fix indexOf matching in addDnsRecords

Fix casing of zone id
add null check
2015-10-30 18:12:24 -07:00 · 2015-10-30 18:05:08 -07:00 · 2015-10-30 16:24:56 -07:00 · 2015-10-30 16:12:39 -07:00 · 2015-10-30 16:04:09 -07:00 · 2015-10-30 15:57:15 -07:00
93 changed files with 4721 additions and 2255 deletions
@@ -1,74 +0,0 @@
-#!/usr/bin/env node
-
-'use strict';
-
-require('supererror')({ splatchError: true });
-
-// remove timestamp from debug() based output
-require('debug').formatArgs = function formatArgs() {
-    arguments[0] = this.namespace + ' ' + arguments[0];
-    return arguments;
-};
-
-var assert = require('assert'),
-    debug = require('debug')('box:janitor'),
-    async = require('async'),
-    tokendb = require('./src/tokendb.js'),
-    authcodedb = require('./src/authcodedb.js'),
-    database = require('./src/database.js');
-
-function initialize(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    async.series([
-        database.initialize
-    ], callback);
-}
-
-function cleanupExpiredTokens(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    tokendb.delExpired(function (error, result) {
-        if (error) return callback(error);
-
-        debug('Cleaned up %s expired tokens.', result);
-
-        callback(null);
-    });
-}
-
-function cleanupExpiredAuthCodes(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    authcodedb.delExpired(function (error, result) {
-        if (error) return callback(error);
-
-        debug('Cleaned up %s expired authcodes.', result);
-
-        callback(null);
-    });
-}
-
-function run() {
-    cleanupExpiredTokens(function (error) {
-        if (error) console.error(error);
-
-        cleanupExpiredAuthCodes(function (error) {
-            if (error) console.error(error);
-
-            process.exit(0);
-        });
-    });
-}
-
-if (require.main === module) {
-    initialize(function (error) {
-        if (error) {
-            console.error('janitor task exiting with error', error);
-            process.exit(1);
-        }
-
-        run();
-    });
-}
-
@@ -0,0 +1,17 @@
+dbm = dbm || require('db-migrate');
+var type = dbm.dataType;
+var async = require('async');
+
+exports.up = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'DELETE FROM clients'),
+        db.runSql.bind(db, 'ALTER TABLE clients ADD COLUMN type VARCHAR(16) NOT NULL'),
+    ], callback);
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE clients DROP COLUMN type', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
@@ -0,0 +1,17 @@
+var dbm = global.dbm || require('db-migrate');
+var type = dbm.dataType;
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE accessRestriction accessRestrictionJson VARCHAR(2048)', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE accessRestrictionJson accessRestriction VARCHAR(2048)', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
@@ -29,8 +29,9 @@ CREATE TABLE IF NOT EXISTS tokens(
    PRIMARY KEY(accessToken));

 CREATE TABLE IF NOT EXISTS clients(
-    id VARCHAR(128) NOT NULL UNIQUE,
-    appId VARCHAR(128) NOT NULL,                // this is for the form <type>-appId to allow easy clearing of tokens of a type
+    id VARCHAR(128) NOT NULL UNIQUE, // prefixed with cid- to identify token easily in auth routes
+    appId VARCHAR(128) NOT NULL,
+    type VARCHAR(16) NOT NULL,
    clientSecret VARCHAR(512) NOT NULL,
    redirectURI VARCHAR(512) NOT NULL,
    scope VARCHAR(512) NOT NULL,
@@ -48,7 +49,7 @@ CREATE TABLE IF NOT EXISTS apps(
    httpPort INTEGER,                        // this is the nginx proxy port and not manifest.httpPort
    location VARCHAR(128) NOT NULL UNIQUE,
    dnsRecordId VARCHAR(512),
-    accessRestriction VARCHAR(512),
+    accessRestrictionJson VARCHAR(2048),
    oauthProxy BOOLEAN DEFAULT 0,
    createdAt TIMESTAMP(2) NOT NULL DEFAULT CURRENT_TIMESTAMP,

