Merge branch 'dev' of github.com:fosrl/pangolin into dev

Make it easier to delete things

.dockerignore

@@ -28,3 +28,7 @@ LICENSE
 CONTRIBUTING.md
 dist
 .git
+migrations/
+config/
+build.ts
+tsconfig.json

.github/DISCUSSION_TEMPLATE/feature-requests.yml

@@ -0,0 +1,47 @@
+body:
+    - type: textarea
+      attributes:
+          label: Summary
+          description: A clear and concise summary of the requested feature.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Motivation
+          description: |
+              Why is this feature important?
+              Explain the problem this feature would solve or what use case it would enable.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Proposed Solution
+          description: |
+              How would you like to see this feature implemented?
+              Provide as much detail as possible about the desired behavior, configuration, or changes.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Alternatives Considered
+          description: Describe any alternative solutions or workarounds you've thought about.
+      validations:
+          required: false
+
+    - type: textarea
+      attributes:
+          label: Additional Context
+          description: Add any other context, mockups, or screenshots about the feature request here.
+      validations:
+          required: false
+
+    - type: markdown
+      attributes:
+          value: |
+              Before submitting, please:
+              - Check if there is an existing issue for this feature.
+              - Clearly explain the benefit and use case.
+              - Be as specific as possible to help contributors evaluate and implement.

.github/ISSUE_TEMPLATE/1.bug_report.yml

@@ -0,0 +1,51 @@
+name: Bug Report
+description: Create a bug report
+labels: []
+body:
+    - type: textarea
+      attributes:
+          label: Describe the Bug
+          description: A clear and concise description of what the bug is.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Environment
+          description: Please fill out the relevant details below for your environment.
+          value: |
+              - OS Type & Version: (e.g., Ubuntu 22.04)
+              - Pangolin Version:
+              - Gerbil Version:
+              - Traefik Version:
+              - Newt Version:
+              - Olm Version: (if applicable)
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: To Reproduce
+          description: |
+              Steps to reproduce the behavior, please provide a clear description of how to reproduce the issue, based on the linked minimal reproduction. Screenshots can be provided in the issue body below.
+
+              If using code blocks, make sure syntax highlighting is correct and double-check that the rendered preview is not broken.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Expected Behavior
+          description: A clear and concise description of what you expected to happen.
+      validations:
+          required: true
+
+    - type: markdown
+      attributes:
+          value: |
+              Before posting the issue go through the steps you've written down to make sure the steps provided are detailed and clear.
+
+    - type: markdown
+      attributes:
+          value: |
+              Contributors should be able to follow the steps provided in order to reproduce the bug.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+    - name: Need help or have questions?
+      url: https://github.com/orgs/fosrl/discussions
+      about: Ask questions, get help, and discuss with other community members
+    - name: Request a Feature
+      url: https://github.com/orgs/fosrl/discussions/new?category=feature-requests
+      about: Feature requests should be opened as discussions so others can upvote and comment

.github/dependabot.yml

@@ -38,3 +38,25 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "gomod"
+    directory: "/install"
+    schedule:
+      interval: "daily"
+    groups:
+      dev-patch-updates:
+        dependency-type: "development"
+        update-types:
+          - "patch"
+      dev-minor-updates:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+      prod-patch-updates:
+        dependency-type: "production"
+        update-types:
+          - "patch"
+      prod-minor-updates:
+        dependency-type: "production"
+        update-types:
+          - "minor"

.github/workflows/cicd.yml

@@ -3,16 +3,16 @@ name: CI/CD Pipeline
 on:
     push:
         tags:
-            - "*"
+            - "[0-9]+.[0-9]+.[0-9]+"
 
 jobs:
     release:
         name: Build and Release
-        runs-on: ubuntu-latest
+        runs-on: amd64-runner
 
         steps:
             - name: Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
@@ -28,9 +28,9 @@ jobs:
               run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
             - name: Install Go
-              uses: actions/setup-go@v5
+              uses: actions/setup-go@v6
               with:
-                  go-version: 1.23.0
+                  go-version: 1.24
 
             - name: Update version in package.json
               run: |

.github/workflows/linting.yml

@@ -18,17 +18,18 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Set up Node.js
-              uses: actions/setup-node@v4
+              uses: actions/setup-node@v5
               with:
-                node-version: '20'
+                node-version: '22'
 
             - name: Install dependencies
-              run: |
-                npm ci
+              run: npm ci
+
+            - name: Create build file
+              run: npm run set:oss
 
             - name: Run ESLint
-              run: |
-                npx eslint . --ext .js,.jsx,.ts,.tsx
+              run: npx eslint . --ext .js,.jsx,.ts,.tsx

.github/workflows/stale-bot.yml

@@ -14,7 +14,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           days-before-stale: 14
           days-before-close: 14

.github/workflows/test.yml

@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
-          node-version: '20'
+          node-version: '22'
 
       - name: Copy config file
         run: cp config/config.example.yml config/config.yml
@@ -24,7 +24,10 @@ jobs:
         run: npm ci
 
       - name: Create database index.ts
-        run: echo 'export * from "./sqlite";' > server/db/index.ts
+        run: npm run set:sqlite
+
+      - name: Create build file
+        run: npm run set:oss
 
       - name: Generate database migrations
         run: npm run db:sqlite:generate
@@ -32,6 +35,9 @@ jobs:
       - name: Apply database migrations
         run: npm run db:sqlite:push
 
+      - name: Test with tsc
+        run: npx tsc --noEmit
+
       - name: Start app in background
         run: nohup npm run dev &
 
@@ -49,7 +55,7 @@ jobs:
           exit 1
 
       - name: Build Docker image sqlite
-        run: make build
+        run: make build-sqlite
 
       - name: Build Docker image pg
         run: make build-pg

.gitignore

@@ -26,6 +26,14 @@ next-env.d.ts
 migrations
 tsconfig.tsbuildinfo
 config/config.yml
+config/config.saas.yml
+config/config.oss.yml
+config/config.enterprise.yml
+config/privateConfig.yml
+config/postgres
+config/postgres*
+config/openapi.yaml
+config/key
 dist
 .dist
 installer
@@ -34,4 +42,11 @@ bin
 .secrets
 test_event.json
 .idea/
+public/branding
 server/db/index.ts
+server/build.ts
+postgres/
+dynamic/
+*.mmdb
+scratch/
+tsconfig.json

.nvmrc

@@ -1 +1 @@
-20
+22

CONTRIBUTING.md

@@ -4,7 +4,7 @@ Contributions are welcome!
 
 Please see the contribution and local development guide on the docs page before getting started:
 
-https://docs.fossorial.io/development
+https://docs.pangolin.net/development/contributing
 
 ### Licensing Considerations
 
@@ -17,4 +17,4 @@ By creating this pull request, I grant the project maintainers an unlimited,
 perpetual license to use, modify, and redistribute these contributions under any terms they
 choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
 represent that I have the right to grant this license for all contributed content.
-```
+```

Dockerfile

@@ -0,0 +1,66 @@
+FROM node:22-alpine AS builder
+
+WORKDIR /app
+
+ARG BUILD=oss
+ARG DATABASE=sqlite
+
+# COPY package.json package-lock.json ./
+COPY package*.json ./
+RUN npm ci
+
+COPY . .
+
+RUN echo "export * from \"./$DATABASE\";" > server/db/index.ts
+
+RUN echo "export const build = \"$BUILD\" as any;" > server/build.ts
+
+# Copy the appropriate TypeScript configuration based on build type
+RUN if [ "$BUILD" = "oss" ]; then cp tsconfig.oss.json tsconfig.json; \
+    elif [ "$BUILD" = "saas" ]; then cp tsconfig.saas.json tsconfig.json; \
+    elif [ "$BUILD" = "enterprise" ]; then cp tsconfig.enterprise.json tsconfig.json; \
+    fi
+
+# if the build is oss then remove the server/private directory
+RUN if [ "$BUILD" = "oss" ]; then rm -rf server/private; fi
+
+RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema --out init; fi
+
+RUN mkdir -p dist
+RUN npm run next:build
+RUN node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD
+RUN if [ "$DATABASE" = "pg" ]; then \
+        node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs; \
+    else \
+        node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs; \
+    fi
+
+# test to make sure the build output is there and error if not
+RUN test -f dist/server.mjs
+
+RUN npm run build:cli
+
+FROM node:22-alpine AS runner
+
+WORKDIR /app
+
+# Curl used for the health checks
+RUN apk add --no-cache curl tzdata
+
+# COPY package.json package-lock.json ./
+COPY package*.json ./
+
+RUN npm ci --omit=dev && npm cache clean --force
+
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/init ./dist/init
+
+COPY ./cli/wrapper.sh /usr/local/bin/pangctl
+RUN chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
+
+COPY server/db/names.json ./dist/names.json
+COPY public ./public
+
+CMD ["npm", "run", "start"]

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM node:20-alpine
+FROM node:22-alpine
 
 WORKDIR /app
 

Dockerfile.pg

@@ -1,41 +0,0 @@
-FROM node:20-alpine AS builder
-
-WORKDIR /app
-
-# COPY package.json package-lock.json ./
-COPY package*.json ./
-RUN npm ci
-
-COPY . .
-
-RUN echo 'export * from "./pg";' > server/db/index.ts
-
-RUN npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init
-
-RUN npm run build:pg
-RUN npm run build:cli
-
-FROM node:20-alpine AS runner
-
-WORKDIR /app
-
-# Curl used for the health checks
-RUN apk add --no-cache curl
-
-# COPY package.json package-lock.json ./
-COPY package*.json ./
-RUN npm ci --omit=dev && npm cache clean --force
-
-COPY --from=builder /app/.next/standalone ./
-COPY --from=builder /app/.next/static ./.next/static
-COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/init ./dist/init
-
-COPY ./cli/wrapper.sh /usr/local/bin/pangctl
-RUN chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
-
-COPY server/db/names.json ./dist/names.json
-
-COPY public ./public
-
-CMD ["npm", "run", "start:pg"]

Dockerfile.sqlite

@@ -1,41 +0,0 @@
-FROM node:20-alpine AS builder
-
-WORKDIR /app
-
-# COPY package.json package-lock.json ./
-COPY package*.json ./
-RUN npm ci
-
-COPY . .
-
-RUN echo 'export * from "./sqlite";' > server/db/index.ts
-
-RUN npx drizzle-kit generate --dialect sqlite --schema ./server/db/sqlite/schema.ts --out init
-
-RUN npm run build:sqlite
-RUN npm run build:cli
-
-FROM node:20-alpine AS runner
-
-WORKDIR /app
-
-# Curl used for the health checks
-RUN apk add --no-cache curl
-
-# COPY package.json package-lock.json ./
-COPY package*.json ./
-RUN npm ci --omit=dev && npm cache clean --force
-
-COPY --from=builder /app/.next/standalone ./
-COPY --from=builder /app/.next/static ./.next/static
-COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/init ./dist/init
-
-COPY ./cli/wrapper.sh /usr/local/bin/pangctl
-RUN chmod +x /usr/local/bin/pangctl ./dist/cli.mjs
-
-COPY server/db/names.json ./dist/names.json
-
-COPY public ./public
-
-CMD ["npm", "run", "start:sqlite"]

LICENSE

@@ -1,3 +1,34 @@
+Copyright (c) 2025 Fossorial, Inc.
+
+Portions of this software are licensed as follows:
+
+* All files that include a header specifying they are licensed under the
+  "Fossorial Commercial License" are governed by the Fossorial Commercial
+  License terms. The specific terms applicable to each customer depend on the
+  commercial license tier agreed upon in writing with Fossorial, Inc.
+  Unauthorized use, copying, modification, or distribution is strictly
+  prohibited.
+
+* All files that include a header specifying they are licensed under the GNU
+  Affero General Public License, Version 3 ("AGPL-3"), are governed by the
+  AGPL-3 terms. A full copy of the AGPL-3 license is provided below. However,
+  these files are also available under the Fossorial Commercial License if a
+  separate commercial license agreement has been executed between the customer
+  and Fossorial, Inc.
+
+* All files without a license header are, by default, licensed under the GNU
+  Affero General Public License, Version 3 (AGPL-3). These files may also be
+  made available under the Fossorial Commercial License upon agreement with
+  Fossorial, Inc.
+
+* All third-party components included in this repository are licensed under
+  their respective original licenses, as provided by their authors.
+
+Please consult the header of each individual file to determine the applicable
+license. For AGPL-3 licensed files, dual-licensing under the Fossorial
+Commercial License is available subject to written agreement with Fossorial,
+Inc.
+
                     GNU AFFERO GENERAL PUBLIC LICENSE
                        Version 3, 19 November 2007
 

Makefile

@@ -1,14 +1,48 @@
 .PHONY: build build-pg build-release build-arm build-x86 test clean
 
+major_tag := $(shell echo $(tag) | cut -d. -f1)
+minor_tag := $(shell echo $(tag) | cut -d. -f1,2)
 build-release:
 	@if [ -z "$(tag)" ]; then \
 		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
 		exit 1; \
 	fi
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest -f Dockerfile.sqlite --push .
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) -f Dockerfile.sqlite --push .
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg --push .
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) -f Dockerfile.pg --push .
+	docker buildx build \
+		--build-arg BUILD=oss \
+		--build-arg DATABASE=sqlite \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:latest \
+		--tag fosrl/pangolin:$(major_tag) \
+		--tag fosrl/pangolin:$(minor_tag) \
+		--tag fosrl/pangolin:$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=oss \
+		--build-arg DATABASE=pg \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:postgresql-latest \
+		--tag fosrl/pangolin:postgresql-$(major_tag) \
+		--tag fosrl/pangolin:postgresql-$(minor_tag) \
+		--tag fosrl/pangolin:postgresql-$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=sqlite \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-latest \
+		--tag fosrl/pangolin:ee-$(major_tag) \
+		--tag fosrl/pangolin:ee-$(minor_tag) \
+		--tag fosrl/pangolin:ee-$(tag) \
+		--push .
+	docker buildx build \
+		--build-arg BUILD=enterprise \
+		--build-arg DATABASE=pg \
+		--platform linux/arm64,linux/amd64 \
+		--tag fosrl/pangolin:ee-postgresql-latest \
+		--tag fosrl/pangolin:ee-postgresql-$(major_tag) \
+		--tag fosrl/pangolin:ee-postgresql-$(minor_tag) \
+		--tag fosrl/pangolin:ee-postgresql-$(tag) \
+		--push .
 
 build-arm:
 	docker buildx build --platform linux/arm64 -t fosrl/pangolin:latest .
@@ -17,10 +51,10 @@ build-x86:
 	docker buildx build --platform linux/amd64 -t fosrl/pangolin:latest .
 
 build-sqlite:
-	docker build -t fosrl/pangolin:latest -f Dockerfile.sqlite .
+	docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
 
 build-pg:
-	docker build -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg .
+	docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
 
 test:
 	docker run -it -p 3000:3000 -p 3001:3001 -p 3002:3002 -v ./config:/app/config fosrl/pangolin:latest

README.md

@@ -1,147 +1,88 @@
 <div align="center">
     <h2>
-      <picture>
-          <source media="(prefers-color-scheme: dark)" srcset="public/logo/word_mark_white.png">
-          <img alt="Pangolin Logo" src="public/logo/word_mark_black.png" width="250">
+    <a href="https://pangolin.net/">
+        <picture>
+            <source media="(prefers-color-scheme: dark)" srcset="public/logo/word_mark_white.png">
+            <img alt="Pangolin Logo" src="public/logo/word_mark_black.png" width="350">
         </picture>
+    </a>
     </h2>
 </div>
 
-<h4 align="center">Secure gateway to your private networks</h4>
-<div align="center">
-
-_Pangolin tunnels your services to the internet so you can access anything from anywhere._
-
-</div>
-
 <div align="center">
   <h5>
-      <a href="https://digpangolin.com">
+      <a href="https://pangolin.net/">
         Website
       </a>
       <span> | </span>
-      <a href="https://docs.fossorial.io/Getting%20Started/quick-install">
-        Install Guide
+      <a href="https://docs.pangolin.net/">
+        Documentation
       </a>
       <span> | </span>
-      <a href="mailto:numbat@fossorial.io">
+      <a href="mailto:contact@pangolin.net">
         Contact Us
       </a>
   </h5>
+</div>
 
+<div align="center">
+
+[![Discord](https://img.shields.io/discord/1325658630518865980?logo=discord&style=flat-square)](https://discord.gg/HCJR8Xhme4)
+[![Slack](https://img.shields.io/badge/chat-slack-yellow?style=flat-square&logo=slack)](https://pangolin.net/slack)
 [![Docker](https://img.shields.io/docker/pulls/fosrl/pangolin?style=flat-square)](https://hub.docker.com/r/fosrl/pangolin)
 ![Stars](https://img.shields.io/github/stars/fosrl/pangolin?style=flat-square)
-[![Discord](https://img.shields.io/discord/1325658630518865980?logo=discord&style=flat-square)](https://discord.gg/HCJR8Xhme4)
-[![Youtube](https://img.shields.io/badge/YouTube-red?logo=youtube&logoColor=white&style=flat-square)](https://www.youtube.com/@fossorial-app)
+[![YouTube](https://img.shields.io/badge/YouTube-red?logo=youtube&logoColor=white&style=flat-square)](https://www.youtube.com/@fossorial-app)
 
 </div>
 
 <p align="center">
     <strong>
-    Start testing Pangolin at <a href="https://pangolin.fossorial.io/auth/signup">pangolin.fossorial.io</a>
-    <br/>
-</strong>
+        Start testing Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
+    </strong>
 </p>
 
-Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
+Pangolin is a self-hosted tunneled reverse proxy server with identity and context aware access control, designed to easily expose and protect applications running anywhere. Pangolin acts as a central hub and connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports or requiring a VPN.
 
-<img src="public/screenshots/hero.png" alt="Preview"/>
+## Installation
 
-![gif](public/clip.gif)
-
-## Key Features
-
-### Reverse Proxy Through WireGuard Tunnel
-
-- Expose private resources on your network **without opening ports** (firewall punching).
-- Secure and easy to configure private connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
-- Built-in support for any WireGuard client.
-- Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
-- Support for HTTP/HTTPS and **raw TCP/UDP services**.
-- Load balancing.
-- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock).
-    - **Automatically install and configure Crowdsec via Pangolin's installer script.**
-- Attach as many sites to the central server as you wish.
-
-### Identity & Access Management
-
-- Centralized authentication system using platform SSO. **Users will only have to manage one login.**
-- **Define access control rules for IPs, IP ranges, and URL paths per resource.**
-- TOTP with backup codes for two-factor authentication.
-- Create organizations, each with multiple sites, users, and roles.
-- **Role-based access control** to manage resource access permissions.
-- Additional authentication options include:
-    - Email whitelisting with **one-time passcodes.**
-    - **Temporary, self-destructing share links.**
-    - Resource specific pin codes.
-    - Resource specific passwords.
-    - Passkeys
-- External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
-    - Auto-provision users and roles from your IdP.
-
-<img src="public/auth-diagram1.png" alt="Auth and diagram"/>
-
-## Use Cases
-
-### Manage Access to Internal Apps
-
-- Grant users access to your apps from anywhere using just a web browser. No client software required.
-
-### Developers and DevOps
-
-- Expose and test internal tools and dashboards like **Grafana**. Bring localhost or private IPs online for easy access.
-
-### Secure API Gateway
-
-- One application load balancer across multiple clouds and on-premises.
-
-### IoT and Edge Devices
-
-- Easily expose **IoT devices**, **edge servers**, or **Raspberry Pi** to the internet for field equipment monitoring.
-
-<img src="public/screenshots/sites.png" alt="Sites"/>
+Check out the [quick install guide](https://docs.pangolin.net/self-host/quick-install) for how to install and set up Pangolin.
 
 ## Deployment Options
 
-### Fully Self Hosted
+| <img width=500 /> | Description |
+|-----------------|--------------|
+| **Self-Host: Community Edition** | Free, open source, and licensed under AGPL-3. |
+| **Self-Host: Enterprise Edition** | Licensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under \$100K USD annually. |
+| **Pangolin Cloud** | Fully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own [remote node](https://docs.pangolin.net/manage/remote-node/nodes) and connect to our control plane. |
 
-Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.fossorial.io/Getting%20Started/quick-install) to get started.
+## Key Features
 
-> Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can get a [**VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**](https://my.racknerd.com/aff.php?aff=13788&pid=912). That's a great deal!
+Pangolin packages everything you need for seamless application access and exposure into one cohesive platform.
 
-### Pangolin Cloud
+| <img width=500 />                                                                                                                                                                                                                                                                                                                                                                | <img width=500 />                                                  |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
+| **Manage applications in one place**<br /><br /> Pangolin provides a unified dashboard where you can monitor, configure, and secure all of your services regardless of where they are hosted.                                                                                                                                                                                    | <img src="public/screenshots/hero.png" width=500 /><tr></tr> |
+| **Reverse proxy across networks anywhere**<br /><br />Route traffic via tunnels to any private network. Pangolin works like a reverse proxy that spans multiple networks and handles routing, load balancing, health checking, and more to the right services on the other end.                                                                                                  | <img src="public/screenshots/sites.png" width=500 /><tr></tr>          |
+| **Enforce identity and context aware rules**<br /><br />Protect your applications with identity and context aware rules such as SSO, OIDC, PIN, password, temporary share links, geolocation, IP, and more.                                                                                                                                                                                                | <img src="public/auth-diagram1.png" width=500 /><tr></tr>               |
+| **Quickly connect Pangolin sites**<br /><br />Pangolin's lightweight [Newt](https://github.com/fosrl/newt) client runs in userspace and can run anywhere. Use it as a site connector to route traffic to backends across all of your environments.                                                                                                                                                                                   | <img src="public/clip.gif" width=500 /><tr></tr>               |
 
-Easy to use with simple [pay as you go pricing](https://digpangolin.io/pricing). [Check it out here](https://pangolin.fossorial.io/auth/signup). 
+## Get Started
 
-- Everything you get with self hosted Pangolin, but fully managed for you.
+### Check out the docs
 
-### Hybrid & High Availability
+We encourage everyone to read the full documentation first, which is
+available at [docs.pangolin.net](https://docs.pangolin.net). This README provides only a very brief subset of
+the docs to illustrate some basic ideas.
 
-Managed control plane, your infrastructure
+### Sign up and try now
 
-- We manage database and control plane.
-- You self-host lightweight exit-node.
-- Traffic flows through your infra.
-- We coordinate failover between your nodes or to Cloud when things go bad.
-
-If interested, [contact us](mailto:numbat@fossorial.io).
-
-### Full Enterprise On-Premises
-
-[Contact us](mailto:numbat@fossorial.io) for a full distributed and enterprise deployments on your infrastructure controlled by your team.
-
-## Project Development / Roadmap
-
-We want to hear your feature requests! Add them to the [discussion board](https://github.com/orgs/fosrl/discussions/categories/feature-requests).
+For Pangolin's managed service, you will first need to create an account at
+[app.pangolin.net](https://app.pangolin.net). We have a generous free tier to get started.
 
 ## Licensing
 
-Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us at [numbat@fossorial.io](mailto:numbat@fossorial.io).
+Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
 
 ## Contributions
 
-Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22).
-
 Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices.
-
-Please post bug reports and other functional issues in the [Issues](https://github.com/fosrl/pangolin/issues) section of the repository.

SECURITY.md

@@ -3,7 +3,7 @@
 If you discover a security vulnerability, please follow the steps below to responsibly disclose it to us:
 
 1. **Do not create a public GitHub issue or discussion post.** This could put the security of other users at risk.
-2. Send a detailed report to [security@fossorial.io](mailto:security@fossorial.io) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
+2. Send a detailed report to [security@pangolin.net](mailto:security@pangolin.net) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
 
 -   Description and location of the vulnerability.
 -   Potential impact of the vulnerability.

blueprint.py

@@ -0,0 +1,72 @@
+import requests
+import yaml
+import json
+import base64
+
+# The file path for the YAML file to be read
+# You can change this to the path of your YAML file
+YAML_FILE_PATH = 'blueprint.yaml'
+
+# The API endpoint and headers from the curl request
+API_URL = 'http://api.pangolin.net/v1/org/test/blueprint'
+HEADERS = {
+    'accept': '*/*',
+    'Authorization': 'Bearer <your_token_here>',
+    'Content-Type': 'application/json'
+}
+
+def convert_and_send(file_path, url, headers):
+    """
+    Reads a YAML file, converts its content to a JSON payload,
+    and sends it via a PUT request to a specified URL.
+    """
+    try:
+        # Read the YAML file content
+        with open(file_path, 'r') as file:
+            yaml_content = file.read()
+
+        # Parse the YAML string to a Python dictionary
+        # This will be used to ensure the YAML is valid before sending
+        parsed_yaml = yaml.safe_load(yaml_content)
+
+        # convert the parsed YAML to a JSON string
+        json_payload = json.dumps(parsed_yaml)
+        print("Converted JSON payload:")
+        print(json_payload)
+
+        # Encode the JSON string to Base64
+        encoded_json = base64.b64encode(json_payload.encode('utf-8')).decode('utf-8')
+
+        # Create the final payload with the base64 encoded data
+        final_payload = {
+            "blueprint": encoded_json
+        }
+
+        print("Sending the following Base64 encoded JSON payload:")
+        print(final_payload)
+        print("-" * 20)
+
+        # Make the PUT request with the base64 encoded payload
+        response = requests.put(url, headers=headers, json=final_payload)
+
+        # Print the API response for debugging
+        print(f"API Response Status Code: {response.status_code}")
+        print("API Response Content:")
+        print(response.text)
+
+        # Raise an exception for bad status codes (4xx or 5xx)
+        response.raise_for_status()
+
+    except FileNotFoundError:
+        print(f"Error: The file '{file_path}' was not found.")
+    except yaml.YAMLError as e:
+        print(f"Error parsing YAML file: {e}")
+    except requests.exceptions.RequestException as e:
+        print(f"An error occurred during the API request: {e}")
+    except Exception as e:
+        print(f"An unexpected error occurred: {e}")
+
+# Run the function
+if __name__ == "__main__":
+    convert_and_send(YAML_FILE_PATH, API_URL, HEADERS)
+

blueprint.yaml

@@ -0,0 +1,69 @@
+client-resources:
+  client-resource-nice-id-uno:
+    name: this is my resource
+    protocol: tcp
+    proxy-port: 3001
+    hostname: localhost
+    internal-port: 3000
+    site: lively-yosemite-toad
+  client-resource-nice-id-duce:
+    name: this is my resource
+    protocol: udp
+    proxy-port: 3000
+    hostname: localhost
+    internal-port: 3000
+    site: lively-yosemite-toad
+
+proxy-resources:
+  resource-nice-id-uno:
+    name: this is my resource
+    protocol: http
+    full-domain: duce.test.example.com
+    host-header: example.com
+    tls-server-name: example.com
+    # auth:
+      # pincode: 123456
+      # password: sadfasdfadsf
+      # sso-enabled: true
+      # sso-roles:
+      #   - Member
+      # sso-users:
+      #   - owen@pangolin.net
+      # whitelist-users:
+      #   - owen@pangolin.net
+    headers:
+      - name: X-Example-Header
+        value: example-value
+      - name: X-Another-Header
+        value: another-value
+    rules:
+      - action: allow
+        match: ip
+        value: 1.1.1.1
+      - action: deny
+        match: cidr 
+        value: 2.2.2.2/32
+      - action: pass
+        match: path
+        value: /admin
+    targets:
+    - site: lively-yosemite-toad
+      path: /path
+      pathMatchType: prefix
+      hostname: localhost
+      method: http
+      port: 8000
+    - site: slim-alpine-chipmunk
+      hostname: localhost
+      path: /yoman
+      pathMatchType: exact
+      method: http
+      port: 8001
+  resource-nice-id-duce:
+    name: this is other resource
+    protocol: tcp
+    proxy-port: 3000
+    targets:
+    - site: lively-yosemite-toad 
+      hostname: localhost
+      port: 3000

bruno/API Keys/Create API Key.bru

@@ -0,0 +1,17 @@
+meta {
+  name: Create API Key
+  type: http
+  seq: 1
+}
+
+put {
+  url: http://localhost:3000/api/v1/api-key
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "isRoot": true
+  }
+}

bruno/API Keys/Delete API Key.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Delete API Key
+  type: http
+  seq: 2
+}
+
+delete {
+  url: http://localhost:3000/api/v1/api-key/dm47aacqxxn3ubj
+  body: none
+  auth: inherit
+}

bruno/API Keys/List API Key Actions.bru

@@ -0,0 +1,11 @@
+meta {
+  name: List API Key Actions
+  type: http
+  seq: 6
+}
+
+get {
+  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/actions
+  body: none
+  auth: inherit
+}

bruno/API Keys/List Org API Keys.bru

@@ -0,0 +1,11 @@
+meta {
+  name: List Org API Keys
+  type: http
+  seq: 4
+}
+
+get {
+  url: http://localhost:3000/api/v1/org/home-lab/api-keys
+  body: none
+  auth: inherit
+}

bruno/API Keys/List Root API Keys.bru

@@ -0,0 +1,11 @@
+meta {
+  name: List Root API Keys
+  type: http
+  seq: 3
+}
+
+get {
+  url: http://localhost:3000/api/v1/root/api-keys
+  body: none
+  auth: inherit
+}

bruno/API Keys/Set API Key Actions.bru

@@ -0,0 +1,17 @@
+meta {
+  name: Set API Key Actions
+  type: http
+  seq: 5
+}
+
+post {
+  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/actions
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "actionIds": ["listSites"]
+  }
+}

bruno/API Keys/Set API Key Orgs.bru

@@ -0,0 +1,17 @@
+meta {
+  name: Set API Key Orgs
+  type: http
+  seq: 7
+}
+
+post {
+  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/orgs
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "orgIds": ["home-lab"]
+  }
+}

bruno/API Keys/folder.bru

@@ -0,0 +1,3 @@
+meta {
+  name: API Keys
+}

bruno/Auth/login.bru

@@ -5,14 +5,14 @@ meta {
 }
 
 post {
-  url: http://localhost:3000/api/v1/auth/login
+  url: http://localhost:4000/api/v1/auth/login
   body: json
   auth: none
 }
 
 body:json {
   {
-    "email": "admin@fosrl.io",
+    "email": "owen@pangolin.net",
     "password": "Password123!"
   }
 }

bruno/Auth/logout.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: http://localhost:3000/api/v1/auth/logout
+  url: http://localhost:4000/api/v1/auth/logout
   body: none
   auth: none
 }

bruno/Auth/reset-password-request.bru

@@ -12,6 +12,6 @@ post {
 
 body:json {
   {
-      "email": "milo@fossorial.io"
+      "email": "milo@pangolin.net"
   }
 }

bruno/Auth/signup.bru

@@ -12,7 +12,7 @@ put {
 
 body:json {
   {
-    "email": "numbat@fossorial.io",
+    "email": "numbat@pangolin.net",
     "password": "Password123!"
   }
 }

bruno/IDP/Create OIDC Provider.bru

@@ -0,0 +1,22 @@
+meta {
+  name: Create OIDC Provider
+  type: http
+  seq: 1
+}
+
+put {
+  url: http://localhost:3000/api/v1/org/home-lab/idp/oidc
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "clientId": "JJoSvHCZcxnXT2sn6CObj6a21MuKNRXs3kN5wbys",
+    "clientSecret": "2SlGL2wOGgMEWLI9yUuMAeFxre7qSNJVnXMzyepdNzH1qlxYnC4lKhhQ6a157YQEkYH3vm40KK4RCqbYiF8QIweuPGagPX3oGxEj2exwutoXFfOhtq4hHybQKoFq01Z3",
+    "authUrl": "http://localhost:9000/application/o/authorize/",
+    "tokenUrl": "http://localhost:9000/application/o/token/",
+    "scopes": ["email", "openid", "profile"],
+    "userIdentifier": "email"
+  }
+}

bruno/IDP/Generate OIDC URL.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Generate OIDC URL
+  type: http
+  seq: 2
+}
+
+get {
+  url: http://localhost:3000/api/v1
+  body: none
+  auth: inherit
+}

bruno/IDP/folder.bru

@@ -0,0 +1,3 @@
+meta {
+  name: IDP
+}

bruno/Internal/Traefik Config.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Traefik Config
+  type: http
+  seq: 1
+}
+
+get {
+  url: http://localhost:3001/api/v1/traefik-config
+  body: none
+  auth: inherit
+}

bruno/Internal/folder.bru

@@ -0,0 +1,3 @@
+meta {
+  name: Internal
+}

bruno/Remote Exit Node/createRemoteExitNode.bru

@@ -0,0 +1,11 @@
+meta {
+  name: createRemoteExitNode
+  type: http
+  seq: 1
+}
+
+put {
+  url: http://localhost:4000/api/v1/org/org_i21aifypnlyxur2/remote-exit-node
+  body: none
+  auth: none
+}

bruno/Test.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Test
+  type: http
+  seq: 2
+}
+
+get {
+  url: http://localhost:3000/api/v1
+  body: none
+  auth: inherit
+}

bruno/bruno.json

@@ -1,6 +1,6 @@
 {
   "version": "1",
-  "name": "Pangolin",
+  "name": "Pangolin Saas",
   "type": "collection",
   "ignore": [
     "node_modules",

cli/commands/resetUserSecurityKeys.ts

@@ -0,0 +1,72 @@
+import { CommandModule } from "yargs";
+import { db, users, securityKeys } from "@server/db";
+import { eq } from "drizzle-orm";
+
+type ResetUserSecurityKeysArgs = {
+    email: string;
+};
+
+export const resetUserSecurityKeys: CommandModule<
+    {},
+    ResetUserSecurityKeysArgs
+> = {
+    command: "reset-user-security-keys",
+    describe:
+        "Reset a user's security keys (passkeys) by deleting all their webauthn credentials",
+    builder: (yargs) => {
+        return yargs.option("email", {
+            type: "string",
+            demandOption: true,
+            describe: "User email address"
+        });
+    },
+    handler: async (argv: { email: string }) => {
+        try {
+            const { email } = argv;
+
+            console.log(`Looking for user with email: ${email}`);
+
+            // Find the user by email
+            const [user] = await db
+                .select()
+                .from(users)
+                .where(eq(users.email, email))
+                .limit(1);
+
+            if (!user) {
+                console.error(`User with email '${email}' not found`);
+                process.exit(1);
+            }
+
+            console.log(`Found user: ${user.email} (ID: ${user.userId})`);
+
+            // Check if user has any security keys
+            const userSecurityKeys = await db
+                .select()
+                .from(securityKeys)
+                .where(eq(securityKeys.userId, user.userId));
+
+            if (userSecurityKeys.length === 0) {
+                console.log(`User '${email}' has no security keys to reset`);
+                process.exit(0);
+            }
+
+            console.log(
+                `Found ${userSecurityKeys.length} security key(s) for user '${email}'`
+            );
+
+            // Delete all security keys for the user
+            await db
+                .delete(securityKeys)
+                .where(eq(securityKeys.userId, user.userId));
+
+            console.log(`Successfully reset security keys for user '${email}'`);
+            console.log(`Deleted ${userSecurityKeys.length} security key(s)`);
+
+            process.exit(0);
+        } catch (error) {
+            console.error("Error:", error);
+            process.exit(1);
+        }
+    }
+};

cli/commands/setAdminCredentials.ts

@@ -32,7 +32,9 @@ export const setAdminCredentials: CommandModule<{}, SetAdminCredentialsArgs> = {
     },
     handler: async (argv: { email: string; password: string }) => {
         try {
-            const { email, password } = argv;
+            const { password } = argv;
+            let { email } = argv;
+            email = email.trim().toLowerCase();
 
             const parsed = passwordSchema.safeParse(password);
 

cli/index.ts

@@ -3,9 +3,11 @@
 import yargs from "yargs";
 import { hideBin } from "yargs/helpers";
 import { setAdminCredentials } from "@cli/commands/setAdminCredentials";
+import { resetUserSecurityKeys } from "@cli/commands/resetUserSecurityKeys";
 
 yargs(hideBin(process.argv))
     .scriptName("pangctl")
     .command(setAdminCredentials)
+    .command(resetUserSecurityKeys)
     .demandCommand()
     .help().argv;

config/config.example.yml

@@ -1,48 +1,28 @@
 # To see all available options, please visit the docs:
-# https://docs.fossorial.io/Pangolin/Configuration/config
+# https://docs.pangolin.net/self-host/advanced/config-file
 
 app:
-    dashboard_url: "http://localhost:3002"
-    log_level: "info"
-    save_logs: false
+  dashboard_url: http://localhost:3002
+  log_level: debug
 
 domains:
-    domain1:
-        base_domain: "example.com"
-        cert_resolver: "letsencrypt"
+  domain1:
+    base_domain: example.com
 
 server:
-    external_port: 3000
-    internal_port: 3001
-    next_port: 3002
-    internal_hostname: "pangolin"
-    session_cookie_name: "p_session_token"
-    resource_access_token_param: "p_token"
-    secret: "your_secret_key_here"
-    resource_access_token_headers:
-        id: "P-Access-Token-Id"
-        token: "P-Access-Token"
-    resource_session_request_param: "p_session_request"
-
-traefik:
-    http_entrypoint: "web"
-    https_entrypoint: "websecure"
+  secret: my_secret_key
 
 gerbil:
-    start_port: 51820
-    base_endpoint: "localhost"
-    block_size: 24
-    site_block_size: 30
-    subnet_group: 100.89.137.0/20
-    use_subdomain: true
+  base_endpoint: example.com
 
-rate_limits:
-    global:
-        window_minutes: 1
-        max_requests: 500
+orgs:
+  block_size: 24
+  subnet_group: 100.90.137.0/20
 
 flags:
-    require_email_verification: false
-    disable_signup_without_invite: true
-    disable_user_create_org: true
-    allow_raw_resources: true
+  require_email_verification: false
+  disable_signup_without_invite: true
+  disable_user_create_org: true
+  allow_raw_resources: true
+  enable_integration_api: true
+  enable_clients: true

config/traefik/dynamic_config.yml

@@ -0,0 +1,46 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(`{{.DashboardDomain}}`)"
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(`{{.DashboardDomain}}`)"
+      service: next-service
+      priority: 10
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(`{{.DashboardDomain}}`) && PathPrefix(`/api/v1`)"
+      service: api-service
+      priority: 100
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3002"  # Next.js server
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3000"  # API/WebSocket server

config/traefik/traefik_config.yml

@@ -0,0 +1,34 @@
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  file:
+    directory: "/var/dynamic"
+    watch: true
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.2.0"
+
+log:
+  level: "DEBUG"
+  format: "common"
+  maxSize: 100
+  maxBackups: 3
+  maxAge: 3
+  compress: true
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":9443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+
+serversTransport:
+  insecureSkipVerify: true

docker-compose.example.yml

@@ -20,10 +20,9 @@ services:
       pangolin:
         condition: service_healthy
     command:
-      - --reachableAt=http://gerbil:3003
+      - --reachableAt=http://gerbil:3004
       - --generateAndSaveKeyTo=/var/config/key
-      - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
-      - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
+      - --remoteConfig=http://pangolin:3001/api/v1/
     volumes:
       - ./config/:/var/config
     cap_add:
@@ -31,11 +30,12 @@ services:
       - SYS_MODULE
     ports:
       - 51820:51820/udp
+      - 21820:21820/udp
       - 443:443 # Port for traefik because of the network_mode
       - 80:80 # Port for traefik because of the network_mode
 
   traefik:
-    image: traefik:v3.4.0
+    image: traefik:v3.5
     container_name: traefik
     restart: unless-stopped
     network_mode: service:gerbil # Ports appear on the gerbil service
@@ -51,4 +51,5 @@ services:
 networks:
   default:
     driver: bridge
-    name: pangolin
+    name: pangolin
+    enable_ipv6: true

docker-compose.pgr.yml

@@ -7,6 +7,15 @@ services:
       POSTGRES_DB: postgres # Default database name
       POSTGRES_USER: postgres # Default user
       POSTGRES_PASSWORD: password # Default password (change for production!)
+    volumes:
+      - ./config/postgres:/var/lib/postgresql/data
     ports:
       - "5432:5432" # Map host port 5432 to container port 5432
-    restart: no 
+    restart: no 
+
+  redis:
+    image: redis:latest # Use the latest Redis image
+    container_name: dev_redis # Name your Redis container
+    ports:
+      - "6379:6379" # Map host port 6379 to container port 6379
+    restart: no

docker-compose.yml

@@ -9,10 +9,10 @@ services:
       - "3000:3000"
       - "3001:3001"
       - "3002:3002"
+      - "3003:3003"
     environment:
       - NODE_ENV=development
       - ENVIRONMENT=dev
-      - DB_TYPE=pg
     volumes:
       # Mount source code for hot reload
       - ./src:/app/src
@@ -26,4 +26,4 @@ services:
       - ./postcss.config.mjs:/app/postcss.config.mjs
       - ./eslint.config.js:/app/eslint.config.js
       - ./config:/app/config
-    restart: no
+    restart: no

drizzle.pg.config.ts

@@ -1,9 +1,13 @@
 import { defineConfig } from "drizzle-kit";
 import path from "path";
 
+const schema = [
+    path.join("server", "db", "pg", "schema"),
+];
+
 export default defineConfig({
     dialect: "postgresql",
-    schema: [path.join("server", "db", "pg", "schema.ts")],
+    schema: schema,
     out: path.join("server", "migrations"),
     verbose: true,
     dbCredentials: {

drizzle.sqlite.config.ts

@@ -2,9 +2,13 @@ import { APP_PATH } from "@server/lib/consts";
 import { defineConfig } from "drizzle-kit";
 import path from "path";
 
+const schema = [
+    path.join("server", "db", "sqlite", "schema"),
+];
+
 export default defineConfig({
     dialect: "sqlite",
-    schema: path.join("server", "db", "sqlite", "schema.ts"),
+    schema: schema,
     out: path.join("server", "migrations"),
     verbose: true,
     dbCredentials: {

esbuild.mjs

@@ -2,8 +2,9 @@ import esbuild from "esbuild";
 import yargs from "yargs";
 import { hideBin } from "yargs/helpers";
 import { nodeExternalsPlugin } from "esbuild-node-externals";
+import path from "path";
+import fs from "fs";
 // import { glob } from "glob";
-// import path from "path";
 
 const banner = `
 // patch __dirname
@@ -18,7 +19,7 @@ const require = topLevelCreateRequire(import.meta.url);
 `;
 
 const argv = yargs(hideBin(process.argv))
-    .usage("Usage: $0 -entry [string] -out [string]")
+    .usage("Usage: $0 -entry [string] -out [string] -build [string]")
     .option("entry", {
         alias: "e",
         describe: "Entry point file",
@@ -31,6 +32,13 @@ const argv = yargs(hideBin(process.argv))
         type: "string",
         demandOption: true,
     })
+    .option("build", {
+        alias: "b",
+        describe: "Build type (oss, saas, enterprise)",
+        type: "string",
+        choices: ["oss", "saas", "enterprise"],
+        default: "oss",
+    })
     .help()
     .alias("help", "h").argv;
 
@@ -46,27 +54,223 @@ function getPackagePaths() {
     return ["package.json"];
 }
 
+// Plugin to guard against bad imports from #private
+function privateImportGuardPlugin() {
+    return {
+        name: "private-import-guard",
+        setup(build) {
+            const violations = [];
+
+            build.onResolve({ filter: /^#private\// }, (args) => {
+                const importingFile = args.importer;
+
+                // Check if the importing file is NOT in server/private
+                const normalizedImporter = path.normalize(importingFile);
+                const isInServerPrivate = normalizedImporter.includes(path.normalize("server/private"));
+
+                if (!isInServerPrivate) {
+                    const violation = {
+                        file: importingFile,
+                        importPath: args.path,
+                        resolveDir: args.resolveDir
+                    };
+                    violations.push(violation);
+
+                    console.log(`PRIVATE IMPORT VIOLATION:`);
+                    console.log(`   File: ${importingFile}`);
+                    console.log(`   Import: ${args.path}`);
+                    console.log(`   Resolve dir: ${args.resolveDir || 'N/A'}`);
+                    console.log('');
+                }
+
+                // Return null to let the default resolver handle it
+                return null;
+            });
+
+            build.onEnd((result) => {
+                if (violations.length > 0) {
+                    console.log(`\nSUMMARY: Found ${violations.length} private import violation(s):`);
+                    violations.forEach((v, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), v.file)} imports ${v.importPath}`);
+                    });
+                    console.log('');
+
+                    result.errors.push({
+                        text: `Private import violations detected: ${violations.length} violation(s) found`,
+                        location: null,
+                        notes: violations.map(v => ({
+                            text: `${path.relative(process.cwd(), v.file)} imports ${v.importPath}`,
+                            location: null
+                        }))
+                    });
+                }
+            });
+        }
+    };
+}
+
+// Plugin to guard against bad imports from #private
+function dynamicImportGuardPlugin() {
+    return {
+        name: "dynamic-import-guard",
+        setup(build) {
+            const violations = [];
+
+            build.onResolve({ filter: /^#dynamic\// }, (args) => {
+                const importingFile = args.importer;
+
+                // Check if the importing file is NOT in server/private
+                const normalizedImporter = path.normalize(importingFile);
+                const isInServerPrivate = normalizedImporter.includes(path.normalize("server/private"));
+
+                if (isInServerPrivate) {
+                    const violation = {
+                        file: importingFile,
+                        importPath: args.path,
+                        resolveDir: args.resolveDir
+                    };
+                    violations.push(violation);
+
+                    console.log(`DYNAMIC IMPORT VIOLATION:`);
+                    console.log(`   File: ${importingFile}`);
+                    console.log(`   Import: ${args.path}`);
+                    console.log(`   Resolve dir: ${args.resolveDir || 'N/A'}`);
+                    console.log('');
+                }
+
+                // Return null to let the default resolver handle it
+                return null;
+            });
+
+            build.onEnd((result) => {
+                if (violations.length > 0) {
+                    console.log(`\nSUMMARY: Found ${violations.length} dynamic import violation(s):`);
+                    violations.forEach((v, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), v.file)} imports ${v.importPath}`);
+                    });
+                    console.log('');
+
+                    result.errors.push({
+                        text: `Dynamic import violations detected: ${violations.length} violation(s) found`,
+                        location: null,
+                        notes: violations.map(v => ({
+                            text: `${path.relative(process.cwd(), v.file)} imports ${v.importPath}`,
+                            location: null
+                        }))
+                    });
+                }
+            });
+        }
+    };
+}
+
+// Plugin to dynamically switch imports based on build type
+function dynamicImportSwitcherPlugin(buildValue) {
+    return {
+        name: "dynamic-import-switcher",
+        setup(build) {
+            const switches = [];
+
+            build.onStart(() => {
+                console.log(`Dynamic import switcher using build type: ${buildValue}`);
+            });
+
+            build.onResolve({ filter: /^#dynamic\// }, (args) => {
+                // Extract the path after #dynamic/
+                const dynamicPath = args.path.replace(/^#dynamic\//, '');
+
+                // Determine the replacement based on build type
+                let replacement;
+                if (buildValue === "oss") {
+                    replacement = `#open/${dynamicPath}`;
+                } else if (buildValue === "saas" || buildValue === "enterprise") {
+                    replacement = `#closed/${dynamicPath}`; // We use #closed here so that the route guards dont complain after its been changed but this is the same as #private
+                } else {
+                    console.warn(`Unknown build type '${buildValue}', defaulting to #open/`);
+                    replacement = `#open/${dynamicPath}`;
+                }
+
+                const switchInfo = {
+                    file: args.importer,
+                    originalPath: args.path,
+                    replacementPath: replacement,
+                    buildType: buildValue
+                };
+                switches.push(switchInfo);
+
+                console.log(`DYNAMIC IMPORT SWITCH:`);
+                console.log(`   File: ${args.importer}`);
+                console.log(`   Original: ${args.path}`);
+                console.log(`   Switched to: ${replacement} (build: ${buildValue})`);
+                console.log('');
+
+                // Rewrite the import path and let the normal resolution continue
+                return build.resolve(replacement, {
+                    importer: args.importer,
+                    namespace: args.namespace,
+                    resolveDir: args.resolveDir,
+                    kind: args.kind
+                });
+            });
+
+            build.onEnd((result) => {
+                if (switches.length > 0) {
+                    console.log(`\nDYNAMIC IMPORT SUMMARY: Switched ${switches.length} import(s) for build type '${buildValue}':`);
+                    switches.forEach((s, i) => {
+                        console.log(`   ${i + 1}. ${path.relative(process.cwd(), s.file)}`);
+                        console.log(`      ${s.originalPath} → ${s.replacementPath}`);
+                    });
+                    console.log('');
+                }
+            });
+        }
+    };
+}
+
 esbuild
     .build({
         entryPoints: [argv.entry],
         bundle: true,
         outfile: argv.out,
         format: "esm",
-        minify: true,
+        minify: false,
         banner: {
             js: banner,
         },
         platform: "node",
         external: ["body-parser"],
         plugins: [
+            privateImportGuardPlugin(),
+            dynamicImportGuardPlugin(),
+            dynamicImportSwitcherPlugin(argv.build),
             nodeExternalsPlugin({
                 packagePath: getPackagePaths(),
             }),
         ],
-        sourcemap: true,
-        target: "node20",
+        sourcemap: "inline",
+        target: "node22",
     })
-    .then(() => {
+    .then((result) => {
+        // Check if there were any errors in the build result
+        if (result.errors && result.errors.length > 0) {
+            console.error(`Build failed with ${result.errors.length} error(s):`);
+            result.errors.forEach((error, i) => {
+                console.error(`${i + 1}. ${error.text}`);
+                if (error.notes) {
+                    error.notes.forEach(note => {
+                        console.error(`   - ${note.text}`);
+                    });
+                }
+            });
+
+            // remove the output file if it was created
+            if (fs.existsSync(argv.out)) {
+                fs.unlinkSync(argv.out);
+            }
+
+            process.exit(1);
+        }
+
         console.log("Build completed successfully");
     })
     .catch((error) => {

install/Makefile

@@ -1,4 +1,5 @@
 all: update-versions go-build-release put-back
+dev-all: dev-update-versions dev-build dev-clean
 
 go-build-release:
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/installer_linux_amd64
@@ -11,6 +12,12 @@ clean:
 update-versions:
 	@echo "Fetching latest versions..."
 	cp main.go main.go.bak && \
+	$(MAKE) dev-update-versions
+
+put-back:
+	mv main.go.bak main.go
+
+dev-update-versions:
 	PANGOLIN_VERSION=$$(curl -s https://api.github.com/repos/fosrl/pangolin/tags | jq -r '.[0].name') && \
 	GERBIL_VERSION=$$(curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name') && \
 	BADGER_VERSION=$$(curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name') && \
@@ -20,5 +27,11 @@ update-versions:
 	sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"$$BADGER_VERSION\"/" main.go && \
 	echo "Updated main.go with latest versions"
 
-put-back:
-	mv main.go.bak main.go
+dev-build: go-build-release
+
+dev-clean:
+	@echo "Restoring version values ..."
+	sed -i "s/config.PangolinVersion = \".*\"/config.PangolinVersion = \"replaceme\"/" main.go && \
+	sed -i "s/config.GerbilVersion = \".*\"/config.GerbilVersion = \"replaceme\"/" main.go && \
+	sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"replaceme\"/" main.go
+	@echo "Restored version strings in main.go"

install/config.go

@@ -37,15 +37,28 @@ type DynamicConfig struct {
 	} `yaml:"http"`
 }
 
-// ConfigValues holds the extracted configuration values
-type ConfigValues struct {
+// TraefikConfigValues holds the extracted configuration values
+type TraefikConfigValues struct {
 	DashboardDomain  string
 	LetsEncryptEmail string
 	BadgerVersion    string
 }
 
+// AppConfig represents the app section of the config.yml
+type AppConfig struct {
+	App struct {
+		DashboardURL string `yaml:"dashboard_url"`
+		LogLevel     string `yaml:"log_level"`
+	} `yaml:"app"`
+}
+
+type AppConfigValues struct {
+	DashboardURL string
+	LogLevel     string
+}
+
 // ReadTraefikConfig reads and extracts values from Traefik configuration files
-func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues, error) {
+func ReadTraefikConfig(mainConfigPath string) (*TraefikConfigValues, error) {
 	// Read main config file
 	mainConfigData, err := os.ReadFile(mainConfigPath)
 	if err != nil {
@@ -57,48 +70,33 @@ func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues,
 		return nil, fmt.Errorf("error parsing main config file: %w", err)
 	}
 
-	// Read dynamic config file
-	dynamicConfigData, err := os.ReadFile(dynamicConfigPath)
-	if err != nil {
-		return nil, fmt.Errorf("error reading dynamic config file: %w", err)
-	}
-
-	var dynamicConfig DynamicConfig
-	if err := yaml.Unmarshal(dynamicConfigData, &dynamicConfig); err != nil {
-		return nil, fmt.Errorf("error parsing dynamic config file: %w", err)
-	}
-
 	// Extract values
-	values := &ConfigValues{
+	values := &TraefikConfigValues{
 		BadgerVersion:    mainConfig.Experimental.Plugins.Badger.Version,
 		LetsEncryptEmail: mainConfig.CertificatesResolvers.LetsEncrypt.Acme.Email,
 	}
 
-	// Extract DashboardDomain from router rules
-	// Look for it in the main router rules
-	for _, router := range dynamicConfig.HTTP.Routers {
-		if router.Rule != "" {
-			// Extract domain from Host(`mydomain.com`)
-			if domain := extractDomainFromRule(router.Rule); domain != "" {
-				values.DashboardDomain = domain
-				break
-			}
-		}
-	}
-
 	return values, nil
 }
 
-// extractDomainFromRule extracts the domain from a router rule
-func extractDomainFromRule(rule string) string {
-	// Look for the Host(`mydomain.com`) pattern
-	if start := findPattern(rule, "Host(`"); start != -1 {
-		end := findPattern(rule[start:], "`)")
-		if end != -1 {
-			return rule[start+6 : start+end]
-		}
+func ReadAppConfig(configPath string) (*AppConfigValues, error) {
+	// Read config file
+	configData, err := os.ReadFile(configPath)
+	if err != nil {
+		return nil, fmt.Errorf("error reading config file: %w", err)
 	}
-	return ""
+
+	var appConfig AppConfig
+	if err := yaml.Unmarshal(configData, &appConfig); err != nil {
+		return nil, fmt.Errorf("error parsing config file: %w", err)
+	}
+
+	values := &AppConfigValues{
+		DashboardURL: appConfig.App.DashboardURL,
+		LogLevel:     appConfig.App.LogLevel,
+	}
+
+	return values, nil
 }
 
 // findPattern finds the start of a pattern in a string

install/config/config.yml

@@ -1,9 +1,15 @@
 # To see all available options, please visit the docs:
-# https://docs.fossorial.io/Pangolin/Configuration/config
+# https://docs.pangolin.net/
+
+gerbil:
+    start_port: 51820
+    base_endpoint: "{{.DashboardDomain}}"
 
 app:
     dashboard_url: "https://{{.DashboardDomain}}"
     log_level: "info"
+    telemetry:
+        anonymous_usage: true
 
 domains:
     domain1:
@@ -17,15 +23,7 @@ server:
         methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
         allowed_headers: ["X-CSRF-Token", "Content-Type"]
         credentials: false
-
-gerbil:
-    start_port: 51820
-    base_endpoint: "{{.DashboardDomain}}"
-
-orgs:
-    block_size: 24
-    subnet_group: 100.89.138.0/20
-
+    {{if .EnableGeoblocking}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
 {{if .EnableEmail}}
 email:
     smtp_host: "{{.EmailSMTPHost}}"
@@ -34,7 +32,6 @@ email:
     smtp_pass: "{{.EmailSMTPPass}}"
     no_reply: "{{.EmailNoReply}}"
 {{end}}
-
 flags:
     require_email_verification: {{.EnableEmail}}
     disable_signup_without_invite: true

install/config/crowdsec/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   crowdsec:
-    image: crowdsecurity/crowdsec:latest
+    image: docker.io/crowdsecurity/crowdsec:latest
     container_name: crowdsec
     environment:
       GID: "1000"

install/config/crowdsec/profiles.yaml

@@ -1,4 +1,4 @@
-iame: captcha_remediation
+name: captcha_remediation
 filters:
   - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http"
 decisions:
@@ -22,4 +22,4 @@ filters:
 decisions:
  - type: ban
    duration: 4h
-on_success: break
+on_success: break

install/config/crowdsec/traefik_config.yml

@@ -16,7 +16,7 @@ experimental:
       version: "{{.BadgerVersion}}"
     crowdsec: # CrowdSec plugin configuration added
       moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
-      version: "v1.4.2"
+      version: "v1.4.4"
 
 log:
   level: "INFO"

install/config/docker-compose.yml

@@ -1,7 +1,7 @@
 name: pangolin
 services:
   pangolin:
-    image: fosrl/pangolin:{{.PangolinVersion}}
+    image: docker.io/fosrl/pangolin:{{.PangolinVersion}}
     container_name: pangolin
     restart: unless-stopped
     volumes:
@@ -13,17 +13,16 @@ services:
       retries: 15
 {{if .InstallGerbil}}
   gerbil:
-    image: fosrl/gerbil:{{.GerbilVersion}}
+    image: docker.io/fosrl/gerbil:{{.GerbilVersion}}
     container_name: gerbil
     restart: unless-stopped
     depends_on:
       pangolin:
         condition: service_healthy
     command:
-      - --reachableAt=http://gerbil:3003
+      - --reachableAt=http://gerbil:3004
       - --generateAndSaveKeyTo=/var/config/key
-      - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
-      - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
+      - --remoteConfig=http://pangolin:3001/api/v1/
     volumes:
       - ./config/:/var/config
     cap_add:
@@ -31,11 +30,12 @@ services:
       - SYS_MODULE
     ports:
       - 51820:51820/udp
-      - 443:443 # Port for traefik because of the network_mode
-      - 80:80 # Port for traefik because of the network_mode
+      - 21820:21820/udp
+      - 443:443
+      - 80:80
 {{end}}
   traefik:
-    image: traefik:v3.4.1
+    image: docker.io/traefik:v3.5
     container_name: traefik
     restart: unless-stopped
 {{if .InstallGerbil}}
@@ -59,3 +59,4 @@ networks:
   default:
     driver: bridge
     name: pangolin
+{{if .EnableIPv6}}    enable_ipv6: true{{end}}

install/config/traefik/traefik_config.yml

@@ -46,3 +46,6 @@ entryPoints:
 
 serversTransport:
   insecureSkipVerify: true
+
+ping:
+  entryPoint: "web"

install/containers.go

@@ -0,0 +1,332 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"os/exec"
+	"os/user"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+)
+
+func waitForContainer(containerName string, containerType SupportedContainer) error {
+	maxAttempts := 30
+	retryInterval := time.Second * 2
+
+	for attempt := 0; attempt < maxAttempts; attempt++ {
+		// Check if container is running
+		cmd := exec.Command(string(containerType), "container", "inspect", "-f", "{{.State.Running}}", containerName)
+		var out bytes.Buffer
+		cmd.Stdout = &out
+
+		if err := cmd.Run(); err != nil {
+			// If the container doesn't exist or there's another error, wait and retry
+			time.Sleep(retryInterval)
+			continue
+		}
+
+		isRunning := strings.TrimSpace(out.String()) == "true"
+		if isRunning {
+			return nil
+		}
+
+		// Container exists but isn't running yet, wait and retry
+		time.Sleep(retryInterval)
+	}
+
+	return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds()))
+}
+
+func installDocker() error {
+	// Detect Linux distribution
+	cmd := exec.Command("cat", "/etc/os-release")
+	output, err := cmd.Output()
+	if err != nil {
+		return fmt.Errorf("failed to detect Linux distribution: %v", err)
+	}
+	osRelease := string(output)
+
+	// Detect system architecture
+	archCmd := exec.Command("uname", "-m")
+	archOutput, err := archCmd.Output()
+	if err != nil {
+		return fmt.Errorf("failed to detect system architecture: %v", err)
+	}
+	arch := strings.TrimSpace(string(archOutput))
+
+	// Map architecture to Docker's architecture naming
+	var dockerArch string
+	switch arch {
+	case "x86_64":
+		dockerArch = "amd64"
+	case "aarch64":
+		dockerArch = "arm64"
+	default:
+		return fmt.Errorf("unsupported architecture: %s", arch)
+	}
+
+	var installCmd *exec.Cmd
+	switch {
+	case strings.Contains(osRelease, "ID=ubuntu"):
+		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
+			apt-get update &&
+			apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
+			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
+			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
+			apt-get update &&
+			apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+		`, dockerArch))
+	case strings.Contains(osRelease, "ID=debian"):
+		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
+			apt-get update &&
+			apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
+			curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
+			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
+			apt-get update &&
+			apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+		`, dockerArch))
+	case strings.Contains(osRelease, "ID=fedora"):
+		// Detect Fedora version to handle DNF 5 changes
+		versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'")
+		versionOutput, err := versionCmd.Output()
+		var fedoraVersion int
+		if err == nil {
+			if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil {
+				fedoraVersion = v
+			}
+		}
+
+		// Use appropriate DNF syntax based on version
+		var repoCmd string
+		if fedoraVersion >= 41 {
+			// DNF 5 syntax for Fedora 41+
+			repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo"
+		} else {
+			// DNF 4 syntax for Fedora < 41
+			repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo"
+		}
+
+		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
+			dnf -y install dnf-plugins-core &&
+			%s &&
+			dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+		`, repoCmd))
+	case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"):
+		installCmd = exec.Command("bash", "-c", `
+			zypper install -y docker docker-compose &&
+			systemctl enable docker
+		`)
+	case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"):
+		installCmd = exec.Command("bash", "-c", `
+			dnf remove -y runc &&
+			dnf -y install yum-utils &&
+			dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo &&
+			dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin &&
+			systemctl enable docker
+		`)
+	case strings.Contains(osRelease, "ID=amzn"):
+		installCmd = exec.Command("bash", "-c", `
+			yum update -y &&
+			yum install -y docker &&
+			systemctl enable docker &&
+			usermod -a -G docker ec2-user
+		`)
+	default:
+		return fmt.Errorf("unsupported Linux distribution")
+	}
+
+	installCmd.Stdout = os.Stdout
+	installCmd.Stderr = os.Stderr
+	return installCmd.Run()
+}
+
+func startDockerService() error {
+	if runtime.GOOS == "linux" {
+		cmd := exec.Command("systemctl", "enable", "--now", "docker")
+		cmd.Stdout = os.Stdout
+		cmd.Stderr = os.Stderr
+		return cmd.Run()
+	} else if runtime.GOOS == "darwin" {
+		// On macOS, Docker is usually started via the Docker Desktop application
+		fmt.Println("Please start Docker Desktop manually on macOS.")
+		return nil
+	}
+	return fmt.Errorf("unsupported operating system for starting Docker service")
+}
+
+func isDockerInstalled() bool {
+	return isContainerInstalled("docker")
+}
+
+func isPodmanInstalled() bool {
+	return isContainerInstalled("podman") && isContainerInstalled("podman-compose")
+}
+
+func isContainerInstalled(container string) bool {
+	cmd := exec.Command(container, "--version")
+	if err := cmd.Run(); err != nil {
+		return false
+	}
+	return true
+}
+
+func isUserInDockerGroup() bool {
+	if runtime.GOOS == "darwin" {
+		// Docker group is not applicable on macOS
+		// So we assume that the user can run Docker commands
+		return true
+	}
+
+	if os.Geteuid() == 0 {
+		return true // Root user can run Docker commands anyway
+	}
+
+	// Check if the current user is in the docker group
+	if dockerGroup, err := user.LookupGroup("docker"); err == nil {
+		if currentUser, err := user.Current(); err == nil {
+			if currentUserGroupIds, err := currentUser.GroupIds(); err == nil {
+				for _, groupId := range currentUserGroupIds {
+					if groupId == dockerGroup.Gid {
+						return true
+					}
+				}
+			}
+		}
+	}
+
+	// Eventually, if any of the checks fail, we assume the user cannot run Docker commands
+	return false
+}
+
+// isDockerRunning checks if the Docker daemon is running by using the `docker info` command.
+func isDockerRunning() bool {
+	cmd := exec.Command("docker", "info")
+	if err := cmd.Run(); err != nil {
+		return false
+	}
+	return true
+}
+
+// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied
+func executeDockerComposeCommandWithArgs(args ...string) error {
+	var cmd *exec.Cmd
+	var useNewStyle bool
+
+	if !isDockerInstalled() {
+		return fmt.Errorf("docker is not installed")
+	}
+
+	checkCmd := exec.Command("docker", "compose", "version")
+	if err := checkCmd.Run(); err == nil {
+		useNewStyle = true
+	} else {
+		checkCmd = exec.Command("docker-compose", "version")
+		if err := checkCmd.Run(); err == nil {
+			useNewStyle = false
+		} else {
+			return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available")
+		}
+	}
+
+	if useNewStyle {
+		cmd = exec.Command("docker", append([]string{"compose"}, args...)...)
+	} else {
+		cmd = exec.Command("docker-compose", args...)
+	}
+
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
+// pullContainers pulls the containers using the appropriate command.
+func pullContainers(containerType SupportedContainer) error {
+	fmt.Println("Pulling the container images...")
+	if containerType == Podman {
+		if err := run("podman-compose", "-f", "docker-compose.yml", "pull"); err != nil {
+			return fmt.Errorf("failed to pull the containers: %v", err)
+		}
+
+		return nil
+	}
+
+	if containerType == Docker {
+		if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil {
+			return fmt.Errorf("failed to pull the containers: %v", err)
+		}
+
+		return nil
+	}
+
+	return fmt.Errorf("Unsupported container type: %s", containerType)
+}
+
+// startContainers starts the containers using the appropriate command.
+func startContainers(containerType SupportedContainer) error {
+	fmt.Println("Starting containers...")
+
+	if containerType == Podman {
+		if err := run("podman-compose", "-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
+			return fmt.Errorf("failed start containers: %v", err)
+		}
+
+		return nil
+	}
+
+	if containerType == Docker {
+		if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
+			return fmt.Errorf("failed to start containers: %v", err)
+		}
+
+		return nil
+	}
+
+	return fmt.Errorf("Unsupported container type: %s", containerType)
+}
+
+// stopContainers stops the containers using the appropriate command.
+func stopContainers(containerType SupportedContainer) error {
+	fmt.Println("Stopping containers...")
+	if containerType == Podman {
+		if err := run("podman-compose", "-f", "docker-compose.yml", "down"); err != nil {
+			return fmt.Errorf("failed to stop containers: %v", err)
+		}
+
+		return nil
+	}
+
+	if containerType == Docker {
+		if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil {
+			return fmt.Errorf("failed to stop containers: %v", err)
+		}
+
+		return nil
+	}
+
+	return fmt.Errorf("Unsupported container type: %s", containerType)
+}
+
+// restartContainer restarts a specific container using the appropriate command.
+func restartContainer(container string, containerType SupportedContainer) error {
+	fmt.Println("Restarting containers...")
+	if containerType == Podman {
+		if err := run("podman-compose", "-f", "docker-compose.yml", "restart"); err != nil {
+			return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
+		}
+
+		return nil
+	}
+
+	if containerType == Docker {
+		if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil {
+			return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
+		}
+
+		return nil
+	}
+
+	return fmt.Errorf("Unsupported container type: %s", containerType)
+}

install/crowdsec.go

@@ -13,7 +13,7 @@ import (
 
 func installCrowdsec(config Config) error {
 
-	if err := stopContainers(); err != nil {
+	if err := stopContainers(config.InstallationContainerType); err != nil {
 		return fmt.Errorf("failed to stop containers: %v", err)
 	}
 
