeld. Voltooi het instellingsproces om verder te gaan.",
-    "continueToApplication": "Doorgaan naar de applicatie",
    "securityKeyAdd": "Beveiligingssleutel toevoegen",
    "securityKeyRegisterTitle": "Nieuwe beveiligingssleutel registreren",
    "securityKeyRegisterDescription": "Verbind je beveiligingssleutel en voer een naam in om deze te identificeren",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Externe Proxy Ingeschakeld",
    "addNewTarget": "Voeg nieuw doelwit toe",
    "targetsList": "Lijst met doelen",
+    "advancedMode": "Geavanceerde modus",
    "targetErrorDuplicateTargetFound": "Dubbel doelwit gevonden",
    "healthCheckHealthy": "Gezond",
    "healthCheckUnhealthy": "Ongezond",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Auto Login Fout",
    "autoLoginErrorNoRedirectUrl": "Geen redirect URL ontvangen van de identity provider.",
    "autoLoginErrorGeneratingUrl": "Genereren van authenticatie-URL mislukt.",
-    "remoteExitNodeManageRemoteExitNodes": "Beheer Zelf-Gehoste",
-    "remoteExitNodeDescription": "Beheer knooppunten om uw netwerkverbinding uit te breiden",
+    "remoteExitNodeManageRemoteExitNodes": "Externe knooppunten",
+    "remoteExitNodeDescription": "Zorgt voor één of meer externe knooppunten om de netwerkverbinding uit te breiden en het vertrouwen in de cloud te verminderen",
    "remoteExitNodes": "Nodes",
    "searchRemoteExitNodes": "Knooppunten zoeken...",
    "remoteExitNodeAdd": "Voeg node toe",
    "remoteExitNodeErrorDelete": "Fout bij verwijderen node",
-    "remoteExitNodeQuestionRemove": "Weet u zeker dat u het node {selectedNode} uit de organisatie wilt verwijderen?",
+    "remoteExitNodeQuestionRemove": "Weet u zeker dat u het knooppunt uit de organisatie wilt verwijderen?",
    "remoteExitNodeMessageRemove": "Eenmaal verwijderd, zal het knooppunt niet langer toegankelijk zijn.",
-    "remoteExitNodeMessageConfirm": "Om te bevestigen, typ de naam van het knooppunt hieronder.",
    "remoteExitNodeConfirmDelete": "Bevestig verwijderen node",
    "remoteExitNodeDelete": "Knoop verwijderen",
-    "sidebarRemoteExitNodes": "Nodes",
+    "sidebarRemoteExitNodes": "Externe knooppunten",
    "remoteExitNodeCreate": {
        "title": "Maak node",
        "description": "Maak een nieuwe node aan om uw netwerkverbinding uit te breiden",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Bestand bewerken: docker-compose.yml",
    "emailVerificationRequired": "E-mail verificatie is vereist. Log opnieuw in via {dashboardUrl}/auth/login voltooide deze stap. Kom daarna hier terug.",
    "twoFactorSetupRequired": "Tweestapsverificatie instellen is vereist. Log opnieuw in via {dashboardUrl}/auth/login voltooide deze stap. Kom daarna hier terug.",
+    "additionalSecurityRequired": "Extra beveiliging vereist",
+    "organizationRequiresAdditionalSteps": "Deze organisatie vereist extra beveiligingsstappen voordat u toegang hebt tot de bronnen.",
+    "completeTheseSteps": "Voltooi deze stappen",
+    "enableTwoFactorAuthentication": "Tweestapsverificatie inschakelen",
+    "completeSecuritySteps": "Voltooi beveiligingsstappen",
+    "securitySettings": "Beveiliging instellingen",
+    "securitySettingsDescription": "Beveiligingsbeleid voor uw organisatie configureren",
+    "requireTwoFactorForAllUsers": "Authenticatie in twee stappen vereist voor alle gebruikers",
+    "requireTwoFactorDescription": "Wanneer ingeschakeld, moeten alle interne gebruikers in deze organisatie tweestapsverificatie ingeschakeld hebben om toegang te krijgen tot de organisatie.",
+    "requireTwoFactorDisabledDescription": "Deze functie vereist een geldig licentie (Enterprise) of actief abonnement (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "U moet tweestapsverificatie inschakelen voor uw account voordat u deze voor alle gebruikers kan afdwingen",
+    "maxSessionLength": "Maximale sessielengte",
+    "maxSessionLengthDescription": "Stel de maximale duur van de gebruikerssessies in. Na deze tijd zullen gebruikers opnieuw moeten verifiëren.",
+    "maxSessionLengthDisabledDescription": "Deze functie vereist een geldig licentie (Enterprise) of actief abonnement (SaaS)",
+    "selectSessionLength": "Selecteer sessie lengte",
+    "unenforced": "Onafgedwongen",
+    "1Hour": "1 uur",
+    "3Hours": "3 uur",
+    "6Hours": "6 uur",
+    "12Hours": "12 uur",
+    "1DaySession": "1 dag",
+    "3Days": "3 dagen",
+    "7Days": "7 dagen",
+    "14Days": "14 dagen",
+    "30DaysSession": "30 dagen",
+    "90DaysSession": "90 dagen",
+    "180DaysSession": "180 dagen",
+    "passwordExpiryDays": "Wachtwoord verloopt",
+    "editPasswordExpiryDescription": "Stel het aantal dagen in voordat gebruikers verplicht zijn hun wachtwoord te wijzigen.",
+    "selectPasswordExpiry": "Selecteer wachtwoord vervaldatum",
+    "30Days": "30 dagen",
+    "1Day": "1 dag",
+    "60Days": "60 dagen",
+    "90Days": "90 dagen",
+    "180Days": "180 dagen",
+    "1Year": "1 jaar",
+    "subscriptionBadge": "Abonnement vereist",
+    "securityPolicyChangeWarning": "Waarschuwing wijzigen beveiligingsbeleid",
+    "securityPolicyChangeDescription": "U staat op het punt om de instellingen van het beveiligingsbeleid te wijzigen. Na het opslaan moet u zich opnieuw aanmelden om te voldoen aan deze beleidsupdates. Alle gebruikers die niet aan de voorwaarden voldoen, moeten zich ook opnieuw authenticeren.",
+    "securityPolicyChangeConfirmMessage": "Ik bevestig",
+    "securityPolicyChangeWarningText": "Dit heeft invloed op alle gebruikers in de organisatie",
    "authPageErrorUpdateMessage": "Er is een fout opgetreden bij het bijwerken van de instellingen van de auth-pagina",
+    "authPageErrorUpdate": "Kan de autorisatiepagina niet bijwerken",
    "authPageUpdated": "Auth-pagina succesvol bijgewerkt",
    "healthCheckNotAvailable": "Lokaal",
    "rewritePath": "Herschrijf Pad",
-    "rewritePathDescription": "Optioneel het pad herschrijven voordat je het naar het doel doorstuurt."
+    "rewritePathDescription": "Optioneel het pad herschrijven voordat je het naar het doel doorstuurt.",
+    "continueToApplication": "Doorgaan naar applicatie",
+    "checkingInvite": "Uitnodiging controleren",
+    "setResourceHeaderAuth": "stelResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Auth koptekst verwijderen",
+    "resourceHeaderAuthRemoveDescription": "Koptekst authenticatie succesvol verwijderd.",
+    "resourceErrorHeaderAuthRemove": "Kan Header-authenticatie niet verwijderen",
+    "resourceErrorHeaderAuthRemoveDescription": "Kon header authenticatie niet verwijderen voor de bron.",
+    "resourceHeaderAuthProtectionEnabled": "Koptekst authenticatie ingeschakeld",
+    "resourceHeaderAuthProtectionDisabled": "Header authenticatie uitgeschakeld",
+    "headerAuthRemove": "Auth koptekst verwijderen",
+    "headerAuthAdd": "Kopsauth toevoegen",
+    "resourceErrorHeaderAuthSetup": "Kan Header Authenticatie niet instellen",
+    "resourceErrorHeaderAuthSetupDescription": "Kan geen header authenticatie instellen voor de bron.",
+    "resourceHeaderAuthSetup": "Header Authenticatie set succesvol",
+    "resourceHeaderAuthSetupDescription": "Header authenticatie is met succes ingesteld.",
+    "resourceHeaderAuthSetupTitle": "Header Authenticatie instellen",
+    "resourceHeaderAuthSetupTitleDescription": "Stel de basis authenticatiegegevens (gebruikersnaam en wachtwoord) in om deze bron te beschermen met HTTP Header Authenticatie. Gebruik het formaat https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Header Authenticatie instellen",
+    "actionSetResourceHeaderAuth": "Header Authenticatie instellen",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Ongelicentieerd",
+    "beta": "Bèta",
+    "manageClients": "Beheer Cliënten",
+    "manageClientsDescription": "Klanten zijn apparaten die verbinding kunnen maken met uw sites",
+    "licenseTableValidUntil": "Geldig tot",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenties",
+    "saasLicenseKeysSettingsDescription": "Genereer en beheer de Enterprise licentiesleutels voor zelfgehoste Pangolin instanties",
+    "sidebarEnterpriseLicenses": "Licenties",
+    "generateLicenseKey": "Licentiesleutel genereren",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Voer een geldig e-mailadres in",
+            "useCaseTypeRequired": "Selecteer een type voor gebruik",
+            "firstNameRequired": "Voornaam is vereist",
+            "lastNameRequired": "Achternaam is vereist",
+            "primaryUseRequired": "Beschrijf uw primaire gebruik",
+            "jobTitleRequiredBusiness": "Functitel is vereist voor business gebruik",
+            "industryRequiredBusiness": "Industrie is vereist voor zakelijk gebruik",
+            "stateProvinceRegionRequired": "Provincie/Regio is vereist",
+            "postalZipCodeRequired": "Postcode is vereist",
+            "companyNameRequiredBusiness": "Bedrijfsnaam is vereist voor zakelijk gebruik",
+            "countryOfResidenceRequiredBusiness": "Land van verblijf is vereist voor zakelijk gebruik",
+            "countryRequiredPersonal": "Land is vereist voor persoonlijk gebruik",
+            "agreeToTermsRequired": "U moet akkoord gaan met de voorwaarden",
+            "complianceConfirmationRequired": "U moet de naleving van de Fossorial Commerciële licentie bevestigen"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Persoonlijk gebruik",
+                "description": "Voor individueel, niet-commercieel gebruik, zoals leren, persoonlijke projecten of experimenten."
+            },
+            "business": {
+                "title": "Zakelijk gebruik",
+                "description": "Voor gebruik binnen organisaties, bedrijven, commerciële of inkomstengenererende activiteiten."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "E-mail & Licentie Type",
+                "description": "Voer uw e-mailadres in en kies uw licentietype"
+            },
+            "personalInformation": {
+                "title": "Persoonlijke informatie",
+                "description": "Vertel ons over jezelf"
+            },
+            "contactInformation": {
+                "title": "Contact informatie",
+                "description": "Uw contactgegevens"
+            },
+            "termsGenerate": {
+                "title": "Voorwaarden & Genereer",
+                "description": "Controleer en accepteer termen om uw licentie te genereren"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Disclosure voor gebruik",
+                "description": "Selecteer de licentielift die precies overeenkomt met het beoogde gebruik. De Persoonlijke Licentie staat het gratis gebruik van de software toe voor individuele, niet-commerciële of kleinschalige commerciële activiteiten met jaarlijkse bruto inkomsten van minder dan $100.000 USD. Elk gebruik buiten deze grenzen - inclusief gebruik binnen een bedrijf, organisatie, of andere inkomstengenererende omgeving - vereist een geldige Enterprise-licentie en betaling van de toepasselijke licentiekosten. Alle gebruikers, Persoonlijk of Enterprise, moeten voldoen aan de Fossorial Commerciële Licentievoorwaarden."
+            },
+            "trialPeriodInformation": {
+                "title": "Informatie proefperiode",
+                "description": "Deze licentiesleutel maakt bedrijfsfuncties mogelijk voor een evaluatieperiode van 7 dagen. Continue toegang tot betaalde functies na de evaluatieperiode vereist activering onder een geldige Persoonlijke of Enterprise License. Voor een Enterprise licentie, neem contact op met sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Gebruikt u Pangolin voor persoonlijk of zakelijk gebruik?",
+            "firstName": "Voornaam is vereist.",
+            "lastName": "Achternaam is vereist",
+            "jobTitle": "Job titel",
+            "primaryUseQuestion": "Waar bent u primair van plan Pangolin voor te gebruiken?",
+            "industryQuestion": "Wat is uw industrie?",
+            "prospectiveUsersQuestion": "Hoeveel potentiële gebruikers verwacht je te hebben?",
+            "prospectiveSitesQuestion": "Hoeveel potentiële sites (tunnels) verwacht je te hebben?",
+            "companyName": "Naam bedrijf",
+            "countryOfResidence": "Land van verblijf",
+            "stateProvinceRegion": "Staat / Provincie / Regio",
+            "postalZipCode": "Postcode / postcode",
+            "companyWebsite": "Bedrijfs website",
+            "companyPhoneNumber": "Bedrijfs telefoonnummer",
+            "country": "Land",
+            "phoneNumberOptional": "Telefoonnummer (optioneel)",
+            "complianceConfirmation": "Ik bevestig dat de door mij verstrekte informatie juist is en dat ik mij aan de Fossorial Commerciële licentie houd. Het melden van onjuiste informatie of het verkeerd identificeren van het gebruik van het product is een schending van de licentie en kan leiden tot het intrekken van uw sleutel."
+        },
+        "buttons": {
+            "close": "Sluiten",
+            "previous": "named@@0",
+            "next": "Volgende",
+            "generateLicenseKey": "Licentiesleutel genereren"
+        },
+        "toasts": {
+            "success": {
+                "title": "Licentiesleutel succesvol gegenereerd",
+                "description": "Uw licentiesleutel is gegenereerd en is klaar voor gebruik."
+            },
+            "error": {
+                "title": "Kan licentiesleutel niet genereren",
+                "description": "Fout opgetreden tijdens het genereren van de licentiesleutel."
+            }
+        }
+    },
+    "priority": "Prioriteit",
+    "priorityDescription": "routes met hogere prioriteit worden eerst geëvalueerd. Prioriteit = 100 betekent automatisch bestellen (systeem beslist de). Gebruik een ander nummer om handmatige prioriteit af te dwingen.",
+    "instanceName": "Naam instantie",
+    "pathMatchModalTitle": "Configureren van overeenkomende pad",
+    "pathMatchModalDescription": "Stel in hoe inkomende verzoeken moeten worden gekoppeld aan hun pad.",
+    "pathMatchType": "Wedstrijd Type",
+    "pathMatchPrefix": "Voorvoegsel",
+    "pathMatchExact": "Exacte",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Pad waarde",
+    "clear": "Verwijderen",
+    "saveChanges": "Wijzigingen opslaan",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/Pad",
+    "pathMatchPrefixHelp": "Voorbeeld: /api komt overeen met /api, /api/gebruikers, etc.",
+    "pathMatchExactHelp": "Voorbeeld: /api matcht alleen /api",
+    "pathMatchRegexHelp": "Voorbeeld: ^/api/.* komt overeen met /api/any",
+    "pathRewriteModalTitle": "Configureer pad herschrijven",
+    "pathRewriteModalDescription": "Verander het overeenstemmende pad voor het doorsturen naar het doel.",
+    "pathRewriteType": "Herschrijf Type",
+    "pathRewritePrefixOption": "Voorvoegsel - prefix vervangen",
+    "pathRewriteExactOption": "Exacte - Vervang het gehele pad",
+    "pathRewriteRegexOption": "Regex - Patroon vervanging",
+    "pathRewriteStripPrefixOption": "Voorvoegsel verwijderen - Verwijder voorvoegsel",
+    "pathRewriteValue": "Herschrijf Waarde",
+    "pathRewriteRegexPlaceholder": "/nieuw/$1",
+    "pathRewriteDefaultPlaceholder": "/nieuwe-pad",
+    "pathRewritePrefixHelp": "Vervang de overeenkomstige prefix door deze waarde",
+    "pathRewriteExactHelp": "Vervang het hele pad met deze waarde wanneer het pad precies overeenkomt",
+    "pathRewriteRegexHelp": "Gebruik capturegroepen zoals $1, $2 voor vervanging",
+    "pathRewriteStripPrefixHelp": "Laat leeg om de voorvoegsel te strippen of geef een nieuw voorvoegsel",
+    "pathRewritePrefix": "Voorvoegsel",
+    "pathRewriteExact": "Exacte",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Verwijder",
+    "pathRewriteStripLabel": "strip",
+    "sidebarEnableEnterpriseLicense": "Activeer Enterprise Licentie",
+    "cannotbeUndone": "Dit kan niet ongedaan worden gemaakt.",
+    "toConfirm": "om te bevestigen",
+    "deleteClientQuestion": "Weet u zeker dat u de client van de site en organisatie wilt verwijderen?",
+    "clientMessageRemove": "Eenmaal verwijderd, kan de client geen verbinding meer maken met de site.",
+    "sidebarLogs": "Logboeken",
+    "request": "Aanvragen",
+    "logs": "Logboeken",
+    "logsSettingsDescription": "Monitor logs verzameld van deze orginiatie",
+    "searchLogs": "Logboeken zoeken...",
+    "action": "actie",
+    "actor": "Acteur",
+    "timestamp": "Artikeldatering",
+    "accessLogs": "Toegang tot logboek",
+    "exportCsv": "Exporteren als CSV",
+    "actorId": "Acteur ID",
+    "allowedByRule": "Toegestaan door regel",
+    "allowedNoAuth": "Toegestaan geen authenticatie",
+    "validAccessToken": "Geldige toegangstoken",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Geldig wachtwoord",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Bron geblokkeerd",
+    "droppedByRule": "Achtergelaten door regel",
+    "noSessions": "Geen sessies",
+    "temporaryRequestToken": "Tijdelijk verzoek token",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP-adres",
+    "reason": "Reden",
+    "requestLogs": "Logboeken aanvragen",
+    "host": "Hostnaam",
+    "location": "Locatie",
+    "actionLogs": "Actie logs",
+    "sidebarLogsRequest": "Logboeken aanvragen",
+    "sidebarLogsAccess": "Toegang tot logboek",
+    "sidebarLogsAction": "Actie logs",
+    "logRetention": "Log bewaring",
+    "logRetentionDescription": "Beheren hoe lang verschillende soorten logs bewaard worden voor deze organisatie of schakel ze uit",
+    "requestLogsDescription": "Bekijk gedetailleerde verzoeklogboeken voor resources in deze organisatie",
+    "logRetentionRequestLabel": "Logboekbewaring aanvragen",
+    "logRetentionRequestDescription": "Hoe lang de aanvraaglogboeken te behouden",
+    "logRetentionAccessLabel": "Toegang logboek bewaring",
+    "logRetentionAccessDescription": "Hoe lang de toegangslogboeken behouden blijven",
+    "logRetentionActionLabel": "Actie log bewaring",
+    "logRetentionActionDescription": "Hoe lang de action logs behouden moeten blijven",
+    "logRetentionDisabled": "Uitgeschakeld",
+    "logRetention3Days": "3 dagen",
+    "logRetention7Days": "7 dagen",
+    "logRetention14Days": "14 dagen",
+    "logRetention30Days": "30 dagen",
+    "logRetention90Days": "90 dagen",
+    "logRetentionForever": "Voor altijd",
+    "actionLogsDescription": "Bekijk een geschiedenis van acties die worden uitgevoerd in deze organisatie",
+    "accessLogsDescription": "Toegangsverificatieverzoeken voor resources in deze organisatie bekijken",
+    "licenseRequiredToUse": "Een Enterprise-licentie is vereist om deze functie te gebruiken.",
+    "certResolver": "Certificaat Resolver",
+    "certResolverDescription": "Selecteer de certificaat resolver die moet worden gebruikt voor deze resource.",
+    "selectCertResolver": "Certificaat Resolver selecteren",
+    "enterCustomResolver": "Aangepaste Oplossing invoeren",
+    "preferWildcardCert": "Bij voorkeur Wildcard Certificaat",
+    "unverified": "Ongeverifieerd",
+    "domainSetting": "Domein instellingen",
+    "domainSettingDescription": "Configureer instellingen voor uw domein",
+    "preferWildcardCertDescription": "Poging om een certificaat met een wildcard te genereren (vereist een correct geconfigureerde certificaatresolver).",
+    "recordName": "Record Naam",
+    "auto": "Automatisch",
+    "TTL": "TTL",
+    "howToAddRecords": "Hoe voeg ik Records toe",
+    "dnsRecord": "DNS Records",
+    "required": "vereist",
+    "domainSettingsUpdated": "Domeininstellingen succesvol bijgewerkt",
+    "orgOrDomainIdMissing": "Organisatie of domein ID ontbreekt",
+    "loadingDNSRecords": "DNS-records laden...",
+    "olmUpdateAvailableInfo": "Er is een bijgewerkte versie van Olm beschikbaar. Update alstublieft naar de nieuwste versie voor de beste ervaring.",
+    "client": "Klant",
+    "proxyProtocol": "Proxy Protocol Instellingen",
+    "proxyProtocolDescription": "Proxyprotocol configureren om de IP-adressen van de client voor TCP/UDP-diensten te bewaren.",
+    "enableProxyProtocol": "Proxy Protocol inschakelen",
+    "proxyProtocolInfo": "Behoud IP adressen van de client voor TCP/UDP backends",
+    "proxyProtocolVersion": "Proxy Protocol Versie",
+    "version1": " Versie 1 (Aanbevolen)",
+    "version2": "Versie 2",
+    "versionDescription": "Versie 1 is text-based en breed ondersteund. Versie 2 is binair en efficiënter maar minder compatibel.",
+    "warning": "Waarschuwing",
+    "proxyProtocolWarning": "Je backend applicatie moet worden geconfigureerd om connecties met Proxy Protocol te accepteren. Als je backend geen Proxy Protocol ondersteunt, zal het inschakelen van dit alle verbindingen verbreken. Zorg ervoor dat je je backend configureert om Proxy Protocol headers van Traefik.",
+    "restarting": "Herstarten...",
+    "manual": "Handleiding",
+    "messageSupport": "Bericht ondersteuning",
+    "supportNotAvailableTitle": "Ondersteuning niet beschikbaar",
+    "supportNotAvailableDescription": "Ondersteuning is momenteel niet beschikbaar. U kunt een e-mail sturen naar support@pangolin.net.",
+    "supportRequestSentTitle": "Ondersteuningsverzoek verzonden",
+    "supportRequestSentDescription": "Uw bericht is succesvol verzonden.",
+    "supportRequestFailedTitle": "Kon aanvraag niet verzenden",
+    "supportRequestFailedDescription": "Er is een fout opgetreden tijdens het verzenden van uw supportverzoek.",
+    "supportSubjectRequired": "Onderwerp is vereist",
+    "supportSubjectMaxLength": "Onderwerp moet 255 tekens of minder lang zijn",
+    "supportMessageRequired": "Bericht is vereist",
+    "supportReplyTo": "Antwoord aan",
+    "supportSubject": "Onderwerp",
+    "supportSubjectPlaceholder": "Onderwerp invoeren",
+    "supportMessage": "bericht",
+    "supportMessagePlaceholder": "Voer uw bericht in",
+    "supportSending": "Verzenden...",
+    "supportSend": "Verzenden",
+    "supportMessageSent": "Bericht verzonden!",
+    "supportWillContact": "We nemen binnenkort contact met u op!"
 }
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -47,9 +47,8 @@
    "edit": "Edytuj",
    "siteConfirmDelete": "Potwierdź usunięcie witryny",
    "siteDelete": "Usuń witrynę",
-    "siteMessageRemove": "Po usunięciu, witryna nie będzie już dostępna. Wszystkie zasoby i cele związane z witryną zostaną również usunięte.",
-    "siteMessageConfirm": "Aby potwierdzić, wpisz nazwę witryny poniżej.",
-    "siteQuestionRemove": "Czy na pewno chcesz usunąć stronę {selectedSite} z organizacji?",
+    "siteMessageRemove": "Po usunięciu witryna nie będzie już dostępna. Wszystkie cele związane z witryną zostaną również usunięte.",
+    "siteQuestionRemove": "Czy na pewno chcesz usunąć witrynę z organizacji?",
    "siteManageSites": "Zarządzaj stronami",
    "siteDescription": "Zezwalaj na połączenie z siecią przez bezpieczne tunele",
    "siteCreate": "Utwórz witrynę",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana jest ręczna konfiguracja NAT.",
    "siteWgDescriptionSaas": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana ręczna konfiguracja NAT. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH",
    "siteLocalDescription": "Tylko lokalne zasoby. Brak tunelu.",
-    "siteLocalDescriptionSaas": "Tylko zasoby lokalne. Brak tunelowania. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH",
+    "siteLocalDescriptionSaas": "Tylko zasoby lokalne. Brak tunelu. Dostępne tylko w węzłach zdalnych.",
    "siteSeeAll": "Zobacz wszystkie witryny",
    "siteTunnelDescription": "Określ jak chcesz połączyć się ze swoją stroną",
    "siteNewtCredentials": "Aktualne dane logowania",
@@ -154,8 +153,7 @@
    "protected": "Chronione",
    "notProtected": "Niechronione",
    "resourceMessageRemove": "Po usunięciu, zasób nie będzie już dostępny. Wszystkie cele związane z zasobem zostaną również usunięte.",
-    "resourceMessageConfirm": "Aby potwierdzić, wpisz nazwę zasobu poniżej.",
-    "resourceQuestionRemove": "Czy na pewno chcesz usunąć zasób {selectedResource} z organizacji?",
+    "resourceQuestionRemove": "Czy na pewno chcesz usunąć zasób z organizacji?",
    "resourceHTTP": "Zasób HTTPS",
    "resourceHTTPDescription": "Proxy do Twojej aplikacji przez HTTPS, przy użyciu poddomeny lub domeny bazowej.",
    "resourceRaw": "Surowy zasób TCP/UDP",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Potwierdź usunięcie organizacji",
    "orgMessageRemove": "Ta akcja jest nieodwracalna i usunie wszystkie powiązane dane.",
    "orgMessageConfirm": "Aby potwierdzić, wpisz nazwę organizacji poniżej.",
-    "orgQuestionRemove": "Czy na pewno chcesz usunąć organizację {selectedOrg}?",
+    "orgQuestionRemove": "Czy na pewno chcesz usunąć organizację?",
    "orgUpdated": "Organizacja zaktualizowana",
    "orgUpdatedDescription": "Organizacja została zaktualizowana.",
    "orgErrorUpdate": "Nie udało się zaktualizować organizacji",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Generuj klucz API",
    "apiKeysErrorDelete": "Błąd podczas usuwania klucza API",
    "apiKeysErrorDeleteMessage": "Błąd podczas usuwania klucza API",
-    "apiKeysQuestionRemove": "Czy na pewno chcesz usunąć klucz API {selectedApiKey} z organizacji?",
+    "apiKeysQuestionRemove": "Czy na pewno chcesz usunąć klucz API z organizacji?",
    "apiKeysMessageRemove": "Po usunięciu klucz API nie będzie już mógł być używany.",
-    "apiKeysMessageConfirm": "Aby potwierdzić, wpisz nazwę klucza API poniżej.",
    "apiKeysDeleteConfirm": "Potwierdź usunięcie klucza API",
    "apiKeysDelete": "Usuń klucz API",
    "apiKeysManage": "Zarządzaj kluczami API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Potwierdź usunięcie użytkownika",
    "userDeleteServer": "Usuń użytkownika z serwera",
    "userMessageRemove": "Użytkownik zostanie usunięty ze wszystkich organizacji i całkowicie usunięty z serwera.",
-    "userMessageConfirm": "Aby potwierdzić, wpisz nazwę użytkownika poniżej.",
-    "userQuestionRemove": "Czy na pewno chcesz trwale usunąć {selectedUser} z serwera?",
+    "userQuestionRemove": "Czy na pewno chcesz trwale usunąć użytkownika z serwera?",
    "licenseKey": "Klucz licencyjny",
    "valid": "Prawidłowy",
    "numberOfSites": "Liczba witryn",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Zobacz Fossorial Commercial License & Subskrypcja",
    "licenseMessageRemove": "Spowoduje to usunięcie klucza licencyjnego i wszystkich przypisanych przez niego uprawnień.",
    "licenseMessageConfirm": "Aby potwierdzić, wpisz klucz licencyjny poniżej.",
-    "licenseQuestionRemove": "Czy na pewno chcesz usunąć klucz licencyjny {selectedKey}?",
+    "licenseQuestionRemove": "Czy na pewno chcesz usunąć klucz licencyjny?",
    "licenseKeyDelete": "Usuń klucz licencyjny",
    "licenseKeyDeleteConfirm": "Potwierdź usunięcie klucza licencyjnego",
    "licenseTitle": "Zarządzaj statusem licencji",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Wystąpił błąd podczas usuwania zaproszenia.",
    "inviteRemoved": "Zaproszenie usunięte",
    "inviteRemovedDescription": "Zaproszenie dla {email} zostało usunięte.",
-    "inviteQuestionRemove": "Czy na pewno chcesz usunąć zaproszenie {email}?",
+    "inviteQuestionRemove": "Czy na pewno chcesz usunąć zaproszenie?",
    "inviteMessageRemove": "Po usunięciu to zaproszenie nie będzie już ważne. Zawsze możesz ponownie zaprosić użytkownika później.",
    "inviteMessageConfirm": "Aby potwierdzić, wpisz poniżej adres email zaproszenia.",
    "inviteQuestionRegenerate": "Czy na pewno chcesz ponownie wygenerować zaproszenie {email}? Spowoduje to unieważnienie poprzedniego zaproszenia.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Wystąpił błąd podczas usuwania użytkownika.",
    "userOrgRemoved": "Użytkownik usunięty",
    "userOrgRemovedDescription": "Użytkownik {email} został usunięty z organizacji.",
-    "userQuestionOrgRemove": "Czy na pewno chcesz usunąć {email} z organizacji?",
+    "userQuestionOrgRemove": "Czy na pewno chcesz usunąć tego użytkownika z organizacji?",
    "userMessageOrgRemove": "Po usunięciu ten użytkownik nie będzie miał już dostępu do organizacji. Zawsze możesz ponownie go zaprosić później, ale będzie musiał ponownie zaakceptować zaproszenie.",
-    "userMessageOrgConfirm": "Aby potwierdzić, wpisz nazwę użytkownika poniżej.",
    "userRemoveOrgConfirm": "Potwierdź usunięcie użytkownika",
    "userRemoveOrg": "Usuń użytkownika z organizacji",
    "users": "Użytkownicy",
@@ -468,7 +463,10 @@
    "createdAt": "Utworzono",
    "proxyErrorInvalidHeader": "Nieprawidłowa wartość niestandardowego nagłówka hosta. Użyj formatu nazwy domeny lub zapisz pusty, aby usunąć niestandardowy nagłówek hosta.",
    "proxyErrorTls": "Nieprawidłowa nazwa serwera TLS. Użyj formatu nazwy domeny lub zapisz pusty, aby usunąć nazwę serwera TLS.",
-    "proxyEnableSSL": "Włącz SSL (https)",
+    "proxyEnableSSL": "Włącz SSL",
+    "proxyEnableSSLDescription": "Włącz szyfrowanie SSL/TLS dla bezpiecznych połączeń HTTPS z Twoimi celami.",
+    "target": "Target",
+    "configureTarget": "Konfiguruj Targety",
    "targetErrorFetch": "Nie udało się pobrać celów",
    "targetErrorFetchDescription": "Wystąpił błąd podczas pobierania celów",
    "siteErrorFetch": "Nie udało się pobrać zasobu",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Konfiguracja bezpiecznego połączenia",
    "targetTlsSettingsDescription": "Skonfiguruj ustawienia SSL/TLS dla twojego zasobu",
    "targetTlsSettingsAdvanced": "Zaawansowane ustawienia TLS",
-    "targetTlsSni": "Nazwa serwera TLS (SNI)",
+    "targetTlsSni": "Nazwa serwera TLS",
    "targetTlsSniDescription": "Nazwa serwera TLS do użycia dla SNI. Pozostaw puste, aby użyć domyślnej.",
    "targetTlsSubmit": "Zapisz ustawienia",
    "targets": "Konfiguracja celów",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Utrzymuj połączenia na tym samym celu backendowym przez całą sesję.",
    "methodSelect": "Wybierz metodę",
    "targetSubmit": "Dodaj cel",
-    "targetNoOne": "Brak celów. Dodaj cel używając formularza.",
+    "targetNoOne": "Ten zasób nie ma żadnych celów. Dodaj cel, aby skonfigurować miejsce wysyłania żądań do twojego backendu.",
    "targetNoOneDescription": "Dodanie więcej niż jednego celu powyżej włączy równoważenie obciążenia.",
    "targetsSubmit": "Zapisz cele",
+    "addTarget": "Dodaj cel",
+    "targetErrorInvalidIp": "Nieprawidłowy adres IP",
+    "targetErrorInvalidIpDescription": "Wprowadź prawidłowy adres IP lub nazwę hosta",
+    "targetErrorInvalidPort": "Nieprawidłowy port",
+    "targetErrorInvalidPortDescription": "Wprowadź prawidłowy numer portu",
+    "targetErrorNoSite": "Nie wybrano witryny",
+    "targetErrorNoSiteDescription": "Wybierz witrynę docelową",
+    "targetCreated": "Cel utworzony",
+    "targetCreatedDescription": "Cel został utworzony pomyślnie",
+    "targetErrorCreate": "Nie udało się utworzyć celu",
+    "targetErrorCreateDescription": "Wystąpił błąd podczas tworzenia celu",
+    "save": "Zapisz",
    "proxyAdditional": "Dodatkowe ustawienia proxy",
    "proxyAdditionalDescription": "Skonfiguruj jak twój zasób obsługuje ustawienia proxy",
    "proxyCustomHeader": "Niestandardowy nagłówek hosta",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Administrator serwera - Pangolin",
    "licenseTierProfessional": "Licencja Professional",
    "licenseTierEnterprise": "Licencja Enterprise",
-    "licenseTierCommercial": "Licencja handlowa",
+    "licenseTierPersonal": "Licencja osobista",
    "licensed": "Licencjonowany",
    "yes": "Tak",
    "no": "Nie",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Wyświetl i zarządzaj dostawcami tożsamości w systemie",
    "idpDeletedDescription": "Dostawca tożsamości został pomyślnie usunięty",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Czy na pewno chcesz trwale usunąć dostawcę tożsamości {name}?",
+    "idpQuestionRemove": "Czy na pewno chcesz trwale usunąć dostawcę tożsamości?",
    "idpMessageRemove": "Spowoduje to usunięcie dostawcy tożsamości i wszystkich powiązanych konfiguracji. Użytkownicy uwierzytelniający się przez tego dostawcę nie będą mogli się już zalogować.",
    "idpMessageConfirm": "Aby potwierdzić, wpisz nazwę dostawcy tożsamości poniżej.",
    "idpConfirmDelete": "Potwierdź usunięcie dostawcy tożsamości",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Nazwa wyświetlana dla tego dostawcy tożsamości",
    "idpAutoProvisionUsers": "Automatyczne tworzenie użytkowników",
    "idpAutoProvisionUsersDescription": "Gdy włączone, użytkownicy będą automatycznie tworzeni w systemie przy pierwszym logowaniu z możliwością mapowania użytkowników do ról i organizacji.",
-    "licenseBadge": "Profesjonalny",
+    "licenseBadge": "EE",
    "idpType": "Typ dostawcy",
    "idpTypeDescription": "Wybierz typ dostawcy tożsamości, który chcesz skonfigurować",
    "idpOidcConfigure": "Konfiguracja OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Sprawdź swój e-mail, aby znaleźć kod resetowania.",
    "passwordNew": "Nowe hasło",
    "passwordNewConfirm": "Potwierdź nowe hasło",
+    "changePassword": "Zmień hasło",
+    "changePasswordDescription": "Zaktualizuj hasło do konta",
+    "oldPassword": "Bieżące hasło",
+    "newPassword": "Nowe hasło",
+    "confirmNewPassword": "Potwierdź nowe hasło",
+    "changePasswordError": "Nie udało się zmienić hasła",
+    "changePasswordErrorDescription": "Wystąpił błąd podczas zmiany hasła",
+    "changePasswordSuccess": "Hasło zostało pomyślnie zmienione",
+    "changePasswordSuccessDescription": "Twoje hasło zostało pomyślnie zaktualizowane",
+    "passwordExpiryRequired": "Wymagane hasło wygasające",
+    "passwordExpiryDescription": "Organizacja wymaga zmiany hasła co {maxDays} dni.",
+    "changePasswordNow": "Zmień hasło teraz",
    "pincodeAuth": "Kod uwierzytelniający",
    "pincodeSubmit2": "Wyślij kod",
    "passwordResetSubmit": "Zażądaj resetowania",
@@ -1084,7 +1106,6 @@
    "navbar": "Menu nawigacyjne",
    "navbarDescription": "Główne menu nawigacyjne aplikacji",
    "navbarDocsLink": "Dokumentacja",
-    "commercialEdition": "Edycja komercyjna",
    "otpErrorEnable": "Nie można włączyć 2FA",
    "otpErrorEnableDescription": "Wystąpił błąd podczas włączania 2FA",
    "otpSetupCheckCode": "Wprowadź 6-cyfrowy kod",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Wszyscy użytkownicy",
    "sidebarIdentityProviders": "Dostawcy tożsamości",
    "sidebarLicense": "Licencja",
-    "sidebarClients": "Klienci (Beta)",
+    "sidebarClients": "Klientami",
    "sidebarDomains": "Domeny",
+    "sidebarBluePrints": "Schematy",
+    "blueprints": "Schematy",
+    "blueprintsDescription": "Plany to deklaratywne konfiguracje YAML, które definiują twoje zasoby i ich ustawienia",
+    "blueprintAdd": "Dodaj schemat",
+    "blueprintGoBack": "Zobacz wszystkie schematy",
+    "blueprintCreate": "Utwórz schemat",
+    "blueprintCreateDescription2": "Wykonaj poniższe kroki, aby utworzyć i zastosować nowy schemat",
+    "blueprintDetails": "Szczegóły projektu",
+    "blueprintDetailsDescription": "Zobacz szczegóły uruchomienia schematu",
+    "blueprintInfo": "Informacje o projekcie",
+    "message": "Wiadomość",
+    "blueprintContentsDescription": "Zdefiniuj zawartość YAML opisującą Twoją infrastrukturę",
+    "blueprintErrorCreateDescription": "Wystąpił błąd podczas stosowania schematu",
+    "blueprintErrorCreate": "Błąd podczas tworzenia schematu",
+    "searchBlueprintProgress": "Szukaj schematów...",
+    "appliedAt": "Zastosowano",
+    "source": "Źródło",
+    "contents": "Treść",
+    "parsedContents": "Przetworzona zawartość",
    "enableDockerSocket": "Włącz schemat dokera",
    "enableDockerSocketDescription": "Włącz etykietowanie kieszeni dokującej dla etykiet schematów. Ścieżka do gniazda musi być dostarczona do Newt.",
    "enableDockerSocketLink": "Dowiedz się więcej",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Utwórz domenę",
    "domainCreatedDescription": "Domena utworzona pomyślnie",
    "domainDeletedDescription": "Domena usunięta pomyślnie",
-    "domainQuestionRemove": "Czy na pewno chcesz usunąć domenę {domain} ze swojego konta?",
+    "domainQuestionRemove": "Czy na pewno chcesz usunąć domenę ze swojego konta?",
    "domainMessageRemove": "Po usunięciu domena nie będzie już powiązana z twoim kontem.",
-    "domainMessageConfirm": "Aby potwierdzić, wpisz nazwę domeny poniżej.",
    "domainConfirmDelete": "Potwierdź usunięcie domeny",
    "domainDelete": "Usuń domenę",
    "domain": "Domena",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Darmowy pakiet",
    "billingWarningOverLimit": "Ostrzeżenie: Przekroczyłeś jeden lub więcej limitów użytkowania. Twoje witryny nie połączą się, dopóki nie zmienisz subskrypcji lub nie dostosujesz użytkowania.",
    "billingUsageLimitsOverview": "Przegląd Limitów Użytkowania",
-    "billingMonitorUsage": "Monitoruj swoje wykorzystanie w porównaniu do skonfigurowanych limitów. Jeśli potrzebujesz zwiększenia limitów, skontaktuj się z nami pod adresem support@fossorial.io.",
+    "billingMonitorUsage": "Monitoruj swoje wykorzystanie w porównaniu do skonfigurowanych limitów. Jeśli potrzebujesz zwiększenia limitów, skontaktuj się z nami pod adresem support@pangolin.net.",
    "billingDataUsage": "Użycie danych",
    "billingOnlineTime": "Czas Online Strony",
    "billingUsers": "Aktywni użytkownicy",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Wystąpił problem z używaniem klucza bezpieczeństwa. Proszę spróbować ponownie.",
    "twoFactorRequired": "Uwierzytelnianie dwuskładnikowe jest wymagane do zarejestrowania klucza bezpieczeństwa.",
    "twoFactor": "Uwierzytelnianie dwuskładnikowe",
+    "twoFactorAuthentication": "Uwierzytelnianie dwuetapowe",
+    "twoFactorDescription": "Ta organizacja wymaga uwierzytelniania dwuskładnikowego.",
+    "enableTwoFactor": "Włącz uwierzytelnianie dwuetapowe",
+    "organizationSecurityPolicy": "Polityka bezpieczeństwa organizacji",
+    "organizationSecurityPolicyDescription": "Ta organizacja ma wymagania bezpieczeństwa, które muszą być spełnione, zanim będziesz mógł uzyskać dostęp do niej",
+    "securityRequirements": "Wymogi bezpieczeństwa",
+    "allRequirementsMet": "Wszystkie wymagania zostały spełnione",
+    "completeRequirementsToContinue": "Wypełnij poniższe wymagania, aby kontynuować dostęp do tej organizacji",
+    "youCanNowAccessOrganization": "Teraz możesz uzyskać dostęp do tej organizacji",
+    "reauthenticationRequired": "Długość sesji",
+    "reauthenticationDescription": "Organizacja wymaga logowania co {maxDays} dni.",
+    "reauthenticationDescriptionHours": "Organizacja wymaga logowania co {maxHours} godzin.",
+    "reauthenticateNow": "Zaloguj się ponownie",
    "adminEnabled2FaOnYourAccount": "Twój administrator włączył uwierzytelnianie dwuskładnikowe dla {email}. Proszę ukończyć proces konfiguracji, aby kontynuować.",
-    "continueToApplication": "Kontynuuj do aplikacji",
    "securityKeyAdd": "Dodaj klucz bezpieczeństwa",
    "securityKeyRegisterTitle": "Zarejestruj nowy klucz bezpieczeństwa",
    "securityKeyRegisterDescription": "Podłącz swój klucz bezpieczeństwa i wprowadź nazwę, aby go zidentyfikować",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Zewnętrzny Proxy Włączony",
    "addNewTarget": "Dodaj nowy cel",
    "targetsList": "Lista celów",
+    "advancedMode": "Tryb zaawansowany",
    "targetErrorDuplicateTargetFound": "Znaleziono duplikat celu",
    "healthCheckHealthy": "Zdrowy",
    "healthCheckUnhealthy": "Niezdrowy",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Błąd automatycznego logowania",
    "autoLoginErrorNoRedirectUrl": "Nie otrzymano URL przekierowania od dostawcy tożsamości.",
    "autoLoginErrorGeneratingUrl": "Nie udało się wygenerować URL uwierzytelniania.",
-    "remoteExitNodeManageRemoteExitNodes": "Zarządzaj Samodzielnie-Hostingowane",
-    "remoteExitNodeDescription": "Zarządzaj węzłami w celu rozszerzenia połączenia z siecią",
+    "remoteExitNodeManageRemoteExitNodes": "Zdalne węzły",
+    "remoteExitNodeDescription": "Samodzielny host jeden lub więcej węzłów zdalnych, aby rozszerzyć łączność z siecią i zmniejszyć zależność od chmury",
    "remoteExitNodes": "Węzły",
    "searchRemoteExitNodes": "Szukaj węzłów...",
    "remoteExitNodeAdd": "Dodaj węzeł",
    "remoteExitNodeErrorDelete": "Błąd podczas usuwania węzła",
-    "remoteExitNodeQuestionRemove": "Czy na pewno chcesz usunąć węzeł {selectedNode} z organizacji?",
+    "remoteExitNodeQuestionRemove": "Czy na pewno chcesz usunąć węzeł z organizacji?",
    "remoteExitNodeMessageRemove": "Po usunięciu, węzeł nie będzie już dostępny.",
-    "remoteExitNodeMessageConfirm": "Aby potwierdzić, wpisz nazwę węzła poniżej.",
    "remoteExitNodeConfirmDelete": "Potwierdź usunięcie węzła",
    "remoteExitNodeDelete": "Usuń węzeł",
-    "sidebarRemoteExitNodes": "Węzły",
+    "sidebarRemoteExitNodes": "Zdalne węzły",
    "remoteExitNodeCreate": {
        "title": "Utwórz węzeł",
        "description": "Utwórz nowy węzeł, aby rozszerzyć połączenie z siecią",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Edytuj plik: docker-compose.yml",
    "emailVerificationRequired": "Weryfikacja adresu e-mail jest wymagana. Zaloguj się ponownie przez {dashboardUrl}/auth/login zakończył ten krok. Następnie wróć tutaj.",
    "twoFactorSetupRequired": "Konfiguracja uwierzytelniania dwuskładnikowego jest wymagana. Zaloguj się ponownie przez {dashboardUrl}/auth/login dokończ ten krok. Następnie wróć tutaj.",
+    "additionalSecurityRequired": "Wymagane dodatkowe zabezpieczenie",
+    "organizationRequiresAdditionalSteps": "Ta organizacja wymaga dodatkowych kroków bezpieczeństwa, zanim będziesz mógł uzyskać dostęp do zasobów.",
+    "completeTheseSteps": "Wykonaj te kroki",
+    "enableTwoFactorAuthentication": "Włącz uwierzytelnianie dwuskładnikowe",
+    "completeSecuritySteps": "Zakończ kroki bezpieczeństwa",
+    "securitySettings": "Ustawienia zabezpieczeń",
+    "securitySettingsDescription": "Skonfiguruj politykę bezpieczeństwa dla Twojej organizacji",
+    "requireTwoFactorForAllUsers": "Wymagaj uwierzytelniania dwuetapowego dla wszystkich użytkowników",
+    "requireTwoFactorDescription": "Po włączeniu wszyscy użytkownicy wewnętrzni w tej organizacji muszą mieć włączone uwierzytelnianie dwuskładnikowe, aby uzyskać dostęp do organizacji.",
+    "requireTwoFactorDisabledDescription": "Ta funkcja wymaga poprawnej licencji (Enterprise) lub aktywnej subskrypcji (SaaaS)",
+    "requireTwoFactorCannotEnableDescription": "Musisz włączyć uwierzytelnianie dwuskładnikowe dla swojego konta przed wymuszaniem go dla wszystkich użytkowników",
+    "maxSessionLength": "Maksymalna długość sesji",
+    "maxSessionLengthDescription": "Ustaw maksymalny czas trwania sesji użytkownika. Po tym czasie użytkownicy będą musieli ponownie uwierzytelniać.",
+    "maxSessionLengthDisabledDescription": "Ta funkcja wymaga poprawnej licencji (Enterprise) lub aktywnej subskrypcji (SaaaS)",
+    "selectSessionLength": "Wybierz długość sesji",
+    "unenforced": "Niewymuszony",
+    "1Hour": "1 godzina",
+    "3Hours": "3 godziny",
+    "6Hours": "6 godzin",
+    "12Hours": "12 godzin",
+    "1DaySession": "1 dzień",
+    "3Days": "3 dni",
+    "7Days": "7 dni",
+    "14Days": "14 dni",
+    "30DaysSession": "30 dni",
+    "90DaysSession": "90 dni",
+    "180DaysSession": "180 dni",
+    "passwordExpiryDays": "Hasło wygasa",
+    "editPasswordExpiryDescription": "Ustaw liczbę dni zanim użytkownicy będą musieli zmienić swoje hasło.",
+    "selectPasswordExpiry": "Wybierz wygasanie hasła",
+    "30Days": "30 dni",
+    "1Day": "1 dzień",
+    "60Days": "60 dni",
+    "90Days": "90 dni",
+    "180Days": "180 dni",
+    "1Year": "1 rok",
+    "subscriptionBadge": "Wymagana subskrypcja",
+    "securityPolicyChangeWarning": "Ostrzeżenie o zmianach w polityce bezpieczeństwa",
+    "securityPolicyChangeDescription": "Zamierzasz zmienić ustawienia polityki bezpieczeństwa. Po zapisaniu konieczne może być ponowne uwierzytelnienie w celu zapewnienia zgodności z tymi aktualizacjami polityki. Wszyscy użytkownicy, którzy nie są zgodni, będą również musieli ponownie uwierzytelniać.",
+    "securityPolicyChangeConfirmMessage": "Potwierdzam",
+    "securityPolicyChangeWarningText": "To wpłynie na wszystkich użytkowników w organizacji",
    "authPageErrorUpdateMessage": "Wystąpił błąd podczas aktualizacji ustawień strony uwierzytelniania",
+    "authPageErrorUpdate": "Nie można zaktualizować strony uwierzytelniania",
    "authPageUpdated": "Strona uwierzytelniania została pomyślnie zaktualizowana",
    "healthCheckNotAvailable": "Lokalny",
    "rewritePath": "Przepis Ścieżki",
-    "rewritePathDescription": "Opcjonalnie przepisz ścieżkę przed przesłaniem do celu."
+    "rewritePathDescription": "Opcjonalnie przepisz ścieżkę przed przesłaniem do celu.",
+    "continueToApplication": "Kontynuuj do aplikacji",
+    "checkingInvite": "Sprawdzanie zaproszenia",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Usuń autoryzację nagłówka",
+    "resourceHeaderAuthRemoveDescription": "Uwierzytelnianie nagłówka zostało pomyślnie usunięte.",
+    "resourceErrorHeaderAuthRemove": "Nie udało się usunąć uwierzytelniania nagłówka",
+    "resourceErrorHeaderAuthRemoveDescription": "Nie można usunąć uwierzytelniania nagłówka zasobu.",
+    "resourceHeaderAuthProtectionEnabled": "Uwierzytelnianie nagłówka włączone",
+    "resourceHeaderAuthProtectionDisabled": "Uwierzytelnianie nagłówka wyłączone",
+    "headerAuthRemove": "Usuń autoryzację nagłówka",
+    "headerAuthAdd": "Dodaj Autoryzacja nagłówka",
+    "resourceErrorHeaderAuthSetup": "Nie udało się ustawić uwierzytelniania nagłówka",
+    "resourceErrorHeaderAuthSetupDescription": "Nie można ustawić uwierzytelniania nagłówka dla zasobu.",
+    "resourceHeaderAuthSetup": "Uwierzytelnianie nagłówka ustawione pomyślnie",
+    "resourceHeaderAuthSetupDescription": "Uwierzytelnianie nagłówka zostało ustawione.",
+    "resourceHeaderAuthSetupTitle": "Ustaw uwierzytelnianie nagłówka",
+    "resourceHeaderAuthSetupTitleDescription": "Ustaw podstawowe dane uwierzytelniające (nazwa użytkownika i hasło), aby chronić ten zasób za pomocą uwierzytelniania nagłówka HTTP. Uzyskaj dostęp za pomocą formatu https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Ustaw uwierzytelnianie nagłówka",
+    "actionSetResourceHeaderAuth": "Ustaw uwierzytelnianie nagłówka",
+    "enterpriseEdition": "Edycja Enterprise",
+    "unlicensed": "Nielicencjonowane",
+    "beta": "Beta",
+    "manageClients": "Zarządzaj klientami",
+    "manageClientsDescription": "Klienci to urządzenia, które mogą łączyć się z Twoimi witrynami",
+    "licenseTableValidUntil": "Ważny do",
+    "saasLicenseKeysSettingsTitle": "Licencje przedsiębiorstwa",
+    "saasLicenseKeysSettingsDescription": "Generuj i zarządzaj kluczami licencyjnymi Enterprise dla samodzielnych instancji Pangolin",
+    "sidebarEnterpriseLicenses": "Licencje",
+    "generateLicenseKey": "Generuj klucz licencyjny",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Wprowadź poprawny adres e-mail",
+            "useCaseTypeRequired": "Proszę wybrać typ litery",
+            "firstNameRequired": "Imię jest wymagane",
+            "lastNameRequired": "Nazwisko jest wymagane",
+            "primaryUseRequired": "Opisz swoje podstawowe użycie",
+            "jobTitleRequiredBusiness": "Tytuł pracy jest wymagany do użytku służbowego",
+            "industryRequiredBusiness": "Przemysł jest wymagany do celów biznesowych.",
+            "stateProvinceRegionRequired": "Wymagany jest stan/województwo/region",
+            "postalZipCodeRequired": "Kod pocztowy jest wymagany",
+            "companyNameRequiredBusiness": "Nazwa firmy jest wymagana do użytku służbowego",
+            "countryOfResidenceRequiredBusiness": "Kraj zamieszkania jest wymagany do celów służbowych",
+            "countryRequiredPersonal": "Kraj jest wymagany do użytku osobistego",
+            "agreeToTermsRequired": "Musisz zaakceptować regulamin",
+            "complianceConfirmationRequired": "Musisz potwierdzić zgodność z Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Użytkowanie osobiste",
+                "description": "Dla celów indywidualnych, niekomercyjnych, takich jak nauka, projekty osobiste lub eksperymenty."
+            },
+            "business": {
+                "title": "Wykorzystanie służbowe",
+                "description": "Do użytku w ramach organizacji, przedsiębiorstw lub działalności komercyjnej lub generującej dochody."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Typ adresu e-mail i licencji",
+                "description": "Wprowadź swój adres e-mail i wybierz rodzaj licencji"
+            },
+            "personalInformation": {
+                "title": "Informacje osobiste",
+                "description": "Powiedz nam o sobie"
+            },
+            "contactInformation": {
+                "title": "Informacje kontaktowe",
+                "description": "Twoje dane kontaktowe"
+            },
+            "termsGenerate": {
+                "title": "Reguły i generuj",
+                "description": "Przejrzyj i zaakceptuj warunki generowania licencji"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Ujawnienie użycia",
+                "description": "Wybierz poziom licencji, który dokładnie odzwierciedla zamierzone użycie. Licencja osobista pozwala na bezpłatne wykorzystanie oprogramowania do działalności komercyjnej, o charakterze indywidualnym, niekomercyjnym lub na małą skalę, o rocznym dochodzie brutto poniżej 100 000 USD. Wszelkie zastosowania wykraczające poza te ograniczenia – w tym wykorzystanie w przedsiębiorstwie, organizacja, lub inne środowisko generujące dochód – wymaga ważnej licencji przedsiębiorstwa i uiszczenia stosownej opłaty licencyjnej. Wszyscy użytkownicy, niezależnie od tego, czy są prywatni czy przedsiębiorcy, muszą przestrzegać warunków licencji Fossorial Commercial License."
+            },
+            "trialPeriodInformation": {
+                "title": "Informacje o okresie próbnym",
+                "description": "Ten klucz licencyjny umożliwia przedsiębiorstwom funkcje na 7-dniowy okres oceny. Ciągły dostęp do płatnych funkcji po zakończeniu okresu oceny wymaga aktywacji na podstawie ważnej licencji osobistej lub prywatnej. W celu uzyskania licencji przedsiębiorstwa skontaktuj się z sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Używasz Pangolin do użytku osobistego lub biznesowego?",
+            "firstName": "Imię",
+            "lastName": "Nazwisko",
+            "jobTitle": "Tytuł zadania",
+            "primaryUseQuestion": "Na co planujesz przede wszystkim stosować lek Pangolin?",
+            "industryQuestion": "Jaki jest twój przemysł?",
+            "prospectiveUsersQuestion": "Ilu potencjalnych użytkowników oczekujesz?",
+            "prospectiveSitesQuestion": "Ile potencjalnych stron (tuneli) oczekujesz?",
+            "companyName": "Nazwa firmy",
+            "countryOfResidence": "Kraj zamieszkania",
+            "stateProvinceRegion": "Województwo / Region",
+            "postalZipCode": "Kod pocztowy",
+            "companyWebsite": "Strona internetowa firmy",
+            "companyPhoneNumber": "Numer telefonu firmy",
+            "country": "Kraj",
+            "phoneNumberOptional": "Numer telefonu (opcjonalnie)",
+            "complianceConfirmation": "Potwierdzam, że podane przeze mnie informacje są dokładne i że jestem zgodny z Fossorial Commercial License. Zgłaszanie nieprawidłowych informacji lub błędne oznaczanie użycia produktu jest naruszeniem licencji i może skutkować cofnięciem klucza."
+        },
+        "buttons": {
+            "close": "Zamknij",
+            "previous": "Poprzedni",
+            "next": "Następny",
+            "generateLicenseKey": "Generuj klucz licencyjny"
+        },
+        "toasts": {
+            "success": {
+                "title": "Klucz licencyjny wygenerowany pomyślnie",
+                "description": "Twój klucz licencyjny został wygenerowany i jest gotowy do użycia."
+            },
+            "error": {
+                "title": "Nie udało się wygenerować klucza licencyjnego",
+                "description": "Wystąpił błąd podczas generowania klucza licencji."
+            }
+        }
+    },
+    "priority": "Priorytet",
+    "priorityDescription": "Najpierw oceniane są trasy priorytetowe. Priorytet = 100 oznacza automatyczne zamawianie (decyzje systemowe). Użyj innego numeru, aby wyegzekwować ręczny priorytet.",
+    "instanceName": "Nazwa instancji",
+    "pathMatchModalTitle": "Skonfiguruj dopasowanie ścieżki",
+    "pathMatchModalDescription": "Skonfiguruj sposób dopasowania przychodzących żądań na podstawie ich ścieżki.",
+    "pathMatchType": "Typ dopasowania",
+    "pathMatchPrefix": "Prefiks",
+    "pathMatchExact": "Dokładny",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Wartość ścieżki",
+    "clear": "Wyczyść",
+    "saveChanges": "Zapisz zmiany",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/ścieżka",
+    "pathMatchPrefixHelp": "Przykład: /api pasuje do /api, /api/users itp.",
+    "pathMatchExactHelp": "Przykład: /api pasuje tylko /api",
+    "pathMatchRegexHelp": "Przykład: ^/api/.* pasuje do /api/cokolwiek",
+    "pathRewriteModalTitle": "Konfiguruj Przepisywanie Ścieżki",
+    "pathRewriteModalDescription": "Przekształć dopasowaną ścieżkę przed przekierowaniem do celu.",
+    "pathRewriteType": "Typ przekierowania",
+    "pathRewritePrefixOption": "Prefiks - Zamień prefiks",
+    "pathRewriteExactOption": "Dokładny - Zamień całą ścieżkę",
+    "pathRewriteRegexOption": "Regex - zamiennik wzoru",
+    "pathRewriteStripPrefixOption": "Prefiks paska - Usuń prefiks",
+    "pathRewriteValue": "Przepisz wartość",
+    "pathRewriteRegexPlaceholder": "/nowy/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Zastąp dopasowany prefiks tą wartością",
+    "pathRewriteExactHelp": "Zastąp całą ścieżkę tą wartością, gdy ścieżka dokładnie pasuje do siebie",
+    "pathRewriteRegexHelp": "Użyj grup przechwytywania takich jak $1, $2 do zamiany",
+    "pathRewriteStripPrefixHelp": "Pozostaw puste, aby usunąć prefiks lub podać nowy prefiks",
+    "pathRewritePrefix": "Prefiks",
+    "pathRewriteExact": "Dokładny",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Pasek",
+    "pathRewriteStripLabel": "pasek",
+    "sidebarEnableEnterpriseLicense": "Włącz licencję przedsiębiorstwa",
+    "cannotbeUndone": "Tej operacji nie można cofnąć.",
+    "toConfirm": "potwierdzić",
+    "deleteClientQuestion": "Czy na pewno chcesz usunąć klienta z witryny i organizacji?",
+    "clientMessageRemove": "Po usunięciu, klient nie będzie już mógł połączyć się z witryną.",
+    "sidebarLogs": "Logi",
+    "request": "Żądanie",
+    "logs": "Logi",
+    "logsSettingsDescription": "Monitoruj logi zebrane z tej orginizacji",
+    "searchLogs": "Szukaj dzienników...",
+    "action": "Akcja",
+    "actor": "Aktor",
+    "timestamp": "Znacznik czasu",
+    "accessLogs": "Logi dostępu",
+    "exportCsv": "Eksportuj CSV",
+    "actorId": "Identyfikator podmiotu",
+    "allowedByRule": "Dozwolone przez regułę",
+    "allowedNoAuth": "Dozwolone Brak Auth",
+    "validAccessToken": "Ważny token dostępu",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Prawidłowe hasło",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Zasób zablokowany",
+    "droppedByRule": "Upuszczone przez regułę",
+    "noSessions": "Brak sesji",
+    "temporaryRequestToken": "Tymczasowy token żądania",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Powód",
+    "requestLogs": "Dzienniki żądań",
+    "host": "Host",
+    "location": "Lokalizacja",
+    "actionLogs": "Dzienniki działań",
+    "sidebarLogsRequest": "Dzienniki żądań",
+    "sidebarLogsAccess": "Logi dostępu",
+    "sidebarLogsAction": "Dzienniki działań",
+    "logRetention": "Zachowanie dziennika",
+    "logRetentionDescription": "Zarządzaj jak długo różne typy logów są zachowane dla tej organizacji lub wyłącz je",
+    "requestLogsDescription": "Zobacz szczegółowe dzienniki żądań zasobów w tej organizacji",
+    "logRetentionRequestLabel": "Zachowanie dziennika żądań",
+    "logRetentionRequestDescription": "Jak długo zachować dzienniki żądań",
+    "logRetentionAccessLabel": "Zachowanie dziennika dostępu",
+    "logRetentionAccessDescription": "Jak długo zachować dzienniki dostępu",
+    "logRetentionActionLabel": "Zachowanie dziennika akcji",
+    "logRetentionActionDescription": "Jak długo zachować dzienniki akcji",
+    "logRetentionDisabled": "Wyłączone",
+    "logRetention3Days": "3 dni",
+    "logRetention7Days": "7 dni",
+    "logRetention14Days": "14 dni",
+    "logRetention30Days": "30 dni",
+    "logRetention90Days": "90 dni",
+    "logRetentionForever": "Na zawsze",
+    "actionLogsDescription": "Zobacz historię działań wykonywanych w tej organizacji",
+    "accessLogsDescription": "Wyświetl prośby o autoryzację dostępu do zasobów w tej organizacji",
+    "licenseRequiredToUse": "Licencja Enterprise jest wymagana do korzystania z tej funkcji.",
+    "certResolver": "Rozwiązywanie certyfikatów",
+    "certResolverDescription": "Wybierz resolver certyfikatów do użycia dla tego zasobu.",
+    "selectCertResolver": "Wybierz Resolver certyfikatów",
+    "enterCustomResolver": "Wprowadź niestandardowy Resolver",
+    "preferWildcardCert": "Preferuj Certyfikat Wildcard",
+    "unverified": "Niezweryfikowane",
+    "domainSetting": "Ustawienia domeny",
+    "domainSettingDescription": "Skonfiguruj ustawienia domeny",
+    "preferWildcardCertDescription": "Próba wygenerowania certyfikatu wieloznacznego (wymaga poprawnie skonfigurowanego resolwera certyfikatów).",
+    "recordName": "Nazwa rekordu",
+    "auto": "Auto",
+    "TTL": "TTL",
+    "howToAddRecords": "Jak dodać rekordy",
+    "dnsRecord": "Wpisy DNS",
+    "required": "Wymagane",
+    "domainSettingsUpdated": "Ustawienia domeny zaktualizowane pomyślnie",
+    "orgOrDomainIdMissing": "Brakuje identyfikatora organizacji lub domeny",
+    "loadingDNSRecords": "Ładowanie rekordów DNS...",
+    "olmUpdateAvailableInfo": "Dostępna jest zaktualizowana wersja Olm. Zaktualizuj do najnowszej wersji, aby uzyskać najlepsze doświadczenia.",
+    "client": "Klient",
+    "proxyProtocol": "Ustawienia protokołu proxy",
+    "proxyProtocolDescription": "Skonfiguruj protokół Proxy aby zachować adresy IP klienta dla usług TCP/UDP.",
+    "enableProxyProtocol": "Włącz protokół proxy",
+    "proxyProtocolInfo": "Zachowaj adresy IP klienta dla backendów TCP/UDP",
+    "proxyProtocolVersion": "Wersja protokołu proxy",
+    "version1": " Wersja 1 (zalecane)",
+    "version2": "Wersja 2",
+    "versionDescription": "Wersja 1 jest oparta na tekście i szeroko wspierana. Wersja 2 jest binarna i bardziej efektywna, ale mniej kompatybilna.",
+    "warning": "Ostrzeżenie",
+    "proxyProtocolWarning": "Twoja aplikacja backend musi być skonfigurowana tak, aby przyjmować połączenia z protokołem proxy. Jeśli Twój backend nie obsługuje protokołu proxy, włączenie to spowoduje przerwanie wszystkich połączeń. Upewnij się, że konfiguracja twojego backendu do zaufanych nagłówków protokołu proxy z Traefik.",
+    "restarting": "Restartowanie...",
+    "manual": "Ręcznie",
+    "messageSupport": "Obsługa wiadomości",
+    "supportNotAvailableTitle": "Wsparcie niedostępne",
+    "supportNotAvailableDescription": "Wsparcie nie jest teraz dostępne. Możesz wysłać e-mail na adres support@pangolin.net.",
+    "supportRequestSentTitle": "Prośba o wsparcie wysłana",
+    "supportRequestSentDescription": "Wiadomość została wysłana pomyślnie.",
+    "supportRequestFailedTitle": "Nie udało się wysłać żądania",
+    "supportRequestFailedDescription": "Wystąpił błąd podczas wysyłania prośby o wsparcie.",
+    "supportSubjectRequired": "Temat jest wymagany",
+    "supportSubjectMaxLength": "Temat musi mieć 255 znaków lub mniej",
+    "supportMessageRequired": "Wiadomość jest wymagana",
+    "supportReplyTo": "Odpowiedź do",
+    "supportSubject": "Temat",
+    "supportSubjectPlaceholder": "Wprowadź temat",
+    "supportMessage": "Wiadomość",
+    "supportMessagePlaceholder": "Wprowadź swoją wiadomość",
+    "supportSending": "Wysyłanie...",
+    "supportSend": "Wyślij",
+    "supportMessageSent": "Wiadomość wysłana!",
+    "supportWillContact": "Wkrótce będziemy w kontakcie!"
 }
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -47,9 +47,8 @@
    "edit": "Alterar",
    "siteConfirmDelete": "Confirmar que pretende apagar o site",
    "siteDelete": "Excluir site",
-    "siteMessageRemove": "Uma vez removido, o site não estará mais acessível. Todos os recursos e alvos associados ao site também serão removidos.",
-    "siteMessageConfirm": "Para confirmar, por favor, digite o nome do site abaixo.",
-    "siteQuestionRemove": "Você tem certeza que deseja remover o site {selectedSite} da organização?",
+    "siteMessageRemove": "Uma vez removido, o site não estará mais acessível. Todas as metas associadas ao site também serão removidas.",
+    "siteQuestionRemove": "Você tem certeza que deseja remover este site da organização?",
    "siteManageSites": "Gerir sites",
    "siteDescription": "Permitir conectividade à sua rede através de túneis seguros",
    "siteCreate": "Criar site",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Use qualquer cliente do WireGuard para estabelecer um túnel. Configuração manual NAT é necessária.",
    "siteWgDescriptionSaas": "Use qualquer cliente WireGuard para estabelecer um túnel. Configuração manual NAT necessária. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS",
    "siteLocalDescription": "Recursos locais apenas. Sem túneis.",
-    "siteLocalDescriptionSaas": "Apenas recursos locais. Sem tunelamento. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS",
+    "siteLocalDescriptionSaas": "Apenas recursos locais. Sem túneis. Apenas disponível em nós remotos.",
    "siteSeeAll": "Ver todos os sites",
    "siteTunnelDescription": "Determine como você deseja se conectar ao seu site",
    "siteNewtCredentials": "Credenciais Novas",
@@ -154,8 +153,7 @@
    "protected": "Protegido",
    "notProtected": "Não Protegido",
    "resourceMessageRemove": "Uma vez removido, o recurso não estará mais acessível. Todos os alvos associados ao recurso também serão removidos.",
-    "resourceMessageConfirm": "Para confirmar, por favor, digite o nome do recurso abaixo.",
-    "resourceQuestionRemove": "Tem certeza que deseja remover o recurso {selectedResource} da organização?",
+    "resourceQuestionRemove": "Você tem certeza que deseja remover o recurso da organização?",
    "resourceHTTP": "Recurso HTTPS",
    "resourceHTTPDescription": "O proxy solicita ao seu aplicativo via HTTPS usando um subdomínio ou domínio base.",
    "resourceRaw": "Recurso TCP/UDP bruto",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Confirmar que pretende apagar a organização",
    "orgMessageRemove": "Esta ação é irreversível e apagará todos os dados associados.",
    "orgMessageConfirm": "Para confirmar, digite o nome da organização abaixo.",
-    "orgQuestionRemove": "Tem certeza que deseja remover a organização {selectedOrg}?",
+    "orgQuestionRemove": "Você tem certeza que deseja remover esta organização?",
    "orgUpdated": "Organização atualizada",
    "orgUpdatedDescription": "A organização foi atualizada.",
    "orgErrorUpdate": "Falha ao atualizar organização",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Gerar Chave API",
    "apiKeysErrorDelete": "Erro ao apagar chave API",
    "apiKeysErrorDeleteMessage": "Erro ao apagar chave API",
-    "apiKeysQuestionRemove": "Tem certeza que deseja remover a chave API {selectedApiKey} da organização?",
+    "apiKeysQuestionRemove": "Tem certeza que deseja remover a chave de API da organização?",
    "apiKeysMessageRemove": "Uma vez removida, a chave API não poderá mais ser utilizada.",
-    "apiKeysMessageConfirm": "Para confirmar, por favor digite o nome da chave API abaixo.",
    "apiKeysDeleteConfirm": "Confirmar Exclusão da Chave API",
    "apiKeysDelete": "Excluir Chave API",
    "apiKeysManage": "Gerir Chaves API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Confirmar Exclusão do Usuário",
    "userDeleteServer": "Excluir utilizador do servidor",
    "userMessageRemove": "O utilizador será removido de todas as organizações e será completamente removido do servidor.",
-    "userMessageConfirm": "Para confirmar, por favor digite o nome do utilizador abaixo.",
-    "userQuestionRemove": "Tem certeza que deseja apagar o {selectedUser} permanentemente do servidor?",
+    "userQuestionRemove": "Tem certeza que deseja excluir permanentemente o usuário do servidor?",
    "licenseKey": "Chave de Licença",
    "valid": "Válido",
    "numberOfSites": "Número de sites",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Ver Termos e Condições de Assinatura e Licença Fossorial",
    "licenseMessageRemove": "Isto irá remover a chave da licença e todas as permissões associadas concedidas por ela.",
    "licenseMessageConfirm": "Para confirmar, por favor, digite a chave de licença abaixo.",
-    "licenseQuestionRemove": "Tem certeza que deseja apagar a chave de licença {selectedKey}?",
+    "licenseQuestionRemove": "Tem certeza que deseja excluir a chave de licença?",
    "licenseKeyDelete": "Excluir Chave de Licença",
    "licenseKeyDeleteConfirm": "Confirmar que pretende apagar a chave de licença",
    "licenseTitle": "Gerir Status da Licença",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Ocorreu um erro ao remover o convite.",
    "inviteRemoved": "Convite removido",
    "inviteRemovedDescription": "O convite para {email} foi removido.",
-    "inviteQuestionRemove": "Tem certeza de que deseja remover o convite {email}?",
+    "inviteQuestionRemove": "Tem certeza de que deseja remover o convite?",
    "inviteMessageRemove": "Uma vez removido, este convite não será mais válido. Você sempre pode convidar o utilizador novamente mais tarde.",
    "inviteMessageConfirm": "Para confirmar, digite o endereço de e-mail do convite abaixo.",
    "inviteQuestionRegenerate": "Tem certeza que deseja regenerar o convite{email, plural, ='' {}, other { para #}}? Isso irá revogar o convite anterior.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Ocorreu um erro ao remover o utilizador.",
    "userOrgRemoved": "Usuário removido",
    "userOrgRemovedDescription": "O utilizador {email} foi removido da organização.",
-    "userQuestionOrgRemove": "Tem certeza que deseja remover {email} da organização?",
+    "userQuestionOrgRemove": "Você tem certeza que deseja remover este usuário da organização?",
    "userMessageOrgRemove": "Uma vez removido, este utilizador não terá mais acesso à organização. Você sempre pode reconvidá-lo depois, mas eles precisarão aceitar o convite novamente.",
-    "userMessageOrgConfirm": "Para confirmar, digite o nome do utilizador abaixo.",