@@ -130,9 +130,26 @@
      "resolved": "https://registry.npmjs.org/autoprefixer-core/-/autoprefixer-core-5.2.1.tgz"
    },
    "aws-sdk": {
-      "version": "2.2.9",
+      "version": "2.2.10",
      "from": "aws-sdk@>=2.1.46 <3.0.0",
-      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.2.9.tgz"
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.2.10.tgz",
+      "dependencies": {
+        "sax": {
+          "version": "0.5.3",
+          "from": "sax@0.5.3",
+          "resolved": "http://registry.npmjs.org/sax/-/sax-0.5.3.tgz"
+        },
+        "xml2js": {
+          "version": "0.2.8",
+          "from": "xml2js@0.2.8",
+          "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.2.8.tgz"
+        },
+        "xmlbuilder": {
+          "version": "0.4.2",
+          "from": "xmlbuilder@0.4.2",
+          "resolved": "http://registry.npmjs.org/xmlbuilder/-/xmlbuilder-0.4.2.tgz"
+        }
+      }
    },
    "aws-sign2": {
      "version": "0.6.0",
@@ -255,7 +272,7 @@
    },
    "bytes": {
      "version": "2.1.0",
-      "from": "bytes@2.1.0",
+      "from": "bytes@*",
      "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.1.0.tgz"
    },
    "camelcase": {
@@ -269,9 +286,9 @@
      "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-1.0.0.tgz"
    },
    "caniuse-db": {
-      "version": "1.0.30000339",
+      "version": "1.0.30000348",
      "from": "caniuse-db@>=1.0.30000214 <2.0.0",
-      "resolved": "https://registry.npmjs.org/caniuse-db/-/caniuse-db-1.0.30000339.tgz"
+      "resolved": "https://registry.npmjs.org/caniuse-db/-/caniuse-db-1.0.30000348.tgz"
    },
    "caseless": {
      "version": "0.11.0",
@@ -294,9 +311,9 @@
      "resolved": "https://registry.npmjs.org/chalk/-/chalk-0.4.0.tgz"
    },
    "clean-css": {
-      "version": "3.4.5",
+      "version": "3.4.6",
      "from": "clean-css@>=3.3.3 <4.0.0",
-      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-3.4.5.tgz"
+      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-3.4.6.tgz"
    },
    "cliui": {
      "version": "2.1.0",
@@ -321,13 +338,24 @@
      "resolved": "https://registry.npmjs.org/clone-stats/-/clone-stats-0.0.1.tgz"
    },
    "cloudron-manifestformat": {
-      "version": "1.9.1",
-      "from": "cloudron-manifestformat@1.9.1",
+      "version": "2.0.0",
+      "from": "cloudron-manifestformat@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-2.0.0.tgz",
      "dependencies": {
+        "java-packagename-regex": {
+          "version": "1.0.0",
+          "from": "java-packagename-regex@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/java-packagename-regex/-/java-packagename-regex-1.0.0.tgz"
+        },
        "safetydance": {
          "version": "0.0.15",
          "from": "safetydance@0.0.15",
          "resolved": "http://registry.npmjs.org/safetydance/-/safetydance-0.0.15.tgz"
+        },
+        "tv4": {
+          "version": "1.2.7",
+          "from": "tv4@>=1.1.9 <2.0.0",
+          "resolved": "https://registry.npmjs.org/tv4/-/tv4-1.2.7.tgz"
        }
      }
    },
@@ -357,9 +385,9 @@
      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz"
    },
    "concat-stream": {
-      "version": "1.5.0",
+      "version": "1.5.1",
      "from": "concat-stream@>=1.4.7 <2.0.0",
-      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.5.0.tgz"
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.5.1.tgz"
    },
    "concat-with-sourcemaps": {
      "version": "1.0.4",
@@ -1111,6 +1139,11 @@
        }
      }
    },
+    "glogg": {
+      "version": "1.0.0",
+      "from": "glogg@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/glogg/-/glogg-1.0.0.tgz"
+    },
    "graceful-fs": {
      "version": "3.0.8",
      "from": "graceful-fs@>=3.0.5 <4.0.0",
@@ -1127,9 +1160,9 @@
      "resolved": "https://registry.npmjs.org/growl/-/growl-1.8.1.tgz"
    },
    "gulp-util": {
-      "version": "3.0.6",
+      "version": "3.0.7",
      "from": "gulp-util@>=3.0.0 <4.0.0",
-      "resolved": "https://registry.npmjs.org/gulp-util/-/gulp-util-3.0.6.tgz",
+      "resolved": "https://registry.npmjs.org/gulp-util/-/gulp-util-3.0.7.tgz",
      "dependencies": {
        "ansi-styles": {
          "version": "2.1.0",
@@ -1153,10 +1186,49 @@
        }
      }
    },
+    "gulplog": {
+      "version": "1.0.0",
+      "from": "gulplog@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/gulplog/-/gulplog-1.0.0.tgz"
+    },
    "handlebars": {
      "version": "4.0.3",
      "from": "handlebars@>=4.0.1 <5.0.0",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.0.3.tgz"
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.0.3.tgz",
+      "dependencies": {
+        "uglify-js": {
+          "version": "2.4.24",
+          "from": "uglify-js@>=2.4.0 <2.5.0",
+          "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-2.4.24.tgz",
+          "dependencies": {
+            "async": {
+              "version": "0.2.10",
+              "from": "async@>=0.2.6 <0.3.0",
+              "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz"
+            },
+            "source-map": {
+              "version": "0.1.34",
+              "from": "source-map@0.1.34",
+              "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.1.34.tgz"
+            }
+          }
+        },
+        "window-size": {
+          "version": "0.1.0",
+          "from": "window-size@0.1.0",
+          "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.1.0.tgz"
+        },
+        "wordwrap": {
+          "version": "0.0.2",
+          "from": "wordwrap@0.0.2",
+          "resolved": "http://registry.npmjs.org/wordwrap/-/wordwrap-0.0.2.tgz"
+        },
+        "yargs": {
+          "version": "3.5.4",
+          "from": "yargs@>=3.5.4 <3.6.0",
+          "resolved": "https://registry.npmjs.org/yargs/-/yargs-3.5.4.tgz"
+        }
+      }
    },
    "har-validator": {
      "version": "2.0.2",
@@ -1195,6 +1267,11 @@
      "from": "has-flag@>=1.0.0 <2.0.0",
      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-1.0.0.tgz"
    },
+    "has-gulplog": {
+      "version": "0.1.0",
+      "from": "has-gulplog@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/has-gulplog/-/has-gulplog-0.1.0.tgz"
+    },
    "has-unicode": {
      "version": "1.0.1",
      "from": "has-unicode@>=1.0.0 <2.0.0",
@@ -1364,11 +1441,6 @@
        }
      }
    },
-    "java-packagename-regex": {
-      "version": "1.0.0",
-      "from": "java-packagename-regex@>=1.0.0 <2.0.0",
-      "resolved": "https://registry.npmjs.org/java-packagename-regex/-/java-packagename-regex-1.0.0.tgz"
-    },
    "js-base64": {
      "version": "2.1.9",
      "from": "js-base64@>=2.1.8 <2.2.0",
@@ -1402,9 +1474,9 @@
      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"
    },
    "jsonfile": {
-      "version": "2.2.2",
+      "version": "2.2.3",
      "from": "jsonfile@>=2.0.0 <3.0.0",
-      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.2.2.tgz"
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.2.3.tgz"
    },
    "jsonparse": {
      "version": "0.0.5",
@@ -1642,9 +1714,9 @@
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-2.7.0.tgz"
    },
    "mailcomposer": {
-      "version": "2.0.0",
+      "version": "2.1.0",
      "from": "mailcomposer@>=2.0.0 <3.0.0",
-      "resolved": "https://registry.npmjs.org/mailcomposer/-/mailcomposer-2.0.0.tgz"
+      "resolved": "https://registry.npmjs.org/mailcomposer/-/mailcomposer-2.1.0.tgz"
    },
    "map-obj": {
      "version": "1.0.1",
@@ -1846,48 +1918,6 @@
        }
      }
    },
-    "node-sass": {
-      "version": "3.3.3",
-      "from": "node-sass@>=3.0.0-alpha.0 <4.0.0",
-      "resolved": "https://registry.npmjs.org/node-sass/-/node-sass-3.3.3.tgz",
-      "dependencies": {
-        "ansi-styles": {
-          "version": "2.1.0",
-          "from": "ansi-styles@>=2.1.0 <3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.1.0.tgz"
-        },
-        "chalk": {
-          "version": "1.1.1",
-          "from": "chalk@>=1.1.1 <2.0.0",
-          "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.1.tgz"
-        },
-        "get-stdin": {
-          "version": "4.0.1",
-          "from": "get-stdin@>=4.0.1 <5.0.0",
-          "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz"
-        },
-        "glob": {
-          "version": "5.0.15",
-          "from": "glob@>=5.0.14 <6.0.0",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz"
-        },
-        "minimatch": {
-          "version": "3.0.0",
-          "from": "minimatch@>=2.0.0 <3.0.0||>=3.0.0 <4.0.0",
-          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.0.tgz"
-        },
-        "nan": {
-          "version": "2.1.0",
-          "from": "nan@>=2.0.8 <3.0.0",
-          "resolved": "https://registry.npmjs.org/nan/-/nan-2.1.0.tgz"
-        },
-        "strip-ansi": {
-          "version": "3.0.0",
-          "from": "strip-ansi@>=3.0.0 <4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.0.tgz"
-        }
-      }
-    },
    "node-uuid": {
      "version": "1.4.3",
      "from": "node-uuid@>=1.4.3 <2.0.0",
@@ -2206,9 +2236,9 @@
      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-1.0.0.tgz"
    },
    "pkginfo": {
-      "version": "0.3.0",
+      "version": "0.3.1",
      "from": "pkginfo@>=0.3.0 <0.4.0",
-      "resolved": "http://registry.npmjs.org/pkginfo/-/pkginfo-0.3.0.tgz"
+      "resolved": "https://registry.npmjs.org/pkginfo/-/pkginfo-0.3.1.tgz"
    },
    "pooling": {
      "version": "0.4.6",
@@ -2418,11 +2448,6 @@
        }
      }
    },
-    "sax": {
-      "version": "0.5.3",
-      "from": "sax@0.5.3",
-      "resolved": "http://registry.npmjs.org/sax/-/sax-0.5.3.tgz"
-    },
    "scmp": {
      "version": "1.0.0",
      "from": "scmp@1.0.0",
@@ -2485,6 +2510,11 @@
      "from": "source-map@>=0.4.2 <0.5.0",
      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.4.4.tgz"
    },
+    "sparkles": {
+      "version": "1.0.0",
+      "from": "sparkles@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sparkles/-/sparkles-1.0.0.tgz"
+    },
    "spawn-sync": {
      "version": "1.0.13",
      "from": "spawn-sync@>=1.0.13 <2.0.0",
@@ -2506,9 +2536,9 @@
      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.0.tgz"
    },
    "spdx-license-ids": {
-      "version": "1.0.2",
+      "version": "1.1.0",
      "from": "spdx-license-ids@>=1.0.2 <2.0.0",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.0.2.tgz"
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.1.0.tgz"
    },
    "split": {
      "version": "1.0.0",
@@ -3400,11 +3430,6 @@
      "from": "tunnel-agent@>=0.4.1 <0.5.0",
      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.1.tgz"
    },
-    "tv4": {
-      "version": "1.2.7",
-      "from": "tv4@>=1.1.9 <2.0.0",
-      "resolved": "https://registry.npmjs.org/tv4/-/tv4-1.2.7.tgz"
-    },
    "type-check": {
      "version": "0.3.1",
      "from": "type-check@>=0.3.1 <0.4.0",
@@ -3431,9 +3456,9 @@
      "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.0.tgz"
    },
    "uglify-js": {
-      "version": "2.4.24",
-      "from": "uglify-js@2.4.24",
-      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-2.4.24.tgz",
+      "version": "2.5.0",
+      "from": "uglify-js@2.5.0",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-2.5.0.tgz",
      "dependencies": {
        "async": {
          "version": "0.2.10",
@@ -3441,9 +3466,9 @@
          "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz"
        },
        "source-map": {
-          "version": "0.1.34",
-          "from": "source-map@0.1.34",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.1.34.tgz"
+          "version": "0.5.1",
+          "from": "source-map@>=0.5.1 <0.6.0",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.1.tgz"
        },
        "window-size": {
          "version": "0.1.0",
@@ -3658,15 +3683,17 @@
      "from": "wrench@>=1.5.8 <1.6.0",
      "resolved": "https://registry.npmjs.org/wrench/-/wrench-1.5.8.tgz"
    },
-    "xml2js": {
-      "version": "0.2.8",
-      "from": "xml2js@0.2.8",
-      "resolved": "http://registry.npmjs.org/xml2js/-/xml2js-0.2.8.tgz"
-    },
-    "xmlbuilder": {
-      "version": "0.4.2",
-      "from": "xmlbuilder@0.4.2",
-      "resolved": "http://registry.npmjs.org/xmlbuilder/-/xmlbuilder-0.4.2.tgz"
+    "x509": {
+      "version": "0.2.2",
+      "from": "x509@*",
+      "resolved": "https://registry.npmjs.org/x509/-/x509-0.2.2.tgz",
+      "dependencies": {
+        "nan": {
+          "version": "2.0.9",
+          "from": "nan@2.0.9",
+          "resolved": "https://registry.npmjs.org/nan/-/nan-2.0.9.tgz"
+        }
+      }
    },
    "xtend": {
      "version": "4.0.0",
@@ -16,7 +16,8 @@
    "async": "^1.2.1",
    "aws-sdk": "^2.1.46",
    "body-parser": "^1.13.1",
-    "cloudron-manifestformat": "^1.9.1",
+    "bytes": "^2.1.0",
+    "cloudron-manifestformat": "^2.0.0",
    "connect-ensure-login": "^0.1.1",
    "connect-lastmile": "0.0.13",
    "connect-timeout": "^1.5.0",
@@ -61,7 +62,8 @@
    "tail-stream": "https://registry.npmjs.org/tail-stream/-/tail-stream-0.2.1.tgz",
    "underscore": "^1.7.0",
    "valid-url": "^1.0.9",
-    "validator": "^3.30.0"
+    "validator": "^3.30.0",
+    "x509": "^0.2.2"
  },
  "devDependencies": {
    "apidoc": "*",
@@ -84,6 +86,7 @@
    "nock": "^2.6.0",
    "node-sass": "^3.0.0-alpha.0",
    "redis": "^0.12.1",
+    "request": "^2.65.0",
    "sinon": "^1.12.2",
    "yargs": "^3.15.0"
  },
@@ -3,15 +3,21 @@
 # If you change the infra version, be sure to put a warning
 # in the change log