@@ -72,12 +72,12 @@ func installCrowdsec(config Config) error {
 		os.Exit(1)
 	}
 
-	if err := startContainers(); err != nil {
+	if err := startContainers(config.InstallationContainerType); err != nil {
 		return fmt.Errorf("failed to start containers: %v", err)
 	}
 
 	// get API key
-	apiKey, err := GetCrowdSecAPIKey()
+	apiKey, err := GetCrowdSecAPIKey(config.InstallationContainerType)
 	if err != nil {
 		return fmt.Errorf("failed to get API key: %v", err)
 	}
@@ -87,7 +87,7 @@ func installCrowdsec(config Config) error {
 		return fmt.Errorf("failed to replace bouncer key: %v", err)
 	}
 
-	if err := restartContainer("traefik"); err != nil {
+	if err := restartContainer("traefik", config.InstallationContainerType); err != nil {
 		return fmt.Errorf("failed to restart containers: %v", err)
 	}
 
@@ -110,9 +110,9 @@ func checkIsCrowdsecInstalledInCompose() bool {
 	return bytes.Contains(content, []byte("crowdsec:"))
 }
 
-func GetCrowdSecAPIKey() (string, error) {
+func GetCrowdSecAPIKey(containerType SupportedContainer) (string, error) {
 	// First, ensure the container is running
-	if err := waitForContainer("crowdsec"); err != nil {
+	if err := waitForContainer("crowdsec", containerType); err != nil {
 		return "", fmt.Errorf("waiting for container: %w", err)
 	}
 

install/get-installer.sh

@@ -0,0 +1,180 @@
+#!/bin/bash
+
+# Get installer - Cross-platform installation script
+# Usage: curl -fsSL https://raw.githubusercontent.com/fosrl/installer/refs/heads/main/get-installer.sh | bash
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# GitHub repository info
+REPO="fosrl/pangolin"
+GITHUB_API_URL="https://api.github.com/repos/${REPO}/releases/latest"
+
+# Function to print colored output
+print_status() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Function to get latest version from GitHub API
+get_latest_version() {
+    local latest_info
+    
+    if command -v curl >/dev/null 2>&1; then
+        latest_info=$(curl -fsSL "$GITHUB_API_URL" 2>/dev/null)
+    elif command -v wget >/dev/null 2>&1; then
+        latest_info=$(wget -qO- "$GITHUB_API_URL" 2>/dev/null)
+    else
+        print_error "Neither curl nor wget is available. Please install one of them." >&2
+        exit 1
+    fi
+    
+    if [ -z "$latest_info" ]; then
+        print_error "Failed to fetch latest version information" >&2
+        exit 1
+    fi
+    
+    # Extract version from JSON response (works without jq)
+    local version=$(echo "$latest_info" | grep '"tag_name"' | head -1 | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/')
+    
+    if [ -z "$version" ]; then
+        print_error "Could not parse version from GitHub API response" >&2
+        exit 1
+    fi
+    
+    # Remove 'v' prefix if present
+    version=$(echo "$version" | sed 's/^v//')
+    
+    echo "$version"
+}
+
+# Detect OS and architecture
+detect_platform() {
+    local os arch
+    
+    # Detect OS - only support Linux
+    case "$(uname -s)" in
+        Linux*)     os="linux" ;;
+        *)
+            print_error "Unsupported operating system: $(uname -s). Only Linux is supported."
+            exit 1
+            ;;
+    esac
+    
+    # Detect architecture - only support amd64 and arm64
+    case "$(uname -m)" in
+        x86_64|amd64)   arch="amd64" ;;
+        arm64|aarch64)  arch="arm64" ;;
+        *)
+            print_error "Unsupported architecture: $(uname -m). Only amd64 and arm64 are supported on Linux."
+            exit 1
+            ;;
+    esac
+    
+    echo "${os}_${arch}"
+}
+
+# Get installation directory
+get_install_dir() {
+    # Install to the current directory 
+    local install_dir="$(pwd)"
+    if [ ! -d "$install_dir" ]; then
+        print_error "Installation directory does not exist: $install_dir"
+        exit 1
+    fi
+    echo "$install_dir"
+}
+
+# Download and install installer
+install_installer() {
+    local platform="$1"
+    local install_dir="$2"
+    local binary_name="installer_${platform}"
+    
+    local download_url="${BASE_URL}/${binary_name}"
+    local temp_file="/tmp/installer"
+    local final_path="${install_dir}/installer"
+    
+    print_status "Downloading installer from ${download_url}"
+    
+    # Download the binary
+    if command -v curl >/dev/null 2>&1; then
+        curl -fsSL "$download_url" -o "$temp_file"
+    elif command -v wget >/dev/null 2>&1; then
+        wget -q "$download_url" -O "$temp_file"
+    else
+        print_error "Neither curl nor wget is available. Please install one of them."
+        exit 1
+    fi
+    
+    # Create install directory if it doesn't exist
+    mkdir -p "$install_dir"
+    
+    # Move binary to install directory
+    mv "$temp_file" "$final_path"
+    
+    # Make executable
+    chmod +x "$final_path"
+    
+    print_status "Installer downloaded to ${final_path}"
+}
+
+# Verify installation
+verify_installation() {
+    local install_dir="$1"
+    local installer_path="${install_dir}/installer"
+    
+    if [ -f "$installer_path" ] && [ -x "$installer_path" ]; then
+        print_status "Installation successful!"
+        return 0
+    else
+        print_error "Installation failed. Binary not found or not executable."
+        return 1
+    fi
+}
+
+# Main installation process
+main() {
+    print_status "Installing latest version of installer..."
+    
+    # Get latest version
+    print_status "Fetching latest version from GitHub..."
+    VERSION=$(get_latest_version)
+    print_status "Latest version: v${VERSION}"
+    
+    # Set base URL with the fetched version
+    BASE_URL="https://github.com/${REPO}/releases/download/${VERSION}"
+    
+    # Detect platform
+    PLATFORM=$(detect_platform)
+    print_status "Detected platform: ${PLATFORM}"
+    
+    # Get install directory
+    INSTALL_DIR=$(get_install_dir)
+    print_status "Install directory: ${INSTALL_DIR}"
+    
+    # Install installer
+    install_installer "$PLATFORM" "$INSTALL_DIR"
+    
+    # Verify installation
+    if verify_installation "$INSTALL_DIR"; then
+        print_status "Installer is ready to use!"
+    else
+        exit 1
+    fi
+}
+
+# Run main function
+main "$@"

install/go.mod

@@ -1,10 +1,10 @@
 module installer
 
-go 1.23.0
+go 1.24.0
 
 require (
-	golang.org/x/term v0.28.0
+	golang.org/x/term v0.36.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
-require golang.org/x/sys v0.29.0 // indirect
+require golang.org/x/sys v0.37.0 // indirect

install/go.sum

@@ -1,7 +1,7 @@
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

install/input.go

@@ -0,0 +1,74 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"strings"
+	"syscall"
+
+	"golang.org/x/term"
+)
+
+func readString(reader *bufio.Reader, prompt string, defaultValue string) string {
+	if defaultValue != "" {
+		fmt.Printf("%s (default: %s): ", prompt, defaultValue)
+	} else {
+		fmt.Print(prompt + ": ")
+	}
+	input, _ := reader.ReadString('\n')
+	input = strings.TrimSpace(input)
+	if input == "" {
+		return defaultValue
+	}
+	return input
+}
+
+func readStringNoDefault(reader *bufio.Reader, prompt string) string {
+	fmt.Print(prompt + ": ")
+	input, _ := reader.ReadString('\n')
+	return strings.TrimSpace(input)
+}
+
+func readPassword(prompt string, reader *bufio.Reader) string {
+	if term.IsTerminal(int(syscall.Stdin)) {
+		fmt.Print(prompt + ": ")
+		// Read password without echo if we're in a terminal
+		password, err := term.ReadPassword(int(syscall.Stdin))
+		fmt.Println() // Add a newline since ReadPassword doesn't add one
+		if err != nil {
+			return ""
+		}
+		input := strings.TrimSpace(string(password))
+		if input == "" {
+			return readPassword(prompt, reader)
+		}
+		return input
+	} else {
+		// Fallback to reading from stdin if not in a terminal
+		return readString(reader, prompt, "")
+	}
+}
+
+func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
+	defaultStr := "no"
+	if defaultValue {
+		defaultStr = "yes"
+	}
+	input := readString(reader, prompt+" (yes/no)", defaultStr)
+	return strings.ToLower(input) == "yes"
+}
+
+func readBoolNoDefault(reader *bufio.Reader, prompt string) bool {
+	input := readStringNoDefault(reader, prompt+" (yes/no)")
+	return strings.ToLower(input) == "yes"
+}
+
+func readInt(reader *bufio.Reader, prompt string, defaultValue int) int {
+	input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue))
+	if input == "" {
+		return defaultValue
+	}
+	value := defaultValue
+	fmt.Sscanf(input, "%d", &value)
+	return value
+}

install/input.txt

@@ -1,5 +1,7 @@
+docker
 example.com
 pangolin.example.com
+yes
 admin@example.com
 yes
 admin@example.com

install/main.go

@@ -2,24 +2,21 @@ package main
 
 import (
 	"bufio"
-	"bytes"
 	"embed"
 	"fmt"
 	"io"
 	"io/fs"
+	"math/rand"
+	"net"
+	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"runtime"
 	"strings"
-	"syscall"
 	"text/template"
 	"time"
-	"math/rand"
-	"strconv"
-
-	"golang.org/x/term"
 )
 
 // DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD
@@ -33,43 +30,60 @@ func loadVersions(config *Config) {
 var configFiles embed.FS
 
 type Config struct {
-	PangolinVersion            string
-	GerbilVersion              string
-	BadgerVersion              string
-	BaseDomain                 string
-	DashboardDomain            string
-	LetsEncryptEmail           string
-	EnableEmail                bool
-	EmailSMTPHost              string
-	EmailSMTPPort              int
-	EmailSMTPUser              string
-	EmailSMTPPass              string
-	EmailNoReply               string
-	InstallGerbil              bool
-	TraefikBouncerKey          string
-	DoCrowdsecInstall          bool
-	Secret                string
+	InstallationContainerType SupportedContainer
+	PangolinVersion           string
+	GerbilVersion             string
+	BadgerVersion             string
+	BaseDomain                string
+	DashboardDomain           string
+	EnableIPv6                bool
+	LetsEncryptEmail          string
+	EnableEmail               bool
+	EmailSMTPHost             string
+	EmailSMTPPort             int
+	EmailSMTPUser             string
+	EmailSMTPPass             string
+	EmailNoReply              string
+	InstallGerbil             bool
+	TraefikBouncerKey         string
+	DoCrowdsecInstall         bool
+	EnableGeoblocking         bool
+	Secret                    string
 }
 
-func main() {
-	reader := bufio.NewReader(os.Stdin)
+type SupportedContainer string
 
-	// check if docker is not installed and the user is root
-	if !isDockerInstalled() {
-		if os.Geteuid() != 0 {
-			fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.")
-			os.Exit(1)
+const (
+	Docker SupportedContainer = "docker"
+	Podman SupportedContainer = "podman"
+	Undefined SupportedContainer = "undefined"
+)
+
+func main() {
+
+	// print a banner about prerequisites - opening port 80, 443, 51820, and 21820 on the VPS and firewall and pointing your domain to the VPS IP with a records. Docs are at http://localhost:3000/Getting%20Started/dns-networking
+
+	fmt.Println("Welcome to the Pangolin installer!")
+	fmt.Println("This installer will help you set up Pangolin on your server.")
+	fmt.Println("\nPlease make sure you have the following prerequisites:")
+	fmt.Println("- Open TCP ports 80 and 443 and UDP ports 51820 and 21820 on your VPS and firewall.")
+	fmt.Println("\nLets get started!")
+
+	if os.Geteuid() == 0 { // WE NEED TO BE SUDO TO CHECK THIS
+		for _, p := range []int{80, 443} {
+			if err := checkPortsAvailable(p); err != nil {
+				fmt.Fprintln(os.Stderr, err)
+
+				fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly. If you already have the Pangolin stack running, shut them down before proceeding.\n")
+				os.Exit(1)
+			}
 		}
 	}
 
-	// check if the user is in the docker group (linux only)
-	if !isUserInDockerGroup() {
-		fmt.Println("You are not in the docker group.")
-		fmt.Println("The installer will not be able to run docker commands without running it as root.")
-		os.Exit(1)
-	}
+	reader := bufio.NewReader(os.Stdin)
 
 	var config Config
+	var alreadyInstalled = false
 
 	// check if there is already a config file
 	if _, err := os.Stat("config/config.yml"); err != nil {
@@ -79,6 +93,8 @@ func main() {
 		config.DoCrowdsecInstall = false
 		config.Secret = generateRandomSecretKey()
 
+		fmt.Println("\n=== Generating Configuration Files ===")
+
 		if err := createConfigFiles(config); err != nil {
 			fmt.Printf("Error creating config files: %v\n", err)
 			os.Exit(1)
@@ -86,50 +102,89 @@ func main() {
 
 		moveFile("config/docker-compose.yml", "docker-compose.yml")
 
-		if !isDockerInstalled() && runtime.GOOS == "linux" {
-			if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
-				installDocker()
-				// try to start docker service but ignore errors
-				if err := startDockerService(); err != nil {
-					fmt.Println("Error starting Docker service:", err)
-				} else {
-					fmt.Println("Docker service started successfully!")
-				}
-				// wait 10 seconds for docker to start checking if docker is running every 2 seconds
-				fmt.Println("Waiting for Docker to start...")
-				for i := 0; i < 5; i++ {
-					if isDockerRunning() {
-						fmt.Println("Docker is running!")
-						break
-					}
-					fmt.Println("Docker is not running yet, waiting...")
-					time.Sleep(2 * time.Second)
-				}
-				if !isDockerRunning() {
-					fmt.Println("Docker is still not running after 10 seconds. Please check the installation.")
-					os.Exit(1)
-				}
-				fmt.Println("Docker installed successfully!")
+		fmt.Println("\nConfiguration files created successfully!")
+
+		// Download MaxMind database if requested
+		if config.EnableGeoblocking {
+			fmt.Println("\n=== Downloading MaxMind Database ===")
+			if err := downloadMaxMindDatabase(); err != nil {
+				fmt.Printf("Error downloading MaxMind database: %v\n", err)
+				fmt.Println("You can download it manually later if needed.")
 			}
 		}
 
 		fmt.Println("\n=== Starting installation ===")
 
-		if isDockerInstalled() {
-			if readBool(reader, "Would you like to install and start the containers?", true) {
-				if err := pullContainers(); err != nil {
-					fmt.Println("Error: ", err)
-					return
-				}
+		if readBool(reader, "Would you like to install and start the containers?", true) {
 
-				if err := startContainers(); err != nil {
-					fmt.Println("Error: ", err)
-					return
+			config.InstallationContainerType = podmanOrDocker(reader)
+
+			if !isDockerInstalled() && runtime.GOOS == "linux" && config.InstallationContainerType == Docker {
+				if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
+					installDocker()
+					// try to start docker service but ignore errors
+					if err := startDockerService(); err != nil {
+						fmt.Println("Error starting Docker service:", err)
+					} else {
+						fmt.Println("Docker service started successfully!")
+					}
+					// wait 10 seconds for docker to start checking if docker is running every 2 seconds
+					fmt.Println("Waiting for Docker to start...")
+					for i := 0; i < 5; i++ {
+						if isDockerRunning() {
+							fmt.Println("Docker is running!")
+							break
+						}
+						fmt.Println("Docker is not running yet, waiting...")
+						time.Sleep(2 * time.Second)
+					}
+					if !isDockerRunning() {
+						fmt.Println("Docker is still not running after 10 seconds. Please check the installation.")
+						os.Exit(1)
+					}
+					fmt.Println("Docker installed successfully!")
 				}
 			}
+
+			if err := pullContainers(config.InstallationContainerType); err != nil {
+				fmt.Println("Error: ", err)
+				return
+			}
+
+			if err := startContainers(config.InstallationContainerType); err != nil {
+				fmt.Println("Error: ", err)
+				return
+			}
 		}
+
 	} else {
-		fmt.Println("Looks like you already installed, so I am going to do the setup...")
+		alreadyInstalled = true
+		fmt.Println("Looks like you already installed Pangolin!")
+		
+		// Check if MaxMind database exists and offer to update it
+		fmt.Println("\n=== MaxMind Database Update ===")
+		if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
+			fmt.Println("MaxMind GeoLite2 Country database found.")
+			if readBool(reader, "Would you like to update the MaxMind database to the latest version?", false) {
+				if err := downloadMaxMindDatabase(); err != nil {
+					fmt.Printf("Error updating MaxMind database: %v\n", err)
+					fmt.Println("You can try updating it manually later if needed.")
+				}
+			}
+		} else {
+			fmt.Println("MaxMind GeoLite2 Country database not found.")
+			if readBool(reader, "Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
+				if err := downloadMaxMindDatabase(); err != nil {
+					fmt.Printf("Error downloading MaxMind database: %v\n", err)
+					fmt.Println("You can try downloading it manually later if needed.")
+				}
+				// Now you need to update your config file accordingly to enable geoblocking
+				fmt.Println("Please remember to update your config/config.yml file to enable geoblocking! \n")
+				// add   maxmind_db_path: "./config/GeoLite2-Country.mmdb" under server
+				fmt.Println("Add the following line under the 'server' section:")
+				fmt.Println("  maxmind_db_path: \"./config/GeoLite2-Country.mmdb\"")
+			}
+		}
 	}
 
 	if !checkIsCrowdsecInstalledInCompose() {
@@ -137,14 +192,28 @@ func main() {
 		// check if crowdsec is installed
 		if readBool(reader, "Would you like to install CrowdSec?", false) {
 			fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.")
+
+			// BUG: crowdsec installation will be skipped if the user chooses to install on the first installation.
 			if readBool(reader, "Are you willing to manage CrowdSec?", false) {
 				if config.DashboardDomain == "" {
-					traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml", "config/traefik/dynamic_config.yml")
+					traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml")
 					if err != nil {
 						fmt.Printf("Error reading config: %v\n", err)
 						return
 					}
-					config.DashboardDomain = traefikConfig.DashboardDomain
+					appConfig, err := ReadAppConfig("config/config.yml")
+					if err != nil {
+						fmt.Printf("Error reading config: %v\n", err)
+						return
+					}
+
+					parsedURL, err := url.Parse(appConfig.DashboardURL)
+					if err != nil {
+                        fmt.Printf("Error parsing URL: %v\n", err)
+                        return
+					}
+
+					config.DashboardDomain = parsedURL.Hostname()
 					config.LetsEncryptEmail = traefikConfig.LetsEncryptEmail
 					config.BadgerVersion = traefikConfig.BadgerVersion
 
@@ -159,67 +228,110 @@ func main() {
 					}
 				}
 
+				config.InstallationContainerType = podmanOrDocker(reader)
+
 				config.DoCrowdsecInstall = true
-				installCrowdsec(config)
+				err := installCrowdsec(config)
+				if err != nil {
+					fmt.Printf("Error installing CrowdSec: %v\n", err)
+					return
+				}
+
+				fmt.Println("CrowdSec installed successfully!")
+				return
 			}
 		}
 	}
 
-	fmt.Println("Installation complete!")
+	if !alreadyInstalled {
+		// Setup Token Section
+		fmt.Println("\n=== Setup Token ===")
+
+		// Check if containers were started during this installation
+		containersStarted := false
+		if (isDockerInstalled() && config.InstallationContainerType == Docker) ||
+			(isPodmanInstalled() && config.InstallationContainerType == Podman) {
+			// Try to fetch and display the token if containers are running
+			containersStarted = true
+			printSetupToken(config.InstallationContainerType, config.DashboardDomain)
+		}
+
+		// If containers weren't started or token wasn't found, show instructions
+		if !containersStarted {
+			showSetupTokenInstructions(config.InstallationContainerType, config.DashboardDomain)
+		}
+	}
+
+	fmt.Println("\nInstallation complete!")
+
 	fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
 }
 
-func readString(reader *bufio.Reader, prompt string, defaultValue string) string {
-	if defaultValue != "" {
-		fmt.Printf("%s (default: %s): ", prompt, defaultValue)
+func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
+	inputContainer := readString(reader, "Would you like to run Pangolin as Docker or Podman containers?", "docker")
+
+	chosenContainer := Docker
+	if strings.EqualFold(inputContainer, "docker") {
+		chosenContainer = Docker
+	} else if strings.EqualFold(inputContainer, "podman") {
+		chosenContainer = Podman
 	} else {
-		fmt.Print(prompt + ": ")
+		fmt.Printf("Unrecognized container type: %s. Valid options are 'docker' or 'podman'.\n", inputContainer)
+		os.Exit(1)
 	}
-	input, _ := reader.ReadString('\n')
-	input = strings.TrimSpace(input)
-	if input == "" {
-		return defaultValue
-	}
-	return input
-}
 
-func readPassword(prompt string, reader *bufio.Reader) string {
-	if term.IsTerminal(int(syscall.Stdin)) {
-		fmt.Print(prompt + ": ")
-		// Read password without echo if we're in a terminal
-		password, err := term.ReadPassword(int(syscall.Stdin))
-		fmt.Println() // Add a newline since ReadPassword doesn't add one
-		if err != nil {
-			return ""
+	if chosenContainer == Podman {
+		if !isPodmanInstalled() {
+			fmt.Println("Podman or podman-compose is not installed. Please install both manually. Automated installation will be available in a later release.")
+			os.Exit(1)
 		}
-		input := strings.TrimSpace(string(password))
-		if input == "" {
-			return readPassword(prompt, reader)
+
+		if err := exec.Command("bash", "-c", "cat /etc/sysctl.conf | grep 'net.ipv4.ip_unprivileged_port_start='").Run(); err != nil {
+			fmt.Println("Would you like to configure ports >= 80 as unprivileged ports? This enables podman containers to listen on low-range ports.")
+			fmt.Println("Pangolin will experience startup issues if this is not configured, because it needs to listen on port 80/443 by default.")
+			approved := readBool(reader, "The installer is about to execute \"echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf && sysctl -p\". Approve?", true)
+			if approved {
+				if os.Geteuid() != 0 {
+					fmt.Println("You need to run the installer as root for such a configuration.")
+					os.Exit(1)
+				}
+
+				// Podman containers are not able to listen on privileged ports. The official recommendation is to
+				// container low-range ports as unprivileged ports.
+				// Linux only.
+
+				if err := run("bash", "-c", "echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf && sysctl -p"); err != nil {
+					fmt.Sprintf("failed to configure unprivileged ports: %v.\n", err)
+					os.Exit(1)
+				}
+			} else {
+				fmt.Println("You need to configure port forwarding or adjust the listening ports before running pangolin.")
+			}
+		} else {
+			fmt.Println("Unprivileged ports have been configured.")
+		}
+
+	} else if chosenContainer == Docker {
+		// check if docker is not installed and the user is root
+		if !isDockerInstalled() {
+			if os.Geteuid() != 0 {
+				fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.")
+				os.Exit(1)
+			}
+		}
+
+		// check if the user is in the docker group (linux only)
+		if !isUserInDockerGroup() {
+			fmt.Println("You are not in the docker group.")
+			fmt.Println("The installer will not be able to run docker commands without running it as root.")
+			os.Exit(1)
 		}
-		return input
 	} else {
-		// Fallback to reading from stdin if not in a terminal
-		return readString(reader, prompt, "")
+		// This shouldn't happen unless there's a third container runtime.
+		os.Exit(1)
 	}
-}
 
-func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
-	defaultStr := "no"
-	if defaultValue {
-		defaultStr = "yes"
-	}
-	input := readString(reader, prompt+" (yes/no)", defaultStr)
-	return strings.ToLower(input) == "yes"
-}
-
-func readInt(reader *bufio.Reader, prompt string, defaultValue int) int {
-	input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue))
-	if input == "" {
-		return defaultValue
-	}
-	value := defaultValue
-	fmt.Sscanf(input, "%d", &value)
-	return value
+	return chosenContainer
 }
 
 func collectUserInput(reader *bufio.Reader) Config {
@@ -227,8 +339,15 @@ func collectUserInput(reader *bufio.Reader) Config {
 
 	// Basic configuration
 	fmt.Println("\n=== Basic Configuration ===")
+
 	config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
-	config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain)
+
+	// Set default dashboard domain after base domain is collected
+	defaultDashboardDomain := ""
+	if config.BaseDomain != "" {
+		defaultDashboardDomain = "pangolin." + config.BaseDomain
+	}
+	config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
 	config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
 	config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
 
@@ -240,7 +359,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 		config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
 		config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
 		config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
-		config.EmailSMTPPass = readString(reader, "Enter SMTP password", "")
+		config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
 		config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
 	}
 
@@ -249,15 +368,23 @@ func collectUserInput(reader *bufio.Reader) Config {
 		fmt.Println("Error: Domain name is required")
 		os.Exit(1)
 	}
-	if config.DashboardDomain == "" {
-		fmt.Println("Error: Dashboard Domain name is required")
-		os.Exit(1)
-	}
 	if config.LetsEncryptEmail == "" {
 		fmt.Println("Error: Let's Encrypt email is required")
 		os.Exit(1)
 	}
 
+	// Advanced configuration
+
+	fmt.Println("\n=== Advanced Configuration ===")
+
+	config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true)
+	config.EnableGeoblocking = readBool(reader, "Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", false)
+
+	if config.DashboardDomain == "" {
+		fmt.Println("Error: Dashboard Domain name is required")
+		os.Exit(1)
+	}
+
 	return config
 }
 
@@ -330,7 +457,6 @@ func createConfigFiles(config Config) error {
 
 		return nil
 	})
-
 	if err != nil {
 		return fmt.Errorf("error walking config files: %v", err)
 	}
@@ -338,243 +464,6 @@ func createConfigFiles(config Config) error {
 	return nil
 }
 
-func installDocker() error {
-	// Detect Linux distribution
-	cmd := exec.Command("cat", "/etc/os-release")
-	output, err := cmd.Output()
-	if err != nil {
-		return fmt.Errorf("failed to detect Linux distribution: %v", err)
-	}
-	osRelease := string(output)
-
-	// Detect system architecture
-	archCmd := exec.Command("uname", "-m")
-	archOutput, err := archCmd.Output()
-	if err != nil {
-		return fmt.Errorf("failed to detect system architecture: %v", err)
-	}
-	arch := strings.TrimSpace(string(archOutput))
-
-	// Map architecture to Docker's architecture naming
-	var dockerArch string
-	switch arch {
-	case "x86_64":
-		dockerArch = "amd64"
-	case "aarch64":
-		dockerArch = "arm64"
-	default:
-		return fmt.Errorf("unsupported architecture: %s", arch)
-	}
-
-	var installCmd *exec.Cmd
-	switch {
-	case strings.Contains(osRelease, "ID=ubuntu"):
-		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
-			apt-get update &&
-			apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
-			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
-			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
-			apt-get update &&
-			apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
-		`, dockerArch))
-	case strings.Contains(osRelease, "ID=debian"):
-		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
-			apt-get update &&
-			apt-get install -y apt-transport-https ca-certificates curl software-properties-common &&
-			curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
-			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
-			apt-get update &&
-			apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
-		`, dockerArch))
-	case strings.Contains(osRelease, "ID=fedora"):
-		// Detect Fedora version to handle DNF 5 changes
-		versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'")
-		versionOutput, err := versionCmd.Output()
-		var fedoraVersion int
-		if err == nil {
-			if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil {
-				fedoraVersion = v
-			}
-		}
-
-		// Use appropriate DNF syntax based on version
-		var repoCmd string
-		if fedoraVersion >= 41 {
-			// DNF 5 syntax for Fedora 41+
-			repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo"
-		} else {
-			// DNF 4 syntax for Fedora < 41
-			repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo"
-		}
-
-		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
-			dnf -y install dnf-plugins-core &&
-			%s &&
-			dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
-		`, repoCmd))
-	case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"):
-		installCmd = exec.Command("bash", "-c", `
-			zypper install -y docker docker-compose &&
-			systemctl enable docker
-		`)
-	case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"):
-		installCmd = exec.Command("bash", "-c", `
-			dnf remove -y runc &&
-			dnf -y install yum-utils &&
-			dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo &&
-			dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin &&
-			systemctl enable docker
-		`)
-	case strings.Contains(osRelease, "ID=amzn"):
-		installCmd = exec.Command("bash", "-c", `
-			yum update -y &&
-			yum install -y docker &&
-			systemctl enable docker &&
-			usermod -a -G docker ec2-user
-		`)
-	default:
-		return fmt.Errorf("unsupported Linux distribution")
-	}
-
-	installCmd.Stdout = os.Stdout
-	installCmd.Stderr = os.Stderr
-	return installCmd.Run()
-}
-
-func startDockerService() error {
-	if runtime.GOOS == "linux" {
-		cmd := exec.Command("systemctl", "enable", "--now", "docker")
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-		return cmd.Run()
-	} else if runtime.GOOS == "darwin" {
-		// On macOS, Docker is usually started via the Docker Desktop application
-		fmt.Println("Please start Docker Desktop manually on macOS.")
-		return nil
-	}
-	return fmt.Errorf("unsupported operating system for starting Docker service")
-}
-
-func isDockerInstalled() bool {
-	cmd := exec.Command("docker", "--version")
-	if err := cmd.Run(); err != nil {
-		return false
-	}
-	return true
-}
-
-func isUserInDockerGroup() bool {
-	if runtime.GOOS == "darwin" {
-		// Docker group is not applicable on macOS
-		// So we assume that the user can run Docker commands
-		return true
-	}
-
-	if os.Geteuid() == 0 {
-		return true // Root user can run Docker commands anyway
-	}
-
-	// Check if the current user is in the docker group
-	if dockerGroup, err := user.LookupGroup("docker"); err == nil {
-		if currentUser, err := user.Current(); err == nil {
-			if currentUserGroupIds, err := currentUser.GroupIds(); err == nil {
-				for _, groupId := range currentUserGroupIds {
-					if groupId == dockerGroup.Gid {
-						return true
-					}
-				}
-			}
-		}
-	}
-
-	// Eventually, if any of the checks fail, we assume the user cannot run Docker commands
-	return false
-}
-
-// isDockerRunning checks if the Docker daemon is running by using the `docker info` command.
-func isDockerRunning() bool {
-	cmd := exec.Command("docker", "info")
-	if err := cmd.Run(); err != nil {
-		return false
-	}
-	return true
-}
-
-// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied
-func executeDockerComposeCommandWithArgs(args ...string) error {
-	var cmd *exec.Cmd
-	var useNewStyle bool
-
-	if !isDockerInstalled() {
-		return fmt.Errorf("docker is not installed")
-	}
-
-	checkCmd := exec.Command("docker", "compose", "version")
-	if err := checkCmd.Run(); err == nil {
-		useNewStyle = true
-	} else {
-		checkCmd = exec.Command("docker-compose", "version")
-		if err := checkCmd.Run(); err == nil {
-			useNewStyle = false
-		} else {
-			return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available")
-		}
-	}
-
-	if useNewStyle {
-		cmd = exec.Command("docker", append([]string{"compose"}, args...)...)
-	} else {
-		cmd = exec.Command("docker-compose", args...)
-	}
-
-    cmd.Stdout = os.Stdout
-    cmd.Stderr = os.Stderr
-    return cmd.Run()
-}
-
-// pullContainers pulls the containers using the appropriate command.
-func pullContainers() error {
-	fmt.Println("Pulling the container images...")
-
-	if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil {
-		return fmt.Errorf("failed to pull the containers: %v", err)
-	}
-
-	return nil
-}
-
-// startContainers starts the containers using the appropriate command.
-func startContainers() error {
-	fmt.Println("Starting containers...")
-	if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil {
-		return fmt.Errorf("failed to start containers: %v", err)
-	}
-
-	return nil
-}
-
-// stopContainers stops the containers using the appropriate command.
-func stopContainers() error {
-	fmt.Println("Stopping containers...")
-
-	if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil {
-		return fmt.Errorf("failed to stop containers: %v", err)
-	}
-
-	return nil
-}
-
-// restartContainer restarts a specific container using the appropriate command.
-func restartContainer(container string) error {
-	fmt.Println("Restarting containers...")
-
-	if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil {
-		return fmt.Errorf("failed to stop the container \"%s\": %v", container, err)
-	}
-
-	return nil
-}
-
 func copyFile(src, dst string) error {
 	source, err := os.Open(src)
 	if err != nil {
@@ -600,32 +489,91 @@ func moveFile(src, dst string) error {
 	return os.Remove(src)
 }
 
-func waitForContainer(containerName string) error {
-	maxAttempts := 30
-	retryInterval := time.Second * 2
+func printSetupToken(containerType SupportedContainer, dashboardDomain string) {
+	fmt.Println("Waiting for Pangolin to generate setup token...")
 
-	for attempt := 0; attempt < maxAttempts; attempt++ {
-		// Check if container is running
-		cmd := exec.Command("docker", "container", "inspect", "-f", "{{.State.Running}}", containerName)
-		var out bytes.Buffer
-		cmd.Stdout = &out
-
-		if err := cmd.Run(); err != nil {
-			// If the container doesn't exist or there's another error, wait and retry
-			time.Sleep(retryInterval)
-			continue
-		}
-
-		isRunning := strings.TrimSpace(out.String()) == "true"
-		if isRunning {
-			return nil
-		}
-
-		// Container exists but isn't running yet, wait and retry
-		time.Sleep(retryInterval)
+	// Wait for Pangolin to be healthy
+	if err := waitForContainer("pangolin", containerType); err != nil {
+		fmt.Println("Warning: Pangolin container did not become healthy in time.")
+		return
 	}
 
-	return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds()))
+	// Give a moment for the setup token to be generated
+	time.Sleep(2 * time.Second)
+
+	// Fetch logs
+	var cmd *exec.Cmd
+	if containerType == Docker {
+		cmd = exec.Command("docker", "logs", "pangolin")
+	} else {
+		cmd = exec.Command("podman", "logs", "pangolin")
+	}
+	output, err := cmd.Output()
+	if err != nil {
+		fmt.Println("Warning: Could not fetch Pangolin logs to find setup token.")
+		return
+	}
+
+	// Parse for setup token
+	lines := strings.Split(string(output), "\n")
+	for i, line := range lines {
+		if strings.Contains(line, "=== SETUP TOKEN GENERATED ===") || strings.Contains(line, "=== SETUP TOKEN EXISTS ===") {
+			// Look for "Token: ..." in the next few lines
+			for j := i + 1; j < i+5 && j < len(lines); j++ {
+				trimmedLine := strings.TrimSpace(lines[j])
+				if strings.Contains(trimmedLine, "Token:") {
+					// Extract token after "Token:"
+					tokenStart := strings.Index(trimmedLine, "Token:")
+					if tokenStart != -1 {
+						token := strings.TrimSpace(trimmedLine[tokenStart+6:])
+						fmt.Printf("Setup token: %s\n", token)
+						fmt.Println("")
+						fmt.Println("This token is required to register the first admin account in the web UI at:")
+						fmt.Printf("https://%s/auth/initial-setup\n", dashboardDomain)
+						fmt.Println("")
+						fmt.Println("Save this token securely. It will be invalid after the first admin is created.")
+						return
+					}
+				}
+			}
+		}
+	}
+	fmt.Println("Warning: Could not find a setup token in Pangolin logs.")
+}
+
+func showSetupTokenInstructions(containerType SupportedContainer, dashboardDomain string) {
+	fmt.Println("\n=== Setup Token Instructions ===")
+	fmt.Println("To get your setup token, you need to:")
+	fmt.Println("")
+	fmt.Println("1. Start the containers")
+	if containerType == Docker {
+		fmt.Println("   docker compose up -d")
+	} else if containerType == Podman {
+		fmt.Println("   podman-compose up -d")
+	} else {
+	}
+	fmt.Println("")
+	fmt.Println("2. Wait for the Pangolin container to start and generate the token")
+	fmt.Println("")
+	fmt.Println("3. Check the container logs for the setup token")
+	if containerType == Docker {
+		fmt.Println("   docker logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
+	} else if containerType == Podman {
+		fmt.Println("   podman logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
+	} else {
+	}
+	fmt.Println("")
+	fmt.Println("4. Look for output like")
+	fmt.Println("   === SETUP TOKEN GENERATED ===")
+	fmt.Println("   Token: [your-token-here]")
+	fmt.Println("   Use this token on the initial setup page")
+	fmt.Println("")
+	fmt.Println("5. Use the token to complete initial setup at")
+	fmt.Printf("   https://%s/auth/initial-setup\n", dashboardDomain)
+	fmt.Println("")
+	fmt.Println("The setup token is required to register the first admin account.")
+	fmt.Println("Save it securely - it will be invalid after the first admin is created.")
+	fmt.Println("================================")
 }
 
 func generateRandomSecretKey() string {
@@ -641,3 +589,83 @@ func generateRandomSecretKey() string {
 	}
 	return string(b)
 }
+
+func getPublicIP() string {
+	client := &http.Client{
+		Timeout: 10 * time.Second,
+	}
+
+	resp, err := client.Get("https://ifconfig.io/ip")
+	if err != nil {
+		return ""
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return ""
+	}
+
+	ip := strings.TrimSpace(string(body))
+
+	// Validate that it's a valid IP address
+	if net.ParseIP(ip) != nil {
+		return ip
+	}
+
+	return ""
+}
+
+// Run external commands with stdio/stderr attached.
+func run(name string, args ...string) error {
+	cmd := exec.Command(name, args...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
+func checkPortsAvailable(port int) error {
+	addr := fmt.Sprintf(":%d", port)
+	ln, err := net.Listen("tcp", addr)
+	if err != nil {
+		return fmt.Errorf(
+			"ERROR: port %d is occupied or cannot be bound: %w\n\n",
+			port, err,
+		)
+	}
+	if closeErr := ln.Close(); closeErr != nil {
+		fmt.Fprintf(os.Stderr,
+			"WARNING: failed to close test listener on port %d: %v\n",
+			port, closeErr,
+		)
+	}
+	return nil
+}
+
+func downloadMaxMindDatabase() error {
+	fmt.Println("Downloading MaxMind GeoLite2 Country database...")
+	
+	// Download the GeoLite2 Country database
+	if err := run("curl", "-L", "-o", "GeoLite2-Country.tar.gz", 
+		"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-Country.tar.gz"); err != nil {
+		return fmt.Errorf("failed to download GeoLite2 database: %v", err)
+	}
+	
+	// Extract the database
+	if err := run("tar", "-xzf", "GeoLite2-Country.tar.gz"); err != nil {
+		return fmt.Errorf("failed to extract GeoLite2 database: %v", err)
+	}
+	
+	// Find the .mmdb file and move it to the config directory
+	if err := run("bash", "-c", "mv GeoLite2-Country_*/GeoLite2-Country.mmdb config/"); err != nil {
+		return fmt.Errorf("failed to move GeoLite2 database to config directory: %v", err)
+	}
+	
+	// Clean up the downloaded files
+	if err := run("rm", "-rf", "GeoLite2-Country.tar.gz", "GeoLite2-Country_*"); err != nil {
+		fmt.Printf("Warning: failed to clean up temporary files: %v\n", err)
+	}
+	
+	fmt.Println("MaxMind GeoLite2 Country database downloaded successfully!")
+	return nil
+}

messages/en-US.json

@@ -47,9 +47,8 @@
     "edit": "Edit",
     "siteConfirmDelete": "Confirm Delete Site",
     "siteDelete": "Delete Site",
-    "siteMessageRemove": "Once removed, the site will no longer be accessible. All resources and targets associated with the site will also be removed.",
-    "siteMessageConfirm": "To confirm, please type the name of the site below.",
-    "siteQuestionRemove": "Are you sure you want to remove the site {selectedSite} from the organization?",
+    "siteMessageRemove": "Once removed the site will no longer be accessible. All targets associated with the site will also be removed.",
+    "siteQuestionRemove": "Are you sure you want to remove the site from the organization?",
     "siteManageSites": "Manage Sites",
     "siteDescription": "Allow connectivity to your network through secure tunnels",
     "siteCreate": "Create Site",
@@ -59,7 +58,6 @@
     "siteErrorCreate": "Error creating site",
     "siteErrorCreateKeyPair": "Key pair or site defaults not found",
     "siteErrorCreateDefaults": "Site defaults not found",
-    "siteNameDescription": "This is the display name for the site.",
     "method": "Method",
     "siteMethodDescription": "This is how you will expose connections.",
     "siteLearnNewt": "Learn how to install Newt on your system",
@@ -95,7 +93,9 @@
     "siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.",
     "siteWg": "Basic WireGuard",
     "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
+    "siteWgDescriptionSaas": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
     "siteLocalDescription": "Local resources only. No tunneling.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "See All Sites",
     "siteTunnelDescription": "Determine how you want to connect to your site",
     "siteNewtCredentials": "Newt Credentials",
@@ -153,12 +153,11 @@
     "protected": "Protected",
     "notProtected": "Not Protected",
     "resourceMessageRemove": "Once removed, the resource will no longer be accessible. All targets associated with the resource will also be removed.",
-    "resourceMessageConfirm": "To confirm, please type the name of the resource below.",
-    "resourceQuestionRemove": "Are you sure you want to remove the resource {selectedResource} from the organization?",
+    "resourceQuestionRemove": "Are you sure you want to remove the resource from the organization?",
     "resourceHTTP": "HTTPS Resource",
     "resourceHTTPDescription": "Proxy requests to your app over HTTPS using a subdomain or base domain.",
     "resourceRaw": "Raw TCP/UDP Resource",
-    "resourceRawDescription": "Proxy requests to your app over TCP/UDP using a port number.",
+    "resourceRawDescription": "Proxy requests to your app over TCP/UDP using a port number. This only works when sites are connected to nodes.",
     "resourceCreate": "Create Resource",
     "resourceCreateDescription": "Follow the steps below to create a new resource",
     "resourceSeeAll": "See All Resources",
@@ -167,7 +166,10 @@
     "siteSelect": "Select site",
     "siteSearch": "Search site",
     "siteNotFound": "No site found.",
-    "siteSelectionDescription": "This site will provide connectivity to the resource.",
+    "selectCountry": "Select country",
+    "searchCountries": "Search countries...",
+    "noCountryFound": "No country found.",
+    "siteSelectionDescription": "This site will provide connectivity to the target.",
     "resourceType": "Resource Type",
     "resourceTypeDescription": "Determine how you want to access your resource",
     "resourceHTTPSSettings": "HTTPS Settings",
@@ -198,11 +200,13 @@
     "general": "General",
     "generalSettings": "General Settings",
     "proxy": "Proxy",
+    "internal": "Internal",
     "rules": "Rules",
     "resourceSettingDescription": "Configure the settings on your resource",
     "resourceSetting": "{resourceName} Settings",
     "alwaysAllow": "Always Allow",
     "alwaysDeny": "Always Deny",
+    "passToAuth": "Pass to Auth",
     "orgSettingsDescription": "Configure your organization's general settings",
     "orgGeneralSettings": "Organization Settings",
     "orgGeneralSettingsDescription": "Manage your organization details and configuration",
@@ -214,7 +218,7 @@
     "orgDeleteConfirm": "Confirm Delete Organization",
     "orgMessageRemove": "This action is irreversible and will delete all associated data.",
     "orgMessageConfirm": "To confirm, please type the name of the organization below.",
-    "orgQuestionRemove": "Are you sure you want to remove the organization {selectedOrg}?",
+    "orgQuestionRemove": "Are you sure you want to remove the organization?",
     "orgUpdated": "Organization updated",
     "orgUpdatedDescription": "The organization has been updated.",
     "orgErrorUpdate": "Failed to update organization",
@@ -281,9 +285,8 @@
     "apiKeysAdd": "Generate API Key",
     "apiKeysErrorDelete": "Error deleting API key",
     "apiKeysErrorDeleteMessage": "Error deleting API key",
-    "apiKeysQuestionRemove": "Are you sure you want to remove the API key {selectedApiKey} from the organization?",
+    "apiKeysQuestionRemove": "Are you sure you want to remove the API key from the organization?",
     "apiKeysMessageRemove": "Once removed, the API key will no longer be able to be used.",
-    "apiKeysMessageConfirm": "To confirm, please type the name of the API key below.",
     "apiKeysDeleteConfirm": "Confirm Delete API Key",
     "apiKeysDelete": "Delete API Key",
     "apiKeysManage": "Manage API Keys",
@@ -299,8 +302,7 @@
     "userDeleteConfirm": "Confirm Delete User",
     "userDeleteServer": "Delete User from Server",
     "userMessageRemove": "The user will be removed from all organizations and be completely removed from the server.",
-    "userMessageConfirm": "To confirm, please type the name of the user below.",
-    "userQuestionRemove": "Are you sure you want to permanently delete {selectedUser} from the server?",
+    "userQuestionRemove": "Are you sure you want to permanently delete user from the server?",
     "licenseKey": "License Key",
     "valid": "Valid",
     "numberOfSites": "Number of Sites",
@@ -333,7 +335,7 @@
     "fossorialLicense": "View Fossorial Commercial License & Subscription Terms",
     "licenseMessageRemove": "This will remove the license key and all associated permissions granted by it.",
     "licenseMessageConfirm": "To confirm, please type the license key below.",
-    "licenseQuestionRemove": "Are you sure you want to delete the license key {selectedKey} ?",
+    "licenseQuestionRemove": "Are you sure you want to delete the license key ?",
     "licenseKeyDelete": "Delete License Key",
     "licenseKeyDeleteConfirm": "Confirm Delete License Key",
     "licenseTitle": "Manage License Status",
@@ -366,7 +368,7 @@
     "inviteRemoveErrorDescription": "An error occurred while removing the invitation.",
     "inviteRemoved": "Invitation removed",
     "inviteRemovedDescription": "The invitation for {email} has been removed.",
-    "inviteQuestionRemove": "Are you sure you want to remove the invitation {email}?",
+    "inviteQuestionRemove": "Are you sure you want to remove the invitation?",
     "inviteMessageRemove": "Once removed, this invitation will no longer be valid. You can always re-invite the user later.",
     "inviteMessageConfirm": "To confirm, please type the email address of the invitation below.",
     "inviteQuestionRegenerate": "Are you sure you want to regenerate the invitation for {email}? This will revoke the previous invitation.",
@@ -392,9 +394,8 @@
     "userErrorOrgRemoveDescription": "An error occurred while removing the user.",
     "userOrgRemoved": "User removed",
     "userOrgRemovedDescription": "The user {email} has been removed from the organization.",
-    "userQuestionOrgRemove": "Are you sure you want to remove {email} from the organization?",
+    "userQuestionOrgRemove": "Are you sure you want to remove this user from the organization?",
     "userMessageOrgRemove": "Once removed, this user will no longer have access to the organization. You can always re-invite them later, but they will need to accept the invitation again.",
-    "userMessageOrgConfirm": "To confirm, please type the name of the of the user below.",
     "userRemoveOrgConfirm": "Confirm Remove User",
     "userRemoveOrg": "Remove User from Organization",
     "users": "Users",
@@ -451,6 +452,8 @@
     "accessRoleErrorAddDescription": "An error occurred while adding user to the role.",
     "userSaved": "User saved",
     "userSavedDescription": "The user has been updated.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Manage what this user can access and do in the organization",
     "accessControlsSubmit": "Save Access Controls",
     "roles": "Roles",
@@ -460,7 +463,10 @@
     "createdAt": "Created At",
     "proxyErrorInvalidHeader": "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header.",
     "proxyErrorTls": "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name.",
-    "proxyEnableSSL": "Enable SSL (https)",
+    "proxyEnableSSL": "Enable SSL",
+    "proxyEnableSSLDescription": "Enable SSL/TLS encryption for secure HTTPS connections to your targets.",
+    "target": "Target",
+    "configureTarget": "Configure Targets",
     "targetErrorFetch": "Failed to fetch targets",
     "targetErrorFetchDescription": "An error occurred while fetching targets",
     "siteErrorFetch": "Failed to fetch resource",
@@ -487,18 +493,30 @@
     "targetTlsSettings": "Secure Connection Configuration",
     "targetTlsSettingsDescription": "Configure SSL/TLS settings for your resource",
     "targetTlsSettingsAdvanced": "Advanced TLS Settings",
-    "targetTlsSni": "TLS Server Name (SNI)",
+    "targetTlsSni": "TLS Server Name",
     "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.",
     "targetTlsSubmit": "Save Settings",
     "targets": "Targets Configuration",
-    "targetsDescription": "Set up targets to route traffic to your services",
+    "targetsDescription": "Set up targets to route traffic to your backend services",
     "targetStickySessions": "Enable Sticky Sessions",
     "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.",
     "methodSelect": "Select method",
     "targetSubmit": "Add Target",
-    "targetNoOne": "No targets. Add a target using the form.",
+    "targetNoOne": "This resource doesn't have any targets. Add a target to configure where to send requests to your backend.",
     "targetNoOneDescription": "Adding more than one target above will enable load balancing.",
     "targetsSubmit": "Save Targets",
+    "addTarget": "Add Target",
+    "targetErrorInvalidIp": "Invalid IP address",
+    "targetErrorInvalidIpDescription": "Please enter a valid IP address or hostname",
+    "targetErrorInvalidPort": "Invalid port",
+    "targetErrorInvalidPortDescription": "Please enter a valid port number",
+    "targetErrorNoSite": "No site selected",
+    "targetErrorNoSiteDescription": "Please select a site for the target",
+    "targetCreated": "Target created",
+    "targetCreatedDescription": "Target has been created successfully",
+    "targetErrorCreate": "Failed to create target",
+    "targetErrorCreateDescription": "An error occurred while creating the target",
+    "save": "Save",
     "proxyAdditional": "Additional Proxy Settings",
     "proxyAdditionalDescription": "Configure how your resource handles proxy settings",
     "proxyCustomHeader": "Custom Host Header",
@@ -508,6 +526,7 @@
     "ipAddressErrorInvalidFormat": "Invalid IP address format",
     "ipAddressErrorInvalidOctet": "Invalid IP address octet",
     "path": "Path",
+    "matchPath": "Match Path",
     "ipAddressRange": "IP Range",
     "rulesErrorFetch": "Failed to fetch rules",
     "rulesErrorFetchDescription": "An error occurred while fetching rules",
@@ -543,6 +562,7 @@
     "rulesActions": "Actions",
     "rulesActionAlwaysAllow": "Always Allow: Bypass all authentication methods",
     "rulesActionAlwaysDeny": "Always Deny: Block all requests; no authentication can be attempted",
+    "rulesActionPassToAuth": "Pass to Auth: Allow authentication methods to be attempted",
     "rulesMatchCriteria": "Matching Criteria",
     "rulesMatchCriteriaIpAddress": "Match a specific IP address",
     "rulesMatchCriteriaIpAddressRange": "Match a range of IP addresses in CIDR notation",
@@ -705,7 +725,7 @@
     "pangolinServerAdmin": "Server Admin - Pangolin",
     "licenseTierProfessional": "Professional License",
     "licenseTierEnterprise": "Enterprise License",
-    "licenseTierCommercial": "Commercial License",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Licensed",
     "yes": "Yes",
     "no": "No",
@@ -717,7 +737,7 @@
     "idpManageDescription": "View and manage identity providers in the system",
     "idpDeletedDescription": "Identity provider deleted successfully",
     "idpOidc": "OAuth2/OIDC",
-    "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider {name}?",
+    "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider?",
     "idpMessageRemove": "This will remove the identity provider and all associated configurations. Users who authenticate through this provider will no longer be able to log in.",
     "idpMessageConfirm": "To confirm, please type the name of the identity provider below.",
     "idpConfirmDelete": "Confirm Delete Identity Provider",
@@ -740,7 +760,7 @@
     "idpDisplayName": "A display name for this identity provider",
     "idpAutoProvisionUsers": "Auto Provision Users",
     "idpAutoProvisionUsersDescription": "When enabled, users will be automatically created in the system upon first login with the ability to map users to roles and organizations.",
-    "licenseBadge": "Professional",
+    "licenseBadge": "EE",
     "idpType": "Provider Type",
     "idpTypeDescription": "Select the type of identity provider you want to configure",
     "idpOidcConfigure": "OAuth2/OIDC Configuration",
@@ -834,6 +854,24 @@
     "pincodeRequirementsLength": "PIN must be exactly 6 digits",
     "pincodeRequirementsChars": "PIN must only contain numbers",
     "passwordRequirementsLength": "Password must be at least 1 character long",
+    "passwordRequirementsTitle": "Password requirements:",
+    "passwordRequirementLength": "At least 8 characters long",
+    "passwordRequirementUppercase": "At least one uppercase letter",
+    "passwordRequirementLowercase": "At least one lowercase letter",
+    "passwordRequirementNumber": "At least one number",
+    "passwordRequirementSpecial": "At least one special character",
+    "passwordRequirementsMet": "✓ Password meets all requirements",
+    "passwordStrength": "Password strength",
+    "passwordStrengthWeak": "Weak",
+    "passwordStrengthMedium": "Medium",
+    "passwordStrengthStrong": "Strong",
+    "passwordRequirements": "Requirements:",
+    "passwordRequirementLengthText": "8+ characters",
+    "passwordRequirementUppercaseText": "Uppercase letter (A-Z)",
+    "passwordRequirementLowercaseText": "Lowercase letter (a-z)",
+    "passwordRequirementNumberText": "Number (0-9)",
+    "passwordRequirementSpecialText": "Special character (!@#$%...)",
+    "passwordsDoNotMatch": "Passwords do not match",
     "otpEmailRequirementsLength": "OTP must be at least 1 character long",
     "otpEmailSent": "OTP Sent",
     "otpEmailSentDescription": "An OTP has been sent to your email",
@@ -953,12 +991,15 @@
     "logoutError": "Error logging out",
     "signingAs": "Signed in as",
     "serverAdmin": "Server Admin",
+    "managedSelfhosted": "Managed Self-Hosted",
     "otpEnable": "Enable Two-factor",
     "otpDisable": "Disable Two-factor",
     "logout": "Log Out",
     "licenseTierProfessionalRequired": "Professional Edition Required",
     "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.",
     "actionGetOrg": "Get Organization",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Update Organization",
     "actionUpdateUser": "Update User",
     "actionGetUser": "Get User",
@@ -968,6 +1009,10 @@
     "actionDeleteSite": "Delete Site",
     "actionGetSite": "Get Site",
     "actionListSites": "List Sites",
+    "actionApplyBlueprint": "Apply Blueprint",
+    "setupToken": "Setup Token",
+    "setupTokenDescription": "Enter the setup token from the server console.",
+    "setupTokenRequired": "Setup token is required",
     "actionUpdateSite": "Update Site",
     "actionListSiteRoles": "List Allowed Site Roles",
     "actionCreateResource": "Create Resource",
@@ -1023,6 +1068,17 @@
     "actionDeleteIdpOrg": "Delete IDP Org Policy",
     "actionListIdpOrgs": "List IDP Orgs",
     "actionUpdateIdpOrg": "Update IDP Org",
+    "actionCreateClient": "Create Client",
+    "actionDeleteClient": "Delete Client",
+    "actionUpdateClient": "Update Client",
+    "actionListClients": "List Clients",
+    "actionGetClient": "Get Client",
+    "actionCreateSiteResource": "Create Site Resource",
+    "actionDeleteSiteResource": "Delete Site Resource",
+    "actionGetSiteResource": "Get Site Resource",
+    "actionListSiteResources": "List Site Resources",
+    "actionUpdateSiteResource": "Update Site Resource",
+    "actionListInvitations": "List Invitations",
     "noneSelected": "None selected",
     "orgNotFound2": "No organizations found.",
     "searchProgress": "Search...",
@@ -1038,7 +1094,6 @@
     "navbar": "Navigation Menu",
     "navbarDescription": "Main navigation menu for the application",
     "navbarDocsLink": "Documentation",
-    "commercialEdition": "Commercial Edition",
     "otpErrorEnable": "Unable to enable 2FA",
     "otpErrorEnableDescription": "An error occurred while enabling 2FA",
     "otpSetupCheckCode": "Please enter a 6-digit code",
@@ -1096,8 +1151,8 @@
     "sidebarLicense": "License",
     "sidebarClients": "Clients",
     "sidebarDomains": "Domains",
-    "enableDockerSocket": "Enable Docker Socket",
-    "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
+    "enableDockerSocket": "Enable Docker Blueprint",
+    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt.",
     "enableDockerSocketLink": "Learn More",
     "viewDockerContainers": "View Docker Containers",
     "containersIn": "Containers in {siteName}",
@@ -1151,9 +1206,8 @@
     "domainCreate": "Create Domain",
     "domainCreatedDescription": "Domain created successfully",
     "domainDeletedDescription": "Domain deleted successfully",
-    "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
+    "domainQuestionRemove": "Are you sure you want to remove the domain from your account?",
     "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
-    "domainMessageConfirm": "To confirm, please type the domain name below.",
     "domainConfirmDelete": "Confirm Delete Domain",
     "domainDelete": "Delete Domain",
     "domain": "Domain",
@@ -1162,7 +1216,7 @@
     "selectDomainTypeCnameName": "Single Domain (CNAME)",
     "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.",
     "selectDomainTypeWildcardName": "Wildcard Domain",
-    "selectDomainTypeWildcardDescription": "This domain and its first level of subdomains.",
+    "selectDomainTypeWildcardDescription": "This domain and its subdomains.",
     "domainDelegation": "Single Domain",
     "selectType": "Select a type",
     "actions": "Actions",
@@ -1196,8 +1250,8 @@
     "sidebarExpand": "Expand",
     "newtUpdateAvailable": "Update Available",
     "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
-    "domainPickerEnterDomain": "Enter your domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerEnterDomain": "Domain",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Enter the full domain of the resource to see available options.",
     "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
     "domainPickerTabAll": "All",
@@ -1206,12 +1260,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Checking availability...",
-    "domainPickerNoMatchingDomains": "No matching domains found for \"{userInput}\". Try a different domain or check your organization's domain settings.",
+    "domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.",
     "domainPickerOrganizationDomains": "Organization Domains",
     "domainPickerProvidedDomains": "Provided Domains",
     "domainPickerSubdomain": "Subdomain: {subdomain}",
     "domainPickerNamespace": "Namespace: {namespace}",
     "domainPickerShowMore": "Show More",
+    "regionSelectorTitle": "Select Region",
+    "regionSelectorInfo": "Selecting a region helps us provide better performance for your location. You do not have to be in the same region as your server.",
+    "regionSelectorPlaceholder": "Choose a region",
+    "regionSelectorComingSoon": "Coming Soon",
+    "billingLoadingSubscription": "Loading subscription...",
+    "billingFreeTier": "Free Tier",
+    "billingWarningOverLimit": "Warning: You have exceeded one or more usage limits. Your sites will not connect until you modify your subscription or adjust your usage.",
+    "billingUsageLimitsOverview": "Usage Limits Overview",
+    "billingMonitorUsage": "Monitor your usage against configured limits. If you need limits increased please contact us support@pangolin.net.",
+    "billingDataUsage": "Data Usage",
+    "billingOnlineTime": "Site Online Time",
+    "billingUsers": "Active Users",
+    "billingDomains": "Active Domains",
+    "billingRemoteExitNodes": "Active Self-hosted Nodes",
+    "billingNoLimitConfigured": "No limit configured",
+    "billingEstimatedPeriod": "Estimated Billing Period",
+    "billingIncludedUsage": "Included Usage",
+    "billingIncludedUsageDescription": "Usage included with your current subscription plan",
+    "billingFreeTierIncludedUsage": "Free tier usage allowances",
+    "billingIncluded": "included",
+    "billingEstimatedTotal": "Estimated Total:",
+    "billingNotes": "Notes",
+    "billingEstimateNote": "This is an estimate based on your current usage.",
+    "billingActualChargesMayVary": "Actual charges may vary.",
+    "billingBilledAtEnd": "You will be billed at the end of the billing period.",
+    "billingModifySubscription": "Modify Subscription",
+    "billingStartSubscription": "Start Subscription",
+    "billingRecurringCharge": "Recurring Charge",
+    "billingManageSubscriptionSettings": "Manage your subscription settings and preferences",
+    "billingNoActiveSubscription": "You don't have an active subscription. Start your subscription to increase usage limits.",
+    "billingFailedToLoadSubscription": "Failed to load subscription",
+    "billingFailedToLoadUsage": "Failed to load usage",
+    "billingFailedToGetCheckoutUrl": "Failed to get checkout URL",
+    "billingPleaseTryAgainLater": "Please try again later.",
+    "billingCheckoutError": "Checkout Error",
+    "billingFailedToGetPortalUrl": "Failed to get portal URL",
+    "billingPortalError": "Portal Error",
+    "billingDataUsageInfo": "You're charged for all data transferred through your secure tunnels when connected to the cloud. This includes both incoming and outgoing traffic across all your sites. When you reach your limit, your sites will disconnect until you upgrade your plan or reduce usage. Data is not charged when using nodes.",
+    "billingOnlineTimeInfo": "You're charged based on how long your sites stay connected to the cloud. For example, 44,640 minutes equals one site running 24/7 for a full month. When you reach your limit, your sites will disconnect until you upgrade your plan or reduce usage. Time is not charged when using nodes.",
+    "billingUsersInfo": "You're charged for each user in your organization. Billing is calculated daily based on the number of active user accounts in your org.",
+    "billingDomainInfo": "You're charged for each domain in your organization. Billing is calculated daily based on the number of active domain accounts in your org.",
+    "billingRemoteExitNodesInfo": "You're charged for each managed Node in your organization. Billing is calculated daily based on the number of active managed Nodes in your org.",
     "domainNotFound": "Domain Not Found",
     "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
     "failed": "Failed",
@@ -1245,7 +1341,6 @@
     "twoFactorRequired": "Two-factor authentication is required to register a security key.",
     "twoFactor": "Two-Factor Authentication",
     "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
-    "continueToApplication": "Continue to Application",
     "securityKeyAdd": "Add Security Key",
     "securityKeyRegisterTitle": "Register New Security Key",
     "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
@@ -1274,5 +1369,527 @@
     "createDomainDnsPropagation": "DNS Propagation",
     "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.",
     "resourcePortRequired": "Port number is required for non-HTTP resources",
-    "resourcePortNotAllowed": "Port number should not be set for HTTP resources"
+    "resourcePortNotAllowed": "Port number should not be set for HTTP resources",
+    "billingPricingCalculatorLink": "Pricing Calculator",
+    "signUpTerms": {
+        "IAgreeToThe": "I agree to the",
+        "termsOfService": "terms of service",
+        "and": "and",
+        "privacyPolicy": "privacy policy"
+    },
+    "siteRequired": "Site is required.",
+    "olmTunnel": "Olm Tunnel",
+    "olmTunnelDescription": "Use Olm for client connectivity",
+    "errorCreatingClient": "Error creating client",
+    "clientDefaultsNotFound": "Client defaults not found",
+    "createClient": "Create Client",
+    "createClientDescription": "Create a new client for connecting to your sites",
+    "seeAllClients": "See All Clients",
+    "clientInformation": "Client Information",
+    "clientNamePlaceholder": "Client name",
+    "address": "Address",
+    "subnetPlaceholder": "Subnet",
+    "addressDescription": "The address that this client will use for connectivity",
+    "selectSites": "Select sites",
+    "sitesDescription": "The client will have connectivity to the selected sites",
+    "clientInstallOlm": "Install Olm",
+    "clientInstallOlmDescription": "Get Olm running on your system",
+    "clientOlmCredentials": "Olm Credentials",
+    "clientOlmCredentialsDescription": "This is how Olm will authenticate with the server",
+    "olmEndpoint": "Olm Endpoint",
+    "olmId": "Olm ID",
+    "olmSecretKey": "Olm Secret Key",
+    "clientCredentialsSave": "Save Your Credentials",
+    "clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
+    "generalSettingsDescription": "Configure the general settings for this client",
+    "clientUpdated": "Client updated",
+    "clientUpdatedDescription": "The client has been updated.",
+    "clientUpdateFailed": "Failed to update client",
+    "clientUpdateError": "An error occurred while updating the client.",
+    "sitesFetchFailed": "Failed to fetch sites",
+    "sitesFetchError": "An error occurred while fetching sites.",
+    "olmErrorFetchReleases": "An error occurred while fetching Olm releases.",
+    "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.",
+    "remoteSubnets": "Remote Subnets",
+    "enterCidrRange": "Enter CIDR range",
+    "remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.",
+    "resourceEnableProxy": "Enable Public Proxy",
+    "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.",
+    "externalProxyEnabled": "External Proxy Enabled",
+    "addNewTarget": "Add New Target",
+    "targetsList": "Targets List",
+    "advancedMode": "Advanced Mode",
+    "targetErrorDuplicateTargetFound": "Duplicate target found",
+    "healthCheckHealthy": "Healthy",
+    "healthCheckUnhealthy": "Unhealthy",
+    "healthCheckUnknown": "Unknown",
+    "healthCheck": "Health Check",
+    "configureHealthCheck": "Configure Health Check",
+    "configureHealthCheckDescription": "Set up health monitoring for {target}",
+    "enableHealthChecks": "Enable Health Checks",
+    "enableHealthChecksDescription": "Monitor the health of this target. You can monitor a different endpoint than the target if required.",
+    "healthScheme": "Method",
+    "healthSelectScheme": "Select Method",
+    "healthCheckPath": "Path",
+    "healthHostname": "IP / Host",
+    "healthPort": "Port",
+    "healthCheckPathDescription": "The path to check for health status.",
+    "healthyIntervalSeconds": "Healthy Interval",
+    "unhealthyIntervalSeconds": "Unhealthy Interval",
+    "IntervalSeconds": "Healthy Interval",
+    "timeoutSeconds": "Timeout",
+    "timeIsInSeconds": "Time is in seconds",
+    "retryAttempts": "Retry Attempts",
+    "expectedResponseCodes": "Expected Response Codes",
+    "expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",
+    "customHeaders": "Custom Headers",
+    "customHeadersDescription": "Headers new line separated: Header-Name: value",
+    "headersValidationError": "Headers must be in the format: Header-Name: value",
+    "saveHealthCheck": "Save Health Check",
+    "healthCheckSaved": "Health Check Saved",
+    "healthCheckSavedDescription": "Health check configuration has been saved successfully",
+    "healthCheckError": "Health Check Error",
+    "healthCheckErrorDescription": "An error occurred while saving the health check configuration",
+    "healthCheckPathRequired": "Health check path is required",
+    "healthCheckMethodRequired": "HTTP method is required",
+    "healthCheckIntervalMin": "Check interval must be at least 5 seconds",
+    "healthCheckTimeoutMin": "Timeout must be at least 1 second",
+    "healthCheckRetryMin": "Retry attempts must be at least 1",
+    "httpMethod": "HTTP Method",
+    "selectHttpMethod": "Select HTTP method",
+    "domainPickerSubdomainLabel": "Subdomain",
+    "domainPickerBaseDomainLabel": "Base Domain",
+    "domainPickerSearchDomains": "Search domains...",
+    "domainPickerNoDomainsFound": "No domains found",
+    "domainPickerLoadingDomains": "Loading domains...",
+    "domainPickerSelectBaseDomain": "Select base domain...",
+    "domainPickerNotAvailableForCname": "Not available for CNAME domains",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.",
+    "domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.",
+    "domainPickerFreeDomains": "Free Domains",
+    "domainPickerSearchForAvailableDomains": "Search for available domains",
+    "domainPickerNotWorkSelfHosted": "Note: Free provided domains are not available for self-hosted instances right now.",
+    "resourceDomain": "Domain",
+    "resourceEditDomain": "Edit Domain",
+    "siteName": "Site Name",
+    "proxyPort": "Port",
+    "resourcesTableProxyResources": "Proxy Resources",
+    "resourcesTableClientResources": "Client Resources",
+    "resourcesTableNoProxyResourcesFound": "No proxy resources found.",
+    "resourcesTableNoInternalResourcesFound": "No internal resources found.",
+    "resourcesTableDestination": "Destination",
+    "resourcesTableTheseResourcesForUseWith": "These resources are for use with",
+    "resourcesTableClients": "Clients",
+    "resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.",
+    "editInternalResourceDialogEditClientResource": "Edit Client Resource",
+    "editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.",
+    "editInternalResourceDialogResourceProperties": "Resource Properties",
+    "editInternalResourceDialogName": "Name",
+    "editInternalResourceDialogProtocol": "Protocol",
+    "editInternalResourceDialogSitePort": "Site Port",
+    "editInternalResourceDialogTargetConfiguration": "Target Configuration",
+    "editInternalResourceDialogCancel": "Cancel",
+    "editInternalResourceDialogSaveResource": "Save Resource",
+    "editInternalResourceDialogSuccess": "Success",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully",
+    "editInternalResourceDialogError": "Error",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource",
+    "editInternalResourceDialogNameRequired": "Name is required",
+    "editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
+    "editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
+    "editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
+    "editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
+    "editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
+    "createInternalResourceDialogNoSitesAvailable": "No Sites Available",
+    "createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.",
+    "createInternalResourceDialogClose": "Close",
+    "createInternalResourceDialogCreateClientResource": "Create Client Resource",
+    "createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.",
+    "createInternalResourceDialogResourceProperties": "Resource Properties",
+    "createInternalResourceDialogName": "Name",
+    "createInternalResourceDialogSite": "Site",
+    "createInternalResourceDialogSelectSite": "Select site...",
+    "createInternalResourceDialogSearchSites": "Search sites...",
+    "createInternalResourceDialogNoSitesFound": "No sites found.",
+    "createInternalResourceDialogProtocol": "Protocol",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Site Port",
+    "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
+    "createInternalResourceDialogTargetConfiguration": "Target Configuration",
+    "createInternalResourceDialogDestinationIPDescription": "The IP or hostname address of the resource on the site's network.",
+    "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
+    "createInternalResourceDialogCancel": "Cancel",
+    "createInternalResourceDialogCreateResource": "Create Resource",
+    "createInternalResourceDialogSuccess": "Success",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully",
+    "createInternalResourceDialogError": "Error",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource",
+    "createInternalResourceDialogNameRequired": "Name is required",
+    "createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters",
+    "createInternalResourceDialogPleaseSelectSite": "Please select a site",
+    "createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1",
+    "createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format",
+    "createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1",
+    "createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536",
+    "siteConfiguration": "Configuration",
+    "siteAcceptClientConnections": "Accept Client Connections",
+    "siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.",
+    "siteAddress": "Site Address",
+    "siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.",
+    "autoLoginExternalIdp": "Auto Login with External IDP",
+    "autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.",
+    "selectIdp": "Select IDP",
+    "selectIdpPlaceholder": "Choose an IDP...",
+    "selectIdpRequired": "Please select an IDP when auto login is enabled.",
+    "autoLoginTitle": "Redirecting",
+    "autoLoginDescription": "Redirecting you to the external identity provider for authentication.",
+    "autoLoginProcessing": "Preparing authentication...",
+    "autoLoginRedirecting": "Redirecting to login...",
+    "autoLoginError": "Auto Login Error",
+    "autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.",
+    "autoLoginErrorGeneratingUrl": "Failed to generate authentication URL.",
+    "remoteExitNodeManageRemoteExitNodes": "Remote Nodes",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Nodes",
+    "searchRemoteExitNodes": "Search nodes...",
+    "remoteExitNodeAdd": "Add Node",
+    "remoteExitNodeErrorDelete": "Error deleting node",
+    "remoteExitNodeQuestionRemove": "Are you sure you want to remove the node from the organization?",
+    "remoteExitNodeMessageRemove": "Once removed, the node will no longer be accessible.",
+    "remoteExitNodeConfirmDelete": "Confirm Delete Node",
+    "remoteExitNodeDelete": "Delete Node",
+    "sidebarRemoteExitNodes": "Remote Nodes",
+    "remoteExitNodeCreate": {
+        "title": "Create Node",
+        "description": "Create a new node to extend your network connectivity",
+        "viewAllButton": "View All Nodes",
+        "strategy": {
+            "title": "Creation Strategy",
+            "description": "Choose this to manually configure your node or generate new credentials.",
+            "adopt": {
+                "title": "Adopt Node",
+                "description": "Choose this if you already have the credentials for the node."
+            },
+            "generate": {
+                "title": "Generate Keys",
+                "description": "Choose this if you want to generate new keys for the node"
+            }
+        },
+        "adopt": {
+            "title": "Adopt Existing Node",
+            "description": "Enter the credentials of the existing node you want to adopt",
+            "nodeIdLabel": "Node ID",
+            "nodeIdDescription": "The ID of the existing node you want to adopt",
+            "secretLabel": "Secret",
+            "secretDescription": "The secret key of the existing node",
+            "submitButton": "Adopt Node"
+        },
+        "generate": {
+            "title": "Generated Credentials",
+            "description": "Use these generated credentials to configure your node",
+            "nodeIdTitle": "Node ID",
+            "secretTitle": "Secret",
+            "saveCredentialsTitle": "Add Credentials to Config",
+            "saveCredentialsDescription": "Add these credentials to your self-hosted Pangolin node configuration file to complete the connection.",
+            "submitButton": "Create Node"
+        },
+        "validation": {
+            "adoptRequired": "Node ID and Secret are required when adopting an existing node"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Failed to load defaults",
+            "defaultsNotLoaded": "Defaults not loaded",
+            "createFailed": "Failed to create node"
+        },
+        "success": {
+            "created": "Node created successfully"
+        }
+    },
+    "remoteExitNodeSelection": "Node Selection",
+    "remoteExitNodeSelectionDescription": "Select a node to route traffic through for this local site",
+    "remoteExitNodeRequired": "A node must be selected for local sites",
+    "noRemoteExitNodesAvailable": "No Nodes Available",
+    "noRemoteExitNodesAvailableDescription": "No nodes are available for this organization. Create a node first to use local sites.",
+    "exitNode": "Exit Node",
+    "country": "Country",
+    "rulesMatchCountry": "Currently based on source IP",
+    "managedSelfHosted": {
+        "title": "Managed Self-Hosted",
+        "description": "More reliable and low-maintenance self-hosted Pangolin server with extra bells and whistles",
+        "introTitle": "Managed Self-Hosted Pangolin",
+        "introDescription": "is a deployment option designed for people who want simplicity and extra reliability while still keeping their data private and self-hosted.",
+        "introDetail": "With this option, you still run your own Pangolin node — your tunnels, SSL termination, and traffic all stay on your server. The difference is that management and monitoring are handled through our cloud dashboard, which unlocks a number of benefits:",
+        "benefitSimplerOperations": {
+            "title": "Simpler operations",
+            "description": "No need to run your own mail server or set up complex alerting. You'll get health checks and downtime alerts out of the box."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Automatic updates",
+            "description": "The cloud dashboard evolves quickly, so you get new features and bug fixes without having to manually pull new containers every time."
+        },
+        "benefitLessMaintenance": {
+            "title": "Less maintenance",
+            "description": "No database migrations, backups, or extra infrastructure to manage. We handle that in the cloud."
+        },
+        "benefitCloudFailover": {
+            "title": "Cloud failover",
+            "description": "If your node goes down, your tunnels can temporarily fail over to our cloud points of presence until you bring it back online."
+        },
+        "benefitHighAvailability": {
+            "title": "High availability (PoPs)",
+            "description": "You can also attach multiple nodes to your account for redundancy and better performance."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Future enhancements",
+            "description": "We're planning to add more analytics, alerting, and management tools to make your deployment even more robust."
+        },
+        "docsAlert": {
+            "text": "Learn more about the Managed Self-Hosted option in our",
+            "documentation": "documentation"
+        },
+        "convertButton": "Convert This Node to Managed Self-Hosted"
+    },
+    "internationaldomaindetected": "International Domain Detected",
+    "willbestoredas": "Will be stored as:",
+    "roleMappingDescription": "Determine how roles are assigned to users when they sign in when Auto Provision is enabled.",
+    "selectRole": "Select a Role",
+    "roleMappingExpression": "Expression",
+    "selectRolePlaceholder": "Choose a role",
+    "selectRoleDescription": "Select a role to assign to all users from this identity provider",
+    "roleMappingExpressionDescription": "Enter a JMESPath expression to extract role information from the ID token",
+    "idpTenantIdRequired": "Tenant ID is required",
+    "invalidValue": "Invalid value",
+    "idpTypeLabel": "Identity Provider Type",
+    "roleMappingExpressionPlaceholder": "e.g., contains(groups, 'admin') && 'Admin' || 'Member'",
+    "idpGoogleConfiguration": "Google Configuration",
+    "idpGoogleConfigurationDescription": "Configure your Google OAuth2 credentials",
+    "idpGoogleClientIdDescription": "Your Google OAuth2 Client ID",
+    "idpGoogleClientSecretDescription": "Your Google OAuth2 Client Secret",
+    "idpAzureConfiguration": "Azure Entra ID Configuration",
+    "idpAzureConfigurationDescription": "Configure your Azure Entra ID OAuth2 credentials",
+    "idpTenantId": "Tenant ID",
+    "idpTenantIdPlaceholder": "your-tenant-id",
+    "idpAzureTenantIdDescription": "Your Azure tenant ID (found in Azure Active Directory overview)",
+    "idpAzureClientIdDescription": "Your Azure App Registration Client ID",
+    "idpAzureClientSecretDescription": "Your Azure App Registration Client Secret",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Google Configuration",
+    "idpAzureConfigurationTitle": "Azure Entra ID Configuration",
+    "idpTenantIdLabel": "Tenant ID",
+    "idpAzureClientIdDescription2": "Your Azure App Registration Client ID",
+    "idpAzureClientSecretDescription2": "Your Azure App Registration Client Secret",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "Subnet",
+    "subnetDescription": "The subnet for this organization's network configuration.",
+    "authPage": "Auth Page",
+    "authPageDescription": "Configure the auth page for your organization",
+    "authPageDomain": "Auth Page Domain",
+    "noDomainSet": "No domain set",
+    "changeDomain": "Change Domain",
+    "selectDomain": "Select Domain",
+    "restartCertificate": "Restart Certificate",
+    "editAuthPageDomain": "Edit Auth Page Domain",
+    "setAuthPageDomain": "Set Auth Page Domain",
+    "failedToFetchCertificate": "Failed to fetch certificate",
+    "failedToRestartCertificate": "Failed to restart certificate",
+    "addDomainToEnableCustomAuthPages": "Add a domain to enable custom authentication pages for your organization",
+    "selectDomainForOrgAuthPage": "Select a domain for the organization's authentication page",
+    "domainPickerProvidedDomain": "Provided Domain",
+    "domainPickerFreeProvidedDomain": "Free Provided Domain",
+    "domainPickerVerified": "Verified",
+    "domainPickerUnverified": "Unverified",
+    "domainPickerInvalidSubdomainStructure": "This subdomain contains invalid characters or structure. It will be sanitized automatically when you save.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Failed to load organization domains",
+    "domainPickerErrorCheckAvailability": "Failed to check domain availability",
+    "domainPickerInvalidSubdomain": "Invalid subdomain",
+    "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomain sanitized",
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
+    "orgAuthSignInTitle": "Sign in to your organization",
+    "orgAuthChooseIdpDescription": "Choose your identity provider to continue",
+    "orgAuthNoIdpConfigured": "This organization doesn't have any identity providers configured. You can log in with your Pangolin identity instead.",
+    "orgAuthSignInWithPangolin": "Sign in with Pangolin",
+    "subscriptionRequiredToUse": "A subscription is required to use this feature.",
+    "idpDisabled": "Identity providers are disabled.",
+    "orgAuthPageDisabled": "Organization auth page is disabled.",
+    "domainRestartedDescription": "Domain verification restarted successfully",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml",
+    "emailVerificationRequired": "Email verification is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
+    "twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
+    "authPageErrorUpdateMessage": "An error occurred while updating the auth page settings",
+    "authPageUpdated": "Auth page updated successfully",
+    "healthCheckNotAvailable": "Local",
+    "rewritePath": "Rewrite Path",
+    "rewritePathDescription": "Optionally rewrite the path before forwarding to the target.",
+    "continueToApplication": "Continue to application",
+    "checkingInvite": "Checking Invite",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Remove Header Auth",
+    "resourceHeaderAuthRemoveDescription": "Header authentication removed successfully.",
+    "resourceErrorHeaderAuthRemove": "Failed to remove Header Authentication",
+    "resourceErrorHeaderAuthRemoveDescription": "Could not remove header authentication for the resource.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Failed to set Header Authentication",
+    "resourceErrorHeaderAuthSetupDescription": "Could not set header authentication for the resource.",
+    "resourceHeaderAuthSetup": "Header Authentication set successfully",
+    "resourceHeaderAuthSetupDescription": "Header authentication has been successfully set.",
+    "resourceHeaderAuthSetupTitle": "Set Header Authentication",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Set Header Authentication",
+    "actionSetResourceHeaderAuth": "Set Header Authentication",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that the information I provided is accurate and that I am in compliance with the Fossorial Commercial License. Reporting inaccurate information or misidentifying use of the product is a violation of the license and may result in your key getting revoked."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Priority",
+    "priorityDescription": "Higher priority routes are evaluated first. Priority = 100 means automatic ordering (system decides). Use another number to enforce manual priority.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip",
+    "sidebarEnableEnterpriseLicense": "Enable Enterprise License",
+    "cannotbeUndone": "This can not be undone.",
+    "toConfirm": "to confirm",
+    "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site."
 }