    "userRemoveOrgConfirm": "Confirmar Remoção do Usuário",
    "userRemoveOrg": "Remover Usuário da Organização",
    "users": "Utilizadores",
@@ -468,7 +463,10 @@
    "createdAt": "Criado Em",
    "proxyErrorInvalidHeader": "Valor do cabeçalho Host personalizado inválido. Use o formato de nome de domínio ou salve vazio para remover o cabeçalho Host personalizado.",
    "proxyErrorTls": "Nome do Servidor TLS inválido. Use o formato de nome de domínio ou salve vazio para remover o Nome do Servidor TLS.",
-    "proxyEnableSSL": "Habilitar SSL (https)",
+    "proxyEnableSSL": "Habilitar SSL",
+    "proxyEnableSSLDescription": "Habilitar criptografia SSL/TLS para conexões HTTPS seguras a seus alvos.",
+    "target": "Target",
+    "configureTarget": "Configurar Alvos",
    "targetErrorFetch": "Falha ao buscar alvos",
    "targetErrorFetchDescription": "Ocorreu um erro ao buscar alvos",
    "siteErrorFetch": "Falha ao buscar recurso",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Configuração de conexão segura",
    "targetTlsSettingsDescription": "Configurar configurações SSL/TLS para seu recurso",
    "targetTlsSettingsAdvanced": "Configurações TLS Avançadas",
-    "targetTlsSni": "Nome do Servidor TLS (SNI)",
+    "targetTlsSni": "Nome do Servidor TLS",
    "targetTlsSniDescription": "O Nome do Servidor TLS para usar para SNI. Deixe vazio para usar o padrão.",
    "targetTlsSubmit": "Guardar Configurações",
    "targets": "Configuração de Alvos",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Manter conexões no mesmo alvo backend durante toda a sessão.",
    "methodSelect": "Selecionar método",
    "targetSubmit": "Adicionar Alvo",
-    "targetNoOne": "Sem alvos. Adicione um alvo usando o formulário.",
+    "targetNoOne": "Este recurso não tem nenhum alvo. Adicione um alvo para configurar para onde enviar solicitações para sua área de administração.",
    "targetNoOneDescription": "Adicionar mais de um alvo acima habilitará o balanceamento de carga.",
    "targetsSubmit": "Guardar Alvos",
+    "addTarget": "Adicionar Alvo",
+    "targetErrorInvalidIp": "Endereço IP inválido",
+    "targetErrorInvalidIpDescription": "Por favor, insira um endereço IP ou nome de host válido",
+    "targetErrorInvalidPort": "Porta inválida",
+    "targetErrorInvalidPortDescription": "Por favor, digite um número de porta válido",
+    "targetErrorNoSite": "Nenhum site selecionado",
+    "targetErrorNoSiteDescription": "Selecione um site para o destino",
+    "targetCreated": "Destino criado",
+    "targetCreatedDescription": "O alvo foi criado com sucesso",
+    "targetErrorCreate": "Falha ao criar destino",
+    "targetErrorCreateDescription": "Ocorreu um erro ao criar o destino",
+    "save": "Guardar",
    "proxyAdditional": "Configurações Adicionais de Proxy",
    "proxyAdditionalDescription": "Configure como seu recurso lida com configurações de proxy",
    "proxyCustomHeader": "Cabeçalho Host Personalizado",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Administrador do Servidor - Pangolin",
    "licenseTierProfessional": "Licença Profissional",
    "licenseTierEnterprise": "Licença Empresarial",
-    "licenseTierCommercial": "Licença comercial",
+    "licenseTierPersonal": "Licença Pessoal",
    "licensed": "Licenciado",
    "yes": "Sim",
    "no": "Não",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Visualizar e gerir provedores de identidade no sistema",
    "idpDeletedDescription": "Provedor de identidade eliminado com sucesso",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Tem certeza que deseja eliminar permanentemente o provedor de identidade {name}?",
+    "idpQuestionRemove": "Tem certeza que deseja eliminar permanentemente o provedor de identidade?",
    "idpMessageRemove": "Isto irá remover o provedor de identidade e todas as configurações associadas. Os utilizadores que se autenticam através deste provedor não poderão mais fazer login.",
    "idpMessageConfirm": "Para confirmar, por favor digite o nome do provedor de identidade abaixo.",
    "idpConfirmDelete": "Confirmar Eliminação do Provedor de Identidade",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Um nome de exibição para este provedor de identidade",
    "idpAutoProvisionUsers": "Provisionamento Automático de Utilizadores",
    "idpAutoProvisionUsersDescription": "Quando ativado, os utilizadores serão criados automaticamente no sistema no primeiro login com a capacidade de mapear utilizadores para funções e organizações.",
-    "licenseBadge": "Profissional",
+    "licenseBadge": "EE",
    "idpType": "Tipo de Provedor",
    "idpTypeDescription": "Selecione o tipo de provedor de identidade que deseja configurar",
    "idpOidcConfigure": "Configuração OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Verifique o seu email para obter o código de redefinição.",
    "passwordNew": "Nova Palavra-passe",
    "passwordNewConfirm": "Confirmar Nova Palavra-passe",
+    "changePassword": "Mudar a senha",
+    "changePasswordDescription": "Atualize a senha da sua conta",
+    "oldPassword": "Palavra-passe Atual",
+    "newPassword": "Nova Palavra-Passe",
+    "confirmNewPassword": "Confirme a Nova Senha",
+    "changePasswordError": "Falha ao alterar a senha",
+    "changePasswordErrorDescription": "Ocorreu um erro ao alterar sua senha",
+    "changePasswordSuccess": "Senha alterada com sucesso",
+    "changePasswordSuccessDescription": "Sua senha foi atualizada com sucesso",
+    "passwordExpiryRequired": "Expiração de senha necessária",
+    "passwordExpiryDescription": "Esta organização exige que você altere sua senha a cada {maxDays} dias.",
+    "changePasswordNow": "Alterar a senha agora",
    "pincodeAuth": "Código do Autenticador",
    "pincodeSubmit2": "Submeter Código",
    "passwordResetSubmit": "Solicitar Redefinição",
@@ -1084,7 +1106,6 @@
    "navbar": "Menu de Navegação",
    "navbarDescription": "Menu de navegação principal da aplicação",
    "navbarDocsLink": "Documentação",
-    "commercialEdition": "Edição Comercial",
    "otpErrorEnable": "Não foi possível ativar 2FA",
    "otpErrorEnableDescription": "Ocorreu um erro ao ativar 2FA",
    "otpSetupCheckCode": "Por favor, insira um código de 6 dígitos",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Todos os utilizadores",
    "sidebarIdentityProviders": "Provedores de identidade",
    "sidebarLicense": "Tipo:",
-    "sidebarClients": "Clientes (Beta)",
+    "sidebarClients": "Clientes",
    "sidebarDomains": "Domínios",
+    "sidebarBluePrints": "Diagramas",
+    "blueprints": "Diagramas",
+    "blueprintsDescription": "Diagramas são configurações declarativas YAML que definem seus recursos e suas configurações",
+    "blueprintAdd": "Adicionar Diagrama",
+    "blueprintGoBack": "Ver todos os Diagramas",
+    "blueprintCreate": "Criar Diagrama",
+    "blueprintCreateDescription2": "Siga as etapas abaixo para criar e aplicar um novo diagrama",
+    "blueprintDetails": "Detalhes do Diagrama",
+    "blueprintDetailsDescription": "Veja os detalhes da execução do diagrama",
+    "blueprintInfo": "Informação do Diagrama",
+    "message": "mensagem",
+    "blueprintContentsDescription": "Defina o conteúdo YAML descrevendo a sua infraestrutura",
+    "blueprintErrorCreateDescription": "Ocorreu um erro ao aplicar o diagrama",
+    "blueprintErrorCreate": "Erro ao criar diagrama",
+    "searchBlueprintProgress": "Pesquisar diagramas...",
+    "appliedAt": "Aplicado em",
+    "source": "fonte",
+    "contents": "Conteúdo",
+    "parsedContents": "Conteúdo analisado",
    "enableDockerSocket": "Habilitar o Diagrama Docker",
    "enableDockerSocketDescription": "Ativar a scraping de rótulo Docker para rótulos de diagramas. Caminho de Socket deve ser fornecido para Newt.",
    "enableDockerSocketLink": "Saiba mais",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Criar Domínio",
    "domainCreatedDescription": "Domínio criado com sucesso",
    "domainDeletedDescription": "Domínio deletado com sucesso",
-    "domainQuestionRemove": "Tem certeza de que deseja remover o domínio {domain} da sua conta?",
+    "domainQuestionRemove": "Tem certeza de que deseja remover o domínio da sua conta?",
    "domainMessageRemove": "Uma vez removido, o domínio não estará mais associado à sua conta.",
-    "domainMessageConfirm": "Para confirmar, digite o nome do domínio abaixo.",
    "domainConfirmDelete": "Confirmar Exclusão de Domínio",
    "domainDelete": "Excluir Domínio",
    "domain": "Domínio",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Plano Gratuito",
    "billingWarningOverLimit": "Aviso: Você ultrapassou um ou mais limites de uso. Seus sites não se conectarão até você modificar sua assinatura ou ajustar seu uso.",
    "billingUsageLimitsOverview": "Visão Geral dos Limites de Uso",
-    "billingMonitorUsage": "Monitore seu uso em relação aos limites configurados. Se precisar aumentar esses limites, entre em contato conosco support@fossorial.io.",
+    "billingMonitorUsage": "Monitore seu uso em relação aos limites configurados. Se precisar aumentar esses limites, entre em contato conosco support@pangolin.net.",
    "billingDataUsage": "Uso de Dados",
    "billingOnlineTime": "Tempo Online do Site",
    "billingUsers": "Usuários Ativos",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Houve um problema ao usar sua chave de segurança. Tente novamente.",
    "twoFactorRequired": "A autenticação de dois fatores é necessária para registrar uma chave de segurança.",
    "twoFactor": "Autenticação de Dois Fatores",
+    "twoFactorAuthentication": "Autenticação dupla",
+    "twoFactorDescription": "Esta organização requer autenticação de dois fatores.",
+    "enableTwoFactor": "Ativar autenticação dupla",
+    "organizationSecurityPolicy": "Política de Segurança da Organização",
+    "organizationSecurityPolicyDescription": "Esta organização tem requisitos de segurança que precisam ser cumpridos antes que você possa acessá-la",
+    "securityRequirements": "Requisitos De Segurança",
+    "allRequirementsMet": "Todos os requisitos foram cumpridos",
+    "completeRequirementsToContinue": "Preencha os requisitos abaixo para continuar acessando esta organização",
+    "youCanNowAccessOrganization": "Agora você pode acessar esta organização",
+    "reauthenticationRequired": "Comprimento da sessão",
+    "reauthenticationDescription": "Esta organização requer que você faça login a cada {maxDays} dias.",
+    "reauthenticationDescriptionHours": "Esta organização exige que você faça login a cada {maxHours} horas.",
+    "reauthenticateNow": "Iniciar sessão novamente",
    "adminEnabled2FaOnYourAccount": "Seu administrador ativou a autenticação de dois fatores para {email}. Complete o processo de configuração para continuar.",
-    "continueToApplication": "Continuar para Aplicativo",
    "securityKeyAdd": "Adicionar Chave de Segurança",
    "securityKeyRegisterTitle": "Registrar Nova Chave de Segurança",
    "securityKeyRegisterDescription": "Conecte sua chave de segurança e insira um nome para identificá-la",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Proxy Externo Habilitado",
    "addNewTarget": "Adicionar Novo Alvo",
    "targetsList": "Lista de Alvos",
+    "advancedMode": "Modo Avançado",
    "targetErrorDuplicateTargetFound": "Alvo duplicado encontrado",
    "healthCheckHealthy": "Saudável",
    "healthCheckUnhealthy": "Não Saudável",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Erro de Login Automático",
    "autoLoginErrorNoRedirectUrl": "Nenhum URL de redirecionamento recebido do provedor de identidade.",
    "autoLoginErrorGeneratingUrl": "Falha ao gerar URL de autenticação.",
-    "remoteExitNodeManageRemoteExitNodes": "Gerenciar Auto-Hospedados",
-    "remoteExitNodeDescription": "Gerencie os nós para estender sua conectividade de rede",
+    "remoteExitNodeManageRemoteExitNodes": "Nós remotos",
+    "remoteExitNodeDescription": "Auto-hospedar um ou mais nós remotos para estender sua conectividade de rede e reduzir a dependência da nuvem",
    "remoteExitNodes": "Nós",
    "searchRemoteExitNodes": "Buscar nós...",
    "remoteExitNodeAdd": "Adicionar node",
    "remoteExitNodeErrorDelete": "Erro ao excluir nó",
-    "remoteExitNodeQuestionRemove": "Tem certeza que deseja remover o nó {selectedNode} da organização?",
+    "remoteExitNodeQuestionRemove": "Tem certeza de que deseja remover o nó da organização?",
    "remoteExitNodeMessageRemove": "Uma vez removido, o nó não estará mais acessível.",
-    "remoteExitNodeMessageConfirm": "Para confirmar, por favor, digite o nome do nó abaixo.",
    "remoteExitNodeConfirmDelete": "Confirmar exclusão do nó",
    "remoteExitNodeDelete": "Excluir nó",
-    "sidebarRemoteExitNodes": "Nós",
+    "sidebarRemoteExitNodes": "Nós remotos",
    "remoteExitNodeCreate": {
        "title": "Criar nó",
        "description": "Crie um novo nó para estender sua conectividade de rede",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Editar arquivo: docker-compose.yml",
    "emailVerificationRequired": "Verificação de e-mail é necessária. Por favor, faça login novamente via {dashboardUrl}/auth/login conclui esta etapa. Em seguida, volte aqui.",
    "twoFactorSetupRequired": "Configuração de autenticação de dois fatores é necessária. Por favor, entre novamente via {dashboardUrl}/auth/login conclua este passo. Em seguida, volte aqui.",
+    "additionalSecurityRequired": "Segurança adicional necessária",
+    "organizationRequiresAdditionalSteps": "Esta organização requer etapas de segurança adicionais antes que você possa acessar os recursos.",
+    "completeTheseSteps": "Conclua estas etapas",
+    "enableTwoFactorAuthentication": "Ativar autenticação de dois fatores",
+    "completeSecuritySteps": "Passos de segurança completos",
+    "securitySettings": "Configurações de Segurança",
+    "securitySettingsDescription": "Configurar políticas de segurança para a sua organização",
+    "requireTwoFactorForAllUsers": "Exigir autenticação dupla para todos os usuários",
+    "requireTwoFactorDescription": "Quando ativado, todos os usuários internos nesta organização devem ter a autenticação de dois fatores ativada para acessar a organização.",
+    "requireTwoFactorDisabledDescription": "Este recurso requer uma licença válida (Enterprise) ou assinatura ativa (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Você deve ativar a autenticação de dois fatores para sua conta antes de aplicá-la para todos os usuários",
+    "maxSessionLength": "Comprimento Máximo da Sessão",
+    "maxSessionLengthDescription": "Definir a duração máxima para as sessões dos usuários. Após esse tempo, os usuários precisarão autenticar novamente.",
+    "maxSessionLengthDisabledDescription": "Este recurso requer uma licença válida (Enterprise) ou assinatura ativa (SaaS)",
+    "selectSessionLength": "Selecionar duração da sessão",
+    "unenforced": "Inforçado",
+    "1Hour": "number@@0 horas",
+    "3Hours": "3 horas",
+    "6Hours": "6 horas",
+    "12Hours": "12 horas",
+    "1DaySession": "1 dia",
+    "3Days": "3 dias",
+    "7Days": "7 dias",
+    "14Days": "14 dias",
+    "30DaysSession": "30 dias",
+    "90DaysSession": "90 dias",
+    "180DaysSession": "180 dias",
+    "passwordExpiryDays": "Expiração da Senha",
+    "editPasswordExpiryDescription": "Defina o número de dias antes que os usuários sejam obrigados a mudar sua senha.",
+    "selectPasswordExpiry": "Selecione a senha expirada",
+    "30Days": "30 dias",
+    "1Day": "1 dia",
+    "60Days": "60 dias",
+    "90Days": "90 dias",
+    "180Days": "180 dias",
+    "1Year": "1 ano",
+    "subscriptionBadge": "Assinatura requerida",
+    "securityPolicyChangeWarning": "Aviso de Mudança da Política de Segurança",
+    "securityPolicyChangeDescription": "Você está prestes a alterar as configurações da política de segurança. Depois de salvar, talvez você precise se autenticar novamente para cumprir estas atualizações de política. Todos os usuários que não estiverem em conformidade também precisarão reautenticar.",
+    "securityPolicyChangeConfirmMessage": "Eu confirmo",
+    "securityPolicyChangeWarningText": "Isso afetará todos os usuários da organização",
    "authPageErrorUpdateMessage": "Ocorreu um erro ao atualizar as configurações da página de autenticação",
+    "authPageErrorUpdate": "Não é possível atualizar a página de autenticação",
    "authPageUpdated": "Página de autenticação atualizada com sucesso",
    "healthCheckNotAvailable": "Localização",
    "rewritePath": "Reescrever Caminho",
-    "rewritePathDescription": "Opcionalmente reescreva o caminho antes de encaminhar ao destino."
+    "rewritePathDescription": "Opcionalmente reescreva o caminho antes de encaminhar ao destino.",
+    "continueToApplication": "Continuar para o aplicativo",
+    "checkingInvite": "Checando convite",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Remover autenticação de cabeçalho",
+    "resourceHeaderAuthRemoveDescription": "Autenticação de cabeçalho removida com sucesso.",
+    "resourceErrorHeaderAuthRemove": "Falha ao remover autenticação de cabeçalho",
+    "resourceErrorHeaderAuthRemoveDescription": "Não foi possível remover a autenticação do cabeçalho para o recurso.",
+    "resourceHeaderAuthProtectionEnabled": "Autenticação de Cabeçalho Habilitada",
+    "resourceHeaderAuthProtectionDisabled": "Autenticação de Cabeçalho Desativada",
+    "headerAuthRemove": "Remover autenticação de cabeçalho",
+    "headerAuthAdd": "Adicionar Autenticação do Cabeçalho",
+    "resourceErrorHeaderAuthSetup": "Falha ao definir autenticação de cabeçalho",
+    "resourceErrorHeaderAuthSetupDescription": "Não foi possível definir a autenticação do cabeçalho para o recurso.",
+    "resourceHeaderAuthSetup": "Autenticação de Cabeçalho definida com sucesso",
+    "resourceHeaderAuthSetupDescription": "Autenticação de cabeçalho foi definida com sucesso.",
+    "resourceHeaderAuthSetupTitle": "Definir autenticação de cabeçalho",
+    "resourceHeaderAuthSetupTitleDescription": "Defina as credenciais de autenticação básica (nome de usuário e senha) para proteger este recurso com a Autenticação de Cabeçalho HTTP. Acessá-lo usando o formato https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Definir autenticação de cabeçalho",
+    "actionSetResourceHeaderAuth": "Definir autenticação de cabeçalho",
+    "enterpriseEdition": "Edição Enterprise",
+    "unlicensed": "Sem licença",
+    "beta": "Beta",
+    "manageClients": "Gerenciar Clientes",
+    "manageClientsDescription": "Clientes são dispositivos que podem se conectar aos seus sites",
+    "licenseTableValidUntil": "Válido até",
+    "saasLicenseKeysSettingsTitle": "Licenças empresariais",
+    "saasLicenseKeysSettingsDescription": "Gerar e gerenciar chaves de licença Enterprise para instâncias Pangolin auto-hospedadas",
+    "sidebarEnterpriseLicenses": "Licenças",
+    "generateLicenseKey": "Gerar Chave de Licença",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Por favor, insira um endereço de e-mail válido",
+            "useCaseTypeRequired": "Por favor, selecione um tipo de caso de uso",
+            "firstNameRequired": "O primeiro nome é obrigatório",
+            "lastNameRequired": "Último nome é obrigatório",
+            "primaryUseRequired": "Descreva seu uso primário",
+            "jobTitleRequiredBusiness": "O título do trabalho é necessário para o uso de negócios",
+            "industryRequiredBusiness": "Indústria é necessária para uso de negócios",
+            "stateProvinceRegionRequired": "Estado/Província/Região é necessário",
+            "postalZipCodeRequired": "Código postal/CEP é obrigatório",
+            "companyNameRequiredBusiness": "O nome da empresa é necessário para uso empresarial",
+            "countryOfResidenceRequiredBusiness": "O país de residência é necessário para a utilização da empresa",
+            "countryRequiredPersonal": "País é necessário para uso pessoal",
+            "agreeToTermsRequired": "Você deve concordar com os termos",
+            "complianceConfirmationRequired": "Você deve confirmar o cumprimento da Licença Fossorial Comercial"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Uso pessoal",
+                "description": "Para uso individual, não comercial, como aprendizagem, projetos pessoais ou experimentação."
+            },
+            "business": {
+                "title": "Uso de Negócios",
+                "description": "Para uso em organizações, empresas ou atividades comerciais ou geradoras de receitas."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Tipo de Email e Licença",
+                "description": "Digite seu e-mail e escolha seu tipo de licença"
+            },
+            "personalInformation": {
+                "title": "Informações Pessoais",
+                "description": "Conte-nos sobre você"
+            },
+            "contactInformation": {
+                "title": "Informação do Contato",
+                "description": "Suas informações de contato"
+            },
+            "termsGenerate": {
+                "title": "Termos & Gerar",
+                "description": "Revise e aceite os termos para gerar a sua licença"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Divulgação de uso",
+                "description": "Selecione o nível de licença que reflete corretamente seu uso pretendido. A Licença Pessoal permite o uso livre do Software para atividades comerciais individuais, não comerciais ou em pequena escala com rendimento bruto anual inferior a 100.000 USD. Qualquer uso além destes limites — incluindo uso dentro de um negócio, organização, ou outro ambiente gerador de receitas — requer uma Licença Enterprise válida e o pagamento da taxa aplicável de licenciamento. Todos os usuários, pessoais ou empresariais, devem cumprir os Termos da Licença Comercial Fossorial."
+            },
+            "trialPeriodInformation": {
+                "title": "Informações do Período de Avaliação",
+                "description": "Esta Chave de Licença permite recursos da Empresa para um período de avaliação de 7 dias. O acesso contínuo a Recursos Pagos além do período de avaliação requer ativação sob uma Licença Pessoal ou Empresarial válida. Para licenciamento Empresarial, entre em contato com sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Você está usando o Pangolin para uso pessoal ou empresarial?",
+            "firstName": "Primeiro nome",
+            "lastName": "Último Nome",
+            "jobTitle": "Título do Cargo",
+            "primaryUseQuestion": "Para que você pretende usar o Pangolin em primeiro lugar?",
+            "industryQuestion": "O que é a sua indústria?",
+            "prospectiveUsersQuestion": "Quantos usuários potenciais você espera?",
+            "prospectiveSitesQuestion": "Quantos sites (túneis) você espera ter?",
+            "companyName": "Nome Empresa",
+            "countryOfResidence": "País de residência",
+            "stateProvinceRegion": "Estado / Província / Região",
+            "postalZipCode": "Código Postal / Postal",
+            "companyWebsite": "Site da empresa",
+            "companyPhoneNumber": "Número de telefone empresa",
+            "country": "País",
+            "phoneNumberOptional": "Número de telefone (opcional)",
+            "complianceConfirmation": "Confirmo que a informação que forneci é correcta e que estou em conformidade com a Licença Comercial Fossorial. Reportar informações imprecisas ou identificar mal o uso do produto é uma violação da licença e pode resultar em sua chave ser revogada."
+        },
+        "buttons": {
+            "close": "Fechar",
+            "previous": "Anterior",
+            "next": "Próximo",
+            "generateLicenseKey": "Gerar Chave de Licença"
+        },
+        "toasts": {
+            "success": {
+                "title": "Chave de licença gerada com sucesso",
+                "description": "Sua chave de licença foi gerada e está pronta para ser usada."
+            },
+            "error": {
+                "title": "Falha ao gerar chave de licença",
+                "description": "Ocorreu um erro ao gerar a chave da licença."
+            }
+        }
+    },
+    "priority": "Prioridade",
+    "priorityDescription": "Rotas de alta prioridade são avaliadas primeiro. Prioridade = 100 significa ordem automática (decisões do sistema). Use outro número para aplicar prioridade manual.",
+    "instanceName": "Nome da Instância",
+    "pathMatchModalTitle": "Configurar Correspondência de Caminho",
+    "pathMatchModalDescription": "Configure como as solicitações de entrada devem ser correspondidas com base no caminho.",
+    "pathMatchType": "Tipo de Correspondência",
+    "pathMatchPrefix": "Prefixo",
+    "pathMatchExact": "Exato",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Valor do caminho",
+    "clear": "Limpar",
+    "saveChanges": "Salvar as alterações",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/caminho",
+    "pathMatchPrefixHelp": "Exemplo: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Exemplo: /api match only /api",
+    "pathMatchRegexHelp": "Exemplo: ^/api/.* Corresponde /api/anything",
+    "pathRewriteModalTitle": "Configurar Caminho de Reescrita",
+    "pathRewriteModalDescription": "Transforme o caminho correspondente antes de encaminhar para o alvo.",
+    "pathRewriteType": "Reescrever o tipo",
+    "pathRewritePrefixOption": "Prefixo - substituir prefixo",
+    "pathRewriteExactOption": "Exato - Substituir o caminho inteiro",
+    "pathRewriteRegexOption": "Regex - Substituição de padrão",
+    "pathRewriteStripPrefixOption": "Prefixo do Strip - Remover prefixo",
+    "pathRewriteValue": "Reescrever Valor",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/novo-caminho",
+    "pathRewritePrefixHelp": "Substituir o prefixo correspondente por este valor",
+    "pathRewriteExactHelp": "Substitua o caminho inteiro por este valor quando o caminho corresponder exatamente",
+    "pathRewriteRegexHelp": "Usar grupos de captura como $1, $2 para substituição",
+    "pathRewriteStripPrefixHelp": "Deixe em branco para remover prefixo ou fornecer novo prefixo",
+    "pathRewritePrefix": "Prefixo",
+    "pathRewriteExact": "Exato",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Tirar",
+    "pathRewriteStripLabel": "faixa",
+    "sidebarEnableEnterpriseLicense": "Habilitar Licença Empresarial",
+    "cannotbeUndone": "Isso não pode ser desfeito.",
+    "toConfirm": "para confirmar",
+    "deleteClientQuestion": "Você tem certeza que deseja remover o cliente do site e da organização?",
+    "clientMessageRemove": "Depois de removido, o cliente não poderá mais se conectar ao site.",
+    "sidebarLogs": "Registros",
+    "request": "Pedir",
+    "logs": "Registros",
+    "logsSettingsDescription": "Monitorar logs coletados desta orginização",
+    "searchLogs": "Pesquisar registros...",
+    "action": "Acão",
+    "actor": "Ator",
+    "timestamp": "Timestamp",
+    "accessLogs": "Logs de Acesso",
+    "exportCsv": "Exportar como CSV",
+    "actorId": "ID do ator",
+    "allowedByRule": "Permitido por regra",
+    "allowedNoAuth": "Não Permitido Nenhuma Autenticação",
+    "validAccessToken": "Token de acesso válido",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Senha válida",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Recurso bloqueado",
+    "droppedByRule": "Derrubado pela regra",
+    "noSessions": "Sem Sessões",
+    "temporaryRequestToken": "Token de solicitação temporária",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "PI",
+    "reason": "Motivo",
+    "requestLogs": "Registro de pedidos",
+    "host": "Servidor",
+    "location": "Local:",
+    "actionLogs": "Logs de Ações",
+    "sidebarLogsRequest": "Registro de pedidos",
+    "sidebarLogsAccess": "Logs de Acesso",
+    "sidebarLogsAction": "Logs de Ações",
+    "logRetention": "Retenção de Log",
+    "logRetentionDescription": "Gerenciar quanto tempo os diferentes tipos de logs são mantidos para esta organização ou desativá-los",
+    "requestLogsDescription": "Ver registros de pedidos detalhados de recursos nesta organização",
+    "logRetentionRequestLabel": "Solicitar retenção de registro",
+    "logRetentionRequestDescription": "Por quanto tempo manter os registros de pedidos",
+    "logRetentionAccessLabel": "Retenção de Log de Acesso",
+    "logRetentionAccessDescription": "Por quanto tempo manter os registros de acesso",
+    "logRetentionActionLabel": "Ação de Retenção no Log",
+    "logRetentionActionDescription": "Por quanto tempo manter os registros de ação",
+    "logRetentionDisabled": "Desabilitado",
+    "logRetention3Days": "3 dias",
+    "logRetention7Days": "7 dias",
+    "logRetention14Days": "14 dias",
+    "logRetention30Days": "30 dias",
+    "logRetention90Days": "90 dias",
+    "logRetentionForever": "Permanentemente",
+    "actionLogsDescription": "Visualizar histórico de ações realizadas nesta organização",
+    "accessLogsDescription": "Ver solicitações de autenticação de recursos nesta organização",
+    "licenseRequiredToUse": "É necessária uma licença empresarial para usar esse recurso.",
+    "certResolver": "Resolvedor de Certificado",
+    "certResolverDescription": "Selecione o resolvedor de certificados para este recurso.",
+    "selectCertResolver": "Selecionar solucionador de certificado",
+    "enterCustomResolver": "Inserir Resolvedor Personalizado",
+    "preferWildcardCert": "Prefere Certificado Wildcard",
+    "unverified": "Não verificado",
+    "domainSetting": "Configurações do domínio",
+    "domainSettingDescription": "Configure as configurações para o seu domínio",
+    "preferWildcardCertDescription": "Tentativa de gerar um certificado coringa (requer um resolvedor de certificado devidamente configurado).",
+    "recordName": "Nome da gravação",
+    "auto": "Automático",
+    "TTL": "TTL",
+    "howToAddRecords": "Como adicionar registros",
+    "dnsRecord": "Registros DNS",
+    "required": "Obrigatório",
+    "domainSettingsUpdated": "Configurações de domínio atualizadas com sucesso",
+    "orgOrDomainIdMissing": "ID da organização ou domínio está faltando",
+    "loadingDNSRecords": "Carregando registros DNS...",
+    "olmUpdateAvailableInfo": "Uma versão atualizada do Olm está disponível. Atualize para a versão mais recente para ter a melhor experiência.",
+    "client": "Cliente",
+    "proxyProtocol": "Configurações de Protocolo Proxy",
+    "proxyProtocolDescription": "Configurar o protocolo Proxy para preservar endereços IP do cliente para serviços TCP/UDP.",
+    "enableProxyProtocol": "Habilitar protocolo proxy",
+    "proxyProtocolInfo": "Preservar endereços IP do cliente para backends TCP/UDP",
+    "proxyProtocolVersion": "Versão do Protocolo Proxy",
+    "version1": " Versão 1 (recomendado)",
+    "version2": "Versão 2",
+    "versionDescription": "A versão 1 é baseada em texto e amplamente suportada. A versão 2 é binária e mais eficiente, mas menos compatível.",
+    "warning": "ATENÇÃO",
+    "proxyProtocolWarning": "Seu aplicativo de backend deve ser configurado para aceitar conexões de protocolo de proxy. Se o seu backend não suportar o protocolo de protocolo, habilitando isso quebrará todas as conexões. Certifique-se de configurar seu backend para confiar nos cabeçalhos do protocolo proxy no Traefik.",
+    "restarting": "Reiniciando...",
+    "manual": "Manualmente",
+    "messageSupport": "Suporte a Mensagens",
+    "supportNotAvailableTitle": "Suporte Não Disponível",
+    "supportNotAvailableDescription": "Não está disponível no momento. Você pode enviar um e-mail para support@pangolin.net.",
+    "supportRequestSentTitle": "Pedido de suporte enviado",
+    "supportRequestSentDescription": "Sua mensagem foi enviada com sucesso.",
+    "supportRequestFailedTitle": "Falha ao enviar solicitação",
+    "supportRequestFailedDescription": "Ocorreu um erro ao enviar sua solicitação de suporte.",
+    "supportSubjectRequired": "Assunto é necessária",
+    "supportSubjectMaxLength": "O assunto deve ter 255 caracteres ou menos",
+    "supportMessageRequired": "A mensagem é obrigatória",
+    "supportReplyTo": "Responder a",
+    "supportSubject": "Cargo",
+    "supportSubjectPlaceholder": "Digite o assunto",
+    "supportMessage": "mensagem",
+    "supportMessagePlaceholder": "Digite sua mensagem",
+    "supportSending": "Enviando...",
+    "supportSend": "Mandar",
+    "supportMessageSent": "Mensagem enviada!",
+    "supportWillContact": "Entraremos em contato em breve!"
 }
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -47,9 +47,8 @@
    "edit": "Редактировать",
    "siteConfirmDelete": "Подтвердить удаление сайта",
    "siteDelete": "Удалить сайт",
-    "siteMessageRemove": "После удаления сайт больше не будет доступен. Все ресурсы и целевые узлы, связанные с сайтом, также будут удалены.",
-    "siteMessageConfirm": "Для подтверждения введите название сайта ниже.",
-    "siteQuestionRemove": "Вы уверены, что хотите удалить сайт {selectedSite} из организации?",
+    "siteMessageRemove": "После удаления сайт больше не будет доступен. Все цели, связанные с сайтом, также будут удалены.",
+    "siteQuestionRemove": "Вы уверены, что хотите удалить сайт из организации?",
    "siteManageSites": "Управление сайтами",
    "siteDescription": "Обеспечьте подключение к вашей сети через защищённые туннели",
    "siteCreate": "Создать сайт",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Используйте любой клиент WireGuard для открытия туннеля. Требуется ручная настройка NAT.",
    "siteWgDescriptionSaas": "Используйте любой клиент WireGuard для создания туннеля. Требуется ручная настройка NAT. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ",
    "siteLocalDescription": "Только локальные ресурсы. Без туннелирования.",
-    "siteLocalDescriptionSaas": "Только локальные ресурсы. Без туннелирования. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ",
+    "siteLocalDescriptionSaas": "Только локальные ресурсы. Нет туннелей. Только для удаленных узлов.",
    "siteSeeAll": "Просмотреть все сайты",
    "siteTunnelDescription": "Выберите способ подключения к вашему сайту",
    "siteNewtCredentials": "Учётные данные Newt",
@@ -154,8 +153,7 @@
    "protected": "Защищён",
    "notProtected": "Не защищён",
    "resourceMessageRemove": "После удаления ресурс больше не будет доступен. Все целевые узлы, связанные с ресурсом, также будут удалены.",
-    "resourceMessageConfirm": "Для подтверждения введите название ресурса ниже.",
-    "resourceQuestionRemove": "Вы действительно хотите удалить ресурс {selectedResource} из организации?",
+    "resourceQuestionRemove": "Вы уверены, что хотите удалить ресурс из организации?",
    "resourceHTTP": "HTTPS-ресурс",
    "resourceHTTPDescription": "Проксирование запросов к вашему приложению через HTTPS с использованием поддомена или базового домена.",
    "resourceRaw": "Сырой TCP/UDP-ресурс",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Подтвердить удаление",
    "orgMessageRemove": "Это действие необратимо и удалит все связанные данные.",
    "orgMessageConfirm": "Для подтверждения введите название организации ниже.",
-    "orgQuestionRemove": "Вы действительно хотите удалить организацию {selectedOrg}?",
+    "orgQuestionRemove": "Вы уверены, что хотите удалить организацию?",
    "orgUpdated": "Организация обновлена",
    "orgUpdatedDescription": "Организация была успешно обновлена.",
    "orgErrorUpdate": "Не удалось обновить организацию",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "Сгенерировать ключ API",
    "apiKeysErrorDelete": "Ошибка при удалении ключа API",
    "apiKeysErrorDeleteMessage": "Не удалось удалить ключ API",
-    "apiKeysQuestionRemove": "Вы действительно хотите удалить ключ API {selectedApiKey} из организации?",
+    "apiKeysQuestionRemove": "Вы уверены, что хотите удалить API ключ из организации?",
    "apiKeysMessageRemove": "После удаления ключ API больше сможет быть использован.",
-    "apiKeysMessageConfirm": "Для подтверждения введите название ключа API ниже.",
    "apiKeysDeleteConfirm": "Подтвердить удаление",
    "apiKeysDelete": "Удаление ключа API",
    "apiKeysManage": "Управление ключами API",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Подтвердить удаление",
    "userDeleteServer": "Удаление пользователя с сервера",
    "userMessageRemove": "Пользователь будет удалён из всех организаций и полностью удалён с сервера.",
-    "userMessageConfirm": "Для подтверждения введите имя пользователя ниже.",
-    "userQuestionRemove": "Вы действительно хотите навсегда удалить {selectedUser} с сервера?",
+    "userQuestionRemove": "Вы уверены, что хотите навсегда удалить пользователя с сервера?",
    "licenseKey": "Лицензионный ключ",
    "valid": "Действителен",
    "numberOfSites": "Количество сайтов",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Просмотреть коммерческую лицензию Fossorial и условия подписки",
    "licenseMessageRemove": "Это удалит лицензионный ключ и все связанные с ним разрешения.",
    "licenseMessageConfirm": "Для подтверждения введите лицензионный ключ ниже.",
-    "licenseQuestionRemove": "Вы уверены, что хотите удалить лицензионный ключ {selectedKey}?",
+    "licenseQuestionRemove": "Вы уверены, что хотите удалить лицензионный ключ?",
    "licenseKeyDelete": "Удалить лицензионный ключ",
    "licenseKeyDeleteConfirm": "Подтвердить удаление лицензионного ключа",
    "licenseTitle": "Управление статусом лицензии",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Произошла ошибка при удалении приглашения.",
    "inviteRemoved": "Приглашение удалено",
    "inviteRemovedDescription": "Приглашение для {email} было удалено.",
-    "inviteQuestionRemove": "Вы уверены, что хотите удалить приглашение {email}?",
+    "inviteQuestionRemove": "Вы уверены, что хотите удалить приглашение?",
    "inviteMessageRemove": "После удаления это приглашение больше не будет действительным. Вы всегда можете пригласить пользователя заново.",
    "inviteMessageConfirm": "Для подтверждения введите email адрес приглашения ниже.",
    "inviteQuestionRegenerate": "Вы уверены, что хотите пересоздать приглашение для {email}? Это отзовёт предыдущее приглашение.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Произошла ошибка при удалении пользователя.",
    "userOrgRemoved": "Пользователь удалён",
    "userOrgRemovedDescription": "Пользователь {email} был удалён из организации.",
-    "userQuestionOrgRemove": "Вы уверены, что хотите удалить {email} из организации?",
+    "userQuestionOrgRemove": "Вы уверены, что хотите удалить этого пользователя из организации?",
    "userMessageOrgRemove": "После удаления этот пользователь больше не будет иметь доступ к организации. Вы всегда можете пригласить его заново, но ему нужно будет снова принять приглашение.",
-    "userMessageOrgConfirm": "Для подтверждения введите имя пользователя ниже.",
    "userRemoveOrgConfirm": "Подтвердить удаление пользователя",
    "userRemoveOrg": "Удалить пользователя из организации",
    "users": "Пользователи",
@@ -468,7 +463,10 @@
    "createdAt": "Создано в",
    "proxyErrorInvalidHeader": "Неверное значение пользовательского заголовка Host. Используйте формат доменного имени или оставьте пустым для сброса пользовательского заголовка Host.",
    "proxyErrorTls": "Неверное имя TLS сервера. Используйте формат доменного имени или оставьте пустым для удаления имени TLS сервера.",
-    "proxyEnableSSL": "Включить SSL (https)",
+    "proxyEnableSSL": "Включить SSL",
+    "proxyEnableSSLDescription": "Включить шифрование SSL/TLS для безопасных HTTPS подключений к вашим целям.",
+    "target": "Target",
+    "configureTarget": "Настроить адресаты",
    "targetErrorFetch": "Не удалось получить цели",
    "targetErrorFetchDescription": "Произошла ошибка при получении целей",
    "siteErrorFetch": "Не удалось получить ресурс",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "Конфигурация безопасного соединения",
    "targetTlsSettingsDescription": "Настройте параметры SSL/TLS для вашего ресурса",
    "targetTlsSettingsAdvanced": "Расширенные настройки TLS",
-    "targetTlsSni": "Имя TLS сервера (SNI)",
+    "targetTlsSni": "Имя TLS сервера",
    "targetTlsSniDescription": "Имя TLS сервера для использования в SNI. Оставьте пустым для использования по умолчанию.",
    "targetTlsSubmit": "Сохранить настройки",
    "targets": "Конфигурация целей",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Сохранять соединения на одной и той же целевой точке в течение всей сессии.",
    "methodSelect": "Выберите метод",
    "targetSubmit": "Добавить цель",
-    "targetNoOne": "Нет целей. Добавьте цель с помощью формы.",
+    "targetNoOne": "Этот ресурс не имеет никаких целей. Добавьте цель для настройки, где отправлять запросы к вашему бэкэнду.",
    "targetNoOneDescription": "Добавление более одной цели выше включит балансировку нагрузки.",
    "targetsSubmit": "Сохранить цели",
+    "addTarget": "Добавить цель",
+    "targetErrorInvalidIp": "Неверный IP-адрес",
+    "targetErrorInvalidIpDescription": "Пожалуйста, введите действительный IP адрес или имя хоста",
+    "targetErrorInvalidPort": "Неверный порт",
+    "targetErrorInvalidPortDescription": "Пожалуйста, введите правильный номер порта",
+    "targetErrorNoSite": "Сайт не выбран",
+    "targetErrorNoSiteDescription": "Пожалуйста, выберите сайт для цели",
+    "targetCreated": "Цель создана",
+    "targetCreatedDescription": "Цель была успешно создана",
+    "targetErrorCreate": "Не удалось создать цель",
+    "targetErrorCreateDescription": "Произошла ошибка при создании цели",
+    "save": "Сохранить",
    "proxyAdditional": "Дополнительные настройки прокси",
    "proxyAdditionalDescription": "Настройте, как ваш ресурс обрабатывает настройки прокси",
    "proxyCustomHeader": "Пользовательский заголовок Host",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Администратор сервера - Pangolin",
    "licenseTierProfessional": "Профессиональная лицензия",
    "licenseTierEnterprise": "Корпоративная лицензия",
-    "licenseTierCommercial": "Коммерческая лицензия",
+    "licenseTierPersonal": "Личная лицензия",
    "licensed": "Лицензировано",
    "yes": "Да",
    "no": "Нет",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Просмотр и управление поставщиками удостоверений в системе",
    "idpDeletedDescription": "Поставщик удостоверений успешно удалён",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Вы уверены, что хотите навсегда удалить поставщика удостоверений {name}?",
+    "idpQuestionRemove": "Вы уверены, что хотите навсегда удалить поставщика удостоверений?",
    "idpMessageRemove": "Это удалит поставщика удостоверений и все связанные конфигурации. Пользователи, которые аутентифицируются через этого поставщика, больше не смогут войти.",
    "idpMessageConfirm": "Для подтверждения введите имя поставщика удостоверений ниже.",
    "idpConfirmDelete": "Подтвердить удаление поставщика удостоверений",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Отображаемое имя для этого поставщика удостоверений",
    "idpAutoProvisionUsers": "Автоматическое создание пользователей",
    "idpAutoProvisionUsersDescription": "При включении пользователи будут автоматически создаваться в системе при первом входе с возможностью сопоставления пользователей с ролями и организациями.",
-    "licenseBadge": "Профессиональная",
+    "licenseBadge": "EE",
    "idpType": "Тип поставщика",
    "idpTypeDescription": "Выберите тип поставщика удостоверений, который вы хотите настроить",
    "idpOidcConfigure": "Конфигурация OAuth2/OIDC",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "Проверьте вашу почту для получения кода сброса пароля.",
    "passwordNew": "Новый пароль",
    "passwordNewConfirm": "Подтвердите новый пароль",
+    "changePassword": "Изменить пароль",
+    "changePasswordDescription": "Обновить пароль учетной записи",
+    "oldPassword": "Текущий пароль",
+    "newPassword": "Новый пароль",
+    "confirmNewPassword": "Подтвердите новый пароль",
+    "changePasswordError": "Не удалось сменить пароль",
+    "changePasswordErrorDescription": "Произошла ошибка при смене пароля",
+    "changePasswordSuccess": "Пароль успешно изменен",
+    "changePasswordSuccessDescription": "Ваш пароль был успешно обновлен",
+    "passwordExpiryRequired": "Требуется срок действия пароля",
+    "passwordExpiryDescription": "Эта организация требует смены пароля каждые {maxDays} дней.",
+    "changePasswordNow": "Изменить пароль сейчас",
    "pincodeAuth": "Код аутентификатора",
    "pincodeSubmit2": "Отправить код",
    "passwordResetSubmit": "Запросить сброс",
@@ -1084,7 +1106,6 @@
    "navbar": "Навигационное меню",
    "navbarDescription": "Главное навигационное меню приложения",
    "navbarDocsLink": "Документация",
-    "commercialEdition": "Коммерческая версия",
    "otpErrorEnable": "Невозможно включить 2FA",
    "otpErrorEnableDescription": "Произошла ошибка при включении 2FA",
    "otpSetupCheckCode": "Пожалуйста, введите 6-значный код",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Все пользователи",
    "sidebarIdentityProviders": "Поставщики удостоверений",
    "sidebarLicense": "Лицензия",
-    "sidebarClients": "Клиенты (бета)",
+    "sidebarClients": "Клиенты",
    "sidebarDomains": "Домены",
+    "sidebarBluePrints": "Чертежи",
+    "blueprints": "Чертежи",
+    "blueprintsDescription": "Чертежи являются декларативными конфигурациями YAML, которые определяют ваши ресурсы и их настройки",
+    "blueprintAdd": "Добавить чертёж",
+    "blueprintGoBack": "Посмотреть все чертежи",
+    "blueprintCreate": "Создать чертёж",
+    "blueprintCreateDescription2": "Для создания и применения нового чертежа выполните следующие шаги",
+    "blueprintDetails": "Подробности чертежа",
+    "blueprintDetailsDescription": "Посмотреть детали запуска чертежа",
+    "blueprintInfo": "Информация о чертеже",
+    "message": "Сообщение",
+    "blueprintContentsDescription": "Определите содержимое YAML, описывающее вашу инфраструктуру",
+    "blueprintErrorCreateDescription": "Произошла ошибка при применении чертежа",
+    "blueprintErrorCreate": "Ошибка при создании чертежа",
+    "searchBlueprintProgress": "Поиск чертежей...",
+    "appliedAt": "Заявка на",
+    "source": "Источник",
+    "contents": "Содержание",
+    "parsedContents": "Обработанное содержимое",
    "enableDockerSocket": "Включить чертёж Docker",
    "enableDockerSocketDescription": "Включить scraping ярлыка Docker Socket для ярлыков чертежей. Путь к сокету должен быть предоставлен в Newt.",
    "enableDockerSocketLink": "Узнать больше",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Создать Домен",
    "domainCreatedDescription": "Домен успешно создан",
    "domainDeletedDescription": "Домен успешно удален",
-    "domainQuestionRemove": "Вы уверены, что хотите удалить домен {domain} из вашего аккаунта?",
+    "domainQuestionRemove": "Вы уверены, что хотите удалить домен из вашей учетной записи?",
    "domainMessageRemove": "После удаления домен больше не будет связан с вашей учетной записью.",
-    "domainMessageConfirm": "Для подтверждения введите ниже имя домена.",
    "domainConfirmDelete": "Подтвердить удаление домена",
    "domainDelete": "Удалить Домен",
    "domain": "Домен",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Бесплатный уровень",
    "billingWarningOverLimit": "Предупреждение: Вы превысили одну или несколько границ использования. Ваши сайты не подключатся, пока вы не измените подписку или не скорректируете использование.",
    "billingUsageLimitsOverview": "Обзор лимитов использования",
-    "billingMonitorUsage": "Контролируйте использование в соответствии с установленными лимитами. Если вам требуется увеличение лимитов, пожалуйста, свяжитесь с нами support@fossorial.io.",
+    "billingMonitorUsage": "Контролируйте использование в соответствии с установленными лимитами. Если вам требуется увеличение лимитов, пожалуйста, свяжитесь с нами support@pangolin.net.",
    "billingDataUsage": "Использование данных",
    "billingOnlineTime": "Время работы сайта",
    "billingUsers": "Активные пользователи",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Произошла проблема при использовании вашего ключа безопасности. Пожалуйста, попробуйте еще раз.",
    "twoFactorRequired": "Для регистрации ключа безопасности требуется двухфакторная аутентификация.",
    "twoFactor": "Двухфакторная аутентификация",
+    "twoFactorAuthentication": "Двухфакторная аутентификация",
+    "twoFactorDescription": "Эта организация требует двухфакторной аутентификации.",
+    "enableTwoFactor": "Включить двухфакторную аутентификацию",
+    "organizationSecurityPolicy": "Политика безопасности Организации",
+    "organizationSecurityPolicyDescription": "У этой организации есть требования безопасности, которые должны быть выполнены, прежде чем вы сможете получить доступ к ней",
+    "securityRequirements": "Требования безопасности",
+    "allRequirementsMet": "Все требования выполнены",
+    "completeRequirementsToContinue": "Выполните следующие требования, чтобы продолжить доступ к этой организации",
+    "youCanNowAccessOrganization": "Теперь вы можете получить доступ к этой организации",
+    "reauthenticationRequired": "Длина сессии",
+    "reauthenticationDescription": "Эта организация требует входа каждый {maxDays} дней.",
+    "reauthenticationDescriptionHours": "Эта организация требует входа в систему каждый {maxHours} часов.",
+    "reauthenticateNow": "Войти снова",
    "adminEnabled2FaOnYourAccount": "Ваш администратор включил двухфакторную аутентификацию для {email}. Пожалуйста, завершите процесс настройки, чтобы продолжить.",
-    "continueToApplication": "Перейти к приложению",
    "securityKeyAdd": "Добавить ключ безопасности",
    "securityKeyRegisterTitle": "Регистрация нового ключа безопасности",
    "securityKeyRegisterDescription": "Подключите свой ключ безопасности и введите имя для его идентификации",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Внешний прокси включен",
    "addNewTarget": "Добавить новую цель",
    "targetsList": "Список целей",
+    "advancedMode": "Расширенный режим",
    "targetErrorDuplicateTargetFound": "Обнаружена дублирующаяся цель",
    "healthCheckHealthy": "Здоровый",
    "healthCheckUnhealthy": "Нездоровый",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Ошибка автоматического входа",
    "autoLoginErrorNoRedirectUrl": "URL-адрес перенаправления не получен от провайдера удостоверения.",
    "autoLoginErrorGeneratingUrl": "Не удалось сгенерировать URL-адрес аутентификации.",
-    "remoteExitNodeManageRemoteExitNodes": "Управление самоуправляемым",
-    "remoteExitNodeDescription": "Управляйте узлами для расширения сетевого подключения",
+    "remoteExitNodeManageRemoteExitNodes": "Удаленные узлы",
+    "remoteExitNodeDescription": "Самохост-один или несколько удаленных узлов для расширения сетевого подключения и уменьшения зависимости от облака",
    "remoteExitNodes": "Узлы",
    "searchRemoteExitNodes": "Поиск узлов...",
    "remoteExitNodeAdd": "Добавить узел",
    "remoteExitNodeErrorDelete": "Ошибка удаления узла",
-    "remoteExitNodeQuestionRemove": "Вы уверены, что хотите удалить узел {selectedNode} из организации?",
+    "remoteExitNodeQuestionRemove": "Вы уверены, что хотите удалить узел из организации?",
    "remoteExitNodeMessageRemove": "После удаления узел больше не будет доступен.",
-    "remoteExitNodeMessageConfirm": "Для подтверждения введите имя узла ниже.",
    "remoteExitNodeConfirmDelete": "Подтвердите удаление узла",
    "remoteExitNodeDelete": "Удалить узел",
-    "sidebarRemoteExitNodes": "Узлы",
+    "sidebarRemoteExitNodes": "Удаленные узлы",
    "remoteExitNodeCreate": {
        "title": "Создать узел",
        "description": "Создайте новый узел, чтобы расширить сетевое подключение",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Редактировать файл: docker-compose.yml",
    "emailVerificationRequired": "Требуется подтверждение адреса электронной почты. Пожалуйста, войдите снова через {dashboardUrl}/auth/login завершить этот шаг. Затем вернитесь сюда.",
    "twoFactorSetupRequired": "Требуется настройка двухфакторной аутентификации. Пожалуйста, войдите снова через {dashboardUrl}/auth/login завершить этот шаг. Затем вернитесь сюда.",
+    "additionalSecurityRequired": "Требуется дополнительная безопасность",
+    "organizationRequiresAdditionalSteps": "Эта организация требует дополнительных шагов безопасности, прежде чем вы сможете получить доступ к ресурсам.",
+    "completeTheseSteps": "Выполните эти шаги",
+    "enableTwoFactorAuthentication": "Включить двухфакторную аутентификацию",
+    "completeSecuritySteps": "Пройти шаги безопасности",
+    "securitySettings": "Настройки безопасности",
+    "securitySettingsDescription": "Настройка политик безопасности для вашей организации",
+    "requireTwoFactorForAllUsers": "Требовать двухфакторную аутентификацию для всех пользователей",
+    "requireTwoFactorDescription": "Когда включено, все внутренние пользователи в этой организации должны иметь двухфакторную аутентификацию для доступа к организации.",
+    "requireTwoFactorDisabledDescription": "Эта функция требует действительной лицензии (Enterprise) или активной подписки (SaaS)",
+    "requireTwoFactorCannotEnableDescription": "Вы должны включить двухфакторную аутентификацию для вашей учетной записи, прежде чем принудительно ее применять для всех пользователей",
+    "maxSessionLength": "Максимальная длина сессии",
+    "maxSessionLengthDescription": "Установите максимальную длительность сессий пользователя. После этого времени, пользователям нужно будет пройти повторную аутентификацию.",
+    "maxSessionLengthDisabledDescription": "Эта функция требует действительной лицензии (Enterprise) или активной подписки (SaaS)",
+    "selectSessionLength": "Выберите длину сеанса",
+    "unenforced": "Не применено",
+    "1Hour": "1 час",
+    "3Hours": "3 часа",
+    "6Hours": "6 часов",
+    "12Hours": "12 часов",
+    "1DaySession": "1 день",
+    "3Days": "3 дня",
+    "7Days": "7 дней",
+    "14Days": "14 дней",
+    "30DaysSession": "30 дней",
+    "90DaysSession": "90 дней",
+    "180DaysSession": "180 дней",
+    "passwordExpiryDays": "Срок действия пароля",
+    "editPasswordExpiryDescription": "Установите количество дней, прежде чем пользователи должны изменить свой пароль.",
+    "selectPasswordExpiry": "Выберите срок действия пароля",
+    "30Days": "30 дней",
+    "1Day": "1 день",
+    "60Days": "60 дней",
+    "90Days": "90 дней",
+    "180Days": "180 дней",
+    "1Year": "1 год",
+    "subscriptionBadge": "Требуется подписка",
+    "securityPolicyChangeWarning": "Предупреждение об изменении политики безопасности",
+    "securityPolicyChangeDescription": "Вы собираетесь изменить настройки политики безопасности. После сохранения вам может потребоваться повторная аутентификация, чтобы соответствовать этим обновлениям. Все пользователи, которые не соответствуют установленным правилам, также должны пройти процедуру повторной аутентификации.",
+    "securityPolicyChangeConfirmMessage": "Подтверждаю",
+    "securityPolicyChangeWarningText": "Это повлияет на всех пользователей организации",
    "authPageErrorUpdateMessage": "Произошла ошибка при обновлении настроек страницы авторизации",
+    "authPageErrorUpdate": "Не удалось обновить страницу авторизации",
    "authPageUpdated": "Страница авторизации успешно обновлена",
    "healthCheckNotAvailable": "Локальный",
    "rewritePath": "Переписать путь",
-    "rewritePathDescription": "При необходимости, измените путь перед пересылкой к целевому адресу."
+    "rewritePathDescription": "При необходимости, измените путь перед пересылкой к целевому адресу.",
+    "continueToApplication": "Перейти к приложению",
+    "checkingInvite": "Проверка приглашения",
+    "setResourceHeaderAuth": "установить заголовок ресурса",
+    "resourceHeaderAuthRemove": "Удалить проверку подлинности заголовка",
+    "resourceHeaderAuthRemoveDescription": "Проверка подлинности заголовка успешно удалена.",
+    "resourceErrorHeaderAuthRemove": "Не удалось удалить аутентификацию заголовка",
+    "resourceErrorHeaderAuthRemoveDescription": "Не удалось удалить проверку подлинности заголовка ресурса.",
+    "resourceHeaderAuthProtectionEnabled": "Заголовок аутентификации включен",
+    "resourceHeaderAuthProtectionDisabled": "Проверка подлинности заголовка отключена",
+    "headerAuthRemove": "Удалить проверку подлинности заголовка",
+    "headerAuthAdd": "Добавить заголовок аутентификации",
+    "resourceErrorHeaderAuthSetup": "Не удалось установить аутентификацию заголовка",
+    "resourceErrorHeaderAuthSetupDescription": "Не удалось установить проверку подлинности заголовка ресурса.",
+    "resourceHeaderAuthSetup": "Проверка подлинности заголовка успешно установлена",
+    "resourceHeaderAuthSetupDescription": "Проверка подлинности заголовка успешно установлена.",
+    "resourceHeaderAuthSetupTitle": "Установить проверку подлинности заголовка",
+    "resourceHeaderAuthSetupTitleDescription": "Установите основные учетные данные авторизации (имя пользователя и пароль), чтобы защитить этот ресурс с помощью заголовка HTTP. Получите доступ к нему с помощью формата https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Установить проверку подлинности заголовка",
+    "actionSetResourceHeaderAuth": "Установить проверку подлинности заголовка",
+    "enterpriseEdition": "Корпоративная версия",
+    "unlicensed": "Нелицензированный",
+    "beta": "Бета",
+    "manageClients": "Управление клиентами",
+    "manageClientsDescription": "Клиенты - это устройства, которые могут подключаться к вашим сайтам",
+    "licenseTableValidUntil": "Действителен до",
+    "saasLicenseKeysSettingsTitle": "Корпоративные лицензии",
+    "saasLicenseKeysSettingsDescription": "Генерировать и управлять лицензионными ключами Enterprise для копий Pangolin",
+    "sidebarEnterpriseLicenses": "Лицензии",
+    "generateLicenseKey": "Сгенерировать лицензионный ключ",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Пожалуйста, введите действительный адрес электронной почты",
+            "useCaseTypeRequired": "Пожалуйста, выберите тип варианта использования",
+            "firstNameRequired": "Требуется имя",
+            "lastNameRequired": "Требуется фамилия",
+            "primaryUseRequired": "Пожалуйста, опишите ваше основное использование",
+            "jobTitleRequiredBusiness": "Должность требуется для коммерческого использования",
+            "industryRequiredBusiness": "Промышленность необходима для коммерческого использования",
+            "stateProvinceRegionRequired": "Регион/Область обязательно",
+            "postalZipCodeRequired": "Почтовый индекс требуется",
+            "companyNameRequiredBusiness": "Название компании обязательно для бизнес-использования",
+            "countryOfResidenceRequiredBusiness": "Страна проживания необходима для коммерческого использования",
+            "countryRequiredPersonal": "Страна необходима для личного использования",
+            "agreeToTermsRequired": "Вы должны принять условия",
+            "complianceConfirmationRequired": "Вы должны подтвердить соответствие с Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Личное использование",
+                "description": "Для индивидуального, некоммерческого использования, например, обучения, личных проектов или экспериментов."
+            },
+            "business": {
+                "title": "Бизнес-использование",
+                "description": "Для использования в организациях, компаниях или коммерческих или приносящих доход видах деятельности."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email и тип лицензии",
+                "description": "Введите адрес электронной почты и выберите тип лицензии"
+            },
+            "personalInformation": {
+                "title": "Личная информация",
+                "description": "Расскажите нам о себе"
+            },
+            "contactInformation": {
+                "title": "Контактная информация",
+                "description": "Ваши контактные данные"
+            },
+            "termsGenerate": {
+                "title": "Условия и Сгенерировать",
+                "description": "Просмотрите и примите условия для создания вашей лицензии"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Раскрытие",
+                "description": "Выберите уровень лицензии, который точно отражает ваше предполагаемое использование. Личная Лицензия разрешает свободное использование Программного Обеспечения для частной, некоммерческой или малой коммерческой деятельности с годовым валовым доходом до $100 000 USD. Любое использование сверх этих пределов — включая использование в бизнесе, организацию, или другой приносящей доход среде — требует действительной лицензии предприятия и уплаты соответствующей лицензионной платы. Все пользователи, будь то Личные или Предприятия, обязаны соблюдать условия коммерческой лицензии Fossoral."
+            },
+            "trialPeriodInformation": {
+                "title": "Информация о пробном периоде",
+                "description": "Этот лицензионный ключ позволяет корпоративным функциям на 7-дневный период оценки. Для продолжения доступа к платным функциям за пределами ознакомительного периода требуется активация в рамках действующей лицензии Личного или Предприятия. Для получения лицензии свяжитесь с sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Вы используете Pangolin для личного или делового использования?",
+            "firstName": "First Name",
+            "lastName": "Фамилия",
+            "jobTitle": "Заголовок",
+            "primaryUseQuestion": "Что вы планируете использовать Панголин в первую очередь?",
+            "industryQuestion": "Какая у вас отрасль?",
+            "prospectiveUsersQuestion": "Сколько у вас потенциальных пользователей?",
+            "prospectiveSitesQuestion": "Сколько потенциальных сайтов (туннелей) вы ожидаете?",
+            "companyName": "Название компании",
+            "countryOfResidence": "Страна проживания",
+            "stateProvinceRegion": "Область / регион",
+            "postalZipCode": "Почтовый индекс",
+            "companyWebsite": "Веб-сайт компании",
+            "companyPhoneNumber": "Телефон компании",
+            "country": "Страна",
+            "phoneNumberOptional": "Номер телефона (необязательно)",
+            "complianceConfirmation": "Я подтверждаю, что информация, которую я предоставляю, является точной и что я в соответствии с коммерческой лицензии Fossorial. Сообщение о неточной информации или неправильно идентифицирующем использовании продукта является нарушением лицензии и может привести к аннулированию вашего ключа."
+        },
+        "buttons": {
+            "close": "Закрыть",
+            "previous": "Предыдущий",
+            "next": "Следующий",
+            "generateLicenseKey": "Сгенерировать лицензионный ключ"
+        },
+        "toasts": {
+            "success": {
+                "title": "Лицензионный ключ успешно создан",
+                "description": "Ваш лицензионный ключ сгенерирован и готов к использованию."
+            },
+            "error": {
+                "title": "Не удалось сгенерировать лицензионный ключ",
+                "description": "Произошла ошибка при генерации лицензионного ключа."
+            }
+        }
+    },
+    "priority": "Приоритет",
+    "priorityDescription": "Маршруты с более высоким приоритетом оцениваются первым. Приоритет = 100 означает автоматическое упорядочение (решение системы). Используйте другой номер для обеспечения ручного приоритета.",
+    "instanceName": "Имя экземпляра",
+    "pathMatchModalTitle": "Настроить соответствие пути",
+    "pathMatchModalDescription": "Настройка соответствия входящих запросов на основе их пути.",
+    "pathMatchType": "Тип совпадения",
+    "pathMatchPrefix": "Префикс",
+    "pathMatchExact": "Точно",
+    "pathMatchRegex": "Регенерация",
+    "pathMatchValue": "Значение пути",
+    "clear": "Очистить",
+    "saveChanges": "Сохранить изменения",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/путь",
+    "pathMatchPrefixHelp": "Пример: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Пример: /api соответствует только /api",
+    "pathMatchRegexHelp": "Пример: ^/api/.* совпадает с /api/anything",
+    "pathRewriteModalTitle": "Настроить перезапись пути",
+    "pathRewriteModalDescription": "Преобразовать соответствующий путь перед пересылкой к цели.",
+    "pathRewriteType": "Тип перезаписи",
+    "pathRewritePrefixOption": "Префикс - Замена префикса",
+    "pathRewriteExactOption": "Точно - Заменить весь путь",
+    "pathRewriteRegexOption": "Regex - замена шаблона",
+    "pathRewriteStripPrefixOption": "Префикс вырезать - Удалить префикс",
+    "pathRewriteValue": "Перезаписать значение",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Заменить соответствующий префикс этим значением",
+    "pathRewriteExactHelp": "Замените весь путь этим значением, когда путь точно соответствует",
+    "pathRewriteRegexHelp": "Использовать группы захвата типа $1, $2 для замены",
+    "pathRewriteStripPrefixHelp": "Оставьте пустым для префикса полосы или укажите новый префикс",
+    "pathRewritePrefix": "Префикс",
+    "pathRewriteExact": "Точно",
+    "pathRewriteRegex": "Регенерация",
+    "pathRewriteStrip": "Вырезать",
+    "pathRewriteStripLabel": "полоса",
+    "sidebarEnableEnterpriseLicense": "Включить корпоративную лицензию",
+    "cannotbeUndone": "Это действие не может быть отменено.",
+    "toConfirm": "для подтверждения",
+    "deleteClientQuestion": "Вы уверены, что хотите удалить клиента из сайта и организации?",
+    "clientMessageRemove": "После удаления клиент больше не сможет подключиться к сайту.",
+    "sidebarLogs": "Логи",
+    "request": "Запросить",
+    "logs": "Логи",
+    "logsSettingsDescription": "Отслеживать журналы, собранные в этой организации",
+    "searchLogs": "Поиск журналов...",
+    "action": "Действие",
+    "actor": "Актер",
+    "timestamp": "Отметка времени",
+    "accessLogs": "Журналы доступа",
+    "exportCsv": "Экспорт CSV",
+    "actorId": "ID актера",
+    "allowedByRule": "Разрешено правилом",
+    "allowedNoAuth": "Разрешено без авторизации",
+    "validAccessToken": "Действительный маркер доступа",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Допустимый пароль",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Ресурс заблокирован",
+    "droppedByRule": "Отброшено по правилам",
+    "noSessions": "Нет сессий",
+    "temporaryRequestToken": "Временный токен запроса",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "Причина",
+    "requestLogs": "Запросить журналы",
+    "host": "Хост",
+    "location": "Местоположение",
+    "actionLogs": "Журнал действий",
+    "sidebarLogsRequest": "Запросить журналы",
+    "sidebarLogsAccess": "Журналы доступа",