-INFRA_VERSION=16
+INFRA_VERSION=20

 # WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 # These constants are used in the installer script as well
-BASE_IMAGE=cloudron/base:0.6.0
-MYSQL_IMAGE=cloudron/mysql:0.6.0
-POSTGRESQL_IMAGE=cloudron/postgresql:0.6.0
-MONGODB_IMAGE=cloudron/mongodb:0.6.0
-REDIS_IMAGE=cloudron/redis:0.6.1 # if you change this, fix src/addons.js as well
-MAIL_IMAGE=cloudron/mail:0.6.0
-GRAPHITE_IMAGE=cloudron/graphite:0.6.0
+BASE_IMAGE=cloudron/base:0.7.0
+MYSQL_IMAGE=cloudron/mysql:0.7.0
+POSTGRESQL_IMAGE=cloudron/postgresql:0.7.0
+MONGODB_IMAGE=cloudron/mongodb:0.7.0
+REDIS_IMAGE=cloudron/redis:0.7.0 # if you change this, fix src/addons.js as well
+MAIL_IMAGE=cloudron/mail:0.8.0
+GRAPHITE_IMAGE=cloudron/graphite:0.7.0

+MYSQL_REPO=cloudron/mysql
+POSTGRESQL_REPO=cloudron/postgresql
+MONGODB_REPO=cloudron/mongodb
+REDIS_REPO=cloudron/redis # if you change this, fix src/addons.js as well
+MAIL_REPO=cloudron/mail
+GRAPHITE_REPO=cloudron/graphite
@@ -14,12 +14,13 @@ rm -rf "${CONFIG_DIR}"
 sudo -u yellowtent mkdir "${CONFIG_DIR}"

 ########## systemd
+rm -f /etc/systemd/system/janitor.*
 cp -r "${container_files}/systemd/." /etc/systemd/system/
 systemctl daemon-reload
 systemctl enable cloudron.target

 ########## sudoers
-rm /etc/sudoers.d/*
+rm -f /etc/sudoers.d/*
 cp "${container_files}/sudoers" /etc/sudoers.d/yellowtent

 ########## collectd
@@ -2,8 +2,8 @@
 Description=Cloudron Smart Cloud
 Documentation=https://cloudron.io/documentation.html
 StopWhenUnneeded=true
-Requires=box.service janitor.timer
-After=box.service janitor.timer
+Requires=box.service
+After=box.service
 # AllowIsolate=yes

 [Install]
@@ -1,15 +0,0 @@
-[Unit]
-Description=Cloudron Janitor
-OnFailure=crashnotifier@%n.service
-
-[Service]
-Type=simple
-WorkingDirectory=/home/yellowtent/box
-Restart=no
-ExecStart=/usr/bin/node /home/yellowtent/box/janitor.js
-Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
-KillMode=process
-User=yellowtent
-Group=yellowtent
-MemoryLimit=50M
-WatchdogSec=30
@@ -1,10 +0,0 @@
-[Unit]
-Description=Cloudron Janitor
-StopWhenUnneeded=true
-
-[Timer]
-# this activates it immediately
-OnBootSec=0
-OnUnitActiveSec=30min
-Unit=janitor.service
-
@@ -29,10 +29,10 @@ infra_version="none"
 if [[ "${arg_retire}" == "true" || "${infra_version}" != "${INFRA_VERSION}" ]]; then
    rm -f ${DATA_DIR}/nginx/applications/*
    ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \
-        -O "{ \"vhost\": \"~^(.+)\$\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
+        -O "{ \"vhost\": \"~^(.+)\$\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
 else
    ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \
-        -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
+        -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
 fi

 echo '{ "update": { "percent": "10", "message": "Updating cloudron software" }, "backup": null }' > "${SETUP_WEBSITE_DIR}/progress.json"
@@ -38,6 +38,7 @@ set_progress "10" "Ensuring directories"
 # keep these in sync with paths.js
 [[ "${is_update}" == "false" ]] && btrfs subvolume create "${DATA_DIR}/box"
 mkdir -p "${DATA_DIR}/box/appicons"
+mkdir -p "${DATA_DIR}/box/certs"
 mkdir -p "${DATA_DIR}/box/mail"
 mkdir -p "${DATA_DIR}/graphite"