messages/es-ES.json

@@ -59,7 +59,6 @@
     "siteErrorCreate": "Error al crear el sitio",
     "siteErrorCreateKeyPair": "Por defecto no se encuentra el par de claves o el sitio",
     "siteErrorCreateDefaults": "Sitio por defecto no encontrado",
-    "siteNameDescription": "Este es el nombre para mostrar el sitio.",
     "method": "Método",
     "siteMethodDescription": "Así es como se expondrán las conexiones.",
     "siteLearnNewt": "Aprende cómo instalar Newt en tu sistema",
@@ -68,7 +67,7 @@
     "siteDocker": "Expandir para detalles de despliegue de Docker",
     "toggle": "Cambiar",
     "dockerCompose": "Componer Docker",
-    "dockerRun": "Docker Run",
+    "dockerRun": "Ejecutar Docker",
     "siteLearnLocal": "Los sitios locales no tienen túnel, aprender más",
     "siteConfirmCopy": "He copiado la configuración",
     "searchSitesProgress": "Buscar sitios...",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "La forma más fácil de crear un punto de entrada en tu red. Sin configuración adicional.",
     "siteWg": "Wirex Guardia Básica",
     "siteWgDescription": "Utilice cualquier cliente Wirex Guard para establecer un túnel. Se requiere una configuración manual de NAT.",
+    "siteWgDescriptionSaas": "Utilice cualquier cliente de WireGuard para establecer un túnel. Se requiere configuración manual de NAT. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS",
     "siteLocalDescription": "Solo recursos locales. Sin túneles.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "Ver todos los sitios",
     "siteTunnelDescription": "Determina cómo quieres conectarte a tu sitio",
     "siteNewtCredentials": "Credenciales nuevas",
@@ -167,7 +168,10 @@
     "siteSelect": "Seleccionar sitio",
     "siteSearch": "Buscar sitio",
     "siteNotFound": "Sitio no encontrado.",
-    "siteSelectionDescription": "Este sitio proporcionará conectividad al recurso.",
+    "selectCountry": "Seleccionar país",
+    "searchCountries": "Buscar países...",
+    "noCountryFound": "Ningún país encontrado.",
+    "siteSelectionDescription": "Este sitio proporcionará conectividad al objetivo.",
     "resourceType": "Tipo de recurso",
     "resourceTypeDescription": "Determina cómo quieres acceder a tu recurso",
     "resourceHTTPSSettings": "Configuración HTTPS",
@@ -198,11 +202,13 @@
     "general": "General",
     "generalSettings": "Configuración General",
     "proxy": "Proxy",
+    "internal": "Interno",
     "rules": "Reglas",
     "resourceSettingDescription": "Configure la configuración de su recurso",
     "resourceSetting": "Ajustes {resourceName}",
     "alwaysAllow": "Permitir siempre",
     "alwaysDeny": "Denegar siempre",
+    "passToAuth": "Pasar a Autenticación",
     "orgSettingsDescription": "Configurar la configuración general de su organización",
     "orgGeneralSettings": "Configuración de la organización",
     "orgGeneralSettingsDescription": "Administra los detalles y la configuración de tu organización",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "Ocurrió un error mientras se añadía el usuario al rol.",
     "userSaved": "Usuario guardado",
     "userSavedDescription": "El usuario ha sido actualizado.",
+    "autoProvisioned": "Auto asegurado",
+    "autoProvisionedDescription": "Permitir a este usuario ser administrado automáticamente por el proveedor de identidad",
     "accessControlsDescription": "Administrar lo que este usuario puede acceder y hacer en la organización",
     "accessControlsSubmit": "Guardar controles de acceso",
     "roles": "Roles",
@@ -460,7 +468,10 @@
     "createdAt": "Creado el",
     "proxyErrorInvalidHeader": "Valor de cabecera de host personalizado no válido. Utilice el formato de nombre de dominio, o guarde en blanco para desestablecer cabecera de host personalizada.",
     "proxyErrorTls": "Nombre de servidor TLS inválido. Utilice el formato de nombre de dominio o guarde en blanco para eliminar el nombre de servidor TLS.",
-    "proxyEnableSSL": "Habilitar SSL (https)",
+    "proxyEnableSSL": "Activar SSL",
+    "proxyEnableSSLDescription": "Activa el cifrado SSL/TLS para conexiones seguras HTTPS a tus objetivos.",
+    "target": "Target",
+    "configureTarget": "Configurar objetivos",
     "targetErrorFetch": "Error al recuperar los objetivos",
     "targetErrorFetchDescription": "Se ha producido un error al recuperar los objetivos",
     "siteErrorFetch": "No se pudo obtener el recurso",
@@ -487,7 +498,7 @@
     "targetTlsSettings": "Configuración de conexión segura",
     "targetTlsSettingsDescription": "Configurar ajustes SSL/TLS para su recurso",
     "targetTlsSettingsAdvanced": "Ajustes avanzados de TLS",
-    "targetTlsSni": "Nombre del servidor TLS (SNI)",
+    "targetTlsSni": "Nombre del servidor TLS",
     "targetTlsSniDescription": "El nombre del servidor TLS a usar para SNI. Deje en blanco para usar el valor predeterminado.",
     "targetTlsSubmit": "Guardar ajustes",
     "targets": "Configuración de objetivos",
@@ -496,9 +507,21 @@
     "targetStickySessionsDescription": "Mantener conexiones en el mismo objetivo de backend para toda su sesión.",
     "methodSelect": "Seleccionar método",
     "targetSubmit": "Añadir destino",
-    "targetNoOne": "No hay objetivos. Agregue un objetivo usando el formulario.",
+    "targetNoOne": "Este recurso no tiene ningún objetivo. Agrega un objetivo para configurar dónde enviar peticiones al backend.",
     "targetNoOneDescription": "Si se añade más de un objetivo anterior se activará el balance de carga.",
     "targetsSubmit": "Guardar objetivos",
+    "addTarget": "Añadir destino",
+    "targetErrorInvalidIp": "Dirección IP inválida",
+    "targetErrorInvalidIpDescription": "Por favor, introduzca una dirección IP válida o nombre de host",
+    "targetErrorInvalidPort": "Puerto inválido",
+    "targetErrorInvalidPortDescription": "Por favor, introduzca un número de puerto válido",
+    "targetErrorNoSite": "Ningún sitio seleccionado",
+    "targetErrorNoSiteDescription": "Por favor, seleccione un sitio para el objetivo",
+    "targetCreated": "Objetivo creado",
+    "targetCreatedDescription": "El objetivo se ha creado correctamente",
+    "targetErrorCreate": "Error al crear el objetivo",
+    "targetErrorCreateDescription": "Se ha producido un error al crear el objetivo",
+    "save": "Guardar",
     "proxyAdditional": "Ajustes adicionales del proxy",
     "proxyAdditionalDescription": "Configura cómo tu recurso maneja la configuración del proxy",
     "proxyCustomHeader": "Cabecera de host personalizada",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "Formato de dirección IP inválido",
     "ipAddressErrorInvalidOctet": "Octet de dirección IP no válido",
     "path": "Ruta",
+    "matchPath": "Coincidir ruta",
     "ipAddressRange": "Rango IP",
     "rulesErrorFetch": "Error al obtener las reglas",
     "rulesErrorFetchDescription": "Se ha producido un error al recuperar las reglas",
@@ -543,6 +567,7 @@
     "rulesActions": "Acciones",
     "rulesActionAlwaysAllow": "Permitir siempre: pasar todos los métodos de autenticación",
     "rulesActionAlwaysDeny": "Denegar siempre: Bloquear todas las peticiones; no se puede intentar autenticación",
+    "rulesActionPassToAuth": "Pasar a Autenticación: Permitir que se intenten los métodos de autenticación",
     "rulesMatchCriteria": "Criterios coincidentes",
     "rulesMatchCriteriaIpAddress": "Coincidir con una dirección IP específica",
     "rulesMatchCriteriaIpAddressRange": "Coincide con un rango de direcciones IP en notación CIDR",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "Admin Servidor - Pangolin",
     "licenseTierProfessional": "Licencia profesional",
     "licenseTierEnterprise": "Licencia Enterprise",
-    "licenseTierCommercial": "Licencia comercial",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Licenciado",
     "yes": "Sí",
     "no": "Nu",
@@ -740,7 +765,7 @@
     "idpDisplayName": "Un nombre mostrado para este proveedor de identidad",
     "idpAutoProvisionUsers": "Auto-Provisión de Usuarios",
     "idpAutoProvisionUsersDescription": "Cuando está habilitado, los usuarios serán creados automáticamente en el sistema al iniciar sesión con la capacidad de asignar a los usuarios a roles y organizaciones.",
-    "licenseBadge": "Profesional",
+    "licenseBadge": "EE",
     "idpType": "Tipo de proveedor",
     "idpTypeDescription": "Seleccione el tipo de proveedor de identidad que desea configurar",
     "idpOidcConfigure": "Configuración OAuth2/OIDC",
@@ -807,7 +832,7 @@
     "redirectUrl": "URL de redirección",
     "redirectUrlAbout": "Acerca de la URL de redirección",
     "redirectUrlAboutDescription": "Esta es la URL a la que los usuarios serán redireccionados después de la autenticación. Necesitas configurar esta URL en la configuración de tu proveedor de identidad.",
-    "pangolinAuth": "Auth - Pangolin",
+    "pangolinAuth": "Autenticación - Pangolin",
     "verificationCodeLengthRequirements": "Tu código de verificación debe tener 8 caracteres.",
     "errorOccurred": "Se ha producido un error",
     "emailErrorVerify": "No se pudo verificar el email:",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "El PIN debe tener exactamente 6 dígitos",
     "pincodeRequirementsChars": "El PIN sólo debe contener números",
     "passwordRequirementsLength": "La contraseña debe tener al menos 1 carácter",
+    "passwordRequirementsTitle": "Requisitos de la contraseña:",
+    "passwordRequirementLength": "Al menos 8 caracteres de largo",
+    "passwordRequirementUppercase": "Al menos una letra mayúscula",
+    "passwordRequirementLowercase": "Al menos una letra minúscula",
+    "passwordRequirementNumber": "Al menos un número",
+    "passwordRequirementSpecial": "Al menos un carácter especial",
+    "passwordRequirementsMet": "✓ La contraseña cumple con todos los requisitos",
+    "passwordStrength": "Seguridad de la contraseña",
+    "passwordStrengthWeak": "Débil",
+    "passwordStrengthMedium": "Media",
+    "passwordStrengthStrong": "Fuerte",
+    "passwordRequirements": "Requisitos:",
+    "passwordRequirementLengthText": "8+ caracteres",
+    "passwordRequirementUppercaseText": "Letra mayúscula (A-Z)",
+    "passwordRequirementLowercaseText": "Letra minúscula (a-z)",
+    "passwordRequirementNumberText": "Número (0-9)",
+    "passwordRequirementSpecialText": "Caracter especial (!@#$%...)",
+    "passwordsDoNotMatch": "Las contraseñas no coinciden",
     "otpEmailRequirementsLength": "OTP debe tener al menos 1 carácter",
     "otpEmailSent": "OTP enviado",
     "otpEmailSentDescription": "Un OTP ha sido enviado a tu correo electrónico",
@@ -953,12 +996,15 @@
     "logoutError": "Error al cerrar sesión",
     "signingAs": "Conectado como",
     "serverAdmin": "Admin Servidor",
+    "managedSelfhosted": "Autogestionado",
     "otpEnable": "Activar doble factor",
     "otpDisable": "Desactivar doble factor",
     "logout": "Cerrar sesión",
     "licenseTierProfessionalRequired": "Edición Profesional requerida",
     "licenseTierProfessionalRequiredDescription": "Esta característica sólo está disponible en la Edición Profesional.",
     "actionGetOrg": "Obtener organización",
+    "updateOrgUser": "Actualizar usuario Org",
+    "createOrgUser": "Crear usuario Org",
     "actionUpdateOrg": "Actualizar organización",
     "actionUpdateUser": "Actualizar usuario",
     "actionGetUser": "Obtener usuario",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "Eliminar sitio",
     "actionGetSite": "Obtener sitio",
     "actionListSites": "Listar sitios",
+    "actionApplyBlueprint": "Aplicar plano",
+    "setupToken": "Configuración de token",
+    "setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.",
+    "setupTokenRequired": "Se requiere el token de configuración",
     "actionUpdateSite": "Actualizar sitio",
     "actionListSiteRoles": "Lista de roles permitidos del sitio",
     "actionCreateResource": "Crear Recurso",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "Eliminar política de IDP Org",
     "actionListIdpOrgs": "Listar Orgs IDP",
     "actionUpdateIdpOrg": "Actualizar IDP Org",
+    "actionCreateClient": "Crear cliente",
+    "actionDeleteClient": "Eliminar cliente",
+    "actionUpdateClient": "Actualizar cliente",
+    "actionListClients": "Listar clientes",
+    "actionGetClient": "Obtener cliente",
+    "actionCreateSiteResource": "Crear Recurso del Sitio",
+    "actionDeleteSiteResource": "Eliminar recurso del sitio",
+    "actionGetSiteResource": "Obtener recurso del sitio",
+    "actionListSiteResources": "Listar recursos del sitio",
+    "actionUpdateSiteResource": "Actualizar recurso del sitio",
+    "actionListInvitations": "Listar invitaciones",
     "noneSelected": "Ninguno seleccionado",
     "orgNotFound2": "No se encontraron organizaciones.",
     "searchProgress": "Buscar...",
@@ -1038,7 +1099,6 @@
     "navbar": "Menú de navegación",
     "navbarDescription": "Menú de navegación principal para la aplicación",
     "navbarDocsLink": "Documentación",
-    "commercialEdition": "Edición Comercial",
     "otpErrorEnable": "No se puede habilitar 2FA",
     "otpErrorEnableDescription": "Se ha producido un error al habilitar 2FA",
     "otpSetupCheckCode": "Por favor, introduzca un código de 6 dígitos",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "Todos los usuarios",
     "sidebarIdentityProviders": "Proveedores de identidad",
     "sidebarLicense": "Licencia",
-    "sidebarClients": "Clientes",
+    "sidebarClients": "Clients",
     "sidebarDomains": "Dominios",
-    "enableDockerSocket": "Habilitar conector Docker",
-    "enableDockerSocketDescription": "Habilitar el descubrimiento de Docker Socket para completar la información del contenedor. La ruta del socket debe proporcionarse a Newt.",
+    "enableDockerSocket": "Habilitar Plano Docker",
+    "enableDockerSocketDescription": "Activar el raspado de etiquetas de Socket Docker para etiquetas de planos. La ruta del Socket debe proporcionarse a Newt.",
     "enableDockerSocketLink": "Saber más",
     "viewDockerContainers": "Ver contenedores Docker",
     "containersIn": "Contenedores en {siteName}",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "Dominio único (CNAME)",
     "selectDomainTypeCnameDescription": "Solo este dominio específico. Úsalo para subdominios individuales o entradas específicas de dominio.",
     "selectDomainTypeWildcardName": "Dominio comodín",
-    "selectDomainTypeWildcardDescription": "Este dominio y su primer nivel de subdominios.",
+    "selectDomainTypeWildcardDescription": "Este dominio y sus subdominios.",
     "domainDelegation": "Dominio único",
     "selectType": "Selecciona un tipo",
     "actions": "Acciones",
@@ -1174,7 +1234,7 @@
     "billing": "Facturación",
     "orgBillingDescription": "Gestiona tu información de facturación y suscripciones",
     "github": "GitHub",
-    "pangolinHosted": "Pangolin Hosted",
+    "pangolinHosted": "Pangolin Alojado",
     "fossorial": "Fossorial",
     "completeAccountSetup": "Completar configuración de cuenta",
     "completeAccountSetupDescription": "Establece tu contraseña para comenzar",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "Expandir",
     "newtUpdateAvailable": "Nueva actualización disponible",
     "newtUpdateAvailableInfo": "Hay una nueva versión de Newt disponible. Actualice a la última versión para la mejor experiencia.",
-    "domainPickerEnterDomain": "Ingresa tu dominio",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.miDominio.com, o solo myapp",
+    "domainPickerEnterDomain": "Dominio",
+    "domainPickerPlaceholder": "miapp.ejemplo.com",
     "domainPickerDescription": "Ingresa el dominio completo del recurso para ver las opciones disponibles.",
     "domainPickerDescriptionSaas": "Ingresa un dominio completo, subdominio o simplemente un nombre para ver las opciones disponibles",
     "domainPickerTabAll": "Todo",
@@ -1206,12 +1266,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Comprobando disponibilidad...",
-    "domainPickerNoMatchingDomains": "No se encontraron dominios coincidentes para \"{userInput}\". Prueba con un dominio diferente o revisa la configuración de dominio de tu organización.",
+    "domainPickerNoMatchingDomains": "No se encontraron dominios que coincidan. Intente con un dominio diferente o verifique la configuración de dominios de su organización.",
     "domainPickerOrganizationDomains": "Dominios de la organización",
     "domainPickerProvidedDomains": "Dominios proporcionados",
     "domainPickerSubdomain": "Subdominio: {subdomain}",
     "domainPickerNamespace": "Espacio de nombres: {namespace}",
     "domainPickerShowMore": "Mostrar más",
+    "regionSelectorTitle": "Seleccionar Región",
+    "regionSelectorInfo": "Seleccionar una región nos ayuda a brindar un mejor rendimiento para tu ubicación. No tienes que estar en la misma región que tu servidor.",
+    "regionSelectorPlaceholder": "Elige una región",
+    "regionSelectorComingSoon": "Próximamente",
+    "billingLoadingSubscription": "Cargando suscripción...",
+    "billingFreeTier": "Nivel Gratis",
+    "billingWarningOverLimit": "Advertencia: Has excedido uno o más límites de uso. Tus sitios no se conectarán hasta que modifiques tu suscripción o ajustes tu uso.",
+    "billingUsageLimitsOverview": "Descripción general de los límites de uso",
+    "billingMonitorUsage": "Monitorea tu uso comparado con los límites configurados. Si necesitas que aumenten los límites, contáctanos a soporte@pangolin.net.",
+    "billingDataUsage": "Uso de datos",
+    "billingOnlineTime": "Tiempo en línea del sitio",
+    "billingUsers": "Usuarios activos",
+    "billingDomains": "Dominios activos",
+    "billingRemoteExitNodes": "Nodos autogestionados activos",
+    "billingNoLimitConfigured": "No se ha configurado ningún límite",
+    "billingEstimatedPeriod": "Período de facturación estimado",
+    "billingIncludedUsage": "Uso incluido",
+    "billingIncludedUsageDescription": "Uso incluido con su plan de suscripción actual",
+    "billingFreeTierIncludedUsage": "Permisos de uso del nivel gratuito",
+    "billingIncluded": "incluido",
+    "billingEstimatedTotal": "Total Estimado:",
+    "billingNotes": "Notas",
+    "billingEstimateNote": "Esta es una estimación basada en tu uso actual.",
+    "billingActualChargesMayVary": "Los cargos reales pueden variar.",
+    "billingBilledAtEnd": "Se te facturará al final del período de facturación.",
+    "billingModifySubscription": "Modificar Suscripción",
+    "billingStartSubscription": "Iniciar Suscripción",
+    "billingRecurringCharge": "Cargo Recurrente",
+    "billingManageSubscriptionSettings": "Administra la configuración y preferencias de tu suscripción",
+    "billingNoActiveSubscription": "No tienes una suscripción activa. Inicia tu suscripción para aumentar los límites de uso.",
+    "billingFailedToLoadSubscription": "Error al cargar la suscripción",
+    "billingFailedToLoadUsage": "Error al cargar el uso",
+    "billingFailedToGetCheckoutUrl": "Error al obtener la URL de pago",
+    "billingPleaseTryAgainLater": "Por favor, inténtelo de nuevo más tarde.",
+    "billingCheckoutError": "Error de pago",
+    "billingFailedToGetPortalUrl": "Error al obtener la URL del portal",
+    "billingPortalError": "Error del portal",
+    "billingDataUsageInfo": "Se le cobran todos los datos transferidos a través de sus túneles seguros cuando se conectan a la nube. Esto incluye tanto tráfico entrante como saliente a través de todos sus sitios. Cuando alcance su límite, sus sitios se desconectarán hasta que actualice su plan o reduzca el uso. Los datos no se cargan cuando se usan nodos.",
+    "billingOnlineTimeInfo": "Se te cobrará en función del tiempo que tus sitios permanezcan conectados a la nube. Por ejemplo, 44.640 minutos equivale a un sitio que funciona 24/7 durante un mes completo. Cuando alcance su límite, sus sitios se desconectarán hasta que mejore su plan o reduzca el uso. No se cargará el tiempo al usar nodos.",
+    "billingUsersInfo": "Se te cobra por cada usuario en tu organización. La facturación se calcula diariamente según la cantidad de cuentas de usuario activas en tu organización.",
+    "billingDomainInfo": "Se te cobra por cada dominio en tu organización. La facturación se calcula diariamente según la cantidad de cuentas de dominio activas en tu organización.",
+    "billingRemoteExitNodesInfo": "Se te cobra por cada nodo gestionado en tu organización. La facturación se calcula diariamente según la cantidad de nodos gestionados activos en tu organización.",
     "domainNotFound": "Dominio no encontrado",
     "domainNotFoundDescription": "Este recurso está deshabilitado porque el dominio ya no existe en nuestro sistema. Por favor, establece un nuevo dominio para este recurso.",
     "failed": "Fallido",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "Se requiere autenticación de dos factores para registrar una llave de seguridad.",
     "twoFactor": "Autenticación de dos factores",
     "adminEnabled2FaOnYourAccount": "Su administrador ha habilitado la autenticación de dos factores para {email}. Por favor, complete el proceso de configuración para continuar.",
-    "continueToApplication": "Continuar a la aplicación",
     "securityKeyAdd": "Agregar llave de seguridad",
     "securityKeyRegisterTitle": "Registrar nueva llave de seguridad",
     "securityKeyRegisterDescription": "Conecta tu llave de seguridad y escribe un nombre para identificarla",
@@ -1266,6 +1367,7 @@
     "createDomainName": "Nombre:",
     "createDomainValue": "Valor:",
     "createDomainCnameRecords": "Registros CNAME",
+    "createDomainARecords": "Registros A",
     "createDomainRecordNumber": "Registro {number}",
     "createDomainTxtRecords": "Registros TXT",
     "createDomainSaveTheseRecords": "Guardar estos registros",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "Propagación DNS",
     "createDomainDnsPropagationDescription": "Los cambios de DNS pueden tardar un tiempo en propagarse a través de internet. Esto puede tardar desde unos pocos minutos hasta 48 horas, dependiendo de tu proveedor de DNS y la configuración de TTL.",
     "resourcePortRequired": "Se requiere número de puerto para recursos no HTTP",
-    "resourcePortNotAllowed": "El número de puerto no debe establecerse para recursos HTTP"
+    "resourcePortNotAllowed": "El número de puerto no debe establecerse para recursos HTTP",
+    "billingPricingCalculatorLink": "Calculadora de Precios",
+    "signUpTerms": {
+        "IAgreeToThe": "Estoy de acuerdo con los",
+        "termsOfService": "términos del servicio",
+        "and": "y",
+        "privacyPolicy": "política de privacidad"
+    },
+    "siteRequired": "El sitio es requerido.",
+    "olmTunnel": "Túnel Olm",
+    "olmTunnelDescription": "Usar Olm para la conectividad del cliente",
+    "errorCreatingClient": "Error al crear el cliente",
+    "clientDefaultsNotFound": "Configuración predeterminada del cliente no encontrada",
+    "createClient": "Crear cliente",
+    "createClientDescription": "Crear un cliente nuevo para conectar a sus sitios",
+    "seeAllClients": "Ver todos los clientes",
+    "clientInformation": "Información del cliente",
+    "clientNamePlaceholder": "Nombre del cliente",
+    "address": "Dirección",
+    "subnetPlaceholder": "Subred",
+    "addressDescription": "La dirección que este cliente utilizará para la conectividad",
+    "selectSites": "Seleccionar sitios",
+    "sitesDescription": "El cliente tendrá conectividad con los sitios seleccionados",
+    "clientInstallOlm": "Instalar Olm",
+    "clientInstallOlmDescription": "Obtén Olm funcionando en tu sistema",
+    "clientOlmCredentials": "Credenciales Olm",
+    "clientOlmCredentialsDescription": "Así es como Olm se autentificará con el servidor",
+    "olmEndpoint": "Punto final Olm",
+    "olmId": "ID de Olm",
+    "olmSecretKey": "Clave secreta de Olm",
+    "clientCredentialsSave": "Guarda tus credenciales",
+    "clientCredentialsSaveDescription": "Sólo podrás verlo una vez. Asegúrate de copiarlo a un lugar seguro.",
+    "generalSettingsDescription": "Configura la configuración general para este cliente",
+    "clientUpdated": "Cliente actualizado",
+    "clientUpdatedDescription": "El cliente ha sido actualizado.",
+    "clientUpdateFailed": "Error al actualizar el cliente",
+    "clientUpdateError": "Se ha producido un error al actualizar el cliente.",
+    "sitesFetchFailed": "Error al obtener los sitios",
+    "sitesFetchError": "Se ha producido un error al recuperar los sitios.",
+    "olmErrorFetchReleases": "Se ha producido un error al recuperar las versiones de Olm.",
+    "olmErrorFetchLatest": "Se ha producido un error al recuperar la última versión de Olm.",
+    "remoteSubnets": "Subredes remotas",
+    "enterCidrRange": "Ingresa el rango CIDR",
+    "remoteSubnetsDescription": "Agregue rangos CIDR que se puedan acceder desde este sitio de forma remota usando clientes. Utilice el formato como 10.0.0.0/24. Esto SOLO se aplica a la conectividad del cliente VPN.",
+    "resourceEnableProxy": "Habilitar proxy público",
+    "resourceEnableProxyDescription": "Habilite el proxy público para este recurso. Esto permite el acceso al recurso desde fuera de la red a través de la nube en un puerto abierto. Requiere configuración de Traefik.",
+    "externalProxyEnabled": "Proxy externo habilitado",
+    "addNewTarget": "Agregar nuevo destino",
+    "targetsList": "Lista de destinos",
+    "advancedMode": "Modo avanzado",
+    "targetErrorDuplicateTargetFound": "Se encontró un destino duplicado",
+    "healthCheckHealthy": "Saludable",
+    "healthCheckUnhealthy": "No saludable",
+    "healthCheckUnknown": "Desconocido",
+    "healthCheck": "Chequeo de salud",
+    "configureHealthCheck": "Configurar Chequeo de Salud",
+    "configureHealthCheckDescription": "Configura la monitorización de salud para {target}",
+    "enableHealthChecks": "Activar Chequeos de Salud",
+    "enableHealthChecksDescription": "Controlar la salud de este objetivo. Puedes supervisar un punto final diferente al objetivo si es necesario.",
+    "healthScheme": "Método",
+    "healthSelectScheme": "Seleccionar método",
+    "healthCheckPath": "Ruta",
+    "healthHostname": "IP / Nombre del host",
+    "healthPort": "Puerto",
+    "healthCheckPathDescription": "La ruta para comprobar el estado de salud.",
+    "healthyIntervalSeconds": "Intervalo Saludable",
+    "unhealthyIntervalSeconds": "Intervalo No Saludable",
+    "IntervalSeconds": "Intervalo Saludable",
+    "timeoutSeconds": "Tiempo de Espera",
+    "timeIsInSeconds": "El tiempo está en segundos",
+    "retryAttempts": "Intentos de Reintento",
+    "expectedResponseCodes": "Códigos de respuesta esperados",
+    "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
+    "customHeaders": "Cabeceras personalizadas",
+    "customHeadersDescription": "Nueva línea de cabeceras separada: Nombre de cabecera: valor",
+    "headersValidationError": "Los encabezados deben estar en el formato: Nombre de cabecera: valor.",
+    "saveHealthCheck": "Guardar Chequeo de Salud",
+    "healthCheckSaved": "Chequeo de Salud Guardado",
+    "healthCheckSavedDescription": "La configuración del chequeo de salud se ha guardado correctamente",
+    "healthCheckError": "Error en el Chequeo de Salud",
+    "healthCheckErrorDescription": "Ocurrió un error al guardar la configuración del chequeo de salud",
+    "healthCheckPathRequired": "Se requiere la ruta del chequeo de salud",
+    "healthCheckMethodRequired": "Se requiere el método HTTP",
+    "healthCheckIntervalMin": "El intervalo de comprobación debe ser de al menos 5 segundos",
+    "healthCheckTimeoutMin": "El tiempo de espera debe ser de al menos 1 segundo",
+    "healthCheckRetryMin": "Los intentos de reintento deben ser de al menos 1",
+    "httpMethod": "Método HTTP",
+    "selectHttpMethod": "Seleccionar método HTTP",
+    "domainPickerSubdomainLabel": "Subdominio",
+    "domainPickerBaseDomainLabel": "Dominio base",
+    "domainPickerSearchDomains": "Buscar dominios...",
+    "domainPickerNoDomainsFound": "No se encontraron dominios",
+    "domainPickerLoadingDomains": "Cargando dominios...",
+    "domainPickerSelectBaseDomain": "Seleccionar dominio base...",
+    "domainPickerNotAvailableForCname": "No disponible para dominios CNAME",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Ingrese subdominio o deje en blanco para usar dominio base.",
+    "domainPickerEnterSubdomainToSearch": "Ingrese un subdominio para buscar y seleccionar entre dominios gratuitos disponibles.",
+    "domainPickerFreeDomains": "Dominios gratuitos",
+    "domainPickerSearchForAvailableDomains": "Buscar dominios disponibles",
+    "domainPickerNotWorkSelfHosted": "Nota: Los dominios gratuitos proporcionados no están disponibles para instancias autogestionadas por ahora.",
+    "resourceDomain": "Dominio",
+    "resourceEditDomain": "Editar dominio",
+    "siteName": "Nombre del sitio",
+    "proxyPort": "Puerto",
+    "resourcesTableProxyResources": "Recursos de proxy",
+    "resourcesTableClientResources": "Recursos del cliente",
+    "resourcesTableNoProxyResourcesFound": "No se encontraron recursos de proxy.",
+    "resourcesTableNoInternalResourcesFound": "No se encontraron recursos internos.",
+    "resourcesTableDestination": "Destino",
+    "resourcesTableTheseResourcesForUseWith": "Estos recursos son para uso con",
+    "resourcesTableClients": "Clientes",
+    "resourcesTableAndOnlyAccessibleInternally": "y solo son accesibles internamente cuando se conectan con un cliente.",
+    "editInternalResourceDialogEditClientResource": "Editar recurso del cliente",
+    "editInternalResourceDialogUpdateResourceProperties": "Actualizar las propiedades del recurso y la configuración del objetivo para {resourceName}.",
+    "editInternalResourceDialogResourceProperties": "Propiedades del recurso",
+    "editInternalResourceDialogName": "Nombre",
+    "editInternalResourceDialogProtocol": "Protocolo",
+    "editInternalResourceDialogSitePort": "Puerto del sitio",
+    "editInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
+    "editInternalResourceDialogCancel": "Cancelar",
+    "editInternalResourceDialogSaveResource": "Guardar recurso",
+    "editInternalResourceDialogSuccess": "Éxito",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Recurso interno actualizado con éxito",
+    "editInternalResourceDialogError": "Error",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Error al actualizar el recurso interno",
+    "editInternalResourceDialogNameRequired": "El nombre es requerido",
+    "editInternalResourceDialogNameMaxLength": "El nombre no debe tener más de 255 caracteres",
+    "editInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1",
+    "editInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido",
+    "editInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1",
+    "editInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536",
+    "createInternalResourceDialogNoSitesAvailable": "No hay sitios disponibles",
+    "createInternalResourceDialogNoSitesAvailableDescription": "Necesita tener al menos un sitio de Newt con una subred configurada para crear recursos internos.",
+    "createInternalResourceDialogClose": "Cerrar",
+    "createInternalResourceDialogCreateClientResource": "Crear recurso del cliente",
+    "createInternalResourceDialogCreateClientResourceDescription": "Crear un nuevo recurso que será accesible para los clientes conectados al sitio seleccionado.",
+    "createInternalResourceDialogResourceProperties": "Propiedades del recurso",
+    "createInternalResourceDialogName": "Nombre",
+    "createInternalResourceDialogSite": "Sitio",
+    "createInternalResourceDialogSelectSite": "Seleccionar sitio...",
+    "createInternalResourceDialogSearchSites": "Buscar sitios...",
+    "createInternalResourceDialogNoSitesFound": "Sitios no encontrados.",
+    "createInternalResourceDialogProtocol": "Protocolo",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Puerto del sitio",
+    "createInternalResourceDialogSitePortDescription": "Use este puerto para acceder al recurso en el sitio cuando se conecta con un cliente.",
+    "createInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
+    "createInternalResourceDialogDestinationIPDescription": "La dirección IP o nombre de host del recurso en la red del sitio.",
+    "createInternalResourceDialogDestinationPortDescription": "El puerto en la IP de destino donde el recurso es accesible.",
+    "createInternalResourceDialogCancel": "Cancelar",
+    "createInternalResourceDialogCreateResource": "Crear recurso",
+    "createInternalResourceDialogSuccess": "Éxito",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Recurso interno creado con éxito",
+    "createInternalResourceDialogError": "Error",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Error al crear recurso interno",
+    "createInternalResourceDialogNameRequired": "El nombre es requerido",
+    "createInternalResourceDialogNameMaxLength": "El nombre debe ser menor de 255 caracteres",
+    "createInternalResourceDialogPleaseSelectSite": "Por favor seleccione un sitio",
+    "createInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1",
+    "createInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido",
+    "createInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1",
+    "createInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536",
+    "siteConfiguration": "Configuración",
+    "siteAcceptClientConnections": "Aceptar conexiones de clientes",
+    "siteAcceptClientConnectionsDescription": "Permitir que otros dispositivos se conecten a través de esta instancia Newt como una puerta de enlace utilizando clientes.",
+    "siteAddress": "Dirección del sitio",
+    "siteAddressDescription": "Especifique la dirección IP del host que los clientes deben usar para conectarse. Esta es la dirección interna del sitio en la red de Pangolín para que los clientes dirijan. Debe estar dentro de la subred de la organización.",
+    "autoLoginExternalIdp": "Inicio de sesión automático con IDP externo",
+    "autoLoginExternalIdpDescription": "Redirigir inmediatamente al usuario al IDP externo para autenticación.",
+    "selectIdp": "Seleccionar IDP",
+    "selectIdpPlaceholder": "Elegir un IDP...",
+    "selectIdpRequired": "Por favor seleccione un IDP cuando el inicio de sesión automático esté habilitado.",
+    "autoLoginTitle": "Redirigiendo",
+    "autoLoginDescription": "Te estamos redirigiendo al proveedor de identidad externo para autenticación.",
+    "autoLoginProcessing": "Preparando autenticación...",
+    "autoLoginRedirecting": "Redirigiendo al inicio de sesión...",
+    "autoLoginError": "Error de inicio de sesión automático",
+    "autoLoginErrorNoRedirectUrl": "No se recibió URL de redirección del proveedor de identidad.",
+    "autoLoginErrorGeneratingUrl": "Error al generar URL de autenticación.",
+    "remoteExitNodeManageRemoteExitNodes": "Nodos remotos",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Nodos",
+    "searchRemoteExitNodes": "Buscar nodos...",
+    "remoteExitNodeAdd": "Añadir Nodo",
+    "remoteExitNodeErrorDelete": "Error al eliminar el nodo",
+    "remoteExitNodeQuestionRemove": "¿Está seguro de que desea eliminar el nodo {selectedNode} de la organización?",
+    "remoteExitNodeMessageRemove": "Una vez eliminado, el nodo ya no será accesible.",
+    "remoteExitNodeMessageConfirm": "Para confirmar, por favor escriba el nombre del nodo a continuación.",
+    "remoteExitNodeConfirmDelete": "Confirmar eliminar nodo",
+    "remoteExitNodeDelete": "Eliminar Nodo",
+    "sidebarRemoteExitNodes": "Nodos remotos",
+    "remoteExitNodeCreate": {
+        "title": "Crear Nodo",
+        "description": "Crear un nuevo nodo para extender la conectividad de red",
+        "viewAllButton": "Ver todos los nodos",
+        "strategy": {
+            "title": "Estrategia de Creación",
+            "description": "Elija esto para configurar manualmente su nodo o generar nuevas credenciales.",
+            "adopt": {
+                "title": "Adoptar Nodo",
+                "description": "Elija esto si ya tiene las credenciales para el nodo."
+            },
+            "generate": {
+                "title": "Generar Claves",
+                "description": "Elija esto si desea generar nuevas claves para el nodo"
+            }
+        },
+        "adopt": {
+            "title": "Adoptar Nodo Existente",
+            "description": "Introduzca las credenciales del nodo existente que desea adoptar",
+            "nodeIdLabel": "ID del nodo",
+            "nodeIdDescription": "El ID del nodo existente que desea adoptar",
+            "secretLabel": "Secreto",
+            "secretDescription": "La clave secreta del nodo existente",
+            "submitButton": "Adoptar Nodo"
+        },
+        "generate": {
+            "title": "Credenciales Generadas",
+            "description": "Utilice estas credenciales generadas para configurar su nodo",
+            "nodeIdTitle": "ID del nodo",
+            "secretTitle": "Secreto",
+            "saveCredentialsTitle": "Agregar Credenciales a la Configuración",
+            "saveCredentialsDescription": "Agrega estas credenciales a tu archivo de configuración del nodo Pangolin autogestionado para completar la conexión.",
+            "submitButton": "Crear Nodo"
+        },
+        "validation": {
+            "adoptRequired": "El ID del nodo y el secreto son necesarios al adoptar un nodo existente"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Falló al cargar los valores predeterminados",
+            "defaultsNotLoaded": "Valores predeterminados no cargados",
+            "createFailed": "Error al crear el nodo"
+        },
+        "success": {
+            "created": "Nodo creado correctamente"
+        }
+    },
+    "remoteExitNodeSelection": "Selección de nodo",
+    "remoteExitNodeSelectionDescription": "Seleccione un nodo a través del cual enrutar el tráfico para este sitio local",
+    "remoteExitNodeRequired": "Un nodo debe ser seleccionado para sitios locales",
+    "noRemoteExitNodesAvailable": "No hay nodos disponibles",
+    "noRemoteExitNodesAvailableDescription": "No hay nodos disponibles para esta organización. Crea un nodo primero para usar sitios locales.",
+    "exitNode": "Nodo de Salida",
+    "country": "País",
+    "rulesMatchCountry": "Actualmente basado en IP de origen",
+    "managedSelfHosted": {
+        "title": "Autogestionado",
+        "description": "Servidor Pangolin autoalojado más fiable y de bajo mantenimiento con campanas y silbidos extra",
+        "introTitle": "Pangolin autogestionado",
+        "introDescription": "es una opción de despliegue diseñada para personas que quieren simplicidad y fiabilidad extra mientras mantienen sus datos privados y autoalojados.",
+        "introDetail": "Con esta opción, todavía ejecuta su propio nodo Pangolin, sus túneles, terminación SSL y tráfico permanecen en su servidor. La diferencia es que la gestión y el control se gestionan a través de nuestro panel de control en la nube, que desbloquea una serie de ventajas:",
+        "benefitSimplerOperations": {
+            "title": "Operaciones simples",
+            "description": "No necesitas ejecutar tu propio servidor de correo o configurar alertas complejas. Recibirás cheques de salud y alertas de tiempo de inactividad."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Actualizaciones automáticas",
+            "description": "El tablero de la nube evolucionará rápidamente, por lo que obtendrá nuevas características y correcciones de errores sin tener que extraer manualmente nuevos contenedores cada vez."
+        },
+        "benefitLessMaintenance": {
+            "title": "Menos mantenimiento",
+            "description": "No hay migraciones de base de datos, copias de seguridad o infraestructura extra para administrar. Lo manejamos en la nube."
+        },
+        "benefitCloudFailover": {
+            "title": "Fallo en la nube",
+            "description": "Si tu nodo cae, tus túneles pueden fallar temporalmente a nuestros puntos de presencia en la nube hasta que lo vuelvas a conectar."
+        },
+        "benefitHighAvailability": {
+            "title": "Alta disponibilidad (PoPs)",
+            "description": "También puede adjuntar múltiples nodos a su cuenta para redundancia y mejor rendimiento."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Mejoras futuras",
+            "description": "Estamos planeando añadir más herramientas analíticas, alertas y de administración para hacer su despliegue aún más robusto."
+        },
+        "docsAlert": {
+            "text": "Aprenda más acerca de la opción de autoalojamiento administrado en nuestra",
+            "documentation": "documentación"
+        },
+        "convertButton": "Convierte este nodo a autoalojado administrado"
+    },
+    "internationaldomaindetected": "Dominio Internacional detectado",
+    "willbestoredas": "Se almacenará como:",
+    "roleMappingDescription": "Determinar cómo se asignan los roles a los usuarios cuando se registran cuando está habilitada la provisión automática.",
+    "selectRole": "Seleccione un rol",
+    "roleMappingExpression": "Expresión",
+    "selectRolePlaceholder": "Elija un rol",
+    "selectRoleDescription": "Seleccione un rol para asignar a todos los usuarios de este proveedor de identidad",
+    "roleMappingExpressionDescription": "Introduzca una expresión JMESPath para extraer información de rol del token de ID",
+    "idpTenantIdRequired": "El ID del cliente es obligatorio",
+    "invalidValue": "Valor inválido",
+    "idpTypeLabel": "Tipo de proveedor de identidad",
+    "roleMappingExpressionPlaceholder": "e.g., contiene(grupos, 'administrador') && 'administrador' || 'miembro'",
+    "idpGoogleConfiguration": "Configuración de Google",
+    "idpGoogleConfigurationDescription": "Configura tus credenciales de Google OAuth2",
+    "idpGoogleClientIdDescription": "Tu ID de cliente de Google OAuth2",
+    "idpGoogleClientSecretDescription": "Tu secreto de cliente de Google OAuth2",
+    "idpAzureConfiguration": "Configuración de Azure Entra ID",
+    "idpAzureConfigurationDescription": "Configure sus credenciales de Azure Entra ID OAuth2",
+    "idpTenantId": "ID del inquilino",
+    "idpTenantIdPlaceholder": "su-inquilino-id",
+    "idpAzureTenantIdDescription": "Su ID de inquilino de Azure (encontrado en el resumen de Azure Active Directory)",
+    "idpAzureClientIdDescription": "Tu ID de Cliente de Registro de Azure App",
+    "idpAzureClientSecretDescription": "Tu Azure App Registro Cliente secreto",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Configuración de Google",
+    "idpAzureConfigurationTitle": "Configuración de Azure Entra ID",
+    "idpTenantIdLabel": "ID del inquilino",
+    "idpAzureClientIdDescription2": "Tu ID de Cliente de Registro de Azure App",
+    "idpAzureClientSecretDescription2": "Tu Azure App Registro Cliente secreto",
+    "idpGoogleDescription": "Proveedor OAuth2/OIDC de Google",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "Subred",
+    "subnetDescription": "La subred para la configuración de red de esta organización.",
+    "authPage": "Página Auth",
+    "authPageDescription": "Configurar la página de autenticación de su organización",
+    "authPageDomain": "Dominio de la página Auth",
+    "noDomainSet": "Ningún dominio establecido",
+    "changeDomain": "Cambiar dominio",
+    "selectDomain": "Seleccionar dominio",
+    "restartCertificate": "Reiniciar certificado",
+    "editAuthPageDomain": "Editar dominio Auth Page",
+    "setAuthPageDomain": "Establecer dominio Auth Page",
+    "failedToFetchCertificate": "Error al obtener el certificado",
+    "failedToRestartCertificate": "Error al reiniciar el certificado",
+    "addDomainToEnableCustomAuthPages": "Añadir un dominio para habilitar páginas de autenticación personalizadas para su organización",
+    "selectDomainForOrgAuthPage": "Seleccione un dominio para la página de autenticación de la organización",
+    "domainPickerProvidedDomain": "Dominio proporcionado",
+    "domainPickerFreeProvidedDomain": "Dominio proporcionado gratis",
+    "domainPickerVerified": "Verificado",
+    "domainPickerUnverified": "Sin verificar",
+    "domainPickerInvalidSubdomainStructure": "Este subdominio contiene caracteres o estructura no válidos. Se limpiará automáticamente al guardar.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Error al cargar los dominios de la organización",
+    "domainPickerErrorCheckAvailability": "No se pudo comprobar la disponibilidad del dominio",
+    "domainPickerInvalidSubdomain": "Subdominio inválido",
+    "domainPickerInvalidSubdomainRemoved": "La entrada \"{sub}\" fue eliminada porque no es válida.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "No se ha podido hacer válido \"{sub}\" para {domain}.",
+    "domainPickerSubdomainSanitized": "Subdominio saneado",
+    "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\"",
+    "orgAuthSignInTitle": "Inicia sesión en tu organización",
+    "orgAuthChooseIdpDescription": "Elige tu proveedor de identidad para continuar",
+    "orgAuthNoIdpConfigured": "Esta organización no tiene ningún proveedor de identidad configurado. En su lugar puedes iniciar sesión con tu identidad de Pangolin.",
+    "orgAuthSignInWithPangolin": "Iniciar sesión con Pangolin",
+    "subscriptionRequiredToUse": "Se requiere una suscripción para utilizar esta función.",
+    "idpDisabled": "Los proveedores de identidad están deshabilitados.",
+    "orgAuthPageDisabled": "La página de autenticación de la organización está deshabilitada.",
+    "domainRestartedDescription": "Verificación de dominio reiniciada con éxito",
+    "resourceAddEntrypointsEditFile": "Editar archivo: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Editar archivo: docker-compose.yml",
+    "emailVerificationRequired": "Se requiere verificación de correo electrónico. Por favor, inicie sesión de nuevo a través de {dashboardUrl}/auth/login complete este paso. Luego, vuelva aquí.",
+    "twoFactorSetupRequired": "La configuración de autenticación de doble factor es requerida. Por favor, inicia sesión de nuevo a través de {dashboardUrl}/auth/login completa este paso. Luego, vuelve aquí.",
+    "authPageErrorUpdateMessage": "Ocurrió un error mientras se actualizaban los ajustes de la página auth",
+    "authPageUpdated": "Página auth actualizada correctamente",
+    "healthCheckNotAvailable": "Local",
+    "rewritePath": "Reescribir Ruta",
+    "rewritePathDescription": "Opcionalmente reescribe la ruta antes de reenviar al destino.",
+    "continueToApplication": "Continuar a la aplicación",
+    "checkingInvite": "Comprobando invitación",
+    "setResourceHeaderAuth": "set-Resource HeaderAuth",
+    "resourceHeaderAuthRemove": "Eliminar Auth del Encabezado",
+    "resourceHeaderAuthRemoveDescription": "Autenticación de cabecera eliminada correctamente.",
+    "resourceErrorHeaderAuthRemove": "Error al eliminar autenticación de cabecera",
+    "resourceErrorHeaderAuthRemoveDescription": "No se pudo eliminar la autenticación de cabecera del recurso.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Error al establecer autenticación de cabecera",
+    "resourceErrorHeaderAuthSetupDescription": "No se pudo establecer autenticación de cabecera para el recurso.",
+    "resourceHeaderAuthSetup": "Autenticación de cabecera establecida correctamente",
+    "resourceHeaderAuthSetupDescription": "La autenticación de cabecera se ha establecido correctamente.",
+    "resourceHeaderAuthSetupTitle": "Establecer autenticación de cabecera",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Establecer autenticación de cabecera",
+    "actionSetResourceHeaderAuth": "Establecer autenticación de cabecera",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Prioridad",
+    "priorityDescription": "Las rutas de prioridad más alta son evaluadas primero. Prioridad = 100 significa orden automático (decisiones del sistema). Utilice otro número para hacer cumplir la prioridad manual.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/fr-FR.json