+    "sidebarLogsAction": "Журнал действий",
+    "logRetention": "Сохранение журнала",
+    "logRetentionDescription": "Управление сохранением различных типов журналов для этой организации или отключение их",
+    "requestLogsDescription": "Просмотреть подробные журналы запроса ресурсов в этой организации",
+    "logRetentionRequestLabel": "Запросить сохранение журнала",
+    "logRetentionRequestDescription": "Как долго сохранять журналы запросов",
+    "logRetentionAccessLabel": "Хранение журнала доступа",
+    "logRetentionAccessDescription": "Как долго сохранять журналы доступа",
+    "logRetentionActionLabel": "Сохранение журнала действий",
+    "logRetentionActionDescription": "Как долго хранить журналы действий",
+    "logRetentionDisabled": "Отключено",
+    "logRetention3Days": "3 дня",
+    "logRetention7Days": "7 дней",
+    "logRetention14Days": "14 дней",
+    "logRetention30Days": "30 дней",
+    "logRetention90Days": "90 дней",
+    "logRetentionForever": "Всегда",
+    "actionLogsDescription": "Просмотр истории действий, выполненных в этой организации",
+    "accessLogsDescription": "Просмотр запросов авторизации доступа к ресурсам этой организации",
+    "licenseRequiredToUse": "Для использования этой функции требуется лицензия предприятия.",
+    "certResolver": "Резольвер сертификата",
+    "certResolverDescription": "Выберите резолвер сертификата, который будет использоваться для этого ресурса.",
+    "selectCertResolver": "Выберите резолвер сертификата",
+    "enterCustomResolver": "Введите пользовательский резолвер",
+    "preferWildcardCert": "Предпочитать сертификат Wildcard",
+    "unverified": "Не подтверждено",
+    "domainSetting": "Настройки домена",
+    "domainSettingDescription": "Настройка параметров для вашего домена",
+    "preferWildcardCertDescription": "Попытка создания шаблона сертификата (требуется должным образом сконфигурированный резолвер сертификата).",
+    "recordName": "Имя записи",
+    "auto": "Авто",
+    "TTL": "TTL",
+    "howToAddRecords": "Как добавить записи",
+    "dnsRecord": "DNS записи",
+    "required": "Требуется",
+    "domainSettingsUpdated": "Настройки домена успешно обновлены",
+    "orgOrDomainIdMissing": "Отсутствует организация или ID домена",
+    "loadingDNSRecords": "Загрузка записей DNS...",
+    "olmUpdateAvailableInfo": "Доступна обновленная версия Олма. Пожалуйста, обновитесь до последней версии.",
+    "client": "Клиент",
+    "proxyProtocol": "Настройки протокола прокси",
+    "proxyProtocolDescription": "Настроить Прокси-протокол для сохранения IP-адресов клиента для служб TCP/UDP.",
+    "enableProxyProtocol": "Включить Прокси Протокол",
+    "proxyProtocolInfo": "Сохранять IP-адреса клиента для кэша TCP/UDP",
+    "proxyProtocolVersion": "Версия протокола прокси",
+    "version1": " Версия 1 (рекомендуется)",
+    "version2": "Версия 2",
+    "versionDescription": "Версия 1 основана на тексте и широко поддерживается. Версия 2 является бинарной и более эффективной, но менее совместимой.",
+    "warning": "Предупреждение",
+    "proxyProtocolWarning": "Бэкэнд приложение должно быть сконфигурировано для принятия прокси-соединений. Если ваш бэкэнд не поддерживает Прокси-протокол, это нарушит все соединения. Обязательно настройте вашего бэкэнда на доверие заголовкам Proxy Protocol от Traefik.",
+    "restarting": "Перезапуск...",
+    "manual": "Ручной",
+    "messageSupport": "Поддержка сообщений",
+    "supportNotAvailableTitle": "Поддержка недоступна",
+    "supportNotAvailableDescription": "Поддержка сейчас недоступна. Вы можете отправить письмо по адресу support@pangolin.net.",
+    "supportRequestSentTitle": "Запрос на поддержку отправлен",
+    "supportRequestSentDescription": "Ваше сообщение успешно отправлено.",
+    "supportRequestFailedTitle": "Не удалось отправить запрос",
+    "supportRequestFailedDescription": "Произошла ошибка при отправке запроса поддержки.",
+    "supportSubjectRequired": "Необходимо ввести тему",
+    "supportSubjectMaxLength": "Тема должна быть 255 символов или меньше",
+    "supportMessageRequired": "Требуется сообщение",
+    "supportReplyTo": "Ответить",
+    "supportSubject": "Тема",
+    "supportSubjectPlaceholder": "Введите тему",
+    "supportMessage": "Сообщение",
+    "supportMessagePlaceholder": "Введите ваше сообщение",
+    "supportSending": "Отправка...",
+    "supportSend": "Отправить",
+    "supportMessageSent": "Сообщение отправлено!",
+    "supportWillContact": "Мы скоро свяжемся с Вами!"
 }
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -47,9 +47,8 @@
    "edit": "Düzenle",
    "siteConfirmDelete": "Site Silmeyi Onayla",
    "siteDelete": "Siteyi Sil",
-    "siteMessageRemove": "Kaldırıldıktan sonra site artık erişilebilir olmayacak. Siteyle ilişkili tüm kaynaklar ve hedefler de kaldırılacaktır.",
-    "siteMessageConfirm": "Onaylamak için lütfen aşağıya sitenin adını yazın.",
-    "siteQuestionRemove": "{selectedSite} sitesini organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "siteMessageRemove": "Kaldırıldıktan sonra site artık erişilebilir olmayacaktır. Siteyle ilişkilendirilmiş tüm hedefler de kaldırılacaktır.",
+    "siteQuestionRemove": "Siteyi organizasyondan kaldırmak istediğinizden emin misiniz?",
    "siteManageSites": "Siteleri Yönet",
    "siteDescription": "Ağınıza güvenli tüneller üzerinden bağlantı izni verin",
    "siteCreate": "Site Oluştur",
@@ -96,7 +95,7 @@
    "siteWgDescription": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir.",
    "siteWgDescriptionSaas": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR",
    "siteLocalDescription": "Yalnızca yerel kaynaklar. Tünelleme yok.",
-    "siteLocalDescriptionSaas": "Yalnızca yerel kaynaklar. Tünel yok. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR",
+    "siteLocalDescriptionSaas": "Yerel kaynaklar yalnızca. Tünel oluşturma yok. Yalnızca uzak düğümlerde mevcuttur.",
    "siteSeeAll": "Tüm Siteleri Gör",
    "siteTunnelDescription": "Sitenize nasıl bağlanmak istediğinizi belirleyin",
    "siteNewtCredentials": "Newt Kimlik Bilgileri",
@@ -154,8 +153,7 @@
    "protected": "Korunan",
    "notProtected": "Korunmayan",
    "resourceMessageRemove": "Kaldırıldıktan sonra kaynak artık erişilebilir olmayacaktır. Kaynakla ilişkili tüm hedefler de kaldırılacaktır.",
-    "resourceMessageConfirm": "Onaylamak için lütfen aşağıya kaynağın adını yazın.",
-    "resourceQuestionRemove": "{selectedResource} kaynağını organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "resourceQuestionRemove": "Kaynağı organizasyondan kaldırmak istediğinizden emin misiniz?",
    "resourceHTTP": "HTTPS Kaynağı",
    "resourceHTTPDescription": "Bir alt alan adı veya temel alan adı kullanarak uygulamanıza HTTPS üzerinden vekil istek gönderin.",
    "resourceRaw": "Ham TCP/UDP Kaynağı",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "Organizasyon Silmeyi Onayla",
    "orgMessageRemove": "Bu işlem geri alınamaz ve tüm ilişkili verileri silecektir.",
    "orgMessageConfirm": "Onaylamak için lütfen aşağıya organizasyonun adını yazın.",
-    "orgQuestionRemove": "{selectedOrg} organizasyonunu kaldırmak istediğinizden emin misiniz?",
+    "orgQuestionRemove": "Organizasyondan kaldırmak istediğinizden emin misiniz?",
    "orgUpdated": "Organizasyon güncellendi",
    "orgUpdatedDescription": "Organizasyon güncellendi.",
    "orgErrorUpdate": "Organizasyon güncellenemedi",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "API Anahtarı Oluştur",
    "apiKeysErrorDelete": "API anahtarı silinirken bir hata oluştu",
    "apiKeysErrorDeleteMessage": "API anahtarı silinirken bir hata oluştu",
-    "apiKeysQuestionRemove": "{selectedApiKey} API anahtarını organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "apiKeysQuestionRemove": "API anahtarını organizasyondan kaldırmak istediğinizden emin misiniz?",
    "apiKeysMessageRemove": "Kaldırıldığında, API anahtarı artık kullanılamayacaktır.",
-    "apiKeysMessageConfirm": "Onaylamak için lütfen aşağıya API anahtarının adını yazın.",
    "apiKeysDeleteConfirm": "API Anahtarının Silinmesini Onaylayın",
    "apiKeysDelete": "API Anahtarını Sil",
    "apiKeysManage": "API Anahtarlarını Yönet",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "Kullanıcı Silinmesini Onayla",
    "userDeleteServer": "Kullanıcıyı Sunucudan Sil",
    "userMessageRemove": "Kullanıcı tüm organizasyonlardan çıkarılacak ve tamamen sunucudan kaldırılacaktır.",
-    "userMessageConfirm": "Onaylamak için lütfen aşağıya kullanıcının adını yazın.",
-    "userQuestionRemove": "{selectedUser} kullanıcısını sunucudan kalıcı olarak silmek istediğinizden emin misiniz?",
+    "userQuestionRemove": "Kullanıcıyı sunucudan kalıcı olarak silmek istediğinizden emin misiniz?",
    "licenseKey": "Lisans Anahtarı",
    "valid": "Geçerli",
    "numberOfSites": "Site Sayısı",
@@ -339,7 +335,7 @@
    "fossorialLicense": "Fossorial Ticari Lisans ve Abonelik Koşullarını Gör",
    "licenseMessageRemove": "Bu, lisans anahtarını ve onun tarafından verilen tüm izinleri kaldıracaktır.",
    "licenseMessageConfirm": "Onaylamak için lütfen aşağıya lisans anahtarını yazın.",
-    "licenseQuestionRemove": "{selectedKey} lisans anahtarını silmek istediğinizden emin misiniz?",
+    "licenseQuestionRemove": "Lisans anahtarını silmek istediğinizden emin misiniz?",
    "licenseKeyDelete": "Lisans Anahtarını Sil",
    "licenseKeyDeleteConfirm": "Lisans Anahtarının Silinmesini Onaylayın",
    "licenseTitle": "Lisans Durumunu Yönet",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "Daveti kaldırırken bir hata oluştu.",
    "inviteRemoved": "Davetiye kaldırıldı",
    "inviteRemovedDescription": "{email} için olan davetiye kaldırıldı.",
-    "inviteQuestionRemove": "{email} davetini kaldırmak istediğinizden emin misiniz?",
+    "inviteQuestionRemove": "Davetiyeyi kaldırmak istediğinizden emin misiniz?",
    "inviteMessageRemove": "Kaldırıldıktan sonra bu davetiye artık geçerli olmayacak. Kullanıcı tekrar davet edilebilir.",
    "inviteMessageConfirm": "Onaylamak için lütfen aşağıya davetiyenin e-posta adresini yazın.",
    "inviteQuestionRegenerate": "Are you sure you want to regenerate the invitation for{email, plural, ='' {}, other { for #}}? This will revoke the previous invitation.",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "Kullanıcı kaldırılırken bir hata oluştu.",
    "userOrgRemoved": "Kullanıcı kaldırıldı",
    "userOrgRemovedDescription": "{email} kullanıcı organizasyondan kaldırılmıştır.",
-    "userQuestionOrgRemove": "{email} adresini organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "userQuestionOrgRemove": "Kullanıcıyı organizasyondan kaldırmak istediğinizden emin misiniz?",
    "userMessageOrgRemove": "Kaldırıldığında, bu kullanıcı organizasyona artık erişim sağlayamayacak. Kullanıcı tekrar davet edilebilir, ancak daveti kabul etmesi gerekecek.",
-    "userMessageOrgConfirm": "Onaylamak için lütfen aşağıya kullanıcının adını yazın.",
    "userRemoveOrgConfirm": "Kullanıcıyı Kaldırmayı Onayla",
    "userRemoveOrg": "Kullanıcıyı Organizasyondan Kaldır",
    "users": "Kullanıcılar",
@@ -468,7 +463,10 @@
    "createdAt": "Oluşturulma Tarihi",
    "proxyErrorInvalidHeader": "Geçersiz özel Ana Bilgisayar Başlığı değeri. Alan adı formatını kullanın veya özel Ana Bilgisayar Başlığını ayarlamak için boş bırakın.",
    "proxyErrorTls": "Geçersiz TLS Sunucu Adı. Alan adı formatını kullanın veya TLS Sunucu Adını kaldırmak için boş bırakılsın.",
-    "proxyEnableSSL": "SSL'yi Etkinleştir (https)",
+    "proxyEnableSSL": "SSL Etkinleştir",
+    "proxyEnableSSLDescription": "Hedeflerinize güvenli HTTPS bağlantıları için SSL/TLS şifrelemesi etkinleştirin.",
+    "target": "Hedef",
+    "configureTarget": "Hedefleri Yapılandır",
    "targetErrorFetch": "Hedefleri alamadı",
    "targetErrorFetchDescription": "Hedefler alınırken bir hata oluştu",
    "siteErrorFetch": "kaynağa ulaşılamadı",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "HTTPS & TLS Settings",
    "targetTlsSettingsDescription": "Configure TLS settings for your resource",
    "targetTlsSettingsAdvanced": "Gelişmiş TLS Ayarları",
-    "targetTlsSni": "TLS Sunucu Adı (SNI)",
+    "targetTlsSni": "TLS Sunucu Adı",
    "targetTlsSniDescription": "SNI için kullanılacak TLS Sunucu Adı'",
    "targetTlsSubmit": "Ayarları Kaydet",
    "targets": "Hedefler Konfigürasyonu",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "Bağlantıları oturum süresince aynı arka uç hedef üzerinde tutun.",
    "methodSelect": "Yöntemi Seç",
    "targetSubmit": "Hedef Ekle",
-    "targetNoOne": "Hiçbir hedef yok. Formu kullanarak bir hedef ekleyin.",
+    "targetNoOne": "Bu kaynağın hedefi yok. Arka planınıza istek göndereceğiniz bir hedef yapılandırmak için hedef ekleyin.",
    "targetNoOneDescription": "Yukarıdaki birden fazla hedef ekleyerek yük dengeleme etkinleştirilecektir.",
    "targetsSubmit": "Hedefleri Kaydet",
+    "addTarget": "Hedef Ekle",
+    "targetErrorInvalidIp": "Geçersiz IP adresi",
+    "targetErrorInvalidIpDescription": "Lütfen geçerli bir IP adresi veya host adı girin",
+    "targetErrorInvalidPort": "Geçersiz port",
+    "targetErrorInvalidPortDescription": "Lütfen geçerli bir port numarası girin",
+    "targetErrorNoSite": "Hiçbir site seçili değil",
+    "targetErrorNoSiteDescription": "Lütfen hedef için bir site seçin",
+    "targetCreated": "Hedef oluşturuldu",
+    "targetCreatedDescription": "Hedef başarıyla oluşturuldu",
+    "targetErrorCreate": "Hedef oluşturma başarısız oldu",
+    "targetErrorCreateDescription": "Hedef oluşturulurken bir hata oluştu",
+    "save": "Kaydet",
    "proxyAdditional": "Ek Proxy Ayarları",
    "proxyAdditionalDescription": "Kaynağınızın proxy ayarlarını nasıl yöneteceğini yapılandırın",
    "proxyCustomHeader": "Özel Ana Bilgisayar Başlığı",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "Sunucu Yöneticisi - Pangolin",
    "licenseTierProfessional": "Profesyonel Lisans",
    "licenseTierEnterprise": "Kurumsal Lisans",
-    "licenseTierCommercial": "Ticari Lisans",
+    "licenseTierPersonal": "Kişisel Lisans",
    "licensed": "Lisanslı",
    "yes": "Evet",
    "no": "Hayır",
@@ -727,7 +737,7 @@
    "idpManageDescription": "Sistem içindeki kimlik sağlayıcıları görün ve yönetin",
    "idpDeletedDescription": "Kimlik sağlayıcı başarıyla silindi",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Kimlik sağlayıcıyı kalıcı olarak silmek istediğinizden emin misiniz? {name}",
+    "idpQuestionRemove": "Kimlik sağlayıcısını kalıcı olarak silmek istediğinizden emin misiniz?",
    "idpMessageRemove": "Bu, kimlik sağlayıcıyı ve tüm ilişkili yapılandırmaları kaldıracaktır. Bu sağlayıcıdan kimlik doğrulayan kullanıcılar artık giriş yapamayacaktır.",
    "idpMessageConfirm": "Onaylamak için lütfen aşağıya kimlik sağlayıcının adını yazın.",
    "idpConfirmDelete": "Kimlik Sağlayıcıyı Silme Onayı",
@@ -750,7 +760,7 @@
    "idpDisplayName": "Bu kimlik sağlayıcı için bir görüntü adı",
    "idpAutoProvisionUsers": "Kullanıcıları Otomatik Sağla",
    "idpAutoProvisionUsersDescription": "Etkinleştirildiğinde, kullanıcılar rol ve organizasyonlara eşleme yeteneğiyle birlikte sistemde otomatik olarak oluşturulacak.",
-    "licenseBadge": "Profesyonel",
+    "licenseBadge": " ",
    "idpType": "Sağlayıcı Türü",
    "idpTypeDescription": "Yapılandırmak istediğiniz kimlik sağlayıcısı türünü seçin",
    "idpOidcConfigure": "OAuth2/OIDC Yapılandırması",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "E-posta gelen kutunuzda sıfırlama kodunu kontrol edin.",
    "passwordNew": "Yeni Şifre",
    "passwordNewConfirm": "Yeni Şifreyi Onayla",
+    "changePassword": "Parola Değiştir",
+    "changePasswordDescription": "Hesap şifrenizi güncelleyin",
+    "oldPassword": "Mevcut Şifre",
+    "newPassword": "Yeni Şifre",
+    "confirmNewPassword": "Yeni Şifreyi Onayla",
+    "changePasswordError": "Parola değiştirme başarısız oldu",
+    "changePasswordErrorDescription": "Parolanız değiştiriliyor.",
+    "changePasswordSuccess": "Şifre Başarıyla Değiştirildi",
+    "changePasswordSuccessDescription": "Parolanız başarıyla güncellendi",
+    "passwordExpiryRequired": "Şifre Süresi Gereklidir",
+    "passwordExpiryDescription": "Bu kuruluş, parolanızı {maxDays} günde bir değiştirmenizi gerektirir.",
+    "changePasswordNow": "Şifrenizi Şimdi Değiştirin",
    "pincodeAuth": "Kimlik Doğrulama Kodu",
    "pincodeSubmit2": "Kodu Gönder",
    "passwordResetSubmit": "Sıfırlama İsteği",
@@ -1084,7 +1106,6 @@
    "navbar": "Navigasyon Menüsü",
    "navbarDescription": "Uygulamanın ana navigasyon menüsü",
    "navbarDocsLink": "Dokümantasyon",
-    "commercialEdition": "Ticari Sürüm",
    "otpErrorEnable": "2FA etkinleştirilemedi",
    "otpErrorEnableDescription": "2FA etkinleştirilirken bir hata oluştu",
    "otpSetupCheckCode": "6 haneli bir kod girin",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "Tüm Kullanıcılar",
    "sidebarIdentityProviders": "Kimlik Sağlayıcılar",
    "sidebarLicense": "Lisans",
-    "sidebarClients": "Müşteriler (Beta)",
+    "sidebarClients": "İstemciler",
    "sidebarDomains": "Alan Adları",
+    "sidebarBluePrints": "Planlar",
+    "blueprints": "Planlar",
+    "blueprintsDescription": "Planlar, kaynaklarınızı ve ayarlarını tanımlayan bildirimsel YAML yapılandırmalarıdır",
+    "blueprintAdd": "Plan Ekle",
+    "blueprintGoBack": "Tüm Planları Gör",
+    "blueprintCreate": "Plan Oluştur",
+    "blueprintCreateDescription2": "Yeni bir plan oluşturup uygulamak için aşağıdaki adımları izleyin",
+    "blueprintDetails": "Plan Detayları",
+    "blueprintDetailsDescription": "Plan çalıştırma detaylarını görün",
+    "blueprintInfo": "Plan Bilgileri",
+    "message": "Mesaj",
+    "blueprintContentsDescription": "Altyapınızı tanımlayan YAML içeriğini tanımlayın",
+    "blueprintErrorCreateDescription": "Plan uygulanırken bir hata oluştu",
+    "blueprintErrorCreate": "Plan oluşturulurken hata oluştu",
+    "searchBlueprintProgress": "Planlarda ara...",
+    "appliedAt": "Uygulama Zamanı",
+    "source": "Kaynak",
+    "contents": "İçerik",
+    "parsedContents": "Ayrıştırılmış İçerik",
    "enableDockerSocket": "Docker Soketini Etkinleştir",
    "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Newt'e soket yolu sağlanmalıdır.",
    "enableDockerSocketLink": "Daha fazla bilgi",
@@ -1197,9 +1237,8 @@
    "domainCreate": "Alan Adı Oluştur",
    "domainCreatedDescription": "Alan adı başarıyla oluşturuldu",
    "domainDeletedDescription": "Alan adı başarıyla silindi",
-    "domainQuestionRemove": "{domain} alan adını hesabınızdan kaldırmak istediğinizden emin misiniz?",
+    "domainQuestionRemove": "Alan adını hesabınızdan kaldırmak istediğinizden emin misiniz?",
    "domainMessageRemove": "Kaldırıldığında, alan adı hesabınızla ilişkilendirilmeyecek.",
-    "domainMessageConfirm": "Onaylamak için lütfen aşağıya alan adını yazın.",
    "domainConfirmDelete": "Alan Adı Silinmesini Onayla",
    "domainDelete": "Alan Adını Sil",
    "domain": "Alan Adı",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "Ücretsiz Dilim",
    "billingWarningOverLimit": "Uyarı: Bir veya daha fazla kullanım limitini aştınız. Aboneliğinizi değiştirmediğiniz veya kullanımı ayarlamadığınız sürece siteleriniz bağlanmayacaktır.",
    "billingUsageLimitsOverview": "Kullanım Limitleri Genel Görünümü",
-    "billingMonitorUsage": "Kullanımınızı yapılandırılmış limitlerle karşılaştırın. Limitlerin artırılmasına ihtiyacınız varsa, lütfen support@fossorial.io adresinden bizimle iletişime geçin.",
+    "billingMonitorUsage": "Kullanımınızı yapılandırılmış limitlerle karşılaştırın. Limitlerin artırılmasına ihtiyacınız varsa, lütfen support@pangolin.net adresinden bizimle iletişime geçin.",
    "billingDataUsage": "Veri Kullanımı",
    "billingOnlineTime": "Site Çevrimiçi Süresi",
    "billingUsers": "Aktif Kullanıcılar",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "Güvenlik anahtarınızı kullanırken bir sorun oluştu. Lütfen tekrar deneyin.",
    "twoFactorRequired": "Güvenlik anahtarını kaydetmek için iki faktörlü kimlik doğrulama gereklidir.",
    "twoFactor": "İki Faktörlü Kimlik Doğrulama",
+    "twoFactorAuthentication": "İki Faktörlü Kimlik Doğrulama",
+    "twoFactorDescription": "Bu kuruluş iki faktörlü kimlik doğrulama gerektirir.",
+    "enableTwoFactor": "İki Faktörlü Kimlik Doğrulamayı Etkinleştir",
+    "organizationSecurityPolicy": "Kuruluş Güvenlik Politikası",
+    "organizationSecurityPolicyDescription": "Bu kuruluşun güvenlik gereksinimlerine erişmeden önce karşılanması gereken güvenlik gereksinimleri vardır.",
+    "securityRequirements": "Güvenlik Gereksinimleri",
+    "allRequirementsMet": "Tüm gereksinimler karşılandı",
+    "completeRequirementsToContinue": "Bu kuruluşa erişmeye devam etmek için aşağıdaki gereksinimleri tamamlayın",
+    "youCanNowAccessOrganization": "Artık bu kuruluşa erişebilirsiniz",
+    "reauthenticationRequired": "Oturum Süresi",
+    "reauthenticationDescription": "Bu kuruluş, {maxDays} günde bir oturum açmanızı gerektirir.",
+    "reauthenticationDescriptionHours": "Bu kuruluş, {maxHours} saatte bir oturum açmanızı gerektirir.",
+    "reauthenticateNow": "Tekrar Giriş Yap",
    "adminEnabled2FaOnYourAccount": "Yöneticiniz {email} için iki faktörlü kimlik doğrulamayı etkinleştirdi. Devam etmek için kurulum işlemini tamamlayın.",
-    "continueToApplication": "Uygulamaya Devam Et",
    "securityKeyAdd": "Güvenlik Anahtarı Ekle",
    "securityKeyRegisterTitle": "Yeni Güvenlik Anahtarı Kaydet",
    "securityKeyRegisterDescription": "Güvenlik anahtarınızı bağlayın ve tanımlamak için bir ad girin",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "Dış Proxy Etkinleştirildi",
    "addNewTarget": "Yeni Hedef Ekle",
    "targetsList": "Hedefler Listesi",
+    "advancedMode": "Gelişmiş Mod",
    "targetErrorDuplicateTargetFound": "Yinelenen hedef bulundu",
    "healthCheckHealthy": "Sağlıklı",
    "healthCheckUnhealthy": "Sağlıksız",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "Otomatik Giriş Hatası",
    "autoLoginErrorNoRedirectUrl": "Kimlik sağlayıcıdan yönlendirme URL'si alınamadı.",
    "autoLoginErrorGeneratingUrl": "Kimlik doğrulama URL'si oluşturulamadı.",
-    "remoteExitNodeManageRemoteExitNodes": "Öz-Host Yönetim",
-    "remoteExitNodeDescription": "Ağ bağlantınızı genişletmek için düğümleri yönetin",
+    "remoteExitNodeManageRemoteExitNodes": "Uzak Düğümler",
+    "remoteExitNodeDescription": "Kendi konum ağlarınızdan bir veya daha fazlasını barındırarak, bağlantı kurulumları için buluta bağımlılığı azaltın.",
    "remoteExitNodes": "Düğümler",
    "searchRemoteExitNodes": "Düğüm ara...",
    "remoteExitNodeAdd": "Düğüm Ekle",
    "remoteExitNodeErrorDelete": "Düğüm silinirken hata oluştu",
-    "remoteExitNodeQuestionRemove": "{selectedNode} düğümünü organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "remoteExitNodeQuestionRemove": "Düğümü organizasyondan kaldırmak istediğinizden emin misiniz?",
    "remoteExitNodeMessageRemove": "Kaldırıldığında, düğüm artık erişilebilir olmayacaktır.",
-    "remoteExitNodeMessageConfirm": "Onaylamak için lütfen aşağıya düğümün adını yazın.",
    "remoteExitNodeConfirmDelete": "Düğüm Silmeyi Onayla",
    "remoteExitNodeDelete": "Düğümü Sil",
-    "sidebarRemoteExitNodes": "Düğümler",
+    "sidebarRemoteExitNodes": "Uzak Düğümler",
    "remoteExitNodeCreate": {
        "title": "Düğüm Oluştur",
        "description": "Ağ bağlantınızı genişletmek için yeni bir düğüm oluşturun",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "Dosyayı düzenle: docker-compose.yml",
    "emailVerificationRequired": "E-posta doğrulaması gereklidir. Bu adımı tamamlamak için lütfen tekrar {dashboardUrl}/auth/login üzerinden oturum açın. Sonra buraya geri dönün.",
    "twoFactorSetupRequired": "İki faktörlü kimlik doğrulama ayarı gereklidir. Bu adımı tamamlamak için lütfen tekrar {dashboardUrl}/auth/login üzerinden oturum açın. Sonra buraya geri dönün.",
+    "additionalSecurityRequired": "Ek Güvenlik Gereklidir",
+    "organizationRequiresAdditionalSteps": "Bu kuruluş, kaynaklara erişmeden önce ek güvenlik adımları gerektirir.",
+    "completeTheseSteps": "Bu adımları tamamlayın",
+    "enableTwoFactorAuthentication": "İki faktörlü kimlik doğrulamayı etkinleştir",
+    "completeSecuritySteps": "Güvenlik Adımlarını Tamamla",
+    "securitySettings": "Güvenlik Ayarları",
+    "securitySettingsDescription": "Kuruluşunuz için güvenlik politikalarını yapılandırın",
+    "requireTwoFactorForAllUsers": "Tüm Kullanıcılar için İki Faktörlü Kimlik Doğrulama Gerektir",
+    "requireTwoFactorDescription": "Etkinleştirildiğinde, bu kuruluştaki tüm dahili kullanıcıların, kuruluşa erişmek için iki faktörlü kimlik doğrulama etkinleştirilmiş olmalıdır.",
+    "requireTwoFactorDisabledDescription": "Bu özellik, geçerli bir lisans (Kurumsal) veya aktif bir abonelik (SaaS) gerektirir",
+    "requireTwoFactorCannotEnableDescription": "Tüm kullanıcılar için etkinleştirilmeden önce hesabınızda iki faktörlü kimlik doğrulamayı etkinleştirmeniz gerekir",
+    "maxSessionLength": "Maksimum Oturum Süresi",
+    "maxSessionLengthDescription": "Kullanıcı oturumları için maksimum süreyi ayarlayın. Bu süre sonra kullanıcıların tekrar kimlik doğrulaması gerekecektir.",
+    "maxSessionLengthDisabledDescription": "Bu özellik, geçerli bir lisans (Kurumsal) veya aktif bir abonelik (SaaS) gerektirir",
+    "selectSessionLength": "Oturum süresini seçin",
+    "unenforced": "Zorunlu Değil",
+    "1Hour": "1 saat",
+    "3Hours": "3 saat",
+    "6Hours": "6 saat",
+    "12Hours": "12 saat",
+    "1DaySession": "1 gün",
+    "3Days": "3 gün",
+    "7Days": "7 gün",
+    "14Days": "14 gün",
+    "30DaysSession": "30 gün",
+    "90DaysSession": "90 gün",
+    "180DaysSession": "180 gün",
+    "passwordExpiryDays": "Şifre Sona Ermesi",
+    "editPasswordExpiryDescription": "Kullanıcıların parolalarını değiştirmeleri gereken gün sayısını ayarlayın.",
+    "selectPasswordExpiry": "Şifre sona ermesini seçin",
+    "30Days": "30 gün",
+    "1Day": "1 gün",
+    "60Days": "60 gün",
+    "90Days": "90 gün",
+    "180Days": "180 gün",
+    "1Year": "1 yıl",
+    "subscriptionBadge": "Abonelik Gerekiyor",
+    "securityPolicyChangeWarning": "Güvenlik Politikası Değişiklik Uyarısı",
+    "securityPolicyChangeDescription": "Güvenlik politikası ayarlarını değiştirmek üzeresiniz. Değişiklikleri kaydettikten sonra, bu politika güncellemelerine uyum sağlamak amacıyla tekrar kimlik doğrulamanız gerekebilir. Uyum sağlamayan tüm kullanıcıların da tekrar kimlik doğrulaması gerekecektir.",
+    "securityPolicyChangeConfirmMessage": "Onaylıyorum",
+    "securityPolicyChangeWarningText": "Bu, organizasyondaki tüm kullanıcıları etkileyecektir",
    "authPageErrorUpdateMessage": "Kimlik doğrulama sayfası ayarları güncellenirken bir hata oluştu.",
+    "authPageErrorUpdate": "Kimlik doğrulama sayfası güncellenemedi",
    "authPageUpdated": "Kimlik doğrulama sayfası başarıyla güncellendi",
    "healthCheckNotAvailable": "Yerel",
    "rewritePath": "Yolu Yeniden Yaz",
-    "rewritePathDescription": "Seçenek olarak hedefe iletmeden önce yolu yeniden yazın."
+    "rewritePathDescription": "Seçenek olarak hedefe iletmeden önce yolu yeniden yazın.",
+    "continueToApplication": "Uygulamaya Devam Et",
+    "checkingInvite": "Davet Kontrol Ediliyor",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Başlık Kimlik Doğrulama Kaldır",
+    "resourceHeaderAuthRemoveDescription": "Başlık kimlik doğrulama başarıyla kaldırıldı.",
+    "resourceErrorHeaderAuthRemove": "Başlık Kimlik Doğrulama kaldırılamadı",
+    "resourceErrorHeaderAuthRemoveDescription": "Kaynak için başlık kimlik doğrulaması kaldırılamadı.",
+    "resourceHeaderAuthProtectionEnabled": "Başlık Doğrulaması Etkin",
+    "resourceHeaderAuthProtectionDisabled": "Başlık Doğrulaması Devre Dışı",
+    "headerAuthRemove": "Başlık Doğrulaması Kaldır",
+    "headerAuthAdd": "Başlık Doğrulaması Ekle",
+    "resourceErrorHeaderAuthSetup": "Başlık Kimlik Doğrulama ayarlanamadı",
+    "resourceErrorHeaderAuthSetupDescription": "Kaynak için başlık kimlik doğrulaması ayarlanamadı.",
+    "resourceHeaderAuthSetup": "Başlık Kimlik Doğrulama başarıyla ayarlandı",
+    "resourceHeaderAuthSetupDescription": "Başlık kimlik doğrulaması başarıyla ayarlandı.",
+    "resourceHeaderAuthSetupTitle": "Başlık Kimlik Doğrulama Ayarla",
+    "resourceHeaderAuthSetupTitleDescription": "Bu kaynağı HTTP Başlık Kimlik Doğrulaması ile korumak için temel kimlik bilgilerini (kullanıcı adı ve şifre) ayarlayın. Kaynağa erişim için https://username:password@resource.example.com formatını kullanın.",
+    "resourceHeaderAuthSubmit": "Başlık Kimlik Doğrulama Ayarla",
+    "actionSetResourceHeaderAuth": "Başlık Kimlik Doğrulama Ayarla",
+    "enterpriseEdition": "Kurumsal Sürüm",
+    "unlicensed": "Lisansız",
+    "beta": "Beta",
+    "manageClients": "Müşteri Yönetimi",
+    "manageClientsDescription": "Müşteriler, sitelerinize bağlanabilen cihazlardır.",
+    "licenseTableValidUntil": "Geçerli İki Tarih Kadar",
+    "saasLicenseKeysSettingsTitle": "Kurumsal Lisanslar",
+    "saasLicenseKeysSettingsDescription": "Kendi barındırdığınız Pangolin örnekleri için kurumsal lisans anahtarları oluşturun ve yönetin.",
+    "sidebarEnterpriseLicenses": "Lisanslar",
+    "generateLicenseKey": "Lisans Anahtarı Oluştur",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Lütfen geçerli bir e-posta adresi girin.",
+            "useCaseTypeRequired": "Lütfen bir kullanım alanı türü seçin.",
+            "firstNameRequired": "İsim gereklidir.",
+            "lastNameRequired": "Soyisim gereklidir.",
+            "primaryUseRequired": "Lütfen öncelikli kullanımınızı açıklayın.",
+            "jobTitleRequiredBusiness": "İş kullanımı için iş unvanı gereklidir.",
+            "industryRequiredBusiness": "İş kullanımı için sektör gereklidir.",
+            "stateProvinceRegionRequired": "Eyalet/İl/Bölge gereklidir.",
+            "postalZipCodeRequired": "Posta/ZIP kodu gereklidir.",
+            "companyNameRequiredBusiness": "İş kullanımı için şirket ismi gereklidir.",
+            "countryOfResidenceRequiredBusiness": "İş kullanımı için ikamet edilen ülke gereklidir.",
+            "countryRequiredPersonal": "Kişisel kullanım için ülke gereklidir.",
+            "agreeToTermsRequired": "Şartları kabul etmelisiniz.",
+            "complianceConfirmationRequired": "Fossorial Ticari Lisans ile uyumluluğu doğrulamalısınız."
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Kişisel Kullanım",
+                "description": "Bireysel, ticari olmayan kullanım için öğrenme, kişisel projeler veya denemeler gibi."
+            },
+            "business": {
+                "title": "İş Kullanımı",
+                "description": "Kuruluşlar, şirketler veya ticari veya gelir getirici faaliyetler bünyesinde kullanım için."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "E-posta ve Lisans Türü",
+                "description": "E-posta adresinizi girin ve lisans türünüzü seçin."
+            },
+            "personalInformation": {
+                "title": "Kişisel Bilgiler",
+                "description": "Kendinizden bahsedin."
+            },
+            "contactInformation": {
+                "title": "İletişim Bilgileri",
+                "description": "İletişim detaylarınız."
+            },
+            "termsGenerate": {
+                "title": "Şartlar ve Lisans Üret",
+                "description": "Lisansınızı oluşturmak için şartları inceleyin ve kabul edin."
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Kullanım Açıklaması",
+                "description": "Kullanım amacınızı doğru bir şekilde yansıtan lisans seviyesini seçin. Kişisel Lisans, yazılımın bireysel, ticari olmayan veya yıllık geliri 100,000 ABD Dolarının altında olan küçük ölçekli ticari faaliyetlerde ücretsiz kullanılmasına izin verir. Bu sınırların ötesinde kullanım — bir işletme, organizasyon veya diğer gelir getirici ortamlarda kullanım dahil olmak üzere — geçerli bir Kurumsal Lisans ve ilgili lisans ücretinin ödenmesini gerektirir. Tüm kullanıcılar, ister Kişisel ister Kurumsal, Fossorial Ticari Lisans Şartlarına uymalıdır."
+            },
+            "trialPeriodInformation": {
+                "title": "Deneme Süresi Bilgileri",
+                "description": "Bu Lisans Anahtarı, Kurumsal özellikleri 7 günlük bir değerlendirme süresi için etkinleştirir. Değerlendirme süresi bittikten sonra, Ücretli Özelliklere devam eden erişim, geçerli bir Kişisel veya Kurumsal Lisans altında etkinleşmeyi gerektirir. Kurumsal lisanslama için sales@pangolin.net ile iletişime geçin."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Pangolin'i kişisel veya iş kullanımı için mi kullanıyorsunuz?",
+            "firstName": "İsim",
+            "lastName": "Soyisim",
+            "jobTitle": "İş Unvanı",
+            "primaryUseQuestion": "Pangolin'i öncelikli olarak ne amacıyla kullanmayı planlıyorsunuz?",
+            "industryQuestion": "Hangi sektördesiniz?",
+            "prospectiveUsersQuestion": "Kaç potansiyel kullanıcı öngörüyorsunuz?",
+            "prospectiveSitesQuestion": "Kaç potansiyel site (tünel) öngörüyorsunuz?",
+            "companyName": "Şirket İsmi",
+            "countryOfResidence": "İkamet edilen ülke",
+            "stateProvinceRegion": "Eyalet / İl / Bölge",
+            "postalZipCode": "Posta / ZIP Kodu",
+            "companyWebsite": "Şirket web sitesi",
+            "companyPhoneNumber": "Şirket telefon numarası",
+            "country": "Ülke",
+            "phoneNumberOptional": "Telefon numarası (isteğe bağlı)",
+            "complianceConfirmation": "Sağladığım bilgilerin doğru olduğunu ve Fossorial Ticari Lisans ile uyumlu olduğumu teyit ederim. Yanlış bilgi raporlamak veya ürün kullanımını yanlış tanımlamak lisans ihlalidir ve anahtarınızın iptal edilmesine neden olabilir."
+        },
+        "buttons": {
+            "close": "Kapat",
+            "previous": "Önceki",
+            "next": "Sonraki",
+            "generateLicenseKey": "Lisans Anahtarı Oluştur"
+        },
+        "toasts": {
+            "success": {
+                "title": "Lisans anahtarı başarıyla oluşturuldu",
+                "description": "Lisans anahtarınız oluşturuldu ve kullanıma hazır."
+            },
+            "error": {
+                "title": "Lisans anahtarı oluşturulamadı",
+                "description": "Lisans anahtarı oluşturulurken bir hata oluştu."
+            }
+        }
+    },
+    "priority": "Öncelik",
+    "priorityDescription": "Daha yüksek öncelikli rotalar önce değerlendirilir. Öncelik = 100, otomatik sıralama anlamına gelir (sistem karar verir). Manuel öncelik uygulamak için başka bir numara kullanın.",
+    "instanceName": "Örnek İsmi",
+    "pathMatchModalTitle": "Yol Eşleşmesini Yapılandır",
+    "pathMatchModalDescription": "Gelen isteklerin yolu temel alarak nasıl eşleştirilmesi gerektiğini ayarlayın.",
+    "pathMatchType": "Eşleşme Türü",
+    "pathMatchPrefix": "Önek",
+    "pathMatchExact": "Tam",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Yol Değeri",
+    "clear": "Temizle",
+    "saveChanges": "Değişiklikleri Kaydet",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Örnek: /api, /api/users vb.'ni eşleştirir.",
+    "pathMatchExactHelp": "Örnek: /api yalnızca /api'yi eşleştirir",
+    "pathMatchRegexHelp": "Örnek: ^/api/.* her şeyi eşleştirir /api/anything",
+    "pathRewriteModalTitle": "Yolu Yeniden Yazmayı Yapılandır",
+    "pathRewriteModalDescription": "Hedefe iletilmeden önce eşleşen yolu dönüştürün.",
+    "pathRewriteType": "Yeniden Yazma Türü",
+    "pathRewritePrefixOption": "Önek - Ön ek değiştirme",
+    "pathRewriteExactOption": "Tam - Tüm yolu değiştir",
+    "pathRewriteRegexOption": "Regex - Desen değiştirme",
+    "pathRewriteStripPrefixOption": "Ön Ek Kaldır - Ön eki sil",
+    "pathRewriteValue": "Yeniden Yazma Değeri",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Eşleşen öneki bu değerle değiştir",
+    "pathRewriteExactHelp": "Yol tam olarak eşleştiğinde, yolun tamamını bu değerle değiştir",
+    "pathRewriteRegexHelp": "Değiştirme için $1, $2 gibi yakalama gruplarını kullan",
+    "pathRewriteStripPrefixHelp": "Öneki silmek veya yeni bir ön ek sağlamak için boş bırakın",
+    "pathRewritePrefix": "Önek",
+    "pathRewriteExact": "Tam",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Sil",
+    "pathRewriteStripLabel": "sil",
+    "sidebarEnableEnterpriseLicense": "Kurumsal Lisans Etkinleştir",
+    "cannotbeUndone": "Bu geri alınamaz.",
+    "toConfirm": "doğrulamak için",
+    "deleteClientQuestion": "Müşteriyi siteden ve organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "clientMessageRemove": "Kaldırıldıktan sonra müşteri siteye bağlanamayacaktır.",
+    "sidebarLogs": "Kayıtlar",
+    "request": "İstek",
+    "logs": "Günlükler",
+    "logsSettingsDescription": "Bu organizasyondan toplanan günlükleri izleyin",
+    "searchLogs": "Günlüklerde ara...",
+    "action": "Eylem",
+    "actor": "Aktör",
+    "timestamp": "Zaman damgası",
+    "accessLogs": "Erişim Günlükleri",
+    "exportCsv": "CSV Dışa Aktar",
+    "actorId": "Aktör Kimliği",
+    "allowedByRule": "Kurallara Göre İzin Verildi",
+    "allowedNoAuth": "Kimlik Doğrulama Yok İzin Verildi",
+    "validAccessToken": "Geçerli Erişim Jetonu",
+    "validHeaderAuth": "Geçerli Başlık Doğrulama",
+    "validPincode": "Geçerli Pincode",
+    "validPassword": "Geçerli Şifre",
+    "validEmail": "Geçerli E-posta",
+    "validSSO": "Geçerli SSO",
+    "resourceBlocked": "Kaynak Engellendi",
+    "droppedByRule": "Kurallara Göre Çıkartıldı",
+    "noSessions": "Oturum Yok",
+    "temporaryRequestToken": "Geçici İstek Jetonu",
+    "noMoreAuthMethods": "Daha Fazla Kimlik Doğrulama Yöntemi Yok",
+    "ip": "IP",
+    "reason": "Sebep",
+    "requestLogs": "İstek Günlükleri",
+    "host": "Sunucu",
+    "location": "Konum",
+    "actionLogs": "Eylem Günlükleri",
+    "sidebarLogsRequest": "İstek Günlükleri",
+    "sidebarLogsAccess": "Erişim Günlükleri",
+    "sidebarLogsAction": "Eylem Günlükleri",
+    "logRetention": "Kayıt Saklama",
+    "logRetentionDescription": "Bu organizasyon için farklı türdeki günlüklerin ne kadar süre saklanacağını yönetin veya devre dışı bırakın",
+    "requestLogsDescription": "Bu organizasyondaki kaynaklar için ayrıntılı istek günlüklerini görüntüleyin",
+    "logRetentionRequestLabel": "İstek Günlüğü Saklama",
+    "logRetentionRequestDescription": "İstek günlüklerini ne kadar süre tutacağını belirle",
+    "logRetentionAccessLabel": "Erişim Günlüğü Saklama",
+    "logRetentionAccessDescription": "Erişim günlüklerini ne kadar süre tutacağını belirle",
+    "logRetentionActionLabel": "Eylem Günlüğü Saklama",
+    "logRetentionActionDescription": "Eylem günlüklerini ne kadar süre tutacağını belirle",
+    "logRetentionDisabled": "Devre Dışı",
+    "logRetention3Days": "3 gün",
+    "logRetention7Days": "7 gün",
+    "logRetention14Days": "14 gün",
+    "logRetention30Days": "30 gün",
+    "logRetention90Days": "90 gün",
+    "logRetentionForever": "Sonsuza kadar",
+    "actionLogsDescription": "Bu organizasyondaki eylemler geçmişini görüntüleyin",
+    "accessLogsDescription": "Bu organizasyondaki kaynaklar için erişim kimlik doğrulama isteklerini görüntüleyin",
+    "licenseRequiredToUse": "Bu özelliği kullanmak için bir kurumsal lisans gereklidir.",
+    "certResolver": "Sertifika Çözücü",
+    "certResolverDescription": "Bu kaynak için kullanılacak sertifika çözücüsünü seçin.",
+    "selectCertResolver": "Sertifika Çözücü Seçin",
+    "enterCustomResolver": "Özel Çözücü Girin",
+    "preferWildcardCert": "Joker Sertifikayı Tercih Et",
+    "unverified": "Doğrulanmadı",
+    "domainSetting": "Alan Adı Ayarları",
+    "domainSettingDescription": "Alan adınız için ayarları yapılandırın",
+    "preferWildcardCertDescription": "Joker sertifika üretmeye çalışın (doğru yapılandırılmış bir sertifika çözücü gereklidir).",
+    "recordName": "Kayıt Adı",
+    "auto": "Otomatik",
+    "TTL": "TTL",
+    "howToAddRecords": "Kayıtları Nasıl Ekleyebilirsiniz",
+    "dnsRecord": "DNS Kayıtları",
+    "required": "Gerekli",
+    "domainSettingsUpdated": "Alan adına yönelik ayarlar başarıyla güncellendi",
+    "orgOrDomainIdMissing": "Organizasyon veya Alan Adı Kimliği eksik",
+    "loadingDNSRecords": "DNS kayıtları yükleniyor...",
+    "olmUpdateAvailableInfo": "Olm'nin güncellenmiş bir sürümü mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
+    "client": "İstemci",
+    "proxyProtocol": "Proxy Protokol Ayarları",
+    "proxyProtocolDescription": "TCP/UDP hizmetleri için istemci IP adreslerini korumak için Proxy Protokolünü yapılandırın.",
+    "enableProxyProtocol": "Proxy Protokolünü Etkinleştir",
+    "proxyProtocolInfo": "TCP/UDP arka uçları için istemci IP adreslerini koruyun",
+    "proxyProtocolVersion": "Proxy Protokol Versiyonu",
+    "version1": " Versiyon 1 (Önerilen)",
+    "version2": "Versiyon 2",
+    "versionDescription": "Versiyon 1 metin tabanlı ve yaygın olarak desteklenir. Versiyon 2 ise ikili ve daha verimlidir ama daha az uyumludur.",
+    "warning": "Uyarı",
+    "proxyProtocolWarning": "Arka uç uygulamanız, Proxy Protokol bağlantılarını kabul etmek üzere yapılandırılmalıdır. Arka ucunuz Proxy Protokolünü desteklemiyorsa, bunu etkinleştirmek tüm bağlantıları koparır. Traefik'ten gelen Proxy Protokol başlıklarına güvenecek şekilde arka ucunuzu yapılandırdığınızdan emin olun.",
+    "restarting": "Yeniden Başlatılıyor...",
+    "manual": "Manuel",
+    "messageSupport": "Destek Mesajı Gönder",
+    "supportNotAvailableTitle": "Destek Yok",
+    "supportNotAvailableDescription": "Destek şu anda mevcut değil. Destek'e bir e-posta gönderebilirsiniz: support@pangolin.net.",
+    "supportRequestSentTitle": "Destek İsteği Gönderildi",
+    "supportRequestSentDescription": "Mesajınız başarıyla gönderildi.",
+    "supportRequestFailedTitle": "İsteği Gönderme Başarısız",
+    "supportRequestFailedDescription": "Destek isteği gönderilirken bir hata oluştu.",
+    "supportSubjectRequired": "Konu gerekli",
+    "supportSubjectMaxLength": "Konu en fazla 255 karakter olabilir",
+    "supportMessageRequired": "Mesaj gerekli",
+    "supportReplyTo": "Yanıtla",
+    "supportSubject": "Konu",
+    "supportSubjectPlaceholder": "Konu girin",
+    "supportMessage": "Mesaj",
+    "supportMessagePlaceholder": "Mesajınızı girin",
+    "supportSending": "Gönderiliyor...",
+    "supportSend": "Gönder",
+    "supportMessageSent": "Mesaj Gönderildi!",
+    "supportWillContact": "En kısa sürede size geri döneceğiz!"
 }
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -47,9 +47,8 @@
    "edit": "编辑",
    "siteConfirmDelete": "确认删除站点",
    "siteDelete": "删除站点",
-    "siteMessageRemove": "一旦删除，该站点将无法访问。与该站点相关的所有资源和目标也将被删除。",
-    "siteMessageConfirm": "请在下面输入站点名称以确认。",
-    "siteQuestionRemove": "您确定要从组织中删除 {selectedSite} 站点吗？",
+    "siteMessageRemove": "一旦移除，站点将无法访问。与站点相关的所有目标也将被移除。",
+    "siteQuestionRemove": "您确定要从组织中删除该站点吗？",
    "siteManageSites": "管理站点",
    "siteDescription": "允许通过安全隧道连接到您的网络",
    "siteCreate": "创建站点",
@@ -96,7 +95,7 @@
    "siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。",
    "siteWgDescriptionSaas": "使用任何WireGuard客户端建立隧道。需要手动配置NAT。仅适用于自托管节点。",
    "siteLocalDescription": "仅限本地资源。不需要隧道。",
-    "siteLocalDescriptionSaas": "仅本地资源。无需隧道。仅适用于自托管节点。",
+    "siteLocalDescriptionSaas": "仅本地资源。没有隧道。仅在远程节点上可用。",
    "siteSeeAll": "查看所有站点",
    "siteTunnelDescription": "确定如何连接到您的网站",
    "siteNewtCredentials": "Newt 凭据",
@@ -154,8 +153,7 @@
    "protected": "受到保护",
    "notProtected": "未受到保护",
    "resourceMessageRemove": "一旦删除，资源将不再可访问。与该资源相关的所有目标也将被删除。",
-    "resourceMessageConfirm": "请在下面输入资源名称以确认。",
-    "resourceQuestionRemove": "您确定要从组织中删除 {selectedResource} 吗？",
+    "resourceQuestionRemove": "您确定要从组织中删除资源吗？",
    "resourceHTTP": "HTTPS 资源",
    "resourceHTTPDescription": "使用子域或根域名通过 HTTPS 向您的应用程序提出代理请求。",
    "resourceRaw": "TCP/UDP 资源",
@@ -220,7 +218,7 @@
    "orgDeleteConfirm": "确认删除组织",
    "orgMessageRemove": "此操作不可逆，这将删除所有相关数据。",
    "orgMessageConfirm": "要确认，请在下面输入组织名称。",
-    "orgQuestionRemove": "你确定要删除 \"{selectedOrg}\" 组织吗？",
+    "orgQuestionRemove": "您确定要删除组织吗？",
    "orgUpdated": "组织已更新",
    "orgUpdatedDescription": "组织已更新。",
    "orgErrorUpdate": "更新组织失败",
@@ -287,9 +285,8 @@
    "apiKeysAdd": "生成 API 密钥",
    "apiKeysErrorDelete": "删除 API 密钥出错",
    "apiKeysErrorDeleteMessage": "删除 API 密钥出错",
-    "apiKeysQuestionRemove": "您确定要从组织中删除 \"{selectedApiKey}\" API密钥吗？",
+    "apiKeysQuestionRemove": "您确定要从组织中删除 API 密钥吗？",
    "apiKeysMessageRemove": "一旦删除，此API密钥将无法被使用。",
-    "apiKeysMessageConfirm": "要确认，请在下方输入API密钥名称。",
    "apiKeysDeleteConfirm": "确认删除 API 密钥",
    "apiKeysDelete": "删除 API 密钥",
    "apiKeysManage": "管理 API 密钥",
@@ -305,8 +302,7 @@
    "userDeleteConfirm": "确认删除用户",
    "userDeleteServer": "从服务器删除用户",
    "userMessageRemove": "该用户将被从所有组织中删除并完全从服务器中删除。",
-    "userMessageConfirm": "请在下面输入用户名称以确认。",
-    "userQuestionRemove": "您确定要从服务器中永久删除 {selectedUser} 吗？",
+    "userQuestionRemove": "您确定要从服务器永久删除用户吗？",
    "licenseKey": "许可证密钥",
    "valid": "有效",
    "numberOfSites": "站点数量",
@@ -339,7 +335,7 @@
    "fossorialLicense": "查看Fossorial Commercial License和订阅条款",
    "licenseMessageRemove": "这将删除许可证密钥和它授予的所有相关权限。",
    "licenseMessageConfirm": "要确认，请在下面输入许可证密钥。",
-    "licenseQuestionRemove": "您确定要删除 {selectedKey} 的邀请吗？",
+    "licenseQuestionRemove": "您确定要删除许可证密钥？",
    "licenseKeyDelete": "删除许可证密钥",
    "licenseKeyDeleteConfirm": "确认删除许可证密钥",
    "licenseTitle": "管理许可证状态",
@@ -372,7 +368,7 @@
    "inviteRemoveErrorDescription": "删除邀请时出错。",
    "inviteRemoved": "邀请已删除",
    "inviteRemovedDescription": "为 {email} 创建的邀请已删除",
-    "inviteQuestionRemove": "您确定要删除 {email} 的邀请吗？",
+    "inviteQuestionRemove": "您确定要删除邀请吗？",
    "inviteMessageRemove": "一旦删除，这个邀请将不再有效。",
    "inviteMessageConfirm": "要确认，请在下面输入邀请的电子邮件地址。",
    "inviteQuestionRegenerate": "您确定要重新邀请 {email} 吗？这将会撤销掉之前的邀请",
@@ -398,9 +394,8 @@
    "userErrorOrgRemoveDescription": "删除用户时出错。",
    "userOrgRemoved": "用户已删除",
    "userOrgRemovedDescription": "已将 {email} 从组织中移除。",
-    "userQuestionOrgRemove": "你确定要将 {email} 从组织中移除吗？",
+    "userQuestionOrgRemove": "您确定要从组织中删除此用户吗？",
    "userMessageOrgRemove": "一旦删除，这个用户将不再能够访问组织。 你总是可以稍后重新邀请他们，但他们需要再次接受邀请。",
-    "userMessageOrgConfirm": "请在下面输入用户名称以确认。",
    "userRemoveOrgConfirm": "确认删除用户",
    "userRemoveOrg": "从组织中删除用户",
    "users": "用户",
@@ -468,7 +463,10 @@
    "createdAt": "创建于",
    "proxyErrorInvalidHeader": "无效的自定义主机头值。使用域名格式，或将空保存为取消自定义主机头。",
    "proxyErrorTls": "无效的 TLS 服务器名称。使用域名格式，或保存空以删除 TLS 服务器名称。",
-    "proxyEnableSSL": "启用 SSL (https)",
+    "proxyEnableSSL": "启用 SSL",
+    "proxyEnableSSLDescription": "启用 SSL/TLS 加密以确保您目标的 HTTPS 连接。",
+    "target": "Target",
+    "configureTarget": "配置目标",
    "targetErrorFetch": "获取目标失败",
    "targetErrorFetchDescription": "获取目标时出错",
    "siteErrorFetch": "获取资源失败",
@@ -495,7 +493,7 @@
    "targetTlsSettings": "安全连接配置",
    "targetTlsSettingsDescription": "配置资源的 SSL/TLS 设置",
    "targetTlsSettingsAdvanced": "高级TLS设置",
-    "targetTlsSni": "TLS 服务器名称 (SNI)",
+    "targetTlsSni": "TLS 服务器名称",
    "targetTlsSniDescription": "SNI使用的 TLS 服务器名称。留空使用默认值。",
    "targetTlsSubmit": "保存设置",
    "targets": "目标配置",
@@ -504,9 +502,21 @@
    "targetStickySessionsDescription": "将连接保持在同一个后端目标的整个会话中。",
    "methodSelect": "选择方法",
    "targetSubmit": "添加目标",
-    "targetNoOne": "没有目标。使用表单添加目标。",
+    "targetNoOne": "此资源没有任何目标。添加目标来配置向您后端发送请求的位置。",
    "targetNoOneDescription": "在上面添加多个目标将启用负载平衡。",
    "targetsSubmit": "保存目标",
+    "addTarget": "添加目标",
+    "targetErrorInvalidIp": "无效的 IP 地址",
+    "targetErrorInvalidIpDescription": "请输入有效的IP地址或主机名",
+    "targetErrorInvalidPort": "无效的端口",
+    "targetErrorInvalidPortDescription": "请输入有效的端口号",
+    "targetErrorNoSite": "没有选择站点",
+    "targetErrorNoSiteDescription": "请选择目标站点",
+    "targetCreated": "目标已创建",
+    "targetCreatedDescription": "目标已成功创建",
+    "targetErrorCreate": "创建目标失败",
+    "targetErrorCreateDescription": "创建目标时出错",
+    "save": "保存",
    "proxyAdditional": "附加代理设置",
    "proxyAdditionalDescription": "配置你的资源如何处理代理设置",
    "proxyCustomHeader": "自定义主机标题",
@@ -715,7 +725,7 @@
    "pangolinServerAdmin": "服务器管理员 - Pangolin",
    "licenseTierProfessional": "专业许可证",
    "licenseTierEnterprise": "企业许可证",
-    "licenseTierCommercial": "商业许可证",
+    "licenseTierPersonal": "个人许可证",
    "licensed": "已授权",
    "yes": "是",
    "no": "否",
@@ -727,7 +737,7 @@
    "idpManageDescription": "查看和管理系统中的身份提供商",
    "idpDeletedDescription": "身份提供商删除成功",
    "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "你确定要永久删除 \"{name}\" 这个身份提供商吗？",
+    "idpQuestionRemove": "您确定要永久删除身份提供者吗？",
    "idpMessageRemove": "这将删除身份提供者和所有相关的配置。通过此提供者进行身份验证的用户将无法登录。",
    "idpMessageConfirm": "要确认，请在下面输入身份提供者的名称。",
    "idpConfirmDelete": "确认删除身份提供商",
@@ -750,7 +760,7 @@
    "idpDisplayName": "此身份提供商的显示名称",
    "idpAutoProvisionUsers": "自动提供用户",
    "idpAutoProvisionUsersDescription": "如果启用，用户将在首次登录时自动在系统中创建，并且能够映射用户到角色和组织。",
-    "licenseBadge": "专业版",
+    "licenseBadge": "EE",
    "idpType": "提供者类型",
    "idpTypeDescription": "选择您想要配置的身份提供者类型",
    "idpOidcConfigure": "OAuth2/OIDC 配置",
@@ -901,6 +911,18 @@
    "passwordResetCodeDescription": "请检查您的电子邮件以获取验证码。",
    "passwordNew": "新密码",
    "passwordNewConfirm": "确认新密码",
+    "changePassword": "更改密码",
+    "changePasswordDescription": "更新您的帐户密码",
+    "oldPassword": "当前密码",
+    "newPassword": "新密码",
+    "confirmNewPassword": "确认新密码",
+    "changePasswordError": "更改密码失败",
+    "changePasswordErrorDescription": "更改您的密码时出错",
+    "changePasswordSuccess": "密码修改成功",
+    "changePasswordSuccessDescription": "您的密码已成功更新",
+    "passwordExpiryRequired": "需要密码过期",
+    "passwordExpiryDescription": "该机构要求您每 {maxDays} 天更改一次密码。",
+    "changePasswordNow": "现在更改密码",
    "pincodeAuth": "验证器代码",
    "pincodeSubmit2": "提交代码",
    "passwordResetSubmit": "请求重置",
@@ -1084,7 +1106,6 @@
    "navbar": "导航菜单",
    "navbarDescription": "应用程序的主导航菜单",
    "navbarDocsLink": "文件",
-    "commercialEdition": "商业版",
    "otpErrorEnable": "无法启用 2FA",
    "otpErrorEnableDescription": "启用 2FA 时出错",
    "otpSetupCheckCode": "请输入您的6位数字代码",
@@ -1140,8 +1161,27 @@
    "sidebarAllUsers": "所有用户",
    "sidebarIdentityProviders": "身份提供商",
    "sidebarLicense": "证书",
-    "sidebarClients": "客户端（测试版）",
+    "sidebarClients": "客户端",
    "sidebarDomains": "域",
+    "sidebarBluePrints": "蓝图",
+    "blueprints": "蓝图",
+    "blueprintsDescription": "蓝图是用于定义资源及其设置的 YAML 声明配置",
+    "blueprintAdd": "添加蓝图",
+    "blueprintGoBack": "查看所有蓝图",
+    "blueprintCreate": "创建蓝图",
+    "blueprintCreateDescription2": "按照下面的步骤创建和应用新的蓝图",
+    "blueprintDetails": "蓝图详细信息",
+    "blueprintDetailsDescription": "查看蓝图运行详情",
+    "blueprintInfo": "蓝图信息",
+    "message": "留言",
+    "blueprintContentsDescription": "定义描述您基础设施的 YAML 内容",
+    "blueprintErrorCreateDescription": "应用蓝图时出错",
+    "blueprintErrorCreate": "创建蓝图时出错",
+    "searchBlueprintProgress": "搜索蓝图...",
+    "appliedAt": "应用于",
+    "source": "来源",
+    "contents": "目录",
+    "parsedContents": "解析内容",
    "enableDockerSocket": "启用 Docker 蓝图",
    "enableDockerSocketDescription": "启用 Docker Socket 标签擦除蓝图标签。套接字路径必须提供给新的。",
    "enableDockerSocketLink": "了解更多",
@@ -1197,9 +1237,8 @@
    "domainCreate": "创建域",
    "domainCreatedDescription": "域创建成功",
    "domainDeletedDescription": "成功删除域",
-    "domainQuestionRemove": "您确定要从您的账户中移除域{domain}吗？",
+    "domainQuestionRemove": "您确定要从您的帐户中删除域名吗？",
    "domainMessageRemove": "移除后，该域将不再与您的账户关联。",
-    "domainMessageConfirm": "要确认，请在下方输入域名。",
    "domainConfirmDelete": "确认删除域",
    "domainDelete": "删除域",
    "domain": "域",
@@ -1266,7 +1305,7 @@
    "billingFreeTier": "免费层",
    "billingWarningOverLimit": "警告：您已超出一个或多个使用限制。在您修改订阅或调整使用情况之前，您的站点将无法连接。",
    "billingUsageLimitsOverview": "使用限制概览",
-    "billingMonitorUsage": "监控您的使用情况以对比已配置的限制。如需提高限制请联系我们 support@fossorial.io。",
+    "billingMonitorUsage": "监控您的使用情况以对比已配置的限制。如需提高限制请联系我们 support@pangolin.net。",
    "billingDataUsage": "数据使用情况",
    "billingOnlineTime": "站点在线时间",
    "billingUsers": "活跃用户",
@@ -1332,8 +1371,20 @@
    "securityKeyUnknownError": "使用安全密钥时出现问题。请再试一次。",
    "twoFactorRequired": "注册安全密钥需要两步验证。",
    "twoFactor": "两步验证",
+    "twoFactorAuthentication": "两步验证",
+    "twoFactorDescription": "这个组织需要双重身份验证。",
+    "enableTwoFactor": "启用两步验证",
+    "organizationSecurityPolicy": "组织安全政策",
+    "organizationSecurityPolicyDescription": "此机构拥有安全要求，您必须先满足才能访问",
+    "securityRequirements": "安全要求",
+    "allRequirementsMet": "已满足所有要求",
+    "completeRequirementsToContinue": "完成下面的要求以继续访问此组织",
+    "youCanNowAccessOrganization": "您现在可以访问此组织",
+    "reauthenticationRequired": "会话长度",
+    "reauthenticationDescription": "该机构要求您每 {maxDays} 天登录一次。",
+    "reauthenticationDescriptionHours": "该机构要求您每 {maxHours} 小时登录一次。",
+    "reauthenticateNow": "再次登录",
    "adminEnabled2FaOnYourAccount": "管理员已为{email}启用两步验证。请完成设置以继续。",
-    "continueToApplication": "继续到应用程序",
    "securityKeyAdd": "添加安全密钥",
    "securityKeyRegisterTitle": "注册新安全密钥",
    "securityKeyRegisterDescription": "连接您的安全密钥并输入名称以便识别",
@@ -1411,6 +1462,7 @@
    "externalProxyEnabled": "外部代理已启用",
    "addNewTarget": "添加新目标",
    "targetsList": "目标列表",
+    "advancedMode": "高级模式",
    "targetErrorDuplicateTargetFound": "找到重复的目标",
    "healthCheckHealthy": "正常",
    "healthCheckUnhealthy": "不正常",
@@ -1543,18 +1595,17 @@
    "autoLoginError": "自动登录错误",
    "autoLoginErrorNoRedirectUrl": "未从身份提供商收到重定向URL。",
    "autoLoginErrorGeneratingUrl": "生成身份验证URL失败。",
-    "remoteExitNodeManageRemoteExitNodes": "管理自托管",
-    "remoteExitNodeDescription": "管理节点以扩展您的网络连接",
+    "remoteExitNodeManageRemoteExitNodes": "远程节点",
+    "remoteExitNodeDescription": "自我主机一个或多个远程节点来扩展您的网络连接并减少对云的依赖性",
    "remoteExitNodes": "节点",
    "searchRemoteExitNodes": "搜索节点...",
    "remoteExitNodeAdd": "添加节点",
    "remoteExitNodeErrorDelete": "删除节点时出错",
-    "remoteExitNodeQuestionRemove": "您确定要从组织中删除 {selectedNode} 节点吗？",
+    "remoteExitNodeQuestionRemove": "您确定要从组织中删除该节点吗？",
    "remoteExitNodeMessageRemove": "一旦删除，该节点将不再能够访问。",
-    "remoteExitNodeMessageConfirm": "要确认，请输入以下节点的名称。",
    "remoteExitNodeConfirmDelete": "确认删除节点",
    "remoteExitNodeDelete": "删除节点",
-    "sidebarRemoteExitNodes": "节点",
+    "sidebarRemoteExitNodes": "远程节点",
    "remoteExitNodeCreate": {
        "title": "创建节点",
        "description": "创建一个新节点来扩展您的网络连接",
@@ -1719,9 +1770,315 @@
    "resourceExposePortsEditFile": "编辑文件：docker-compose.yml",
    "emailVerificationRequired": "需要电子邮件验证。 请通过 {dashboardUrl}/auth/login 再次登录以完成此步骤。 然后，回到这里。",
    "twoFactorSetupRequired": "需要设置双因素身份验证。 请通过 {dashboardUrl}/auth/login 再次登录以完成此步骤。 然后，回到这里。",
+    "additionalSecurityRequired": "需要额外的安全",
+    "organizationRequiresAdditionalSteps": "这个组织需要额外的安全步骤才能访问资源。",
+    "completeTheseSteps": "完成这些步骤",
+    "enableTwoFactorAuthentication": "启用两步验证",
+    "completeSecuritySteps": "完成安全步骤",
+    "securitySettings": "安全设置",
+    "securitySettingsDescription": "配置您组织的安全策略",
+    "requireTwoFactorForAllUsers": "所有用户需要两步验证",
+    "requireTwoFactorDescription": "如果启用，此组织的所有内部用户必须启用双重身份验证才能访问组织。",
+    "requireTwoFactorDisabledDescription": "此功能需要有效的许可证（企业）或活动订阅（SaS）",
+    "requireTwoFactorCannotEnableDescription": "您必须为您的帐户启用双重身份验证才能对所有用户",
+    "maxSessionLength": "最大会话长度",
+    "maxSessionLengthDescription": "设置用户会话的最长时间。此后用户需要重新验证。",
+    "maxSessionLengthDisabledDescription": "此功能需要有效的许可证（企业）或活动订阅（SaS）",
+    "selectSessionLength": "选择会话长度",
+    "unenforced": "未执行",
+    "1Hour": "1 小时",
+    "3Hours": "3 小时",
+    "6Hours": "6 小时",
+    "12Hours": "12 小时",
+    "1DaySession": "1天",
+    "3Days": "3 天",
+    "7Days": "7 天",
+    "14Days": "14 天",
+    "30DaysSession": "30 天",
+    "90DaysSession": "90 天",
+    "180DaysSession": "180天",
+    "passwordExpiryDays": "密码过期",
+    "editPasswordExpiryDescription": "设置用户需要更改密码之前的天数。",
+    "selectPasswordExpiry": "选择密码过期",
+    "30Days": "30 天",
+    "1Day": "1天",
+    "60Days": "60天",
+    "90Days": "90 天",
+    "180Days": "180天",
+    "1Year": "1 年",
+    "subscriptionBadge": "需要订阅",
+    "securityPolicyChangeWarning": "安全政策更改警告",
+    "securityPolicyChangeDescription": "您即将更改安全政策设置。保存后，您可能需要重新认证以遵守这些政策更新。 所有不符合要求的用户也需要重新认证。",
+    "securityPolicyChangeConfirmMessage": "我确认",
+    "securityPolicyChangeWarningText": "这将影响组织中的所有用户",
    "authPageErrorUpdateMessage": "更新身份验证页面设置时出错",
+    "authPageErrorUpdate": "无法更新认证页面",
    "authPageUpdated": "身份验证页面更新成功",
    "healthCheckNotAvailable": "本地的",
    "rewritePath": "重写路径",
-    "rewritePathDescription": "在转发到目标之前，可以选择重写路径。"
+    "rewritePathDescription": "在转发到目标之前，可以选择重写路径。",
+    "continueToApplication": "继续应用",
+    "checkingInvite": "正在检查邀请",
+    "setResourceHeaderAuth": "设置 ResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "删除头部认证",
+    "resourceHeaderAuthRemoveDescription": "已成功删除头部身份验证。",
+    "resourceErrorHeaderAuthRemove": "删除头部身份验证失败",
+    "resourceErrorHeaderAuthRemoveDescription": "无法删除资源的头部身份验证。",
+    "resourceHeaderAuthProtectionEnabled": "头部认证已启用",
+    "resourceHeaderAuthProtectionDisabled": "头部身份验证已禁用",
+    "headerAuthRemove": "删除头部认证",
+    "headerAuthAdd": "添加页眉认证",
+    "resourceErrorHeaderAuthSetup": "设置页眉认证失败",
+    "resourceErrorHeaderAuthSetupDescription": "无法设置资源的头部身份验证。",
+    "resourceHeaderAuthSetup": "头部认证设置成功",
+    "resourceHeaderAuthSetupDescription": "头部认证已成功设置。",
+    "resourceHeaderAuthSetupTitle": "设置头部身份验证",
+    "resourceHeaderAuthSetupTitleDescription": "使用HTTP 头身份验证来设置基本身份验证信息(用户名和密码)。使用 https://username:password@resource.example.com 访问它",
+    "resourceHeaderAuthSubmit": "设置头部身份验证",
+    "actionSetResourceHeaderAuth": "设置头部身份验证",
+    "enterpriseEdition": "企业版",
+    "unlicensed": "未授权",
+    "beta": "测试版",
+    "manageClients": "管理客户端",
+    "manageClientsDescription": "客户端是可以连接到您的站点的设备",
+    "licenseTableValidUntil": "有效期至",
+    "saasLicenseKeysSettingsTitle": "企业许可证",
+    "saasLicenseKeysSettingsDescription": "为自我托管的 Pangolin 实例生成和管理企业许可证密钥",
+    "sidebarEnterpriseLicenses": "许可协议",
+    "generateLicenseKey": "生成许可证密钥",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "请输入一个有效的电子邮件地址",
+            "useCaseTypeRequired": "请选择一个使用的案例类型",
+            "firstNameRequired": "必填名",
+            "lastNameRequired": "姓氏是必填项",
+            "primaryUseRequired": "请描述您的主要使用",
+            "jobTitleRequiredBusiness": "企业使用必须有职位头衔。",
+            "industryRequiredBusiness": "商业使用需要工业",
+            "stateProvinceRegionRequired": "州/省/地区是必填项",
+            "postalZipCodeRequired": "邮政编码是必需的",
+            "companyNameRequiredBusiness": "企业使用需要公司名称",
+            "countryOfResidenceRequiredBusiness": "商业使用必须是居住国",
+            "countryRequiredPersonal": "国家需要个人使用",
+            "agreeToTermsRequired": "您必须同意条款",
+            "complianceConfirmationRequired": "您必须确认遵守Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "个人使用",
+                "description": "个人非商业用途，如学习、个人项目或实验。"
+            },
+            "business": {
+                "title": "商业使用",
+                "description": "供组织、公司或商业或创收活动使用。"
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "电子邮件和许可证类型",
+                "description": "输入您的电子邮件并选择您的许可证类型"
+            },
+            "personalInformation": {
+                "title": "个人信息",
+                "description": "告诉我们自己的信息"
+            },
+            "contactInformation": {
+                "title": "联系信息",
+                "description": "您的联系信息"
+            },
+            "termsGenerate": {
+                "title": "条款并生成",
+                "description": "审阅并接受条款生成您的许可证"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "使用情况披露",
+                "description": "选择能准确反映您预定用途的许可等级。 个人许可证允许对个人、非商业性或小型商业活动免费使用软件，年收入毛额不到100 000美元。 超出这些限度的任何用途，包括在企业、组织内的用途。 或其他创收环境——需要有效的企业许可证和支付适用的许可证费用。 所有用户，不论是个人还是企业，都必须遵守寄养商业许可证条款。"
+            },
+            "trialPeriodInformation": {
+                "title": "试用期信息",
+                "description": "此许可证密钥使企业特性能够持续7天的评价。 在评估期过后继续访问付费功能需要在有效的个人或企业许可证下激活。对于企业许可证，请联系Sales@pangolin.net。"
+            }
+        },
+        "form": {
+            "useCaseQuestion": "您是否正在使用 Pangolin 进行个人或商业使用？",
+            "firstName": "名字",
+            "lastName": "名字",
+            "jobTitle": "工作头衔：",
+            "primaryUseQuestion": "您主要计划使用 Pangolin 吗？",
+            "industryQuestion": "您的行业是什么？",
+            "prospectiveUsersQuestion": "您期望有多少预期用户？",
+            "prospectiveSitesQuestion": "您期望有多少站点(隧道)？",
+            "companyName": "公司名称",
+            "countryOfResidence": "居住国",
+            "stateProvinceRegion": "州/省/地区",
+            "postalZipCode": "邮政编码",
+            "companyWebsite": "公司网站",
+            "companyPhoneNumber": "公司电话号码",
+            "country": "国家",
+            "phoneNumberOptional": "电话号码 (可选)",
+            "complianceConfirmation": "我确认我提供的资料是准确的，我遵守了寄养商业许可证。 报告不准确的信息或错误的产品使用是违反许可证的行为，可能导致您的密钥被撤销。"
+        },
+        "buttons": {
+            "close": "关闭",
+            "previous": "上一个",
+            "next": "下一个",
+            "generateLicenseKey": "生成许可证密钥"
+        },
+        "toasts": {
+            "success": {
+                "title": "许可证密钥生成成功",
+                "description": "您的许可证密钥已经生成并准备使用。"
+            },
+            "error": {
+                "title": "生成许可证密钥失败",
+                "description": "生成许可证密钥时出错。"
+            }
+        }
+    },
+    "priority": "优先权",
+    "priorityDescription": "先评估更高优先级线路。优先级 = 100意味着自动排序(系统决定). 使用另一个数字强制执行手动优先级。",
+    "instanceName": "实例名称",
+    "pathMatchModalTitle": "配置路径匹配",
+    "pathMatchModalDescription": "根据传入请求的路径设置匹配方式。",
+    "pathMatchType": "匹配类型",
+    "pathMatchPrefix": "前缀",
+    "pathMatchExact": "精准的",
+    "pathMatchRegex": "正则表达式",
+    "pathMatchValue": "路径值",
+    "clear": "清空",
+    "saveChanges": "保存更改",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/路径",
+    "pathMatchPrefixHelp": "示例： /api 匹配/api, /api/users 等。",
+    "pathMatchExactHelp": "示例：/api 匹配仅限/api",
+    "pathMatchRegexHelp": "例如：^/api/.* 匹配/api/why",
+    "pathRewriteModalTitle": "配置路径重写",
+    "pathRewriteModalDescription": "在转发到目标之前变换匹配的路径。",
+    "pathRewriteType": "重写类型",
+    "pathRewritePrefixOption": "前缀 - 替换前缀",
+    "pathRewriteExactOption": "精确-替换整个路径",
+    "pathRewriteRegexOption": "正则表达式 - 替换模式",
+    "pathRewriteStripPrefixOption": "删除前缀 - 删除前缀",
+    "pathRewriteValue": "重写值",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "用此值替换匹配的前缀",
+    "pathRewriteExactHelp": "当路径匹配时用此值替换整个路径",
+    "pathRewriteRegexHelp": "使用抓取组，如$1，$2来替换",
+    "pathRewriteStripPrefixHelp": "留空以脱离前缀或提供新的前缀",
+    "pathRewritePrefix": "前缀",
+    "pathRewriteExact": "精准的",
+    "pathRewriteRegex": "正则表达式",
+    "pathRewriteStrip": "带状图",
+    "pathRewriteStripLabel": "条形图",
+    "sidebarEnableEnterpriseLicense": "启用企业许可证",
+    "cannotbeUndone": "无法撤消。",
+    "toConfirm": "确认",
+    "deleteClientQuestion": "您确定要从站点和组织中删除客户吗？",
+    "clientMessageRemove": "一旦删除，客户端将无法连接到站点。",
+    "sidebarLogs": "日志",
+    "request": "请求",
+    "logs": "日志",
+    "logsSettingsDescription": "监视从此orginization中收集的日志",
+    "searchLogs": "搜索日志...",
+    "action": "行 动",
+    "actor": "执行者",
+    "timestamp": "时间戳",
+    "accessLogs": "访问日志",
+    "exportCsv": "导出CSV",
+    "actorId": "执行者ID",
+    "allowedByRule": "根据规则允许",
+    "allowedNoAuth": "无认证",
+    "validAccessToken": "有效访问令牌",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "有效密码",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "资源被阻止",
+    "droppedByRule": "被规则删除",
+    "noSessions": "无会话",
+    "temporaryRequestToken": "临时请求令牌",
+    "noMoreAuthMethods": "No Valid Auth",
+    "ip": "IP",
+    "reason": "原因",
+    "requestLogs": "请求日志",
+    "host": "主机",
+    "location": "地点",
+    "actionLogs": "操作日志",
+    "sidebarLogsRequest": "请求日志",
+    "sidebarLogsAccess": "访问日志",
+    "sidebarLogsAction": "操作日志",
+    "logRetention": "日志保留",
+    "logRetentionDescription": "管理不同类型的日志为这个机构保留多长时间或禁用这些日志",
+    "requestLogsDescription": "查看此机构资源的详细请求日志",
+    "logRetentionRequestLabel": "请求日志保留",
+    "logRetentionRequestDescription": "保留请求日志的时间",
+    "logRetentionAccessLabel": "访问日志保留",
+    "logRetentionAccessDescription": "保留访问日志的时间",
+    "logRetentionActionLabel": "动作日志保留",
+    "logRetentionActionDescription": "保留操作日志的时间",
+    "logRetentionDisabled": "已禁用",
+    "logRetention3Days": "3 天",
+    "logRetention7Days": "7 天",
+    "logRetention14Days": "14 天",
+    "logRetention30Days": "30 天",
+    "logRetention90Days": "90 天",
+    "logRetentionForever": "永远的",
+    "actionLogsDescription": "查看此机构执行的操作历史",
+    "accessLogsDescription": "查看此机构资源的访问认证请求",
+    "licenseRequiredToUse": "需要企业许可证才能使用此功能。",
+    "certResolver": "证书解决器",
+    "certResolverDescription": "选择用于此资源的证书解析器。",
+    "selectCertResolver": "选择证书解析",
+    "enterCustomResolver": "输入自定义解析器",
+    "preferWildcardCert": "喜欢通配符证书",
+    "unverified": "未验证",
+    "domainSetting": "域设置",
+    "domainSettingDescription": "配置您的域的设置",
+    "preferWildcardCertDescription": "尝试生成通配符证书(需要正确配置的证书解析器)。",
+    "recordName": "记录名称",
+    "auto": "自动操作",
+    "TTL": "TTL",
+    "howToAddRecords": "如何添加记录",
+    "dnsRecord": "DNS记录",
+    "required": "必填",
+    "domainSettingsUpdated": "域设置更新成功",
+    "orgOrDomainIdMissing": "缺少机构或域 ID",
+    "loadingDNSRecords": "正在载入DNS记录...",
+    "olmUpdateAvailableInfo": "有最新版本的 Olm 可用。请更新到最新版本以获取最佳体验。",
+    "client": "客户端：",
+    "proxyProtocol": "代理协议设置",
+    "proxyProtocolDescription": "配置代理协议以保留TCP/UDP 服务的客户端IP地址。",
+    "enableProxyProtocol": "启用代理协议",
+    "proxyProtocolInfo": "为TCP/UDP 后端保留客户端IP地址",
+    "proxyProtocolVersion": "代理协议版本",
+    "version1": " 版本 1 (推荐)",
+    "version2": "版本 2",
+    "versionDescription": "版本 1 是基于文本和广泛支持的版本。版本 2 是二进制和更有效率但不那么兼容。",
+    "warning": "警告",
+    "proxyProtocolWarning": "您的后端应用程序必须配置为接受代理协议连接。如果您的后端不支持代理协议，启用这将会中断所有连接。 请务必从Traefik配置您的后端到信任代理协议标题。",
+    "restarting": "正在重启...",
+    "manual": "手动模式",
+    "messageSupport": "消息支持",
+    "supportNotAvailableTitle": "支持不可用",
+    "supportNotAvailableDescription": "支持现在不可用。您可以发送电子邮件到 support@pangolin.net。",
+    "supportRequestSentTitle": "支持请求已发送",
+    "supportRequestSentDescription": "您的消息已成功发送。",
+    "supportRequestFailedTitle": "发送请求失败",
+    "supportRequestFailedDescription": "发送您的支持请求时出错。",
+    "supportSubjectRequired": "主题是必填项",
+    "supportSubjectMaxLength": "主题必须是255个或更少的字符",
+    "supportMessageRequired": "消息是必填项",
+    "supportReplyTo": "回复给",
+    "supportSubject": "议 题",
+    "supportSubjectPlaceholder": "输入主题",
+    "supportMessage": "留言",
+    "supportMessagePlaceholder": "输入您的消息",
+    "supportSending": "正在发送...",
+    "supportSend": "发送",
+    "supportMessageSent": "消息已发送！",
+    "supportWillContact": "我们很快就会联系起来！"
 }
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -7,7 +7,8 @@ const nextConfig = {
    eslint: {
        ignoreDuringBuilds: true
    },
-    output: "standalone"
+    output: "standalone",
+   
 };