@@ -106,7 +107,7 @@ ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/nginx.ejs

 # generate these for update code paths as well to overwrite splash
 ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \
-    -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"admin\", \"sourceDir\": \"${BOX_SRC_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
+    -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"admin\", \"sourceDir\": \"${BOX_SRC_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf"

 mkdir -p "${DATA_DIR}/nginx/cert"
 echo "${arg_tls_cert}" > ${DATA_DIR}/nginx/cert/host.cert
@@ -114,6 +115,7 @@ echo "${arg_tls_key}" > ${DATA_DIR}/nginx/cert/host.key

 set_progress "33" "Changing ownership"
 chown "${USER}:${USER}" -R "${DATA_DIR}/box" "${DATA_DIR}/nginx" "${DATA_DIR}/collectd" "${DATA_DIR}/addons"
+chown "${USER}:${USER}" "${DATA_DIR}"

 set_progress "40" "Setting up infra"
 ${script_dir}/start/setup_infra.sh "${arg_fqdn}"
@@ -157,14 +159,14 @@ EOF
 # The domain might have changed, therefor we have to update the record
 # !!! This needs to be in sync with the webadmin, specifically login_callback.js
 echo "Add webadmin oauth cient"
-ADMIN_SCOPES="root,developer,profile,users,apps,settings,roleUser"
+ADMIN_SCOPES="root,developer,profile,users,apps,settings"
 mysql -u root -p${mysql_root_password} \
-    -e "REPLACE INTO clients (id, appId, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"webadmin\", \"secret-webadmin\", \"${admin_origin}\", \"${ADMIN_SCOPES}\")" box
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"webadmin\", \"admin\", \"secret-webadmin\", \"${admin_origin}\", \"${ADMIN_SCOPES}\")" box

-echo "Add localhost test oauth cient"
-ADMIN_SCOPES="root,developer,profile,users,apps,settings,roleUser"
+echo "Add localhost test oauth client"
+ADMIN_SCOPES="root,developer,profile,users,apps,settings"
 mysql -u root -p${mysql_root_password} \
-    -e "REPLACE INTO clients (id, appId, clientSecret, redirectURI, scope) VALUES (\"cid-test\", \"test\", \"secret-test\", \"http://127.0.0.1:5000\", \"${ADMIN_SCOPES}\")" box
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-test\", \"test\", \"test\", \"secret-test\", \"http://127.0.0.1:5000\", \"${ADMIN_SCOPES}\")" box

 set_progress "80" "Starting Cloudron"
 systemctl start cloudron.target
@@ -10,8 +10,8 @@ server {

    ssl                  on;
    # paths are relative to prefix and not to this file
-    ssl_certificate      cert/host.cert;
-    ssl_certificate_key  cert/host.key;
+    ssl_certificate      <%= certFilePath %>;
+    ssl_certificate_key  <%= keyFilePath %>;
    ssl_session_timeout  5m;
    ssl_session_cache shared:SSL:50m;

@@ -34,9 +34,12 @@ graphite_container_id=$(docker run --restart=always -d --name="graphite" \
    -p 127.0.0.1:2004:2004 \
    -p 127.0.0.1:8000:8000 \
    -v "${DATA_DIR}/graphite:/app/data" \
-    --read-only -v /tmp -v /run -v /var/log \
+    --read-only -v /tmp -v /run \
    "${GRAPHITE_IMAGE}")
 echo "Graphite container id: ${graphite_container_id}"
+if docker images "${GRAPHITE_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${GRAPHITE_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old graphite images"
+fi

 # mail (MAIL_SMTP_PORT is 2500 in addons.js. used in mailer.js as well)
 mail_container_id=$(docker run --restart=always -d --name="mail" \
@@ -45,9 +48,12 @@ mail_container_id=$(docker run --restart=always -d --name="mail" \
    -h "${arg_fqdn}" \
    -e "DOMAIN_NAME=${arg_fqdn}" \
    -v "${DATA_DIR}/box/mail:/app/data" \
-    --read-only -v /tmp -v /run -v /var/log \
+    --read-only -v /tmp -v /run \
    "${MAIL_IMAGE}")
 echo "Mail container id: ${mail_container_id}"
+if docker images "${MAIL_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${MAIL_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old mail images"
+fi

 # mysql
 mysql_addon_root_password=$(pwgen -1 -s)
@@ -62,9 +68,12 @@ mysql_container_id=$(docker run --restart=always -d --name="mysql" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/mysql:/var/lib/mysql" \
    -v "${DATA_DIR}/addons/mysql_vars.sh:/etc/mysql/mysql_vars.sh:ro" \
-    --read-only -v /tmp -v /run -v /var/log \
+    --read-only -v /tmp -v /run \
    "${MYSQL_IMAGE}")
 echo "MySQL container id: ${mysql_container_id}"
+if docker images "${MYSQL_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${MYSQL_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old mysql images"
+fi

 # postgresql
 postgresql_addon_root_password=$(pwgen -1 -s)
@@ -77,9 +86,12 @@ postgresql_container_id=$(docker run --restart=always -d --name="postgresql" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/postgresql:/var/lib/postgresql" \
    -v "${DATA_DIR}/addons/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh:ro" \
-    --read-only -v /tmp -v /run -v /var/log \
+    --read-only -v /tmp -v /run \
    "${POSTGRESQL_IMAGE}")
 echo "PostgreSQL container id: ${postgresql_container_id}"
+if docker images "${POSTGRESQL_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${POSTGRESQL_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old postgresql images"
+fi

 # mongodb
 mongodb_addon_root_password=$(pwgen -1 -s)
@@ -92,9 +104,17 @@ mongodb_container_id=$(docker run --restart=always -d --name="mongodb" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/mongodb:/var/lib/mongodb" \
    -v "${DATA_DIR}/addons/mongodb_vars.sh:/etc/mongodb_vars.sh:ro" \
-    --read-only -v /tmp -v /run -v /var/log \
+    --read-only -v /tmp -v /run \
    "${MONGODB_IMAGE}")
 echo "Mongodb container id: ${mongodb_container_id}"
+if docker images "${MONGODB_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${MONGODB_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old mongodb images"
+fi
+
+# redis
+if docker images "${REDIS_REPO}" | tail -n +2 | awk '{ print $1 ":" $2 }' | grep -v "${REDIS_IMAGE}" | xargs --no-run-if-empty docker rmi; then
+    echo "Removed old redis images"
+fi