@@ -6,45 +6,45 @@
     "setupOrgName": "Nom de l'organisation",
     "orgDisplayName": "Ceci est le nom d'affichage de votre organisation.",
     "orgId": "ID de l'organisation",
-    "setupIdentifierMessage": "Ceci est l'identifiant unique pour votre organisation. Il est séparé du nom affiché.",
-    "setupErrorIdentifier": "L'ID de l'organisation est déjà pris. Veuillez en choisir un autre.",
+    "setupIdentifierMessage": "Ceci est l'identifiant de votre organisation. Il est différent du nom affiché.",
+    "setupErrorIdentifier": "Cet identifiant est déjà pris. Veuillez en choisir un autre.",
     "componentsErrorNoMemberCreate": "Vous n'êtes actuellement membre d'aucune organisation. Créez une organisation pour commencer.",
     "componentsErrorNoMember": "Vous n'êtes actuellement membre d'aucune organisation.",
-    "welcome": "Bienvenue à Pangolin",
+    "welcome": "Bienvenue sur Pangolin",
     "welcomeTo": "Bienvenue chez",
     "componentsCreateOrg": "Créer une organisation",
-    "componentsMember": "Vous êtes membre de {count, plural, =0 {aucune organisation} one {une organisation} other {# organisations}}.",
+    "componentsMember": "Vous {count, plural, =0 {n'} other {}}êtes membre {count, plural, =0 {d'aucune organisation} one {d'une organisation} other {de # organisations}}.",
     "componentsInvalidKey": "Clés de licence invalides ou expirées détectées. Suivez les conditions de licence pour continuer à utiliser toutes les fonctionnalités.",
     "dismiss": "Refuser",
     "componentsLicenseViolation": "Violation de licence : Ce serveur utilise des sites {usedSites} qui dépassent la limite autorisée des sites {maxSites} . Suivez les conditions de licence pour continuer à utiliser toutes les fonctionnalités.",
     "componentsSupporterMessage": "Merci de soutenir Pangolin en tant que {tier}!",
-    "inviteErrorNotValid": "Nous sommes désolés, mais il semble que l'invitation que vous essayez d'accéder n'ait pas été acceptée ou n'est plus valide.",
-    "inviteErrorUser": "Nous sommes désolés, mais il semble que l'invitation que vous essayez d'accéder ne soit pas pour cet utilisateur.",
-    "inviteLoginUser": "Assurez-vous que vous êtes bien connecté en tant qu'utilisateur correct.",
-    "inviteErrorNoUser": "Nous sommes désolés, mais il semble que l'invitation que vous essayez d'accéder ne soit pas pour un utilisateur qui existe.",
-    "inviteCreateUser": "Veuillez d'abord créer un compte.",
-    "goHome": "Retour à la maison",
+    "inviteErrorNotValid": "Nous sommes désolés, mais il semble que l'invitation via laquelle vous essayez d'accéder n'ait pas été acceptée ou n'est plus valide.",
+    "inviteErrorUser": "Nous sommes désolés, mais il semble que l'invitation via laquelle vous essayez d'accéder ne soit pas pour cet utilisateur.",
+    "inviteLoginUser": "Assurez-vous d'etre bien connecté au bon compte.",
+    "inviteErrorNoUser": "Nous sommes désolés, mais il semble que l'invitation via laquelle vous essayez d'accéder ne soit pas pour un utilisateur qui existe.",
+    "inviteCreateUser": "Vous n'avez aucun compte, veuillez en créer un.",
+    "goHome": "Retour à l'accueil",
     "inviteLogInOtherUser": "Se connecter en tant qu'utilisateur différent",
     "createAnAccount": "Créer un compte",
     "inviteNotAccepted": "Invitation non acceptée",
     "authCreateAccount": "Créez un compte pour commencer",
     "authNoAccount": "Vous n'avez pas de compte ?",
-    "email": "Courriel",
+    "email": "Adresse email",
     "password": "Mot de passe",
     "confirmPassword": "Confirmer le mot de passe",
     "createAccount": "Créer un compte",
     "viewSettings": "Afficher les paramètres",
-    "delete": "Supprimez",
+    "delete": "Supprimer",
     "name": "Nom",
     "online": "En ligne",
     "offline": "Hors ligne",
     "site": "Site",
-    "dataIn": "Données dans",
-    "dataOut": "Données épuisées",
+    "dataIn": "Données reçues",
+    "dataOut": "Données émises",
     "connectionType": "Type de connexion",
     "tunnelType": "Type de tunnel",
     "local": "Locale",
-    "edit": "Editer",
+    "edit": "Modifier",
     "siteConfirmDelete": "Confirmer la suppression du site",
     "siteDelete": "Supprimer le site",
     "siteMessageRemove": "Une fois supprimé, le site ne sera plus accessible. Toutes les ressources et cibles associées au site seront également supprimées.",
@@ -59,17 +59,16 @@
     "siteErrorCreate": "Erreur lors de la création du site",
     "siteErrorCreateKeyPair": "Paire de clés ou site par défaut introuvable",
     "siteErrorCreateDefaults": "Les valeurs par défaut du site sont introuvables",
-    "siteNameDescription": "Ceci est le nom d'affichage du site.",
     "method": "Méthode",
     "siteMethodDescription": "C'est ainsi que vous exposerez les connexions.",
     "siteLearnNewt": "Apprenez à installer Newt sur votre système",
     "siteSeeConfigOnce": "Vous ne pourrez voir la configuration qu'une seule fois.",
     "siteLoadWGConfig": "Chargement de la configuration WireGuard...",
-    "siteDocker": "Développer les détails du déploiement Docker",
+    "siteDocker": "Afficher les détails du déploiement Docker",
     "toggle": "Activer/désactiver",
-    "dockerCompose": "Composition Docker",
-    "dockerRun": "Exécution Docker",
-    "siteLearnLocal": "Les sites locaux ne tunnel, en savoir plus",
+    "dockerCompose": "Docker Compose",
+    "dockerRun": "Docker Run",
+    "siteLearnLocal": "Les sites locaux ne permettent pas d'utiliser les tunnel, en savoir plus",
     "siteConfirmCopy": "J'ai copié la configuration",
     "searchSitesProgress": "Rechercher des sites...",
     "siteAdd": "Ajouter un site",
@@ -80,9 +79,9 @@
     "operatingSystem": "Système d'exploitation",
     "commands": "Commandes",
     "recommended": "Recommandé",
-    "siteNewtDescription": "Pour une meilleure expérience d'utilisateur, utilisez Newt. Il utilise WireGuard sous le capot et vous permet d'adresser vos ressources privées par leur adresse LAN sur votre réseau privé à partir du tableau de bord Pangolin.",
-    "siteRunsInDocker": "Exécute dans Docker",
-    "siteRunsInShell": "Exécute en shell sur macOS, Linux et Windows",
+    "siteNewtDescription": "Pour une meilleure expérience d'utilisateur, utilisez Newt. Newt se base sur WireGuard et vous permet d'adresser vos ressources privées par leur adresse LAN sur votre réseau privé à partir du tableau de bord Pangolin.",
+    "siteRunsInDocker": "S'exécute dans Docker",
+    "siteRunsInShell": "S'exécute en shell sur macOS, Linux et Windows",
     "siteErrorDelete": "Erreur lors de la suppression du site",
     "siteErrorUpdate": "Impossible de mettre à jour le site",
     "siteErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour du site.",
@@ -90,16 +89,18 @@
     "siteUpdatedDescription": "Le site a été mis à jour.",
     "siteGeneralDescription": "Configurer les paramètres généraux de ce site",
     "siteSettingDescription": "Configurer les paramètres de votre site",
-    "siteSetting": "Réglages {siteName}",
+    "siteSetting": "Réglages de {siteName}",
     "siteNewtTunnel": "Tunnel Newt (Recommandé)",
     "siteNewtTunnelDescription": "La façon la plus simple de créer un point d'entrée dans votre réseau. Pas de configuration supplémentaire.",
     "siteWg": "WireGuard basique",
     "siteWgDescription": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise.",
+    "siteWgDescriptionSaas": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES",
     "siteLocalDescription": "Ressources locales seulement. Pas de tunneling.",
+    "siteLocalDescriptionSaas": "Ressources locales seulement. Pas de tunneling. Seulement disponible sur les noeuds distants",
     "siteSeeAll": "Voir tous les sites",
     "siteTunnelDescription": "Déterminez comment vous voulez vous connecter à votre site",
     "siteNewtCredentials": "Identifiants Newt",
-    "siteNewtCredentialsDescription": "C'est ainsi que Newt s'authentifiera avec le serveur",
+    "siteNewtCredentialsDescription": "C'est comme cela que Newt s'authentifiera avec le serveur",
     "siteCredentialsSave": "Enregistrez vos identifiants",
     "siteCredentialsSaveDescription": "Vous ne pourrez voir cela qu'une seule fois. Assurez-vous de le copier dans un endroit sécurisé.",
     "siteInfo": "Informations sur le site",
@@ -111,7 +112,7 @@
     "shareErrorDelete": "Impossible de supprimer le lien",
     "shareErrorDeleteMessage": "Une erreur s'est produite lors de la suppression du lien",
     "shareDeleted": "Lien supprimé",
-    "shareDeletedDescription": "Le lien a été supprimé",
+    "shareDeletedDescription": "Le lien de partage a été supprimé",
     "shareTokenDescription": "Votre jeton d'accès peut être passé de deux façons : en tant que paramètre de requête ou dans les en-têtes de la requête. Elles doivent être transmises par le client à chaque demande d'accès authentifié.",
     "accessToken": "Jeton d'accès",
     "usageExamples": "Exemples d'utilisation",
@@ -133,7 +134,7 @@
     "shareExpireDescription": "Le temps d'expiration est combien de temps le lien sera utilisable et fournira un accès à la ressource. Après cette période, le lien ne fonctionnera plus et les utilisateurs qui ont utilisé ce lien perdront l'accès à la ressource.",
     "shareSeeOnce": "Vous ne pourrez voir ce lien. Assurez-vous de le copier.",
     "shareAccessHint": "N'importe qui avec ce lien peut accéder à la ressource. Partagez-le avec soin.",
-    "shareTokenUsage": "Voir Utilisation du jeton d'accès",
+    "shareTokenUsage": "Voir l'utilisation du jeton d'accès",
     "createLink": "Créer un lien",
     "resourcesNotFound": "Aucune ressource trouvée",
     "resourceSearch": "Rechercher des ressources",
@@ -167,7 +168,10 @@
     "siteSelect": "Sélectionner un site",
     "siteSearch": "Chercher un site",
     "siteNotFound": "Aucun site trouvé.",
-    "siteSelectionDescription": "Ce site fournira la connectivité à la ressource.",
+    "selectCountry": "Sélectionnez un pays",
+    "searchCountries": "Recherchez des pays...",
+    "noCountryFound": "Aucun pays trouvé.",
+    "siteSelectionDescription": "Ce site fournira la connectivité à la cible.",
     "resourceType": "Type de ressource",
     "resourceTypeDescription": "Déterminer comment vous voulez accéder à votre ressource",
     "resourceHTTPSSettings": "Paramètres HTTPS",
@@ -198,11 +202,13 @@
     "general": "Généraux",
     "generalSettings": "Paramètres généraux",
     "proxy": "Proxy",
+    "internal": "Interne",
     "rules": "Règles",
     "resourceSettingDescription": "Configurer les paramètres de votre ressource",
     "resourceSetting": "Réglages {resourceName}",
     "alwaysAllow": "Toujours autoriser",
     "alwaysDeny": "Toujours refuser",
+    "passToAuth": "Paser à l'authentification",
     "orgSettingsDescription": "Configurer les paramètres généraux de votre organisation",
     "orgGeneralSettings": "Paramètres de l'organisation",
     "orgGeneralSettingsDescription": "Gérer les détails et la configuration de votre organisation",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "Une erreur s'est produite lors de l'ajout de l'utilisateur au rôle.",
     "userSaved": "Utilisateur enregistré",
     "userSavedDescription": "L'utilisateur a été mis à jour.",
+    "autoProvisioned": "Auto-provisionné",
+    "autoProvisionedDescription": "Permettre à cet utilisateur d'être géré automatiquement par le fournisseur d'identité",
     "accessControlsDescription": "Gérer ce que cet utilisateur peut accéder et faire dans l'organisation",
     "accessControlsSubmit": "Enregistrer les contrôles d'accès",
     "roles": "Rôles",
@@ -460,7 +468,10 @@
     "createdAt": "Créé le",
     "proxyErrorInvalidHeader": "Valeur d'en-tête Host personnalisée invalide. Utilisez le format de nom de domaine, ou laissez vide pour désactiver l'en-tête Host personnalisé.",
     "proxyErrorTls": "Nom de serveur TLS invalide. Utilisez le format de nom de domaine, ou laissez vide pour supprimer le nom de serveur TLS.",
-    "proxyEnableSSL": "Activer SSL (https)",
+    "proxyEnableSSL": "Activer SSL",
+    "proxyEnableSSLDescription": "Activez le cryptage SSL/TLS pour des connexions HTTPS sécurisées vers vos cibles.",
+    "target": "Target",
+    "configureTarget": "Configurer les cibles",
     "targetErrorFetch": "Échec de la récupération des cibles",
     "targetErrorFetchDescription": "Une erreur s'est produite lors de la récupération des cibles",
     "siteErrorFetch": "Échec de la récupération de la ressource",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "Configuration sécurisée de connexion",
     "targetTlsSettingsDescription": "Configurer les paramètres SSL/TLS pour votre ressource",
     "targetTlsSettingsAdvanced": "Paramètres TLS avancés",
-    "targetTlsSni": "Nom de serveur TLS (SNI)",
+    "targetTlsSni": "Nom du serveur TLS",
     "targetTlsSniDescription": "Le nom de serveur TLS à utiliser pour SNI. Laissez vide pour utiliser la valeur par défaut.",
     "targetTlsSubmit": "Enregistrer les paramètres",
     "targets": "Configuration des cibles",
-    "targetsDescription": "Configurez les cibles pour router le trafic vers vos services",
+    "targetsDescription": "Configurez les cibles pour router le trafic vers vos services.",
     "targetStickySessions": "Activer les sessions persistantes",
     "targetStickySessionsDescription": "Maintenir les connexions sur la même cible backend pendant toute leur session.",
     "methodSelect": "Sélectionner la méthode",
     "targetSubmit": "Ajouter une cible",
-    "targetNoOne": "Aucune cible. Ajoutez une cible en utilisant le formulaire.",
+    "targetNoOne": "Cette ressource n'a aucune cible. Ajoutez une cible pour configurer où envoyer des requêtes à votre backend.",
     "targetNoOneDescription": "L'ajout de plus d'une cible ci-dessus activera l'équilibrage de charge.",
     "targetsSubmit": "Enregistrer les cibles",
+    "addTarget": "Ajouter une cible",
+    "targetErrorInvalidIp": "Adresse IP invalide",
+    "targetErrorInvalidIpDescription": "Veuillez entrer une adresse IP ou un nom d'hôte valide",
+    "targetErrorInvalidPort": "Port invalide",
+    "targetErrorInvalidPortDescription": "Veuillez entrer un numéro de port valide",
+    "targetErrorNoSite": "Aucun site sélectionné",
+    "targetErrorNoSiteDescription": "Veuillez sélectionner un site pour la cible",
+    "targetCreated": "Cible créée",
+    "targetCreatedDescription": "La cible a été créée avec succès",
+    "targetErrorCreate": "Impossible de créer la cible",
+    "targetErrorCreateDescription": "Une erreur s'est produite lors de la création de la cible",
+    "save": "Enregistrer",
     "proxyAdditional": "Paramètres de proxy supplémentaires",
     "proxyAdditionalDescription": "Configurer la façon dont votre ressource gère les paramètres de proxy",
     "proxyCustomHeader": "En-tête Host personnalisé",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "Format d'adresse IP invalide",
     "ipAddressErrorInvalidOctet": "Octet d'adresse IP invalide",
     "path": "Chemin",
+    "matchPath": "Chemin de correspondance",
     "ipAddressRange": "Plage IP",
     "rulesErrorFetch": "Échec de la récupération des règles",
     "rulesErrorFetchDescription": "Une erreur s'est produite lors de la récupération des règles",
@@ -543,6 +567,7 @@
     "rulesActions": "Actions",
     "rulesActionAlwaysAllow": "Toujours autoriser : Contourner toutes les méthodes d'authentification",
     "rulesActionAlwaysDeny": "Toujours refuser : Bloquer toutes les requêtes ; aucune authentification ne peut être tentée",
+    "rulesActionPassToAuth": "Passer à l'authentification : Autoriser les méthodes d'authentification à être tentées",
     "rulesMatchCriteria": "Critères de correspondance",
     "rulesMatchCriteriaIpAddress": "Correspondre à une adresse IP spécifique",
     "rulesMatchCriteriaIpAddressRange": "Correspondre à une plage d'adresses IP en notation CIDR",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "Admin Serveur - Pangolin",
     "licenseTierProfessional": "Licence Professionnelle",
     "licenseTierEnterprise": "Licence Entreprise",
-    "licenseTierCommercial": "Licence commerciale",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Sous licence",
     "yes": "Oui",
     "no": "Non",
@@ -740,7 +765,7 @@
     "idpDisplayName": "Un nom d'affichage pour ce fournisseur d'identité",
     "idpAutoProvisionUsers": "Approvisionnement automatique des utilisateurs",
     "idpAutoProvisionUsersDescription": "Lorsque cette option est activée, les utilisateurs seront automatiquement créés dans le système lors de leur première connexion avec la possibilité de mapper les utilisateurs aux rôles et aux organisations.",
-    "licenseBadge": "Professionnel",
+    "licenseBadge": "EE",
     "idpType": "Type de fournisseur",
     "idpTypeDescription": "Sélectionnez le type de fournisseur d'identité que vous souhaitez configurer",
     "idpOidcConfigure": "Configuration OAuth2/OIDC",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "Le code PIN doit comporter exactement 6 chiffres",
     "pincodeRequirementsChars": "Le code PIN ne doit contenir que des chiffres",
     "passwordRequirementsLength": "Le mot de passe doit comporter au moins 1 caractère",
+    "passwordRequirementsTitle": "Exigences relatives au mot de passe :",
+    "passwordRequirementLength": "Au moins 8 caractères",
+    "passwordRequirementUppercase": "Au moins une lettre majuscule",
+    "passwordRequirementLowercase": "Au moins une lettre minuscule",
+    "passwordRequirementNumber": "Au moins un chiffre",
+    "passwordRequirementSpecial": "Au moins un caractère spécial",
+    "passwordRequirementsMet": "✓ Le mot de passe répond à toutes les exigences",
+    "passwordStrength": "Solidité du mot de passe",
+    "passwordStrengthWeak": "Faible",
+    "passwordStrengthMedium": "Moyen",
+    "passwordStrengthStrong": "Fort",
+    "passwordRequirements": "Exigences :",
+    "passwordRequirementLengthText": "8+ caractères",
+    "passwordRequirementUppercaseText": "Lettre majuscule (A-Z)",
+    "passwordRequirementLowercaseText": "Lettre minuscule (a-z)",
+    "passwordRequirementNumberText": "Nombre (0-9)",
+    "passwordRequirementSpecialText": "Caractère spécial (!@#$%...)",
+    "passwordsDoNotMatch": "Les mots de passe ne correspondent pas",
     "otpEmailRequirementsLength": "L'OTP doit comporter au moins 1 caractère",
     "otpEmailSent": "OTP envoyé",
     "otpEmailSentDescription": "Un OTP a été envoyé à votre e-mail",
@@ -953,12 +996,15 @@
     "logoutError": "Erreur lors de la déconnexion",
     "signingAs": "Connecté en tant que",
     "serverAdmin": "Admin Serveur",
+    "managedSelfhosted": "Gestion autonome",
     "otpEnable": "Activer l'authentification à deux facteurs",
     "otpDisable": "Désactiver l'authentification à deux facteurs",
     "logout": "Déconnexion",
     "licenseTierProfessionalRequired": "Édition Professionnelle Requise",
     "licenseTierProfessionalRequiredDescription": "Cette fonctionnalité n'est disponible que dans l'Édition Professionnelle.",
     "actionGetOrg": "Obtenir l'organisation",
+    "updateOrgUser": "Mise à jour de l'utilisateur Org",
+    "createOrgUser": "Créer un utilisateur Org",
     "actionUpdateOrg": "Mettre à jour l'organisation",
     "actionUpdateUser": "Mettre à jour l'utilisateur",
     "actionGetUser": "Obtenir l'utilisateur",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "Supprimer un site",
     "actionGetSite": "Obtenir un site",
     "actionListSites": "Lister les sites",
+    "actionApplyBlueprint": "Appliquer le Plan",
+    "setupToken": "Jeton de configuration",
+    "setupTokenDescription": "Entrez le jeton de configuration depuis la console du serveur.",
+    "setupTokenRequired": "Le jeton de configuration est requis.",
     "actionUpdateSite": "Mettre à jour un site",
     "actionListSiteRoles": "Lister les rôles autorisés du site",
     "actionCreateResource": "Créer une ressource",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "Supprimer une politique d'organisation IDP",
     "actionListIdpOrgs": "Lister les organisations IDP",
     "actionUpdateIdpOrg": "Mettre à jour une organisation IDP",
+    "actionCreateClient": "Créer un client",
+    "actionDeleteClient": "Supprimer le client",
+    "actionUpdateClient": "Mettre à jour le client",
+    "actionListClients": "Liste des clients",
+    "actionGetClient": "Obtenir le client",
+    "actionCreateSiteResource": "Créer une ressource de site",
+    "actionDeleteSiteResource": "Supprimer une ressource de site",
+    "actionGetSiteResource": "Obtenir une ressource de site",
+    "actionListSiteResources": "Lister les ressources de site",
+    "actionUpdateSiteResource": "Mettre à jour une ressource de site",
+    "actionListInvitations": "Lister les invitations",
     "noneSelected": "Aucune sélection",
     "orgNotFound2": "Aucune organisation trouvée.",
     "searchProgress": "Rechercher...",
@@ -1038,7 +1099,6 @@
     "navbar": "Menu de navigation",
     "navbarDescription": "Menu de navigation principal de l'application",
     "navbarDocsLink": "Documentation",
-    "commercialEdition": "Édition Commerciale",
     "otpErrorEnable": "Impossible d'activer l'A2F",
     "otpErrorEnableDescription": "Une erreur s'est produite lors de l'activation de l'A2F",
     "otpSetupCheckCode": "Veuillez entrer un code à 6 chiffres",
@@ -1096,8 +1156,8 @@
     "sidebarLicense": "Licence",
     "sidebarClients": "Clients",
     "sidebarDomains": "Domaines",
-    "enableDockerSocket": "Activer Docker Socket",
-    "enableDockerSocketDescription": "Activer la découverte Docker Socket pour remplir les informations du conteneur. Le chemin du socket doit être fourni à Newt.",
+    "enableDockerSocket": "Activer le Plan Docker",
+    "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin de socket doit être fourni à Newt.",
     "enableDockerSocketLink": "En savoir plus",
     "viewDockerContainers": "Voir les conteneurs Docker",
     "containersIn": "Conteneurs en {siteName}",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "Domaine unique (CNAME)",
     "selectDomainTypeCnameDescription": "Juste ce domaine spécifique. Utilisez ce paramètre pour des sous-domaines individuels ou des entrées de domaine spécifiques.",
     "selectDomainTypeWildcardName": "Domaine Générique",
-    "selectDomainTypeWildcardDescription": "Ce domaine et son premier niveau de sous-domaines.",
+    "selectDomainTypeWildcardDescription": "Ce domaine et ses sous-domaines.",
     "domainDelegation": "Domaine Unique",
     "selectType": "Sélectionnez un type",
     "actions": "Actions",
@@ -1174,7 +1234,7 @@
     "billing": "Facturation",
     "orgBillingDescription": "Gérez vos informations de facturation et vos abonnements",
     "github": "GitHub",
-    "pangolinHosted": "Pangolin Hébergement",
+    "pangolinHosted": "Hebergé par Pangolin",
     "fossorial": "Fossorial",
     "completeAccountSetup": "Complétez la configuration du compte",
     "completeAccountSetupDescription": "Définissez votre mot de passe pour commencer",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "Développer",
     "newtUpdateAvailable": "Mise à jour disponible",
     "newtUpdateAvailableInfo": "Une nouvelle version de Newt est disponible. Veuillez mettre à jour vers la dernière version pour une meilleure expérience.",
-    "domainPickerEnterDomain": "Entrez votre domaine",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, ou simplement myapp",
+    "domainPickerEnterDomain": "Domaine",
+    "domainPickerPlaceholder": "monapp.exemple.com",
     "domainPickerDescription": "Entrez le domaine complet de la ressource pour voir les options disponibles.",
     "domainPickerDescriptionSaas": "Entrez un domaine complet, un sous-domaine ou juste un nom pour voir les options disponibles",
     "domainPickerTabAll": "Tous",
@@ -1206,15 +1266,57 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Vérification de la disponibilité...",
-    "domainPickerNoMatchingDomains": "Aucun domaine correspondant trouvé pour \"{userInput}\". Essayez un autre domaine ou vérifiez les paramètres de domaine de votre organisation.",
+    "domainPickerNoMatchingDomains": "Aucun domaine correspondant trouvé. Essayez un autre domaine ou vérifiez les paramètres de domaine de votre organisation.",
     "domainPickerOrganizationDomains": "Domaines de l'organisation",
     "domainPickerProvidedDomains": "Domaines fournis",
     "domainPickerSubdomain": "Sous-domaine : {subdomain}",
     "domainPickerNamespace": "Espace de noms : {namespace}",
     "domainPickerShowMore": "Afficher plus",
+    "regionSelectorTitle": "Sélectionner Région",
+    "regionSelectorInfo": "Sélectionner une région nous aide à offrir de meilleures performances pour votre localisation. Vous n'avez pas besoin d'être dans la même région que votre serveur.",
+    "regionSelectorPlaceholder": "Choisissez une région",
+    "regionSelectorComingSoon": "Bientôt disponible",
+    "billingLoadingSubscription": "Chargement de l'abonnement...",
+    "billingFreeTier": "Niveau gratuit",
+    "billingWarningOverLimit": "Attention : Vous avez dépassé une ou plusieurs limites d'utilisation. Vos sites ne se connecteront pas tant que vous n'avez pas modifié votre abonnement ou ajusté votre utilisation.",
+    "billingUsageLimitsOverview": "Vue d'ensemble des limites d'utilisation",
+    "billingMonitorUsage": "Surveillez votre consommation par rapport aux limites configurées. Si vous avez besoin d'une augmentation des limites, veuillez nous contacter à support@pangolin.net.",
+    "billingDataUsage": "Utilisation des données",
+    "billingOnlineTime": "Temps en ligne du site",
+    "billingUsers": "Utilisateurs actifs",
+    "billingDomains": "Domaines actifs",
+    "billingRemoteExitNodes": "Nœuds auto-hébergés actifs",
+    "billingNoLimitConfigured": "Aucune limite configurée",
+    "billingEstimatedPeriod": "Période de facturation estimée",
+    "billingIncludedUsage": "Utilisation incluse",
+    "billingIncludedUsageDescription": "Utilisation incluse dans votre plan d'abonnement actuel",
+    "billingFreeTierIncludedUsage": "Tolérances d'utilisation du niveau gratuit",
+    "billingIncluded": "inclus",
+    "billingEstimatedTotal": "Total estimé :",
+    "billingNotes": "Notes",
+    "billingEstimateNote": "Ceci est une estimation basée sur votre utilisation actuelle.",
+    "billingActualChargesMayVary": "Les frais réels peuvent varier.",
+    "billingBilledAtEnd": "Vous serez facturé à la fin de la période de facturation.",
+    "billingModifySubscription": "Modifier l'abonnement",
+    "billingStartSubscription": "Démarrer l'abonnement",
+    "billingRecurringCharge": "Frais récurrents",
+    "billingManageSubscriptionSettings": "Gérez les paramètres et préférences de votre abonnement",
+    "billingNoActiveSubscription": "Vous n'avez pas d'abonnement actif. Commencez votre abonnement pour augmenter les limites d'utilisation.",
+    "billingFailedToLoadSubscription": "Échec du chargement de l'abonnement",
+    "billingFailedToLoadUsage": "Échec du chargement de l'utilisation",
+    "billingFailedToGetCheckoutUrl": "Échec pour obtenir l'URL de paiement",
+    "billingPleaseTryAgainLater": "Veuillez réessayer plus tard.",
+    "billingCheckoutError": "Erreur de paiement",
+    "billingFailedToGetPortalUrl": "Échec pour obtenir l'URL du portail",
+    "billingPortalError": "Erreur du portail",
+    "billingDataUsageInfo": "Vous êtes facturé pour toutes les données transférées via vos tunnels sécurisés lorsque vous êtes connecté au cloud. Cela inclut le trafic entrant et sortant sur tous vos sites. Lorsque vous atteignez votre limite, vos sites se déconnecteront jusqu'à ce que vous mettiez à niveau votre plan ou réduisiez l'utilisation. Les données ne sont pas facturées lors de l'utilisation de nœuds.",
+    "billingOnlineTimeInfo": "Vous êtes facturé en fonction de la durée de connexion de vos sites au cloud. Par exemple, 44 640 minutes équivaut à un site fonctionnant 24/7 pendant un mois complet. Lorsque vous atteignez votre limite, vos sites se déconnecteront jusqu'à ce que vous mettiez à niveau votre forfait ou réduisiez votre consommation. Le temps n'est pas facturé lors de l'utilisation de nœuds.",
+    "billingUsersInfo": "Vous êtes facturé pour chaque utilisateur dans votre organisation. La facturation est calculée quotidiennement en fonction du nombre de comptes utilisateurs actifs dans votre organisation.",
+    "billingDomainInfo": "Vous êtes facturé pour chaque domaine dans votre organisation. La facturation est calculée quotidiennement en fonction du nombre de comptes de domaine actifs dans votre organisation.",
+    "billingRemoteExitNodesInfo": "Vous êtes facturé pour chaque nœud géré dans votre organisation. La facturation est calculée quotidiennement en fonction du nombre de nœuds gérés actifs dans votre organisation.",
     "domainNotFound": "Domaine introuvable",
     "domainNotFoundDescription": "Cette ressource est désactivée car le domaine n'existe plus dans notre système. Veuillez définir un nouveau domaine pour cette ressource.",
-    "failed": "Échec",
+    "failed": "Erreur",
     "createNewOrgDescription": "Créer une nouvelle organisation",
     "organization": "Organisation",
     "port": "Port",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "L'authentification à deux facteurs est requise pour enregistrer une clé de sécurité.",
     "twoFactor": "Authentification à deux facteurs",
     "adminEnabled2FaOnYourAccount": "Votre administrateur a activé l'authentification à deux facteurs pour {email}. Veuillez terminer le processus d'installation pour continuer.",
-    "continueToApplication": "Continuer vers l'application",
     "securityKeyAdd": "Ajouter une clé de sécurité",
     "securityKeyRegisterTitle": "Enregistrer une nouvelle clé de sécurité",
     "securityKeyRegisterDescription": "Connectez votre clé de sécurité et saisissez un nom pour l'identifier",
@@ -1266,12 +1367,531 @@
     "createDomainName": "Nom :",
     "createDomainValue": "Valeur :",
     "createDomainCnameRecords": "Enregistrements CNAME",
+    "createDomainARecords": "Enregistrements A",
     "createDomainRecordNumber": "Enregistrement {number}",
     "createDomainTxtRecords": "Enregistrements TXT",
-    "createDomainSaveTheseRecords": "Enregistrez ces enregistrements",
+    "createDomainSaveTheseRecords": "Sauvegardez ces enregistrements",
     "createDomainSaveTheseRecordsDescription": "Assurez-vous de sauvegarder ces enregistrements DNS car vous ne les reverrez pas.",
     "createDomainDnsPropagation": "Propagation DNS",
     "createDomainDnsPropagationDescription": "Les modifications DNS peuvent mettre du temps à se propager sur internet. Cela peut prendre de quelques minutes à 48 heures selon votre fournisseur DNS et les réglages TTL.",
     "resourcePortRequired": "Le numéro de port est requis pour les ressources non-HTTP",
-    "resourcePortNotAllowed": "Le numéro de port ne doit pas être défini pour les ressources HTTP"
+    "resourcePortNotAllowed": "Le numéro de port ne doit pas être défini pour les ressources HTTP",
+    "billingPricingCalculatorLink": "Calculateur de prix",
+    "signUpTerms": {
+        "IAgreeToThe": "Je suis d'accord avec",
+        "termsOfService": "les conditions d'utilisation",
+        "and": "et",
+        "privacyPolicy": "la politique de confidentialité"
+    },
+    "siteRequired": "Le site est requis.",
+    "olmTunnel": "Tunnel Olm",
+    "olmTunnelDescription": "Utilisez Olm pour la connectivité client",
+    "errorCreatingClient": "Erreur lors de la création du client",
+    "clientDefaultsNotFound": "Les paramètres par défaut du client sont introuvables",
+    "createClient": "Créer un client",
+    "createClientDescription": "Créez un nouveau client pour vous connecter à vos sites",
+    "seeAllClients": "Voir tous les clients",
+    "clientInformation": "Informations client",
+    "clientNamePlaceholder": "Nom du client",
+    "address": "Adresse",
+    "subnetPlaceholder": "Sous-réseau",
+    "addressDescription": "L'adresse que ce client utilisera pour la connectivité",
+    "selectSites": "Sélectionner des sites",
+    "sitesDescription": "Le client aura une connectivité vers les sites sélectionnés",
+    "clientInstallOlm": "Installer Olm",
+    "clientInstallOlmDescription": "Faites fonctionner Olm sur votre système",
+    "clientOlmCredentials": "Identifiants Olm",
+    "clientOlmCredentialsDescription": "C'est ainsi qu'Olm s'authentifiera auprès du serveur",
+    "olmEndpoint": "Point de terminaison Olm",
+    "olmId": "ID Olm",
+    "olmSecretKey": "Clé secrète Olm",
+    "clientCredentialsSave": "Enregistrez vos identifiants",
+    "clientCredentialsSaveDescription": "Vous ne pourrez voir cela qu'une seule fois. Assurez-vous de la copier dans un endroit sécurisé.",
+    "generalSettingsDescription": "Configurez les paramètres généraux pour ce client",
+    "clientUpdated": "Client mis à jour",
+    "clientUpdatedDescription": "Le client a été mis à jour.",
+    "clientUpdateFailed": "Échec de la mise à jour du client",
+    "clientUpdateError": "Une erreur s'est produite lors de la mise à jour du client.",
+    "sitesFetchFailed": "Échec de la récupération des sites",
+    "sitesFetchError": "Une erreur s'est produite lors de la récupération des sites.",
+    "olmErrorFetchReleases": "Une erreur s'est produite lors de la récupération des versions d'Olm.",
+    "olmErrorFetchLatest": "Une erreur s'est produite lors de la récupération de la dernière version d'Olm.",
+    "remoteSubnets": "Sous-réseaux distants",
+    "enterCidrRange": "Entrez la plage CIDR",
+    "remoteSubnetsDescription": "Ajoutez des plages CIDR accessibles à distance depuis ce site à l'aide de clients. Utilisez le format comme 10.0.0.0/24. Cela s'applique UNIQUEMENT à la connectivité des clients VPN.",
+    "resourceEnableProxy": "Activer le proxy public",
+    "resourceEnableProxyDescription": "Activez le proxy public vers cette ressource. Cela permet d'accéder à la ressource depuis l'extérieur du réseau via le cloud sur un port ouvert. Nécessite la configuration de Traefik.",
+    "externalProxyEnabled": "Proxy externe activé",
+    "addNewTarget": "Ajouter une nouvelle cible",
+    "targetsList": "Liste des cibles",
+    "advancedMode": "Mode Avancé",
+    "targetErrorDuplicateTargetFound": "Cible en double trouvée",
+    "healthCheckHealthy": "Sain",
+    "healthCheckUnhealthy": "En mauvaise santé",
+    "healthCheckUnknown": "Inconnu",
+    "healthCheck": "Vérification de l'état de santé",
+    "configureHealthCheck": "Configurer la vérification de l'état de santé",
+    "configureHealthCheckDescription": "Configurer la surveillance de la santé pour {target}",
+    "enableHealthChecks": "Activer les vérifications de santé",
+    "enableHealthChecksDescription": "Surveiller la vie de cette cible. Vous pouvez surveiller un point de terminaison différent de la cible si nécessaire.",
+    "healthScheme": "Méthode",
+    "healthSelectScheme": "Sélectionnez la méthode",
+    "healthCheckPath": "Chemin d'accès",
+    "healthHostname": "IP / Hôte",
+    "healthPort": "Port",
+    "healthCheckPathDescription": "Le chemin à vérifier pour le statut de santé.",
+    "healthyIntervalSeconds": "Intervalle sain",
+    "unhealthyIntervalSeconds": "Intervalle en mauvaise santé",
+    "IntervalSeconds": "Intervalle sain",
+    "timeoutSeconds": "Délai",
+    "timeIsInSeconds": "Le temps est exprimé en secondes",
+    "retryAttempts": "Tentatives",
+    "expectedResponseCodes": "Codes de réponse attendus",
+    "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",
+    "customHeaders": "En-têtes personnalisés",
+    "customHeadersDescription": "En-têtes séparés par une nouvelle ligne: En-nom: valeur",
+    "headersValidationError": "Les entêtes doivent être au format : Header-Name: valeur.",
+    "saveHealthCheck": "Sauvegarder la vérification de l'état de santé",
+    "healthCheckSaved": "Vérification de l'état de santé enregistrée",
+    "healthCheckSavedDescription": "La configuration de la vérification de l'état de santé a été enregistrée avec succès",
+    "healthCheckError": "Erreur de vérification de l'état de santé",
+    "healthCheckErrorDescription": "Une erreur s'est produite lors de l'enregistrement de la configuration de la vérification de l'état de santé",
+    "healthCheckPathRequired": "Le chemin de vérification de l'état de santé est requis",
+    "healthCheckMethodRequired": "La méthode HTTP est requise",
+    "healthCheckIntervalMin": "L'intervalle de vérification doit être d'au moins 5 secondes",
+    "healthCheckTimeoutMin": "Le délai doit être d'au moins 1 seconde",
+    "healthCheckRetryMin": "Les tentatives de réessai doivent être d'au moins 1",
+    "httpMethod": "Méthode HTTP",
+    "selectHttpMethod": "Sélectionnez la méthode HTTP",
+    "domainPickerSubdomainLabel": "Sous-domaine",
+    "domainPickerBaseDomainLabel": "Domaine de base",
+    "domainPickerSearchDomains": "Rechercher des domaines...",
+    "domainPickerNoDomainsFound": "Aucun domaine trouvé",
+    "domainPickerLoadingDomains": "Chargement des domaines...",
+    "domainPickerSelectBaseDomain": "Sélectionnez le domaine de base...",
+    "domainPickerNotAvailableForCname": "Non disponible pour les domaines CNAME",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Entrez un sous-domaine ou laissez vide pour utiliser le domaine de base.",
+    "domainPickerEnterSubdomainToSearch": "Entrez un sous-domaine pour rechercher et sélectionner parmi les domaines gratuits disponibles.",
+    "domainPickerFreeDomains": "Domaines gratuits",
+    "domainPickerSearchForAvailableDomains": "Rechercher des domaines disponibles",
+    "domainPickerNotWorkSelfHosted": "Remarque : Les domaines fournis gratuitement ne sont pas disponibles pour les instances auto-hébergées pour le moment.",
+    "resourceDomain": "Domaine",
+    "resourceEditDomain": "Modifier le domaine",
+    "siteName": "Nom du site",
+    "proxyPort": "Port",
+    "resourcesTableProxyResources": "Ressources proxy",
+    "resourcesTableClientResources": "Ressources client",
+    "resourcesTableNoProxyResourcesFound": "Aucune ressource proxy trouvée.",
+    "resourcesTableNoInternalResourcesFound": "Aucune ressource interne trouvée.",
+    "resourcesTableDestination": "Destination",
+    "resourcesTableTheseResourcesForUseWith": "Ces ressources sont à utiliser avec",
+    "resourcesTableClients": "Clients",
+    "resourcesTableAndOnlyAccessibleInternally": "et sont uniquement accessibles en interne lorsqu'elles sont connectées avec un client.",
+    "editInternalResourceDialogEditClientResource": "Modifier la ressource client",
+    "editInternalResourceDialogUpdateResourceProperties": "Mettez à jour les propriétés de la ressource et la configuration de la cible pour {resourceName}.",
+    "editInternalResourceDialogResourceProperties": "Propriétés de la ressource",
+    "editInternalResourceDialogName": "Nom",
+    "editInternalResourceDialogProtocol": "Protocole",
+    "editInternalResourceDialogSitePort": "Port du site",
+    "editInternalResourceDialogTargetConfiguration": "Configuration de la cible",
+    "editInternalResourceDialogCancel": "Abandonner",
+    "editInternalResourceDialogSaveResource": "Enregistrer la ressource",
+    "editInternalResourceDialogSuccess": "Succès",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Ressource interne mise à jour avec succès",
+    "editInternalResourceDialogError": "Erreur",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Échec de la mise à jour de la ressource interne",
+    "editInternalResourceDialogNameRequired": "Le nom est requis",
+    "editInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères",
+    "editInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1",
+    "editInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide",
+    "editInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1",
+    "editInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536",
+    "createInternalResourceDialogNoSitesAvailable": "Aucun site disponible",
+    "createInternalResourceDialogNoSitesAvailableDescription": "Vous devez avoir au moins un site Newt avec un sous-réseau configuré pour créer des ressources internes.",
+    "createInternalResourceDialogClose": "Fermer",
+    "createInternalResourceDialogCreateClientResource": "Créer une ressource client",
+    "createInternalResourceDialogCreateClientResourceDescription": "Créez une ressource accessible aux clients connectés au site sélectionné.",
+    "createInternalResourceDialogResourceProperties": "Propriétés de la ressource",
+    "createInternalResourceDialogName": "Nom",
+    "createInternalResourceDialogSite": "Site",
+    "createInternalResourceDialogSelectSite": "Sélectionner un site...",
+    "createInternalResourceDialogSearchSites": "Rechercher des sites...",
+    "createInternalResourceDialogNoSitesFound": "Aucun site trouvé.",
+    "createInternalResourceDialogProtocol": "Protocole",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Port du site",
+    "createInternalResourceDialogSitePortDescription": "Utilisez ce port pour accéder à la ressource sur le site lors de la connexion avec un client.",
+    "createInternalResourceDialogTargetConfiguration": "Configuration de la cible",
+    "createInternalResourceDialogDestinationIPDescription": "L'adresse IP ou le nom d'hôte de la ressource sur le réseau du site.",
+    "createInternalResourceDialogDestinationPortDescription": "Le port sur l'IP de destination où la ressource est accessible.",
+    "createInternalResourceDialogCancel": "Abandonner",
+    "createInternalResourceDialogCreateResource": "Créer une ressource",
+    "createInternalResourceDialogSuccess": "Succès",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Ressource interne créée avec succès",
+    "createInternalResourceDialogError": "Erreur",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Échec de la création de la ressource interne",
+    "createInternalResourceDialogNameRequired": "Le nom est requis",
+    "createInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères",
+    "createInternalResourceDialogPleaseSelectSite": "Veuillez sélectionner un site",
+    "createInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1",
+    "createInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide",
+    "createInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1",
+    "createInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536",
+    "siteConfiguration": "Configuration",
+    "siteAcceptClientConnections": "Accepter les connexions client",
+    "siteAcceptClientConnectionsDescription": "Permet à d'autres appareils de se connecter via cette instance de Newt en tant que passerelle utilisant des clients.",
+    "siteAddress": "Adresse du site",
+    "siteAddressDescription": "Spécifiez l'adresse IP de l'hôte pour que les clients puissent s'y connecter. C'est l'adresse interne du site dans le réseau Pangolin pour que les clients puissent s'adresser. Doit être dans le sous-réseau de l'organisation.",
+    "autoLoginExternalIdp": "Connexion automatique avec IDP externe",
+    "autoLoginExternalIdpDescription": "Rediriger immédiatement l'utilisateur vers l'IDP externe pour l'authentification.",
+    "selectIdp": "Sélectionner l'IDP",
+    "selectIdpPlaceholder": "Choisissez un IDP...",
+    "selectIdpRequired": "Veuillez sélectionner un IDP lorsque la connexion automatique est activée.",
+    "autoLoginTitle": "Redirection",
+    "autoLoginDescription": "Redirection vers le fournisseur d'identité externe pour l'authentification.",
+    "autoLoginProcessing": "Préparation de l'authentification...",
+    "autoLoginRedirecting": "Redirection vers la connexion...",
+    "autoLoginError": "Erreur de connexion automatique",
+    "autoLoginErrorNoRedirectUrl": "Aucune URL de redirection reçue du fournisseur d'identité.",
+    "autoLoginErrorGeneratingUrl": "Échec de la génération de l'URL d'authentification.",
+    "remoteExitNodeManageRemoteExitNodes": "Nœuds distants",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Nœuds",
+    "searchRemoteExitNodes": "Rechercher des nœuds...",
+    "remoteExitNodeAdd": "Ajouter un noeud",
+    "remoteExitNodeErrorDelete": "Erreur lors de la suppression du noeud",
+    "remoteExitNodeQuestionRemove": "Êtes-vous sûr de vouloir supprimer le noeud {selectedNode} de l'organisation ?",
+    "remoteExitNodeMessageRemove": "Une fois supprimé, le noeud ne sera plus accessible.",
+    "remoteExitNodeMessageConfirm": "Pour confirmer, veuillez saisir le nom du noeud ci-dessous.",
+    "remoteExitNodeConfirmDelete": "Confirmer la suppression du noeud",
+    "remoteExitNodeDelete": "Supprimer le noeud",
+    "sidebarRemoteExitNodes": "Nœuds distants",
+    "remoteExitNodeCreate": {
+        "title": "Créer un noeud",
+        "description": "Créer un nouveau nœud pour étendre votre connectivité réseau",
+        "viewAllButton": "Voir tous les nœuds",
+        "strategy": {
+            "title": "Stratégie de création",
+            "description": "Choisissez ceci pour configurer manuellement votre nœud ou générer de nouveaux identifiants.",
+            "adopt": {
+                "title": "Adopter un nœud",
+                "description": "Choisissez ceci si vous avez déjà les identifiants pour le noeud."
+            },
+            "generate": {
+                "title": "Générer des clés",
+                "description": "Choisissez ceci si vous voulez générer de nouvelles clés pour le noeud"
+            }
+        },
+        "adopt": {
+            "title": "Adopter un nœud existant",
+            "description": "Entrez les identifiants du noeud existant que vous souhaitez adopter",
+            "nodeIdLabel": "Nœud ID",
+            "nodeIdDescription": "L'ID du noeud existant que vous voulez adopter",
+            "secretLabel": "Secret",
+            "secretDescription": "La clé secrète du noeud existant",
+            "submitButton": "Noeud d'Adopt"
+        },
+        "generate": {
+            "title": "Informations d'identification générées",
+            "description": "Utilisez ces identifiants générés pour configurer votre noeud",
+            "nodeIdTitle": "Nœud ID",
+            "secretTitle": "Secret",
+            "saveCredentialsTitle": "Ajouter des identifiants à la config",
+            "saveCredentialsDescription": "Ajoutez ces informations d'identification à votre fichier de configuration du nœud Pangolin auto-hébergé pour compléter la connexion.",
+            "submitButton": "Créer un noeud"
+        },
+        "validation": {
+            "adoptRequired": "ID de nœud et secret sont requis lors de l'adoption d'un noeud existant"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Échec du chargement des valeurs par défaut",
+            "defaultsNotLoaded": "Valeurs par défaut non chargées",
+            "createFailed": "Impossible de créer le noeud"
+        },
+        "success": {
+            "created": "Noeud créé avec succès"
+        }
+    },
+    "remoteExitNodeSelection": "Sélection du noeud",
+    "remoteExitNodeSelectionDescription": "Sélectionnez un nœud pour acheminer le trafic pour ce site local",
+    "remoteExitNodeRequired": "Un noeud doit être sélectionné pour les sites locaux",
+    "noRemoteExitNodesAvailable": "Aucun noeud disponible",
+    "noRemoteExitNodesAvailableDescription": "Aucun noeud n'est disponible pour cette organisation. Créez d'abord un noeud pour utiliser des sites locaux.",
+    "exitNode": "Nœud de sortie",
+    "country": "Pays",
+    "rulesMatchCountry": "Actuellement basé sur l'IP source",
+    "managedSelfHosted": {
+        "title": "Gestion autonome",
+        "description": "Serveur Pangolin auto-hébergé avec des cloches et des sifflets supplémentaires",
+        "introTitle": "Pangolin auto-hébergé géré",
+        "introDescription": "est une option de déploiement conçue pour les personnes qui veulent de la simplicité et de la fiabilité tout en gardant leurs données privées et auto-hébergées.",
+        "introDetail": "Avec cette option, vous exécutez toujours votre propre nœud Pangolin — vos tunnels, la terminaison SSL et le trafic restent sur votre serveur. La différence est que la gestion et la surveillance sont gérées via notre tableau de bord du cloud, qui déverrouille un certain nombre d'avantages :",
+        "benefitSimplerOperations": {
+            "title": "Opérations plus simples",
+            "description": "Pas besoin de faire tourner votre propre serveur de messagerie ou de configurer des alertes complexes. Vous obtiendrez des contrôles de santé et des alertes de temps d'arrêt par la suite."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Mises à jour automatiques",
+            "description": "Le tableau de bord du cloud évolue rapidement, de sorte que vous obtenez de nouvelles fonctionnalités et des corrections de bugs sans avoir à extraire manuellement de nouveaux conteneurs à chaque fois."
+        },
+        "benefitLessMaintenance": {
+            "title": "Moins de maintenance",
+            "description": "Aucune migration de base de données, sauvegarde ou infrastructure supplémentaire à gérer. Nous gérons cela dans le cloud."
+        },
+        "benefitCloudFailover": {
+            "title": "Basculement du Cloud",
+            "description": "Si votre nœud descend, vos tunnels peuvent temporairement échouer jusqu'à ce que vous le rapatriez en ligne."
+        },
+        "benefitHighAvailability": {
+            "title": "Haute disponibilité (PoPs)",
+            "description": "Vous pouvez également attacher plusieurs nœuds à votre compte pour une redondance et de meilleures performances."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Améliorations futures",
+            "description": "Nous prévoyons d'ajouter plus d'outils d'analyse, d'alerte et de gestion pour rendre votre déploiement encore plus robuste."
+        },
+        "docsAlert": {
+            "text": "En savoir plus sur l'option Auto-Hébergement géré dans notre",
+            "documentation": "documentation"
+        },
+        "convertButton": "Convertir ce noeud en auto-hébergé géré"
+    },
+    "internationaldomaindetected": "Domaine international détecté",
+    "willbestoredas": "Sera stocké comme :",
+    "roleMappingDescription": "Détermine comment les rôles sont assignés aux utilisateurs lorsqu'ils se connectent lorsque la fourniture automatique est activée.",
+    "selectRole": "Sélectionnez un rôle",
+    "roleMappingExpression": "Expression",
+    "selectRolePlaceholder": "Choisir un rôle",
+    "selectRoleDescription": "Sélectionnez un rôle à assigner à tous les utilisateurs de ce fournisseur d'identité",
+    "roleMappingExpressionDescription": "Entrez une expression JMESPath pour extraire les informations du rôle du jeton ID",
+    "idpTenantIdRequired": "L'ID du locataire est requis",
+    "invalidValue": "Valeur non valide",
+    "idpTypeLabel": "Type de fournisseur d'identité",
+    "roleMappingExpressionPlaceholder": "ex: contenu(groupes) && 'admin' || 'membre'",
+    "idpGoogleConfiguration": "Configuration Google",
+    "idpGoogleConfigurationDescription": "Configurer vos identifiants Google OAuth2",
+    "idpGoogleClientIdDescription": "Votre identifiant client Google OAuth2",
+    "idpGoogleClientSecretDescription": "Votre secret client Google OAuth2",
+    "idpAzureConfiguration": "Configuration de l'entra ID Azure",
+    "idpAzureConfigurationDescription": "Configurer vos identifiants OAuth2 Azure Entra",
+    "idpTenantId": "ID du locataire",
+    "idpTenantIdPlaceholder": "votre-locataire-id",
+    "idpAzureTenantIdDescription": "Votre ID de locataire Azure (trouvé dans l'aperçu Azure Active Directory)",
+    "idpAzureClientIdDescription": "Votre ID client d'enregistrement de l'application Azure",
+    "idpAzureClientSecretDescription": "Le secret de votre client d'enregistrement Azure App",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Configuration Google",
+    "idpAzureConfigurationTitle": "Configuration de l'entra ID Azure",
+    "idpTenantIdLabel": "ID du locataire",
+    "idpAzureClientIdDescription2": "Votre ID client d'enregistrement de l'application Azure",
+    "idpAzureClientSecretDescription2": "Le secret de votre client d'enregistrement Azure App",
+    "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "Sous-réseau",
+    "subnetDescription": "Le sous-réseau de la configuration réseau de cette organisation.",
+    "authPage": "Page d'authentification",
+    "authPageDescription": "Configurer la page d'authentification de votre organisation",
+    "authPageDomain": "Domaine de la page d'authentification",
+    "noDomainSet": "Aucun domaine défini",
+    "changeDomain": "Changer de domaine",
+    "selectDomain": "Sélectionner un domaine",
+    "restartCertificate": "Redémarrer le certificat",
+    "editAuthPageDomain": "Modifier le domaine de la page d'authentification",
+    "setAuthPageDomain": "Définir le domaine de la page d'authentification",
+    "failedToFetchCertificate": "Impossible de récupérer le certificat",
+    "failedToRestartCertificate": "Échec du redémarrage du certificat",
+    "addDomainToEnableCustomAuthPages": "Ajouter un domaine pour activer les pages d'authentification personnalisées pour votre organisation",
+    "selectDomainForOrgAuthPage": "Sélectionnez un domaine pour la page d'authentification de l'organisation",
+    "domainPickerProvidedDomain": "Domaine fourni",
+    "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",
+    "domainPickerVerified": "Vérifié",
+    "domainPickerUnverified": "Non vérifié",
+    "domainPickerInvalidSubdomainStructure": "Ce sous-domaine contient des caractères ou une structure non valide. Il sera automatiquement nettoyé lorsque vous enregistrez.",
+    "domainPickerError": "Erreur",
+    "domainPickerErrorLoadDomains": "Impossible de charger les domaines de l'organisation",
+    "domainPickerErrorCheckAvailability": "Impossible de vérifier la disponibilité du domaine",
+    "domainPickerInvalidSubdomain": "Sous-domaine invalide",
+    "domainPickerInvalidSubdomainRemoved": "L'entrée \"{sub}\" a été supprimée car elle n'est pas valide.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "La «{sub}» n'a pas pu être validée pour {domain}.",
+    "domainPickerSubdomainSanitized": "Sous-domaine nettoyé",
+    "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\"",
+    "orgAuthSignInTitle": "Connectez-vous à votre organisation",
+    "orgAuthChooseIdpDescription": "Choisissez votre fournisseur d'identité pour continuer",
+    "orgAuthNoIdpConfigured": "Cette organisation n'a aucun fournisseur d'identité configuré. Vous pouvez vous connecter avec votre identité Pangolin à la place.",
+    "orgAuthSignInWithPangolin": "Se connecter avec Pangolin",
+    "subscriptionRequiredToUse": "Un abonnement est requis pour utiliser cette fonctionnalité.",
+    "idpDisabled": "Les fournisseurs d'identité sont désactivés.",
+    "orgAuthPageDisabled": "La page d'authentification de l'organisation est désactivée.",
+    "domainRestartedDescription": "La vérification du domaine a été redémarrée avec succès",
+    "resourceAddEntrypointsEditFile": "Modifier le fichier : config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Modifier le fichier : docker-compose.yml",
+    "emailVerificationRequired": "La vérification de l'e-mail est requise. Veuillez vous reconnecter via {dashboardUrl}/auth/login terminé cette étape. Puis revenez ici.",
+    "twoFactorSetupRequired": "La configuration d'authentification à deux facteurs est requise. Veuillez vous reconnecter via {dashboardUrl}/auth/login terminé cette étape. Puis revenez ici.",
+    "authPageErrorUpdateMessage": "Une erreur s'est produite lors de la mise à jour de la page d\u000027authentification",
+    "authPageUpdated": "Page d\u000027authentification mise à jour avec succès",
+    "healthCheckNotAvailable": "Locale",
+    "rewritePath": "Réécrire le chemin",
+    "rewritePathDescription": "Réécrivez éventuellement le chemin avant de le transmettre à la cible.",
+    "continueToApplication": "Continuer vers l'application",
+    "checkingInvite": "Vérification de l'invitation",
+    "setResourceHeaderAuth": "Définir l\\'authentification d\\'en-tête de la ressource",
+    "resourceHeaderAuthRemove": "Supprimer l'authentification de l'en-tête",
+    "resourceHeaderAuthRemoveDescription": "Authentification de l'en-tête supprimée avec succès.",
+    "resourceErrorHeaderAuthRemove": "Échec de la suppression de l'authentification de l'en-tête",
+    "resourceErrorHeaderAuthRemoveDescription": "Impossible de supprimer l'authentification de l'en-tête de la ressource.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Impossible de définir l'authentification de l'en-tête",
+    "resourceErrorHeaderAuthSetupDescription": "Impossible de définir l'authentification de l'en-tête pour la ressource.",
+    "resourceHeaderAuthSetup": "Authentification de l'en-tête définie avec succès",
+    "resourceHeaderAuthSetupDescription": "L'authentification de l'en-tête a été définie avec succès.",
+    "resourceHeaderAuthSetupTitle": "Authentification de l'en-tête",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Authentification de l'en-tête",
+    "actionSetResourceHeaderAuth": "Authentification de l'en-tête",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Gérer les clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valide jusqu'au",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "Le prénom est requis",
+            "lastNameRequired": "Le nom est requis",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Utilisation personelle",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "Prénom",
+            "lastName": "Nom",
+            "jobTitle": "profession",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Entreprise",
+            "countryOfResidence": "Pays de résidence",
+            "stateProvinceRegion": "État / Province / Région",
+            "postalZipCode": "Code postal",
+            "companyWebsite": "Site de l'entreprise",
+            "companyPhoneNumber": "Numéro de téléphone professionnel",
+            "country": "Pays",
+            "phoneNumberOptional": "Numéro de téléphone (optionnel)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Fermer",
+            "previous": "Précédent",
+            "next": "Suivant",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Priorité",
+    "priorityDescription": "Les routes de haute priorité sont évaluées en premier. La priorité = 100 signifie l'ordre automatique (décision du système). Utilisez un autre nombre pour imposer la priorité manuelle.",
+    "instanceName": "Nom de l'instance",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Préfix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Sauvegarder",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Préfix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/it-IT.json