 export default withNextIntl(nextConfig);
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -19,22 +19,23 @@
        "db:sqlite:studio": "drizzle-kit studio --config=./drizzle.sqlite.config.ts",
        "db:pg:studio": "drizzle-kit studio --config=./drizzle.pg.config.ts",
        "db:clear-migrations": "rm -rf server/migrations",
-        "set:oss": "echo 'export const build = \"oss\" as any;' > server/build.ts",
-        "set:saas": "echo 'export const build = \"saas\" as any;' > server/build.ts",
-        "set:enterprise": "echo 'export const build = \"enterprise\" as any;' > server/build.ts",
+        "set:oss": "echo 'export const build = \"oss\" as any;' > server/build.ts && cp tsconfig.oss.json tsconfig.json",
+        "set:saas": "echo 'export const build = \"saas\" as any;' > server/build.ts && cp tsconfig.saas.json tsconfig.json",
+        "set:enterprise": "echo 'export const build = \"enterprise\" as any;' > server/build.ts && cp tsconfig.enterprise.json tsconfig.json",
        "set:sqlite": "echo 'export * from \"./sqlite\";' > server/db/index.ts",
        "set:pg": "echo 'export * from \"./pg\";' > server/db/index.ts",
+        "next:build": "next build",
        "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
        "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
        "start": "ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod NODE_ENV=development node --enable-source-maps dist/server.mjs",
        "email": "email dev --dir server/emails/templates --port 3005",
-        "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs",
-        "db:sqlite:seed-exit-node": "sqlite3 config/db/db.sqlite \"INSERT INTO exitNodes (exitNodeId, name, address, endpoint, publicKey, listenPort, reachableAt, maxConnections, online, lastPing, type, region) VALUES (null, 'test', '10.0.0.1/24', 'localhost', 'MJ44MpnWGxMZURgxW/fWXDFsejhabnEFYDo60LQwK3A=', 1234, 'http://localhost:3003', 123, 1, null, 'gerbil', null);\""
+        "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
    },
    "dependencies": {
        "@asteasolutions/zod-to-openapi": "^7.3.4",
-        "@aws-sdk/client-s3": "3.837.0",
+        "@aws-sdk/client-s3": "3.908.0",
        "@hookform/resolvers": "5.2.2",
+        "@monaco-editor/react": "^4.7.0",
        "@node-rs/argon2": "^2.0.2",
        "@oslojs/crypto": "1.0.1",
        "@oslojs/encoding": "1.1.0",
@@ -56,17 +57,17 @@
        "@radix-ui/react-tabs": "1.1.13",
        "@radix-ui/react-toast": "1.2.15",
        "@radix-ui/react-tooltip": "^1.2.8",
-        "@react-email/components": "0.5.5",
-        "@react-email/render": "^1.2.0",
+        "@react-email/components": "0.5.7",
+        "@react-email/render": "^1.3.2",
        "@react-email/tailwind": "1.2.2",
-        "@simplewebauthn/browser": "^13.2.0",
-        "@simplewebauthn/server": "^13.2.1",
+        "@simplewebauthn/browser": "^13.2.2",
+        "@simplewebauthn/server": "^13.2.2",
        "@tailwindcss/forms": "^0.5.10",
        "@tanstack/react-table": "8.21.3",
        "arctic": "^3.7.0",
        "axios": "^1.12.2",
        "better-sqlite3": "11.7.0",
-        "canvas-confetti": "1.9.3",
+        "canvas-confetti": "1.9.4",
        "class-variance-authority": "^0.7.1",
        "clsx": "2.1.1",
        "cmdk": "1.1.1",
@@ -75,9 +76,10 @@
        "cookies": "^0.9.1",
        "cors": "2.8.5",
        "crypto-js": "^4.2.0",
-        "drizzle-orm": "0.44.6",
-        "eslint": "9.35.0",
-        "eslint-config-next": "15.5.4",
+        "date-fns": "4.1.0",
+        "drizzle-orm": "0.44.7",
+        "eslint": "9.37.0",
+        "eslint-config-next": "15.5.6",
        "express": "5.1.0",
        "express-rate-limit": "8.1.0",
        "glob": "11.0.3",
@@ -85,79 +87,85 @@
        "http-errors": "2.0.0",
        "i": "^0.3.7",
        "input-otp": "1.4.2",
-        "ioredis": "5.6.1",
+        "ioredis": "5.8.2",
        "jmespath": "^0.16.0",
        "js-yaml": "4.1.0",
        "jsonwebtoken": "^9.0.2",
-        "lucide-react": "^0.544.0",
+        "lucide-react": "^0.545.0",
        "maxmind": "5.0.0",
        "moment": "2.30.1",
-        "next": "15.5.4",
-        "next-intl": "^4.3.9",
+        "next": "15.5.6",
+        "next-intl": "^4.3.12",
        "next-themes": "0.4.6",
+        "nextjs-toploader": "^3.9.17",
        "node-cache": "5.1.2",
        "node-fetch": "3.3.2",
-        "nodemailer": "7.0.6",
-        "npm": "^11.6.1",
+        "nodemailer": "7.0.10",
+        "npm": "^11.6.2",
+        "nprogress": "^0.2.0",
        "oslo": "1.2.1",
        "pg": "^8.16.2",
-        "posthog-node": "^5.8.4",
+        "posthog-node": "^5.10.4",
        "qrcode.react": "4.2.0",
-        "react": "19.1.1",
-        "react-dom": "19.1.1",
-        "react-easy-sort": "^1.7.0",
-        "react-hook-form": "7.62.0",
+        "react": "19.2.0",
+        "react-day-picker": "9.11.1",
+        "react-dom": "19.2.0",
+        "react-easy-sort": "^1.8.0",
+        "react-hook-form": "7.65.0",
        "react-icons": "^5.5.0",
        "rebuild": "0.1.2",
        "reodotdev": "^1.0.0",
-        "resend": "^6.1.1",
-        "semver": "^7.7.2",
+        "resend": "^6.1.2",
+        "semver": "^7.7.3",
        "stripe": "18.2.1",
        "swagger-ui-express": "^5.0.1",
        "tailwind-merge": "3.3.1",
        "tw-animate-css": "^1.3.8",
        "uuid": "^13.0.0",
        "vaul": "1.1.2",
-        "winston": "3.17.0",
+        "winston": "3.18.3",
        "winston-daily-rotate-file": "5.0.0",
        "ws": "8.18.3",
+        "yaml": "^2.8.1",
        "yargs": "18.0.0",
        "zod": "3.25.76",
-        "zod-validation-error": "3.5.2"
+        "zod-validation-error": "3.5.2",
+        "@faker-js/faker": "^10.1.0"
    },
    "devDependencies": {
        "@dotenvx/dotenvx": "1.51.0",
        "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/preview-server": "4.1.0",
-        "@tailwindcss/postcss": "^4.1.14",
+        "@react-email/preview-server": "4.3.2",
+        "@tailwindcss/postcss": "^4.1.16",
        "@types/better-sqlite3": "7.6.12",
-        "@types/cookie-parser": "1.4.9",
+        "@types/cookie-parser": "1.4.10",
        "@types/cors": "2.8.19",
        "@types/crypto-js": "^4.2.2",
-        "@types/express": "5.0.3",
+        "@types/express": "5.0.5",
        "@types/express-session": "^1.18.2",
        "@types/jmespath": "^0.15.2",
        "@types/js-yaml": "4.0.9",
        "@types/jsonwebtoken": "^9.0.10",
-        "@types/node": "24.6.1",
-        "@types/nodemailer": "7.0.2",
-        "@types/pg": "8.15.5",
-        "@types/react": "19.1.16",
-        "@types/react-dom": "19.1.9",
+        "@types/nprogress": "^0.2.3",
+        "@types/node": "24.9.2",
+        "@types/nodemailer": "7.0.3",
+        "@types/pg": "8.15.6",
+        "@types/react": "19.2.2",
+        "@types/react-dom": "19.2.2",
        "@types/semver": "^7.7.1",
        "@types/swagger-ui-express": "^4.1.8",
        "@types/ws": "8.18.1",
-        "@types/yargs": "17.0.33",
-        "drizzle-kit": "0.31.5",
-        "esbuild": "0.25.10",
+        "@types/yargs": "17.0.34",
+        "drizzle-kit": "0.31.6",
+        "esbuild": "0.25.11",
        "esbuild-node-externals": "1.18.0",
        "postcss": "^8",
-        "react-email": "4.2.12",
+        "react-email": "4.3.2",
        "tailwindcss": "^4.1.4",
        "tsc-alias": "1.8.16",
        "tsx": "4.20.6",
        "typescript": "^5",
-        "typescript-eslint": "^8.45.0"
+        "typescript-eslint": "^8.46.2"
    },
    "overrides": {
        "emblor": {
--- a/public/logo/word_mark_black.png
+++ b/public/logo/word_mark_black.png
--- a/public/logo/word_mark_white.png
+++ b/public/logo/word_mark_white.png
--- a/server/apiServer.ts
+++ b/server/apiServer.ts
@@ -7,21 +7,21 @@ import {
    errorHandlerMiddleware,
    notFoundMiddleware
 } from "@server/middlewares";
-import { corsWithLoginPageSupport } from "@server/middlewares/private/corsWithLoginPage";
-import { authenticated, unauthenticated } from "@server/routers/external";
-import { router as wsRouter, handleWSUpgrade } from "@server/routers/ws";
+import { authenticated, unauthenticated } from "#dynamic/routers/external";
+import { router as wsRouter, handleWSUpgrade } from "#dynamic/routers/ws";
 import { logIncomingMiddleware } from "./middlewares/logIncoming";
 import { csrfProtectionMiddleware } from "./middlewares/csrfProtection";
 import helmet from "helmet";
-import { stripeWebhookHandler } from "@server/routers/private/billing/webhooks";
 import { build } from "./build";
 import rateLimit, { ipKeyGenerator } from "express-rate-limit";
 import createHttpError from "http-errors";
 import HttpCode from "./types/HttpCode";
 import requestTimeoutMiddleware from "./middlewares/requestTimeout";
-import { createStore } from "@server/lib/private/rateLimitStore";
-import hybridRouter from "@server/routers/private/hybrid";
+import { createStore } from "#dynamic/lib/rateLimitStore";
 import { stripDuplicateSesions } from "./middlewares/stripDuplicateSessions";
+import { corsWithLoginPageSupport } from "@server/lib/corsWithLoginPage";
+import { hybridRouter } from "#dynamic/routers/hybrid";
+import { billingWebhookHandler } from "#dynamic/routers/billing/webhooks";