 # only touch apps in installed state. any other state is just resumed by the taskmanager
 if [[ "${infra_version}" == "none" ]]; then
@@ -107,4 +127,3 @@ else
 fi

 echo -n "${INFRA_VERSION}" > "${DATA_DIR}/INFRA_VERSION"
-
@@ -23,62 +23,36 @@ var appdb = require('./appdb.js'),
    config = require('./config.js'),
    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:addons'),
-    docker = require('./docker.js'),
+    docker = require('./docker.js').connection,
    fs = require('fs'),
    generatePassword = require('password-generator'),
    hat = require('hat'),
    MemoryStream = require('memorystream'),
    once = require('once'),
-    os = require('os'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    shell = require('./shell.js'),
    spawn = child_process.spawn,
    util = require('util'),
-    uuid = require('node-uuid'),
-    vbox = require('./vbox.js');
+    uuid = require('node-uuid');

 var NOOP = function (app, options, callback) { return callback(); };

 // setup can be called multiple times for the same app (configure crash restart) and existing data must not be lost
 // teardown is destructive. app data stored with the addon is lost
 var KNOWN_ADDONS = {
-    oauth: {
-        setup: setupOauth,
-        teardown: teardownOauth,
-        backup: NOOP,
-        restore: setupOauth
-    },
-    simpleauth: {
-        setup: setupSimpleAuth,
-        teardown: teardownSimpleAuth,
-        backup: NOOP,
-        restore: setupSimpleAuth
-    },
    ldap: {
        setup: setupLdap,
        teardown: teardownLdap,
        backup: NOOP,
        restore: setupLdap
    },
-    sendmail: {
-        setup: setupSendMail,
-        teardown: teardownSendMail,
-        backup: NOOP,
-        restore: setupSendMail
-    },
-    mysql: {
-        setup: setupMySql,
-        teardown: teardownMySql,
-        backup: backupMySql,
-        restore: restoreMySql,
-    },
-    postgresql: {
-        setup: setupPostgreSql,
-        teardown: teardownPostgreSql,
-        backup: backupPostgreSql,
-        restore: restorePostgreSql
+    localstorage: {
+        setup: NOOP, // docker creates the directory for us
+        teardown: NOOP,
+        backup: NOOP, // no backup because it's already inside app data
+        restore: NOOP
    },
    mongodb: {
        setup: setupMongoDb,
@@ -86,18 +60,48 @@ var KNOWN_ADDONS = {
        backup: backupMongoDb,
        restore: restoreMongoDb
    },
+    mysql: {
+        setup: setupMySql,
+        teardown: teardownMySql,
+        backup: backupMySql,
+        restore: restoreMySql,
+    },
+    oauth: {
+        setup: setupOauth,
+        teardown: teardownOauth,
+        backup: NOOP,
+        restore: setupOauth
+    },
+    postgresql: {
+        setup: setupPostgreSql,
+        teardown: teardownPostgreSql,
+        backup: backupPostgreSql,
+        restore: restorePostgreSql
+    },
    redis: {
        setup: setupRedis,
        teardown: teardownRedis,
        backup: backupRedis,
        restore: setupRedis // same thing
    },
-    localstorage: {
-        setup: NOOP, // docker creates the directory for us
+    sendmail: {
+        setup: setupSendMail,
+        teardown: teardownSendMail,
+        backup: NOOP,
+        restore: setupSendMail
+    },
+    scheduler: {
+        setup: NOOP,
        teardown: NOOP,
-        backup: NOOP, // no backup because it's already inside app data
+        backup: NOOP,
        restore: NOOP
    },
+    simpleauth: {
+        setup: setupSimpleAuth,
+        teardown: teardownSimpleAuth,
+        backup: NOOP,
+        restore: setupSimpleAuth
+    },
    _docker: {
        setup: NOOP,
        teardown: NOOP,
@@ -241,18 +245,17 @@ function setupOauth(app, options, callback) {
    assert.strictEqual(typeof callback, 'function');

    var appId = app.id;
-    var id = 'cid-addon-oauth-' + uuid.v4();
+    var id = 'cid-' + uuid.v4();
    var clientSecret = hat(256);
    var redirectURI = 'https://' + config.appFqdn(app.location);
-    var scope = 'profile,roleUser';
+    var scope = 'profile';

    debugApp(app, 'setupOauth: id:%s clientSecret:%s', id, clientSecret);

-    // ensure 'addon-oauth-' is in sync with oauth.js
-    clientdb.delByAppId('addon-oauth-' + appId, function (error) { // remove existing creds
+    clientdb.delByAppIdAndType(appId, clientdb.TYPE_OAUTH, function (error) { // remove existing creds
        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

-        clientdb.add(id, 'addon-oauth-' + appId, clientSecret, redirectURI, scope, function (error) {
+        clientdb.add(id, appId, clientdb.TYPE_OAUTH, clientSecret, redirectURI, scope, function (error) {
            if (error) return callback(error);

            var env = [
@@ -275,7 +278,7 @@ function teardownOauth(app, options, callback) {

    debugApp(app, 'teardownOauth');

-    clientdb.delByAppId('addon-oauth-' + app.id, function (error) {
+    clientdb.delByAppIdAndType(app.id, clientdb.TYPE_OAUTH, function (error) {
        if (error && error.reason !== DatabaseError.NOT_FOUND) console.error(error);

        appdb.unsetAddonConfig(app.id, 'oauth', callback);
@@ -288,16 +291,15 @@ function setupSimpleAuth(app, options, callback) {
    assert.strictEqual(typeof callback, 'function');

    var appId = app.id;
-    var id = 'cid-addon-simpleauth-' + uuid.v4();
-    var scope = 'profile,roleUser';
+    var id = 'cid-' + uuid.v4();
+    var scope = 'profile';

    debugApp(app, 'setupSimpleAuth: id:%s', id);

-    // ensure 'addon-simpleauth-' is in sync with oauth.js
-    clientdb.delByAppId('addon-simpleauth-' + appId, function (error) { // remove existing creds
+    clientdb.delByAppIdAndType(app.id, clientdb.TYPE_SIMPLE_AUTH, function (error) { // remove existing creds
        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

-        clientdb.add(id, 'addon-simpleauth-' + appId, '', '', scope, function (error) {
+        clientdb.add(id, appId, clientdb.TYPE_SIMPLE_AUTH, '', '', scope, function (error) {
            if (error) return callback(error);

            var env = [
@@ -322,7 +324,7 @@ function teardownSimpleAuth(app, options, callback) {

    debugApp(app, 'teardownSimpleAuth');

-    clientdb.delByAppId('addon-simpleauth-' + app.id, function (error) {
+    clientdb.delByAppIdAndType(app.id, clientdb.TYPE_SIMPLE_AUTH, function (error) {
        if (error && error.reason !== DatabaseError.NOT_FOUND) console.error(error);

        appdb.unsetAddonConfig(app.id, 'simpleauth', callback);
@@ -712,8 +714,6 @@ function forwardRedisPort(appId, callback) {
        var redisPort = parseInt(safe.query(data, 'NetworkSettings.Ports.6379/tcp[0].HostPort'), 10);
        if (!Number.isInteger(redisPort)) return callback(new Error('Unable to get container port mapping'));