@@ -36,8 +36,8 @@
     "viewSettings": "Visualizza impostazioni",
     "delete": "Elimina",
     "name": "Nome",
-    "online": "Online",
-    "offline": "Offline",
+    "online": "In linea",
+    "offline": "Non in linea",
     "site": "Sito",
     "dataIn": "Dati In",
     "dataOut": "Dati Fuori",
@@ -59,7 +59,6 @@
     "siteErrorCreate": "Errore nella creazione del sito",
     "siteErrorCreateKeyPair": "Coppia di chiavi o valori predefiniti del sito non trovati",
     "siteErrorCreateDefaults": "Predefiniti del sito non trovati",
-    "siteNameDescription": "Questo è il nome visualizzato per il sito.",
     "method": "Metodo",
     "siteMethodDescription": "Questo è il modo in cui esporrete le connessioni.",
     "siteLearnNewt": "Scopri come installare Newt sul tuo sistema",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "Modo più semplice per creare un entrypoint nella rete. Nessuna configurazione aggiuntiva.",
     "siteWg": "WireGuard Base",
     "siteWgDescription": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta.",
+    "siteWgDescriptionSaas": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta. FUNZIONA SOLO SU NODI AUTO-OSPITATI",
     "siteLocalDescription": "Solo risorse locali. Nessun tunneling.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "Vedi Tutti I Siti",
     "siteTunnelDescription": "Determina come vuoi connetterti al tuo sito",
     "siteNewtCredentials": "Credenziali Newt",
@@ -167,7 +168,10 @@
     "siteSelect": "Seleziona sito",
     "siteSearch": "Cerca sito",
     "siteNotFound": "Nessun sito trovato.",
-    "siteSelectionDescription": "Questo sito fornirà connettività alla risorsa.",
+    "selectCountry": "Seleziona paese",
+    "searchCountries": "Cerca paesi...",
+    "noCountryFound": "Nessun paese trovato.",
+    "siteSelectionDescription": "Questo sito fornirà connettività all'obiettivo.",
     "resourceType": "Tipo Di Risorsa",
     "resourceTypeDescription": "Determina come vuoi accedere alla tua risorsa",
     "resourceHTTPSSettings": "Impostazioni HTTPS",
@@ -198,11 +202,13 @@
     "general": "Generale",
     "generalSettings": "Impostazioni Generali",
     "proxy": "Proxy",
+    "internal": "Interno",
     "rules": "Regole",
     "resourceSettingDescription": "Configura le impostazioni sulla tua risorsa",
     "resourceSetting": "Impostazioni {resourceName}",
     "alwaysAllow": "Consenti Sempre",
     "alwaysDeny": "Nega Sempre",
+    "passToAuth": "Passa all'autenticazione",
     "orgSettingsDescription": "Configura le impostazioni generali della tua organizzazione",
     "orgGeneralSettings": "Impostazioni Organizzazione",
     "orgGeneralSettingsDescription": "Gestisci i dettagli dell'organizzazione e la configurazione",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "Si è verificato un errore durante l'aggiunta dell'utente al ruolo.",
     "userSaved": "Utente salvato",
     "userSavedDescription": "L'utente è stato aggiornato.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Permetti a questo utente di essere gestito automaticamente dal provider di identità",
     "accessControlsDescription": "Gestisci cosa questo utente può accedere e fare nell'organizzazione",
     "accessControlsSubmit": "Salva Controlli di Accesso",
     "roles": "Ruoli",
@@ -460,7 +468,10 @@
     "createdAt": "Creato Il",
     "proxyErrorInvalidHeader": "Valore dell'intestazione Host personalizzata non valido. Usa il formato nome dominio o salva vuoto per rimuovere l'intestazione Host personalizzata.",
     "proxyErrorTls": "Nome Server TLS non valido. Usa il formato nome dominio o salva vuoto per rimuovere il Nome Server TLS.",
-    "proxyEnableSSL": "Abilita SSL (https)",
+    "proxyEnableSSL": "Abilita SSL",
+    "proxyEnableSSLDescription": "Abilita la crittografia SSL/TLS per connessioni HTTPS sicure ai tuoi obiettivi.",
+    "target": "Target",
+    "configureTarget": "Configura Obiettivi",
     "targetErrorFetch": "Impossibile recuperare i target",
     "targetErrorFetchDescription": "Si è verificato un errore durante il recupero dei target",
     "siteErrorFetch": "Impossibile recuperare la risorsa",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "Configurazione Connessione Sicura",
     "targetTlsSettingsDescription": "Configura le impostazioni SSL/TLS per la tua risorsa",
     "targetTlsSettingsAdvanced": "Impostazioni TLS Avanzate",
-    "targetTlsSni": "Nome Server TLS (SNI)",
+    "targetTlsSni": "Nome Server Tls",
     "targetTlsSniDescription": "Il Nome Server TLS da usare per SNI. Lascia vuoto per usare quello predefinito.",
     "targetTlsSubmit": "Salva Impostazioni",
     "targets": "Configurazione Target",
-    "targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi",
+    "targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi backend",
     "targetStickySessions": "Abilita Sessioni Persistenti",
     "targetStickySessionsDescription": "Mantieni le connessioni sullo stesso target backend per l'intera sessione.",
     "methodSelect": "Seleziona metodo",
     "targetSubmit": "Aggiungi Target",
-    "targetNoOne": "Nessun target. Aggiungi un target usando il modulo.",
+    "targetNoOne": "Questa risorsa non ha bersagli. Aggiungi un obiettivo per configurare dove inviare le richieste al tuo backend.",
     "targetNoOneDescription": "L'aggiunta di più di un target abiliterà il bilanciamento del carico.",
     "targetsSubmit": "Salva Target",
+    "addTarget": "Aggiungi Target",
+    "targetErrorInvalidIp": "Indirizzo IP non valido",
+    "targetErrorInvalidIpDescription": "Inserisci un indirizzo IP o un hostname valido",
+    "targetErrorInvalidPort": "Porta non valida",
+    "targetErrorInvalidPortDescription": "Inserisci un numero di porta valido",
+    "targetErrorNoSite": "Nessun sito selezionato",
+    "targetErrorNoSiteDescription": "Si prega di selezionare un sito per l'obiettivo",
+    "targetCreated": "Destinazione creata",
+    "targetCreatedDescription": "L'obiettivo è stato creato con successo",
+    "targetErrorCreate": "Impossibile creare l'obiettivo",
+    "targetErrorCreateDescription": "Si è verificato un errore durante la creazione del target",
+    "save": "Salva",
     "proxyAdditional": "Impostazioni Proxy Aggiuntive",
     "proxyAdditionalDescription": "Configura come la tua risorsa gestisce le impostazioni proxy",
     "proxyCustomHeader": "Intestazione Host Personalizzata",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "Formato indirizzo IP non valido",
     "ipAddressErrorInvalidOctet": "Ottetto indirizzo IP non valido",
     "path": "Percorso",
+    "matchPath": "Corrispondenza Tracciato",
     "ipAddressRange": "Intervallo IP",
     "rulesErrorFetch": "Impossibile recuperare le regole",
     "rulesErrorFetchDescription": "Si è verificato un errore durante il recupero delle regole",
@@ -543,6 +567,7 @@
     "rulesActions": "Azioni",
     "rulesActionAlwaysAllow": "Consenti Sempre: Ignora tutti i metodi di autenticazione",
     "rulesActionAlwaysDeny": "Nega Sempre: Blocca tutte le richieste; nessuna autenticazione può essere tentata",
+    "rulesActionPassToAuth": "Passa all'autenticazione: Consenti di tentare i metodi di autenticazione",
     "rulesMatchCriteria": "Criteri di Corrispondenza",
     "rulesMatchCriteriaIpAddress": "Corrisponde a un indirizzo IP specifico",
     "rulesMatchCriteriaIpAddressRange": "Corrisponde a un intervallo di indirizzi IP in notazione CIDR",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "Server Admin - Pangolina",
     "licenseTierProfessional": "Licenza Professional",
     "licenseTierEnterprise": "Licenza Enterprise",
-    "licenseTierCommercial": "Licenza Commerciale",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Con Licenza",
     "yes": "Sì",
     "no": "No",
@@ -740,7 +765,7 @@
     "idpDisplayName": "Un nome visualizzato per questo provider di identità",
     "idpAutoProvisionUsers": "Provisioning Automatico Utenti",
     "idpAutoProvisionUsersDescription": "Quando abilitato, gli utenti verranno creati automaticamente nel sistema al primo accesso con la possibilità di mappare gli utenti a ruoli e organizzazioni.",
-    "licenseBadge": "Professionista",
+    "licenseBadge": "EE",
     "idpType": "Tipo di Provider",
     "idpTypeDescription": "Seleziona il tipo di provider di identità che desideri configurare",
     "idpOidcConfigure": "Configurazione OAuth2/OIDC",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "Il PIN deve essere esattamente di 6 cifre",
     "pincodeRequirementsChars": "Il PIN deve contenere solo numeri",
     "passwordRequirementsLength": "La password deve essere lunga almeno 1 carattere",
+    "passwordRequirementsTitle": "Requisiti della password:",
+    "passwordRequirementLength": "Almeno 8 caratteri",
+    "passwordRequirementUppercase": "Almeno una lettera maiuscola",
+    "passwordRequirementLowercase": "Almeno una lettera minuscola",
+    "passwordRequirementNumber": "Almeno un numero",
+    "passwordRequirementSpecial": "Almeno un carattere speciale",
+    "passwordRequirementsMet": "✓ La password soddisfa tutti i requisiti",
+    "passwordStrength": "Forza della password",
+    "passwordStrengthWeak": "Debole",
+    "passwordStrengthMedium": "Media",
+    "passwordStrengthStrong": "Forte",
+    "passwordRequirements": "Requisiti:",
+    "passwordRequirementLengthText": "8+ caratteri",
+    "passwordRequirementUppercaseText": "Lettera maiuscola (A-Z)",
+    "passwordRequirementLowercaseText": "Lettera minuscola (a-z)",
+    "passwordRequirementNumberText": "Numero (0-9)",
+    "passwordRequirementSpecialText": "Carattere speciale (!@#$%...)",
+    "passwordsDoNotMatch": "Le password non coincidono",
     "otpEmailRequirementsLength": "L'OTP deve essere lungo almeno 1 carattere",
     "otpEmailSent": "OTP Inviato",
     "otpEmailSentDescription": "Un OTP è stato inviato alla tua email",
@@ -953,12 +996,15 @@
     "logoutError": "Errore durante il logout",
     "signingAs": "Accesso come",
     "serverAdmin": "Amministratore Server",
+    "managedSelfhosted": "Gestito Auto-Ospitato",
     "otpEnable": "Abilita Autenticazione a Due Fattori",
     "otpDisable": "Disabilita Autenticazione a Due Fattori",
     "logout": "Disconnetti",
     "licenseTierProfessionalRequired": "Edizione Professional Richiesta",
     "licenseTierProfessionalRequiredDescription": "Questa funzionalità è disponibile solo nell'Edizione Professional.",
     "actionGetOrg": "Ottieni Organizzazione",
+    "updateOrgUser": "Aggiorna Utente Org",
+    "createOrgUser": "Crea Utente Org",
     "actionUpdateOrg": "Aggiorna Organizzazione",
     "actionUpdateUser": "Aggiorna Utente",
     "actionGetUser": "Ottieni Utente",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "Elimina Sito",
     "actionGetSite": "Ottieni Sito",
     "actionListSites": "Elenca Siti",
+    "actionApplyBlueprint": "Applica Progetto",
+    "setupToken": "Configura Token",
+    "setupTokenDescription": "Inserisci il token di configurazione dalla console del server.",
+    "setupTokenRequired": "Il token di configurazione è richiesto",
     "actionUpdateSite": "Aggiorna Sito",
     "actionListSiteRoles": "Elenca Ruoli Sito Consentiti",
     "actionCreateResource": "Crea Risorsa",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "Elimina Politica Org IDP",
     "actionListIdpOrgs": "Elenca Org IDP",
     "actionUpdateIdpOrg": "Aggiorna Org IDP",
+    "actionCreateClient": "Crea Client",
+    "actionDeleteClient": "Elimina Client",
+    "actionUpdateClient": "Aggiorna Client",
+    "actionListClients": "Elenco Clienti",
+    "actionGetClient": "Ottieni Client",
+    "actionCreateSiteResource": "Crea Risorsa del Sito",
+    "actionDeleteSiteResource": "Elimina Risorsa del Sito",
+    "actionGetSiteResource": "Ottieni Risorsa del Sito",
+    "actionListSiteResources": "Elenca Risorse del Sito",
+    "actionUpdateSiteResource": "Aggiorna Risorsa del Sito",
+    "actionListInvitations": "Elenco Inviti",
     "noneSelected": "Nessuna selezione",
     "orgNotFound2": "Nessuna organizzazione trovata.",
     "searchProgress": "Ricerca...",
@@ -1038,7 +1099,6 @@
     "navbar": "Menu di Navigazione",
     "navbarDescription": "Menu di navigazione principale dell'applicazione",
     "navbarDocsLink": "Documentazione",
-    "commercialEdition": "Edizione Commerciale",
     "otpErrorEnable": "Impossibile abilitare 2FA",
     "otpErrorEnableDescription": "Si è verificato un errore durante l'abilitazione di 2FA",
     "otpSetupCheckCode": "Inserisci un codice a 6 cifre",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "Tutti Gli Utenti",
     "sidebarIdentityProviders": "Fornitori Di Identità",
     "sidebarLicense": "Licenza",
-    "sidebarClients": "Clienti",
+    "sidebarClients": "Clients",
     "sidebarDomains": "Domini",
-    "enableDockerSocket": "Abilita Docker Socket",
-    "enableDockerSocketDescription": "Abilita il rilevamento Docker Socket per popolare le informazioni del contenitore. Il percorso del socket deve essere fornito a Newt.",
+    "enableDockerSocket": "Abilita Progetto Docker",
+    "enableDockerSocketDescription": "Abilita la raschiatura dell'etichetta Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito a Newt.",
     "enableDockerSocketLink": "Scopri di più",
     "viewDockerContainers": "Visualizza Contenitori Docker",
     "containersIn": "Contenitori in {siteName}",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "Dominio Singolo (CNAME)",
     "selectDomainTypeCnameDescription": "Solo questo dominio specifico. Usa questo per sottodomini individuali o specifiche voci di dominio.",
     "selectDomainTypeWildcardName": "Dominio Jolly",
-    "selectDomainTypeWildcardDescription": "Questo dominio e il suo primo livello di sottodomini.",
+    "selectDomainTypeWildcardDescription": "Questo dominio e i suoi sottodomini.",
     "domainDelegation": "Dominio Singolo",
     "selectType": "Seleziona un tipo",
     "actions": "Azioni",
@@ -1175,7 +1235,7 @@
     "orgBillingDescription": "Gestisci le tue informazioni di fatturazione e abbonamenti",
     "github": "GitHub",
     "pangolinHosted": "Pangolin Hosted",
-    "fossorial": "Fossorial",
+    "fossorial": "Fossoriale",
     "completeAccountSetup": "Completa la Configurazione dell'Account",
     "completeAccountSetupDescription": "Imposta la tua password per iniziare",
     "accountSetupSent": "Invieremo un codice di configurazione dell'account a questo indirizzo email.",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "Espandi",
     "newtUpdateAvailable": "Aggiornamento Disponibile",
     "newtUpdateAvailableInfo": "È disponibile una nuova versione di Newt. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
-    "domainPickerEnterDomain": "Inserisci il tuo dominio",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, o semplicemente myapp",
+    "domainPickerEnterDomain": "Dominio",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Inserisci il dominio completo della risorsa per vedere le opzioni disponibili.",
     "domainPickerDescriptionSaas": "Inserisci un dominio completo, un sottodominio o semplicemente un nome per vedere le opzioni disponibili",
     "domainPickerTabAll": "Tutti",
@@ -1206,12 +1266,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Controllando la disponibilità...",
-    "domainPickerNoMatchingDomains": "Nessun dominio corrispondente trovato per \"{userInput}\". Prova un altro dominio o controlla le impostazioni del dominio della tua organizzazione.",
+    "domainPickerNoMatchingDomains": "Nessun dominio corrispondente trovato. Prova un dominio diverso o verifica le impostazioni del dominio della tua organizzazione.",
     "domainPickerOrganizationDomains": "Domini dell'Organizzazione",
     "domainPickerProvidedDomains": "Domini Forniti",
     "domainPickerSubdomain": "Sottodominio: {subdomain}",
     "domainPickerNamespace": "Namespace: {namespace}",
     "domainPickerShowMore": "Mostra Altro",
+    "regionSelectorTitle": "Seleziona regione",
+    "regionSelectorInfo": "Selezionare una regione ci aiuta a fornire migliori performance per la tua posizione. Non devi necessariamente essere nella stessa regione del tuo server.",
+    "regionSelectorPlaceholder": "Scegli una regione",
+    "regionSelectorComingSoon": "Prossimamente",
+    "billingLoadingSubscription": "Caricamento abbonamento...",
+    "billingFreeTier": "Piano Gratuito",
+    "billingWarningOverLimit": "Avviso: Hai superato uno o più limiti di utilizzo. I tuoi siti non si connetteranno finché non modifichi il tuo abbonamento o non adegui il tuo utilizzo.",
+    "billingUsageLimitsOverview": "Panoramica dei Limiti di Utilizzo",
+    "billingMonitorUsage": "Monitora il tuo utilizzo rispetto ai limiti configurati. Se hai bisogno di aumentare i limiti, contattaci all'indirizzo support@pangolin.net.",
+    "billingDataUsage": "Utilizzo dei Dati",
+    "billingOnlineTime": "Tempo Online del Sito",
+    "billingUsers": "Utenti Attivi",
+    "billingDomains": "Domini Attivi",
+    "billingRemoteExitNodes": "Nodi Self-hosted Attivi",
+    "billingNoLimitConfigured": "Nessun limite configurato",
+    "billingEstimatedPeriod": "Periodo di Fatturazione Stimato",
+    "billingIncludedUsage": "Utilizzo Incluso",
+    "billingIncludedUsageDescription": "Utilizzo incluso nel tuo piano di abbonamento corrente",
+    "billingFreeTierIncludedUsage": "Elenchi di utilizzi inclusi nel piano gratuito",
+    "billingIncluded": "incluso",
+    "billingEstimatedTotal": "Totale Stimato:",
+    "billingNotes": "Note",
+    "billingEstimateNote": "Questa è una stima basata sul tuo utilizzo attuale.",
+    "billingActualChargesMayVary": "I costi effettivi possono variare.",
+    "billingBilledAtEnd": "Sarai fatturato alla fine del periodo di fatturazione.",
+    "billingModifySubscription": "Modifica Abbonamento",
+    "billingStartSubscription": "Inizia Abbonamento",
+    "billingRecurringCharge": "Addebito Ricorrente",
+    "billingManageSubscriptionSettings": "Gestisci impostazioni e preferenze dell'abbonamento",
+    "billingNoActiveSubscription": "Non hai un abbonamento attivo. Avvia il tuo abbonamento per aumentare i limiti di utilizzo.",
+    "billingFailedToLoadSubscription": "Caricamento abbonamento fallito",
+    "billingFailedToLoadUsage": "Caricamento utilizzo fallito",
+    "billingFailedToGetCheckoutUrl": "Errore durante l'ottenimento dell'URL di pagamento",
+    "billingPleaseTryAgainLater": "Per favore, riprova più tardi.",
+    "billingCheckoutError": "Errore di Pagamento",
+    "billingFailedToGetPortalUrl": "Errore durante l'ottenimento dell'URL del portale",
+    "billingPortalError": "Errore del Portale",
+    "billingDataUsageInfo": "Hai addebitato tutti i dati trasferiti attraverso i tunnel sicuri quando sei connesso al cloud. Questo include sia il traffico in entrata e in uscita attraverso tutti i siti. Quando si raggiunge il limite, i siti si disconnetteranno fino a quando non si aggiorna il piano o si riduce l'utilizzo. I dati non vengono caricati quando si utilizzano nodi.",
+    "billingOnlineTimeInfo": "Ti viene addebitato in base al tempo in cui i tuoi siti rimangono connessi al cloud. Ad esempio, 44,640 minuti è uguale a un sito in esecuzione 24/7 per un mese intero. Quando raggiungi il tuo limite, i tuoi siti si disconnetteranno fino a quando non aggiorni il tuo piano o riduci l'utilizzo. Il tempo non viene caricato quando si usano i nodi.",
+    "billingUsersInfo": "Sei addebitato per ogni utente nella tua organizzazione. La fatturazione viene calcolata giornalmente in base al numero di account utente attivi nella tua organizzazione.",
+    "billingDomainInfo": "Sei addebitato per ogni dominio nella tua organizzazione. La fatturazione viene calcolata giornalmente in base al numero di account dominio attivi nella tua organizzazione.",
+    "billingRemoteExitNodesInfo": "Sei addebitato per ogni nodo gestito nella tua organizzazione. La fatturazione viene calcolata giornalmente in base al numero di nodi gestiti attivi nella tua organizzazione.",
     "domainNotFound": "Domini Non Trovati",
     "domainNotFoundDescription": "Questa risorsa è disabilitata perché il dominio non esiste più nel nostro sistema. Si prega di impostare un nuovo dominio per questa risorsa.",
     "failed": "Fallito",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "È richiesta l'autenticazione a due fattori per registrare una chiave di sicurezza.",
     "twoFactor": "Autenticazione a Due Fattori",
     "adminEnabled2FaOnYourAccount": "Il tuo amministratore ha abilitato l'autenticazione a due fattori per {email}. Completa il processo di configurazione per continuare.",
-    "continueToApplication": "Continua all'Applicazione",
     "securityKeyAdd": "Aggiungi Chiave di Sicurezza",
     "securityKeyRegisterTitle": "Registra Nuova Chiave di Sicurezza",
     "securityKeyRegisterDescription": "Collega la tua chiave di sicurezza e inserisci un nome per identificarla",
@@ -1266,6 +1367,7 @@
     "createDomainName": "Nome:",
     "createDomainValue": "Valore:",
     "createDomainCnameRecords": "Record CNAME",
+    "createDomainARecords": "Record A",
     "createDomainRecordNumber": "Record {number}",
     "createDomainTxtRecords": "Record TXT",
     "createDomainSaveTheseRecords": "Salva Questi Record",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "Propagazione DNS",
     "createDomainDnsPropagationDescription": "Le modifiche DNS possono richiedere del tempo per propagarsi in Internet. Questo può richiedere da pochi minuti a 48 ore, a seconda del tuo provider DNS e delle impostazioni TTL.",
     "resourcePortRequired": "Numero di porta richiesto per risorse non-HTTP",
-    "resourcePortNotAllowed": "Il numero di porta non deve essere impostato per risorse HTTP"
+    "resourcePortNotAllowed": "Il numero di porta non deve essere impostato per risorse HTTP",
+    "billingPricingCalculatorLink": "Calcolatore di Prezzi",
+    "signUpTerms": {
+        "IAgreeToThe": "Accetto i",
+        "termsOfService": "termini di servizio",
+        "and": "e",
+        "privacyPolicy": "informativa sulla privacy"
+    },
+    "siteRequired": "Il sito è richiesto.",
+    "olmTunnel": "Tunnel Olm",
+    "olmTunnelDescription": "Usa Olm per la connettività client",
+    "errorCreatingClient": "Errore nella creazione del client",
+    "clientDefaultsNotFound": "Impostazioni predefinite del client non trovate",
+    "createClient": "Crea Cliente",
+    "createClientDescription": "Crea un nuovo cliente per connettersi ai tuoi siti",
+    "seeAllClients": "Vedi Tutti i Clienti",
+    "clientInformation": "Informazioni sul Cliente",
+    "clientNamePlaceholder": "Nome Cliente",
+    "address": "Indirizzo",
+    "subnetPlaceholder": "Sottorete",
+    "addressDescription": "L'indirizzo che questo cliente utilizzerà per la connettività",
+    "selectSites": "Seleziona siti",
+    "sitesDescription": "Il cliente avrà connettività ai siti selezionati",
+    "clientInstallOlm": "Installa Olm",
+    "clientInstallOlmDescription": "Avvia Olm sul tuo sistema",
+    "clientOlmCredentials": "Credenziali Olm",
+    "clientOlmCredentialsDescription": "Ecco come Olm si autenticherà con il server",
+    "olmEndpoint": "Endpoint Olm",
+    "olmId": "ID Olm",
+    "olmSecretKey": "Chiave Segreta Olm",
+    "clientCredentialsSave": "Salva le Tue Credenziali",
+    "clientCredentialsSaveDescription": "Potrai vederlo solo una volta. Assicurati di copiarlo in un luogo sicuro.",
+    "generalSettingsDescription": "Configura le impostazioni generali per questo cliente",
+    "clientUpdated": "Cliente aggiornato",
+    "clientUpdatedDescription": "Il cliente è stato aggiornato.",
+    "clientUpdateFailed": "Impossibile aggiornare il cliente",
+    "clientUpdateError": "Si è verificato un errore durante l'aggiornamento del cliente.",
+    "sitesFetchFailed": "Impossibile recuperare i siti",
+    "sitesFetchError": "Si è verificato un errore durante il recupero dei siti.",
+    "olmErrorFetchReleases": "Si è verificato un errore durante il recupero delle versioni di Olm.",
+    "olmErrorFetchLatest": "Si è verificato un errore durante il recupero dell'ultima versione di Olm.",
+    "remoteSubnets": "Sottoreti Remote",
+    "enterCidrRange": "Inserisci l'intervallo CIDR",
+    "remoteSubnetsDescription": "Aggiungi intervalli CIDR che possono essere accessibili da questo sito in remoto utilizzando i client. Usa il formato come 10.0.0.0/24. Questo si applica SOLO alla connettività del client VPN.",
+    "resourceEnableProxy": "Abilita Proxy Pubblico",
+    "resourceEnableProxyDescription": "Abilita il proxy pubblico a questa risorsa. Consente l'accesso alla risorsa dall'esterno della rete tramite il cloud su una porta aperta. Richiede la configurazione di Traefik.",
+    "externalProxyEnabled": "Proxy Esterno Abilitato",
+    "addNewTarget": "Aggiungi Nuovo Target",
+    "targetsList": "Elenco dei Target",
+    "advancedMode": "Modalità Avanzata",
+    "targetErrorDuplicateTargetFound": "Target duplicato trovato",
+    "healthCheckHealthy": "Sano",
+    "healthCheckUnhealthy": "Non Sano",
+    "healthCheckUnknown": "Sconosciuto",
+    "healthCheck": "Controllo Salute",
+    "configureHealthCheck": "Configura Controllo Salute",
+    "configureHealthCheckDescription": "Imposta il monitoraggio della salute per {target}",
+    "enableHealthChecks": "Abilita i Controlli di Salute",
+    "enableHealthChecksDescription": "Monitorare lo stato di salute di questo obiettivo. Se necessario, è possibile monitorare un endpoint diverso da quello del bersaglio.",
+    "healthScheme": "Metodo",
+    "healthSelectScheme": "Seleziona Metodo",
+    "healthCheckPath": "Percorso",
+    "healthHostname": "IP / Nome host",
+    "healthPort": "Porta",
+    "healthCheckPathDescription": "Percorso per verificare lo stato di salute.",
+    "healthyIntervalSeconds": "Intervallo Sano",
+    "unhealthyIntervalSeconds": "Intervallo Non Sano",
+    "IntervalSeconds": "Intervallo Sano",
+    "timeoutSeconds": "Timeout",
+    "timeIsInSeconds": "Il tempo è in secondi",
+    "retryAttempts": "Tentativi di Riprova",
+    "expectedResponseCodes": "Codici di Risposta Attesi",
+    "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",
+    "customHeaders": "Intestazioni Personalizzate",
+    "customHeadersDescription": "Intestazioni nuova riga separate: Intestazione-Nome: valore",
+    "headersValidationError": "Le intestazioni devono essere nel formato: Intestazione-Nome: valore.",
+    "saveHealthCheck": "Salva Controllo Salute",
+    "healthCheckSaved": "Controllo Salute Salvato",
+    "healthCheckSavedDescription": "La configurazione del controllo salute è stata salvata con successo",
+    "healthCheckError": "Errore Controllo Salute",
+    "healthCheckErrorDescription": "Si è verificato un errore durante il salvataggio della configurazione del controllo salute.",
+    "healthCheckPathRequired": "Il percorso del controllo salute è richiesto",
+    "healthCheckMethodRequired": "Metodo HTTP richiesto",
+    "healthCheckIntervalMin": "L'intervallo del controllo deve essere almeno di 5 secondi",
+    "healthCheckTimeoutMin": "Il timeout deve essere di almeno 1 secondo",
+    "healthCheckRetryMin": "I tentativi di riprova devono essere almeno 1",
+    "httpMethod": "Metodo HTTP",
+    "selectHttpMethod": "Seleziona metodo HTTP",
+    "domainPickerSubdomainLabel": "Sottodominio",
+    "domainPickerBaseDomainLabel": "Dominio Base",
+    "domainPickerSearchDomains": "Cerca domini...",
+    "domainPickerNoDomainsFound": "Nessun dominio trovato",
+    "domainPickerLoadingDomains": "Caricamento domini...",
+    "domainPickerSelectBaseDomain": "Seleziona dominio base...",
+    "domainPickerNotAvailableForCname": "Non disponibile per i domini CNAME",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Inserisci un sottodominio o lascia vuoto per utilizzare il dominio base.",
+    "domainPickerEnterSubdomainToSearch": "Inserisci un sottodominio per cercare e selezionare dai domini gratuiti disponibili.",
+    "domainPickerFreeDomains": "Domini Gratuiti",
+    "domainPickerSearchForAvailableDomains": "Cerca domini disponibili",
+    "domainPickerNotWorkSelfHosted": "Nota: I domini forniti gratuitamente non sono disponibili per le istanze self-hosted al momento.",
+    "resourceDomain": "Dominio",
+    "resourceEditDomain": "Modifica Dominio",
+    "siteName": "Nome del Sito",
+    "proxyPort": "Porta",
+    "resourcesTableProxyResources": "Risorse Proxy",
+    "resourcesTableClientResources": "Risorse Client",
+    "resourcesTableNoProxyResourcesFound": "Nessuna risorsa proxy trovata.",
+    "resourcesTableNoInternalResourcesFound": "Nessuna risorsa interna trovata.",
+    "resourcesTableDestination": "Destinazione",
+    "resourcesTableTheseResourcesForUseWith": "Queste risorse sono per uso con",
+    "resourcesTableClients": "Client",
+    "resourcesTableAndOnlyAccessibleInternally": "e sono accessibili solo internamente quando connessi con un client.",
+    "editInternalResourceDialogEditClientResource": "Modifica Risorsa Client",
+    "editInternalResourceDialogUpdateResourceProperties": "Aggiorna le proprietà della risorsa e la configurazione del target per {resourceName}.",
+    "editInternalResourceDialogResourceProperties": "Proprietà della Risorsa",
+    "editInternalResourceDialogName": "Nome",
+    "editInternalResourceDialogProtocol": "Protocollo",
+    "editInternalResourceDialogSitePort": "Porta del Sito",
+    "editInternalResourceDialogTargetConfiguration": "Configurazione Target",
+    "editInternalResourceDialogCancel": "Annulla",
+    "editInternalResourceDialogSaveResource": "Salva Risorsa",
+    "editInternalResourceDialogSuccess": "Successo",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Risorsa interna aggiornata con successo",
+    "editInternalResourceDialogError": "Errore",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Impossibile aggiornare la risorsa interna",
+    "editInternalResourceDialogNameRequired": "Il nome è obbligatorio",
+    "editInternalResourceDialogNameMaxLength": "Il nome deve essere inferiore a 255 caratteri",
+    "editInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1",
+    "editInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido",
+    "editInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1",
+    "editInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536",
+    "createInternalResourceDialogNoSitesAvailable": "Nessun Sito Disponibile",
+    "createInternalResourceDialogNoSitesAvailableDescription": "Devi avere almeno un sito Newt con una subnet configurata per creare risorse interne.",
+    "createInternalResourceDialogClose": "Chiudi",
+    "createInternalResourceDialogCreateClientResource": "Crea Risorsa Client",
+    "createInternalResourceDialogCreateClientResourceDescription": "Crea una nuova risorsa che sarà accessibile ai client connessi al sito selezionato.",
+    "createInternalResourceDialogResourceProperties": "Proprietà della Risorsa",
+    "createInternalResourceDialogName": "Nome",
+    "createInternalResourceDialogSite": "Sito",
+    "createInternalResourceDialogSelectSite": "Seleziona sito...",
+    "createInternalResourceDialogSearchSites": "Cerca siti...",
+    "createInternalResourceDialogNoSitesFound": "Nessun sito trovato.",
+    "createInternalResourceDialogProtocol": "Protocollo",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Porta del Sito",
+    "createInternalResourceDialogSitePortDescription": "Usa questa porta per accedere alla risorsa nel sito quando sei connesso con un client.",
+    "createInternalResourceDialogTargetConfiguration": "Configurazione Target",
+    "createInternalResourceDialogDestinationIPDescription": "L'indirizzo IP o hostname della risorsa nella rete del sito.",
+    "createInternalResourceDialogDestinationPortDescription": "La porta sull'IP di destinazione dove la risorsa è accessibile.",
+    "createInternalResourceDialogCancel": "Annulla",
+    "createInternalResourceDialogCreateResource": "Crea Risorsa",
+    "createInternalResourceDialogSuccess": "Successo",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Risorsa interna creata con successo",
+    "createInternalResourceDialogError": "Errore",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Impossibile creare la risorsa interna",
+    "createInternalResourceDialogNameRequired": "Il nome è obbligatorio",
+    "createInternalResourceDialogNameMaxLength": "Il nome non deve superare i 255 caratteri",
+    "createInternalResourceDialogPleaseSelectSite": "Si prega di selezionare un sito",
+    "createInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1",
+    "createInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido",
+    "createInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1",
+    "createInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536",
+    "siteConfiguration": "Configurazione",
+    "siteAcceptClientConnections": "Accetta Connessioni Client",
+    "siteAcceptClientConnectionsDescription": "Permetti ad altri dispositivi di connettersi attraverso questa istanza Newt come gateway utilizzando i client.",
+    "siteAddress": "Indirizzo del Sito",
+    "siteAddressDescription": "Specifica l'indirizzo IP dell'host a cui i client si collegano. Questo è l'indirizzo interno del sito nella rete Pangolin per indirizzare i client. Deve rientrare nella subnet dell'Organizzazione.",
+    "autoLoginExternalIdp": "Accesso Automatico con IDP Esterno",
+    "autoLoginExternalIdpDescription": "Reindirizzare immediatamente l'utente all'IDP esterno per l'autenticazione.",
+    "selectIdp": "Seleziona IDP",
+    "selectIdpPlaceholder": "Scegli un IDP...",
+    "selectIdpRequired": "Si prega di selezionare un IDP quando l'accesso automatico è abilitato.",
+    "autoLoginTitle": "Reindirizzamento",
+    "autoLoginDescription": "Reindirizzandoti al provider di identità esterno per l'autenticazione.",
+    "autoLoginProcessing": "Preparazione dell'autenticazione...",
+    "autoLoginRedirecting": "Reindirizzamento al login...",
+    "autoLoginError": "Errore di Accesso Automatico",
+    "autoLoginErrorNoRedirectUrl": "Nessun URL di reindirizzamento ricevuto dal provider di identità.",
+    "autoLoginErrorGeneratingUrl": "Impossibile generare l'URL di autenticazione.",
+    "remoteExitNodeManageRemoteExitNodes": "Nodi Remoti",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Nodi",
+    "searchRemoteExitNodes": "Cerca nodi...",
+    "remoteExitNodeAdd": "Aggiungi Nodo",
+    "remoteExitNodeErrorDelete": "Errore nell'eliminare il nodo",
+    "remoteExitNodeQuestionRemove": "Sei sicuro di voler rimuovere il nodo {selectedNode} dall'organizzazione?",
+    "remoteExitNodeMessageRemove": "Una volta rimosso, il nodo non sarà più accessibile.",
+    "remoteExitNodeMessageConfirm": "Per confermare, digita il nome del nodo qui sotto.",
+    "remoteExitNodeConfirmDelete": "Conferma Eliminazione Nodo",
+    "remoteExitNodeDelete": "Elimina Nodo",
+    "sidebarRemoteExitNodes": "Nodi Remoti",
+    "remoteExitNodeCreate": {
+        "title": "Crea Nodo",
+        "description": "Crea un nuovo nodo per estendere la connettività di rete",
+        "viewAllButton": "Visualizza Tutti I Nodi",
+        "strategy": {
+            "title": "Strategia di Creazione",
+            "description": "Scegli questa opzione per configurare manualmente il nodo o generare nuove credenziali.",
+            "adopt": {
+                "title": "Adotta Nodo",
+                "description": "Scegli questo se hai già le credenziali per il nodo."
+            },
+            "generate": {
+                "title": "Genera Chiavi",
+                "description": "Scegli questa opzione se vuoi generare nuove chiavi per il nodo"
+            }
+        },
+        "adopt": {
+            "title": "Adotta Nodo Esistente",
+            "description": "Inserisci le credenziali del nodo esistente che vuoi adottare",
+            "nodeIdLabel": "ID Nodo",
+            "nodeIdDescription": "L'ID del nodo esistente che si desidera adottare",
+            "secretLabel": "Segreto",
+            "secretDescription": "La chiave segreta del nodo esistente",
+            "submitButton": "Adotta Nodo"
+        },
+        "generate": {
+            "title": "Credenziali Generate",
+            "description": "Usa queste credenziali generate per configurare il nodo",
+            "nodeIdTitle": "ID Nodo",
+            "secretTitle": "Segreto",
+            "saveCredentialsTitle": "Aggiungi Credenziali alla Configurazione",
+            "saveCredentialsDescription": "Aggiungi queste credenziali al tuo file di configurazione del nodo self-hosted Pangolin per completare la connessione.",
+            "submitButton": "Crea Nodo"
+        },
+        "validation": {
+            "adoptRequired": "L'ID del nodo e il segreto sono necessari quando si adotta un nodo esistente"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Caricamento impostazioni predefinite fallito",
+            "defaultsNotLoaded": "Impostazioni predefinite non caricate",
+            "createFailed": "Impossibile creare il nodo"
+        },
+        "success": {
+            "created": "Nodo creato con successo"
+        }
+    },
+    "remoteExitNodeSelection": "Selezione Nodo",
+    "remoteExitNodeSelectionDescription": "Seleziona un nodo per instradare il traffico per questo sito locale",
+    "remoteExitNodeRequired": "Un nodo deve essere selezionato per i siti locali",
+    "noRemoteExitNodesAvailable": "Nessun Nodo Disponibile",
+    "noRemoteExitNodesAvailableDescription": "Non ci sono nodi disponibili per questa organizzazione. Crea un nodo prima per usare i siti locali.",
+    "exitNode": "Nodo di Uscita",
+    "country": "Paese",
+    "rulesMatchCountry": "Attualmente basato sull'IP di origine",
+    "managedSelfHosted": {
+        "title": "Gestito Auto-Ospitato",
+        "description": "Server Pangolin self-hosted più affidabile e a bassa manutenzione con campanelli e fischietti extra",
+        "introTitle": "Managed Self-Hosted Pangolin",
+        "introDescription": "è un'opzione di distribuzione progettata per le persone che vogliono la semplicità e l'affidabilità extra mantenendo i loro dati privati e self-hosted.",
+        "introDetail": "Con questa opzione, esegui ancora il tuo nodo Pangolin — i tunnel, la terminazione SSL e il traffico rimangono tutti sul tuo server. La differenza è che la gestione e il monitoraggio sono gestiti attraverso il nostro cruscotto cloud, che sblocca una serie di vantaggi:",
+        "benefitSimplerOperations": {
+            "title": "Operazioni più semplici",
+            "description": "Non è necessario eseguire il proprio server di posta o impostare un avviso complesso. Otterrai controlli di salute e avvisi di inattività fuori dalla casella."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Aggiornamenti automatici",
+            "description": "Il cruscotto cloud si evolve rapidamente, in modo da ottenere nuove funzionalità e correzioni di bug senza dover tirare manualmente nuovi contenitori ogni volta."
+        },
+        "benefitLessMaintenance": {
+            "title": "Meno manutenzione",
+            "description": "Nessuna migrazione di database, backup o infrastruttura extra da gestire. Gestiamo questo problema nel cloud."
+        },
+        "benefitCloudFailover": {
+            "title": "failover del cloud",
+            "description": "Se il tuo nodo scende, i tuoi tunnel possono temporaneamente fallire nei nostri punti di presenza cloud fino a quando non lo riporti online."
+        },
+        "benefitHighAvailability": {
+            "title": "Alta disponibilità (PoPs)",
+            "description": "Puoi anche allegare più nodi al tuo account per ridondanza e prestazioni migliori."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Miglioramenti futuri",
+            "description": "Stiamo pianificando di aggiungere più strumenti di analisi, allerta e gestione per rendere la tua distribuzione ancora più robusta."
+        },
+        "docsAlert": {
+            "text": "Scopri di più sull'opzione Managed Self-Hosted nella nostra",
+            "documentation": "documentazione"
+        },
+        "convertButton": "Converti questo nodo in auto-ospitato gestito"
+    },
+    "internationaldomaindetected": "Dominio Internazionale Rilevato",
+    "willbestoredas": "Verrà conservato come:",
+    "roleMappingDescription": "Determinare come i ruoli sono assegnati agli utenti quando accedono quando è abilitata la fornitura automatica.",
+    "selectRole": "Seleziona un ruolo",
+    "roleMappingExpression": "Espressione",
+    "selectRolePlaceholder": "Scegli un ruolo",
+    "selectRoleDescription": "Seleziona un ruolo da assegnare a tutti gli utenti da questo provider di identità",
+    "roleMappingExpressionDescription": "Inserire un'espressione JMESPath per estrarre le informazioni sul ruolo dal token ID",
+    "idpTenantIdRequired": "L'ID dell'inquilino è obbligatorio",
+    "invalidValue": "Valore non valido",
+    "idpTypeLabel": "Tipo Provider Identità",
+    "roleMappingExpressionPlaceholder": "es. contiene(gruppi, 'admin') && 'Admin' <unk> <unk> 'Membro'",
+    "idpGoogleConfiguration": "Configurazione Google",
+    "idpGoogleConfigurationDescription": "Configura le tue credenziali di Google OAuth2",
+    "idpGoogleClientIdDescription": "Il Tuo Client Id Google OAuth2",
+    "idpGoogleClientSecretDescription": "Il Tuo Client Google OAuth2 Secret",
+    "idpAzureConfiguration": "Configurazione Azure Entra ID",
+    "idpAzureConfigurationDescription": "Configura le credenziali OAuth2 di Azure Entra ID",
+    "idpTenantId": "ID Tenant",
+    "idpTenantIdPlaceholder": "iltuo-inquilino-id",
+    "idpAzureTenantIdDescription": "Il tuo ID del tenant Azure (trovato nella panoramica di Azure Active Directory)",
+    "idpAzureClientIdDescription": "Il Tuo Id Client Registrazione App Azure",
+    "idpAzureClientSecretDescription": "Il Tuo Client Di Registrazione App Azure Secret",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Configurazione Google",
+    "idpAzureConfigurationTitle": "Configurazione Azure Entra ID",
+    "idpTenantIdLabel": "ID Tenant",
+    "idpAzureClientIdDescription2": "Il Tuo Id Client Registrazione App Azure",
+    "idpAzureClientSecretDescription2": "Il Tuo Client Di Registrazione App Azure Secret",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "Sottorete",
+    "subnetDescription": "La sottorete per la configurazione di rete di questa organizzazione.",
+    "authPage": "Pagina Autenticazione",
+    "authPageDescription": "Configura la pagina di autenticazione per la tua organizzazione",
+    "authPageDomain": "Dominio Pagina Auth",
+    "noDomainSet": "Nessun dominio impostato",
+    "changeDomain": "Cambia Dominio",
+    "selectDomain": "Seleziona Dominio",
+    "restartCertificate": "Riavvia Certificato",
+    "editAuthPageDomain": "Modifica Dominio Pagina Auth",
+    "setAuthPageDomain": "Imposta Dominio Pagina Autenticazione",
+    "failedToFetchCertificate": "Recupero del certificato non riuscito",
+    "failedToRestartCertificate": "Riavvio del certificato non riuscito",
+    "addDomainToEnableCustomAuthPages": "Aggiungi un dominio per abilitare le pagine di autenticazione personalizzate per la tua organizzazione",
+    "selectDomainForOrgAuthPage": "Seleziona un dominio per la pagina di autenticazione dell'organizzazione",
+    "domainPickerProvidedDomain": "Dominio Fornito",
+    "domainPickerFreeProvidedDomain": "Dominio Fornito Gratuito",
+    "domainPickerVerified": "Verificato",
+    "domainPickerUnverified": "Non Verificato",
+    "domainPickerInvalidSubdomainStructure": "Questo sottodominio contiene caratteri o struttura non validi. Sarà sanificato automaticamente quando si salva.",
+    "domainPickerError": "Errore",
+    "domainPickerErrorLoadDomains": "Impossibile caricare i domini dell'organizzazione",
+    "domainPickerErrorCheckAvailability": "Impossibile verificare la disponibilità del dominio",
+    "domainPickerInvalidSubdomain": "Sottodominio non valido",
+    "domainPickerInvalidSubdomainRemoved": "L'input \"{sub}\" è stato rimosso perché non è valido.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" non può essere reso valido per {domain}.",
+    "domainPickerSubdomainSanitized": "Sottodominio igienizzato",
+    "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\"",
+    "orgAuthSignInTitle": "Accedi alla tua organizzazione",
+    "orgAuthChooseIdpDescription": "Scegli il tuo provider di identità per continuare",
+    "orgAuthNoIdpConfigured": "Questa organizzazione non ha nessun provider di identità configurato. Puoi accedere con la tua identità Pangolin.",
+    "orgAuthSignInWithPangolin": "Accedi con Pangolino",
+    "subscriptionRequiredToUse": "Per utilizzare questa funzionalità è necessario un abbonamento.",
+    "idpDisabled": "I provider di identità sono disabilitati.",
+    "orgAuthPageDisabled": "La pagina di autenticazione dell'organizzazione è disabilitata.",
+    "domainRestartedDescription": "Verifica del dominio riavviata con successo",
+    "resourceAddEntrypointsEditFile": "Modifica file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Modifica file: docker-compose.yml",
+    "emailVerificationRequired": "Verifica via email. Effettua nuovamente il login via {dashboardUrl}/auth/login completa questo passaggio. Quindi, torna qui.",
+    "twoFactorSetupRequired": "È richiesta la configurazione di autenticazione a due fattori. Effettua nuovamente l'accesso tramite {dashboardUrl}/auth/login completa questo passaggio. Quindi, torna qui.",
+    "authPageErrorUpdateMessage": "Si è verificato un errore durante l'aggiornamento delle impostazioni della pagina di autenticazione",
+    "authPageUpdated": "Pagina di autenticazione aggiornata con successo",
+    "healthCheckNotAvailable": "Locale",
+    "rewritePath": "Riscrivi percorso",
+    "rewritePathDescription": "Riscrivi eventualmente il percorso prima di inoltrarlo al target.",
+    "continueToApplication": "Continua con l'applicazione",
+    "checkingInvite": "Controllo Invito",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Rimuovi Autenticazione Intestazione",
+    "resourceHeaderAuthRemoveDescription": "Autenticazione intestazione rimossa con successo.",
+    "resourceErrorHeaderAuthRemove": "Impossibile rimuovere l'autenticazione dell'intestazione",
+    "resourceErrorHeaderAuthRemoveDescription": "Impossibile rimuovere l'autenticazione dell'intestazione per la risorsa.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Impossibile impostare l'autenticazione dell'intestazione",
+    "resourceErrorHeaderAuthSetupDescription": "Impossibile impostare l'autenticazione dell'intestazione per la risorsa.",
+    "resourceHeaderAuthSetup": "Autenticazione intestazione impostata con successo",
+    "resourceHeaderAuthSetupDescription": "L'autenticazione dell'intestazione è stata impostata correttamente.",
+    "resourceHeaderAuthSetupTitle": "Imposta Autenticazione Intestazione",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Imposta Autenticazione Intestazione",
+    "actionSetResourceHeaderAuth": "Imposta Autenticazione Intestazione",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Priorità",
+    "priorityDescription": "I percorsi prioritari più alti sono valutati prima. Priorità = 100 significa ordinamento automatico (decidi di sistema). Usa un altro numero per applicare la priorità manuale.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/ko-KR.json

@@ -59,7 +59,6 @@
     "siteErrorCreate": "사이트 생성 오류",
     "siteErrorCreateKeyPair": "키 쌍 또는 사이트 기본값을 찾을 수 없습니다",
     "siteErrorCreateDefaults": "사이트 기본값을 찾을 수 없습니다",
-    "siteNameDescription": "이것은 사이트의 표시 이름입니다.",
     "method": "방법",
     "siteMethodDescription": "이것이 연결을 노출하는 방법입니다.",
     "siteLearnNewt": "시스템에 Newt 설치하는 방법 배우기",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "네트워크에 대한 진입점을 생성하는 가장 쉬운 방법입니다. 추가 설정이 필요 없습니다.",
     "siteWg": "기본 WireGuard",
     "siteWgDescription": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다.",
+    "siteWgDescriptionSaas": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다. 자체 호스팅 노드에서만 작동합니다.",
     "siteLocalDescription": "로컬 리소스만 사용 가능합니다. 터널링이 없습니다.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "모든 사이트 보기",
     "siteTunnelDescription": "사이트에 연결하는 방법을 결정하세요",
     "siteNewtCredentials": "Newt 자격 증명",
@@ -167,7 +168,10 @@
     "siteSelect": "사이트 선택",
     "siteSearch": "사이트 검색",
     "siteNotFound": "사이트를 찾을 수 없습니다.",
-    "siteSelectionDescription": "이 사이트는 리소스에 대한 연결을 제공합니다.",
+    "selectCountry": "국가 선택하기",
+    "searchCountries": "국가 검색...",
+    "noCountryFound": "국가를 찾을 수 없습니다.",
+    "siteSelectionDescription": "이 사이트는 대상에 대한 연결을 제공합니다.",
     "resourceType": "리소스 유형",
     "resourceTypeDescription": "리소스에 접근하는 방법을 결정하세요",
     "resourceHTTPSSettings": "HTTPS 설정",
@@ -198,11 +202,13 @@
     "general": "일반",
     "generalSettings": "일반 설정",
     "proxy": "프록시",
+    "internal": "내부",
     "rules": "규칙",
     "resourceSettingDescription": "리소스의 설정을 구성하세요.",
     "resourceSetting": "{resourceName} 설정",
     "alwaysAllow": "항상 허용",
     "alwaysDeny": "항상 거부",
+    "passToAuth": "인증으로 전달",
     "orgSettingsDescription": "조직의 일반 설정을 구성하세요",
     "orgGeneralSettings": "조직 설정",
     "orgGeneralSettingsDescription": "조직 세부정보 및 구성을 관리하세요.",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "사용자를 역할에 추가하는 동안 오류가 발생했습니다.",
     "userSaved": "사용자 저장됨",
     "userSavedDescription": "사용자가 업데이트되었습니다.",
+    "autoProvisioned": "자동 프로비저닝됨",
+    "autoProvisionedDescription": "이 사용자가 ID 공급자에 의해 자동으로 관리될 수 있도록 허용합니다",
     "accessControlsDescription": "이 사용자가 조직에서 접근하고 수행할 수 있는 작업을 관리하세요",
     "accessControlsSubmit": "접근 제어 저장",
     "roles": "역할",
@@ -460,7 +468,10 @@
     "createdAt": "생성일",
     "proxyErrorInvalidHeader": "잘못된 사용자 정의 호스트 헤더 값입니다. 도메인 이름 형식을 사용하거나 사용자 정의 호스트 헤더를 해제하려면 비워 두십시오.",
     "proxyErrorTls": "유효하지 않은 TLS 서버 이름입니다. 도메인 이름 형식을 사용하거나 비워 두어 TLS 서버 이름을 제거하십시오.",
-    "proxyEnableSSL": "SSL 활성화 (https)",
+    "proxyEnableSSL": "SSL 활성화",
+    "proxyEnableSSLDescription": "대상에 대한 안전한 HTTPS 연결을 위해 SSL/TLS 암호화를 활성화하세요.",
+    "target": "대상",
+    "configureTarget": "대상 구성",
     "targetErrorFetch": "대상 가져오는 데 실패했습니다.",
     "targetErrorFetchDescription": "대상 가져오는 중 오류가 발생했습니다",
     "siteErrorFetch": "리소스를 가져오는 데 실패했습니다",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "보안 연결 구성",
     "targetTlsSettingsDescription": "리소스에 대한 SSL/TLS 설정 구성",
     "targetTlsSettingsAdvanced": "고급 TLS 설정",
-    "targetTlsSni": "TLS 서버 이름 (SNI)",
+    "targetTlsSni": "TLS 서버 이름",
     "targetTlsSniDescription": "SNI에 사용할 TLS 서버 이름. 기본값을 사용하려면 비워 두십시오.",
     "targetTlsSubmit": "설정 저장",
     "targets": "대상 구성",
-    "targetsDescription": "서비스로 트래픽을 라우팅할 대상을 설정하십시오",
+    "targetsDescription": "사용자 백엔드 서비스로 트래픽을 라우팅할 대상을 설정하십시오.",
     "targetStickySessions": "스티키 세션 활성화",
     "targetStickySessionsDescription": "세션 전체 동안 동일한 백엔드 대상을 유지합니다.",
     "methodSelect": "선택 방법",
     "targetSubmit": "대상 추가",
-    "targetNoOne": "대상이 없습니다. 양식을 사용하여 대상을 추가하세요.",
+    "targetNoOne": "이 리소스에는 대상이 없습니다. 백엔드로 요청을 보내려면 대상을 추가하세요.",
     "targetNoOneDescription": "위에 하나 이상의 대상을 추가하면 로드 밸런싱이 활성화됩니다.",
     "targetsSubmit": "대상 저장",
+    "addTarget": "대상 추가",
+    "targetErrorInvalidIp": "유효하지 않은 IP 주소",
+    "targetErrorInvalidIpDescription": "유효한 IP 주소 또는 호스트 이름을 입력하세요.",
+    "targetErrorInvalidPort": "유효하지 않은 포트",
+    "targetErrorInvalidPortDescription": "유효한 포트 번호를 입력하세요.",
+    "targetErrorNoSite": "선택된 사이트 없음",
+    "targetErrorNoSiteDescription": "대상을 위해 사이트를 선택하세요.",
+    "targetCreated": "대상 생성",
+    "targetCreatedDescription": "대상이 성공적으로 생성되었습니다.",
+    "targetErrorCreate": "대상 생성 실패",
+    "targetErrorCreateDescription": "대상 생성 중 오류가 발생했습니다.",
+    "save": "저장",
     "proxyAdditional": "추가 프록시 설정",
     "proxyAdditionalDescription": "리소스가 프록시 설정을 처리하는 방법 구성",
     "proxyCustomHeader": "사용자 정의 호스트 헤더",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "잘못된 IP 주소 형식",
     "ipAddressErrorInvalidOctet": "유효하지 않은 IP 주소 옥텟",
     "path": "경로",
+    "matchPath": "경로 맞춤",
     "ipAddressRange": "IP 범위",
     "rulesErrorFetch": "규칙을 가져오는 데 실패했습니다.",
     "rulesErrorFetchDescription": "규칙을 가져오는 중 오류가 발생했습니다",
@@ -543,6 +567,7 @@
     "rulesActions": "작업",
     "rulesActionAlwaysAllow": "항상 허용: 모든 인증 방법 우회",
     "rulesActionAlwaysDeny": "항상 거부: 모든 요청을 차단합니다. 인증을 시도할 수 없습니다.",
+    "rulesActionPassToAuth": "인증으로 전달: 인증 방법 시도를 허용합니다",
     "rulesMatchCriteria": "일치 기준",
     "rulesMatchCriteriaIpAddress": "특정 IP 주소와 일치",
     "rulesMatchCriteriaIpAddressRange": "CIDR 표기법으로 IP 주소 범위를 일치시킵니다",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "서버 관리자 - 판골린",
     "licenseTierProfessional": "전문 라이센스",
     "licenseTierEnterprise": "기업 라이선스",
-    "licenseTierCommercial": "상업용 라이선스",
+    "licenseTierPersonal": "Personal License",
     "licensed": "라이센스",
     "yes": "예",
     "no": "아니요",
@@ -740,7 +765,7 @@
     "idpDisplayName": "이 신원 공급자를 위한 표시 이름",
     "idpAutoProvisionUsers": "사용자 자동 프로비저닝",
     "idpAutoProvisionUsersDescription": "활성화되면 사용자가 첫 로그인 시 시스템에 자동으로 생성되며, 사용자와 역할 및 조직을 매핑할 수 있습니다.",
-    "licenseBadge": "전문가",
+    "licenseBadge": "EE",
     "idpType": "제공자 유형",
     "idpTypeDescription": "구성할 ID 공급자의 유형을 선택하십시오.",
     "idpOidcConfigure": "OAuth2/OIDC 구성",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "PIN은 정확히 6자리여야 합니다",
     "pincodeRequirementsChars": "PIN은 숫자만 포함해야 합니다.",
     "passwordRequirementsLength": "비밀번호는 최소 1자 이상이어야 합니다",
+    "passwordRequirementsTitle": "비밀번호 요구사항:",
+    "passwordRequirementLength": "최소 8자 이상",
+    "passwordRequirementUppercase": "최소 대문자 하나",
+    "passwordRequirementLowercase": "최소 소문자 하나",
+    "passwordRequirementNumber": "최소 숫자 하나",
+    "passwordRequirementSpecial": "최소 특수 문자 하나",
+    "passwordRequirementsMet": "✓ 비밀번호가 모든 요구사항을 충족합니다.",
+    "passwordStrength": "비밀번호 강도",
+    "passwordStrengthWeak": "약함",
+    "passwordStrengthMedium": "보통",
+    "passwordStrengthStrong": "강함",
+    "passwordRequirements": "요구 사항:",
+    "passwordRequirementLengthText": "8자 이상",
+    "passwordRequirementUppercaseText": "대문자 (A-Z)",
+    "passwordRequirementLowercaseText": "소문자 (a-z)",
+    "passwordRequirementNumberText": "숫자 (0-9)",
+    "passwordRequirementSpecialText": "특수 문자 (!@#$%...)",
+    "passwordsDoNotMatch": "비밀번호가 일치하지 않습니다.",
     "otpEmailRequirementsLength": "OTP는 최소 1자 이상이어야 합니다",
     "otpEmailSent": "OTP 전송됨",
     "otpEmailSentDescription": "OTP가 귀하의 이메일로 전송되었습니다.",
@@ -953,12 +996,15 @@
     "logoutError": "로그아웃 중 오류 발생",
     "signingAs": "로그인한 사용자",
     "serverAdmin": "서버 관리자",
+    "managedSelfhosted": "관리 자체 호스팅",
     "otpEnable": "이중 인증 활성화",
     "otpDisable": "이중 인증 비활성화",
     "logout": "로그 아웃",
     "licenseTierProfessionalRequired": "전문 에디션이 필요합니다.",
     "licenseTierProfessionalRequiredDescription": "이 기능은 Professional Edition에서만 사용할 수 있습니다.",
     "actionGetOrg": "조직 가져오기",
+    "updateOrgUser": "조직 사용자 업데이트",
+    "createOrgUser": "조직 사용자 생성",
     "actionUpdateOrg": "조직 업데이트",
     "actionUpdateUser": "사용자 업데이트",
     "actionGetUser": "사용자 조회",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "사이트 삭제",
     "actionGetSite": "사이트 가져오기",
     "actionListSites": "사이트 목록",
+    "actionApplyBlueprint": "청사진 적용",
+    "setupToken": "설정 토큰",
+    "setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.",
+    "setupTokenRequired": "설정 토큰이 필요합니다",
     "actionUpdateSite": "사이트 업데이트",
     "actionListSiteRoles": "허용된 사이트 역할 목록",
     "actionCreateResource": "리소스 생성",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "IDP 조직 정책 삭제",
     "actionListIdpOrgs": "IDP 조직 목록",
     "actionUpdateIdpOrg": "IDP 조직 업데이트",
+    "actionCreateClient": "클라이언트 생성",
+    "actionDeleteClient": "클라이언트 삭제",
+    "actionUpdateClient": "클라이언트 업데이트",
+    "actionListClients": "클라이언트 목록",
+    "actionGetClient": "클라이언트 가져오기",
+    "actionCreateSiteResource": "사이트 리소스 생성",
+    "actionDeleteSiteResource": "사이트 리소스 삭제",
+    "actionGetSiteResource": "사이트 리소스 가져오기",
+    "actionListSiteResources": "사이트 리소스 목록",
+    "actionUpdateSiteResource": "사이트 리소스 업데이트",
+    "actionListInvitations": "초대 목록",
     "noneSelected": "선택된 항목 없음",
     "orgNotFound2": "조직이 없습니다.",
     "searchProgress": "검색...",
@@ -1038,7 +1099,6 @@
     "navbar": "탐색 메뉴",
     "navbarDescription": "애플리케이션의 주요 탐색 메뉴",
     "navbarDocsLink": "문서",
-    "commercialEdition": "상업용 에디션",
     "otpErrorEnable": "2FA를 활성화할 수 없습니다.",
     "otpErrorEnableDescription": "2FA를 활성화하는 동안 오류가 발생했습니다",
     "otpSetupCheckCode": "6자리 코드를 입력하세요",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "모든 사용자",
     "sidebarIdentityProviders": "신원 공급자",
     "sidebarLicense": "라이선스",
-    "sidebarClients": "클라이언트",
+    "sidebarClients": "Clients",
     "sidebarDomains": "도메인",
-    "enableDockerSocket": "Docker 소켓 활성화",
-    "enableDockerSocketDescription": "컨테이너 정보를 채우기 위해 Docker 소켓 검색을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
+    "enableDockerSocket": "Docker 청사진 활성화",
+    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 수집을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
     "enableDockerSocketLink": "자세히 알아보기",
     "viewDockerContainers": "도커 컨테이너 보기",
     "containersIn": "{siteName}의 컨테이너",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "단일 도메인 (CNAME)",
     "selectDomainTypeCnameDescription": "단일 하위 도메인 또는 특정 도메인 항목에 사용됩니다.",
     "selectDomainTypeWildcardName": "와일드카드 도메인",
-    "selectDomainTypeWildcardDescription": "이 도메인과 그 첫 번째 레벨의 하위 도메인입니다.",
+    "selectDomainTypeWildcardDescription": "이 도메인 및 그 하위 도메인.",
     "domainDelegation": "단일 도메인",
     "selectType": "유형 선택",
     "actions": "작업",
@@ -1196,22 +1256,64 @@
     "sidebarExpand": "확장하기",
     "newtUpdateAvailable": "업데이트 가능",
     "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
-    "domainPickerEnterDomain": "도메인 입력",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, 또는 그냥 myapp",
-    "domainPickerDescription": "Enter the full domain of the resource to see available options.",
-    "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
+    "domainPickerEnterDomain": "도메인",
+    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.",
+    "domainPickerDescriptionSaas": "전체 도메인, 서브도메인 또는 이름을 입력하여 사용 가능한 옵션을 확인하십시오.",
     "domainPickerTabAll": "모두",
     "domainPickerTabOrganization": "조직",
     "domainPickerTabProvided": "제공 됨",
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "가용성을 확인 중...",
-    "domainPickerNoMatchingDomains": "\"{userInput}\"에 해당하는 도메인을 찾을 수 없습니다. 다른 도메인을 시도하거나 조직의 도메인 설정을 확인하세요.",
+    "domainPickerNoMatchingDomains": "일치하는 도메인을 찾을 수 없습니다. 다른 도메인을 시도하거나 조직의 도메인 설정을 확인하십시오.",
     "domainPickerOrganizationDomains": "조직 도메인",
     "domainPickerProvidedDomains": "제공된 도메인",
     "domainPickerSubdomain": "서브도메인: {subdomain}",
     "domainPickerNamespace": "이름 공간: {namespace}",
     "domainPickerShowMore": "더보기",
+    "regionSelectorTitle": "지역 선택",
+    "regionSelectorInfo": "지역을 선택하면 위치에 따라 더 나은 성능이 제공됩니다. 서버와 같은 지역에 있을 필요는 없습니다.",
+    "regionSelectorPlaceholder": "지역 선택",
+    "regionSelectorComingSoon": "곧 출시 예정",
+    "billingLoadingSubscription": "구독 불러오는 중...",
+    "billingFreeTier": "무료 티어",
+    "billingWarningOverLimit": "경고: 하나 이상의 사용 한도를 초과했습니다. 구독을 수정하거나 사용량을 조정하기 전까지 사이트는 연결되지 않습니다.",
+    "billingUsageLimitsOverview": "사용 한도 개요",
+    "billingMonitorUsage": "설정된 한도에 대한 사용량을 모니터링합니다. 한도를 늘려야 하는 경우 support@pangolin.net로 연락하십시오.",
+    "billingDataUsage": "데이터 사용량",
+    "billingOnlineTime": "사이트 온라인 시간",
+    "billingUsers": "활성 사용자",
+    "billingDomains": "활성 도메인",
+    "billingRemoteExitNodes": "활성 자체 호스팅 노드",
+    "billingNoLimitConfigured": "구성된 한도가 없습니다.",
+    "billingEstimatedPeriod": "예상 청구 기간",
+    "billingIncludedUsage": "포함 사용량",
+    "billingIncludedUsageDescription": "현재 구독 계획에 포함된 사용량",
+    "billingFreeTierIncludedUsage": "무료 티어 사용 허용량",
+    "billingIncluded": "포함됨",
+    "billingEstimatedTotal": "예상 총액:",
+    "billingNotes": "노트",
+    "billingEstimateNote": "현재 사용량을 기반으로 한 추정치입니다.",
+    "billingActualChargesMayVary": "실제 청구 금액은 다를 수 있습니다.",
+    "billingBilledAtEnd": "청구 기간이 끝난 후 청구됩니다.",
+    "billingModifySubscription": "구독 수정",
+    "billingStartSubscription": "구독 시작",
+    "billingRecurringCharge": "반복 요금",
+    "billingManageSubscriptionSettings": "구독 설정 및 기본 설정을 관리합니다",
+    "billingNoActiveSubscription": "활성 구독이 없습니다. 사용 한도를 늘리려면 구독을 시작하십시오.",
+    "billingFailedToLoadSubscription": "구독을 불러오는 데 실패했습니다.",
+    "billingFailedToLoadUsage": "사용량을 불러오는 데 실패했습니다.",
+    "billingFailedToGetCheckoutUrl": "체크아웃 URL을 가져오는 데 실패했습니다.",
+    "billingPleaseTryAgainLater": "나중에 다시 시도하십시오.",
+    "billingCheckoutError": "체크아웃 오류",
+    "billingFailedToGetPortalUrl": "포털 URL을 가져오는 데 실패했습니다.",
+    "billingPortalError": "포털 오류",
+    "billingDataUsageInfo": "클라우드에 연결할 때 보안 터널을 통해 전송된 모든 데이터에 대해 비용이 청구됩니다. 여기에는 모든 사이트의 들어오고 나가는 트래픽이 포함됩니다. 사용량 한도에 도달하면 플랜을 업그레이드하거나 사용량을 줄일 때까지 사이트가 연결 해제됩니다. 노드를 사용하는 경우 데이터는 요금이 청구되지 않습니다.",
+    "billingOnlineTimeInfo": "사이트가 클라우드에 연결된 시간에 따라 요금이 청구됩니다. 예를 들어, 44,640분은 사이트가 한 달 내내 24시간 작동하는 것과 같습니다. 사용량 한도에 도달하면 플랜을 업그레이드하거나 사용량을 줄일 때까지 사이트가 연결 해제됩니다. 노드를 사용할 때 시간은 요금이 청구되지 않습니다.",
+    "billingUsersInfo": "조직의 사용자마다 요금이 청구됩니다. 청구는 조직의 활성 사용자 계정 수에 따라 매일 계산됩니다.",
+    "billingDomainInfo": "조직의 도메인마다 요금이 청구됩니다. 청구는 조직의 활성 도메인 계정 수에 따라 매일 계산됩니다.",
+    "billingRemoteExitNodesInfo": "조직의 관리 노드마다 요금이 청구됩니다. 청구는 조직의 활성 관리 노드 수에 따라 매일 계산됩니다.",
     "domainNotFound": "도메인을 찾을 수 없습니다",
     "domainNotFoundDescription": "이 리소스는 도메인이 더 이상 시스템에 존재하지 않아 비활성화되었습니다. 이 리소스에 대한 새 도메인을 설정하세요.",
     "failed": "실패",
@@ -1232,7 +1334,7 @@
     "securityKeyRemoveSuccess": "보안 키가 성공적으로 제거되었습니다",
     "securityKeyRemoveError": "보안 키 제거 실패",
     "securityKeyLoadError": "보안 키를 불러오는 데 실패했습니다",
-    "securityKeyLogin": "Continue with security key",
+    "securityKeyLogin": "보안 키로 계속하기",
     "securityKeyAuthError": "보안 키를 사용한 인증 실패",
     "securityKeyRecommendation": "항상 계정에 액세스할 수 있도록 다른 장치에 백업 보안 키를 등록하세요.",
     "registering": "등록 중...",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "보안 키를 등록하려면 이중 인증이 필요합니다.",
     "twoFactor": "이중 인증",
     "adminEnabled2FaOnYourAccount": "관리자가 {email}에 대한 이중 인증을 활성화했습니다. 계속하려면 설정을 완료하세요.",
-    "continueToApplication": "응용 프로그램으로 계속",
     "securityKeyAdd": "보안 키 추가",
     "securityKeyRegisterTitle": "새 보안 키 등록",
     "securityKeyRegisterDescription": "보안 키를 연결하고 식별할 이름을 입력하세요.",
@@ -1266,6 +1367,7 @@
     "createDomainName": "이름:",
     "createDomainValue": "값:",
     "createDomainCnameRecords": "CNAME 레코드",
+    "createDomainARecords": "A 레코드",
     "createDomainRecordNumber": "레코드 {number}",
     "createDomainTxtRecords": "TXT 레코드",
     "createDomainSaveTheseRecords": "이 레코드 저장",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "DNS 전파",
     "createDomainDnsPropagationDescription": "DNS 변경 사항은 인터넷 전체에 전파되는 데 시간이 걸립니다. DNS 제공자와 TTL 설정에 따라 몇 분에서 48시간까지 걸릴 수 있습니다.",
     "resourcePortRequired": "HTTP 리소스가 아닌 경우 포트 번호가 필요합니다",
-    "resourcePortNotAllowed": "HTTP 리소스에 대해 포트 번호를 설정하지 마세요"
+    "resourcePortNotAllowed": "HTTP 리소스에 대해 포트 번호를 설정하지 마세요",
+    "billingPricingCalculatorLink": "가격 계산기",
+    "signUpTerms": {
+        "IAgreeToThe": "동의합니다",
+        "termsOfService": "서비스 약관",
+        "and": "및",
+        "privacyPolicy": "개인 정보 보호 정책"
+    },
+    "siteRequired": "사이트가 필요합니다.",
+    "olmTunnel": "Olm 터널",
+    "olmTunnelDescription": "클라이언트 연결에 Olm 사용",
+    "errorCreatingClient": "클라이언트 생성 오류",
+    "clientDefaultsNotFound": "클라이언트 기본값을 찾을 수 없습니다.",
+    "createClient": "클라이언트 생성",
+    "createClientDescription": "사이트에 연결하기 위한 새 클라이언트를 생성하십시오.",
+    "seeAllClients": "모든 클라이언트 보기",
+    "clientInformation": "클라이언트 정보",
+    "clientNamePlaceholder": "클라이언트 이름",
+    "address": "주소",
+    "subnetPlaceholder": "서브넷",
+    "addressDescription": "이 클라이언트가 연결에 사용할 주소",
+    "selectSites": "사이트 선택",
+    "sitesDescription": "클라이언트는 선택한 사이트에 연결됩니다.",
+    "clientInstallOlm": "Olm 설치",
+    "clientInstallOlmDescription": "시스템에서 Olm을 실행하기",
+    "clientOlmCredentials": "Olm 자격 증명",
+    "clientOlmCredentialsDescription": "Olm이 서버와 인증하는 방법입니다.",
+    "olmEndpoint": "Olm 엔드포인트",
+    "olmId": "Olm ID",
+    "olmSecretKey": "Olm 비밀 키",
+    "clientCredentialsSave": "자격 증명 저장",
+    "clientCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
+    "generalSettingsDescription": "이 클라이언트에 대한 일반 설정을 구성하세요.",
+    "clientUpdated": "클라이언트 업데이트됨",
+    "clientUpdatedDescription": "클라이언트가 업데이트되었습니다.",
+    "clientUpdateFailed": "클라이언트 업데이트 실패",
+    "clientUpdateError": "클라이언트 업데이트 중 오류가 발생했습니다.",
+    "sitesFetchFailed": "사이트 가져오기 실패",
+    "sitesFetchError": "사이트 가져오는 중 오류가 발생했습니다.",
+    "olmErrorFetchReleases": "Olm 릴리즈 가져오는 중 오류가 발생했습니다.",
+    "olmErrorFetchLatest": "최신 Olm 릴리즈 가져오는 중 오류가 발생했습니다.",
+    "remoteSubnets": "원격 서브넷",
+    "enterCidrRange": "CIDR 범위 입력",
+    "remoteSubnetsDescription": "이 사이트에서 원격으로 액세스할 수 있는 CIDR 범위를 추가하세요. 10.0.0.0/24와 같은 형식을 사용하세요. 이는 VPN 클라이언트 연결에만 적용됩니다.",
+    "resourceEnableProxy": "공개 프록시 사용",
+    "resourceEnableProxyDescription": "이 리소스에 대한 공개 프록시를 활성화하십시오. 이를 통해 네트워크 외부로부터 클라우드를 통해 열린 포트에서 리소스에 액세스할 수 있습니다. Traefik 구성이 필요합니다.",
+    "externalProxyEnabled": "외부 프록시 활성화됨",
+    "addNewTarget": "새 대상 추가",
+    "targetsList": "대상 목록",
+    "advancedMode": "고급 모드",
+    "targetErrorDuplicateTargetFound": "중복 대상 발견",
+    "healthCheckHealthy": "정상",
+    "healthCheckUnhealthy": "비정상",
+    "healthCheckUnknown": "알 수 없음",
+    "healthCheck": "상태 확인",
+    "configureHealthCheck": "상태 확인 설정",
+    "configureHealthCheckDescription": "{target}에 대한 상태 모니터링 설정",
+    "enableHealthChecks": "상태 확인 활성화",
+    "enableHealthChecksDescription": "이 대상을 모니터링하여 건강 상태를 확인하세요. 필요에 따라 대상과 다른 엔드포인트를 모니터링할 수 있습니다.",
+    "healthScheme": "방법",
+    "healthSelectScheme": "방법 선택",
+    "healthCheckPath": "경로",
+    "healthHostname": "IP / 호스트",
+    "healthPort": "포트",
+    "healthCheckPathDescription": "상태 확인을 위한 경로입니다.",
+    "healthyIntervalSeconds": "정상 간격",
+    "unhealthyIntervalSeconds": "비정상 간격",
+    "IntervalSeconds": "정상 간격",
+    "timeoutSeconds": "시간 초과",
+    "timeIsInSeconds": "시간은 초 단위입니다",
+    "retryAttempts": "재시도 횟수",
+    "expectedResponseCodes": "예상 응답 코드",
+    "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
+    "customHeaders": "사용자 정의 헤더",
+    "customHeadersDescription": "헤더는 새 줄로 구분됨: Header-Name: value",
+    "headersValidationError": "헤더는 형식이어야 합니다: 헤더명: 값.",
+    "saveHealthCheck": "상태 확인 저장",
+    "healthCheckSaved": "상태 확인이 저장되었습니다.",
+    "healthCheckSavedDescription": "상태 확인 구성이 성공적으로 저장되었습니다",
+    "healthCheckError": "상태 확인 오류",
+    "healthCheckErrorDescription": "상태 확인 구성을 저장하는 동안 오류가 발생했습니다",
+    "healthCheckPathRequired": "상태 확인 경로는 필수입니다.",
+    "healthCheckMethodRequired": "HTTP 방법은 필수입니다.",
+    "healthCheckIntervalMin": "확인 간격은 최소 5초여야 합니다.",
+    "healthCheckTimeoutMin": "시간 초과는 최소 1초여야 합니다.",
+    "healthCheckRetryMin": "재시도 횟수는 최소 1회여야 합니다.",
+    "httpMethod": "HTTP 메소드",
+    "selectHttpMethod": "HTTP 메소드 선택",
+    "domainPickerSubdomainLabel": "서브도메인",
+    "domainPickerBaseDomainLabel": "기본 도메인",
+    "domainPickerSearchDomains": "도메인 검색...",
+    "domainPickerNoDomainsFound": "찾을 수 없는 도메인이 없습니다",
+    "domainPickerLoadingDomains": "도메인 로딩 중...",
+    "domainPickerSelectBaseDomain": "기본 도메인 선택...",
+    "domainPickerNotAvailableForCname": "CNAME 도메인에는 사용할 수 없습니다",
+    "domainPickerEnterSubdomainOrLeaveBlank": "서브도메인을 입력하거나 기본 도메인을 사용하려면 공백으로 두십시오.",
+    "domainPickerEnterSubdomainToSearch": "사용 가능한 무료 도메인에서 검색 및 선택할 서브도메인 입력.",
+    "domainPickerFreeDomains": "무료 도메인",
+    "domainPickerSearchForAvailableDomains": "사용 가능한 도메인 검색",
+    "domainPickerNotWorkSelfHosted": "참고: 무료 제공 도메인은 현재 자체 호스팅 인스턴스에 사용할 수 없습니다.",
+    "resourceDomain": "도메인",
+    "resourceEditDomain": "도메인 수정",
+    "siteName": "사이트 이름",
+    "proxyPort": "포트",
+    "resourcesTableProxyResources": "프록시 리소스",
+    "resourcesTableClientResources": "클라이언트 리소스",
+    "resourcesTableNoProxyResourcesFound": "프록시 리소스를 찾을 수 없습니다.",
+    "resourcesTableNoInternalResourcesFound": "내부 리소스를 찾을 수 없습니다.",
+    "resourcesTableDestination": "대상지",
+    "resourcesTableTheseResourcesForUseWith": "이 리소스는 다음과 함께 사용하기 위한 것입니다.",
+    "resourcesTableClients": "클라이언트",
+    "resourcesTableAndOnlyAccessibleInternally": "클라이언트와 연결되었을 때만 내부적으로 접근 가능합니다.",
+    "editInternalResourceDialogEditClientResource": "클라이언트 리소스 수정",
+    "editInternalResourceDialogUpdateResourceProperties": "{resourceName}의 리소스 속성과 대상 구성을 업데이트하세요.",
+    "editInternalResourceDialogResourceProperties": "리소스 속성",
+    "editInternalResourceDialogName": "이름",
+    "editInternalResourceDialogProtocol": "프로토콜",
+    "editInternalResourceDialogSitePort": "사이트 포트",
+    "editInternalResourceDialogTargetConfiguration": "대상 구성",
+    "editInternalResourceDialogCancel": "취소",
+    "editInternalResourceDialogSaveResource": "리소스 저장",
+    "editInternalResourceDialogSuccess": "성공",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "내부 리소스가 성공적으로 업데이트되었습니다",
+    "editInternalResourceDialogError": "오류",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "내부 리소스 업데이트 실패",
+    "editInternalResourceDialogNameRequired": "이름은 필수입니다.",
+    "editInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.",
+    "editInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.",
+    "editInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.",
+    "editInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식",
+    "editInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.",
+    "editInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.",
+    "createInternalResourceDialogNoSitesAvailable": "사용 가능한 사이트가 없습니다.",
+    "createInternalResourceDialogNoSitesAvailableDescription": "내부 리소스를 생성하려면 서브넷이 구성된 최소 하나의 Newt 사이트가 필요합니다.",
+    "createInternalResourceDialogClose": "닫기",
+    "createInternalResourceDialogCreateClientResource": "클라이언트 리소스 생성",
+    "createInternalResourceDialogCreateClientResourceDescription": "선택한 사이트에 연결된 클라이언트에 접근할 새 리소스를 생성합니다.",
+    "createInternalResourceDialogResourceProperties": "리소스 속성",
+    "createInternalResourceDialogName": "이름",
+    "createInternalResourceDialogSite": "사이트",
+    "createInternalResourceDialogSelectSite": "사이트 선택...",
+    "createInternalResourceDialogSearchSites": "사이트 검색...",
+    "createInternalResourceDialogNoSitesFound": "사이트를 찾을 수 없습니다.",
+    "createInternalResourceDialogProtocol": "프로토콜",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "사이트 포트",
+    "createInternalResourceDialogSitePortDescription": "사이트에 연결되었을 때 리소스에 접근하기 위해 이 포트를 사용합니다.",
+    "createInternalResourceDialogTargetConfiguration": "대상 설정",
+    "createInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 또는 호스트 네임 주소입니다.",
+    "createInternalResourceDialogDestinationPortDescription": "대상 IP에서 리소스에 접근할 수 있는 포트입니다.",
+    "createInternalResourceDialogCancel": "취소",
+    "createInternalResourceDialogCreateResource": "리소스 생성",
+    "createInternalResourceDialogSuccess": "성공",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "내부 리소스가 성공적으로 생성되었습니다.",
+    "createInternalResourceDialogError": "오류",
+    "createInternalResourceDialogFailedToCreateInternalResource": "내부 리소스 생성 실패",
+    "createInternalResourceDialogNameRequired": "이름은 필수입니다.",
+    "createInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.",
+    "createInternalResourceDialogPleaseSelectSite": "사이트를 선택하세요",
+    "createInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.",
+    "createInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.",
+    "createInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식",
+    "createInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.",
+    "createInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.",
+    "siteConfiguration": "설정",
+    "siteAcceptClientConnections": "클라이언트 연결 허용",
+    "siteAcceptClientConnectionsDescription": "이 Newt 인스턴스를 게이트웨이로 사용하여 다른 장치가 연결될 수 있도록 허용합니다.",
+    "siteAddress": "사이트 주소",
+    "siteAddressDescription": "클라이언트가 연결하기 위한 호스트의 IP 주소를 지정합니다. 이는 클라이언트가 주소를 지정하기 위한 Pangolin 네트워크의 사이트 내부 주소입니다. 조직 서브넷 내에 있어야 합니다.",
+    "autoLoginExternalIdp": "외부 IDP로 자동 로그인",
+    "autoLoginExternalIdpDescription": "인증을 위해 외부 IDP로 사용자를 즉시 리디렉션합니다.",
+    "selectIdp": "IDP 선택",
+    "selectIdpPlaceholder": "IDP 선택...",
+    "selectIdpRequired": "자동 로그인이 활성화된 경우 IDP를 선택하십시오.",
+    "autoLoginTitle": "리디렉션 중",
+    "autoLoginDescription": "인증을 위해 외부 ID 공급자로 리디렉션 중입니다.",
+    "autoLoginProcessing": "인증 준비 중...",
+    "autoLoginRedirecting": "로그인으로 리디렉션 중...",
+    "autoLoginError": "자동 로그인 오류",
+    "autoLoginErrorNoRedirectUrl": "ID 공급자로부터 리디렉션 URL을 받지 못했습니다.",
+    "autoLoginErrorGeneratingUrl": "인증 URL 생성 실패.",
+    "remoteExitNodeManageRemoteExitNodes": "원격 노드",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "노드",
+    "searchRemoteExitNodes": "노드 검색...",
+    "remoteExitNodeAdd": "노드 추가",
+    "remoteExitNodeErrorDelete": "노드 삭제 오류",
+    "remoteExitNodeQuestionRemove": "조직에서 노드 {selectedNode}를 제거하시겠습니까?",
+    "remoteExitNodeMessageRemove": "한 번 제거되면 더 이상 노드에 접근할 수 없습니다.",
+    "remoteExitNodeMessageConfirm": "확인을 위해 아래에 노드 이름을 입력해 주세요.",
+    "remoteExitNodeConfirmDelete": "노드 삭제 확인",
+    "remoteExitNodeDelete": "노드 삭제",
+    "sidebarRemoteExitNodes": "원격 노드",
+    "remoteExitNodeCreate": {
+        "title": "노드 생성",
+        "description": "네트워크 연결성을 확장하기 위해 새 노드를 생성하세요",
+        "viewAllButton": "모든 노드 보기",
+        "strategy": {
+            "title": "생성 전략",
+            "description": "노드를 직접 구성하거나 새 자격 증명을 생성하려면 이것을 선택하세요.",
+            "adopt": {
+                "title": "노드 채택",
+                "description": "이미 노드의 자격 증명이 있는 경우 이것을 선택하세요."
+            },
+            "generate": {
+                "title": "키 생성",
+                "description": "노드에 대한 새 키를 생성하려면 이것을 선택하세요"
+            }
+        },
+        "adopt": {
+            "title": "기존 노드 채택",
+            "description": "채택하려는 기존 노드의 자격 증명을 입력하세요",
+            "nodeIdLabel": "노드 ID",
+            "nodeIdDescription": "채택하려는 기존 노드의 ID",
+            "secretLabel": "비밀",
+            "secretDescription": "기존 노드의 비밀 키",
+            "submitButton": "노드 채택"
+        },
+        "generate": {
+            "title": "생성된 자격 증명",
+            "description": "생성된 자격 증명을 사용하여 노드를 구성하세요",
+            "nodeIdTitle": "노드 ID",
+            "secretTitle": "비밀",
+            "saveCredentialsTitle": "구성에 자격 증명 추가",
+            "saveCredentialsDescription": "연결을 완료하려면 이러한 자격 증명을 자체 호스팅 Pangolin 노드 구성 파일에 추가하십시오.",
+            "submitButton": "노드 생성"
+        },
+        "validation": {
+            "adoptRequired": "기존 노드를 채택하려면 노드 ID와 비밀 키가 필요합니다"
+        },
+        "errors": {
+            "loadDefaultsFailed": "기본값 로드 실패",
+            "defaultsNotLoaded": "기본값 로드되지 않음",
+            "createFailed": "노드 생성 실패"
+        },
+        "success": {
+            "created": "노드가 성공적으로 생성되었습니다"
+        }
+    },
+    "remoteExitNodeSelection": "노드 선택",
+    "remoteExitNodeSelectionDescription": "이 로컬 사이트에서 트래픽을 라우팅할 노드를 선택하세요",
+    "remoteExitNodeRequired": "로컬 사이트에 노드를 선택해야 합니다",
+    "noRemoteExitNodesAvailable": "사용 가능한 노드가 없습니다",
+    "noRemoteExitNodesAvailableDescription": "이 조직에 사용 가능한 노드가 없습니다. 로컬 사이트를 사용하려면 먼저 노드를 생성하세요.",
+    "exitNode": "종단 노드",
+    "country": "국가",
+    "rulesMatchCountry": "현재 소스 IP를 기반으로 합니다",
+    "managedSelfHosted": {
+        "title": "관리 자체 호스팅",
+        "description": "더 신뢰할 수 있고 낮은 유지보수의 자체 호스팅 팡골린 서버, 추가 기능 포함",
+        "introTitle": "관리 자체 호스팅 팡골린",
+        "introDescription": "는 자신의 데이터를 프라이빗하고 자체 호스팅을 유지하면서 더 간단하고 추가적인 신뢰성을 원하는 사람들을 위한 배포 옵션입니다.",
+        "introDetail": "이 옵션을 사용하면 여전히 자신의 팡골린 노드를 운영하고 - 터널, SSL 종료 및 트래픽 모두 서버에 유지됩니다. 차이점은 관리 및 모니터링이 클라우드 대시보드를 통해 처리되어 여러 혜택을 제공합니다.",
+        "benefitSimplerOperations": {
+            "title": "더 간단한 운영",
+            "description": "자체 메일 서버를 운영하거나 복잡한 경고를 설정할 필요가 없습니다. 기본적으로 상태 점검 및 다운타임 경고를 받을 수 있습니다."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "자동 업데이트",
+            "description": "클라우드 대시보드는 빠르게 발전하므로 새로운 기능과 버그 수정 사항을 수동으로 새로운 컨테이너를 가져오지 않고도 받을 수 있습니다."
+        },
+        "benefitLessMaintenance": {
+            "title": "유지보수 감소",
+            "description": "데이터베이스 마이그레이션, 백업 또는 추가 인프라를 관리할 필요가 없습니다. 저희가 클라우드에서 처리합니다."
+        },
+        "benefitCloudFailover": {
+            "title": "클라우드 장애 조치",
+            "description": "노드가 다운되면 터널이 클라우드의 프레즌스 포인트로 임시 전환되어 노드를 다시 온라인으로 가져올 때까지 유지됩니다."
+        },
+        "benefitHighAvailability": {
+            "title": "고가용성 (PoPs)",
+            "description": "계정에 여러 노드를 연결하여 이중성과 성능을 향상시킬 수 있습니다."
+        },
+        "benefitFutureEnhancements": {
+            "title": "향후 개선",
+            "description": "배포를 더욱 견고하게 만들기 위해 더 많은 분석, 경고, 및 관리 도구를 추가할 계획입니다."
+        },
+        "docsAlert": {
+            "text": "관리 자체 호스팅 옵션에 대해 더 알아보세요",
+            "documentation": "문서"
+        },
+        "convertButton": "이 노드를 관리 자체 호스팅으로 변환"
+    },
+    "internationaldomaindetected": "국제 도메인 감지됨",
+    "willbestoredas": "다음으로 저장됩니다:",
+    "roleMappingDescription": "자동 프로비저닝이 활성화되면 사용자가 로그인할 때 역할이 할당되는 방법을 결정합니다.",
+    "selectRole": "역할 선택",
+    "roleMappingExpression": "표현식",
+    "selectRolePlaceholder": "역할 선택",
+    "selectRoleDescription": "이 신원 공급자로부터 모든 사용자에게 할당할 역할을 선택하십시오.",
+    "roleMappingExpressionDescription": "ID 토큰에서 역할 정보를 추출하기 위한 JMESPath 표현식을 입력하세요.",
+    "idpTenantIdRequired": "테넌트 ID가 필요합니다",
+    "invalidValue": "잘못된 값",
+    "idpTypeLabel": "신원 공급자 유형",
+    "roleMappingExpressionPlaceholder": "예: contains(groups, 'admin') && 'Admin' || 'Member'",
+    "idpGoogleConfiguration": "Google 구성",
+    "idpGoogleConfigurationDescription": "Google OAuth2 자격 증명을 구성합니다.",
+    "idpGoogleClientIdDescription": "Google OAuth2 클라이언트 ID",
+    "idpGoogleClientSecretDescription": "Google OAuth2 클라이언트 비밀",
+    "idpAzureConfiguration": "Azure Entra ID 구성",
+    "idpAzureConfigurationDescription": "Azure Entra ID OAuth2 자격 증명을 구성합니다.",
+    "idpTenantId": "테넌트 ID",
+    "idpTenantIdPlaceholder": "your-tenant-id",
+    "idpAzureTenantIdDescription": "Azure 액티브 디렉터리 개요에서 찾은 Azure 테넌트 ID",
+    "idpAzureClientIdDescription": "Azure 앱 등록 클라이언트 ID",
+    "idpAzureClientSecretDescription": "Azure 앱 등록 클라이언트 비밀",
+    "idpGoogleTitle": "구글",
+    "idpGoogleAlt": "구글",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "애저",
+    "idpGoogleConfigurationTitle": "Google 구성",
+    "idpAzureConfigurationTitle": "Azure Entra ID 구성",
+    "idpTenantIdLabel": "테넌트 ID",
+    "idpAzureClientIdDescription2": "Azure 앱 등록 클라이언트 ID",
+    "idpAzureClientSecretDescription2": "Azure 앱 등록 클라이언트 비밀",
+    "idpGoogleDescription": "Google OAuth2/OIDC 공급자",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC 공급자",
+    "subnet": "서브넷",
+    "subnetDescription": "이 조직의 네트워크 구성에 대한 서브넷입니다.",
+    "authPage": "인증 페이지",
+    "authPageDescription": "조직에 대한 인증 페이지를 구성합니다.",
+    "authPageDomain": "인증 페이지 도메인",
+    "noDomainSet": "도메인 설정 없음",
+    "changeDomain": "도메인 변경",
+    "selectDomain": "도메인 선택",
+    "restartCertificate": "인증서 재시작",
+    "editAuthPageDomain": "인증 페이지 도메인 편집",
+    "setAuthPageDomain": "인증 페이지 도메인 설정",
+    "failedToFetchCertificate": "인증서 가져오기 실패",
+    "failedToRestartCertificate": "인증서 재시작 실패",
+    "addDomainToEnableCustomAuthPages": "조직의 맞춤 인증 페이지를 활성화하려면 도메인을 추가하세요.",
+    "selectDomainForOrgAuthPage": "조직 인증 페이지에 대한 도메인을 선택하세요.",
+    "domainPickerProvidedDomain": "제공된 도메인",
+    "domainPickerFreeProvidedDomain": "무료 제공된 도메인",
+    "domainPickerVerified": "검증됨",
+    "domainPickerUnverified": "검증되지 않음",
+    "domainPickerInvalidSubdomainStructure": "이 하위 도메인은 잘못된 문자 또는 구조를 포함하고 있습니다. 저장 시 자동으로 정리됩니다.",
+    "domainPickerError": "오류",
+    "domainPickerErrorLoadDomains": "조직 도메인 로드 실패",
+    "domainPickerErrorCheckAvailability": "도메인 가용성 확인 실패",
+    "domainPickerInvalidSubdomain": "잘못된 하위 도메인",
+    "domainPickerInvalidSubdomainRemoved": "입력 \"{sub}\"이(가) 유효하지 않으므로 제거되었습니다.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\"을(를) {domain}에 대해 유효하게 만들 수 없습니다.",
+    "domainPickerSubdomainSanitized": "하위 도메인 정리됨",
+    "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다",
+    "orgAuthSignInTitle": "조직에 로그인",
+    "orgAuthChooseIdpDescription": "계속하려면 신원 공급자를 선택하세요.",
+    "orgAuthNoIdpConfigured": "이 조직은 구성된 신원 공급자가 없습니다. 대신 Pangolin 아이덴티티로 로그인할 수 있습니다.",
+    "orgAuthSignInWithPangolin": "Pangolin으로 로그인",
+    "subscriptionRequiredToUse": "이 기능을 사용하려면 구독이 필요합니다.",
+    "idpDisabled": "신원 공급자가 비활성화되었습니다.",
+    "orgAuthPageDisabled": "조직 인증 페이지가 비활성화되었습니다.",
+    "domainRestartedDescription": "도메인 인증이 성공적으로 재시작되었습니다.",
+    "resourceAddEntrypointsEditFile": "파일 편집: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "파일 편집: docker-compose.yml",
+    "emailVerificationRequired": "이메일 인증이 필요합니다. 이 단계를 완료하려면 {dashboardUrl}/auth/login 통해 다시 로그인하십시오. 그런 다음 여기로 돌아오세요.",
+    "twoFactorSetupRequired": "이중 인증 설정이 필요합니다. 이 단계를 완료하려면 {dashboardUrl}/auth/login 통해 다시 로그인하십시오. 그런 다음 여기로 돌아오세요.",
+    "authPageErrorUpdateMessage": "인증 페이지 설정을 업데이트하는 동안 오류가 발생했습니다",
+    "authPageUpdated": "인증 페이지가 성공적으로 업데이트되었습니다",
+    "healthCheckNotAvailable": "로컬",
+    "rewritePath": "경로 재작성",
+    "rewritePathDescription": "대상으로 전달하기 전에 경로를 선택적으로 재작성합니다.",
+    "continueToApplication": "응용 프로그램으로 계속",
+    "checkingInvite": "초대 확인 중",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "헤더 인증 제거",
+    "resourceHeaderAuthRemoveDescription": "헤더 인증이 성공적으로 제거되었습니다.",
+    "resourceErrorHeaderAuthRemove": "헤더 인증 제거 실패",
+    "resourceErrorHeaderAuthRemoveDescription": "리소스의 헤더 인증을 제거할 수 없습니다.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "헤더 인증 설정 실패",
+    "resourceErrorHeaderAuthSetupDescription": "리소스의 헤더 인증을 설정할 수 없습니다.",
+    "resourceHeaderAuthSetup": "헤더 인증이 성공적으로 설정되었습니다.",
+    "resourceHeaderAuthSetupDescription": "헤더 인증이 성공적으로 설정되었습니다.",
+    "resourceHeaderAuthSetupTitle": "헤더 인증 설정",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "헤더 인증 설정",
+    "actionSetResourceHeaderAuth": "헤더 인증 설정",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "우선순위",
+    "priorityDescription": "우선 순위가 높은 경로가 먼저 평가됩니다. 우선 순위 = 100은 자동 정렬(시스템 결정)이 의미합니다. 수동 우선 순위를 적용하려면 다른 숫자를 사용하세요.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/pl-PL.json