 const dev = config.isDev;
 const externalPort = config.getRawConfig().server.external_port;
@@ -39,32 +39,30 @@ export function createApiServer() {
        apiServer.post(
            `${prefix}/billing/webhooks`,
            express.raw({ type: "application/json" }),
-            stripeWebhookHandler
+            billingWebhookHandler
        );
    }

    const corsConfig = config.getRawConfig().server.cors;
+    const options = {
+        ...(corsConfig?.origins
+            ? { origin: corsConfig.origins }
+            : {
+                  origin: (origin: any, callback: any) => {
+                      callback(null, true);
+                  }
+              }),
+        ...(corsConfig?.methods && { methods: corsConfig.methods }),
+        ...(corsConfig?.allowed_headers && {
+            allowedHeaders: corsConfig.allowed_headers
+        }),
+        credentials: !(corsConfig?.credentials === false)
+    };

-    if (build == "oss") {
-        const options = {
-            ...(corsConfig?.origins
-                ? { origin: corsConfig.origins }
-                : {
-                      origin: (origin: any, callback: any) => {
-                          callback(null, true);
-                      }
-                  }),
-            ...(corsConfig?.methods && { methods: corsConfig.methods }),
-            ...(corsConfig?.allowed_headers && {
-                allowedHeaders: corsConfig.allowed_headers
-            }),
-            credentials: !(corsConfig?.credentials === false)
-        };
-
+    if (build == "oss" || !corsConfig) {
        logger.debug("Using CORS options", options);
-
        apiServer.use(cors(options));
-    } else {
+    } else if (corsConfig) {
        // Use the custom CORS middleware with loginPage support
        apiServer.use(corsWithLoginPageSupport(corsConfig));
    }
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -4,7 +4,6 @@ import { userActions, roleActions, userOrgs } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
-import { sendUsageNotification } from "@server/routers/org";