-        vbox.forwardFromHostToVirtualBox('redis-' + appId, redisPort);
-
        return callback(null);
    });
 }
@@ -754,36 +754,30 @@ function setupRedis(app, options, callback) {

    var createOptions = {
        name: 'redis-' + app.id,
-        Hostname: config.appFqdn(app.location),
+        Hostname: 'redis-' + app.location,
        Tty: true,
-        Image: 'cloudron/redis:0.6.1', // if you change this, fix setup/INFRA_VERSION as well
+        Image: 'cloudron/redis:0.7.0', // if you change this, fix setup/INFRA_VERSION as well
        Cmd: null,
        Volumes: {
            '/tmp': {},
-            '/run': {},
-            '/var/log': {}
+            '/run': {}
        },
-        VolumesFrom: []
-    };
-
-    var isMac = os.platform() === 'darwin';
-
-    var startOptions = {
-        Binds: [
-            redisVarsFile + ':/etc/redis/redis_vars.sh:ro',
-            redisDataDir + ':/var/lib/redis:rw'
-        ],
-        Memory: 1024 * 1024 * 75, // 100mb
-        MemorySwap: 1024 * 1024 * 75 * 2, // 150mb
-        // On Mac (boot2docker), we have to export the port to external world for port forwarding from Mac to work
-        // On linux, export to localhost only for testing purposes and not for the app itself
-        PortBindings: {
-            '6379/tcp': [{ HostPort: '0', HostIp: isMac ? '0.0.0.0' : '127.0.0.1' }]
-        },
-        ReadonlyRootfs: true,
-        RestartPolicy: {
-            'Name': 'always',
-            'MaximumRetryCount': 0
+        VolumesFrom: [],
+        HostConfig: {
+            Binds: [
+                redisVarsFile + ':/etc/redis/redis_vars.sh:ro',
+                redisDataDir + ':/var/lib/redis:rw'
+            ],
+            Memory: 1024 * 1024 * 75, // 100mb
+            MemorySwap: 1024 * 1024 * 75 * 2, // 150mb
+            PortBindings: {
+                '6379/tcp': [{ HostPort: '0', HostIp: '127.0.0.1' }]
+            },
+            ReadonlyRootfs: true,
+            RestartPolicy: {
+                'Name': 'always',
+                'MaximumRetryCount': 0
+            }
        }
    };

@@ -799,7 +793,7 @@ function setupRedis(app, options, callback) {
        docker.createContainer(createOptions, function (error) {
            if (error && error.statusCode !== 409) return callback(error); // if not already created

-            redisContainer.start(startOptions, function (error) {
+            redisContainer.start(function (error) {
                if (error && error.statusCode !== 304) return callback(error); // if not already running

                appdb.setAddonConfig(app.id, 'redis', env, function (error) {
@@ -827,8 +821,6 @@ function teardownRedis(app, options, callback) {
   container.remove(removeOptions, function (error) {
       if (error && error.statusCode !== 404) return callback(new Error('Error removing container:' + error));

-       vbox.unforwardFromHostToVirtualBox('redis-' + app.id);
-
       safe.fs.unlinkSync(paths.ADDON_CONFIG_DIR, 'redis-' + app.id + '_vars.sh');

        shell.sudo('teardownRedis', [ RMAPPDIR_CMD, app.id + '/redis' ], function (error, stdout, stderr) {
@@ -57,13 +57,9 @@ var assert = require('assert'),
    safe = require('safetydance'),
    util = require('util');

-var APPS_FIELDS = [ 'id', 'appStoreId', 'installationState', 'installationProgress', 'runState',
-    'health', 'containerId', 'manifestJson', 'httpPort', 'location', 'dnsRecordId',
-    'accessRestriction', 'lastBackupId', 'lastBackupConfigJson', 'oldConfigJson', 'oauthProxy' ].join(',');
-
 var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.installationProgress', 'apps.runState',
    'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.httpPort', 'apps.location', 'apps.dnsRecordId',
-    'apps.accessRestriction', 'apps.lastBackupId', 'apps.lastBackupConfigJson', 'apps.oldConfigJson', 'apps.oauthProxy' ].join(',');
+    'apps.accessRestrictionJson', 'apps.lastBackupId', 'apps.lastBackupConfigJson', 'apps.oldConfigJson', 'apps.oauthProxy' ].join(',');

 var PORT_BINDINGS_FIELDS = [ 'hostPort', 'environmentVariable', 'appId' ].join(',');

@@ -97,6 +93,11 @@ function postProcess(result) {
    }

    result.oauthProxy = !!result.oauthProxy;
+
+    assert(result.accessRestrictionJson === null || typeof result.accessRestrictionJson === 'string');
+    result.accessRestriction = safe.JSON.parse(result.accessRestrictionJson);
+    if (result.accessRestriction && !result.accessRestriction.users) result.accessRestriction.users = [];
+    delete result.accessRestrictionJson;
 }

 function get(id, callback) {
@@ -185,18 +186,19 @@ function add(id, appStoreId, manifest, location, portBindings, accessRestriction
    assert.strictEqual(typeof manifest.version, 'string');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof portBindings, 'object');
-    assert.strictEqual(typeof accessRestriction, 'string');
+    assert.strictEqual(typeof accessRestriction, 'object');
    assert.strictEqual(typeof oauthProxy, 'boolean');
    assert.strictEqual(typeof callback, 'function');

    portBindings = portBindings || { };

    var manifestJson = JSON.stringify(manifest);
+    var accessRestrictionJson = JSON.stringify(accessRestriction);

    var queries = [ ];
    queries.push({
-        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, location, accessRestriction, oauthProxy) VALUES (?, ?, ?, ?, ?, ?, ?)',
-        args: [ id, appStoreId, manifestJson, exports.ISTATE_PENDING_INSTALL, location, accessRestriction, oauthProxy ]
+        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, location, accessRestrictionJson, oauthProxy) VALUES (?, ?, ?, ?, ?, ?, ?)',
+        args: [ id, appStoreId, manifestJson, exports.ISTATE_PENDING_INSTALL, location, accessRestrictionJson, oauthProxy ]
    });

    Object.keys(portBindings).forEach(function (env) {
@@ -305,6 +307,9 @@ function updateWithConstraints(id, app, constraints, callback) {
        } else if (p === 'oldConfig') {
            fields.push('oldConfigJson = ?');
            values.push(JSON.stringify(app[p]));
+        } else if (p === 'accessRestriction') {
+            fields.push('accessRestrictionJson = ?');
+            values.push(JSON.stringify(app[p]));
        } else if (p !== 'portBindings') {
            fields.push(p + ' = ?');
            values.push(app[p]);
@@ -5,7 +5,7 @@ var appdb = require('./appdb.js'),
    async = require('async'),
    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:apphealthmonitor'),
-    docker = require('./docker.js'),
+    docker = require('./docker.js').connection,
    mailer = require('./mailer.js'),
    superagent = require('superagent'),
    util = require('util');
@@ -97,7 +97,6 @@ function checkAppHealth(app, callback) {
                debugApp(app, 'not alive : %s', error || res.status);
                setHealth(app, appdb.HEALTH_UNHEALTHY, callback);
            } else {
-                debugApp(app, 'alive');
                setHealth(app, appdb.HEALTH_HEALTHY, callback);
            }
        });
@@ -110,6 +109,9 @@ function processApps(callback) {

        async.each(apps, checkAppHealth, function (error) {
            if (error) console.error(error);
+
+            debug('apps alive: [%s]', apps.map(function (a) { return a.location; }).join(', '));
+
            callback(null);
        });
    });
@@ -159,9 +161,8 @@ function processDockerEvents() {
        });

        stream.on('end', function () {
-            console.error('Docke event stream ended');
+            console.error('Docker event stream ended');
            gDockerEventStream = null; // TODO: reconnect?
-            stream.end();
        });
    });
 }
@@ -5,6 +5,8 @@
 exports = module.exports = {
    AppsError: AppsError,

+    hasAccessTo: hasAccessTo,
+
    get: get,
    getBySubdomain: getBySubdomain,
    getAll: getAll,
@@ -37,7 +39,8 @@ exports = module.exports = {