@@ -59,7 +59,6 @@
     "siteErrorCreate": "Błąd podczas tworzenia witryny",
     "siteErrorCreateKeyPair": "Nie znaleziono pary kluczy lub domyślnych ustawień witryny",
     "siteErrorCreateDefaults": "Nie znaleziono domyślnych ustawień witryny",
-    "siteNameDescription": "To jest wyświetlana nazwa witryny.",
     "method": "Metoda",
     "siteMethodDescription": "W ten sposób ujawnisz połączenia.",
     "siteLearnNewt": "Dowiedz się, jak zainstalować Newt w systemie",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "Łatwiejszy sposób na stworzenie punktu wejścia w sieci. Nie ma dodatkowej konfiguracji.",
     "siteWg": "Podstawowy WireGuard",
     "siteWgDescription": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana jest ręczna konfiguracja NAT.",
+    "siteWgDescriptionSaas": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana ręczna konfiguracja NAT. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH",
     "siteLocalDescription": "Tylko lokalne zasoby. Brak tunelu.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "Zobacz wszystkie witryny",
     "siteTunnelDescription": "Określ jak chcesz połączyć się ze swoją stroną",
     "siteNewtCredentials": "Aktualne dane logowania",
@@ -167,7 +168,10 @@
     "siteSelect": "Wybierz witrynę",
     "siteSearch": "Szukaj witryny",
     "siteNotFound": "Nie znaleziono witryny.",
-    "siteSelectionDescription": "Ta strona zapewni połączenie z zasobem.",
+    "selectCountry": "Wybierz kraj",
+    "searchCountries": "Szukaj krajów...",
+    "noCountryFound": "Nie znaleziono kraju.",
+    "siteSelectionDescription": "Ta strona zapewni połączenie z celem.",
     "resourceType": "Typ zasobu",
     "resourceTypeDescription": "Określ jak chcesz uzyskać dostęp do swojego zasobu",
     "resourceHTTPSSettings": "Ustawienia HTTPS",
@@ -198,11 +202,13 @@
     "general": "Ogólny",
     "generalSettings": "Ustawienia ogólne",
     "proxy": "Serwer pośredniczący",
+    "internal": "Wewętrzny",
     "rules": "Regulamin",
     "resourceSettingDescription": "Skonfiguruj ustawienia zasobu",
     "resourceSetting": "Ustawienia {resourceName}",
     "alwaysAllow": "Zawsze zezwalaj",
     "alwaysDeny": "Zawsze odmawiaj",
+    "passToAuth": "Przekaż do Autoryzacji",
     "orgSettingsDescription": "Skonfiguruj ustawienia ogólne swojej organizacji",
     "orgGeneralSettings": "Ustawienia organizacji",
     "orgGeneralSettingsDescription": "Zarządzaj szczegółami swojej organizacji i konfiguracją",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "Wystąpił błąd podczas dodawania użytkownika do roli.",
     "userSaved": "Użytkownik zapisany",
     "userSavedDescription": "Użytkownik został zaktualizowany.",
+    "autoProvisioned": "Przesłane automatycznie",
+    "autoProvisionedDescription": "Pozwól temu użytkownikowi na automatyczne zarządzanie przez dostawcę tożsamości",
     "accessControlsDescription": "Zarządzaj tym, do czego użytkownik ma dostęp i co może robić w organizacji",
     "accessControlsSubmit": "Zapisz kontrole dostępu",
     "roles": "Role",
@@ -460,7 +468,10 @@
     "createdAt": "Utworzono",
     "proxyErrorInvalidHeader": "Nieprawidłowa wartość niestandardowego nagłówka hosta. Użyj formatu nazwy domeny lub zapisz pusty, aby usunąć niestandardowy nagłówek hosta.",
     "proxyErrorTls": "Nieprawidłowa nazwa serwera TLS. Użyj formatu nazwy domeny lub zapisz pusty, aby usunąć nazwę serwera TLS.",
-    "proxyEnableSSL": "Włącz SSL (https)",
+    "proxyEnableSSL": "Włącz SSL",
+    "proxyEnableSSLDescription": "Włącz szyfrowanie SSL/TLS dla bezpiecznych połączeń HTTPS z Twoimi celami.",
+    "target": "Target",
+    "configureTarget": "Konfiguruj Targety",
     "targetErrorFetch": "Nie udało się pobrać celów",
     "targetErrorFetchDescription": "Wystąpił błąd podczas pobierania celów",
     "siteErrorFetch": "Nie udało się pobrać zasobu",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "Konfiguracja bezpiecznego połączenia",
     "targetTlsSettingsDescription": "Skonfiguruj ustawienia SSL/TLS dla twojego zasobu",
     "targetTlsSettingsAdvanced": "Zaawansowane ustawienia TLS",
-    "targetTlsSni": "Nazwa serwera TLS (SNI)",
+    "targetTlsSni": "Nazwa serwera TLS",
     "targetTlsSniDescription": "Nazwa serwera TLS do użycia dla SNI. Pozostaw puste, aby użyć domyślnej.",
     "targetTlsSubmit": "Zapisz ustawienia",
     "targets": "Konfiguracja celów",
-    "targetsDescription": "Skonfiguruj cele do kierowania ruchu do swoich usług",
+    "targetsDescription": "Skonfiguruj cele do kierowania ruchu do usług zaplecza",
     "targetStickySessions": "Włącz sesje trwałe",
     "targetStickySessionsDescription": "Utrzymuj połączenia na tym samym celu backendowym przez całą sesję.",
     "methodSelect": "Wybierz metodę",
     "targetSubmit": "Dodaj cel",
-    "targetNoOne": "Brak celów. Dodaj cel używając formularza.",
+    "targetNoOne": "Ten zasób nie ma żadnych celów. Dodaj cel, aby skonfigurować miejsce wysyłania żądań do twojego backendu.",
     "targetNoOneDescription": "Dodanie więcej niż jednego celu powyżej włączy równoważenie obciążenia.",
     "targetsSubmit": "Zapisz cele",
+    "addTarget": "Dodaj cel",
+    "targetErrorInvalidIp": "Nieprawidłowy adres IP",
+    "targetErrorInvalidIpDescription": "Wprowadź prawidłowy adres IP lub nazwę hosta",
+    "targetErrorInvalidPort": "Nieprawidłowy port",
+    "targetErrorInvalidPortDescription": "Wprowadź prawidłowy numer portu",
+    "targetErrorNoSite": "Nie wybrano witryny",
+    "targetErrorNoSiteDescription": "Wybierz witrynę docelową",
+    "targetCreated": "Cel utworzony",
+    "targetCreatedDescription": "Cel został utworzony pomyślnie",
+    "targetErrorCreate": "Nie udało się utworzyć celu",
+    "targetErrorCreateDescription": "Wystąpił błąd podczas tworzenia celu",
+    "save": "Zapisz",
     "proxyAdditional": "Dodatkowe ustawienia proxy",
     "proxyAdditionalDescription": "Skonfiguruj jak twój zasób obsługuje ustawienia proxy",
     "proxyCustomHeader": "Niestandardowy nagłówek hosta",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "Nieprawidłowy format adresu IP",
     "ipAddressErrorInvalidOctet": "Nieprawidłowy oktet adresu IP",
     "path": "Ścieżka",
+    "matchPath": "Ścieżka dopasowania",
     "ipAddressRange": "Zakres IP",
     "rulesErrorFetch": "Nie udało się pobrać reguł",
     "rulesErrorFetchDescription": "Wystąpił błąd podczas pobierania reguł",
@@ -543,6 +567,7 @@
     "rulesActions": "Akcje",
     "rulesActionAlwaysAllow": "Zawsze zezwalaj: Pomiń wszystkie metody uwierzytelniania",
     "rulesActionAlwaysDeny": "Zawsze odmawiaj: Blokuj wszystkie żądania; nie można próbować uwierzytelniania",
+    "rulesActionPassToAuth": "Przekaż do Autoryzacji: Zezwól na próby metod uwierzytelniania",
     "rulesMatchCriteria": "Kryteria dopasowania",
     "rulesMatchCriteriaIpAddress": "Dopasuj konkretny adres IP",
     "rulesMatchCriteriaIpAddressRange": "Dopasuj zakres adresów IP w notacji CIDR",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "Administrator serwera - Pangolin",
     "licenseTierProfessional": "Licencja Professional",
     "licenseTierEnterprise": "Licencja Enterprise",
-    "licenseTierCommercial": "Licencja handlowa",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Licencjonowany",
     "yes": "Tak",
     "no": "Nie",
@@ -740,7 +765,7 @@
     "idpDisplayName": "Nazwa wyświetlana dla tego dostawcy tożsamości",
     "idpAutoProvisionUsers": "Automatyczne tworzenie użytkowników",
     "idpAutoProvisionUsersDescription": "Gdy włączone, użytkownicy będą automatycznie tworzeni w systemie przy pierwszym logowaniu z możliwością mapowania użytkowników do ról i organizacji.",
-    "licenseBadge": "Profesjonalny",
+    "licenseBadge": "EE",
     "idpType": "Typ dostawcy",
     "idpTypeDescription": "Wybierz typ dostawcy tożsamości, który chcesz skonfigurować",
     "idpOidcConfigure": "Konfiguracja OAuth2/OIDC",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "PIN musi składać się dokładnie z 6 cyfr",
     "pincodeRequirementsChars": "PIN może zawierać tylko cyfry",
     "passwordRequirementsLength": "Hasło musi mieć co najmniej 1 znak",
+    "passwordRequirementsTitle": "Wymagania dotyczące hasła:",
+    "passwordRequirementLength": "Przynajmniej 8 znaków długości",
+    "passwordRequirementUppercase": "Przynajmniej jedna wielka litera",
+    "passwordRequirementLowercase": "Przynajmniej jedna mała litera",
+    "passwordRequirementNumber": "Przynajmniej jedna cyfra",
+    "passwordRequirementSpecial": "Przynajmniej jeden znak specjalny",
+    "passwordRequirementsMet": "✓ Hasło spełnia wszystkie wymagania",
+    "passwordStrength": "Siła hasła",
+    "passwordStrengthWeak": "Słabe",
+    "passwordStrengthMedium": "Średnie",
+    "passwordStrengthStrong": "Silne",
+    "passwordRequirements": "Wymagania:",
+    "passwordRequirementLengthText": "8+ znaków",
+    "passwordRequirementUppercaseText": "Wielka litera (A-Z)",
+    "passwordRequirementLowercaseText": "Mała litera (a-z)",
+    "passwordRequirementNumberText": "Cyfra (0-9)",
+    "passwordRequirementSpecialText": "Znak specjalny (!@#$%...)",
+    "passwordsDoNotMatch": "Hasła nie są zgodne",
     "otpEmailRequirementsLength": "Kod jednorazowy musi mieć co najmniej 1 znak",
     "otpEmailSent": "Kod jednorazowy wysłany",
     "otpEmailSentDescription": "Kod jednorazowy został wysłany na Twój e-mail",
@@ -953,12 +996,15 @@
     "logoutError": "Błąd podczas wylogowywania",
     "signingAs": "Zalogowany jako",
     "serverAdmin": "Administrator serwera",
+    "managedSelfhosted": "Zarządzane Samodzielnie-Hostingowane",
     "otpEnable": "Włącz uwierzytelnianie dwuskładnikowe",
     "otpDisable": "Wyłącz uwierzytelnianie dwuskładnikowe",
     "logout": "Wyloguj się",
     "licenseTierProfessionalRequired": "Wymagana edycja Professional",
     "licenseTierProfessionalRequiredDescription": "Ta funkcja jest dostępna tylko w edycji Professional.",
     "actionGetOrg": "Pobierz organizację",
+    "updateOrgUser": "Aktualizuj użytkownika Org",
+    "createOrgUser": "Utwórz użytkownika Org",
     "actionUpdateOrg": "Aktualizuj organizację",
     "actionUpdateUser": "Zaktualizuj użytkownika",
     "actionGetUser": "Pobierz użytkownika",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "Usuń witrynę",
     "actionGetSite": "Pobierz witrynę",
     "actionListSites": "Lista witryn",
+    "actionApplyBlueprint": "Zastosuj schemat",
+    "setupToken": "Skonfiguruj token",
+    "setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.",
+    "setupTokenRequired": "Wymagany jest token konfiguracji",
     "actionUpdateSite": "Aktualizuj witrynę",
     "actionListSiteRoles": "Lista dozwolonych ról witryny",
     "actionCreateResource": "Utwórz zasób",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "Usuń politykę organizacji IDP",
     "actionListIdpOrgs": "Lista organizacji IDP",
     "actionUpdateIdpOrg": "Aktualizuj organizację IDP",
+    "actionCreateClient": "Utwórz klienta",
+    "actionDeleteClient": "Usuń klienta",
+    "actionUpdateClient": "Aktualizuj klienta",
+    "actionListClients": "Lista klientów",
+    "actionGetClient": "Pobierz klienta",
+    "actionCreateSiteResource": "Utwórz zasób witryny",
+    "actionDeleteSiteResource": "Usuń zasób strony",
+    "actionGetSiteResource": "Pobierz zasób strony",
+    "actionListSiteResources": "Lista zasobów strony",
+    "actionUpdateSiteResource": "Aktualizuj zasób strony",
+    "actionListInvitations": "Lista zaproszeń",
     "noneSelected": "Nie wybrano",
     "orgNotFound2": "Nie znaleziono organizacji.",
     "searchProgress": "Szukaj...",
@@ -1038,7 +1099,6 @@
     "navbar": "Menu nawigacyjne",
     "navbarDescription": "Główne menu nawigacyjne aplikacji",
     "navbarDocsLink": "Dokumentacja",
-    "commercialEdition": "Edycja komercyjna",
     "otpErrorEnable": "Nie można włączyć 2FA",
     "otpErrorEnableDescription": "Wystąpił błąd podczas włączania 2FA",
     "otpSetupCheckCode": "Wprowadź 6-cyfrowy kod",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "Wszyscy użytkownicy",
     "sidebarIdentityProviders": "Dostawcy tożsamości",
     "sidebarLicense": "Licencja",
-    "sidebarClients": "Klienci",
+    "sidebarClients": "Clients",
     "sidebarDomains": "Domeny",
-    "enableDockerSocket": "Włącz gniazdo dokera",
-    "enableDockerSocketDescription": "Włącz wykrywanie Docker Socket w celu wypełnienia informacji o kontenerach. Ścieżka gniazda musi być dostarczona do Newt.",
+    "enableDockerSocket": "Włącz schemat dokera",
+    "enableDockerSocketDescription": "Włącz etykietowanie kieszeni dokującej dla etykiet schematów. Ścieżka do gniazda musi być dostarczona do Newt.",
     "enableDockerSocketLink": "Dowiedz się więcej",
     "viewDockerContainers": "Zobacz kontenery dokujące",
     "containersIn": "Pojemniki w {siteName}",
@@ -1110,7 +1170,7 @@
     "containerLabels": "Etykiety",
     "containerLabelsCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
     "containerLabelsTitle": "Etykiety kontenera",
-    "containerLabelEmpty": "<empty>",
+    "containerLabelEmpty": "<pusty>",
     "containerPorts": "Porty",
     "containerPortsMore": "+{count} więcej",
     "containerActions": "Akcje",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "Pojedyncza domena (CNAME)",
     "selectDomainTypeCnameDescription": "Tylko ta pojedyncza domena. Użyj tego dla poszczególnych subdomen lub wpisów specyficznych dla domeny.",
     "selectDomainTypeWildcardName": "Domena wieloznaczna",
-    "selectDomainTypeWildcardDescription": "Ta domena i jej pierwsza warstwa subdomen.",
+    "selectDomainTypeWildcardDescription": "Ta domena i jej subdomeny.",
     "domainDelegation": "Pojedyncza domena",
     "selectType": "Wybierz typ",
     "actions": "Akcje",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "Rozwiń",
     "newtUpdateAvailable": "Dostępna aktualizacja",
     "newtUpdateAvailableInfo": "Nowa wersja Newt jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
-    "domainPickerEnterDomain": "Wprowadź swoją domenę",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com lub po prostu myapp",
+    "domainPickerEnterDomain": "Domena",
+    "domainPickerPlaceholder": "mojapp.example.com",
     "domainPickerDescription": "Wpisz pełną domenę zasobu, aby zobaczyć dostępne opcje.",
     "domainPickerDescriptionSaas": "Wprowadź pełną domenę, subdomenę lub po prostu nazwę, aby zobaczyć dostępne opcje",
     "domainPickerTabAll": "Wszystko",
@@ -1206,12 +1266,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Sprawdzanie dostępności...",
-    "domainPickerNoMatchingDomains": "Nie znaleziono żadnych pasujących domen dla \"{userInput}\". Spróbuj innej domeny lub sprawdź ustawienia domeny swojej organizacji.",
+    "domainPickerNoMatchingDomains": "Nie znaleziono pasujących domen. Spróbuj innej domeny lub sprawdź ustawienia domeny swojej organizacji.",
     "domainPickerOrganizationDomains": "Domeny organizacji",
     "domainPickerProvidedDomains": "Dostarczone domeny",
     "domainPickerSubdomain": "Subdomena: {subdomain}",
     "domainPickerNamespace": "Przestrzeń nazw: {namespace}",
     "domainPickerShowMore": "Pokaż więcej",
+    "regionSelectorTitle": "Wybierz region",
+    "regionSelectorInfo": "Wybór regionu pomaga nam zapewnić lepszą wydajność dla Twojej lokalizacji. Nie musisz być w tym samym regionie co Twój serwer.",
+    "regionSelectorPlaceholder": "Wybierz region",
+    "regionSelectorComingSoon": "Wkrótce dostępne",
+    "billingLoadingSubscription": "Ładowanie subskrypcji...",
+    "billingFreeTier": "Darmowy pakiet",
+    "billingWarningOverLimit": "Ostrzeżenie: Przekroczyłeś jeden lub więcej limitów użytkowania. Twoje witryny nie połączą się, dopóki nie zmienisz subskrypcji lub nie dostosujesz użytkowania.",
+    "billingUsageLimitsOverview": "Przegląd Limitów Użytkowania",
+    "billingMonitorUsage": "Monitoruj swoje wykorzystanie w porównaniu do skonfigurowanych limitów. Jeśli potrzebujesz zwiększenia limitów, skontaktuj się z nami pod adresem support@pangolin.net.",
+    "billingDataUsage": "Użycie danych",
+    "billingOnlineTime": "Czas Online Strony",
+    "billingUsers": "Aktywni użytkownicy",
+    "billingDomains": "Aktywne domeny",
+    "billingRemoteExitNodes": "Aktywne samodzielnie-hostowane węzły",
+    "billingNoLimitConfigured": "Nie skonfigurowano limitu",
+    "billingEstimatedPeriod": "Szacowany Okres Rozliczeniowy",
+    "billingIncludedUsage": "Zawarte użycie",
+    "billingIncludedUsageDescription": "Użycie zawarte w obecnym planie subskrypcji",
+    "billingFreeTierIncludedUsage": "Limity użycia dla darmowego pakietu",
+    "billingIncluded": "zawarte",
+    "billingEstimatedTotal": "Szacowana Całkowita:",
+    "billingNotes": "Notatki",
+    "billingEstimateNote": "To jest szacunkowe, oparte na Twoim obecnym użyciu.",
+    "billingActualChargesMayVary": "Rzeczywiste opłaty mogą się różnić.",
+    "billingBilledAtEnd": "Zostaniesz obciążony na koniec okresu rozliczeniowego.",
+    "billingModifySubscription": "Modyfikuj Subskrypcję",
+    "billingStartSubscription": "Rozpocznij Subskrypcję",
+    "billingRecurringCharge": "Opłata Cyklowa",
+    "billingManageSubscriptionSettings": "Zarządzaj ustawieniami i preferencjami subskrypcji",
+    "billingNoActiveSubscription": "Nie masz aktywnej subskrypcji. Rozpocznij subskrypcję, aby zwiększyć limity użytkowania.",
+    "billingFailedToLoadSubscription": "Nie udało się załadować subskrypcji",
+    "billingFailedToLoadUsage": "Nie udało się załadować użycia",
+    "billingFailedToGetCheckoutUrl": "Nie udało się uzyskać adresu URL zakupu",
+    "billingPleaseTryAgainLater": "Spróbuj ponownie później.",
+    "billingCheckoutError": "Błąd przy kasie",
+    "billingFailedToGetPortalUrl": "Nie udało się uzyskać adresu URL portalu",
+    "billingPortalError": "Błąd Portalu",
+    "billingDataUsageInfo": "Jesteś obciążony za wszystkie dane przesyłane przez bezpieczne tunele, gdy jesteś podłączony do chmury. Obejmuje to zarówno ruch przychodzący, jak i wychodzący we wszystkich Twoich witrynach. Gdy osiągniesz swój limit, twoje strony zostaną rozłączone, dopóki nie zaktualizujesz planu lub nie ograniczysz użycia. Dane nie będą naliczane przy użyciu węzłów.",
+    "billingOnlineTimeInfo": "Opłata zależy od tego, jak długo twoje strony pozostają połączone z chmurą. Na przykład 44,640 minut oznacza jedną stronę działającą 24/7 przez cały miesiąc. Kiedy osiągniesz swój limit, twoje strony zostaną rozłączone, dopóki nie zaktualizujesz planu lub nie zmniejsz jego wykorzystania. Czas nie będzie naliczany przy użyciu węzłów.",
+    "billingUsersInfo": "Jesteś obciążany za każdego użytkownika w twojej organizacji. Rozliczenia są obliczane codziennie na podstawie liczby aktywnych kont użytkowników w twojej organizacji.",
+    "billingDomainInfo": "Jesteś obciążany za każdą domenę w twojej organizacji. Rozliczenia są obliczane codziennie na podstawie liczby aktywnych kont domen w twojej organizacji.",
+    "billingRemoteExitNodesInfo": "Jesteś obciążany za każdy zarządzany węzeł w twojej organizacji. Rozliczenia są obliczane codziennie na podstawie liczby aktywnych zarządzanych węzłów w twojej organizacji.",
     "domainNotFound": "Nie znaleziono domeny",
     "domainNotFoundDescription": "Zasób jest wyłączony, ponieważ domena nie istnieje już w naszym systemie. Proszę ustawić nową domenę dla tego zasobu.",
     "failed": "Niepowodzenie",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "Uwierzytelnianie dwuskładnikowe jest wymagane do zarejestrowania klucza bezpieczeństwa.",
     "twoFactor": "Uwierzytelnianie dwuskładnikowe",
     "adminEnabled2FaOnYourAccount": "Twój administrator włączył uwierzytelnianie dwuskładnikowe dla {email}. Proszę ukończyć proces konfiguracji, aby kontynuować.",
-    "continueToApplication": "Kontynuuj do aplikacji",
     "securityKeyAdd": "Dodaj klucz bezpieczeństwa",
     "securityKeyRegisterTitle": "Zarejestruj nowy klucz bezpieczeństwa",
     "securityKeyRegisterDescription": "Podłącz swój klucz bezpieczeństwa i wprowadź nazwę, aby go zidentyfikować",
@@ -1266,6 +1367,7 @@
     "createDomainName": "Nazwa:",
     "createDomainValue": "Wartość:",
     "createDomainCnameRecords": "Rekordy CNAME",
+    "createDomainARecords": "Rekordy A",
     "createDomainRecordNumber": "Rekord {number}",
     "createDomainTxtRecords": "Rekordy TXT",
     "createDomainSaveTheseRecords": "Zapisz te rekordy",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "Propagacja DNS",
     "createDomainDnsPropagationDescription": "Zmiany DNS mogą zająć trochę czasu na rozpropagowanie się w Internecie. Może to potrwać od kilku minut do 48 godzin, w zależności od dostawcy DNS i ustawień TTL.",
     "resourcePortRequired": "Numer portu jest wymagany dla zasobów non-HTTP",
-    "resourcePortNotAllowed": "Numer portu nie powinien być ustawiony dla zasobów HTTP"
+    "resourcePortNotAllowed": "Numer portu nie powinien być ustawiony dla zasobów HTTP",
+    "billingPricingCalculatorLink": "Kalkulator Cen",
+    "signUpTerms": {
+        "IAgreeToThe": "Zgadzam się z",
+        "termsOfService": "warunkami usługi",
+        "and": "oraz",
+        "privacyPolicy": "polityką prywatności"
+    },
+    "siteRequired": "Strona jest wymagana.",
+    "olmTunnel": "Tunel Olm",
+    "olmTunnelDescription": "Użyj Olm do łączności klienta",
+    "errorCreatingClient": "Błąd podczas tworzenia klienta",
+    "clientDefaultsNotFound": "Nie znaleziono domyślnych ustawień klienta",
+    "createClient": "Utwórz Klienta",
+    "createClientDescription": "Utwórz nowego klienta do łączenia się z Twoimi witrynami",
+    "seeAllClients": "Zobacz Wszystkich Klientów",
+    "clientInformation": "Informacje o Kliencie",
+    "clientNamePlaceholder": "Nazwa klienta",
+    "address": "Adres",
+    "subnetPlaceholder": "Podsieć",
+    "addressDescription": "Adres, którego ten klient będzie używać do łączności",
+    "selectSites": "Wybierz witryny",
+    "sitesDescription": "Klient będzie miał łączność z wybranymi witrynami",
+    "clientInstallOlm": "Zainstaluj Olm",
+    "clientInstallOlmDescription": "Uruchom Olm na swoim systemie",
+    "clientOlmCredentials": "Poświadczenia Olm",
+    "clientOlmCredentialsDescription": "To jest sposób, w jaki Olm będzie się uwierzytelniać z serwerem",
+    "olmEndpoint": "Punkt Końcowy Olm",
+    "olmId": "Identyfikator Olm",
+    "olmSecretKey": "Tajny Klucz Olm",
+    "clientCredentialsSave": "Zapisz swoje poświadczenia",
+    "clientCredentialsSaveDescription": "Będziesz mógł zobaczyć to tylko raz. Upewnij się, że skopiujesz go w bezpieczne miejsce.",
+    "generalSettingsDescription": "Skonfiguruj ogólne ustawienia dla tego klienta",
+    "clientUpdated": "Klient zaktualizowany",
+    "clientUpdatedDescription": "Klient został zaktualizowany.",
+    "clientUpdateFailed": "Nie udało się zaktualizować klienta",
+    "clientUpdateError": "Wystąpił błąd podczas aktualizacji klienta.",
+    "sitesFetchFailed": "Nie udało się pobrać witryn",
+    "sitesFetchError": "Wystąpił błąd podczas pobierania witryn.",
+    "olmErrorFetchReleases": "Wystąpił błąd podczas pobierania wydań Olm.",
+    "olmErrorFetchLatest": "Wystąpił błąd podczas pobierania najnowszego wydania Olm.",
+    "remoteSubnets": "Zdalne Podsieci",
+    "enterCidrRange": "Wprowadź zakres CIDR",
+    "remoteSubnetsDescription": "Dodaj zakresy CIDR, które można uzyskać zdalnie z tej strony za pomocą klientów. Użyj formatu jak 10.0.0.0/24. Dotyczy to WYŁĄCZNIE łączności klienta VPN.",
+    "resourceEnableProxy": "Włącz publiczny proxy",
+    "resourceEnableProxyDescription": "Włącz publiczne proxy dla tego zasobu. To umożliwia dostęp do zasobu spoza sieci przez chmurę na otwartym porcie. Wymaga konfiguracji Traefik.",
+    "externalProxyEnabled": "Zewnętrzny Proxy Włączony",
+    "addNewTarget": "Dodaj nowy cel",
+    "targetsList": "Lista celów",
+    "advancedMode": "Tryb zaawansowany",
+    "targetErrorDuplicateTargetFound": "Znaleziono duplikat celu",
+    "healthCheckHealthy": "Zdrowy",
+    "healthCheckUnhealthy": "Niezdrowy",
+    "healthCheckUnknown": "Nieznany",
+    "healthCheck": "Kontrola Zdrowia",
+    "configureHealthCheck": "Skonfiguruj Kontrolę Zdrowia",
+    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zdrowia dla {target}",
+    "enableHealthChecks": "Włącz Kontrole Zdrowia",
+    "enableHealthChecksDescription": "Monitoruj zdrowie tego celu. Możesz monitorować inny punkt końcowy niż docelowy w razie potrzeby.",
+    "healthScheme": "Metoda",
+    "healthSelectScheme": "Wybierz metodę",
+    "healthCheckPath": "Ścieżka",
+    "healthHostname": "IP / Nazwa hosta",
+    "healthPort": "Port",
+    "healthCheckPathDescription": "Ścieżka do sprawdzania stanu zdrowia.",
+    "healthyIntervalSeconds": "Interwał Zdrowy",
+    "unhealthyIntervalSeconds": "Interwał Niezdrowy",
+    "IntervalSeconds": "Interwał Zdrowy",
+    "timeoutSeconds": "Limit Czasu",
+    "timeIsInSeconds": "Czas w sekundach",
+    "retryAttempts": "Próby Ponowienia",
+    "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
+    "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
+    "customHeaders": "Niestandardowe nagłówki",
+    "customHeadersDescription": "Nagłówki oddzielone: Nazwa nagłówka: wartość",
+    "headersValidationError": "Nagłówki muszą być w formacie: Nazwa nagłówka: wartość.",
+    "saveHealthCheck": "Zapisz Kontrolę Zdrowia",
+    "healthCheckSaved": "Kontrola Zdrowia Zapisana",
+    "healthCheckSavedDescription": "Konfiguracja kontroli zdrowia została zapisana pomyślnie",
+    "healthCheckError": "Błąd Kontroli Zdrowia",
+    "healthCheckErrorDescription": "Wystąpił błąd podczas zapisywania konfiguracji kontroli zdrowia",
+    "healthCheckPathRequired": "Ścieżka kontroli zdrowia jest wymagana",
+    "healthCheckMethodRequired": "Metoda HTTP jest wymagana",
+    "healthCheckIntervalMin": "Interwał sprawdzania musi wynosić co najmniej 5 sekund",
+    "healthCheckTimeoutMin": "Limit czasu musi wynosić co najmniej 1 sekundę",
+    "healthCheckRetryMin": "Liczba prób ponowienia musi wynosić co najmniej 1",
+    "httpMethod": "Metoda HTTP",
+    "selectHttpMethod": "Wybierz metodę HTTP",
+    "domainPickerSubdomainLabel": "Poddomena",
+    "domainPickerBaseDomainLabel": "Domen bazowa",
+    "domainPickerSearchDomains": "Szukaj domen...",
+    "domainPickerNoDomainsFound": "Nie znaleziono domen",
+    "domainPickerLoadingDomains": "Ładowanie domen...",
+    "domainPickerSelectBaseDomain": "Wybierz domenę bazową...",
+    "domainPickerNotAvailableForCname": "Niedostępne dla domen CNAME",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Wprowadź poddomenę lub pozostaw puste, aby użyć domeny bazowej.",
+    "domainPickerEnterSubdomainToSearch": "Wprowadź poddomenę, aby wyszukać i wybrać z dostępnych darmowych domen.",
+    "domainPickerFreeDomains": "Darmowe domeny",
+    "domainPickerSearchForAvailableDomains": "Szukaj dostępnych domen",
+    "domainPickerNotWorkSelfHosted": "Uwaga: Darmowe domeny nie są obecnie dostępne dla instancji samodzielnie-hostowanych.",
+    "resourceDomain": "Domena",
+    "resourceEditDomain": "Edytuj domenę",
+    "siteName": "Nazwa strony",
+    "proxyPort": "Port",
+    "resourcesTableProxyResources": "Zasoby proxy",
+    "resourcesTableClientResources": "Zasoby klienta",
+    "resourcesTableNoProxyResourcesFound": "Nie znaleziono zasobów proxy.",
+    "resourcesTableNoInternalResourcesFound": "Nie znaleziono wewnętrznych zasobów.",
+    "resourcesTableDestination": "Miejsce docelowe",
+    "resourcesTableTheseResourcesForUseWith": "Te zasoby są do użytku z",
+    "resourcesTableClients": "Klientami",
+    "resourcesTableAndOnlyAccessibleInternally": "i są dostępne tylko wewnętrznie po połączeniu z klientem.",
+    "editInternalResourceDialogEditClientResource": "Edytuj zasób klienta",
+    "editInternalResourceDialogUpdateResourceProperties": "Zaktualizuj właściwości zasobu i konfigurację celu dla {resourceName}.",
+    "editInternalResourceDialogResourceProperties": "Właściwości zasobów",
+    "editInternalResourceDialogName": "Nazwa",
+    "editInternalResourceDialogProtocol": "Protokół",
+    "editInternalResourceDialogSitePort": "Port witryny",
+    "editInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
+    "editInternalResourceDialogCancel": "Anuluj",
+    "editInternalResourceDialogSaveResource": "Zapisz zasób",
+    "editInternalResourceDialogSuccess": "Sukces",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Wewnętrzny zasób zaktualizowany pomyślnie",
+    "editInternalResourceDialogError": "Błąd",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Nie udało się zaktualizować wewnętrznego zasobu",
+    "editInternalResourceDialogNameRequired": "Nazwa jest wymagana",
+    "editInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków",
+    "editInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1",
+    "editInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP",
+    "editInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1",
+    "editInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536",
+    "createInternalResourceDialogNoSitesAvailable": "Brak dostępnych stron",
+    "createInternalResourceDialogNoSitesAvailableDescription": "Musisz mieć co najmniej jedną stronę Newt z skonfigurowanym podsiecią, aby tworzyć wewnętrzne zasoby.",
+    "createInternalResourceDialogClose": "Zamknij",
+    "createInternalResourceDialogCreateClientResource": "Utwórz zasób klienta",
+    "createInternalResourceDialogCreateClientResourceDescription": "Utwórz nowy zasób, który będzie dostępny dla klientów połączonych z wybraną stroną.",
+    "createInternalResourceDialogResourceProperties": "Właściwości zasobów",
+    "createInternalResourceDialogName": "Nazwa",
+    "createInternalResourceDialogSite": "Witryna",
+    "createInternalResourceDialogSelectSite": "Wybierz stronę...",
+    "createInternalResourceDialogSearchSites": "Szukaj stron...",
+    "createInternalResourceDialogNoSitesFound": "Nie znaleziono stron.",
+    "createInternalResourceDialogProtocol": "Protokół",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Port witryny",
+    "createInternalResourceDialogSitePortDescription": "Użyj tego portu, aby uzyskać dostęp do zasobu na stronie, gdy połączony z klientem.",
+    "createInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
+    "createInternalResourceDialogDestinationIPDescription": "Adres IP lub nazwa hosta zasobu w sieci witryny.",
+    "createInternalResourceDialogDestinationPortDescription": "Port na docelowym IP, gdzie zasób jest dostępny.",
+    "createInternalResourceDialogCancel": "Anuluj",
+    "createInternalResourceDialogCreateResource": "Utwórz zasób",
+    "createInternalResourceDialogSuccess": "Sukces",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Wewnętrzny zasób utworzony pomyślnie",
+    "createInternalResourceDialogError": "Błąd",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Nie udało się utworzyć wewnętrznego zasobu",
+    "createInternalResourceDialogNameRequired": "Nazwa jest wymagana",
+    "createInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków",
+    "createInternalResourceDialogPleaseSelectSite": "Proszę wybrać stronę",
+    "createInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1",
+    "createInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP",
+    "createInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1",
+    "createInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536",
+    "siteConfiguration": "Konfiguracja",
+    "siteAcceptClientConnections": "Akceptuj połączenia klienta",
+    "siteAcceptClientConnectionsDescription": "Pozwól innym urządzeniom połączyć się przez tę instancję Newt jako bramę za pomocą klientów.",
+    "siteAddress": "Adres strony",
+    "siteAddressDescription": "Podaj adres IP hosta, do którego klienci będą się łączyć. Jest to wewnętrzny adres strony w sieci Pangolin dla klientów do adresowania. Musi zawierać się w podsieci organizacji.",
+    "autoLoginExternalIdp": "Automatyczny login z zewnętrznym IDP",
+    "autoLoginExternalIdpDescription": "Natychmiastowe przekierowanie użytkownika do zewnętrznego IDP w celu uwierzytelnienia.",
+    "selectIdp": "Wybierz IDP",
+    "selectIdpPlaceholder": "Wybierz IDP...",
+    "selectIdpRequired": "Proszę wybrać IDP, gdy aktywne jest automatyczne logowanie.",
+    "autoLoginTitle": "Przekierowywanie",
+    "autoLoginDescription": "Przekierowanie do zewnętrznego dostawcy tożsamości w celu uwierzytelnienia.",
+    "autoLoginProcessing": "Przygotowywanie uwierzytelniania...",
+    "autoLoginRedirecting": "Przekierowanie do logowania...",
+    "autoLoginError": "Błąd automatycznego logowania",
+    "autoLoginErrorNoRedirectUrl": "Nie otrzymano URL przekierowania od dostawcy tożsamości.",
+    "autoLoginErrorGeneratingUrl": "Nie udało się wygenerować URL uwierzytelniania.",
+    "remoteExitNodeManageRemoteExitNodes": "Zdalne węzły",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Węzły",
+    "searchRemoteExitNodes": "Szukaj węzłów...",
+    "remoteExitNodeAdd": "Dodaj węzeł",
+    "remoteExitNodeErrorDelete": "Błąd podczas usuwania węzła",
+    "remoteExitNodeQuestionRemove": "Czy na pewno chcesz usunąć węzeł {selectedNode} z organizacji?",
+    "remoteExitNodeMessageRemove": "Po usunięciu, węzeł nie będzie już dostępny.",
+    "remoteExitNodeMessageConfirm": "Aby potwierdzić, wpisz nazwę węzła poniżej.",
+    "remoteExitNodeConfirmDelete": "Potwierdź usunięcie węzła",
+    "remoteExitNodeDelete": "Usuń węzeł",
+    "sidebarRemoteExitNodes": "Zdalne węzły",
+    "remoteExitNodeCreate": {
+        "title": "Utwórz węzeł",
+        "description": "Utwórz nowy węzeł, aby rozszerzyć połączenie z siecią",
+        "viewAllButton": "Zobacz wszystkie węzły",
+        "strategy": {
+            "title": "Strategia Tworzenia",
+            "description": "Wybierz to, aby ręcznie skonfigurować węzeł lub wygenerować nowe poświadczenia.",
+            "adopt": {
+                "title": "Zaadoptuj Węzeł",
+                "description": "Wybierz to, jeśli masz już dane logowania dla węzła."
+            },
+            "generate": {
+                "title": "Generuj Klucze",
+                "description": "Wybierz to, jeśli chcesz wygenerować nowe klucze dla węzła"
+            }
+        },
+        "adopt": {
+            "title": "Zaadoptuj Istniejący Węzeł",
+            "description": "Wprowadź dane logowania istniejącego węzła, który chcesz przyjąć",
+            "nodeIdLabel": "ID węzła",
+            "nodeIdDescription": "ID istniejącego węzła, który chcesz przyjąć",
+            "secretLabel": "Sekret",
+            "secretDescription": "Sekretny klucz istniejącego węzła",
+            "submitButton": "Przyjmij węzeł"
+        },
+        "generate": {
+            "title": "Wygenerowane Poświadczenia",
+            "description": "Użyj tych danych logowania, aby skonfigurować węzeł",
+            "nodeIdTitle": "ID węzła",
+            "secretTitle": "Sekret",
+            "saveCredentialsTitle": "Dodaj Poświadczenia do Konfiguracji",
+            "saveCredentialsDescription": "Dodaj te poświadczenia do pliku konfiguracyjnego swojego samodzielnie-hostowanego węzła Pangolin, aby zakończyć połączenie.",
+            "submitButton": "Utwórz węzeł"
+        },
+        "validation": {
+            "adoptRequired": "Identyfikator węzła i sekret są wymagane podczas przyjmowania istniejącego węzła"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Nie udało się załadować domyślnych ustawień",
+            "defaultsNotLoaded": "Domyślne ustawienia nie zostały załadowane",
+            "createFailed": "Nie udało się utworzyć węzła"
+        },
+        "success": {
+            "created": "Węzeł utworzony pomyślnie"
+        }
+    },
+    "remoteExitNodeSelection": "Wybór węzła",
+    "remoteExitNodeSelectionDescription": "Wybierz węzeł do przekierowania ruchu dla tej lokalnej witryny",
+    "remoteExitNodeRequired": "Węzeł musi być wybrany dla lokalnych witryn",
+    "noRemoteExitNodesAvailable": "Brak dostępnych węzłów",
+    "noRemoteExitNodesAvailableDescription": "Węzły nie są dostępne dla tej organizacji. Utwórz węzeł, aby używać lokalnych witryn.",
+    "exitNode": "Węzeł Wyjściowy",
+    "country": "Kraj",
+    "rulesMatchCountry": "Obecnie bazuje na adresie IP źródła",
+    "managedSelfHosted": {
+        "title": "Zarządzane Samodzielnie-Hostingowane",
+        "description": "Większa niezawodność i niska konserwacja serwera Pangolin z dodatkowymi dzwonkami i sygnałami",
+        "introTitle": "Zarządzany samowystarczalny Pangolin",
+        "introDescription": "jest opcją wdrażania zaprojektowaną dla osób, które chcą prostoty i dodatkowej niezawodności, przy jednoczesnym utrzymaniu swoich danych prywatnych i samodzielnych.",
+        "introDetail": "Z tą opcją nadal obsługujesz swój własny węzeł Pangolin — tunele, zakończenie SSL i ruch na Twoim serwerze. Różnica polega na tym, że zarządzanie i monitorowanie odbywa się za pomocą naszej tablicy rozdzielczej, która odblokowuje szereg korzyści:",
+        "benefitSimplerOperations": {
+            "title": "Uproszczone operacje",
+            "description": "Nie ma potrzeby uruchamiania własnego serwera pocztowego lub ustawiania skomplikowanych powiadomień. Będziesz mieć kontrolę zdrowia i powiadomienia o przestoju."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Automatyczne aktualizacje",
+            "description": "Panel chmury rozwija się szybko, więc otrzymujesz nowe funkcje i poprawki błędów bez konieczności ręcznego ciągnięcia nowych kontenerów za każdym razem."
+        },
+        "benefitLessMaintenance": {
+            "title": "Mniej konserwacji",
+            "description": "Brak migracji bazy danych, kopii zapasowych lub dodatkowej infrastruktury do zarządzania. Obsługujemy to w chmurze."
+        },
+        "benefitCloudFailover": {
+            "title": "Przegrywanie w chmurze",
+            "description": "Jeśli Twój węzeł zostanie wyłączony, tunele mogą tymczasowo zawieść do naszych punktów w chmurze, dopóki nie przyniesiesz go z powrotem do trybu online."
+        },
+        "benefitHighAvailability": {
+            "title": "Wysoka dostępność (PoPs)",
+            "description": "Możesz również dołączyć wiele węzłów do swojego konta w celu nadmiarowości i lepszej wydajności."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Przyszłe ulepszenia",
+            "description": "Planujemy dodać więcej narzędzi analitycznych, ostrzegawczych i zarządzania, aby zwiększyć odporność wdrożenia."
+        },
+        "docsAlert": {
+            "text": "Dowiedz się więcej o opcji zarządzania samodzielnym hostingiem w naszym",
+            "documentation": "dokumentacja"
+        },
+        "convertButton": "Konwertuj ten węzeł do zarządzanego samodzielnie"
+    },
+    "internationaldomaindetected": "Wykryto międzynarodową domenę",
+    "willbestoredas": "Będą przechowywane jako:",
+    "roleMappingDescription": "Określ jak role są przypisywane do użytkowników podczas logowania się, gdy automatyczne świadczenie jest włączone.",
+    "selectRole": "Wybierz rolę",
+    "roleMappingExpression": "Wyrażenie",
+    "selectRolePlaceholder": "Wybierz rolę",
+    "selectRoleDescription": "Wybierz rolę do przypisania wszystkim użytkownikom od tego dostawcy tożsamości",
+    "roleMappingExpressionDescription": "Wprowadź wyrażenie JMESŚcieżki, aby wyodrębnić informacje o roli z tokenu ID",
+    "idpTenantIdRequired": "ID lokatora jest wymagane",
+    "invalidValue": "Nieprawidłowa wartość",
+    "idpTypeLabel": "Typ dostawcy tożsamości",
+    "roleMappingExpressionPlaceholder": "np. zawiera(grupy, 'admin') && 'Admin' || 'Członek'",
+    "idpGoogleConfiguration": "Konfiguracja Google",
+    "idpGoogleConfigurationDescription": "Skonfiguruj swoje poświadczenia Google OAuth2",
+    "idpGoogleClientIdDescription": "Twój identyfikator klienta Google OAuth2",
+    "idpGoogleClientSecretDescription": "Twój klucz klienta Google OAuth2",
+    "idpAzureConfiguration": "Konfiguracja Azure Entra ID",
+    "idpAzureConfigurationDescription": "Skonfiguruj swoje dane logowania OAuth2 Azure Entra",
+    "idpTenantId": "ID Najemcy",
+    "idpTenantIdPlaceholder": "twoj-lokator",
+    "idpAzureTenantIdDescription": "Twój identyfikator dzierżawcy Azure (znaleziony w Podglądzie Azure Active Directory",
+    "idpAzureClientIdDescription": "Twój identyfikator klienta rejestracji aplikacji Azure",
+    "idpAzureClientSecretDescription": "Klucz tajny Twojego klienta rejestracji aplikacji Azure",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Konfiguracja Google",
+    "idpAzureConfigurationTitle": "Konfiguracja Azure Entra ID",
+    "idpTenantIdLabel": "ID Najemcy",
+    "idpAzureClientIdDescription2": "Twój identyfikator klienta rejestracji aplikacji Azure",
+    "idpAzureClientSecretDescription2": "Klucz tajny Twojego klienta rejestracji aplikacji Azure",
+    "idpGoogleDescription": "Dostawca Google OAuth2/OIDC",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "Podsieć",
+    "subnetDescription": "Podsieć dla konfiguracji sieci tej organizacji.",
+    "authPage": "Strona uwierzytelniania",
+    "authPageDescription": "Skonfiguruj stronę uwierzytelniania dla swojej organizacji",
+    "authPageDomain": "Domena strony uwierzytelniania",
+    "noDomainSet": "Nie ustawiono domeny",
+    "changeDomain": "Zmień domenę",
+    "selectDomain": "Wybierz domenę",
+    "restartCertificate": "Uruchom ponownie certyfikat",
+    "editAuthPageDomain": "Edytuj domenę strony uwierzytelniania",
+    "setAuthPageDomain": "Ustaw domenę strony uwierzytelniania",
+    "failedToFetchCertificate": "Nie udało się pobrać certyfikatu",
+    "failedToRestartCertificate": "Nie udało się ponownie uruchomić certyfikatu",
+    "addDomainToEnableCustomAuthPages": "Dodaj domenę, aby włączyć niestandardowe strony uwierzytelniania dla Twojej organizacji",
+    "selectDomainForOrgAuthPage": "Wybierz domenę dla strony uwierzytelniania organizacji",
+    "domainPickerProvidedDomain": "Dostarczona domena",
+    "domainPickerFreeProvidedDomain": "Darmowa oferowana domena",
+    "domainPickerVerified": "Zweryfikowano",
+    "domainPickerUnverified": "Niezweryfikowane",
+    "domainPickerInvalidSubdomainStructure": "Ta subdomena zawiera nieprawidłowe znaki lub strukturę. Zostanie ona automatycznie oczyszczona po zapisaniu.",
+    "domainPickerError": "Błąd",
+    "domainPickerErrorLoadDomains": "Nie udało się załadować domen organizacji",
+    "domainPickerErrorCheckAvailability": "Nie udało się sprawdzić dostępności domeny",
+    "domainPickerInvalidSubdomain": "Nieprawidłowa subdomena",
+    "domainPickerInvalidSubdomainRemoved": "Wejście \"{sub}\" zostało usunięte, ponieważ jest nieprawidłowe.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" nie może być poprawne dla {domain}.",
+    "domainPickerSubdomainSanitized": "Poddomena oczyszczona",
+    "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\"",
+    "orgAuthSignInTitle": "Zaloguj się do swojej organizacji",
+    "orgAuthChooseIdpDescription": "Wybierz swojego dostawcę tożsamości, aby kontynuować",
+    "orgAuthNoIdpConfigured": "Ta organizacja nie ma skonfigurowanych żadnych dostawców tożsamości. Zamiast tego możesz zalogować się za pomocą swojej tożsamości Pangolin.",
+    "orgAuthSignInWithPangolin": "Zaloguj się używając Pangolin",
+    "subscriptionRequiredToUse": "Do korzystania z tej funkcji wymagana jest subskrypcja.",
+    "idpDisabled": "Dostawcy tożsamości są wyłączeni",
+    "orgAuthPageDisabled": "Strona autoryzacji organizacji jest wyłączona.",
+    "domainRestartedDescription": "Weryfikacja domeny zrestartowana pomyślnie",
+    "resourceAddEntrypointsEditFile": "Edytuj plik: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edytuj plik: docker-compose.yml",
+    "emailVerificationRequired": "Weryfikacja adresu e-mail jest wymagana. Zaloguj się ponownie przez {dashboardUrl}/auth/login zakończył ten krok. Następnie wróć tutaj.",
+    "twoFactorSetupRequired": "Konfiguracja uwierzytelniania dwuskładnikowego jest wymagana. Zaloguj się ponownie przez {dashboardUrl}/auth/login dokończ ten krok. Następnie wróć tutaj.",
+    "authPageErrorUpdateMessage": "Wystąpił błąd podczas aktualizacji ustawień strony uwierzytelniania",
+    "authPageUpdated": "Strona uwierzytelniania została pomyślnie zaktualizowana",
+    "healthCheckNotAvailable": "Lokalny",
+    "rewritePath": "Przepis Ścieżki",
+    "rewritePathDescription": "Opcjonalnie przepisz ścieżkę przed przesłaniem do celu.",
+    "continueToApplication": "Kontynuuj do aplikacji",
+    "checkingInvite": "Sprawdzanie zaproszenia",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Usuń autoryzację nagłówka",
+    "resourceHeaderAuthRemoveDescription": "Uwierzytelnianie nagłówka zostało pomyślnie usunięte.",
+    "resourceErrorHeaderAuthRemove": "Nie udało się usunąć uwierzytelniania nagłówka",
+    "resourceErrorHeaderAuthRemoveDescription": "Nie można usunąć uwierzytelniania nagłówka zasobu.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Nie udało się ustawić uwierzytelniania nagłówka",
+    "resourceErrorHeaderAuthSetupDescription": "Nie można ustawić uwierzytelniania nagłówka dla zasobu.",
+    "resourceHeaderAuthSetup": "Uwierzytelnianie nagłówka ustawione pomyślnie",
+    "resourceHeaderAuthSetupDescription": "Uwierzytelnianie nagłówka zostało ustawione.",
+    "resourceHeaderAuthSetupTitle": "Ustaw uwierzytelnianie nagłówka",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Ustaw uwierzytelnianie nagłówka",
+    "actionSetResourceHeaderAuth": "Ustaw uwierzytelnianie nagłówka",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Priorytet",
+    "priorityDescription": "Najpierw oceniane są trasy priorytetowe. Priorytet = 100 oznacza automatyczne zamawianie (decyzje systemowe). Użyj innego numeru, aby wyegzekwować ręczny priorytet.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/tr-TR.json