 export enum ActionsEnum {
    createOrgUser = "createOrgUser",
@@ -61,6 +60,7 @@ export enum ActionsEnum {
    getUser = "getUser",
    setResourcePassword = "setResourcePassword",
    setResourcePincode = "setResourcePincode",
+    setResourceHeaderAuth = "setResourceHeaderAuth",
    setResourceWhitelist = "setResourceWhitelist",
    getResourceWhitelist = "getResourceWhitelist",
    generateAccessToken = "generateAccessToken",
@@ -81,6 +81,9 @@ export enum ActionsEnum {
    listClients = "listClients",
    getClient = "getClient",
    listOrgDomains = "listOrgDomains",
+    getDomain = "getDomain",
+    updateOrgDomain = "updateOrgDomain",
+    getDNSRecords = "getDNSRecords",
    createNewt = "createNewt",
    createIdp = "createIdp",
    updateIdp = "updateIdp",
@@ -116,7 +119,11 @@ export enum ActionsEnum {
    updateLoginPage = "updateLoginPage",
    getLoginPage = "getLoginPage",
    deleteLoginPage = "deleteLoginPage",
-    applyBlueprint = "applyBlueprint"
+    listBlueprints = "listBlueprints",
+    getBlueprint = "getBlueprint",
+    applyBlueprint = "applyBlueprint",
+    viewLogs = "viewLogs",
+    exportLogs = "exportLogs"
 }

 export async function checkUserActionPermission(
@@ -193,8 +200,6 @@ export async function checkUserActionPermission(
            .limit(1);

        return roleActionPermission.length > 0;
-
-        return false;
    } catch (error) {
        console.error("Error checking user action permission:", error);
        throw createHttpError(
--- a/server/auth/sessions/app.ts
+++ b/server/auth/sessions/app.ts
@@ -39,7 +39,8 @@ export async function createSession(
    const session: Session = {
        sessionId: sessionId,
        userId,
-        expiresAt: new Date(Date.now() + SESSION_COOKIE_EXPIRES).getTime()
+        expiresAt: new Date(Date.now() + SESSION_COOKIE_EXPIRES).getTime(),
+        issuedAt: new Date().getTime()
    };
    await db.insert(sessions).values(session);
    return session;
--- a/server/auth/sessions/resource.ts
+++ b/server/auth/sessions/resource.ts
@@ -4,9 +4,6 @@ import { resourceSessions, ResourceSession } from "@server/db";
 import { db } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import config from "@server/lib/config";
-import axios from "axios";
-import logger from "@server/logger";
-import { tokenManager } from "@server/lib/tokenManager";

 export const SESSION_COOKIE_NAME =
    config.getRawConfig().server.session_cookie_name;
@@ -53,7 +50,8 @@ export async function createResourceSession(opts: {
        doNotExtend: opts.doNotExtend || false,
        accessTokenId: opts.accessTokenId || null,
        isRequestToken: opts.isRequestToken || false,
-        userSessionId: opts.userSessionId || null
+        userSessionId: opts.userSessionId || null,
+        issuedAt: new Date().getTime()
    };

    await db.insert(resourceSessions).values(session);
@@ -65,29 +63,6 @@ export async function validateResourceSessionToken(
    token: string,
    resourceId: number
 ): Promise<ResourceSessionValidationResult> {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.post(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/session/validate`, {
-                token: token
-            }, await tokenManager.getAuthHeader());
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error validating resource session token in hybrid mode:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error validating resource session token in hybrid mode:", error);
-            }
-            return { resourceSession: null };
-        }
-    }
-
    const sessionId = encodeHexLowerCase(
        sha256(new TextEncoder().encode(token))
    );
--- a/server/cleanup.ts
+++ b/server/cleanup.ts
@@ -0,0 +1,13 @@
+import { cleanup as wsCleanup } from "@server/routers/ws";
+
+async function cleanup() {
+    await wsCleanup();
+
+    process.exit(0);
+}
+
+export async function initCleanup() {
+    // Handle process termination
+    process.on("SIGTERM", () => cleanup());
+    process.on("SIGINT", () => cleanup());
+}
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -35,11 +35,12 @@ function createDb() {
    }

    // Create connection pools instead of individual connections
+    const poolConfig = config.postgres.pool;
    const primaryPool = new Pool({
        connectionString,
-        max: 20,
-        idleTimeoutMillis: 30000,
-        connectionTimeoutMillis: 5000,
+        max: poolConfig?.max_connections || 20,
+        idleTimeoutMillis: poolConfig?.idle_timeout_ms || 30000,
+        connectionTimeoutMillis: poolConfig?.connection_timeout_ms || 5000,
    });

    const replicas = [];
@@ -50,9 +51,9 @@ function createDb() {
        for (const conn of replicaConnections) {
            const replicaPool = new Pool({
                connectionString: conn.connection_string,
-                max: 10,
-                idleTimeoutMillis: 30000,
-                connectionTimeoutMillis: 5000,
+                max: poolConfig?.max_replica_connections || 20,
+                idleTimeoutMillis: poolConfig?.idle_timeout_ms || 30000,
+                connectionTimeoutMillis: poolConfig?.connection_timeout_ms || 5000,
            });
            replicas.push(DrizzlePostgres(replicaPool));
        }
--- a/server/db/pg/index.ts
+++ b/server/db/pg/index.ts
@@ -1,3 +1,3 @@
 export * from "./driver";
-export * from "./schema";
-export * from "./privateSchema";
+export * from "./schema/schema";
+export * from "./schema/privateSchema";
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import {
    pgTable,
    serial,
@@ -19,7 +6,8 @@ import {
    integer,
    bigint,
    real,
-    text
+    text,
+    index
 } from "drizzle-orm/pg-core";
 import { InferSelectModel } from "drizzle-orm";
 import { domains, orgs, targets, users, exitNodes, sessions } from "./schema";
@@ -179,6 +167,7 @@ export const remoteExitNodes = pgTable("remoteExitNode", {
    secretHash: varchar("secretHash").notNull(),
    dateCreated: varchar("dateCreated").notNull(),
    version: varchar("version"),
+    secondaryVersion: varchar("secondaryVersion"), // This is to detect the new nodes after the transition to pangolin-node
    exitNodeId: integer("exitNodeId").references(() => exitNodes.exitNodeId, {
        onDelete: "cascade"
    })
@@ -226,6 +215,43 @@ export const sessionTransferToken = pgTable("sessionTransferToken", {
    expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
 });

+export const actionAuditLog = pgTable("actionAuditLog", {
+    id: serial("id").primaryKey(),
+    timestamp: bigint("timestamp", { mode: "number" }).notNull(), // this is EPOCH time in seconds
+    orgId: varchar("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: varchar("actorType", { length: 50 }).notNull(),
+    actor: varchar("actor", { length: 255 }).notNull(),
+    actorId: varchar("actorId", { length: 255 }).notNull(),
+    action: varchar("action", { length: 100 }).notNull(),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
+export const accessAuditLog = pgTable("accessAuditLog", {
+    id: serial("id").primaryKey(),
+    timestamp: bigint("timestamp", { mode: "number" }).notNull(), // this is EPOCH time in seconds
+    orgId: varchar("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: varchar("actorType", { length: 50 }),
+    actor: varchar("actor", { length: 255 }),
+    actorId: varchar("actorId", { length: 255 }),
+    resourceId: integer("resourceId"),
+    ip: varchar("ip", { length: 45 }),
+    type: varchar("type", { length: 100 }).notNull(),
+    action: boolean("action").notNull(),
+    location: text("location"),
+    userAgent: text("userAgent"),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_identityAuditLog_timestamp").on(table.timestamp),
+    index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
@@ -243,3 +269,5 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
+export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -6,7 +6,8 @@ import {
    integer,
    bigint,
    real,
-    text
+    text,
+    index
 } from "drizzle-orm/pg-core";
 import { InferSelectModel } from "drizzle-orm";
 import { randomUUID } from "crypto";
@@ -18,7 +19,21 @@ export const domains = pgTable("domains", {
    type: varchar("type"), // "ns", "cname", "wildcard"
    verified: boolean("verified").notNull().default(false),
    failed: boolean("failed").notNull().default(false),
-    tries: integer("tries").notNull().default(0)
+    tries: integer("tries").notNull().default(0),
+    certResolver: varchar("certResolver"),
+    customCertResolver: varchar("customCertResolver"),
+    preferWildcardCert: boolean("preferWildcardCert")
+});
+
+export const dnsRecords = pgTable("dnsRecords", {
+    id: serial("id").primaryKey(),
+    domainId: varchar("domainId")
+        .notNull()
+        .references(() => domains.domainId, { onDelete: "cascade" }),
+    recordType: varchar("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
+    baseDomain: varchar("baseDomain"),
+    value: varchar("value").notNull(),
+    verified: boolean("verified").notNull().default(false)
 });

 export const orgs = pgTable("orgs", {
@@ -26,7 +41,18 @@ export const orgs = pgTable("orgs", {
    name: varchar("name").notNull(),
    subnet: varchar("subnet"),
    createdAt: text("createdAt"),
-    settings: text("settings") // JSON blob of org-specific settings
+    requireTwoFactor: boolean("requireTwoFactor"),
+    maxSessionLengthHours: integer("maxSessionLengthHours"),
+    passwordExpiryDays: integer("passwordExpiryDays"),
+    settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
+        .notNull()
+        .default(7),
+    settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
+        .notNull()
+        .default(0),
+    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
+        .notNull()
+        .default(0)
 });

 export const orgDomains = pgTable("orgDomains", {
@@ -100,9 +126,11 @@ export const resources = pgTable("resources", {
    setHostHeader: varchar("setHostHeader"),
    enableProxy: boolean("enableProxy").default(true),
    skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
-        onDelete: "cascade"
+        onDelete: "set null"
    }),
-    headers: text("headers") // comma-separated list of headers to add to the request
+    headers: text("headers"), // comma-separated list of headers to add to the request
+    proxyProtocol: boolean("proxyProtocol").notNull().default(false),
+    proxyProtocolVersion: integer("proxyProtocolVersion").default(1)
 });

 export const targets = pgTable("targets", {
@@ -125,7 +153,8 @@ export const targets = pgTable("targets", {
    path: text("path"),
    pathMatchType: text("pathMatchType"), // exact, prefix, regex
    rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
-    rewritePathType: text("rewritePathType") // exact, prefix, regex, stripPrefix
+    rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
+    priority: integer("priority").notNull().default(100)
 });

 export const targetHealthCheck = pgTable("targetHealthCheck", {
@@ -199,7 +228,8 @@ export const users = pgTable("user", {
    dateCreated: varchar("dateCreated").notNull(),
    termsAcceptedTimestamp: varchar("termsAcceptedTimestamp"),
    termsVersion: varchar("termsVersion"),
-    serverAdmin: boolean("serverAdmin").notNull().default(false)
+    serverAdmin: boolean("serverAdmin").notNull().default(false),
+    lastPasswordChange: bigint("lastPasswordChange", { mode: "number" })
 });

 export const newts = pgTable("newt", {
@@ -225,7 +255,8 @@ export const sessions = pgTable("session", {
    userId: varchar("userId")
        .notNull()
        .references(() => users.userId, { onDelete: "cascade" }),
-    expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
+    expiresAt: bigint("expiresAt", { mode: "number" }).notNull(),
+    issuedAt: bigint("issuedAt", { mode: "number" })
 });

 export const newtSessions = pgTable("newtSession", {
@@ -380,6 +411,14 @@ export const resourcePassword = pgTable("resourcePassword", {
    passwordHash: varchar("passwordHash").notNull()
 });

+export const resourceHeaderAuth = pgTable("resourceHeaderAuth", {
+    headerAuthId: serial("headerAuthId").primaryKey(),
+    resourceId: integer("resourceId")
+        .notNull()
+        .references(() => resources.resourceId, { onDelete: "cascade" }),
+    headerAuthHash: varchar("headerAuthHash").notNull()
+});
+
 export const resourceAccessToken = pgTable("resourceAccessToken", {
    accessTokenId: varchar("accessTokenId").primaryKey(),
    orgId: varchar("orgId")
@@ -434,7 +473,8 @@ export const resourceSessions = pgTable("resourceSessions", {
        {
            onDelete: "cascade"
        }
-    )
+    ),
+    issuedAt: bigint("issuedAt", { mode: "number" })
 });

 export const resourceWhitelist = pgTable("resourceWhitelist", {
@@ -662,6 +702,57 @@ export const setupTokens = pgTable("setupTokens", {
    dateUsed: varchar("dateUsed")
 });

+// Blueprint runs
+export const blueprints = pgTable("blueprints", {
+    blueprintId: serial("blueprintId").primaryKey(),
+    orgId: text("orgId")
+        .references(() => orgs.orgId, {
+            onDelete: "cascade"
+        })
+        .notNull(),
+    name: varchar("name").notNull(),
+    source: varchar("source").notNull(),
+    createdAt: integer("createdAt").notNull(),
+    succeeded: boolean("succeeded").notNull(),
+    contents: text("contents").notNull(),
+    message: text("message")
+});
+export const requestAuditLog = pgTable(
+    "requestAuditLog",
+    {
+        id: serial("id").primaryKey(),
+        timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
+        action: boolean("action").notNull(),
+        reason: integer("reason").notNull(),
+        actorType: text("actorType"),
+        actor: text("actor"),
+        actorId: text("actorId"),
+        resourceId: integer("resourceId"),
+        ip: text("ip"),
+        location: text("location"),
+        userAgent: text("userAgent"),
+        metadata: text("metadata"),
+        headers: text("headers"), // JSON blob
+        query: text("query"), // JSON blob
+        originalRequestURL: text("originalRequestURL"),
+        scheme: text("scheme"),
+        host: text("host"),
+        path: text("path"),
+        method: text("method"),
+        tls: boolean("tls")
+    },
+    (table) => [
+        index("idx_requestAuditLog_timestamp").on(table.timestamp),
+        index("idx_requestAuditLog_org_timestamp").on(
+            table.orgId,
+            table.timestamp
+        )
+    ]
+);
+
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
 export type Site = InferSelectModel<typeof sites>;
@@ -689,6 +780,7 @@ export type UserOrg = InferSelectModel<typeof userOrgs>;
 export type ResourceSession = InferSelectModel<typeof resourceSessions>;
 export type ResourcePincode = InferSelectModel<typeof resourcePincode>;
 export type ResourcePassword = InferSelectModel<typeof resourcePassword>;
+export type ResourceHeaderAuth = InferSelectModel<typeof resourceHeaderAuth>;
 export type ResourceOtp = InferSelectModel<typeof resourceOtp>;
 export type ResourceAccessToken = InferSelectModel<typeof resourceAccessToken>;
 export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;
@@ -710,4 +802,10 @@ export type OrgDomains = InferSelectModel<typeof orgDomains>;
 export type SiteResource = InferSelectModel<typeof siteResources>;
 export type SetupToken = InferSelectModel<typeof setupTokens>;
 export type HostMeta = InferSelectModel<typeof hostMeta>;
-export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
+export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
+export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
+export type Blueprint = InferSelectModel<typeof blueprints>;
+export type LicenseKey = InferSelectModel<typeof licenseKey>;
+export type SecurityKey = InferSelectModel<typeof securityKeys>;
+export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
--- a/server/db/queries/verifySessionQueries.ts
+++ b/server/db/queries/verifySessionQueries.ts
@@ -1,4 +1,4 @@
-import { db, loginPage, LoginPage, loginPageOrg } from "@server/db";
+import { db, loginPage, LoginPage, loginPageOrg, Org, orgs } from "@server/db";
 import {
    Resource,
    ResourcePassword,
@@ -6,6 +6,8 @@ import {
    ResourceRule,
    resourcePassword,
    resourcePincode,
+    resourceHeaderAuth,
+    ResourceHeaderAuth,
    resourceRules,
    resources,
    roleResources,
@@ -15,15 +17,13 @@ import {
    users
 } from "@server/db";
 import { and, eq } from "drizzle-orm";
-import axios from "axios";
-import config from "@server/lib/config";
-import logger from "@server/logger";
-import { tokenManager } from "@server/lib/tokenManager";

 export type ResourceWithAuth = {
    resource: Resource | null;
    pincode: ResourcePincode | null;
    password: ResourcePassword | null;
+    headerAuth: ResourceHeaderAuth | null;
+    org: Org;
 };

 export type UserSessionWithUser = {
@@ -37,30 +37,6 @@ export type UserSessionWithUser = {
 export async function getResourceByDomain(
    domain: string
 ): Promise<ResourceWithAuth | null> {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/domain/${domain}`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const [result] = await db
        .select()
        .from(resources)
@@ -72,6 +48,14 @@ export async function getResourceByDomain(
            resourcePassword,
            eq(resourcePassword.resourceId, resources.resourceId)
        )
+        .leftJoin(
+            resourceHeaderAuth,
+            eq(resourceHeaderAuth.resourceId, resources.resourceId)
+        )
+        .innerJoin(
+            orgs,
+            eq(orgs.orgId, resources.orgId)
+        )
        .where(eq(resources.fullDomain, domain))
        .limit(1);

@@ -82,7 +66,9 @@ export async function getResourceByDomain(
    return {
        resource: result.resources,
        pincode: result.resourcePincode,
-        password: result.resourcePassword
+        password: result.resourcePassword,
+        headerAuth: result.resourceHeaderAuth,
+        org: result.orgs
    };
 }

@@ -92,30 +78,6 @@ export async function getResourceByDomain(
 export async function getUserSessionWithUser(
    userSessionId: string
 ): Promise<UserSessionWithUser | null> {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/session/${userSessionId}`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const [res] = await db
        .select()
        .from(sessions)
@@ -136,30 +98,6 @@ export async function getUserSessionWithUser(
 * Get user organization role
 */
 export async function getUserOrgRole(userId: string, orgId: string) {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const userOrgRole = await db
        .select()
        .from(userOrgs)
@@ -176,30 +114,6 @@ export async function getRoleResourceAccess(
    resourceId: number,
    roleId: number
 ) {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const roleResourceAccess = await db
        .select()
        .from(roleResources)
@@ -221,30 +135,6 @@ export async function getUserResourceAccess(
    userId: string,
    resourceId: number
 ) {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const userResourceAccess = await db
        .select()
        .from(userResources)
@@ -265,30 +155,6 @@ export async function getUserResourceAccess(
 export async function getResourceRules(
    resourceId: number
 ): Promise<ResourceRule[]> {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return [];
-        }
-    }
-
    const rules = await db
        .select()
        .from(resourceRules)
@@ -303,30 +169,6 @@ export async function getResourceRules(
 export async function getOrgLoginPage(
    orgId: string
 ): Promise<LoginPage | null> {
-    if (config.isManagedMode()) {
-        try {
-            const response = await axios.get(
-                `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/org/${orgId}/login-page`,
-                await tokenManager.getAuthHeader()
-            );
-            return response.data.data;
-        } catch (error) {
-            if (axios.isAxiosError(error)) {
-                logger.error("Error fetching config in verify session:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error fetching config in verify session:", error);
-            }
-            return null;
-        }
-    }
-
    const [result] = await db
        .select()
        .from(loginPageOrg)
--- a/server/db/sqlite/driver.ts
+++ b/server/db/sqlite/driver.ts
@@ -1,6 +1,6 @@
 import { drizzle as DrizzleSqlite } from "drizzle-orm/better-sqlite3";
 import Database from "better-sqlite3";
-import * as schema from "./schema";
+import * as schema from "./schema/schema";
 import path from "path";
 import fs from "fs";
 import { APP_PATH } from "@server/lib/consts";
@@ -13,12 +13,16 @@ bootstrapVolume();

 function createDb() {
    const sqlite = new Database(location);
-    return DrizzleSqlite(sqlite, { schema });
+    return DrizzleSqlite(sqlite, {
+        schema
+    });
 }

 export const db = createDb();
 export default db;
-export type Transaction = Parameters<Parameters<typeof db["transaction"]>[0]>[0];
+export type Transaction = Parameters<
+    Parameters<(typeof db)["transaction"]>[0]
+>[0];

 function checkFileExists(filePath: string): boolean {
    try {
--- a/server/db/sqlite/index.ts
+++ b/server/db/sqlite/index.ts
@@ -1,3 +1,3 @@
 export * from "./driver";
-export * from "./schema";
-export * from "./privateSchema";
+export * from "./schema/schema";
+export * from "./schema/privateSchema";
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -1,24 +1,13 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import {
    sqliteTable,
    integer,
    text,
-    real
+    real,
+    index
 } from "drizzle-orm/sqlite-core";
 import { InferSelectModel } from "drizzle-orm";
 import { domains, orgs, targets, users, exitNodes, sessions } from "./schema";
+import { metadata } from "@app/app/[orgId]/settings/layout";

 export const certificates = sqliteTable("certificates", {
    certId: integer("certId").primaryKey({ autoIncrement: true }),
@@ -173,6 +162,7 @@ export const remoteExitNodes = sqliteTable("remoteExitNode", {
    secretHash: text("secretHash").notNull(),
    dateCreated: text("dateCreated").notNull(),
    version: text("version"),
+    secondaryVersion: text("secondaryVersion"), // This is to detect the new nodes after the transition to pangolin-node
    exitNodeId: integer("exitNodeId").references(() => exitNodes.exitNodeId, {
        onDelete: "cascade"
    })
@@ -220,6 +210,43 @@ export const sessionTransferToken = sqliteTable("sessionTransferToken", {
    expiresAt: integer("expiresAt").notNull()
 });

+export const actionAuditLog = sqliteTable("actionAuditLog", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: text("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: text("actorType").notNull(),
+    actor: text("actor").notNull(),
+    actorId: text("actorId").notNull(),
+    action: text("action").notNull(),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
+export const accessAuditLog = sqliteTable("accessAuditLog", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: text("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: text("actorType"),
+    actor: text("actor"),
+    actorId: text("actorId"),
+    resourceId: integer("resourceId"),
+    ip: text("ip"),
+    location: text("location"),
+    type: text("type").notNull(),
+    action: integer("action", { mode: "boolean" }).notNull(),
+    userAgent: text("userAgent"),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_identityAuditLog_timestamp").on(table.timestamp),
+    index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
@@ -237,3 +264,5 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
+export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -1,6 +1,7 @@
 import { randomUUID } from "crypto";
 import { InferSelectModel } from "drizzle-orm";
-import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
+import { boolean } from "yargs";

 export const domains = sqliteTable("domains", {
    domainId: text("domainId").primaryKey(),
@@ -11,15 +12,41 @@ export const domains = sqliteTable("domains", {
    type: text("type"), // "ns", "cname", "wildcard"
    verified: integer("verified", { mode: "boolean" }).notNull().default(false),
    failed: integer("failed", { mode: "boolean" }).notNull().default(false),
-    tries: integer("tries").notNull().default(0)
+    tries: integer("tries").notNull().default(0),
+    certResolver: text("certResolver"),
+    preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" })
 });

+export const dnsRecords = sqliteTable("dnsRecords", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    domainId: text("domainId")
+        .notNull()
+        .references(() => domains.domainId, { onDelete: "cascade" }),
+
+    recordType: text("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
+    baseDomain: text("baseDomain"),
+    value: text("value").notNull(), 
+    verified: integer("verified", { mode: "boolean" }).notNull().default(false),
+});
+
+
 export const orgs = sqliteTable("orgs", {
    orgId: text("orgId").primaryKey(),
    name: text("name").notNull(),
    subnet: text("subnet"),
    createdAt: text("createdAt"),
-    settings: text("settings") // JSON blob of org-specific settings
+    requireTwoFactor: integer("requireTwoFactor", { mode: "boolean" }),
+    maxSessionLengthHours: integer("maxSessionLengthHours"), // hours
+    passwordExpiryDays: integer("passwordExpiryDays"), // days
+    settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
+        .notNull()
+        .default(7),
+    settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
+        .notNull()
+        .default(0),
+    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
+        .notNull()
+        .default(0)
 });

 export const userDomains = sqliteTable("userDomains", {
@@ -112,9 +139,12 @@ export const resources = sqliteTable("resources", {
    setHostHeader: text("setHostHeader"),
    enableProxy: integer("enableProxy", { mode: "boolean" }).default(true),
    skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
-        onDelete: "cascade"
+        onDelete: "set null"
    }),
-    headers: text("headers") // comma-separated list of headers to add to the request
+    headers: text("headers"), // comma-separated list of headers to add to the request
+    proxyProtocol: integer("proxyProtocol", { mode: "boolean" }).notNull().default(false),
+    proxyProtocolVersion: integer("proxyProtocolVersion").default(1)
+
 });

 export const targets = sqliteTable("targets", {
@@ -137,15 +167,20 @@ export const targets = sqliteTable("targets", {
    path: text("path"),
    pathMatchType: text("pathMatchType"), // exact, prefix, regex
    rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
-    rewritePathType: text("rewritePathType") // exact, prefix, regex, stripPrefix
+    rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
+    priority: integer("priority").notNull().default(100)
 });

 export const targetHealthCheck = sqliteTable("targetHealthCheck", {
-    targetHealthCheckId: integer("targetHealthCheckId").primaryKey({ autoIncrement: true }),
+    targetHealthCheckId: integer("targetHealthCheckId").primaryKey({
+        autoIncrement: true
+    }),
    targetId: integer("targetId")
        .notNull()
        .references(() => targets.targetId, { onDelete: "cascade" }),
-    hcEnabled: integer("hcEnabled", { mode: "boolean" }).notNull().default(false),
+    hcEnabled: integer("hcEnabled", { mode: "boolean" })
+        .notNull()
+        .default(false),
    hcPath: text("hcPath"),
    hcScheme: text("hcScheme"),
    hcMode: text("hcMode").default("http"),
@@ -155,7 +190,9 @@ export const targetHealthCheck = sqliteTable("targetHealthCheck", {
    hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
    hcTimeout: integer("hcTimeout").default(5), // in seconds
    hcHeaders: text("hcHeaders"),
-    hcFollowRedirects: integer("hcFollowRedirects", { mode: "boolean" }).default(true),
+    hcFollowRedirects: integer("hcFollowRedirects", {
+        mode: "boolean"
+    }).default(true),
    hcMethod: text("hcMethod").default("GET"),
    hcStatus: integer("hcStatus"), // http code
    hcHealth: text("hcHealth").default("unknown") // "unknown", "healthy", "unhealthy"
@@ -221,7 +258,8 @@ export const users = sqliteTable("user", {
    termsVersion: text("termsVersion"),
    serverAdmin: integer("serverAdmin", { mode: "boolean" })
        .notNull()
-        .default(false)
+        .default(false),
+    lastPasswordChange: integer("lastPasswordChange")
 });

 export const securityKeys = sqliteTable("webauthnCredentials", {
@@ -326,7 +364,8 @@ export const sessions = sqliteTable("session", {
    userId: text("userId")
        .notNull()
        .references(() => users.userId, { onDelete: "cascade" }),
-    expiresAt: integer("expiresAt").notNull()
+    expiresAt: integer("expiresAt").notNull(),
+    issuedAt: integer("issuedAt")
 });

 export const newtSessions = sqliteTable("newtSession", {
@@ -513,6 +552,16 @@ export const resourcePassword = sqliteTable("resourcePassword", {
    passwordHash: text("passwordHash").notNull()
 });

+export const resourceHeaderAuth = sqliteTable("resourceHeaderAuth", {
+    headerAuthId: integer("headerAuthId").primaryKey({
+        autoIncrement: true
+    }),
+    resourceId: integer("resourceId")
+        .notNull()
+        .references(() => resources.resourceId, { onDelete: "cascade" }),
+    headerAuthHash: text("headerAuthHash").notNull()
+});
+
 export const resourceAccessToken = sqliteTable("resourceAccessToken", {
    accessTokenId: text("accessTokenId").primaryKey(),
    orgId: text("orgId")
@@ -566,7 +615,8 @@ export const resourceSessions = sqliteTable("resourceSessions", {
        {
            onDelete: "cascade"
        }
-    )
+    ),
+    issuedAt: integer("issuedAt")
 });

 export const resourceWhitelist = sqliteTable("resourceWhitelist", {
@@ -699,6 +749,59 @@ export const idpOrg = sqliteTable("idpOrg", {
    orgMapping: text("orgMapping")
 });

+// Blueprint runs
+export const blueprints = sqliteTable("blueprints", {
+    blueprintId: integer("blueprintId").primaryKey({
+        autoIncrement: true
+    }),
+    orgId: text("orgId")
+        .references(() => orgs.orgId, {
+            onDelete: "cascade"
+        })
+        .notNull(),
+    name: text("name").notNull(),
+    source: text("source").notNull(),
+    createdAt: integer("createdAt").notNull(),
+    succeeded: integer("succeeded", { mode: "boolean" }).notNull(),
+    contents: text("contents").notNull(),
+    message: text("message")
+});
+export const requestAuditLog = sqliteTable(
+    "requestAuditLog",
+    {
+        id: integer("id").primaryKey({ autoIncrement: true }),
+        timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
+        action: integer("action", { mode: "boolean" }).notNull(),
+        reason: integer("reason").notNull(),
+        actorType: text("actorType"),
+        actor: text("actor"),
+        actorId: text("actorId"),
+        resourceId: integer("resourceId"),
+        ip: text("ip"),
+        location: text("location"),
+        userAgent: text("userAgent"),
+        metadata: text("metadata"),
+        headers: text("headers"), // JSON blob
+        query: text("query"), // JSON blob
+        originalRequestURL: text("originalRequestURL"),
+        scheme: text("scheme"),
+        host: text("host"),
+        path: text("path"),
+        method: text("method"),
+        tls: integer("tls", { mode: "boolean" })
+    },
+    (table) => [
+        index("idx_requestAuditLog_timestamp").on(table.timestamp),
+        index("idx_requestAuditLog_org_timestamp").on(
+            table.orgId,
+            table.timestamp
+        )
+    ]
+);
+
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
 export type Site = InferSelectModel<typeof sites>;
@@ -728,12 +831,14 @@ export type UserOrg = InferSelectModel<typeof userOrgs>;
 export type ResourceSession = InferSelectModel<typeof resourceSessions>;
 export type ResourcePincode = InferSelectModel<typeof resourcePincode>;
 export type ResourcePassword = InferSelectModel<typeof resourcePassword>;
+export type ResourceHeaderAuth = InferSelectModel<typeof resourceHeaderAuth>;
 export type ResourceOtp = InferSelectModel<typeof resourceOtp>;
 export type ResourceAccessToken = InferSelectModel<typeof resourceAccessToken>;
 export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;
 export type VersionMigration = InferSelectModel<typeof versionMigrations>;
 export type ResourceRule = InferSelectModel<typeof resourceRules>;
 export type Domain = InferSelectModel<typeof domains>;
+export type DnsRecord = InferSelectModel<typeof dnsRecords>;
 export type Client = InferSelectModel<typeof clients>;
 export type ClientSite = InferSelectModel<typeof clientSites>;
 export type RoleClient = InferSelectModel<typeof roleClients>;
@@ -747,4 +852,10 @@ export type SiteResource = InferSelectModel<typeof siteResources>;
 export type OrgDomains = InferSelectModel<typeof orgDomains>;
 export type SetupToken = InferSelectModel<typeof setupTokens>;
 export type HostMeta = InferSelectModel<typeof hostMeta>;
-export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
+export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
+export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
+export type Blueprint = InferSelectModel<typeof blueprints>;
+export type LicenseKey = InferSelectModel<typeof licenseKey>;
+export type SecurityKey = InferSelectModel<typeof securityKeys>;
+export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
--- a/server/emails/index.ts
+++ b/server/emails/index.ts
@@ -6,11 +6,6 @@ import logger from "@server/logger";
 import SMTPTransport from "nodemailer/lib/smtp-transport";

 function createEmailClient() {
-    if (config.isManagedMode()) {
-        // LETS NOT WORRY ABOUT EMAILS IN HYBRID 
-        return;
-    }
-
    const emailConfig = config.getRawConfig().email;
    if (!emailConfig) {
        logger.warn(
--- a/server/emails/sendEmail.ts
+++ b/server/emails/sendEmail.ts
@@ -2,7 +2,6 @@ import { render } from "@react-email/render";
 import { ReactElement } from "react";
 import emailClient from "@server/emails";
 import logger from "@server/logger";
-import config from "@server/lib/config";

 export async function sendEmail(
    template: ReactElement,
@@ -25,7 +24,7 @@ export async function sendEmail(

    const emailHtml = await render(template);

-    const appName = config.getRawPrivateConfig().branding?.app_name || "Pangolin";
+    const appName = process.env.BRANDING_APP_NAME || "Pangolin"; // From the private config loading into env vars to seperate away the private config

    await emailClient.sendMail({
        from: {
--- a/server/emails/templates/PrivateNotifyUsageLimitApproaching.tsx
+++ b/server/emails/templates/PrivateNotifyUsageLimitApproaching.tsx
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import React from "react";
 import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
--- a/server/emails/templates/PrivateNotifyUsageLimitReached.tsx
+++ b/server/emails/templates/PrivateNotifyUsageLimitReached.tsx
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import React from "react";
 import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
--- a/server/emails/templates/SupportEmail.tsx
+++ b/server/emails/templates/SupportEmail.tsx
@@ -0,0 +1,56 @@
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
+import { themeColors } from "./lib/theme";
+import {
+    EmailContainer,
+    EmailGreeting,
+    EmailLetterHead,
+    EmailText
+} from "./components/Email";
+
+interface SupportEmailProps {
+    email: string;
+    username: string;
+    subject: string;
+    body: string;
+}
+
+export const SupportEmail = ({
+    username,
+    email,
+    body,
+    subject
+}: SupportEmailProps) => {
+    const previewText = subject;
+
+    return (
+        <Html>
+            <Head />
+            <Preview>{previewText}</Preview>
+            <Tailwind config={themeColors}>
+                <Body className="font-sans bg-gray-50">
+                    <EmailContainer>
+                        <EmailLetterHead />
+
+                        <EmailGreeting>Hi support,</EmailGreeting>
+
+                        <EmailText>
+                            You have received a new support request from{" "}
+                            <strong>{username}</strong> ({email}).
+                        </EmailText>
+
+                        <EmailText>
+                            <strong>Subject:</strong> {subject}
+                        </EmailText>
+
+                        <EmailText>
+                            <strong>Message:</strong> {body}
+                        </EmailText>
+                    </EmailContainer>
+                </Body>
+            </Tailwind>
+        </Html>
+    );
+};
+
+export default SupportEmail;
--- a/server/emails/templates/WelcomeQuickStart.tsx
+++ b/server/emails/templates/WelcomeQuickStart.tsx
@@ -88,7 +88,7 @@ export const WelcomeQuickStart = ({
                                    To learn how to use Newt, including more
                                    installation methods, visit the{" "}
                                    <a
-                                        href="https://docs.digpangolin.com/manage/sites/install-site"
+                                        href="https://docs.pangolin.net/manage/sites/install-site"
                                        className="underline"
                                    >
                                        docs
--- a/server/emails/templates/components/Email.tsx
+++ b/server/emails/templates/components/Email.tsx
@@ -89,7 +89,7 @@ export function EmailFooter({ children }: { children: React.ReactNode }) {
                    <p className="text-xs text-gray-400 mt-4">
                        For any questions or support, please contact us at:
                        <br />
-                        support@fossorial.io
+                        support@pangolin.net
                    </p>
                    <p className="text-xs text-gray-300 text-center mt-4">
                        &copy; {new Date().getFullYear()} Fossorial, Inc. All
--- a/server/hybridServer.ts
+++ b/server/hybridServer.ts
@@ -1,151 +0,0 @@
-import logger from "@server/logger";
-import config from "@server/lib/config";
-import { createWebSocketClient } from "./routers/ws/client";
-import { addPeer, deletePeer } from "./routers/gerbil/peers";
-import { db, exitNodes } from "./db";
-import { TraefikConfigManager } from "./lib/traefik/TraefikConfigManager";
-import { tokenManager } from "./lib/tokenManager";
-import { APP_VERSION } from "./lib/consts";
-import axios from "axios";
-
-export async function createHybridClientServer() {
-    logger.info("Starting hybrid client server...");
-
-    // Start the token manager
-    await tokenManager.start();
-
-    const token = await tokenManager.getToken();
-
-    const monitor = new TraefikConfigManager();
-
-    await monitor.start();
-
-    // Create client
-    const client = createWebSocketClient(
-        token,
-        config.getRawConfig().managed!.endpoint!,
-        {
-            reconnectInterval: 5000,
-            pingInterval: 30000,
-            pingTimeout: 10000
-        }
-    );
-
-    // Register message handlers
-    client.registerHandler("remoteExitNode/peers/add", async (message) => {
-        const { publicKey, allowedIps } = message.data;
-
-        // TODO: we are getting the exit node twice here
-        // NOTE: there should only be one gerbil registered so...
-        const [exitNode] = await db.select().from(exitNodes).limit(1);
-        await addPeer(exitNode.exitNodeId, {
-            publicKey: publicKey,
-            allowedIps: allowedIps || []
-        });
-    });
-
-    client.registerHandler("remoteExitNode/peers/remove", async (message) => {
-        const { publicKey } = message.data;
-
-        // TODO: we are getting the exit node twice here
-        // NOTE: there should only be one gerbil registered so...
-        const [exitNode] = await db.select().from(exitNodes).limit(1);
-        await deletePeer(exitNode.exitNodeId, publicKey);
-    });
-
-    // /update-proxy-mapping
-    client.registerHandler("remoteExitNode/update-proxy-mapping", async (message) => {
-        try {
-            const [exitNode] = await db.select().from(exitNodes).limit(1);
-            if (!exitNode) {
-                logger.error("No exit node found for proxy mapping update");
-                return;
-            }
-
-            const response = await axios.post(`${exitNode.endpoint}/update-proxy-mapping`, message.data);
-            logger.info(`Successfully updated proxy mapping: ${response.status}`);
-        } catch (error) {
-            // pull data out of the axios error to log
-            if (axios.isAxiosError(error)) {
-                logger.error("Error updating proxy mapping:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error updating proxy mapping:", error);
-            }
-        }
-    });
-
-    // /update-destinations
-    client.registerHandler("remoteExitNode/update-destinations", async (message) => {
-        try {
-            const [exitNode] = await db.select().from(exitNodes).limit(1);
-            if (!exitNode) {
-                logger.error("No exit node found for destinations update");
-                return;
-            }
-
-            const response = await axios.post(`${exitNode.endpoint}/update-destinations`, message.data);
-            logger.info(`Successfully updated destinations: ${response.status}`);
-        } catch (error) {
-            // pull data out of the axios error to log
-            if (axios.isAxiosError(error)) {
-                logger.error("Error updating destinations:", {
-                    message: error.message,
-                    code: error.code,
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    url: error.config?.url,
-                    method: error.config?.method
-                });
-            } else {
-                logger.error("Error updating destinations:", error);
-            }
-        }
-    });
-
-    client.registerHandler("remoteExitNode/traefik/reload", async (message) => {
-        await monitor.HandleTraefikConfig();
-    });
-
-    // Listen to connection events
-    client.on("connect", () => {
-        logger.info("Connected to WebSocket server");
-        client.sendMessage("remoteExitNode/register", {
-            remoteExitNodeVersion: APP_VERSION
-        });
-    });
-
-    client.on("disconnect", () => {
-        logger.info("Disconnected from WebSocket server");
-    });
-
-    client.on("message", (message) => {
-        logger.info(
-            `Received message: ${message.type} ${JSON.stringify(message.data)}`
-        );
-    });
-
-    // Connect to the server
-    try {
-        await client.connect();
-        logger.info("Connection initiated");
-    } catch (error) {
-        logger.error("Failed to connect:", error);
-    }
-
-    // Store the ping interval stop function for cleanup if needed
-    const stopPingInterval = client.sendMessageInterval(
-        "remoteExitNode/ping",
-        { timestamp: Date.now() / 1000 },
-        60000
-    ); // send every minute
-
-    // Return client and cleanup function for potential use
-    return { client, stopPingInterval };
-}
--- a/server/index.ts
+++ b/server/index.ts
@@ -5,36 +5,48 @@ import { runSetupFunctions } from "./setup";
 import { createApiServer } from "./apiServer";
 import { createNextServer } from "./nextServer";
 import { createInternalServer } from "./internalServer";
-import { ApiKey, ApiKeyOrg, RemoteExitNode, Session, User, UserOrg } from "@server/db";
 import { createIntegrationApiServer } from "./integrationApiServer";
-import { createHybridClientServer } from "./hybridServer";
+import {
+    ApiKey,
+    ApiKeyOrg,
+    RemoteExitNode,
+    Session,
+    User,
+    UserOrg
+} from "@server/db";
 import config from "@server/lib/config";
 import { setHostMeta } from "@server/lib/hostMeta";
-import { initTelemetryClient } from "./lib/telemetry.js";
-import { TraefikConfigManager } from "./lib/traefik/TraefikConfigManager.js";
+import { initTelemetryClient } from "@server/lib/telemetry";
+import { TraefikConfigManager } from "@server/lib/traefik/TraefikConfigManager";
+import { initCleanup } from "#dynamic/cleanup";
+import license from "#dynamic/license/license";
+import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
+import { fetchServerIp } from "@server/lib/serverIpService";

 async function startServers() {
    await setHostMeta();

    await config.initServer();
+
+    license.setServerSecret(config.getRawConfig().server.secret!);
+    await license.check();
+
    await runSetupFunctions();

+    await fetchServerIp();
+
    initTelemetryClient();

+    initLogCleanupInterval();
+
    // Start all servers
    const apiServer = createApiServer();
    const internalServer = createInternalServer();

-    let hybridClientServer;
-    let nextServer;
-    if (config.isManagedMode()) {
-        hybridClientServer = await createHybridClientServer();
-    } else {
-        nextServer = await createNextServer();
-        if (config.getRawConfig().traefik.file_mode) {
-            const monitor = new TraefikConfigManager();
-            await monitor.start();
-        }
+    const nextServer = await createNextServer();
+    if (config.getRawConfig().traefik.file_mode) {
+        const monitor = new TraefikConfigManager();
+        await monitor.start();
    }

    let integrationServer;
@@ -42,12 +54,13 @@ async function startServers() {
        integrationServer = createIntegrationApiServer();
    }

+    await initCleanup();
+
    return {
        apiServer,
        nextServer,
        internalServer,
-        integrationServer,
-        hybridClientServer
+        integrationServer
    };
 }

--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -7,7 +7,7 @@ import {
    errorHandlerMiddleware,
    notFoundMiddleware,
 } from "@server/middlewares";
-import { authenticated, unauthenticated } from "@server/routers/integration";
+import { authenticated, unauthenticated } from "#dynamic/routers/integration";
 import { logIncomingMiddleware } from "./middlewares/logIncoming";
 import helmet from "helmet";
 import swaggerUi from "swagger-ui-express";
--- a/server/internalServer.ts
+++ b/server/internalServer.ts
@@ -8,7 +8,7 @@ import {
    errorHandlerMiddleware,
    notFoundMiddleware
 } from "@server/middlewares";
-import internal from "@server/routers/internal";
+import { internalRouter } from "#dynamic/routers/internal";
 import { stripDuplicateSesions } from "./middlewares/stripDuplicateSessions";

 const internalPort = config.getRawConfig().server.internal_port;
@@ -23,7 +23,7 @@ export function createInternalServer() {
    internalServer.use(express.json());

    const prefix = `/api/v1`;
-    internalServer.use(prefix, internal);
+    internalServer.use(prefix, internalRouter);

    internalServer.use(notFoundMiddleware);
    internalServer.use(errorHandlerMiddleware);
--- a/server/lib/billing/createCustomer.ts
+++ b/server/lib/billing/createCustomer.ts
@@ -0,0 +1,6 @@
+export async function createCustomer(
+    orgId: string,
+    email: string | null | undefined
+): Promise<string | undefined> {
+    return;
+}
--- a/server/lib/private/billing/features.ts
+++ b/server/lib/private/billing/features.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import Stripe from "stripe";

 export enum FeatureId {
--- a/server/lib/billing/getOrgTierData.ts
+++ b/server/lib/billing/getOrgTierData.ts
@@ -0,0 +1,8 @@
+export async function getOrgTierData(
+    orgId: string
+): Promise<{ tier: string | null; active: boolean }> {
+    const tier = null;
+    const active = false;
+
+    return { tier, active };
+}
--- a/server/lib/billing/index.ts
+++ b/server/lib/billing/index.ts
@@ -0,0 +1,5 @@
+export * from "./limitSet";
+export * from "./features";
+export * from "./limitsService";
+export * from "./getOrgTierData";
+export * from "./createCustomer";
--- a/server/lib/private/billing/limitSet.ts
+++ b/server/lib/private/billing/limitSet.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import { FeatureId } from "./features";

 export type LimitSet = {
--- a/server/lib/private/billing/limitsService.ts
+++ b/server/lib/private/billing/limitsService.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import { db, limits } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import { LimitSet } from "./limitSet";
--- a/server/lib/private/billing/tiers.ts
+++ b/server/lib/private/billing/tiers.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 export enum TierId {
    STANDARD = "standard",
 }
--- a/server/lib/private/billing/usageService.ts
+++ b/server/lib/private/billing/usageService.ts
@@ -1,21 +1,6 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import { eq, sql, and } from "drizzle-orm";
-import NodeCache from "node-cache";
 import { v4 as uuidv4 } from "uuid";
 import { PutObjectCommand } from "@aws-sdk/client-s3";
-import { s3Client } from "../s3";
 import * as fs from "fs/promises";
 import * as path from "path";
 import {
@@ -30,10 +15,11 @@ import {
    Transaction
 } from "@server/db";
 import { FeatureId, getFeatureMeterId } from "./features";
-import config from "@server/lib/config";
 import logger from "@server/logger";
-import { sendToClient } from "@server/routers/ws";
+import { sendToClient } from "#dynamic/routers/ws";
 import { build } from "@server/build";
+import { s3Client } from "@server/lib/s3";
+import cache from "@server/lib/cache"; 

 interface StripeEvent {
    identifier?: string;
@@ -45,8 +31,18 @@ interface StripeEvent {
    };
 }

+export function noop() {
+    if (
+        build !== "saas" ||
+        !process.env.S3_BUCKET ||
+        !process.env.LOCAL_FILE_PATH
+    ) {
+        return true;
+    }
+    return false;
+}
+
 export class UsageService {
-    private cache: NodeCache;
    private bucketName: string | undefined;
    private currentEventFile: string | null = null;
    private currentFileStartTime: number = 0;
@@ -54,12 +50,13 @@ export class UsageService {
    private uploadingFiles: Set<string> = new Set();

    constructor() {
-        this.cache = new NodeCache({ stdTTL: 300 }); // 5 minute TTL
-        if (build !== "saas") {
+        if (noop()) {
            return;
        }
-        this.bucketName = config.getRawPrivateConfig().stripe?.s3Bucket;
-        this.eventsDir = config.getRawPrivateConfig().stripe?.localFilePath;
+        // this.bucketName = privateConfig.getRawPrivateConfig().stripe?.s3Bucket;
+        // this.eventsDir = privateConfig.getRawPrivateConfig().stripe?.localFilePath;
+        this.bucketName = process.env.S3_BUCKET || undefined;
+        this.eventsDir = process.env.LOCAL_FILE_PATH || undefined;

        // Ensure events directory exists
        this.initializeEventsDirectory().then(() => {
@@ -83,7 +80,9 @@ export class UsageService {

    private async initializeEventsDirectory(): Promise<void> {
        if (!this.eventsDir) {
-            logger.warn("Stripe local file path is not configured, skipping events directory initialization.");
+            logger.warn(
+                "Stripe local file path is not configured, skipping events directory initialization."
+            );
            return;
        }
        try {
@@ -95,7 +94,9 @@ export class UsageService {

    private async uploadPendingEventFilesOnStartup(): Promise<void> {
        if (!this.eventsDir || !this.bucketName) {
-            logger.warn("Stripe local file path or bucket name is not configured, skipping leftover event file upload.");
+            logger.warn(
+                "Stripe local file path or bucket name is not configured, skipping leftover event file upload."
+            );
            return;
        }
        try {
@@ -118,15 +119,17 @@ export class UsageService {
                                ContentType: "application/json"
                            });
                            await s3Client.send(uploadCommand);
-                            
+
                            // Check if file still exists before unlinking
                            try {
                                await fs.access(filePath);
                                await fs.unlink(filePath);
                            } catch (unlinkError) {
-                                logger.debug(`Startup file ${file} was already deleted`);
+                                logger.debug(
+                                    `Startup file ${file} was already deleted`
+                                );
                            }
-                            
+
                            logger.info(
                                `Uploaded leftover event file ${file} to S3 with ${events.length} events`
                            );
@@ -136,7 +139,9 @@ export class UsageService {
                                await fs.access(filePath);
                                await fs.unlink(filePath);
                            } catch (unlinkError) {
-                                logger.debug(`Empty startup file ${file} was already deleted`);
+                                logger.debug(
+                                    `Empty startup file ${file} was already deleted`
+                                );
                            }
                        }
                    } catch (err) {
@@ -147,8 +152,8 @@ export class UsageService {
                    }
                }
            }
-        } catch (err) {
-            logger.error("Failed to scan for leftover event files:", err);
+        } catch (error) {
+            logger.error("Failed to scan for leftover event files");
        }
    }

@@ -158,17 +163,17 @@ export class UsageService {
        value: number,
        transaction: any = null
    ): Promise<Usage | null> {
-        if (build !== "saas") {
+        if (noop()) {
            return null;
        }
-        
+
        // Truncate value to 11 decimal places
        value = this.truncateValue(value);
-        
+
        // Implement retry logic for deadlock handling
        const maxRetries = 3;
        let attempt = 0;
-        
+
        while (attempt <= maxRetries) {
            try {
                // Get subscription data for this org (with caching)
@@ -191,7 +196,12 @@ export class UsageService {
                    );
                } else {
                    await db.transaction(async (trx) => {
-                        usage = await this.internalAddUsage(orgId, featureId, value, trx);
+                        usage = await this.internalAddUsage(
+                            orgId,
+                            featureId,
+                            value,
+                            trx
+                        );
                    });
                }

@@ -201,25 +211,26 @@ export class UsageService {
                return usage || null;
            } catch (error: any) {
                // Check if this is a deadlock error
-                const isDeadlock = error?.code === '40P01' || 
-                                 error?.cause?.code === '40P01' ||
-                                 (error?.message && error.message.includes('deadlock'));
-                
+                const isDeadlock =
+                    error?.code === "40P01" ||
+                    error?.cause?.code === "40P01" ||
+                    (error?.message && error.message.includes("deadlock"));
+
                if (isDeadlock && attempt < maxRetries) {
                    attempt++;
                    // Exponential backoff with jitter: 50-150ms, 100-300ms, 200-600ms
                    const baseDelay = Math.pow(2, attempt - 1) * 50;
                    const jitter = Math.random() * baseDelay;
                    const delay = baseDelay + jitter;
-                    
+
                    logger.warn(
                        `Deadlock detected for ${orgId}/${featureId}, retrying attempt ${attempt}/${maxRetries} after ${delay.toFixed(0)}ms`
                    );
-                    
-                    await new Promise(resolve => setTimeout(resolve, delay));
+
+                    await new Promise((resolve) => setTimeout(resolve, delay));
                    continue;
                }
-                
+
                logger.error(
                    `Failed to add usage for ${orgId}/${featureId} after ${attempt} attempts:`,
                    error
@@ -239,10 +250,10 @@ export class UsageService {
    ): Promise<Usage> {
        // Truncate value to 11 decimal places
        value = this.truncateValue(value);
-        
+
        const usageId = `${orgId}-${featureId}`;
        const meterId = getFeatureMeterId(featureId);
-        
+
        // Use upsert: insert if not exists, otherwise increment
        const [returnUsage] = await trx
            .insert(usage)
@@ -259,7 +270,8 @@ export class UsageService {
                set: {
                    latestValue: sql`${usage.latestValue} + ${value}`
                }
-            }).returning();
+            })
+            .returning();

        return returnUsage;
    }
@@ -280,7 +292,7 @@ export class UsageService {
        value?: number,
        customerId?: string
    ): Promise<void> {
-        if (build !== "saas") {
+        if (noop()) {
            return;
        }
        try {
@@ -351,7 +363,7 @@ export class UsageService {
                            .set({
                                latestValue: newRunningTotal,
                                instantaneousValue: value,
-                                updatedAt: Math.floor(Date.now() / 1000) 
+                                updatedAt: Math.floor(Date.now() / 1000)
                            })
                            .where(eq(usage.usageId, usageId));
                    }
@@ -366,7 +378,7 @@ export class UsageService {
                        meterId,
                        instantaneousValue: truncatedValue,
                        latestValue: truncatedValue,
-                        updatedAt: Math.floor(Date.now() / 1000) 
+                        updatedAt: Math.floor(Date.now() / 1000)
                    });
                }
            });
@@ -385,7 +397,7 @@ export class UsageService {
        featureId: FeatureId
    ): Promise<string | null> {
        const cacheKey = `customer_${orgId}_${featureId}`;
-        const cached = this.cache.get<string>(cacheKey);
+        const cached = cache.get<string>(cacheKey);

        if (cached) {
            return cached;
@@ -408,7 +420,7 @@ export class UsageService {
            const customerId = customer.customerId;

            // Cache the result
-            this.cache.set(cacheKey, customerId);
+            cache.set(cacheKey, customerId, 300); // 5 minute TTL

            return customerId;
        } catch (error) {
@@ -427,7 +439,7 @@ export class UsageService {
    ): Promise<void> {
        // Truncate value to 11 decimal places before sending to Stripe
        const truncatedValue = this.truncateValue(value);
-        
+
        const event: StripeEvent = {
            identifier: uuidv4(),
            timestamp: Math.floor(new Date().getTime() / 1000),
@@ -444,7 +456,9 @@ export class UsageService {

    private async writeEventToFile(event: StripeEvent): Promise<void> {
        if (!this.eventsDir || !this.bucketName) {
-            logger.warn("Stripe local file path or bucket name is not configured, skipping event file write.");
+            logger.warn(
+                "Stripe local file path or bucket name is not configured, skipping event file write."
+            );
            return;
        }
        if (!this.currentEventFile) {
@@ -493,7 +507,9 @@ export class UsageService {

    private async uploadFileToS3(): Promise<void> {
        if (!this.bucketName || !this.eventsDir) {
-            logger.warn("Stripe local file path or bucket name is not configured, skipping S3 upload.");
+            logger.warn(
+                "Stripe local file path or bucket name is not configured, skipping S3 upload."
+            );
            return;
        }
        if (!this.currentEventFile) {
@@ -505,7 +521,9 @@ export class UsageService {