@@ -59,7 +59,6 @@
     "siteErrorCreate": "Site oluşturulurken hata",
     "siteErrorCreateKeyPair": "Anahtar çifti veya site varsayılanları bulunamadı",
     "siteErrorCreateDefaults": "Site varsayılanları bulunamadı",
-    "siteNameDescription": "Bu, site için görünen addır.",
     "method": "Yöntem",
     "siteMethodDescription": "Bağlantıları nasıl açığa çıkaracağınız budur.",
     "siteLearnNewt": "Newt'i sisteminize nasıl kuracağınızı öğrenin",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "Ağınıza giriş noktası oluşturmanın en kolay yolu. Ekstra kurulum gerekmez.",
     "siteWg": "Temel WireGuard",
     "siteWgDescription": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir.",
+    "siteWgDescriptionSaas": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR",
     "siteLocalDescription": "Yalnızca yerel kaynaklar. Tünelleme yok.",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "Tüm Siteleri Gör",
     "siteTunnelDescription": "Sitenize nasıl bağlanmak istediğinizi belirleyin",
     "siteNewtCredentials": "Newt Kimlik Bilgileri",
@@ -167,7 +168,10 @@
     "siteSelect": "Site seç",
     "siteSearch": "Site ara",
     "siteNotFound": "Herhangi bir site bulunamadı.",
-    "siteSelectionDescription": "Bu site, kaynağa bağlanabilirliği sağlayacaktır.",
+    "selectCountry": "Ülke Seç",
+    "searchCountries": "Ülkeleri ara...",
+    "noCountryFound": "Ülke bulunamadı.",
+    "siteSelectionDescription": "Bu site hedefe bağlantı sağlayacaktır.",
     "resourceType": "Kaynak Türü",
     "resourceTypeDescription": "Kaynağınıza nasıl erişmek istediğinizi belirleyin",
     "resourceHTTPSSettings": "HTTPS Ayarları",
@@ -198,11 +202,13 @@
     "general": "Genel",
     "generalSettings": "Genel Ayarlar",
     "proxy": "Vekil Sunucu",
+    "internal": "Dahili",
     "rules": "Kurallar",
     "resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın",
     "resourceSetting": "{resourceName} Ayarları",
     "alwaysAllow": "Her Zaman İzin Ver",
     "alwaysDeny": "Her Zaman Reddet",
+    "passToAuth": "Kimlik Doğrulamasına Geç",
     "orgSettingsDescription": "Organizasyonunuzun genel ayarlarını yapılandırın",
     "orgGeneralSettings": "Organizasyon Ayarları",
     "orgGeneralSettingsDescription": "Organizasyon detaylarınızı ve yapılandırmanızı yönetin",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "Kullanıcı role eklenirken bir hata oluştu.",
     "userSaved": "Kullanıcı kaydedildi",
     "userSavedDescription": "Kullanıcı güncellenmiştir.",
+    "autoProvisioned": "Otomatik Sağlandı",
+    "autoProvisionedDescription": "Bu kullanıcının kimlik sağlayıcısı tarafından otomatik olarak yönetilmesine izin ver",
     "accessControlsDescription": "Bu kullanıcının organizasyonda neleri erişebileceğini ve yapabileceğini yönetin",
     "accessControlsSubmit": "Erişim Kontrollerini Kaydet",
     "roles": "Roller",
@@ -460,7 +468,10 @@
     "createdAt": "Oluşturulma Tarihi",
     "proxyErrorInvalidHeader": "Geçersiz özel Ana Bilgisayar Başlığı değeri. Alan adı formatını kullanın veya özel Ana Bilgisayar Başlığını ayarlamak için boş bırakın.",
     "proxyErrorTls": "Geçersiz TLS Sunucu Adı. Alan adı formatını kullanın veya TLS Sunucu Adını kaldırmak için boş bırakılsın.",
-    "proxyEnableSSL": "SSL'yi Etkinleştir (https)",
+    "proxyEnableSSL": "SSL Etkinleştir",
+    "proxyEnableSSLDescription": "Hedeflerinize güvenli HTTPS bağlantıları için SSL/TLS şifrelemesi etkinleştirin.",
+    "target": "Hedef",
+    "configureTarget": "Hedefleri Yapılandır",
     "targetErrorFetch": "Hedefleri alamadı",
     "targetErrorFetchDescription": "Hedefler alınırken bir hata oluştu",
     "siteErrorFetch": "kaynağa ulaşılamadı",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "HTTPS & TLS Settings",
     "targetTlsSettingsDescription": "Configure TLS settings for your resource",
     "targetTlsSettingsAdvanced": "Gelişmiş TLS Ayarları",
-    "targetTlsSni": "TLS Sunucu Adı (SNI)",
+    "targetTlsSni": "TLS Sunucu Adı",
     "targetTlsSniDescription": "SNI için kullanılacak TLS Sunucu Adı'",
     "targetTlsSubmit": "Ayarları Kaydet",
     "targets": "Hedefler Konfigürasyonu",
-    "targetsDescription": "Trafiği hizmetlerinize yönlendirmek için hedefleri ayarlayın",
+    "targetsDescription": "Trafiği arka uç hizmetlerinize yönlendirmek için hedefleri ayarlayın",
     "targetStickySessions": "Yapışkan Oturumları Etkinleştir",
     "targetStickySessionsDescription": "Bağlantıları oturum süresince aynı arka uç hedef üzerinde tutun.",
     "methodSelect": "Yöntemi Seç",
     "targetSubmit": "Hedef Ekle",
-    "targetNoOne": "Hiçbir hedef yok. Formu kullanarak bir hedef ekleyin.",
+    "targetNoOne": "Bu kaynağın hedefi yok. Arka planınıza istek göndereceğiniz bir hedef yapılandırmak için hedef ekleyin.",
     "targetNoOneDescription": "Yukarıdaki birden fazla hedef ekleyerek yük dengeleme etkinleştirilecektir.",
     "targetsSubmit": "Hedefleri Kaydet",
+    "addTarget": "Hedef Ekle",
+    "targetErrorInvalidIp": "Geçersiz IP adresi",
+    "targetErrorInvalidIpDescription": "Lütfen geçerli bir IP adresi veya host adı girin",
+    "targetErrorInvalidPort": "Geçersiz port",
+    "targetErrorInvalidPortDescription": "Lütfen geçerli bir port numarası girin",
+    "targetErrorNoSite": "Hiçbir site seçili değil",
+    "targetErrorNoSiteDescription": "Lütfen hedef için bir site seçin",
+    "targetCreated": "Hedef oluşturuldu",
+    "targetCreatedDescription": "Hedef başarıyla oluşturuldu",
+    "targetErrorCreate": "Hedef oluşturma başarısız oldu",
+    "targetErrorCreateDescription": "Hedef oluşturulurken bir hata oluştu",
+    "save": "Kaydet",
     "proxyAdditional": "Ek Proxy Ayarları",
     "proxyAdditionalDescription": "Kaynağınızın proxy ayarlarını nasıl yöneteceğini yapılandırın",
     "proxyCustomHeader": "Özel Ana Bilgisayar Başlığı",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "Geçersiz IP adresi formatı",
     "ipAddressErrorInvalidOctet": "Geçersiz IP adresi okteti",
     "path": "Yol",
+    "matchPath": "Yol Eşleştir",
     "ipAddressRange": "IP Aralığı",
     "rulesErrorFetch": "Kurallar alınamadı",
     "rulesErrorFetchDescription": "Kurallar alınırken bir hata oluştu",
@@ -543,6 +567,7 @@
     "rulesActions": "Aksiyonlar",
     "rulesActionAlwaysAllow": "Her Zaman İzin Ver: Tüm kimlik doğrulama yöntemlerini atlayın",
     "rulesActionAlwaysDeny": "Her Zaman Reddedin: Tüm istekleri engelleyin; kimlik doğrulaması yapılamaz",
+    "rulesActionPassToAuth": "Kimlik Doğrulamasına Geç: Kimlik doğrulama yöntemlerinin denenmesine izin ver",
     "rulesMatchCriteria": "Eşleşme Kriterleri",
     "rulesMatchCriteriaIpAddress": "Belirli bir IP adresi ile eşleşme",
     "rulesMatchCriteriaIpAddressRange": "CIDR gösteriminde bir IP adresi aralığı ile eşleşme",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "Sunucu Yöneticisi - Pangolin",
     "licenseTierProfessional": "Profesyonel Lisans",
     "licenseTierEnterprise": "Kurumsal Lisans",
-    "licenseTierCommercial": "Ticari Lisans",
+    "licenseTierPersonal": "Personal License",
     "licensed": "Lisanslı",
     "yes": "Evet",
     "no": "Hayır",
@@ -740,7 +765,7 @@
     "idpDisplayName": "Bu kimlik sağlayıcı için bir görüntü adı",
     "idpAutoProvisionUsers": "Kullanıcıları Otomatik Sağla",
     "idpAutoProvisionUsersDescription": "Etkinleştirildiğinde, kullanıcılar rol ve organizasyonlara eşleme yeteneğiyle birlikte sistemde otomatik olarak oluşturulacak.",
-    "licenseBadge": "Profesyonel",
+    "licenseBadge": "EE",
     "idpType": "Sağlayıcı Türü",
     "idpTypeDescription": "Yapılandırmak istediğiniz kimlik sağlayıcısı türünü seçin",
     "idpOidcConfigure": "OAuth2/OIDC Yapılandırması",
@@ -807,7 +832,7 @@
     "redirectUrl": "Yönlendirme URL'si",
     "redirectUrlAbout": "Yönlendirme URL'si Hakkında",
     "redirectUrlAboutDescription": "Bu, kimlik doğrulamasından sonra kullanıcıların yönlendirileceği URL'dir. Bu URL'yi kimlik sağlayıcınızın ayarlarında yapılandırmanız gerekir.",
-    "pangolinAuth": "Auth - Pangolin",
+    "pangolinAuth": "Yetkilendirme - Pangolin",
     "verificationCodeLengthRequirements": "Doğrulama kodunuz 8 karakter olmalıdır.",
     "errorOccurred": "Bir hata oluştu",
     "emailErrorVerify": "E-posta doğrulanamadı: ",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "PIN kesinlikle 6 haneli olmalıdır",
     "pincodeRequirementsChars": "PIN sadece numaralardan oluşmalıdır",
     "passwordRequirementsLength": "Şifre en az 1 karakter uzunluğunda olmalıdır",
+    "passwordRequirementsTitle": "Şifre gereksinimleri:",
+    "passwordRequirementLength": "En az 8 karakter uzunluğunda",
+    "passwordRequirementUppercase": "En az bir büyük harf",
+    "passwordRequirementLowercase": "En az bir küçük harf",
+    "passwordRequirementNumber": "En az bir sayı",
+    "passwordRequirementSpecial": "En az bir özel karakter",
+    "passwordRequirementsMet": "✓ Şifre tüm gereksinimleri karşılıyor",
+    "passwordStrength": "Şifre gücü",
+    "passwordStrengthWeak": "Zayıf",
+    "passwordStrengthMedium": "Orta",
+    "passwordStrengthStrong": "Güçlü",
+    "passwordRequirements": "Gereksinimler:",
+    "passwordRequirementLengthText": "8+ karakter",
+    "passwordRequirementUppercaseText": "Büyük harf (A-Z)",
+    "passwordRequirementLowercaseText": "Küçük harf (a-z)",
+    "passwordRequirementNumberText": "Sayı (0-9)",
+    "passwordRequirementSpecialText": "Özel karakter (!@#$%...)",
+    "passwordsDoNotMatch": "Parolalar eşleşmiyor",
     "otpEmailRequirementsLength": "OTP en az 1 karakter uzunluğunda olmalıdır",
     "otpEmailSent": "OTP Gönderildi",
     "otpEmailSentDescription": "E-posta adresinize bir OTP gönderildi",
@@ -953,12 +996,15 @@
     "logoutError": "Çıkış yaparken hata",
     "signingAs": "Olarak giriş yapıldı",
     "serverAdmin": "Sunucu Yöneticisi",
+    "managedSelfhosted": "Yönetilen Self-Hosted",
     "otpEnable": "İki faktörlü özelliğini etkinleştir",
     "otpDisable": "İki faktörlü özelliğini devre dışı bırak",
     "logout": "Çıkış Yap",
     "licenseTierProfessionalRequired": "Profesyonel Sürüme Gereklidir",
     "licenseTierProfessionalRequiredDescription": "Bu özellik yalnızca Professional Edition'da kullanılabilir.",
     "actionGetOrg": "Kuruluşu Al",
+    "updateOrgUser": "Organizasyon Kullanıcısını Güncelle",
+    "createOrgUser": "Organizasyon Kullanıcısı Oluştur",
     "actionUpdateOrg": "Kuruluşu Güncelle",
     "actionUpdateUser": "Kullanıcıyı Güncelle",
     "actionGetUser": "Kullanıcıyı Getir",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "Siteyi Sil",
     "actionGetSite": "Siteyi Al",
     "actionListSites": "Siteleri Listele",
+    "actionApplyBlueprint": "Planı Uygula",
+    "setupToken": "Kurulum Simgesi",
+    "setupTokenDescription": "Sunucu konsolundan kurulum simgesini girin.",
+    "setupTokenRequired": "Kurulum simgesi gerekli",
     "actionUpdateSite": "Siteyi Güncelle",
     "actionListSiteRoles": "İzin Verilen Site Rolleri Listele",
     "actionCreateResource": "Kaynak Oluştur",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "Kimlik Sağlayıcı Organizasyon Politikasını Sil",
     "actionListIdpOrgs": "Kimlik Sağlayıcı Organizasyonları Listele",
     "actionUpdateIdpOrg": "Kimlik Sağlayıcı Organizasyonu Güncelle",
+    "actionCreateClient": "Müşteri Oluştur",
+    "actionDeleteClient": "Müşteri Sil",
+    "actionUpdateClient": "Müşteri Güncelle",
+    "actionListClients": "Müşterileri Listele",
+    "actionGetClient": "Müşteriyi Al",
+    "actionCreateSiteResource": "Site Kaynağı Oluştur",
+    "actionDeleteSiteResource": "Site Kaynağını Sil",
+    "actionGetSiteResource": "Site Kaynağını Al",
+    "actionListSiteResources": "Site Kaynaklarını Listele",
+    "actionUpdateSiteResource": "Site Kaynağını Güncelle",
+    "actionListInvitations": "Davetiyeleri Listele",
     "noneSelected": "Hiçbiri seçili değil",
     "orgNotFound2": "Hiçbir organizasyon bulunamadı.",
     "searchProgress": "Ara...",
@@ -1038,7 +1099,6 @@
     "navbar": "Navigasyon Menüsü",
     "navbarDescription": "Uygulamanın ana navigasyon menüsü",
     "navbarDocsLink": "Dokümantasyon",
-    "commercialEdition": "Ticari Sürüm",
     "otpErrorEnable": "2FA etkinleştirilemedi",
     "otpErrorEnableDescription": "2FA etkinleştirilirken bir hata oluştu",
     "otpSetupCheckCode": "6 haneli bir kod girin",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "Tüm Kullanıcılar",
     "sidebarIdentityProviders": "Kimlik Sağlayıcılar",
     "sidebarLicense": "Lisans",
-    "sidebarClients": "Müşteriler",
+    "sidebarClients": "Clients",
     "sidebarDomains": "Alan Adları",
-    "enableDockerSocket": "Docker Soketi Etkinleştir",
-    "enableDockerSocketDescription": "Konteyner bilgilerini doldurmak için Docker Socket keşfini etkinleştirin. Socket yolu Newt'e sağlanmalıdır.",
+    "enableDockerSocket": "Docker Soketini Etkinleştir",
+    "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Newt'e soket yolu sağlanmalıdır.",
     "enableDockerSocketLink": "Daha fazla bilgi",
     "viewDockerContainers": "Docker Konteynerlerini Görüntüle",
     "containersIn": "{siteName} içindeki konteynerler",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "Tekil Alan Adı (CNAME)",
     "selectDomainTypeCnameDescription": "Sadece bu belirli alan adı. Bireysel alt alan adları veya belirli alan adı girişleri için bunu kullanın.",
     "selectDomainTypeWildcardName": "Wildcard Alan Adı",
-    "selectDomainTypeWildcardDescription": "Bu alan adı ve onun ilk alt alan düzeyi.",
+    "selectDomainTypeWildcardDescription": "Bu domain ve alt alan adları.",
     "domainDelegation": "Tekil Alan Adı",
     "selectType": "Bir tür seçin",
     "actions": "İşlemler",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "Genişlet",
     "newtUpdateAvailable": "Güncelleme Mevcut",
     "newtUpdateAvailableInfo": "Newt'in yeni bir versiyonu mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
-    "domainPickerEnterDomain": "Alan adınızı girin",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com veya sadece myapp",
+    "domainPickerEnterDomain": "Alan Adı",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Mevcut seçenekleri görmek için kaynağın tam etki alanını girin.",
     "domainPickerDescriptionSaas": "Mevcut seçenekleri görmek için tam etki alanı, alt etki alanı veya sadece bir isim girin",
     "domainPickerTabAll": "Tümü",
@@ -1206,12 +1266,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "Kullanılabilirlik kontrol ediliyor...",
-    "domainPickerNoMatchingDomains": "\"{userInput}\" için uygun alan adı bulunamadı. Farklı bir alan adı deneyin veya organizasyonunuzun alan adı ayarlarını kontrol edin.",
+    "domainPickerNoMatchingDomains": "Eşleşen domain bulunamadı. Farklı bir domain deneyin veya organizasyonunuzun domain ayarlarını kontrol edin.",
     "domainPickerOrganizationDomains": "Organizasyon Alan Adları",
     "domainPickerProvidedDomains": "Sağlanan Alan Adları",
     "domainPickerSubdomain": "Alt Alan: {subdomain}",
     "domainPickerNamespace": "Ad Alanı: {namespace}",
     "domainPickerShowMore": "Daha Fazla Göster",
+    "regionSelectorTitle": "Bölge Seç",
+    "regionSelectorInfo": "Bir bölge seçmek, konumunuz için daha iyi performans sağlamamıza yardımcı olur. Sunucunuzla aynı bölgede olmanıza gerek yoktur.",
+    "regionSelectorPlaceholder": "Bölge Seçin",
+    "regionSelectorComingSoon": "Yakında Geliyor",
+    "billingLoadingSubscription": "Abonelik yükleniyor...",
+    "billingFreeTier": "Ücretsiz Dilim",
+    "billingWarningOverLimit": "Uyarı: Bir veya daha fazla kullanım limitini aştınız. Aboneliğinizi değiştirmediğiniz veya kullanımı ayarlamadığınız sürece siteleriniz bağlanmayacaktır.",
+    "billingUsageLimitsOverview": "Kullanım Limitleri Genel Görünümü",
+    "billingMonitorUsage": "Kullanımınızı yapılandırılmış limitlerle karşılaştırın. Limitlerin artırılmasına ihtiyacınız varsa, lütfen support@pangolin.net adresinden bizimle iletişime geçin.",
+    "billingDataUsage": "Veri Kullanımı",
+    "billingOnlineTime": "Site Çevrimiçi Süresi",
+    "billingUsers": "Aktif Kullanıcılar",
+    "billingDomains": "Aktif Alanlar",
+    "billingRemoteExitNodes": "Aktif Öz-Host Düğümleri",
+    "billingNoLimitConfigured": "Hiçbir limit yapılandırılmadı",
+    "billingEstimatedPeriod": "Tahmini Fatura Dönemi",
+    "billingIncludedUsage": "Dahil Kullanım",
+    "billingIncludedUsageDescription": "Mevcut abonelik planınıza bağlı kullanım",
+    "billingFreeTierIncludedUsage": "Ücretsiz dilim kullanım hakları",
+    "billingIncluded": "dahil",
+    "billingEstimatedTotal": "Tahmini Toplam:",
+    "billingNotes": "Notlar",
+    "billingEstimateNote": "Bu, mevcut kullanımınıza dayalı bir tahmindir.",
+    "billingActualChargesMayVary": "Asıl ücretler farklılık gösterebilir.",
+    "billingBilledAtEnd": "Fatura döneminin sonunda fatura düzenlenecektir.",
+    "billingModifySubscription": "Aboneliği Düzenle",
+    "billingStartSubscription": "Aboneliği Başlat",
+    "billingRecurringCharge": "Yinelenen Ücret",
+    "billingManageSubscriptionSettings": "Abonelik ayarlarınızı ve tercihlerinizi yönetin",
+    "billingNoActiveSubscription": "Aktif bir aboneliğiniz yok. Kullanım limitlerini artırmak için aboneliğinizi başlatın.",
+    "billingFailedToLoadSubscription": "Abonelik yüklenemedi",
+    "billingFailedToLoadUsage": "Kullanım yüklenemedi",
+    "billingFailedToGetCheckoutUrl": "Ödeme URL'si alınamadı",
+    "billingPleaseTryAgainLater": "Lütfen daha sonra tekrar deneyin.",
+    "billingCheckoutError": "Ödeme Hatası",
+    "billingFailedToGetPortalUrl": "Portal URL'si alınamadı",
+    "billingPortalError": "Portal Hatası",
+    "billingDataUsageInfo": "Buluta bağlandığınızda, güvenli tünellerinizden aktarılan tüm verilerden ücret alınırsınız. Bu, tüm sitelerinizdeki gelen ve giden trafiği içerir. Limitinize ulaştığınızda, planınızı yükseltmeli veya kullanımı azaltmalısınız, aksi takdirde siteleriniz bağlantıyı keser. Düğümler kullanırken verilerden ücret alınmaz.",
+    "billingOnlineTimeInfo": "Sitelerinizin buluta ne kadar süre bağlı kaldığına göre ücretlendirilirsiniz. Örneğin, 44,640 dakika, bir sitenin 24/7 boyunca tam bir ay boyunca çalışması anlamına gelir. Limitinize ulaştığınızda, planınızı yükseltmeyip kullanımı azaltmazsanız siteleriniz bağlantıyı keser. Düğümler kullanırken zamandan ücret alınmaz.",
+    "billingUsersInfo": "Kuruluşunuzdaki her kullanıcı için ücretlendirilirsiniz. Faturalandırma, hesabınızdaki aktif kullanıcı hesaplarının sayısına göre günlük olarak hesaplanır.",
+    "billingDomainInfo": "Kuruluşunuzdaki her alan adı için ücretlendirilirsiniz. Faturalandırma, hesabınızdaki aktif alan adları hesaplarının sayısına göre günlük olarak hesaplanır.",
+    "billingRemoteExitNodesInfo": "Kuruluşunuzdaki her yönetilen Düğüm için ücretlendirilirsiniz. Faturalandırma, hesabınızdaki aktif yönetilen Düğümler sayısına göre günlük olarak hesaplanır.",
     "domainNotFound": "Alan Adı Bulunamadı",
     "domainNotFoundDescription": "Bu kaynak devre dışıdır çünkü alan adı sistemimizde artık mevcut değil. Bu kaynak için yeni bir alan adı belirleyin.",
     "failed": "Başarısız",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "Güvenlik anahtarını kaydetmek için iki faktörlü kimlik doğrulama gereklidir.",
     "twoFactor": "İki Faktörlü Kimlik Doğrulama",
     "adminEnabled2FaOnYourAccount": "Yöneticiniz {email} için iki faktörlü kimlik doğrulamayı etkinleştirdi. Devam etmek için kurulum işlemini tamamlayın.",
-    "continueToApplication": "Uygulamaya Devam Et",
     "securityKeyAdd": "Güvenlik Anahtarı Ekle",
     "securityKeyRegisterTitle": "Yeni Güvenlik Anahtarı Kaydet",
     "securityKeyRegisterDescription": "Güvenlik anahtarınızı bağlayın ve tanımlamak için bir ad girin",
@@ -1266,6 +1367,7 @@
     "createDomainName": "Ad:",
     "createDomainValue": "Değer:",
     "createDomainCnameRecords": "CNAME Kayıtları",
+    "createDomainARecords": "A Kayıtları",
     "createDomainRecordNumber": "Kayıt {number}",
     "createDomainTxtRecords": "TXT Kayıtları",
     "createDomainSaveTheseRecords": "Bu Kayıtları Kaydet",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "DNS Yayılması",
     "createDomainDnsPropagationDescription": "DNS değişikliklerinin internet genelinde yayılması zaman alabilir. DNS sağlayıcınız ve TTL ayarlarına bağlı olarak bu birkaç dakika ile 48 saat arasında değişebilir.",
     "resourcePortRequired": "HTTP dışı kaynaklar için bağlantı noktası numarası gereklidir",
-    "resourcePortNotAllowed": "HTTP kaynakları için bağlantı noktası numarası ayarlanmamalı"
+    "resourcePortNotAllowed": "HTTP kaynakları için bağlantı noktası numarası ayarlanmamalı",
+    "billingPricingCalculatorLink": "Fiyat Hesaplayıcı",
+    "signUpTerms": {
+        "IAgreeToThe": "Kabul ediyorum",
+        "termsOfService": "hizmet şartları",
+        "and": "ve",
+        "privacyPolicy": "gizlilik politikası"
+    },
+    "siteRequired": "Site gerekli.",
+    "olmTunnel": "Olm Tüneli",
+    "olmTunnelDescription": "Müşteri bağlantıları için Olm kullanın",
+    "errorCreatingClient": "Müşteri oluşturulurken hata oluştu",
+    "clientDefaultsNotFound": "Müşteri varsayılanları bulunamadı",
+    "createClient": "Müşteri Oluştur",
+    "createClientDescription": "Sitelerinize bağlanmak için yeni bir müşteri oluşturun",
+    "seeAllClients": "Tüm Müşterileri Gör",
+    "clientInformation": "Müşteri Bilgileri",
+    "clientNamePlaceholder": "Müşteri adı",
+    "address": "Adres",
+    "subnetPlaceholder": "Alt ağ",
+    "addressDescription": "Bu müşteri için bağlantıda kullanılacak adres",
+    "selectSites": "Siteleri seçin",
+    "sitesDescription": "Müşteri seçilen sitelere bağlantı kuracaktır",
+    "clientInstallOlm": "Olm Yükle",
+    "clientInstallOlmDescription": "Sisteminizde Olm çalıştırın",
+    "clientOlmCredentials": "Olm Kimlik Bilgileri",
+    "clientOlmCredentialsDescription": "Bu, Olm'in sunucu ile kimlik doğrulaması yapacağı yöntemdir",
+    "olmEndpoint": "Olm Uç Noktası",
+    "olmId": "Olm Kimliği",
+    "olmSecretKey": "Olm Gizli Anahtarı",
+    "clientCredentialsSave": "Kimlik Bilgilerinizi Kaydedin",
+    "clientCredentialsSaveDescription": "Bunu yalnızca bir kez görebileceksiniz. Güvenli bir yere kopyaladığınızdan emin olun.",
+    "generalSettingsDescription": "Bu müşteri için genel ayarları yapılandırın",
+    "clientUpdated": "Müşteri güncellendi",
+    "clientUpdatedDescription": "Müşteri güncellenmiştir.",
+    "clientUpdateFailed": "Müşteri güncellenemedi",
+    "clientUpdateError": "Müşteri güncellenirken bir hata oluştu.",
+    "sitesFetchFailed": "Siteler alınamadı",
+    "sitesFetchError": "Siteler alınırken bir hata oluştu.",
+    "olmErrorFetchReleases": "Olm yayınları alınırken bir hata oluştu.",
+    "olmErrorFetchLatest": "En son Olm yayını alınırken bir hata oluştu.",
+    "remoteSubnets": "Uzak Alt Ağlar",
+    "enterCidrRange": "CIDR aralığını girin",
+    "remoteSubnetsDescription": "Bu siteye uzaktan erişilebilen CIDR aralıklarını ekleyin. 10.0.0.0/24 formatını kullanın. Bu YALNIZCA VPN istemci bağlantıları için geçerlidir.",
+    "resourceEnableProxy": "Genel Proxy'i Etkinleştir",
+    "resourceEnableProxyDescription": "Bu kaynağa genel proxy erişimini etkinleştirin. Bu sayede ağ dışından açık bir port üzerinden kaynağa bulut aracılığıyla erişim sağlanır. Traefik yapılandırması gereklidir.",
+    "externalProxyEnabled": "Dış Proxy Etkinleştirildi",
+    "addNewTarget": "Yeni Hedef Ekle",
+    "targetsList": "Hedefler Listesi",
+    "advancedMode": "Gelişmiş Mod",
+    "targetErrorDuplicateTargetFound": "Yinelenen hedef bulundu",
+    "healthCheckHealthy": "Sağlıklı",
+    "healthCheckUnhealthy": "Sağlıksız",
+    "healthCheckUnknown": "Bilinmiyor",
+    "healthCheck": "Sağlık Kontrolü",
+    "configureHealthCheck": "Sağlık Kontrolünü Yapılandır",
+    "configureHealthCheckDescription": "{hedef} için sağlık izleme kurun",
+    "enableHealthChecks": "Sağlık Kontrollerini Etkinleştir",
+    "enableHealthChecksDescription": "Bu hedefin sağlığını izleyin. Gerekirse hedef dışındaki bir son noktayı izleyebilirsiniz.",
+    "healthScheme": "Yöntem",
+    "healthSelectScheme": "Yöntem Seç",
+    "healthCheckPath": "Yol",
+    "healthHostname": "IP / Hostname",
+    "healthPort": "Bağlantı Noktası",
+    "healthCheckPathDescription": "Sağlık durumunu kontrol etmek için yol.",
+    "healthyIntervalSeconds": "Sağlıklı Aralık",
+    "unhealthyIntervalSeconds": "Sağlıksız Aralık",
+    "IntervalSeconds": "Sağlıklı Aralık",
+    "timeoutSeconds": "Zaman Aşımı",
+    "timeIsInSeconds": "Zaman saniye cinsindendir",
+    "retryAttempts": "Tekrar Deneme Girişimleri",
+    "expectedResponseCodes": "Beklenen Yanıt Kodları",
+    "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",
+    "customHeaders": "Özel Başlıklar",
+    "customHeadersDescription": "Başlıklar yeni satırla ayrılmış: Başlık-Adı: değer",
+    "headersValidationError": "Başlıklar şu formatta olmalıdır: Başlık-Adı: değer.",
+    "saveHealthCheck": "Sağlık Kontrolünü Kaydet",
+    "healthCheckSaved": "Sağlık Kontrolü Kaydedildi",
+    "healthCheckSavedDescription": "Sağlık kontrol yapılandırması başarıyla kaydedildi",
+    "healthCheckError": "Sağlık Kontrol Hatası",
+    "healthCheckErrorDescription": "Sağlık kontrol yapılandırması kaydedilirken bir hata oluştu",
+    "healthCheckPathRequired": "Sağlık kontrol yolu gereklidir",
+    "healthCheckMethodRequired": "HTTP yöntemi gereklidir",
+    "healthCheckIntervalMin": "Kontrol aralığı en az 5 saniye olmalıdır",
+    "healthCheckTimeoutMin": "Zaman aşımı en az 1 saniye olmalıdır",
+    "healthCheckRetryMin": "Tekrar deneme girişimleri en az 1 olmalıdır",
+    "httpMethod": "HTTP Yöntemi",
+    "selectHttpMethod": "HTTP yöntemini seçin",
+    "domainPickerSubdomainLabel": "Alt Alan Adı",
+    "domainPickerBaseDomainLabel": "Temel Alan Adı",
+    "domainPickerSearchDomains": "Alan adlarını ara...",
+    "domainPickerNoDomainsFound": "Hiçbir alan adı bulunamadı",
+    "domainPickerLoadingDomains": "Alan adları yükleniyor...",
+    "domainPickerSelectBaseDomain": "Temel alan adını seçin...",
+    "domainPickerNotAvailableForCname": "CNAME alan adları için kullanılabilir değil",
+    "domainPickerEnterSubdomainOrLeaveBlank": "Alt alan adını girin veya temel alan adını kullanmak için boş bırakın.",
+    "domainPickerEnterSubdomainToSearch": "Mevcut ücretsiz alan adları arasından aramak ve seçmek için bir alt alan adı girin.",
+    "domainPickerFreeDomains": "Ücretsiz Alan Adları",
+    "domainPickerSearchForAvailableDomains": "Mevcut alan adlarını ara",
+    "domainPickerNotWorkSelfHosted": "Not: Ücretsiz sağlanan alan adları şu anda öz-host edilmiş örnekler için kullanılabilir değildir.",
+    "resourceDomain": "Alan Adı",
+    "resourceEditDomain": "Alan Adını Düzenle",
+    "siteName": "Site Adı",
+    "proxyPort": "Bağlantı Noktası",
+    "resourcesTableProxyResources": "Proxy Kaynaklar",
+    "resourcesTableClientResources": "İstemci Kaynaklar",
+    "resourcesTableNoProxyResourcesFound": "Hiçbir proxy kaynağı bulunamadı.",
+    "resourcesTableNoInternalResourcesFound": "Hiçbir dahili kaynak bulunamadı.",
+    "resourcesTableDestination": "Hedef",
+    "resourcesTableTheseResourcesForUseWith": "Bu kaynaklar ile kullanılmak için",
+    "resourcesTableClients": "İstemciler",
+    "resourcesTableAndOnlyAccessibleInternally": "veyalnızca bir istemci ile bağlandığında dahili olarak erişilebilir.",
+    "editInternalResourceDialogEditClientResource": "İstemci Kaynağı Düzenleyin",
+    "editInternalResourceDialogUpdateResourceProperties": "{resourceName} için kaynak özelliklerini ve hedef yapılandırmasını güncelleyin.",
+    "editInternalResourceDialogResourceProperties": "Kaynak Özellikleri",
+    "editInternalResourceDialogName": "Ad",
+    "editInternalResourceDialogProtocol": "Protokol",
+    "editInternalResourceDialogSitePort": "Site Bağlantı Noktası",
+    "editInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
+    "editInternalResourceDialogCancel": "İptal",
+    "editInternalResourceDialogSaveResource": "Kaynağı Kaydet",
+    "editInternalResourceDialogSuccess": "Başarı",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Dahili kaynak başarıyla güncellendi",
+    "editInternalResourceDialogError": "Hata",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "Dahili kaynak güncellenemedi",
+    "editInternalResourceDialogNameRequired": "Ad gerekli",
+    "editInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır",
+    "editInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır",
+    "editInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır",
+    "editInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı",
+    "editInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır",
+    "editInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır",
+    "createInternalResourceDialogNoSitesAvailable": "Site Bulunamadı",
+    "createInternalResourceDialogNoSitesAvailableDescription": "Dahili kaynak oluşturmak için en az bir Newt sitesine ve alt ağa sahip olmalısınız.",
+    "createInternalResourceDialogClose": "Kapat",
+    "createInternalResourceDialogCreateClientResource": "İstemci Kaynağı Oluştur",
+    "createInternalResourceDialogCreateClientResourceDescription": "Seçilen siteye bağlı istemciler için erişilebilir olacak yeni bir kaynak oluşturun.",
+    "createInternalResourceDialogResourceProperties": "Kaynak Özellikleri",
+    "createInternalResourceDialogName": "Ad",
+    "createInternalResourceDialogSite": "Site",
+    "createInternalResourceDialogSelectSite": "Site seç...",
+    "createInternalResourceDialogSearchSites": "Siteleri ara...",
+    "createInternalResourceDialogNoSitesFound": "Site bulunamadı.",
+    "createInternalResourceDialogProtocol": "Protokol",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "Site Bağlantı Noktası",
+    "createInternalResourceDialogSitePortDescription": "İstemci ile bağlanıldığında site üzerindeki kaynağa erişmek için bu bağlantı noktasını kullanın.",
+    "createInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
+    "createInternalResourceDialogDestinationIPDescription": "Kaynağın site ağındaki IP veya ana bilgisayar adresi.",
+    "createInternalResourceDialogDestinationPortDescription": "Kaynağa erişilebilecek hedef IP üzerindeki bağlantı noktası.",
+    "createInternalResourceDialogCancel": "İptal",
+    "createInternalResourceDialogCreateResource": "Kaynak Oluştur",
+    "createInternalResourceDialogSuccess": "Başarı",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Dahili kaynak başarıyla oluşturuldu",
+    "createInternalResourceDialogError": "Hata",
+    "createInternalResourceDialogFailedToCreateInternalResource": "Dahili kaynak oluşturulamadı",
+    "createInternalResourceDialogNameRequired": "Ad gerekli",
+    "createInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır",
+    "createInternalResourceDialogPleaseSelectSite": "Lütfen bir site seçin",
+    "createInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır",
+    "createInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır",
+    "createInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı",
+    "createInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır",
+    "createInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır",
+    "siteConfiguration": "Yapılandırma",
+    "siteAcceptClientConnections": "İstemci Bağlantılarını Kabul Et",
+    "siteAcceptClientConnectionsDescription": "Bu Newt örneğini bir geçit olarak kullanarak diğer cihazların bağlanmasına izin verin.",
+    "siteAddress": "Site Adresi",
+    "siteAddressDescription": "İstemcilerin bağlanması için hostun IP adresini belirtin. Bu, Pangolin ağındaki sitenin iç adresidir ve istemciler için atlas olmalıdır. Org alt ağına düşmelidir.",
+    "autoLoginExternalIdp": "Harici IDP ile Otomatik Giriş",
+    "autoLoginExternalIdpDescription": "Kullanıcıyı kimlik doğrulama için otomatik olarak harici IDP'ye yönlendirin.",
+    "selectIdp": "IDP Seç",
+    "selectIdpPlaceholder": "IDP seçin...",
+    "selectIdpRequired": "Otomatik giriş etkinleştirildiğinde lütfen bir IDP seçin.",
+    "autoLoginTitle": "Yönlendiriliyor",
+    "autoLoginDescription": "Kimlik doğrulama için harici kimlik sağlayıcıya yönlendiriliyorsunuz.",
+    "autoLoginProcessing": "Kimlik doğrulama hazırlanıyor...",
+    "autoLoginRedirecting": "Girişe yönlendiriliyorsunuz...",
+    "autoLoginError": "Otomatik Giriş Hatası",
+    "autoLoginErrorNoRedirectUrl": "Kimlik sağlayıcıdan yönlendirme URL'si alınamadı.",
+    "autoLoginErrorGeneratingUrl": "Kimlik doğrulama URL'si oluşturulamadı.",
+    "remoteExitNodeManageRemoteExitNodes": "Uzak Düğümler",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "Düğümler",
+    "searchRemoteExitNodes": "Düğüm ara...",
+    "remoteExitNodeAdd": "Düğüm Ekle",
+    "remoteExitNodeErrorDelete": "Düğüm silinirken hata oluştu",
+    "remoteExitNodeQuestionRemove": "{selectedNode} düğümünü organizasyondan kaldırmak istediğinizden emin misiniz?",
+    "remoteExitNodeMessageRemove": "Kaldırıldığında, düğüm artık erişilebilir olmayacaktır.",
+    "remoteExitNodeMessageConfirm": "Onaylamak için lütfen aşağıya düğümün adını yazın.",
+    "remoteExitNodeConfirmDelete": "Düğüm Silmeyi Onayla",
+    "remoteExitNodeDelete": "Düğümü Sil",
+    "sidebarRemoteExitNodes": "Uzak Düğümler",
+    "remoteExitNodeCreate": {
+        "title": "Düğüm Oluştur",
+        "description": "Ağ bağlantınızı genişletmek için yeni bir düğüm oluşturun",
+        "viewAllButton": "Tüm Düğümleri Gör",
+        "strategy": {
+            "title": "Oluşturma Stratejisi",
+            "description": "Düğümünüzü manuel olarak yapılandırmak veya yeni kimlik bilgileri oluşturmak için bunu seçin.",
+            "adopt": {
+                "title": "Düğüm Benimse",
+                "description": "Zaten düğüm için kimlik bilgilerine sahipseniz bunu seçin."
+            },
+            "generate": {
+                "title": "Anahtarları Oluştur",
+                "description": "Düğüm için yeni anahtarlar oluşturmak istiyorsanız bunu seçin"
+            }
+        },
+        "adopt": {
+            "title": "Mevcut Düğümü Benimse",
+            "description": "Adayacağınız mevcut düğümün kimlik bilgilerini girin",
+            "nodeIdLabel": "Düğüm ID",
+            "nodeIdDescription": "Adayacağınız mevcut düğümün ID'si",
+            "secretLabel": "Gizli",
+            "secretDescription": "Mevcut düğümün gizli anahtarı",
+            "submitButton": "Düğümü Benimse"
+        },
+        "generate": {
+            "title": "Oluşturulan Kimlik Bilgileri",
+            "description": "Düğümünüzü yapılandırmak için oluşturulan bu kimlik bilgilerini kullanın",
+            "nodeIdTitle": "Düğüm ID",
+            "secretTitle": "Gizli",
+            "saveCredentialsTitle": "Kimlik Bilgilerini Yapılandırmaya Ekle",
+            "saveCredentialsDescription": "Bağlantıyı tamamlamak için bu kimlik bilgilerini öz-host Pangolin düğüm yapılandırma dosyanıza ekleyin.",
+            "submitButton": "Düğüm Oluştur"
+        },
+        "validation": {
+            "adoptRequired": "Mevcut bir düğümü benimserken Düğüm ID ve Gizli anahtar gereklidir"
+        },
+        "errors": {
+            "loadDefaultsFailed": "Varsayılanlar yüklenemedi",
+            "defaultsNotLoaded": "Varsayılanlar yüklenmedi",
+            "createFailed": "Düğüm oluşturulamadı"
+        },
+        "success": {
+            "created": "Düğüm başarıyla oluşturuldu"
+        }
+    },
+    "remoteExitNodeSelection": "Düğüm Seçimi",
+    "remoteExitNodeSelectionDescription": "Yerel site için trafiği yönlendirecek düğümü seçin",
+    "remoteExitNodeRequired": "Yerel siteler için bir düğüm seçilmelidir",
+    "noRemoteExitNodesAvailable": "Düğüm Bulunamadı",
+    "noRemoteExitNodesAvailableDescription": "Bu organizasyon için düğüm mevcut değil. Yerel siteleri kullanmak için önce bir düğüm oluşturun.",
+    "exitNode": "Çıkış Düğümü",
+    "country": "Ülke",
+    "rulesMatchCountry": "Şu anda kaynak IP'ye dayanarak",
+    "managedSelfHosted": {
+        "title": "Yönetilen Self-Hosted",
+        "description": "Daha güvenilir ve düşük bakım gerektiren, ekstra özelliklere sahip kendi kendine barındırabileceğiniz Pangolin sunucusu",
+        "introTitle": "Yönetilen Kendi Kendine Barındırılan Pangolin",
+        "introDescription": "Bu, basitlik ve ekstra güvenilirlik arayan, ancak verilerini gizli tutmak ve kendi sunucularında barındırmak isteyen kişiler için tasarlanmış bir dağıtım seçeneğidir.",
+        "introDetail": "Bu seçenekle, kendi Pangolin düğümünüzü çalıştırmaya devam edersiniz — tünelleriniz, SSL bitişiniz ve trafiğiniz tamamen sunucunuzda kalır. Fark, yönetim ve izlemeyi bulut panomuz üzerinden gerçekleştiririz, bu da bir dizi avantaj sağlar:",
+        "benefitSimplerOperations": {
+            "title": "Daha basit işlemler",
+            "description": "Kendi e-posta sunucunuzu çalıştırmanıza veya karmaşık uyarılar kurmanıza gerek yok. Sağlık kontrolleri ve kesinti uyarılarını kutudan çıktığı gibi alırsınız."
+        },
+        "benefitAutomaticUpdates": {
+            "title": "Otomatik güncellemeler",
+            "description": "Bulut panosu hızla gelişir, böylece her seferinde yeni konteynerler manuel olarak çekmeden yeni özellikler ve hata düzeltmeleri alırsınız."
+        },
+        "benefitLessMaintenance": {
+            "title": "Daha az bakım",
+            "description": "Veritabanı geçişleri, yedeklemeler veya ekstra altyapı yönetimi yok. Biz bunu bulutta hallederiz."
+        },
+        "benefitCloudFailover": {
+            "title": "Bulut yedekleme",
+            "description": "Düğümünüz kapandığında, tünelleriniz geçici olarak bulut bağlantı noktalarımıza geçebilir, böylece tekrar çevrimiçi hale getirene kadar tünelleriniz kesintiye uğramaz."
+        },
+        "benefitHighAvailability": {
+            "title": "Yüksek kullanılabilirlik (Bağlantı Noktaları)",
+            "description": "Yedeklilik ve daha iyi performans için hesabınıza birden fazla düğüm bağlayabilirsiniz."
+        },
+        "benefitFutureEnhancements": {
+            "title": "Gelecek iyileştirmeler",
+            "description": "Dağıtımınızı daha sağlam hale getirmek amacıyla daha fazla analiz, uyarı ve yönetim aracı eklemeyi planlıyoruz."
+        },
+        "docsAlert": {
+            "text": "Yönetilen Kendi Kendine Barındırılan seçeneği hakkında daha fazla bilgi edinin",
+            "documentation": "dokümantasyon"
+        },
+        "convertButton": "Bu Düğümü Yönetilen Kendi Kendine Barındırma Dönüştürün"
+    },
+    "internationaldomaindetected": "Uluslararası Alan Adı Tespit Edildi",
+    "willbestoredas": "Şu şekilde depolanacak:",
+    "roleMappingDescription": "Otomatik Sağlama etkinleştirildiğinde kullanıcıların oturum açarken rollerin nasıl atandığını belirleyin.",
+    "selectRole": "Bir Rol Seçin",
+    "roleMappingExpression": "İfade",
+    "selectRolePlaceholder": "Bir rol seçin",
+    "selectRoleDescription": "Bu kimlik sağlayıcısından tüm kullanıcılara atanacak bir rol seçin",
+    "roleMappingExpressionDescription": "Rol bilgilerini ID tokeninden çıkarmak için bir JMESPath ifadesi girin",
+    "idpTenantIdRequired": "Kiracı Kimliği gereklidir",
+    "invalidValue": "Geçersiz değer",
+    "idpTypeLabel": "Kimlik Sağlayıcı Türü",
+    "roleMappingExpressionPlaceholder": "örn., contains(gruplar, 'yönetici') && 'Yönetici' || 'Üye'",
+    "idpGoogleConfiguration": "Google Yapılandırması",
+    "idpGoogleConfigurationDescription": "Google OAuth2 kimlik bilgilerinizi yapılandırın",
+    "idpGoogleClientIdDescription": "Google OAuth2 İstemci Kimliğiniz",
+    "idpGoogleClientSecretDescription": "Google OAuth2 İstemci Sırrınız",
+    "idpAzureConfiguration": "Azure Entra ID Yapılandırması",
+    "idpAzureConfigurationDescription": "Azure Entra ID OAuth2 kimlik bilgilerinizi yapılandırın",
+    "idpTenantId": "Kiracı Kimliği",
+    "idpTenantIdPlaceholder": "kiraci-kimliginiz",
+    "idpAzureTenantIdDescription": "Azure kiracı kimliğiniz (Azure Active Directory genel bakışında bulunur)",
+    "idpAzureClientIdDescription": "Azure Uygulama Kaydı İstemci Kimliğiniz",
+    "idpAzureClientSecretDescription": "Azure Uygulama Kaydı İstemci Sırrınız",
+    "idpGoogleTitle": "Google",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Google Yapılandırması",
+    "idpAzureConfigurationTitle": "Azure Entra ID Yapılandırması",
+    "idpTenantIdLabel": "Kiracı Kimliği",
+    "idpAzureClientIdDescription2": "Azure Uygulama Kaydı İstemci Kimliğiniz",
+    "idpAzureClientSecretDescription2": "Azure Uygulama Kaydı İstemci Sırrınız",
+    "idpGoogleDescription": "Google OAuth2/OIDC sağlayıcısı",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC sağlayıcısı",
+    "subnet": "Alt ağ",
+    "subnetDescription": "Bu organizasyonun ağ yapılandırması için alt ağ.",
+    "authPage": "Yetkilendirme Sayfası",
+    "authPageDescription": "Kuruluşunuz için yetkilendirme sayfasını yapılandırın",
+    "authPageDomain": "Yetkilendirme Sayfası Alanı",
+    "noDomainSet": "Alan belirlenmedi",
+    "changeDomain": "Alanı Değiştir",
+    "selectDomain": "Alan Seçin",
+    "restartCertificate": "Sertifikayı Yenile",
+    "editAuthPageDomain": "Yetkilendirme Sayfası Alanını Düzenle",
+    "setAuthPageDomain": "Yetkilendirme Sayfası Alanını Ayarla",
+    "failedToFetchCertificate": "Sertifika getirilemedi",
+    "failedToRestartCertificate": "Sertifika yeniden başlatılamadı",
+    "addDomainToEnableCustomAuthPages": "Kuruluşunuz için özel kimlik doğrulama sayfalarını etkinleştirmek için bir alan ekleyin",
+    "selectDomainForOrgAuthPage": "Kuruluşun kimlik doğrulama sayfası için bir alan seçin",
+    "domainPickerProvidedDomain": "Sağlanan Alan Adı",
+    "domainPickerFreeProvidedDomain": "Ücretsiz Sağlanan Alan Adı",
+    "domainPickerVerified": "Doğrulandı",
+    "domainPickerUnverified": "Doğrulanmadı",
+    "domainPickerInvalidSubdomainStructure": "Bu alt alan adı geçersiz karakterler veya yapı içeriyor. Kaydettiğinizde otomatik olarak temizlenecektir.",
+    "domainPickerError": "Hata",
+    "domainPickerErrorLoadDomains": "Organizasyon alan adları yüklenemedi",
+    "domainPickerErrorCheckAvailability": "Alan adı kullanılabilirliği kontrol edilemedi",
+    "domainPickerInvalidSubdomain": "Geçersiz alt alan adı",
+    "domainPickerInvalidSubdomainRemoved": "Girdi \"{sub}\" geçersiz olduğu için kaldırıldı.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" {domain} için geçerli yapılamadı.",
+    "domainPickerSubdomainSanitized": "Alt alan adı temizlendi",
+    "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi",
+    "orgAuthSignInTitle": "Kuruluşunuza giriş yapın",
+    "orgAuthChooseIdpDescription": "Devam etmek için kimlik sağlayıcınızı seçin",
+    "orgAuthNoIdpConfigured": "Bu kuruluşta yapılandırılmış kimlik sağlayıcı yok. Bunun yerine Pangolin kimliğinizle giriş yapabilirsiniz.",
+    "orgAuthSignInWithPangolin": "Pangolin ile Giriş Yap",
+    "subscriptionRequiredToUse": "Bu özelliği kullanmak için abonelik gerekmektedir.",
+    "idpDisabled": "Kimlik sağlayıcılar devre dışı bırakılmıştır.",
+    "orgAuthPageDisabled": "Kuruluş kimlik doğrulama sayfası devre dışı bırakılmıştır.",
+    "domainRestartedDescription": "Alan doğrulaması başarıyla yeniden başlatıldı",
+    "resourceAddEntrypointsEditFile": "Dosyayı düzenle: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Dosyayı düzenle: docker-compose.yml",
+    "emailVerificationRequired": "E-posta doğrulaması gereklidir. Bu adımı tamamlamak için lütfen tekrar {dashboardUrl}/auth/login üzerinden oturum açın. Sonra buraya geri dönün.",
+    "twoFactorSetupRequired": "İki faktörlü kimlik doğrulama ayarı gereklidir. Bu adımı tamamlamak için lütfen tekrar {dashboardUrl}/auth/login üzerinden oturum açın. Sonra buraya geri dönün.",
+    "authPageErrorUpdateMessage": "Kimlik doğrulama sayfası ayarları güncellenirken bir hata oluştu.",
+    "authPageUpdated": "Kimlik doğrulama sayfası başarıyla güncellendi",
+    "healthCheckNotAvailable": "Yerel",
+    "rewritePath": "Yolu Yeniden Yaz",
+    "rewritePathDescription": "Seçenek olarak hedefe iletmeden önce yolu yeniden yazın.",
+    "continueToApplication": "Uygulamaya Devam Et",
+    "checkingInvite": "Davet Kontrol Ediliyor",
+    "setResourceHeaderAuth": "setResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "Başlık Kimlik Doğrulama Kaldır",
+    "resourceHeaderAuthRemoveDescription": "Başlık kimlik doğrulama başarıyla kaldırıldı.",
+    "resourceErrorHeaderAuthRemove": "Başlık Kimlik Doğrulama kaldırılamadı",
+    "resourceErrorHeaderAuthRemoveDescription": "Kaynak için başlık kimlik doğrulaması kaldırılamadı.",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "Başlık Kimlik Doğrulama ayarlanamadı",
+    "resourceErrorHeaderAuthSetupDescription": "Kaynak için başlık kimlik doğrulaması ayarlanamadı.",
+    "resourceHeaderAuthSetup": "Başlık Kimlik Doğrulama başarıyla ayarlandı",
+    "resourceHeaderAuthSetupDescription": "Başlık kimlik doğrulaması başarıyla ayarlandı.",
+    "resourceHeaderAuthSetupTitle": "Başlık Kimlik Doğrulama Ayarla",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "Başlık Kimlik Doğrulama Ayarla",
+    "actionSetResourceHeaderAuth": "Başlık Kimlik Doğrulama Ayarla",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "Öncelik",
+    "priorityDescription": "Daha yüksek öncelikli rotalar önce değerlendirilir. Öncelik = 100, otomatik sıralama anlamına gelir (sistem karar verir). Manuel öncelik uygulamak için başka bir numara kullanın.",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