        // Check if this file is already being uploaded
        if (this.uploadingFiles.has(fileName)) {
-            logger.debug(`File ${fileName} is already being uploaded, skipping`);
+            logger.debug(
+                `File ${fileName} is already being uploaded, skipping`
+            );
            return;
        }

@@ -517,7 +535,9 @@ export class UsageService {
            try {
                await fs.access(filePath);
            } catch (error) {
-                logger.debug(`File ${fileName} does not exist, may have been already processed`);
+                logger.debug(
+                    `File ${fileName} does not exist, may have been already processed`
+                );
                this.uploadingFiles.delete(fileName);
                // Reset current file if it was this file
                if (this.currentEventFile === fileName) {
@@ -537,7 +557,9 @@ export class UsageService {
                    await fs.unlink(filePath);
                } catch (unlinkError) {
                    // File may have been already deleted
-                    logger.debug(`File ${fileName} was already deleted during cleanup`);
+                    logger.debug(
+                        `File ${fileName} was already deleted during cleanup`
+                    );
                }
                this.currentEventFile = null;
                this.uploadingFiles.delete(fileName);
@@ -560,7 +582,9 @@ export class UsageService {
                await fs.unlink(filePath);
            } catch (unlinkError) {
                // File may have been already deleted by another process
-                logger.debug(`File ${fileName} was already deleted during upload`);
+                logger.debug(
+                    `File ${fileName} was already deleted during upload`
+                );
            }

            logger.info(
@@ -571,10 +595,7 @@ export class UsageService {
            this.currentEventFile = null;
            this.currentFileStartTime = 0;
        } catch (error) {
-            logger.error(
-                `Failed to upload ${fileName} to S3:`,
-                error
-            );
+            logger.error(`Failed to upload ${fileName} to S3:`, error);
        } finally {
            // Always remove from uploading set
            this.uploadingFiles.delete(fileName);
@@ -589,16 +610,17 @@ export class UsageService {

    public async getUsage(
        orgId: string,
-        featureId: FeatureId
+        featureId: FeatureId,
+        trx: Transaction | typeof db = db
    ): Promise<Usage | null> {
-        if (build !== "saas") {
+        if (noop()) {
            return null;
        }

        const usageId = `${orgId}-${featureId}`;

        try {
-            const [result] = await db
+            const [result] = await trx
                .select()
                .from(usage)
                .where(eq(usage.usageId, usageId))
@@ -610,9 +632,9 @@ export class UsageService {
                    `Creating new usage record for ${orgId}/${featureId}`
                );
                const meterId = getFeatureMeterId(featureId);
-                
+
                try {
-                    const [newUsage] = await db
+                    const [newUsage] = await trx
                        .insert(usage)
                        .values({
                            usageId,
@@ -629,7 +651,7 @@ export class UsageService {
                        return newUsage;
                    } else {
                        // Record was created by another process, fetch it
-                        const [existingUsage] = await db
+                        const [existingUsage] = await trx
                            .select()
                            .from(usage)
                            .where(eq(usage.usageId, usageId))
@@ -642,7 +664,7 @@ export class UsageService {
                        `Insert failed for ${orgId}/${featureId}, attempting to fetch existing record:`,
                        insertError
                    );
-                    const [existingUsage] = await db
+                    const [existingUsage] = await trx
                        .select()
                        .from(usage)
                        .where(eq(usage.usageId, usageId))
@@ -665,7 +687,7 @@ export class UsageService {
        orgId: string,
        featureId: FeatureId
    ): Promise<Usage | null> {
-        if (build !== "saas") {
+        if (noop()) {
            return null;
        }
        await this.updateDaily(orgId, featureId); // Ensure daily usage is updated
@@ -676,16 +698,14 @@ export class UsageService {
        await this.uploadFileToS3();
    }

-    public clearCache(): void {
-        this.cache.flushAll();
-    }
-
    /**
     * Scan the events directory for files older than 1 minute and upload them if not empty.
     */
    private async uploadOldEventFiles(): Promise<void> {
        if (!this.eventsDir || !this.bucketName) {
-            logger.warn("Stripe local file path or bucket name is not configured, skipping old event file upload.");
+            logger.warn(
+                "Stripe local file path or bucket name is not configured, skipping old event file upload."
+            );
            return;
        }
        try {
@@ -693,15 +713,17 @@ export class UsageService {
            const now = Date.now();
            for (const file of files) {
                if (!file.endsWith(".json")) continue;
-                
+
                // Skip files that are already being uploaded
                if (this.uploadingFiles.has(file)) {
-                    logger.debug(`Skipping file ${file} as it's already being uploaded`);
+                    logger.debug(
+                        `Skipping file ${file} as it's already being uploaded`
+                    );
                    continue;
                }

                const filePath = path.join(this.eventsDir, file);
-                
+
                try {
                    // Check if file still exists before processing
                    try {
@@ -716,7 +738,7 @@ export class UsageService {
                    if (age >= 90000) {
                        // 1.5 minutes - Mark as being uploaded
                        this.uploadingFiles.add(file);
-                        
+
                        try {
                            const fileContent = await fs.readFile(
                                filePath,
@@ -732,15 +754,17 @@ export class UsageService {
                                    ContentType: "application/json"
                                });
                                await s3Client.send(uploadCommand);
-                                
+
                                // Check if file still exists before unlinking
                                try {
                                    await fs.access(filePath);
                                    await fs.unlink(filePath);
                                } catch (unlinkError) {
-                                    logger.debug(`File ${file} was already deleted during interval upload`);
+                                    logger.debug(
+                                        `File ${file} was already deleted during interval upload`
+                                    );
                                }
-                                
+
                                logger.info(
                                    `Interval: Uploaded event file ${file} to S3 with ${events.length} events`
                                );
@@ -755,7 +779,9 @@ export class UsageService {
                                    await fs.access(filePath);
                                    await fs.unlink(filePath);
                                } catch (unlinkError) {
-                                    logger.debug(`Empty file ${file} was already deleted`);
+                                    logger.debug(
+                                        `Empty file ${file} was already deleted`
+                                    );
                                }
                            }
                        } finally {
@@ -777,19 +803,25 @@ export class UsageService {
        }
    }

-    public async checkLimitSet(orgId: string, kickSites = false, featureId?: FeatureId, usage?: Usage): Promise<boolean> {
-        if (build !== "saas") {
+    public async checkLimitSet(
+        orgId: string,
+        kickSites = false,
+        featureId?: FeatureId,
+        usage?: Usage,
+        trx: Transaction | typeof db = db
+    ): Promise<boolean> {
+        if (noop()) {
            return false;
        }
        // This method should check the current usage against the limits set for the organization
-        // and kick out all of the sites on the org 
+        // and kick out all of the sites on the org
        let hasExceededLimits = false;

        try {
            let orgLimits: Limit[] = [];
            if (featureId) {
                // Get all limits set for this organization
-                orgLimits = await db
+                orgLimits = await trx
                    .select()
                    .from(limits)
                    .where(
@@ -800,7 +832,7 @@ export class UsageService {
                    );
            } else {
                // Get all limits set for this organization
-                orgLimits = await db
+                orgLimits = await trx
                    .select()
                    .from(limits)
                    .where(eq(limits.orgId, orgId));
@@ -817,16 +849,31 @@ export class UsageService {
                if (usage) {
                    currentUsage = usage;
                } else {
-                    currentUsage = await this.getUsage(orgId, limit.featureId as FeatureId);
+                    currentUsage = await this.getUsage(
+                        orgId,
+                        limit.featureId as FeatureId,
+                        trx
+                    );
                }

-                const usageValue = currentUsage?.instantaneousValue || currentUsage?.latestValue || 0;
-                logger.debug(`Current usage for org ${orgId} on feature ${limit.featureId}: ${usageValue}`);
-                logger.debug(`Limit for org ${orgId} on feature ${limit.featureId}: ${limit.value}`);
-                if (currentUsage && limit.value !== null && usageValue > limit.value) {
+                const usageValue =
+                    currentUsage?.instantaneousValue ||
+                    currentUsage?.latestValue ||
+                    0;
+                logger.debug(
+                    `Current usage for org ${orgId} on feature ${limit.featureId}: ${usageValue}`
+                );
+                logger.debug(
+                    `Limit for org ${orgId} on feature ${limit.featureId}: ${limit.value}`
+                );
+                if (
+                    currentUsage &&
+                    limit.value !== null &&
+                    usageValue > limit.value
+                ) {
                    logger.debug(
                        `Org ${orgId} has exceeded limit for ${limit.featureId}: ` +
-                        `${usageValue} > ${limit.value}`
+                            `${usageValue} > ${limit.value}`
                    );
                    hasExceededLimits = true;
                    break; // Exit early if any limit is exceeded
@@ -835,22 +882,24 @@ export class UsageService {

            // If any limits are exceeded, disconnect all sites for this organization
            if (hasExceededLimits && kickSites) {
-                logger.warn(`Disconnecting all sites for org ${orgId} due to exceeded limits`);
+                logger.warn(
+                    `Disconnecting all sites for org ${orgId} due to exceeded limits`
+                );

                // Get all sites for this organization
-                const orgSites = await db
+                const orgSites = await trx
                    .select()
                    .from(sites)
                    .where(eq(sites.orgId, orgId));

                // Mark all sites as offline and send termination messages
-                const siteUpdates = orgSites.map(site => site.siteId);
+                const siteUpdates = orgSites.map((site) => site.siteId);

                if (siteUpdates.length > 0) {
                    // Send termination messages to newt sites
                    for (const site of orgSites) {
                        if (site.type === "newt") {
-                            const [newt] = await db
+                            const [newt] = await trx
                                .select()
                                .from(newts)
                                .where(eq(newts.siteId, site.siteId))
@@ -865,17 +914,21 @@ export class UsageService {
                                };

                                // Don't await to prevent blocking
-                                sendToClient(newt.newtId, payload).catch((error: any) => {
-                                    logger.error(
-                                        `Failed to send termination message to newt ${newt.newtId}:`,
-                                        error
-                                    );
-                                });
+                                await sendToClient(newt.newtId, payload).catch(
+                                    (error: any) => {
+                                        logger.error(
+                                            `Failed to send termination message to newt ${newt.newtId}:`,
+                                            error
+                                        );
+                                    }
+                                );
                            }
                        }
                    }

-                    logger.info(`Disconnected ${orgSites.length} sites for org ${orgId} due to exceeded limits`);
+                    logger.info(
+                        `Disconnected ${orgSites.length} sites for org ${orgId} due to exceeded limits`
+                    );
                }
            }
        } catch (error) {
--- a/server/lib/blueprints/applyBlueprint.ts
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -1,22 +1,35 @@
-import { db, newts, Target } from "@server/db";
+import { db, newts, blueprints, Blueprint } from "@server/db";
 import { Config, ConfigSchema } from "./types";
 import { ProxyResourcesResults, updateProxyResources } from "./proxyResources";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
-import { resources, targets, sites } from "@server/db";
-import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
+import { sites } from "@server/db";
+import { eq, and, isNotNull } from "drizzle-orm";
 import { addTargets as addProxyTargets } from "@server/routers/newt/targets";
 import { addTargets as addClientTargets } from "@server/routers/client/targets";
 import {
    ClientResourcesResults,
    updateClientResources
 } from "./clientResources";
+import { BlueprintSource } from "@server/routers/blueprints/types";
+import { stringify as stringifyYaml } from "yaml";
+import { faker } from "@faker-js/faker";

-export async function applyBlueprint(
-    orgId: string,
-    configData: unknown,
-    siteId?: number
-): Promise<void> {
+type ApplyBlueprintArgs = {
+    orgId: string;
+    configData: unknown;
+    name?: string;
+    siteId?: number;
+    source?: BlueprintSource;
+};
+
+export async function applyBlueprint({
+    orgId,
+    configData,
+    siteId,
+    name,
+    source = "API"
+}: ApplyBlueprintArgs): Promise<Blueprint> {
    // Validate the input data
    const validationResult = ConfigSchema.safeParse(configData);
    if (!validationResult.success) {
@@ -24,6 +37,9 @@ export async function applyBlueprint(
    }

    const config: Config = validationResult.data;
+    let blueprintSucceeded: boolean = false;
+    let blueprintMessage: string;
+    let error: any | null = null;

    try {
        let proxyResourcesResults: ProxyResourcesResults = [];
@@ -120,10 +136,42 @@ export async function applyBlueprint(
                );
            }
        }
-    } catch (error) {
-        logger.error(`Failed to update database from config: ${error}`);
-        throw error;
+
+        blueprintSucceeded = true;
+        blueprintMessage = "Blueprint applied successfully";
+    } catch (err) {
+        blueprintSucceeded = false;
+        blueprintMessage = `Blueprint applied with errors: ${err}`;
+        logger.error(blueprintMessage);
+        error = err;
    }
+
+    let blueprint: Blueprint | null = null;
+    await db.transaction(async (trx) => {
+        const newBlueprint = await trx
+            .insert(blueprints)
+            .values({
+                orgId,
+                name:
+                    name ??
+                    `${faker.word.adjective()} ${faker.word.adjective()} ${faker.word.noun()}`,
+                contents: stringifyYaml(configData),
+                createdAt: Math.floor(Date.now() / 1000),
+                succeeded: blueprintSucceeded,
+                message: blueprintMessage,
+                source
+            })
+            .returning();
+
+        blueprint = newBlueprint[0];
+    });
+
+    if (!blueprint || (source !== "UI" && !blueprintSucceeded)) {
+        //             ^^^^^^^^^^^^^^^ The UI considers a failed blueprint as a valid response
+        throw error ?? "Unknown Server Error";
+    }
+
+    return blueprint;
 }

 // await updateDatabaseFromConfig("org_i21aifypnlyxur2", {
@@ -139,8 +187,8 @@ export async function applyBlueprint(
 //                 password: "sadfasdfadsf",
 //                 "sso-enabled": true,
 //                 "sso-roles": ["Member"],
-//                 "sso-users": ["owen@fossorial.io"],
-//                 "whitelist-users": ["owen@fossorial.io"]
+//                 "sso-users": ["owen@pangolin.net"],
+//                 "whitelist-users": ["owen@pangolin.net"]
 //             },
 //             targets: [
 //                 {
--- a/server/lib/blueprints/applyNewtDockerBlueprint.ts
+++ b/server/lib/blueprints/applyNewtDockerBlueprint.ts
@@ -1,4 +1,4 @@
-import { sendToClient } from "@server/routers/ws";
+import { sendToClient } from "#dynamic/routers/ws";
 import { processContainerLabels } from "./parseDockerContainers";
 import { applyBlueprint } from "./applyBlueprint";
 import { db, sites } from "@server/db";
@@ -29,15 +29,29 @@ export async function applyNewtDockerBlueprint(

        logger.debug(`Received Docker blueprint: ${JSON.stringify(blueprint)}`);

+        // make sure this is not an empty object
+        if (isEmptyObject(blueprint)) {
+            return;
+        }
+
+        if (isEmptyObject(blueprint["proxy-resources"]) && isEmptyObject(blueprint["client-resources"])) {
+            return;
+        }
+
        // Update the blueprint in the database
-        await applyBlueprint(site.orgId, blueprint, site.siteId);
+        await applyBlueprint({
+            orgId: site.orgId,
+            configData: blueprint,
+            siteId: site.siteId,
+            source: "NEWT"
+        });
    } catch (error) {
        logger.error(`Failed to update database from config: ${error}`);
        await sendToClient(newtId, {
            type: "newt/blueprint/results",
            data: {
                success: false,
-                message: `Failed to update database from config: ${error}`
+                message: `Failed to apply blueprint from config: ${error}`
            }
        });
        return;
@@ -51,3 +65,10 @@ export async function applyNewtDockerBlueprint(
        }
    });
 }
+
+function isEmptyObject(obj: any) {
+    if (obj === null || obj === undefined) {
+        return true;
+    }
+    return Object.keys(obj).length === 0 && obj.constructor === Object;
+}
--- a/server/lib/blueprints/parseDotNotation.ts
+++ b/server/lib/blueprints/parseDotNotation.ts
@@ -87,8 +87,8 @@ export function convertValue(value: string): any {
 //     "resources.resource-nice-id.auth.password": "sadfasdfadsf",
 //     "resources.resource-nice-id.auth.sso-enabled": "true",
 //     "resources.resource-nice-id.auth.sso-roles[0]": "Member",
-//     "resources.resource-nice-id.auth.sso-users[0]": "owen@fossorial.io",
-//     "resources.resource-nice-id.auth.whitelist-users[0]": "owen@fossorial.io",
+//     "resources.resource-nice-id.auth.sso-users[0]": "owen@pangolin.net",
+//     "resources.resource-nice-id.auth.whitelist-users[0]": "owen@pangolin.net",
 //     "resources.resource-nice-id.targets[0].hostname": "localhost",
 //     "resources.resource-nice-id.targets[0].method": "http",
 //     "resources.resource-nice-id.targets[0].port": "8000",
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -2,6 +2,7 @@ import {
    domains,
    orgDomains,
    Resource,
+    resourceHeaderAuth,
    resourcePincode,
    resourceRules,
    resourceWhitelist,
@@ -24,7 +25,7 @@ import {
    TargetData
 } from "./types";
 import logger from "@server/logger";
-import { createCertificate } from "@server/routers/private/certificates/createCertificate";
+import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
 import { pickPort } from "@server/routers/target/helpers";
 import { resourcePassword } from "@server/db";
 import { hashPassword } from "@server/auth/password";
@@ -113,8 +114,14 @@ export async function updateProxyResources(
                    internalPort: internalPortToCreate,
                    path: targetData.path,
                    pathMatchType: targetData["path-match"],
-                    rewritePath: targetData.rewritePath,
-                    rewritePathType: targetData["rewrite-match"]
+                    rewritePath:
+                        targetData.rewritePath ||
+                        targetData["rewrite-path"] ||
+                        (targetData["rewrite-match"] === "stripPrefix"
+                            ? "/"
+                            : undefined),
+                    rewritePathType: targetData["rewrite-match"],
+                    priority: targetData.priority
                })
                .returning();

@@ -122,7 +129,9 @@ export async function updateProxyResources(

            const healthcheckData = targetData.healthcheck;

-            const hcHeaders = healthcheckData?.headers ? JSON.stringify(healthcheckData.headers) : null;
+            const hcHeaders = healthcheckData?.headers
+                ? JSON.stringify(healthcheckData.headers)
+                : null;

            const [newHealthcheck] = await trx
                .insert(targetHealthCheck)
@@ -135,10 +144,14 @@ export async function updateProxyResources(
                    hcHostname: healthcheckData?.hostname,
                    hcPort: healthcheckData?.port,
                    hcInterval: healthcheckData?.interval,
-                    hcUnhealthyInterval: healthcheckData?.unhealthyInterval,
+                    hcUnhealthyInterval:
+                        healthcheckData?.unhealthyInterval ||
+                        healthcheckData?.["unhealthy-interval"],
                    hcTimeout: healthcheckData?.timeout,
                    hcHeaders: hcHeaders,
-                    hcFollowRedirects: healthcheckData?.followRedirects,
+                    hcFollowRedirects:
+                        healthcheckData?.followRedirects ||
+                        healthcheckData?.["follow-redirects"],
                    hcMethod: healthcheckData?.method,
                    hcStatus: healthcheckData?.status,
                    hcHealth: "unknown"
@@ -263,6 +276,32 @@ export async function updateProxyResources(
                    });
                }

+                await trx
+                    .delete(resourceHeaderAuth)
+                    .where(
+                        eq(
+                            resourceHeaderAuth.resourceId,
+                            existingResource.resourceId
+                        )
+                    );
+                if (resourceData.auth?.["basic-auth"]) {
+                    const headerAuthUser =
+                        resourceData.auth?.["basic-auth"]?.user;
+                    const headerAuthPassword =
+                        resourceData.auth?.["basic-auth"]?.password;
+                    if (headerAuthUser && headerAuthPassword) {
+                        const headerAuthHash = await hashPassword(
+                            Buffer.from(
+                                `${headerAuthUser}:${headerAuthPassword}`
+                            ).toString("base64")
+                        );
+                        await trx.insert(resourceHeaderAuth).values({
+                            resourceId: existingResource.resourceId,
+                            headerAuthHash
+                        });
+                    }
+                }
+
                if (resourceData.auth?.["sso-roles"]) {
                    const ssoRoles = resourceData.auth?.["sso-roles"];
                    await syncRoleResources(
@@ -362,8 +401,14 @@ export async function updateProxyResources(
                            enabled: targetData.enabled,
                            path: targetData.path,
                            pathMatchType: targetData["path-match"],
-                            rewritePath: targetData.rewritePath,
-                            rewritePathType: targetData["rewrite-match"]
+                            rewritePath:
+                                targetData.rewritePath ||
+                                targetData["rewrite-path"] ||
+                                (targetData["rewrite-match"] === "stripPrefix"
+                                    ? "/"
+                                    : undefined),
+                            rewritePathType: targetData["rewrite-match"],
+                            priority: targetData.priority
                        })
                        .where(eq(targets.targetId, existingTarget.targetId))
                        .returning();
@@ -406,7 +451,9 @@ export async function updateProxyResources(
                        )
                        .limit(1);

-                    const hcHeaders = healthcheckData?.headers ? JSON.stringify(healthcheckData.headers) : null;
+                    const hcHeaders = healthcheckData?.headers
+                        ? JSON.stringify(healthcheckData.headers)
+                        : null;

                    const [newHealthcheck] = await trx
                        .update(targetHealthCheck)
@@ -419,10 +466,13 @@ export async function updateProxyResources(
                            hcPort: healthcheckData?.port,
                            hcInterval: healthcheckData?.interval,
                            hcUnhealthyInterval:
-                                healthcheckData?.unhealthyInterval,
+                                healthcheckData?.unhealthyInterval ||
+                                healthcheckData?.["unhealthy-interval"],
                            hcTimeout: healthcheckData?.timeout,
                            hcHeaders: hcHeaders,
-                            hcFollowRedirects: healthcheckData?.followRedirects,
+                            hcFollowRedirects:
+                                healthcheckData?.followRedirects ||
+                                healthcheckData?.["follow-redirects"],
                            hcMethod: healthcheckData?.method,
                            hcStatus: healthcheckData?.status
                        })
@@ -494,7 +544,7 @@ export async function updateProxyResources(
                    if (
                        existingRule.action !== getRuleAction(rule.action) ||
                        existingRule.match !== rule.match.toUpperCase() ||
-                        existingRule.value !== rule.value
+                        existingRule.value !== rule.value.toUpperCase()
                    ) {
                        validateRule(rule);
                        await trx
@@ -502,7 +552,7 @@ export async function updateProxyResources(
                            .set({
                                action: getRuleAction(rule.action),
                                match: rule.match.toUpperCase(),
-                                value: rule.value
+                                value: rule.value.toUpperCase()
                            })
                            .where(
                                eq(resourceRules.ruleId, existingRule.ruleId)
@@ -514,7 +564,7 @@ export async function updateProxyResources(
                        resourceId: existingResource.resourceId,
                        action: getRuleAction(rule.action),
                        match: rule.match.toUpperCase(),
-                        value: rule.value,
+                        value: rule.value.toUpperCase(),
                        priority: index + 1 // start priorities at 1
                    });
                }
@@ -591,6 +641,25 @@ export async function updateProxyResources(
                });
            }

+            if (resourceData.auth?.["basic-auth"]) {
+                const headerAuthUser = resourceData.auth?.["basic-auth"]?.user;
+                const headerAuthPassword =
+                    resourceData.auth?.["basic-auth"]?.password;
+
+                if (headerAuthUser && headerAuthPassword) {
+                    const headerAuthHash = await hashPassword(
+                        Buffer.from(
+                            `${headerAuthUser}:${headerAuthPassword}`
+                        ).toString("base64")
+                    );
+
+                    await trx.insert(resourceHeaderAuth).values({
+                        resourceId: newResource.resourceId,
+                        headerAuthHash
+                    });
+                }
+            }
+
            resource = newResource;

            const [adminRole] = await trx
@@ -653,7 +722,7 @@ export async function updateProxyResources(
                    resourceId: newResource.resourceId,
                    action: getRuleAction(rule.action),
                    match: rule.match.toUpperCase(),
-                    value: rule.value,
+                    value: rule.value.toUpperCase(),
                    priority: index + 1 // start priorities at 1
                });
            }
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -13,10 +13,12 @@ export const TargetHealthCheckSchema = z.object({
    scheme: z.string().optional(),
    mode: z.string().default("http"),
    interval: z.number().int().default(30),
-    unhealthyInterval: z.number().int().default(30),
+    "unhealthy-interval": z.number().int().default(30),
+    unhealthyInterval: z.number().int().optional(), // deprecated alias
    timeout: z.number().int().default(5),
    headers: z.array(z.object({ name: z.string(), value: z.string() })).nullable().optional().default(null),
-    followRedirects: z.boolean().default(true),
+    "follow-redirects": z.boolean().default(true),
+    followRedirects: z.boolean().optional(), // deprecated alias
    method: z.string().default("GET"),
    status: z.number().int().optional()
 });
@@ -32,8 +34,10 @@ export const TargetSchema = z.object({
    path: z.string().optional(),
    "path-match": z.enum(["exact", "prefix", "regex"]).optional().nullable(),
    healthcheck: TargetHealthCheckSchema.optional(),
-    rewritePath: z.string().optional(),
-    "rewrite-match": z.enum(["exact", "prefix", "regex", "stripPrefix"]).optional().nullable()
+    rewritePath: z.string().optional(), // deprecated alias
+    "rewrite-path": z.string().optional(),
+    "rewrite-match": z.enum(["exact", "prefix", "regex", "stripPrefix"]).optional().nullable(),
+    priority: z.number().int().min(1).max(1000).optional().default(100)
 });
 export type TargetData = z.infer<typeof TargetSchema>;

@@ -41,6 +45,10 @@ export const AuthSchema = z.object({
    // pincode has to have 6 digits
    pincode: z.number().min(100000).max(999999).optional(),
    password: z.string().min(1).optional(),
+    "basic-auth": z.object({
+        user: z.string().min(1),
+        password: z.string().min(1)
+    }).optional(),
    "sso-enabled": z.boolean().optional().default(false),
    "sso-roles": z
        .array(z.string())
@@ -270,24 +278,26 @@ export const ConfigSchema = z
        }
    )
    .refine(
-        // Enforce proxy-port uniqueness within proxy-resources
+        // Enforce proxy-port uniqueness within proxy-resources per protocol
        (config) => {
-            const proxyPortMap = new Map<number, string[]>();
+            const protocolPortMap = new Map<string, string[]>();

            Object.entries(config["proxy-resources"]).forEach(
                ([resourceKey, resource]) => {
                    const proxyPort = resource["proxy-port"];
-                    if (proxyPort !== undefined) {
-                        if (!proxyPortMap.has(proxyPort)) {
-                            proxyPortMap.set(proxyPort, []);
+                    const protocol = resource.protocol;
+                    if (proxyPort !== undefined && protocol !== undefined) {
+                        const key = `${protocol}:${proxyPort}`;
+                        if (!protocolPortMap.has(key)) {
+                            protocolPortMap.set(key, []);
                        }
-                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                        protocolPortMap.get(key)!.push(resourceKey);
                    }
                }
            );

            // Find duplicates
-            const duplicates = Array.from(proxyPortMap.entries()).filter(
+            const duplicates = Array.from(protocolPortMap.entries()).filter(
                ([_, resourceKeys]) => resourceKeys.length > 1
            );

@@ -295,25 +305,29 @@ export const ConfigSchema = z
        },
        (config) => {
            // Extract duplicates for error message
-            const proxyPortMap = new Map<number, string[]>();
+            const protocolPortMap = new Map<string, string[]>();

            Object.entries(config["proxy-resources"]).forEach(
                ([resourceKey, resource]) => {
                    const proxyPort = resource["proxy-port"];
-                    if (proxyPort !== undefined) {
-                        if (!proxyPortMap.has(proxyPort)) {
-                            proxyPortMap.set(proxyPort, []);
+                    const protocol = resource.protocol;
+                    if (proxyPort !== undefined && protocol !== undefined) {
+                        const key = `${protocol}:${proxyPort}`;
+                        if (!protocolPortMap.has(key)) {
+                            protocolPortMap.set(key, []);
                        }
-                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                        protocolPortMap.get(key)!.push(resourceKey);
                    }
                }
            );

-            const duplicates = Array.from(proxyPortMap.entries())
+            const duplicates = Array.from(protocolPortMap.entries())
                .filter(([_, resourceKeys]) => resourceKeys.length > 1)
                .map(
-                    ([proxyPort, resourceKeys]) =>
-                        `port ${proxyPort} used by proxy-resources: ${resourceKeys.join(", ")}`
+                    ([protocolPort, resourceKeys]) => {
+                        const [protocol, port] = protocolPort.split(':');
+                        return `${protocol.toUpperCase()} port ${port} used by proxy-resources: ${resourceKeys.join(", ")}`;
+                    }
                )
                .join("; ");

--- a/server/lib/cache.ts
+++ b/server/lib/cache.ts
@@ -0,0 +1,5 @@
+import NodeCache from "node-cache";
+
+export const cache = new NodeCache({ stdTTL: 3600, checkperiod: 120 });
+
+export default cache;
--- a/server/lib/certificates.ts
+++ b/server/lib/certificates.ts
@@ -0,0 +1,13 @@
+export async function getValidCertificatesForDomains(domains: Set<string>): Promise<
+    Array<{
+        id: number;
+        domain: string;
+        wildcard: boolean | null;
+        certFile: string | null;
+        keyFile: string | null;
+        expiresAt: number | null;
+        updatedAt?: number | null;
+    }>
+> {
+    return []; // stub
+}
--- a/server/lib/checkOrgAccessPolicy.ts
+++ b/server/lib/checkOrgAccessPolicy.ts
@@ -0,0 +1,41 @@
+import { Org, ResourceSession, Session, User } from "@server/db";
+
+export type CheckOrgAccessPolicyProps = {
+    orgId?: string;
+    org?: Org;
+    userId?: string;
+    user?: User;
+    sessionId?: string;
+    session?: Session;
+};
+
+export type CheckOrgAccessPolicyResult = {
+    allowed: boolean;
+    error?: string;
+    policies?: {
+        requiredTwoFactor?: boolean;
+        maxSessionLength?: {
+            compliant: boolean;
+            maxSessionLengthHours: number;
+            sessionAgeHours: number;
+        };
+        passwordAge?: {
+            compliant: boolean;
+            maxPasswordAgeDays: number;
+            passwordAgeDays: number;
+        };
+    };
+};
+
+export async function enforceResourceSessionLength(
+    resourceSession: ResourceSession,
+    org: Org
+): Promise<{ valid: boolean; error?: string }> {
+    return { valid: true };
+}
+
+export async function checkOrgAccessPolicy(
+    props: CheckOrgAccessPolicyProps
+): Promise<CheckOrgAccessPolicyResult> {
+    return { allowed: true };
+}
--- a/server/lib/cleanupLogs.ts
+++ b/server/lib/cleanupLogs.ts
@@ -0,0 +1,62 @@
+import { db, orgs } from "@server/db";
+import { cleanUpOldLogs as cleanUpOldAccessLogs } from "#dynamic/lib/logAccessAudit";
+import { cleanUpOldLogs as cleanUpOldActionLogs } from "#dynamic/middlewares/logActionAudit";
+import { cleanUpOldLogs as cleanUpOldRequestLogs } from "@server/routers/badger/logRequestAudit";
+import { gt, or } from "drizzle-orm";
+
+export function initLogCleanupInterval() {
+    return setInterval(
+        async () => {
+            const orgsToClean = await db
+                .select({
+                    orgId: orgs.orgId,
+                    settingsLogRetentionDaysAction:
+                        orgs.settingsLogRetentionDaysAction,
+                    settingsLogRetentionDaysAccess:
+                        orgs.settingsLogRetentionDaysAccess,
+                    settingsLogRetentionDaysRequest:
+                        orgs.settingsLogRetentionDaysRequest
+                })
+                .from(orgs)
+                .where(
+                    or(
+                        gt(orgs.settingsLogRetentionDaysAction, 0),
+                        gt(orgs.settingsLogRetentionDaysAccess, 0),
+                        gt(orgs.settingsLogRetentionDaysRequest, 0)
+                    )
+                );
+
+            for (const org of orgsToClean) {
+                const {
+                    orgId,
+                    settingsLogRetentionDaysAction,
+                    settingsLogRetentionDaysAccess,
+                    settingsLogRetentionDaysRequest
+                } = org;
+
+                if (settingsLogRetentionDaysAction > 0) {
+                    await cleanUpOldActionLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+
+                if (settingsLogRetentionDaysAccess > 0) {
+                    await cleanUpOldAccessLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+
+                if (settingsLogRetentionDaysRequest > 0) {
+                    await cleanUpOldRequestLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+            }
+        },
+        // 3 * 60 * 60 * 1000
+        60 * 1000 // for testing
+    ); // every 3 hours
+}
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -3,19 +3,12 @@ import { __DIRNAME, APP_VERSION } from "@server/lib/consts";
 import { db } from "@server/db";
 import { SupporterKey, supporterKey } from "@server/db";
 import { eq } from "drizzle-orm";
-import { license } from "@server/license/license";
 import { configSchema, readConfigFile } from "./readConfigFile";
 import { fromError } from "zod-validation-error";
-import {
-    privateConfigSchema,
-    readPrivateConfigFile
-} from "@server/lib/private/readConfigFile";
-import logger from "@server/logger";
 import { build } from "@server/build";

 export class Config {
    private rawConfig!: z.infer<typeof configSchema>;
-    private rawPrivateConfig!: z.infer<typeof privateConfigSchema>;

    supporterData: SupporterKey | null = null;

@@ -37,19 +30,6 @@ export class Config {
            throw new Error(`Invalid configuration file: ${errors}`);
        }

-        const privateEnvironment = readPrivateConfigFile();
-
-        const {
-            data: parsedPrivateConfig,
-            success: privateSuccess,
-            error: privateError
-        } = privateConfigSchema.safeParse(privateEnvironment);
-
-        if (!privateSuccess) {
-            const errors = fromError(privateError);
-            throw new Error(`Invalid private configuration file: ${errors}`);
-        }
-
        if (
            // @ts-ignore
            parsedConfig.users ||
@@ -109,132 +89,23 @@ export class Config {
            ? "true"
            : "false";

-        if (parsedPrivateConfig.branding?.colors) {
-            process.env.BRANDING_COLORS = JSON.stringify(
-                parsedPrivateConfig.branding?.colors
-            );
-        }
-
-        if (parsedPrivateConfig.branding?.logo?.light_path) {
-            process.env.BRANDING_LOGO_LIGHT_PATH =
-                parsedPrivateConfig.branding?.logo?.light_path;
-        }
-        if (parsedPrivateConfig.branding?.logo?.dark_path) {
-            process.env.BRANDING_LOGO_DARK_PATH =
-                parsedPrivateConfig.branding?.logo?.dark_path || undefined;
-        }
-
-        process.env.HIDE_SUPPORTER_KEY = parsedPrivateConfig.flags
-            ?.hide_supporter_key
-            ? "true"
-            : "false";
-
-        if (build != "oss") {
-            if (parsedPrivateConfig.branding?.logo?.light_path) {
-                process.env.BRANDING_LOGO_LIGHT_PATH =
-                    parsedPrivateConfig.branding?.logo?.light_path;
-            }
-            if (parsedPrivateConfig.branding?.logo?.dark_path) {
-                process.env.BRANDING_LOGO_DARK_PATH =
-                    parsedPrivateConfig.branding?.logo?.dark_path || undefined;
-            }
-
-            process.env.BRANDING_LOGO_AUTH_WIDTH = parsedPrivateConfig.branding
-                ?.logo?.auth_page?.width
-                ? parsedPrivateConfig.branding?.logo?.auth_page?.width.toString()
-                : undefined;
-            process.env.BRANDING_LOGO_AUTH_HEIGHT = parsedPrivateConfig.branding
-                ?.logo?.auth_page?.height
-                ? parsedPrivateConfig.branding?.logo?.auth_page?.height.toString()
-                : undefined;
-
-            process.env.BRANDING_LOGO_NAVBAR_WIDTH = parsedPrivateConfig
-                .branding?.logo?.navbar?.width
-                ? parsedPrivateConfig.branding?.logo?.navbar?.width.toString()
-                : undefined;
-            process.env.BRANDING_LOGO_NAVBAR_HEIGHT = parsedPrivateConfig
-                .branding?.logo?.navbar?.height
-                ? parsedPrivateConfig.branding?.logo?.navbar?.height.toString()
-                : undefined;
-
-            process.env.BRANDING_FAVICON_PATH =
-                parsedPrivateConfig.branding?.favicon_path;
-
-            process.env.BRANDING_APP_NAME =
-                parsedPrivateConfig.branding?.app_name || "Pangolin";
-
-            if (parsedPrivateConfig.branding?.footer) {
-                process.env.BRANDING_FOOTER = JSON.stringify(
-                    parsedPrivateConfig.branding?.footer
-                );
-            }
-
-            process.env.LOGIN_PAGE_TITLE_TEXT =
-                parsedPrivateConfig.branding?.login_page?.title_text || "";
-            process.env.LOGIN_PAGE_SUBTITLE_TEXT =
-                parsedPrivateConfig.branding?.login_page?.subtitle_text || "";
-
-            process.env.SIGNUP_PAGE_TITLE_TEXT =
-                parsedPrivateConfig.branding?.signup_page?.title_text || "";
-            process.env.SIGNUP_PAGE_SUBTITLE_TEXT =
-                parsedPrivateConfig.branding?.signup_page?.subtitle_text || "";
-
-            process.env.RESOURCE_AUTH_PAGE_HIDE_POWERED_BY =
-                parsedPrivateConfig.branding?.resource_auth_page
-                    ?.hide_powered_by === true
-                    ? "true"
-                    : "false";
-            process.env.RESOURCE_AUTH_PAGE_SHOW_LOGO =
-                parsedPrivateConfig.branding?.resource_auth_page?.show_logo ===
-                true
-                    ? "true"
-                    : "false";
-            process.env.RESOURCE_AUTH_PAGE_TITLE_TEXT =
-                parsedPrivateConfig.branding?.resource_auth_page?.title_text ||
-                "";
-            process.env.RESOURCE_AUTH_PAGE_SUBTITLE_TEXT =
-                parsedPrivateConfig.branding?.resource_auth_page
-                    ?.subtitle_text || "";
-
-            if (parsedPrivateConfig.branding?.background_image_path) {
-                process.env.BACKGROUND_IMAGE_PATH =
-                    parsedPrivateConfig.branding?.background_image_path;
-            }
-
-            if (parsedPrivateConfig.server.reo_client_id) {
-                process.env.REO_CLIENT_ID =
-                    parsedPrivateConfig.server.reo_client_id;
-            }
-        }
-
        if (parsedConfig.server.maxmind_db_path) {
            process.env.MAXMIND_DB_PATH = parsedConfig.server.maxmind_db_path;
        }

        this.rawConfig = parsedConfig;
-        this.rawPrivateConfig = parsedPrivateConfig;
    }

    public async initServer() {
        if (!this.rawConfig) {
            throw new Error("Config not loaded. Call load() first.");
        }
-        if (this.rawConfig.managed) {
-            // LETS NOT WORRY ABOUT THE SERVER SECRET WHEN MANAGED
-            return;
-        }
-        license.setServerSecret(this.rawConfig.server.secret!);

        await this.checkKeyStatus();
    }

    private async checkKeyStatus() {
-        const licenseStatus = await license.check();
-        if (
-            !this.rawPrivateConfig.flags?.hide_supporter_key &&
-            build != "oss" &&
-            !licenseStatus.isHostLicensed
-        ) {
+        if (build == "oss") {
            this.checkSupporterKey();
        }
    }
@@ -243,10 +114,6 @@ export class Config {
        return this.rawConfig;
    }

-    public getRawPrivateConfig() {
-        return this.rawPrivateConfig;
-    }
-
    public getNoReplyEmail(): string | undefined {
        return (
            this.rawConfig.email?.no_reply || this.rawConfig.email?.smtp_user
@@ -280,10 +147,6 @@ export class Config {
        return false;
    }

-    public isManagedMode() {
-        return typeof this.rawConfig?.managed === "object";
-    }
-
    public async checkSupporterKey() {
        const [key] = await db.select().from(supporterKey).limit(1);

--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
 import { fileURLToPath } from "url";

 // This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.10.4";
+export const APP_VERSION = "1.12.0-rc.0";

 export const __FILENAME = fileURLToPath(import.meta.url);
 export const __DIRNAME = path.dirname(__FILENAME);
--- a/server/middlewares/private/corsWithLoginPage.ts
+++ b/server/middlewares/private/corsWithLoginPage.ts
@@ -1,16 +1,3 @@
-/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-
 import { Request, Response, NextFunction } from "express";
 import cors, { CorsOptions } from "cors";
 import config from "@server/lib/config";
--- a/Show More
+++ b/Show More