messages/zh-CN.json

@@ -59,7 +59,6 @@
     "siteErrorCreate": "创建站点出错",
     "siteErrorCreateKeyPair": "找不到密钥对或站点默认值",
     "siteErrorCreateDefaults": "未找到站点默认值",
-    "siteNameDescription": "这是站点的显示名称。",
     "method": "方法",
     "siteMethodDescription": "这是您将如何显示连接。",
     "siteLearnNewt": "学习如何在您的系统上安装 Newt",
@@ -95,7 +94,9 @@
     "siteNewtTunnelDescription": "最简单的方式来连接到您的网络。不需要任何额外设置。",
     "siteWg": "基本 WireGuard",
     "siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。",
+    "siteWgDescriptionSaas": "使用任何WireGuard客户端建立隧道。需要手动配置NAT。仅适用于自托管节点。",
     "siteLocalDescription": "仅限本地资源。不需要隧道。",
+    "siteLocalDescriptionSaas": "Local resources only. No tunneling. Only available on remote nodes.",
     "siteSeeAll": "查看所有站点",
     "siteTunnelDescription": "确定如何连接到您的网站",
     "siteNewtCredentials": "Newt 凭据",
@@ -167,7 +168,10 @@
     "siteSelect": "选择站点",
     "siteSearch": "搜索站点",
     "siteNotFound": "未找到站点。",
-    "siteSelectionDescription": "此站点将为资源提供连接。",
+    "selectCountry": "选择国家",
+    "searchCountries": "搜索国家...",
+    "noCountryFound": "找不到国家。",
+    "siteSelectionDescription": "此站点将为目标提供连接。",
     "resourceType": "资源类型",
     "resourceTypeDescription": "确定如何访问您的资源",
     "resourceHTTPSSettings": "HTTPS 设置",
@@ -198,11 +202,13 @@
     "general": "概览",
     "generalSettings": "常规设置",
     "proxy": "代理服务器",
+    "internal": "内部设置",
     "rules": "规则",
     "resourceSettingDescription": "配置您资源上的设置",
     "resourceSetting": "{resourceName} 设置",
     "alwaysAllow": "一律允许",
     "alwaysDeny": "一律拒绝",
+    "passToAuth": "传递至认证",
     "orgSettingsDescription": "配置您组织的一般设置",
     "orgGeneralSettings": "组织设置",
     "orgGeneralSettingsDescription": "管理您的机构详细信息和配置",
@@ -451,6 +457,8 @@
     "accessRoleErrorAddDescription": "添加用户到角色时出错。",
     "userSaved": "用户已保存",
     "userSavedDescription": "用户已更新。",
+    "autoProvisioned": "自动设置",
+    "autoProvisionedDescription": "允许此用户由身份提供商自动管理",
     "accessControlsDescription": "管理此用户在组织中可以访问和做什么",
     "accessControlsSubmit": "保存访问控制",
     "roles": "角色",
@@ -460,7 +468,10 @@
     "createdAt": "创建于",
     "proxyErrorInvalidHeader": "无效的自定义主机头值。使用域名格式，或将空保存为取消自定义主机头。",
     "proxyErrorTls": "无效的 TLS 服务器名称。使用域名格式，或保存空以删除 TLS 服务器名称。",
-    "proxyEnableSSL": "启用 SSL (https)",
+    "proxyEnableSSL": "启用 SSL",
+    "proxyEnableSSLDescription": "启用 SSL/TLS 加密以确保您目标的 HTTPS 连接。",
+    "target": "Target",
+    "configureTarget": "配置目标",
     "targetErrorFetch": "获取目标失败",
     "targetErrorFetchDescription": "获取目标时出错",
     "siteErrorFetch": "获取资源失败",
@@ -487,18 +498,30 @@
     "targetTlsSettings": "安全连接配置",
     "targetTlsSettingsDescription": "配置资源的 SSL/TLS 设置",
     "targetTlsSettingsAdvanced": "高级TLS设置",
-    "targetTlsSni": "TLS 服务器名称 (SNI)",
+    "targetTlsSni": "TLS 服务器名称",
     "targetTlsSniDescription": "SNI使用的 TLS 服务器名称。留空使用默认值。",
     "targetTlsSubmit": "保存设置",
     "targets": "目标配置",
-    "targetsDescription": "设置目标来路由流量到您的服务",
+    "targetsDescription": "设置目标来路由流量到您的后端服务",
     "targetStickySessions": "启用置顶会话",
     "targetStickySessionsDescription": "将连接保持在同一个后端目标的整个会话中。",
     "methodSelect": "选择方法",
     "targetSubmit": "添加目标",
-    "targetNoOne": "没有目标。使用表单添加目标。",
+    "targetNoOne": "此资源没有任何目标。添加目标来配置向您后端发送请求的位置。",
     "targetNoOneDescription": "在上面添加多个目标将启用负载平衡。",
     "targetsSubmit": "保存目标",
+    "addTarget": "添加目标",
+    "targetErrorInvalidIp": "无效的 IP 地址",
+    "targetErrorInvalidIpDescription": "请输入有效的IP地址或主机名",
+    "targetErrorInvalidPort": "无效的端口",
+    "targetErrorInvalidPortDescription": "请输入有效的端口号",
+    "targetErrorNoSite": "没有选择站点",
+    "targetErrorNoSiteDescription": "请选择目标站点",
+    "targetCreated": "目标已创建",
+    "targetCreatedDescription": "目标已成功创建",
+    "targetErrorCreate": "创建目标失败",
+    "targetErrorCreateDescription": "创建目标时出错",
+    "save": "保存",
     "proxyAdditional": "附加代理设置",
     "proxyAdditionalDescription": "配置你的资源如何处理代理设置",
     "proxyCustomHeader": "自定义主机标题",
@@ -508,6 +531,7 @@
     "ipAddressErrorInvalidFormat": "无效的 IP 地址格式",
     "ipAddressErrorInvalidOctet": "无效的 IP 地址",
     "path": "路径",
+    "matchPath": "匹配路径",
     "ipAddressRange": "IP 范围",
     "rulesErrorFetch": "获取规则失败",
     "rulesErrorFetchDescription": "获取规则时出错",
@@ -543,6 +567,7 @@
     "rulesActions": "行动",
     "rulesActionAlwaysAllow": "总是允许：绕过所有身份验证方法",
     "rulesActionAlwaysDeny": "总是拒绝：阻止所有请求；无法尝试验证",
+    "rulesActionPassToAuth": "传递至认证：允许尝试身份验证方法",
     "rulesMatchCriteria": "匹配条件",
     "rulesMatchCriteriaIpAddress": "匹配一个指定的 IP 地址",
     "rulesMatchCriteriaIpAddressRange": "在 CIDR 符号中匹配一系列IP地址",
@@ -588,7 +613,7 @@
     "newtErrorFetchReleases": "无法获取版本信息: {err}",
     "newtErrorFetchLatest": "无法获取最新版信息: {err}",
     "newtEndpoint": "Newt 端点",
-    "newtId": "Newt ID",
+    "newtId": "Newt  ID",
     "newtSecretKey": "Newt 私钥",
     "architecture": "架构",
     "sites": "站点",
@@ -705,7 +730,7 @@
     "pangolinServerAdmin": "服务器管理员 - Pangolin",
     "licenseTierProfessional": "专业许可证",
     "licenseTierEnterprise": "企业许可证",
-    "licenseTierCommercial": "商业许可证",
+    "licenseTierPersonal": "Personal License",
     "licensed": "已授权",
     "yes": "是",
     "no": "否",
@@ -740,7 +765,7 @@
     "idpDisplayName": "此身份提供商的显示名称",
     "idpAutoProvisionUsers": "自动提供用户",
     "idpAutoProvisionUsersDescription": "如果启用，用户将在首次登录时自动在系统中创建，并且能够映射用户到角色和组织。",
-    "licenseBadge": "专业版",
+    "licenseBadge": "EE",
     "idpType": "提供者类型",
     "idpTypeDescription": "选择您想要配置的身份提供者类型",
     "idpOidcConfigure": "OAuth2/OIDC 配置",
@@ -834,6 +859,24 @@
     "pincodeRequirementsLength": "PIN码必须是6位数字",
     "pincodeRequirementsChars": "PIN 必须只包含数字",
     "passwordRequirementsLength": "密码必须至少 1 个字符长",
+    "passwordRequirementsTitle": "密码要求：",
+    "passwordRequirementLength": "至少8个字符长",
+    "passwordRequirementUppercase": "至少一个大写字母",
+    "passwordRequirementLowercase": "至少一个小写字母",
+    "passwordRequirementNumber": "至少一个数字",
+    "passwordRequirementSpecial": "至少一个特殊字符",
+    "passwordRequirementsMet": "✓ 密码满足所有要求",
+    "passwordStrength": "密码强度",
+    "passwordStrengthWeak": "弱",
+    "passwordStrengthMedium": "中",
+    "passwordStrengthStrong": "强",
+    "passwordRequirements": "要求：",
+    "passwordRequirementLengthText": "8+ 个字符",
+    "passwordRequirementUppercaseText": "大写字母 (A-Z)",
+    "passwordRequirementLowercaseText": "小写字母 (a-z)",
+    "passwordRequirementNumberText": "数字 (0-9)",
+    "passwordRequirementSpecialText": "特殊字符 (!@#$%...)",
+    "passwordsDoNotMatch": "密码不匹配",
     "otpEmailRequirementsLength": "OTP 必须至少 1 个字符长",
     "otpEmailSent": "OTP 已发送",
     "otpEmailSentDescription": "OTP 已经发送到您的电子邮件",
@@ -953,12 +996,15 @@
     "logoutError": "注销错误",
     "signingAs": "登录为",
     "serverAdmin": "服务器管理员",
+    "managedSelfhosted": "托管自托管",
     "otpEnable": "启用双因子认证",
     "otpDisable": "禁用双因子认证",
     "logout": "登出",
     "licenseTierProfessionalRequired": "需要专业版",
     "licenseTierProfessionalRequiredDescription": "此功能仅在专业版可用。",
     "actionGetOrg": "获取组织",
+    "updateOrgUser": "更新组织用户",
+    "createOrgUser": "创建组织用户",
     "actionUpdateOrg": "更新组织",
     "actionUpdateUser": "更新用户",
     "actionGetUser": "获取用户",
@@ -968,6 +1014,10 @@
     "actionDeleteSite": "删除站点",
     "actionGetSite": "获取站点",
     "actionListSites": "站点列表",
+    "actionApplyBlueprint": "应用蓝图",
+    "setupToken": "设置令牌",
+    "setupTokenDescription": "从服务器控制台输入设置令牌。",
+    "setupTokenRequired": "需要设置令牌",
     "actionUpdateSite": "更新站点",
     "actionListSiteRoles": "允许站点角色列表",
     "actionCreateResource": "创建资源",
@@ -1023,6 +1073,17 @@
     "actionDeleteIdpOrg": "删除 IDP组织策略",
     "actionListIdpOrgs": "列出 IDP组织",
     "actionUpdateIdpOrg": "更新 IDP组织",
+    "actionCreateClient": "创建客户端",
+    "actionDeleteClient": "删除客户端",
+    "actionUpdateClient": "更新客户端",
+    "actionListClients": "列出客户端",
+    "actionGetClient": "获取客户端",
+    "actionCreateSiteResource": "创建站点资源",
+    "actionDeleteSiteResource": "删除站点资源",
+    "actionGetSiteResource": "获取站点资源",
+    "actionListSiteResources": "列出站点资源",
+    "actionUpdateSiteResource": "更新站点资源",
+    "actionListInvitations": "邀请列表",
     "noneSelected": "未选择",
     "orgNotFound2": "未找到组织。",
     "searchProgress": "搜索中...",
@@ -1038,7 +1099,6 @@
     "navbar": "导航菜单",
     "navbarDescription": "应用程序的主导航菜单",
     "navbarDocsLink": "文件",
-    "commercialEdition": "商业版",
     "otpErrorEnable": "无法启用 2FA",
     "otpErrorEnableDescription": "启用 2FA 时出错",
     "otpSetupCheckCode": "请输入您的6位数字代码",
@@ -1094,10 +1154,10 @@
     "sidebarAllUsers": "所有用户",
     "sidebarIdentityProviders": "身份提供商",
     "sidebarLicense": "证书",
-    "sidebarClients": "客户",
+    "sidebarClients": "Clients",
     "sidebarDomains": "域",
-    "enableDockerSocket": "启用停靠套接字",
-    "enableDockerSocketDescription": "启用 Docker Socket 发现以填充容器信息。必须向 Newt 提供 Socket 路径。",
+    "enableDockerSocket": "启用 Docker 蓝图",
+    "enableDockerSocketDescription": "启用 Docker Socket 标签擦除蓝图标签。套接字路径必须提供给新的。",
     "enableDockerSocketLink": "了解更多",
     "viewDockerContainers": "查看停靠容器",
     "containersIn": "{siteName} 中的容器",
@@ -1110,7 +1170,7 @@
     "containerLabels": "标签",
     "containerLabelsCount": "{count, plural, other {# 标签}}",
     "containerLabelsTitle": "容器标签",
-    "containerLabelEmpty": "<empty>",
+    "containerLabelEmpty": "<为空>",
     "containerPorts": "端口",
     "containerPortsMore": "+{count} 更多",
     "containerActions": "行动",
@@ -1162,7 +1222,7 @@
     "selectDomainTypeCnameName": "单个域（CNAME）",
     "selectDomainTypeCnameDescription": "仅此特定域。用于单个子域或特定域条目。",
     "selectDomainTypeWildcardName": "通配符域",
-    "selectDomainTypeWildcardDescription": "此域及其第一级子域。",
+    "selectDomainTypeWildcardDescription": "此域名及其子域名。",
     "domainDelegation": "单个域",
     "selectType": "选择一个类型",
     "actions": "操作",
@@ -1196,8 +1256,8 @@
     "sidebarExpand": "展开",
     "newtUpdateAvailable": "更新可用",
     "newtUpdateAvailableInfo": "新版本的 Newt 已可用。请更新到最新版本以获得最佳体验。",
-    "domainPickerEnterDomain": "输入您的域",
-    "domainPickerPlaceholder": "myapp.example.com、api.v1.mydomain.com 或仅 myapp",
+    "domainPickerEnterDomain": "域名",
+    "domainPickerPlaceholder": "example.com",
     "domainPickerDescription": "输入资源的完整域名以查看可用选项。",
     "domainPickerDescriptionSaas": "输入完整域名、子域或名称以查看可用选项。",
     "domainPickerTabAll": "所有",
@@ -1206,12 +1266,54 @@
     "domainPickerSortAsc": "A-Z",
     "domainPickerSortDesc": "Z-A",
     "domainPickerCheckingAvailability": "检查可用性...",
-    "domainPickerNoMatchingDomains": "未找到 \"{userInput}\" 的匹配域。尝试其他域或检查您组织的域设置。",
+    "domainPickerNoMatchingDomains": "未找到匹配的域名。尝试不同的域名或检查您组织的域名设置。",
     "domainPickerOrganizationDomains": "组织域",
     "domainPickerProvidedDomains": "提供的域",
     "domainPickerSubdomain": "子域：{subdomain}",
     "domainPickerNamespace": "命名空间：{namespace}",
     "domainPickerShowMore": "显示更多",
+    "regionSelectorTitle": "选择区域",
+    "regionSelectorInfo": "选择区域以帮助提升您所在地的性能。您不必与服务器在相同的区域。",
+    "regionSelectorPlaceholder": "选择一个区域",
+    "regionSelectorComingSoon": "即将推出",
+    "billingLoadingSubscription": "正在加载订阅...",
+    "billingFreeTier": "免费层",
+    "billingWarningOverLimit": "警告：您已超出一个或多个使用限制。在您修改订阅或调整使用情况之前，您的站点将无法连接。",
+    "billingUsageLimitsOverview": "使用限制概览",
+    "billingMonitorUsage": "监控您的使用情况以对比已配置的限制。如需提高限制请联系我们 support@pangolin.net。",
+    "billingDataUsage": "数据使用情况",
+    "billingOnlineTime": "站点在线时间",
+    "billingUsers": "活跃用户",
+    "billingDomains": "活跃域",
+    "billingRemoteExitNodes": "活跃自托管节点",
+    "billingNoLimitConfigured": "未配置限制",
+    "billingEstimatedPeriod": "估计结算周期",
+    "billingIncludedUsage": "包含的使用量",
+    "billingIncludedUsageDescription": "您当前订阅计划中包含的使用量",
+    "billingFreeTierIncludedUsage": "免费层使用额度",
+    "billingIncluded": "包含",
+    "billingEstimatedTotal": "预计总额：",
+    "billingNotes": "备注",
+    "billingEstimateNote": "这是根据您当前使用情况的估算。",
+    "billingActualChargesMayVary": "实际费用可能会有变化。",
+    "billingBilledAtEnd": "您将在结算周期结束时被计费。",
+    "billingModifySubscription": "修改订阅",
+    "billingStartSubscription": "开始订阅",
+    "billingRecurringCharge": "周期性收费",
+    "billingManageSubscriptionSettings": "管理您的订阅设置和偏好",
+    "billingNoActiveSubscription": "您没有活跃的订阅。开始订阅以增加使用限制。",
+    "billingFailedToLoadSubscription": "无法加载订阅",
+    "billingFailedToLoadUsage": "无法加载使用情况",
+    "billingFailedToGetCheckoutUrl": "无法获取结账网址",
+    "billingPleaseTryAgainLater": "请稍后再试。",
+    "billingCheckoutError": "结账错误",
+    "billingFailedToGetPortalUrl": "无法获取门户网址",
+    "billingPortalError": "门户错误",
+    "billingDataUsageInfo": "当连接到云端时，您将为通过安全隧道传输的所有数据收取费用。 这包括您所有站点的进出流量。 当您达到上限时，您的站点将断开连接，直到您升级计划或减少使用。使用节点时不收取数据。",
+    "billingOnlineTimeInfo": "您要根据您的网站连接到云端的时间长短收取费用。 例如，44,640分钟等于一个24/7全月运行的网站。 当您达到上限时，您的站点将断开连接，直到您升级计划或减少使用。使用节点时不收取费用。",
+    "billingUsersInfo": "根据您组织中的活跃用户数量收费。按日计算账单。",
+    "billingDomainInfo": "根据组织中活跃域的数量收费。按日计算账单。",
+    "billingRemoteExitNodesInfo": "根据您组织中已管理节点的数量收费。按日计算账单。",
     "domainNotFound": "域未找到",
     "domainNotFoundDescription": "此资源已禁用，因为该域不再在我们的系统中存在。请为此资源设置一个新域。",
     "failed": "失败",
@@ -1245,7 +1347,6 @@
     "twoFactorRequired": "注册安全密钥需要两步验证。",
     "twoFactor": "两步验证",
     "adminEnabled2FaOnYourAccount": "管理员已为{email}启用两步验证。请完成设置以继续。",
-    "continueToApplication": "继续到应用程序",
     "securityKeyAdd": "添加安全密钥",
     "securityKeyRegisterTitle": "注册新安全密钥",
     "securityKeyRegisterDescription": "连接您的安全密钥并输入名称以便识别",
@@ -1266,6 +1367,7 @@
     "createDomainName": "名称:",
     "createDomainValue": "值:",
     "createDomainCnameRecords": "CNAME 记录",
+    "createDomainARecords": "A记录",
     "createDomainRecordNumber": "记录 {number}",
     "createDomainTxtRecords": "TXT 记录",
     "createDomainSaveTheseRecords": "保存这些记录",
@@ -1273,5 +1375,523 @@
     "createDomainDnsPropagation": "DNS 传播",
     "createDomainDnsPropagationDescription": "DNS 更改可能需要一些时间才能在互联网上传播。这可能需要从几分钟到 48 小时，具体取决于您的 DNS 提供商和 TTL 设置。",
     "resourcePortRequired": "非 HTTP 资源必须输入端口号",
-    "resourcePortNotAllowed": "HTTP 资源不应设置端口号"
+    "resourcePortNotAllowed": "HTTP 资源不应设置端口号",
+    "billingPricingCalculatorLink": "价格计算器",
+    "signUpTerms": {
+        "IAgreeToThe": "我同意",
+        "termsOfService": "服务条款",
+        "and": "和",
+        "privacyPolicy": "隐私政策"
+    },
+    "siteRequired": "需要站点。",
+    "olmTunnel": "Olm 隧道",
+    "olmTunnelDescription": "使用 Olm 进行客户端连接",
+    "errorCreatingClient": "创建客户端出错",
+    "clientDefaultsNotFound": "未找到客户端默认值",
+    "createClient": "创建客户端",
+    "createClientDescription": "创建一个新客户端来连接您的站点",
+    "seeAllClients": "查看所有客户端",
+    "clientInformation": "客户端信息",
+    "clientNamePlaceholder": "客户端名称",
+    "address": "地址",
+    "subnetPlaceholder": "子网",
+    "addressDescription": "此客户端将用于连接的地址",
+    "selectSites": "选择站点",
+    "sitesDescription": "客户端将与所选站点进行连接",
+    "clientInstallOlm": "安装 Olm",
+    "clientInstallOlmDescription": "在您的系统上运行 Olm",
+    "clientOlmCredentials": "Olm 凭据",
+    "clientOlmCredentialsDescription": "这是 Olm 服务器的身份验证方式",
+    "olmEndpoint": "Olm 端点",
+    "olmId": "Olm  ID",
+    "olmSecretKey": "Olm 私钥",
+    "clientCredentialsSave": "保存您的凭据",
+    "clientCredentialsSaveDescription": "该信息仅会显示一次，请确保将其复制到安全位置。",
+    "generalSettingsDescription": "配置此客户端的常规设置",
+    "clientUpdated": "客户端已更新",
+    "clientUpdatedDescription": "客户端已更新。",
+    "clientUpdateFailed": "更新客户端失败",
+    "clientUpdateError": "更新客户端时出错。",
+    "sitesFetchFailed": "获取站点失败",
+    "sitesFetchError": "获取站点时出错。",
+    "olmErrorFetchReleases": "获取 Olm 发布版本时出错。",
+    "olmErrorFetchLatest": "获取最新 Olm 发布版本时出错。",
+    "remoteSubnets": "远程子网",
+    "enterCidrRange": "输入 CIDR 范围",
+    "remoteSubnetsDescription": "添加可以通过客户端远程访问该站点的CIDR范围。使用类似10.0.0.0/24的格式。这仅适用于VPN客户端连接。",
+    "resourceEnableProxy": "启用公共代理",
+    "resourceEnableProxyDescription": "启用到此资源的公共代理。这允许外部网络通过开放端口访问资源。需要 Traefik 配置。",
+    "externalProxyEnabled": "外部代理已启用",
+    "addNewTarget": "添加新目标",
+    "targetsList": "目标列表",
+    "advancedMode": "高级模式",
+    "targetErrorDuplicateTargetFound": "找到重复的目标",
+    "healthCheckHealthy": "正常",
+    "healthCheckUnhealthy": "不正常",
+    "healthCheckUnknown": "未知",
+    "healthCheck": "健康检查",
+    "configureHealthCheck": "配置健康检查",
+    "configureHealthCheckDescription": "为 {target} 设置健康监控",
+    "enableHealthChecks": "启用健康检查",
+    "enableHealthChecksDescription": "监视此目标的健康状况。如果需要，您可以监视一个不同的终点。",
+    "healthScheme": "方法",
+    "healthSelectScheme": "选择方法",
+    "healthCheckPath": "路径",
+    "healthHostname": "IP / 主机",
+    "healthPort": "端口",
+    "healthCheckPathDescription": "用于检查健康状态的路径。",
+    "healthyIntervalSeconds": "正常间隔",
+    "unhealthyIntervalSeconds": "不正常间隔",
+    "IntervalSeconds": "正常间隔",
+    "timeoutSeconds": "超时",
+    "timeIsInSeconds": "时间以秒为单位",
+    "retryAttempts": "重试次数",
+    "expectedResponseCodes": "期望响应代码",
+    "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",
+    "customHeaders": "自定义标题",
+    "customHeadersDescription": "头部新行分隔：头部名称：值",
+    "headersValidationError": "头部必须是格式：头部名称：值。",
+    "saveHealthCheck": "保存健康检查",
+    "healthCheckSaved": "健康检查已保存",
+    "healthCheckSavedDescription": "健康检查配置已成功保存。",
+    "healthCheckError": "健康检查错误",
+    "healthCheckErrorDescription": "保存健康检查配置时出错",
+    "healthCheckPathRequired": "健康检查路径为必填项",
+    "healthCheckMethodRequired": "HTTP 方法为必填项",
+    "healthCheckIntervalMin": "检查间隔必须至少为 5 秒",
+    "healthCheckTimeoutMin": "超时必须至少为 1 秒",
+    "healthCheckRetryMin": "重试次数必须至少为 1 次",
+    "httpMethod": "HTTP 方法",
+    "selectHttpMethod": "选择 HTTP 方法",
+    "domainPickerSubdomainLabel": "子域名",
+    "domainPickerBaseDomainLabel": "根域名",
+    "domainPickerSearchDomains": "搜索域名...",
+    "domainPickerNoDomainsFound": "未找到域名",
+    "domainPickerLoadingDomains": "加载域名...",
+    "domainPickerSelectBaseDomain": "选择根域名...",
+    "domainPickerNotAvailableForCname": "不适用于CNAME域",
+    "domainPickerEnterSubdomainOrLeaveBlank": "输入子域名或留空以使用根域名。",
+    "domainPickerEnterSubdomainToSearch": "输入一个子域名以搜索并从可用免费域名中选择。",
+    "domainPickerFreeDomains": "免费域名",
+    "domainPickerSearchForAvailableDomains": "搜索可用域名",
+    "domainPickerNotWorkSelfHosted": "注意：自托管实例当前不提供免费的域名。",
+    "resourceDomain": "域名",
+    "resourceEditDomain": "编辑域名",
+    "siteName": "站点名称",
+    "proxyPort": "端口",
+    "resourcesTableProxyResources": "代理资源",
+    "resourcesTableClientResources": "客户端资源",
+    "resourcesTableNoProxyResourcesFound": "未找到代理资源。",
+    "resourcesTableNoInternalResourcesFound": "未找到内部资源。",
+    "resourcesTableDestination": "目标",
+    "resourcesTableTheseResourcesForUseWith": "这些资源供...使用",
+    "resourcesTableClients": "客户端",
+    "resourcesTableAndOnlyAccessibleInternally": "且仅在与客户端连接时可内部访问。",
+    "editInternalResourceDialogEditClientResource": "编辑客户端资源",
+    "editInternalResourceDialogUpdateResourceProperties": "更新{resourceName}的资源属性和目标配置。",
+    "editInternalResourceDialogResourceProperties": "资源属性",
+    "editInternalResourceDialogName": "名称",
+    "editInternalResourceDialogProtocol": "协议",
+    "editInternalResourceDialogSitePort": "站点端口",
+    "editInternalResourceDialogTargetConfiguration": "目标配置",
+    "editInternalResourceDialogCancel": "取消",
+    "editInternalResourceDialogSaveResource": "保存资源",
+    "editInternalResourceDialogSuccess": "成功",
+    "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "内部资源更新成功",
+    "editInternalResourceDialogError": "错误",
+    "editInternalResourceDialogFailedToUpdateInternalResource": "更新内部资源失败",
+    "editInternalResourceDialogNameRequired": "名称为必填项",
+    "editInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符",
+    "editInternalResourceDialogProxyPortMin": "代理端口必须至少为1",
+    "editInternalResourceDialogProxyPortMax": "代理端口必须小于65536",
+    "editInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式",
+    "editInternalResourceDialogDestinationPortMin": "目标端口必须至少为1",
+    "editInternalResourceDialogDestinationPortMax": "目标端口必须小于65536",
+    "createInternalResourceDialogNoSitesAvailable": "暂无可用站点",
+    "createInternalResourceDialogNoSitesAvailableDescription": "您需要至少配置一个子网的Newt站点来创建内部资源。",
+    "createInternalResourceDialogClose": "关闭",
+    "createInternalResourceDialogCreateClientResource": "创建客户端资源",
+    "createInternalResourceDialogCreateClientResourceDescription": "创建一个新资源，该资源将可供连接到所选站点的客户端访问。",
+    "createInternalResourceDialogResourceProperties": "资源属性",
+    "createInternalResourceDialogName": "名称",
+    "createInternalResourceDialogSite": "站点",
+    "createInternalResourceDialogSelectSite": "选择站点...",
+    "createInternalResourceDialogSearchSites": "搜索站点...",
+    "createInternalResourceDialogNoSitesFound": "未找到站点。",
+    "createInternalResourceDialogProtocol": "协议",
+    "createInternalResourceDialogTcp": "TCP",
+    "createInternalResourceDialogUdp": "UDP",
+    "createInternalResourceDialogSitePort": "站点端口",
+    "createInternalResourceDialogSitePortDescription": "使用此端口在连接到客户端时访问站点上的资源。",
+    "createInternalResourceDialogTargetConfiguration": "目标配置",
+    "createInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP或主机名地址。",
+    "createInternalResourceDialogDestinationPortDescription": "资源在目标IP上可访问的端口。",
+    "createInternalResourceDialogCancel": "取消",
+    "createInternalResourceDialogCreateResource": "创建资源",
+    "createInternalResourceDialogSuccess": "成功",
+    "createInternalResourceDialogInternalResourceCreatedSuccessfully": "内部资源创建成功",
+    "createInternalResourceDialogError": "错误",
+    "createInternalResourceDialogFailedToCreateInternalResource": "创建内部资源失败",
+    "createInternalResourceDialogNameRequired": "名称为必填项",
+    "createInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符",
+    "createInternalResourceDialogPleaseSelectSite": "请选择一个站点",
+    "createInternalResourceDialogProxyPortMin": "代理端口必须至少为1",
+    "createInternalResourceDialogProxyPortMax": "代理端口必须小于65536",
+    "createInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式",
+    "createInternalResourceDialogDestinationPortMin": "目标端口必须至少为1",
+    "createInternalResourceDialogDestinationPortMax": "目标端口必须小于65536",
+    "siteConfiguration": "配置",
+    "siteAcceptClientConnections": "接受客户端连接",
+    "siteAcceptClientConnectionsDescription": "允许其他设备通过此Newt实例使用客户端作为网关连接。",
+    "siteAddress": "站点地址",
+    "siteAddressDescription": "指定主机的IP地址以供客户端连接。这是Pangolin网络中站点的内部地址，供客户端访问。必须在Org子网内。",
+    "autoLoginExternalIdp": "自动使用外部IDP登录",
+    "autoLoginExternalIdpDescription": "立即将用户重定向到外部IDP进行身份验证。",
+    "selectIdp": "选择IDP",
+    "selectIdpPlaceholder": "选择一个IDP...",
+    "selectIdpRequired": "在启用自动登录时，请选择一个IDP。",
+    "autoLoginTitle": "重定向中",
+    "autoLoginDescription": "正在将您重定向到外部身份提供商进行身份验证。",
+    "autoLoginProcessing": "准备身份验证...",
+    "autoLoginRedirecting": "重定向到登录...",
+    "autoLoginError": "自动登录错误",
+    "autoLoginErrorNoRedirectUrl": "未从身份提供商收到重定向URL。",
+    "autoLoginErrorGeneratingUrl": "生成身份验证URL失败。",
+    "remoteExitNodeManageRemoteExitNodes": "远程节点",
+    "remoteExitNodeDescription": "Self-host one or more remote nodes to extend your network connectivity and reduce reliance on the cloud",
+    "remoteExitNodes": "节点",
+    "searchRemoteExitNodes": "搜索节点...",
+    "remoteExitNodeAdd": "添加节点",
+    "remoteExitNodeErrorDelete": "删除节点时出错",
+    "remoteExitNodeQuestionRemove": "您确定要从组织中删除 {selectedNode} 节点吗？",
+    "remoteExitNodeMessageRemove": "一旦删除，该节点将不再能够访问。",
+    "remoteExitNodeMessageConfirm": "要确认，请输入以下节点的名称。",
+    "remoteExitNodeConfirmDelete": "确认删除节点",
+    "remoteExitNodeDelete": "删除节点",
+    "sidebarRemoteExitNodes": "远程节点",
+    "remoteExitNodeCreate": {
+        "title": "创建节点",
+        "description": "创建一个新节点来扩展您的网络连接",
+        "viewAllButton": "查看所有节点",
+        "strategy": {
+            "title": "创建策略",
+            "description": "选择此选项以手动配置您的节点或生成新凭据。",
+            "adopt": {
+                "title": "采纳节点",
+                "description": "如果您已经拥有该节点的凭据，请选择此项。"
+            },
+            "generate": {
+                "title": "生成密钥",
+                "description": "如果您想为节点生成新密钥，请选择此选项"
+            }
+        },
+        "adopt": {
+            "title": "采纳现有节点",
+            "description": "输入您想要采用的现有节点的凭据",
+            "nodeIdLabel": "节点 ID",
+            "nodeIdDescription": "您想要采用的现有节点的 ID",
+            "secretLabel": "密钥",
+            "secretDescription": "现有节点的秘密密钥",
+            "submitButton": "采用节点"
+        },
+        "generate": {
+            "title": "生成的凭据",
+            "description": "使用这些生成的凭据来配置您的节点",
+            "nodeIdTitle": "节点 ID",
+            "secretTitle": "密钥",
+            "saveCredentialsTitle": "将凭据添加到配置中",
+            "saveCredentialsDescription": "将这些凭据添加到您的自托管 Pangolin 节点配置文件中以完成连接。",
+            "submitButton": "创建节点"
+        },
+        "validation": {
+            "adoptRequired": "在通过现有节点时需要节点ID和密钥"
+        },
+        "errors": {
+            "loadDefaultsFailed": "无法加载默认值",
+            "defaultsNotLoaded": "默认值未加载",
+            "createFailed": "创建节点失败"
+        },
+        "success": {
+            "created": "节点创建成功"
+        }
+    },
+    "remoteExitNodeSelection": "节点选择",
+    "remoteExitNodeSelectionDescription": "为此本地站点选择要路由流量的节点",
+    "remoteExitNodeRequired": "必须为本地站点选择节点",
+    "noRemoteExitNodesAvailable": "无可用节点",
+    "noRemoteExitNodesAvailableDescription": "此组织没有可用的节点。首先创建一个节点来使用本地站点。",
+    "exitNode": "出口节点",
+    "country": "国家",
+    "rulesMatchCountry": "当前基于源 IP",
+    "managedSelfHosted": {
+        "title": "托管自托管",
+        "description": "更可靠和低维护自我托管的 Pangolin 服务器，带有额外的铃声和告密器",
+        "introTitle": "托管自托管的潘戈林公司",
+        "introDescription": "这是一种部署选择，为那些希望简洁和额外可靠的人设计，同时仍然保持他们的数据的私密性和自我托管性。",
+        "introDetail": "通过此选项，您仍然运行您自己的 Pangolin 节点 — — 您的隧道、SSL 终止，并且流量在您的服务器上保持所有状态。 不同之处在于，管理和监测是通过我们的云层仪表板进行的，该仪表板开启了一些好处：",
+        "benefitSimplerOperations": {
+            "title": "简单的操作",
+            "description": "无需运行您自己的邮件服务器或设置复杂的警报。您将从方框中获得健康检查和下限提醒。"
+        },
+        "benefitAutomaticUpdates": {
+            "title": "自动更新",
+            "description": "云仪表盘快速演化，所以您可以获得新的功能和错误修复，而不必每次手动拉取新的容器。"
+        },
+        "benefitLessMaintenance": {
+            "title": "减少维护时间",
+            "description": "没有要管理的数据库迁移、备份或额外的基础设施。我们在云端处理这个问题。"
+        },
+        "benefitCloudFailover": {
+            "title": "云失败",
+            "description": "如果您的节点被关闭，您的隧道可能暂时无法连接到我们的云端，直到您将其重新连接上线。"
+        },
+        "benefitHighAvailability": {
+            "title": "高可用率(PoPs)",
+            "description": "您还可以将多个节点添加到您的帐户中以获取冗余和更好的性能。"
+        },
+        "benefitFutureEnhancements": {
+            "title": "将来的改进",
+            "description": "我们正在计划添加更多的分析、警报和管理工具，使你的部署更加有力。"
+        },
+        "docsAlert": {
+            "text": "在我们中更多地了解管理下的自托管选项",
+            "documentation": "文档"
+        },
+        "convertButton": "将此节点转换为管理自托管的"
+    },
+    "internationaldomaindetected": "检测到国际域",
+    "willbestoredas": "储存为：",
+    "roleMappingDescription": "确定当用户启用自动配送时如何分配他们的角色。",
+    "selectRole": "选择角色",
+    "roleMappingExpression": "表达式",
+    "selectRolePlaceholder": "选择角色",
+    "selectRoleDescription": "选择一个角色，从此身份提供商分配给所有用户",
+    "roleMappingExpressionDescription": "输入一个 JMESPath 表达式来从 ID 令牌提取角色信息",
+    "idpTenantIdRequired": "租户ID是必需的",
+    "invalidValue": "无效的值",
+    "idpTypeLabel": "身份提供者类型",
+    "roleMappingExpressionPlaceholder": "例如: contains(group, 'admin' &'Admin' || 'Member'",
+    "idpGoogleConfiguration": "Google 配置",
+    "idpGoogleConfigurationDescription": "配置您的 Google OAuth2 凭据",
+    "idpGoogleClientIdDescription": "您的 Google OAuth2 客户端 ID",
+    "idpGoogleClientSecretDescription": "您的 Google OAuth2 客户端密钥",
+    "idpAzureConfiguration": "Azure Entra ID 配置",
+    "idpAzureConfigurationDescription": "配置您的 Azure Entra ID OAuth2 凭据",
+    "idpTenantId": "租户 ID",
+    "idpTenantIdPlaceholder": "您的租户ID",
+    "idpAzureTenantIdDescription": "您的 Azure 租户ID (在 Azure Active Directory 概览中发现)",
+    "idpAzureClientIdDescription": "您的 Azure 应用程序注册客户端 ID",
+    "idpAzureClientSecretDescription": "您的 Azure 应用程序注册客户端密钥",
+    "idpGoogleTitle": "谷歌",
+    "idpGoogleAlt": "Google",
+    "idpAzureTitle": "Azure Entra ID",
+    "idpAzureAlt": "Azure",
+    "idpGoogleConfigurationTitle": "Google 配置",
+    "idpAzureConfigurationTitle": "Azure Entra ID 配置",
+    "idpTenantIdLabel": "租户 ID",
+    "idpAzureClientIdDescription2": "您的 Azure 应用程序注册客户端 ID",
+    "idpAzureClientSecretDescription2": "您的 Azure 应用程序注册客户端密钥",
+    "idpGoogleDescription": "Google OAuth2/OIDC 提供商",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "subnet": "子网",
+    "subnetDescription": "此组织网络配置的子网。",
+    "authPage": "认证页面",
+    "authPageDescription": "配置您的组织认证页面",
+    "authPageDomain": "认证页面域",
+    "noDomainSet": "没有域设置",
+    "changeDomain": "更改域",
+    "selectDomain": "选择域",
+    "restartCertificate": "重新启动证书",
+    "editAuthPageDomain": "编辑认证页面域",
+    "setAuthPageDomain": "设置认证页面域",
+    "failedToFetchCertificate": "获取证书失败",
+    "failedToRestartCertificate": "重新启动证书失败",
+    "addDomainToEnableCustomAuthPages": "为您的组织添加域名以启用自定义认证页面",
+    "selectDomainForOrgAuthPage": "选择组织认证页面的域",
+    "domainPickerProvidedDomain": "提供的域",
+    "domainPickerFreeProvidedDomain": "免费提供的域",
+    "domainPickerVerified": "已验证",
+    "domainPickerUnverified": "未验证",
+    "domainPickerInvalidSubdomainStructure": "此子域包含无效的字符或结构。当您保存时，它将被自动清除。",
+    "domainPickerError": "错误",
+    "domainPickerErrorLoadDomains": "加载组织域名失败",
+    "domainPickerErrorCheckAvailability": "检查域可用性失败",
+    "domainPickerInvalidSubdomain": "无效的子域",
+    "domainPickerInvalidSubdomainRemoved": "输入 \"{sub}\" 已被移除，因为其无效。",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" 无法为 {domain} 变为有效。",
+    "domainPickerSubdomainSanitized": "子域已净化",
+    "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\"",
+    "orgAuthSignInTitle": "登录到您的组织",
+    "orgAuthChooseIdpDescription": "选择您的身份提供商以继续",
+    "orgAuthNoIdpConfigured": "此机构没有配置任何身份提供者。您可以使用您的 Pangolin 身份登录。",
+    "orgAuthSignInWithPangolin": "使用 Pangolin 登录",
+    "subscriptionRequiredToUse": "需要订阅才能使用此功能。",
+    "idpDisabled": "身份提供者已禁用。",
+    "orgAuthPageDisabled": "组织认证页面已禁用。",
+    "domainRestartedDescription": "域验证重新启动成功",
+    "resourceAddEntrypointsEditFile": "编辑文件：config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "编辑文件：docker-compose.yml",
+    "emailVerificationRequired": "需要电子邮件验证。 请通过 {dashboardUrl}/auth/login 再次登录以完成此步骤。 然后，回到这里。",
+    "twoFactorSetupRequired": "需要设置双因素身份验证。 请通过 {dashboardUrl}/auth/login 再次登录以完成此步骤。 然后，回到这里。",
+    "authPageErrorUpdateMessage": "更新身份验证页面设置时出错",
+    "authPageUpdated": "身份验证页面更新成功",
+    "healthCheckNotAvailable": "本地的",
+    "rewritePath": "重写路径",
+    "rewritePathDescription": "在转发到目标之前，可以选择重写路径。",
+    "continueToApplication": "继续应用",
+    "checkingInvite": "正在检查邀请",
+    "setResourceHeaderAuth": "设置 ResourceHeaderAuth",
+    "resourceHeaderAuthRemove": "删除头部认证",
+    "resourceHeaderAuthRemoveDescription": "已成功删除头部身份验证。",
+    "resourceErrorHeaderAuthRemove": "删除头部身份验证失败",
+    "resourceErrorHeaderAuthRemoveDescription": "无法删除资源的头部身份验证。",
+    "resourceHeaderAuthProtectionEnabled": "Header Authentication Enabled",
+    "resourceHeaderAuthProtectionDisabled": "Header Authentication Disabled",
+    "headerAuthRemove": "Remove Header Auth",
+    "headerAuthAdd": "Add Header Auth",
+    "resourceErrorHeaderAuthSetup": "设置页眉认证失败",
+    "resourceErrorHeaderAuthSetupDescription": "无法设置资源的头部身份验证。",
+    "resourceHeaderAuthSetup": "头部认证设置成功",
+    "resourceHeaderAuthSetupDescription": "头部认证已成功设置。",
+    "resourceHeaderAuthSetupTitle": "设置头部身份验证",
+    "resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
+    "resourceHeaderAuthSubmit": "设置头部身份验证",
+    "actionSetResourceHeaderAuth": "设置头部身份验证",
+    "enterpriseEdition": "Enterprise Edition",
+    "unlicensed": "Unlicensed",
+    "beta": "Beta",
+    "manageClients": "Manage Clients",
+    "manageClientsDescription": "Clients are devices that can connect to your sites",
+    "licenseTableValidUntil": "Valid Until",
+    "saasLicenseKeysSettingsTitle": "Enterprise Licenses",
+    "saasLicenseKeysSettingsDescription": "Generate and manage Enterprise license keys for self-hosted Pangolin instances",
+    "sidebarEnterpriseLicenses": "Licenses",
+    "generateLicenseKey": "Generate License Key",
+    "generateLicenseKeyForm": {
+        "validation": {
+            "emailRequired": "Please enter a valid email address",
+            "useCaseTypeRequired": "Please select a use case type",
+            "firstNameRequired": "First name is required",
+            "lastNameRequired": "Last name is required",
+            "primaryUseRequired": "Please describe your primary use",
+            "jobTitleRequiredBusiness": "Job title is required for business use",
+            "industryRequiredBusiness": "Industry is required for business use",
+            "stateProvinceRegionRequired": "State/Province/Region is required",
+            "postalZipCodeRequired": "Postal/ZIP Code is required",
+            "companyNameRequiredBusiness": "Company name is required for business use",
+            "countryOfResidenceRequiredBusiness": "Country of residence is required for business use",
+            "countryRequiredPersonal": "Country is required for personal use",
+            "agreeToTermsRequired": "You must agree to the terms",
+            "complianceConfirmationRequired": "You must confirm compliance with the Fossorial Commercial License"
+        },
+        "useCaseOptions": {
+            "personal": {
+                "title": "Personal Use",
+                "description": "For individual, non-commercial use such as learning, personal projects, or experimentation."
+            },
+            "business": {
+                "title": "Business Use",
+                "description": "For use within organizations, companies, or commercial or revenue-generating activities."
+            }
+        },
+        "steps": {
+            "emailLicenseType": {
+                "title": "Email & License Type",
+                "description": "Enter your email and choose your license type"
+            },
+            "personalInformation": {
+                "title": "Personal Information",
+                "description": "Tell us about yourself"
+            },
+            "contactInformation": {
+                "title": "Contact Information",
+                "description": "Your contact details"
+            },
+            "termsGenerate": {
+                "title": "Terms & Generate",
+                "description": "Review and accept terms to generate your license"
+            }
+        },
+        "alerts": {
+            "commercialUseDisclosure": {
+                "title": "Usage Disclosure",
+                "description": "Select the license tier that accurately reflects your intended use. The Personal License permits free use of the Software for individual, non-commercial or small-scale commercial activities with annual gross revenue under $100,000 USD. Any use beyond these limits — including use within a business, organization, or other revenue-generating environment — requires a valid Enterprise License and payment of the applicable licensing fee. All users, whether Personal or Enterprise, must comply with the Fossorial Commercial License Terms."
+            },
+            "trialPeriodInformation": {
+                "title": "Trial Period Information",
+                "description": "This License Key enables Enterprise features for a 7-day evaluation period. Continued access to Paid Features beyond the evaluation period requires activation under a valid Personal or Enterprise License. For Enterprise licensing, contact sales@pangolin.net."
+            }
+        },
+        "form": {
+            "useCaseQuestion": "Are you using Pangolin for personal or business use?",
+            "firstName": "First Name",
+            "lastName": "Last Name",
+            "jobTitle": "Job Title",
+            "primaryUseQuestion": "What do you primarily plan to use Pangolin for?",
+            "industryQuestion": "What is your industry?",
+            "prospectiveUsersQuestion": "How many prospective users do you expect to have?",
+            "prospectiveSitesQuestion": "How many prospective sites (tunnels) do you expect to have?",
+            "companyName": "Company name",
+            "countryOfResidence": "Country of residence",
+            "stateProvinceRegion": "State / Province / Region",
+            "postalZipCode": "Postal / ZIP Code",
+            "companyWebsite": "Company website",
+            "companyPhoneNumber": "Company phone number",
+            "country": "Country",
+            "phoneNumberOptional": "Phone number (optional)",
+            "complianceConfirmation": "I confirm that I am in compliance with the Fossorial Commercial License and that reporting inaccurate information or misidentifying use of the product is a violation of the license."
+        },
+        "buttons": {
+            "close": "Close",
+            "previous": "Previous",
+            "next": "Next",
+            "generateLicenseKey": "Generate License Key"
+        },
+        "toasts": {
+            "success": {
+                "title": "License key generated successfully",
+                "description": "Your license key has been generated and is ready to use."
+            },
+            "error": {
+                "title": "Failed to generate license key",
+                "description": "An error occurred while generating the license key."
+            }
+        }
+    },
+    "priority": "优先权",
+    "priorityDescription": "先评估更高优先级线路。优先级 = 100意味着自动排序(系统决定). 使用另一个数字强制执行手动优先级。",
+    "instanceName": "Instance Name",
+    "pathMatchModalTitle": "Configure Path Matching",
+    "pathMatchModalDescription": "Set up how incoming requests should be matched based on their path.",
+    "pathMatchType": "Match Type",
+    "pathMatchPrefix": "Prefix",
+    "pathMatchExact": "Exact",
+    "pathMatchRegex": "Regex",
+    "pathMatchValue": "Path Value",
+    "clear": "Clear",
+    "saveChanges": "Save Changes",
+    "pathMatchRegexPlaceholder": "^/api/.*",
+    "pathMatchDefaultPlaceholder": "/path",
+    "pathMatchPrefixHelp": "Example: /api matches /api, /api/users, etc.",
+    "pathMatchExactHelp": "Example: /api matches only /api",
+    "pathMatchRegexHelp": "Example: ^/api/.* matches /api/anything",
+    "pathRewriteModalTitle": "Configure Path Rewriting",
+    "pathRewriteModalDescription": "Transform the matched path before forwarding to the target.",
+    "pathRewriteType": "Rewrite Type",
+    "pathRewritePrefixOption": "Prefix - Replace prefix",
+    "pathRewriteExactOption": "Exact - Replace entire path",
+    "pathRewriteRegexOption": "Regex - Pattern replacement",
+    "pathRewriteStripPrefixOption": "Strip Prefix - Remove prefix",
+    "pathRewriteValue": "Rewrite Value",
+    "pathRewriteRegexPlaceholder": "/new/$1",
+    "pathRewriteDefaultPlaceholder": "/new-path",
+    "pathRewritePrefixHelp": "Replace the matched prefix with this value",
+    "pathRewriteExactHelp": "Replace the entire path with this value when the path matches exactly",
+    "pathRewriteRegexHelp": "Use capture groups like $1, $2 for replacement",
+    "pathRewriteStripPrefixHelp": "Leave empty to strip prefix or provide new prefix",
+    "pathRewritePrefix": "Prefix",
+    "pathRewriteExact": "Exact",
+    "pathRewriteRegex": "Regex",
+    "pathRewriteStrip": "Strip",
+    "pathRewriteStripLabel": "strip"
 }

package.json

@@ -19,46 +19,52 @@
         "db:sqlite:studio": "drizzle-kit studio --config=./drizzle.sqlite.config.ts",
         "db:pg:studio": "drizzle-kit studio --config=./drizzle.pg.config.ts",
         "db:clear-migrations": "rm -rf server/migrations",
+        "set:oss": "echo 'export const build = \"oss\" as any;' > server/build.ts && cp tsconfig.oss.json tsconfig.json",
+        "set:saas": "echo 'export const build = \"saas\" as any;' > server/build.ts && cp tsconfig.saas.json tsconfig.json",
+        "set:enterprise": "echo 'export const build = \"enterprise\" as any;' > server/build.ts && cp tsconfig.enterprise.json tsconfig.json",
+        "set:sqlite": "echo 'export * from \"./sqlite\";' > server/db/index.ts",
+        "set:pg": "echo 'export * from \"./pg\";' > server/db/index.ts",
+        "next:build": "next build",
         "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
         "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
-        "start:sqlite": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
-        "start:pg": "DB_TYPE=pg NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
+        "start": "ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod NODE_ENV=development node --enable-source-maps dist/server.mjs",
         "email": "email dev --dir server/emails/templates --port 3005",
         "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
     },
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "^7.3.4",
-        "@hookform/resolvers": "3.9.1",
+        "@aws-sdk/client-s3": "3.908.0",
+        "@hookform/resolvers": "5.2.2",
         "@node-rs/argon2": "^2.0.2",
         "@oslojs/crypto": "1.0.1",
         "@oslojs/encoding": "1.1.0",
         "@radix-ui/react-avatar": "1.1.10",
-        "@radix-ui/react-checkbox": "1.3.2",
-        "@radix-ui/react-collapsible": "1.1.11",
-        "@radix-ui/react-dialog": "1.1.14",
-        "@radix-ui/react-dropdown-menu": "2.1.15",
+        "@radix-ui/react-checkbox": "1.3.3",
+        "@radix-ui/react-collapsible": "1.1.12",
+        "@radix-ui/react-dialog": "1.1.15",
+        "@radix-ui/react-dropdown-menu": "2.1.16",
         "@radix-ui/react-icons": "1.3.2",
         "@radix-ui/react-label": "2.1.7",
-        "@radix-ui/react-popover": "1.1.14",
+        "@radix-ui/react-popover": "1.1.15",
         "@radix-ui/react-progress": "^1.1.7",
-        "@radix-ui/react-radio-group": "1.3.7",
-        "@radix-ui/react-scroll-area": "^1.2.9",
-        "@radix-ui/react-select": "2.2.5",
+        "@radix-ui/react-radio-group": "1.3.8",
+        "@radix-ui/react-scroll-area": "^1.2.10",
+        "@radix-ui/react-select": "2.2.6",
         "@radix-ui/react-separator": "1.1.7",
         "@radix-ui/react-slot": "1.2.3",
-        "@radix-ui/react-switch": "1.2.5",
-        "@radix-ui/react-tabs": "1.1.12",
-        "@radix-ui/react-toast": "1.2.14",
-        "@radix-ui/react-tooltip": "^1.2.7",
-        "@react-email/components": "0.3.1",
-        "@react-email/render": "^1.1.2",
-        "@simplewebauthn/browser": "^13.1.0",
-        "@simplewebauthn/server": "^9.0.3",
-        "@react-email/tailwind": "1.2.1",
+        "@radix-ui/react-switch": "1.2.6",
+        "@radix-ui/react-tabs": "1.1.13",
+        "@radix-ui/react-toast": "1.2.15",
+        "@radix-ui/react-tooltip": "^1.2.8",
+        "@react-email/components": "0.5.7",
+        "@react-email/render": "^1.3.2",
+        "@react-email/tailwind": "1.2.2",
+        "@simplewebauthn/browser": "^13.2.2",
+        "@simplewebauthn/server": "^13.2.2",
         "@tailwindcss/forms": "^0.5.10",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
-        "axios": "1.10.0",
+        "axios": "^1.12.2",
         "better-sqlite3": "11.7.0",
         "canvas-confetti": "1.9.3",
         "class-variance-authority": "^0.7.1",
@@ -69,82 +75,89 @@
         "cookies": "^0.9.1",
         "cors": "2.8.5",
         "crypto-js": "^4.2.0",
-        "drizzle-orm": "0.44.2",
-        "eslint": "9.31.0",
-        "eslint-config-next": "15.3.5",
-        "express": "4.21.2",
-        "express-rate-limit": "7.5.1",
+        "drizzle-orm": "0.44.6",
+        "eslint": "9.37.0",
+        "eslint-config-next": "15.5.6",
+        "express": "5.1.0",
+        "express-rate-limit": "8.1.0",
         "glob": "11.0.3",
         "helmet": "8.1.0",
         "http-errors": "2.0.0",
         "i": "^0.3.7",
         "input-otp": "1.4.2",
+        "ioredis": "5.8.1",
         "jmespath": "^0.16.0",
         "js-yaml": "4.1.0",
         "jsonwebtoken": "^9.0.2",
-        "lucide-react": "0.525.0",
+        "lucide-react": "^0.545.0",
+        "maxmind": "5.0.0",
         "moment": "2.30.1",
-        "next": "15.3.5",
-        "next-intl": "^4.3.4",
+        "next": "15.5.6",
+        "next-intl": "^4.3.12",
         "next-themes": "0.4.6",
         "node-cache": "5.1.2",
         "node-fetch": "3.3.2",
-        "nodemailer": "7.0.5",
-        "npm": "^11.4.2",
+        "nodemailer": "7.0.9",
+        "npm": "^11.6.2",
         "oslo": "1.2.1",
         "pg": "^8.16.2",
+        "posthog-node": "^5.9.5",
         "qrcode.react": "4.2.0",
-        "react": "19.1.0",
-        "react-dom": "19.1.0",
-        "react-easy-sort": "^1.6.0",
-        "react-hook-form": "7.60.0",
+        "react": "19.2.0",
+        "react-dom": "19.2.0",
+        "react-easy-sort": "^1.8.0",
+        "react-hook-form": "7.65.0",
         "react-icons": "^5.5.0",
         "rebuild": "0.1.2",
-        "semver": "^7.7.2",
+        "reodotdev": "^1.0.0",
+        "resend": "^6.1.2",
+        "semver": "^7.7.3",
+        "stripe": "18.2.1",
         "swagger-ui-express": "^5.0.1",
         "tailwind-merge": "3.3.1",
-        "tw-animate-css": "^1.3.5",
-        "uuid": "^11.1.0",
+        "tw-animate-css": "^1.3.8",
+        "uuid": "^13.0.0",
         "vaul": "1.1.2",
-        "winston": "3.17.0",
+        "winston": "3.18.3",
         "winston-daily-rotate-file": "5.0.0",
         "ws": "8.18.3",
+        "yargs": "18.0.0",
         "zod": "3.25.76",
-        "zod-validation-error": "3.5.2",
-        "yargs": "18.0.0"
+        "zod-validation-error": "3.5.2"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.47.6",
+        "@dotenvx/dotenvx": "1.51.0",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@tailwindcss/postcss": "^4.1.10",
+        "@react-email/preview-server": "4.3.0",
+        "@tailwindcss/postcss": "^4.1.14",
         "@types/better-sqlite3": "7.6.12",
         "@types/cookie-parser": "1.4.9",
         "@types/cors": "2.8.19",
         "@types/crypto-js": "^4.2.2",
-        "@types/express": "5.0.0",
+        "@types/express": "5.0.3",
         "@types/express-session": "^1.18.2",
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/node": "^24",
-        "@types/nodemailer": "6.4.17",
-        "@types/pg": "8.15.4",
-        "@types/react": "19.1.8",
-        "@types/react-dom": "19.1.6",
-        "@types/semver": "^7.7.0",
+        "@types/node": "24.7.2",
+        "@types/nodemailer": "7.0.2",
+        "@types/pg": "8.15.5",
+        "@types/react": "19.2.2",
+        "@types/react-dom": "19.2.2",
+        "@types/semver": "^7.7.1",
         "@types/swagger-ui-express": "^4.1.8",
         "@types/ws": "8.18.1",
         "@types/yargs": "17.0.33",
-        "drizzle-kit": "0.31.4",
-        "esbuild": "0.25.6",
+        "drizzle-kit": "0.31.5",
+        "esbuild": "0.25.11",
         "esbuild-node-externals": "1.18.0",
         "postcss": "^8",
-        "react-email": "4.1.0",
+        "react-email": "4.3.0",
         "tailwindcss": "^4.1.4",
         "tsc-alias": "1.8.16",
-        "tsx": "4.20.3",
+        "tsx": "4.20.6",
         "typescript": "^5",
-        "typescript-eslint": "^8.36.0"
+        "typescript-eslint": "^8.46.0"
     },
     "overrides": {
         "emblor": {

server/apiServer.ts

@@ -7,16 +7,21 @@ import {
     errorHandlerMiddleware,
     notFoundMiddleware
 } from "@server/middlewares";
-import { authenticated, unauthenticated } from "@server/routers/external";
-import { router as wsRouter, handleWSUpgrade } from "@server/routers/ws";
+import { authenticated, unauthenticated } from "#dynamic/routers/external";
+import { router as wsRouter, handleWSUpgrade } from "#dynamic/routers/ws";
 import { logIncomingMiddleware } from "./middlewares/logIncoming";
 import { csrfProtectionMiddleware } from "./middlewares/csrfProtection";
 import helmet from "helmet";
-import rateLimit from "express-rate-limit";
+import { build } from "./build";
+import rateLimit, { ipKeyGenerator } from "express-rate-limit";
 import createHttpError from "http-errors";
 import HttpCode from "./types/HttpCode";
 import requestTimeoutMiddleware from "./middlewares/requestTimeout";
-import { createStore } from "./lib/rateLimitStore";
+import { createStore } from "#dynamic/lib/rateLimitStore";
+import { stripDuplicateSesions } from "./middlewares/stripDuplicateSessions";
+import { corsWithLoginPageSupport } from "@server/lib/corsWithLoginPage";
+import { hybridRouter } from "#dynamic/routers/hybrid";
+import { billingWebhookHandler } from "#dynamic/routers/billing/webhooks";
 
 const dev = config.isDev;
 const externalPort = config.getRawConfig().server.external_port;
@@ -30,8 +35,15 @@ export function createApiServer() {
         apiServer.set("trust proxy", trustProxy);
     }
 
-    const corsConfig = config.getRawConfig().server.cors;
+    if (build == "saas") {
+        apiServer.post(
+            `${prefix}/billing/webhooks`,
+            express.raw({ type: "application/json" }),
+            billingWebhookHandler
+        );
+    }
 
+    const corsConfig = config.getRawConfig().server.cors;
     const options = {
         ...(corsConfig?.origins
             ? { origin: corsConfig.origins }
@@ -47,15 +59,20 @@ export function createApiServer() {
         credentials: !(corsConfig?.credentials === false)
     };
 
-    logger.debug("Using CORS options", options);
-
-    apiServer.use(cors(options));
+    if (build == "oss" || !corsConfig) {
+        logger.debug("Using CORS options", options);
+        apiServer.use(cors(options));
+    } else if (corsConfig) {
+        // Use the custom CORS middleware with loginPage support
+        apiServer.use(corsWithLoginPageSupport(corsConfig));
+    }
 
     if (!dev) {
         apiServer.use(helmet());
         apiServer.use(csrfProtectionMiddleware);
     }
 
+    apiServer.use(stripDuplicateSesions);
     apiServer.use(cookieParser());
     apiServer.use(express.json());
 
@@ -70,7 +87,8 @@ export function createApiServer() {
                     60 *
                     1000,
                 max: config.getRawConfig().rate_limits.global.max_requests,
-                keyGenerator: (req) => `apiServerGlobal:${req.ip}:${req.path}`,
+                keyGenerator: (req) =>
+                    `apiServerGlobal:${ipKeyGenerator(req.ip || "")}:${req.path}`,
                 handler: (req, res, next) => {
                     const message = `Rate limit exceeded. You can make ${config.getRawConfig().rate_limits.global.max_requests} requests every ${config.getRawConfig().rate_limits.global.window_minutes} minute(s).`;
                     return next(
@@ -85,6 +103,9 @@ export function createApiServer() {
     // API routes
     apiServer.use(logIncomingMiddleware);
     apiServer.use(prefix, unauthenticated);
+    if (build !== "oss") {
+        apiServer.use(`${prefix}/hybrid`, hybridRouter);
+    }
     apiServer.use(prefix, authenticated);
 
     // WebSocket routes

server/auth/actions.ts

@@ -60,6 +60,7 @@ export enum ActionsEnum {
     getUser = "getUser",
     setResourcePassword = "setResourcePassword",
     setResourcePincode = "setResourcePincode",
+    setResourceHeaderAuth = "setResourceHeaderAuth",
     setResourceWhitelist = "setResourceWhitelist",
     getResourceWhitelist = "getResourceWhitelist",
     generateAccessToken = "generateAccessToken",
@@ -69,6 +70,11 @@ export enum ActionsEnum {
     deleteResourceRule = "deleteResourceRule",
     listResourceRules = "listResourceRules",
     updateResourceRule = "updateResourceRule",
+    createSiteResource = "createSiteResource",
+    deleteSiteResource = "deleteSiteResource",
+    getSiteResource = "getSiteResource",
+    listSiteResources = "listSiteResources",
+    updateSiteResource = "updateSiteResource",
     createClient = "createClient",
     deleteClient = "deleteClient",
     updateClient = "updateClient",
@@ -93,9 +99,24 @@ export enum ActionsEnum {
     listApiKeyActions = "listApiKeyActions",
     listApiKeys = "listApiKeys",
     getApiKey = "getApiKey",
+    getCertificate = "getCertificate",
+    restartCertificate = "restartCertificate",
+    billing = "billing",
     createOrgDomain = "createOrgDomain",
     deleteOrgDomain = "deleteOrgDomain",
-    restartOrgDomain = "restartOrgDomain"
+    restartOrgDomain = "restartOrgDomain",
+    sendUsageNotification = "sendUsageNotification",
+    createRemoteExitNode = "createRemoteExitNode",
+    updateRemoteExitNode = "updateRemoteExitNode",
+    getRemoteExitNode = "getRemoteExitNode",
+    listRemoteExitNode = "listRemoteExitNode",
+    deleteRemoteExitNode = "deleteRemoteExitNode",
+    updateOrgUser = "updateOrgUser",
+    createLoginPage = "createLoginPage",
+    updateLoginPage = "updateLoginPage",
+    getLoginPage = "getLoginPage",
+    deleteLoginPage = "deleteLoginPage",
+    applyBlueprint = "applyBlueprint"
 }
 
 export async function checkUserActionPermission(
@@ -173,7 +194,6 @@ export async function checkUserActionPermission(
 
         return roleActionPermission.length > 0;
 
-        return false;
     } catch (error) {
         console.error("Error checking user action permission:", error);
         throw createHttpError(

server/auth/sessions/app.ts

@@ -3,13 +3,7 @@ import {
     encodeHexLowerCase
 } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
-import {
-    resourceSessions,
-    Session,
-    sessions,
-    User,
-    users
-} from "@server/db";
+import { resourceSessions, Session, sessions, User, users } from "@server/db";
 import { db } from "@server/db";
 import { eq, inArray } from "drizzle-orm";
 import config from "@server/lib/config";
@@ -24,8 +18,9 @@ export const SESSION_COOKIE_EXPIRES =
     60 *
     60 *
     config.getRawConfig().server.dashboard_session_length_hours;
-export const COOKIE_DOMAIN =
-    "." + new URL(config.getRawConfig().app.dashboard_url).hostname;
+export const COOKIE_DOMAIN = config.getRawConfig().app.dashboard_url
+    ? new URL(config.getRawConfig().app.dashboard_url!).hostname
+    : undefined;
 
 export function generateSessionToken(): string {
     const bytes = new Uint8Array(20);
@@ -98,8 +93,8 @@ export async function invalidateSession(sessionId: string): Promise<void> {
     try {
         await db.transaction(async (trx) => {
             await trx
-            .delete(resourceSessions)
-            .where(eq(resourceSessions.userSessionId, sessionId));
+                .delete(resourceSessions)
+                .where(eq(resourceSessions.userSessionId, sessionId));
             await trx.delete(sessions).where(eq(sessions.sessionId, sessionId));
         });
     } catch (e) {
@@ -111,9 +106,9 @@ export async function invalidateAllSessions(userId: string): Promise<void> {
     try {
         await db.transaction(async (trx) => {
             const userSessions = await trx
-            .select()
-            .from(sessions)
-            .where(eq(sessions.userId, userId));
+                .select()
+                .from(sessions)
+                .where(eq(sessions.userId, userId));
             await trx.delete(resourceSessions).where(
                 inArray(
                     resourceSessions.userSessionId,

server/auth/sessions/resource.ts

@@ -173,14 +173,14 @@ export function serializeResourceSessionCookie(
     const now = new Date().getTime();
     if (!isHttp) {
         if (expiresAt === undefined) {
-            return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Secure; Domain=${"." + domain}`;
+            return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Secure; Domain=${domain}`;
         }
-        return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Secure; Domain=${"." + domain}`;
+        return `${cookieName}_s.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Secure; Domain=${domain}`;
     } else {
         if (expiresAt === undefined) {
-            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=${"." + domain}`;
+            return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Path=/; Domain=$domain}`;
         }
-        return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Domain=${"." + domain}`;
+        return `${cookieName}.${now}=${token}; HttpOnly; SameSite=Lax; Expires=${expiresAt.toUTCString()}; Path=/; Domain=${domain}`;
     }
 }
 
@@ -190,9 +190,9 @@ export function createBlankResourceSessionTokenCookie(
     isHttp: boolean = false
 ): string {
     if (!isHttp) {
-        return `${cookieName}_s=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
+        return `${cookieName}_s=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${domain}`;
     } else {
-        return `${cookieName}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Domain=${"." + domain}`;
+        return `${cookieName}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Domain=${domain}`;
     }
 }
 

server/build.ts

@@ -1 +0,0 @@
-export const build = "oss" as any;

server/cleanup.ts

@@ -0,0 +1,13 @@
+import { cleanup as wsCleanup } from "@server/routers/ws";
+
+async function cleanup() {
+    await wsCleanup();
+
+    process.exit(0);
+}
+
+export async function initCleanup() {
+    // Handle process termination
+    process.on("SIGTERM", () => cleanup());
+    process.on("SIGINT", () => cleanup());
+}

server/db/maxmind.ts

@@ -0,0 +1,13 @@
+import maxmind, { CountryResponse, Reader } from "maxmind";
+import config from "@server/lib/config";
+
+let maxmindLookup: Reader<CountryResponse> | null;
+if (config.getRawConfig().server.maxmind_db_path) {
+    maxmindLookup = await maxmind.open<CountryResponse>(
+        config.getRawConfig().server.maxmind_db_path!
+    );
+} else {
+    maxmindLookup = null;
+}
+
+export { maxmindLookup };

server/db/names.ts

@@ -1,6 +1,6 @@
 import { join } from "path";
 import { readFileSync } from "fs";
-import { db } from "@server/db";
+import { db, resources, siteResources } from "@server/db";
 import { exitNodes, sites } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import { __DIRNAME } from "@server/lib/consts";
@@ -34,6 +34,44 @@ export async function getUniqueSiteName(orgId: string): Promise<string> {
     }
 }
 
+export async function getUniqueResourceName(orgId: string): Promise<string> {
+    let loops = 0;
+    while (true) {
+        if (loops > 100) {
+            throw new Error("Could not generate a unique name");
+        }
+
+        const name = generateName();
+        const count = await db
+            .select({ niceId: resources.niceId, orgId: resources.orgId })
+            .from(resources)
+            .where(and(eq(resources.niceId, name), eq(resources.orgId, orgId)));
+        if (count.length === 0) {
+            return name;
+        }
+        loops++;
+    }
+}
+
+export async function getUniqueSiteResourceName(orgId: string): Promise<string> {
+    let loops = 0;
+    while (true) {
+        if (loops > 100) {
+            throw new Error("Could not generate a unique name");
+        }
+
+        const name = generateName();
+        const count = await db
+            .select({ niceId: siteResources.niceId, orgId: siteResources.orgId })
+            .from(siteResources)
+            .where(and(eq(siteResources.niceId, name), eq(siteResources.orgId, orgId)));
+        if (count.length === 0) {
+            return name;
+        }
+        loops++;
+    }
+}
+
 export async function getUniqueExitNodeEndpointName(): Promise<string> {
     let loops = 0;
     const count = await db