    // exported for testing
    _validateHostname: validateHostname,
-    _validatePortBindings: validatePortBindings
+    _validatePortBindings: validatePortBindings,
+    _validateAccessRestriction: validateAccessRestriction
 };

 var addons = require('./addons.js'),
@@ -50,12 +53,13 @@ var addons = require('./addons.js'),
    constants = require('./constants.js'),
    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:apps'),
-    docker = require('./docker.js'),
+    docker = require('./docker.js').connection,
    fs = require('fs'),
    manifestFormat = require('cloudron-manifestformat'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
+    settings = require('./settings.js'),
    semver = require('semver'),
    shell = require('./shell.js'),
    split = require('split'),
@@ -114,6 +118,9 @@ AppsError.BAD_STATE = 'Bad State';
 AppsError.PORT_RESERVED = 'Port Reserved';
 AppsError.PORT_CONFLICT = 'Port Conflict';
 AppsError.BILLING_REQUIRED = 'Billing Required';
+AppsError.ACCESS_DENIED = 'Access denied';
+AppsError.USER_REQUIRED = 'User required';
+AppsError.BAD_CERTIFICATE = 'Invalid certificate';

 // Hostname validation comes from RFC 1123 (section 2.1)
 // Domain name validation comes from RFC 2181 (Name syntax)
@@ -179,6 +186,18 @@ function validatePortBindings(portBindings, tcpPorts) {
    return null;
 }

+function validateAccessRestriction(accessRestriction) {
+    assert.strictEqual(typeof accessRestriction, 'object');
+
+    if (accessRestriction === null) return null;
+
+    if (!accessRestriction.users || !Array.isArray(accessRestriction.users)) return new Error('users array property required');
+    if (accessRestriction.users.length === 0) return new Error('users array cannot be empty');
+    if (!accessRestriction.users.every(function (e) { return typeof e === 'string'; })) return new Error('All users have to be strings');
+
+    return null;
+}
+
 function getDuplicateErrorDetails(location, portBindings, error) {
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof portBindings, 'object');
@@ -206,6 +225,14 @@ function getIconUrlSync(app) {
    return fs.existsSync(iconPath) ? '/api/v1/apps/' + app.id + '/icon' : null;
 }

+function hasAccessTo(app, user) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof user, 'object');
+
+    if (app.accessRestriction === null) return true;
+    return app.accessRestriction.users.some(function (e) { return e === user.id; });
+}
+
 function get(appId, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -251,18 +278,6 @@ function getAll(callback) {
    });
 }

-function validateAccessRestriction(accessRestriction) {
-    // TODO: make the values below enumerations in the oauth code
-    switch (accessRestriction) {
-    case '':
-    case 'roleUser':
-    case 'roleAdmin':
-        return null;
-    default:
-        return new Error('Invalid accessRestriction');
-    }
-}
-
 function purchase(appStoreId, callback) {
    assert.strictEqual(typeof appStoreId, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -281,15 +296,17 @@ function purchase(appStoreId, callback) {
    });
 }

-function install(appId, appStoreId, manifest, location, portBindings, accessRestriction, oauthProxy, icon, callback) {
+function install(appId, appStoreId, manifest, location, portBindings, accessRestriction, oauthProxy, icon, cert, key, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof appStoreId, 'string');
    assert(manifest && typeof manifest === 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof portBindings, 'object');
-    assert.strictEqual(typeof accessRestriction, 'string');
+    assert.strictEqual(typeof accessRestriction, 'object');
    assert.strictEqual(typeof oauthProxy, 'boolean');
    assert(!icon || typeof icon === 'string');
+    assert(cert === null || typeof cert === 'string');
+    assert(key === null || typeof key === 'string');
    assert.strictEqual(typeof callback, 'function');

    var error = manifestFormat.parse(manifest);
@@ -307,6 +324,10 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
    error = validateAccessRestriction(accessRestriction);
    if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));

+    // singleUser mode requires accessRestriction to contain exactly one user
+    if (manifest.singleUser && accessRestriction === null) return callback(new AppsError(AppsError.USER_REQUIRED));
+    if (manifest.singleUser && accessRestriction.users.length !== 1) return callback(new AppsError(AppsError.USER_REQUIRED));
+
    if (icon) {
        if (!validator.isBase64(icon)) return callback(new AppsError(AppsError.BAD_FIELD, 'icon is not base64'));

@@ -315,6 +336,9 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
        }
    }

+    error = settings.validateCertificate(cert, key, config.appFqdn(location));
+    if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));
+
    debug('Will install app with id : ' + appId);

    purchase(appStoreId, function (error) {
@@ -324,6 +348,12 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
            if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails(location.toLowerCase(), portBindings, error));
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

+            // save cert to data/box/certs
+            if (cert && key) {
+                if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message));
+                if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message));
+            }
+
            taskmanager.restartAppTask(appId);

            callback(null);
@@ -331,12 +361,14 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
    });
 }

-function configure(appId, location, portBindings, accessRestriction, oauthProxy, callback) {
+function configure(appId, location, portBindings, accessRestriction, oauthProxy, cert, key, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof portBindings, 'object');
-    assert.strictEqual(typeof accessRestriction, 'string');
+    assert.strictEqual(typeof accessRestriction, 'object');
    assert.strictEqual(typeof oauthProxy, 'boolean');
+    assert(cert === null || typeof cert === 'string');
+    assert(key === null || typeof key === 'string');
    assert.strictEqual(typeof callback, 'function');

    var error = validateHostname(location, config.fqdn());
@@ -345,6 +377,9 @@ function configure(appId, location, portBindings, accessRestriction, oauthProxy,
    error = validateAccessRestriction(accessRestriction);
    if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));

+    error = settings.validateCertificate(cert, key, config.appFqdn(location));
+    if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));
+
    appdb.get(appId, function (error, app) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
@@ -352,6 +387,12 @@ function configure(appId, location, portBindings, accessRestriction, oauthProxy,
        error = validatePortBindings(portBindings, app.manifest.tcpPorts);
        if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));

+        // save cert to data/box/certs
+        if (cert && key) {
+            if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message));
+            if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message));
+        }
+
        var values = {
            location: location.toLowerCase(),
            accessRestriction: accessRestriction,
@@ -416,7 +457,9 @@ function update(appId, force, manifest, portBindings, icon, callback) {
            portBindings: portBindings,
            oldConfig: {
                manifest: app.manifest,
-                portBindings: app.portBindings
+                portBindings: app.portBindings,
+                accessRestriction: app.accessRestriction,
+                oauthProxy: app.oauthProxy
            }
        };

@@ -47,11 +47,9 @@ var addons = require('./addons.js'),
    hat = require('hat'),
    manifestFormat = require('cloudron-manifestformat'),
    net = require('net'),
-    os = require('os'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
-    semver = require('semver'),
    shell = require('./shell.js'),
    SubdomainError = require('./subdomainerror.js'),
    subdomains = require('./subdomains.js'),
@@ -59,7 +57,6 @@ var addons = require('./addons.js'),
    sysinfo = require('./sysinfo.js'),
    util = require('util'),
    uuid = require('node-uuid'),
-    vbox = require('./vbox.js'),
    _ = require('underscore');

 var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
@@ -80,14 +77,6 @@ function debugApp(app, args) {
    debug(prefix + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }

-function targetBoxVersion(manifest) {
-    if ('targetBoxVersion' in manifest) return manifest.targetBoxVersion;
-
-    if ('minBoxVersion' in manifest) return manifest.minBoxVersion;
-
-    return '0.0.1';
-}
-
 // We expect conflicts to not happen despite closing the port (parallel app installs, app update does not reconfigure nginx etc)
 // https://tools.ietf.org/html/rfc6056#section-3.5 says linux uses random ephemeral port allocation
 function getFreePort(callback) {
@@ -110,7 +99,20 @@ function configureNginx(app, callback) {

        var sourceDir = path.resolve(__dirname, '..');
        var endpoint = app.oauthProxy ? 'oauthproxy' : 'app';
-        var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, { sourceDir: sourceDir, adminOrigin: config.adminOrigin(), vhost: config.appFqdn(app.location), port: freePort, endpoint: endpoint });
+        var vhost = config.appFqdn(app.location);
+        var certFilePath = safe.fs.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.cert')) ? path.join(paths.APP_CERTS_DIR, vhost + '.cert') : 'cert/host.cert';
+        var keyFilePath = safe.fs.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.key')) ? path.join(paths.APP_CERTS_DIR, vhost + '.key') : 'cert/host.key';
+
+        var data = {
+            sourceDir: sourceDir,
+            adminOrigin: config.adminOrigin(),
+            vhost: vhost,
+            port: freePort,
+            endpoint: endpoint,
+            certFilePath: certFilePath,
+            keyFilePath: keyFilePath
+        };
+        var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);

        var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
        debugApp(app, 'writing config to %s', nginxConfigFilename);
@@ -124,8 +126,6 @@ function configureNginx(app, callback) {
            exports._reloadNginx,
            updateApp.bind(null, app, { httpPort: freePort })
        ], callback);
-
-        vbox.forwardFromHostToVirtualBox(app.id + '-http', freePort);
    });
 }

@@ -137,161 +137,27 @@ function unconfigureNginx(app, callback) {
    }

    exports._reloadNginx(callback);
-
-    vbox.unforwardFromHostToVirtualBox(app.id + '-http');
-}
-
-function pullImage(app, callback) {
-    docker.pull(app.manifest.dockerImage, function (err, stream) {
-        if (err) return callback(new Error('Error connecting to docker. statusCode: %s' + err.statusCode));
-
-        // https://github.com/dotcloud/docker/issues/1074 says each status message
-        // is emitted as a chunk
-        stream.on('data', function (chunk) {
-            var data = safe.JSON.parse(chunk) || { };
-            debugApp(app, 'pullImage data: %j', data);
-
-            // The information here is useless because this is per layer as opposed to per image
-            if (data.status) {
-                // debugApp(app, 'progress: %s', data.status); // progressDetail { current, total }
-            } else if (data.error) {
-                debugApp(app, 'pullImage error detail: %s', data.errorDetail.message);
-            }
-        });
-
-        stream.on('end', function () {
-            debugApp(app, 'download image successfully');
-
-            var image = docker.getImage(app.manifest.dockerImage);
-
-            image.inspect(function (err, data) {
-                if (err) return callback(new Error('Error inspecting image:' + err.message));
-                if (!data || !data.Config) return callback(new Error('Missing Config in image:' + JSON.stringify(data, null, 4)));
-                if (!data.Config.Entrypoint && !data.Config.Cmd) return callback(new Error('Only images with entry point are allowed'));
-
-                debugApp(app, 'This image exposes ports: %j', data.Config.ExposedPorts);
-
-                callback(null);
-            });
-        });
-
-        stream.on('error', function (error) {
-            debugApp(app, 'pullImage error : %j', error);
-
-            callback(error);
-        });
-    });
-}
-
-function downloadImage(app, callback) {
-    debugApp(app, 'downloadImage %s', app.manifest.dockerImage);
-
-    var attempt = 1;
-
-    async.retry({ times: 5, interval: 15000 }, function (retryCallback) {
-        debugApp(app, 'Downloading image. attempt: %s', attempt++);
-
-        pullImage(app, function (error) {
-            if (error) console.error(error);
-
-            retryCallback(error);
-        });
-    }, callback);
 }

 function createContainer(app, callback) {
-    appdb.getPortBindings(app.id, function (error, portBindings) {
-        if (error) return callback(error);
+    assert(!app.containerId); // otherwise, it will trigger volumeFrom

-        var manifest = app.manifest;
-        var exposedPorts = {};
-        var env = [];
+    debugApp(app, 'creating container');

-        // docker portBindings requires ports to be exposed
-        exposedPorts[manifest.httpPort + '/tcp'] = {};
+    docker.createContainer(app, function (error, container) {
+        if (error) return callback(new Error('Error creating container: ' + error));

-        for (var e in portBindings) {
-            var hostPort = portBindings[e];
-            var containerPort = manifest.tcpPorts[e].containerPort || hostPort;
-            exposedPorts[containerPort + '/tcp'] = {};
-
-            env.push(e + '=' + hostPort);
-        }
-
-        env.push('CLOUDRON=1');
-        env.push('WEBADMIN_ORIGIN' + '=' + config.adminOrigin());
-        env.push('API_ORIGIN' + '=' + config.adminOrigin());
-
-        addons.getEnvironment(app, function (error, addonEnv) {
-            if (error) return callback(new Error('Error getting addon env: ' + error));
-
-            var containerOptions = {
-                name: app.id,
-                Hostname: config.appFqdn(app.location),
-                Tty: true,
-                Image: app.manifest.dockerImage,
-                Cmd: null,
-                Env: env.concat(addonEnv),
-                ExposedPorts: exposedPorts,
-                Volumes: { // see also ReadonlyRootfs
-                    '/tmp': {},
-                    '/run': {},
-                    '/var/log': {}
-                }
-            };
-
-            debugApp(app, 'Creating container for %s', app.manifest.dockerImage);
-
-            docker.createContainer(containerOptions, function (error, container) {
-                if (error) return callback(new Error('Error creating container: ' + error));
-
-                updateApp(app, { containerId: container.id }, callback);
-            });
-        });
+        updateApp(app, { containerId: container.id }, callback);
    });
 }

-function deleteContainer(app, callback) {
-    if (app.containerId === null) return callback(null);
+function deleteContainers(app, callback) {
+    debugApp(app, 'deleting containers');

-    var container = docker.getContainer(app.containerId);
+    docker.deleteContainers(app.id, function (error) {
+        if (error) return callback(new Error('Error deleting container: ' + error));

-    var removeOptions = {
-        force: true, // kill container if it's running
-        v: true // removes volumes associated with the container (but not host mounts)
-    };
-
-    container.remove(removeOptions, function (error) {
-        if (error && error.statusCode === 404) return updateApp(app, { containerId: null }, callback);
-
-        if (error) debugApp(app, 'Error removing container', error);
-        callback(error);
-    });
-}
-
-function deleteImage(app, manifest, callback) {
-    var dockerImage = manifest ? manifest.dockerImage : null;
-    if (!dockerImage) return callback(null);
-
-    docker.getImage(dockerImage).inspect(function (error, result) {
-        if (error && error.statusCode === 404) return callback(null);
-
-        if (error) return callback(error);
-
-        var removeOptions = {
-            force: true,
-            noprune: false
-        };
-
-         // delete image by id because 'docker pull' pulls down all the tags and this is the only way to delete all tags
-        docker.getImage(result.Id).remove(removeOptions, function (error) {
-            if (error && error.statusCode === 404) return callback(null);
-            if (error && error.statusCode === 409) return callback(null); // another container using the image
-
-            if (error) debugApp(app, 'Error removing image', error);
-
-            callback(error);
-        });
+        updateApp(app, { containerId: null }, callback);
    });
 }

@@ -309,20 +175,19 @@ function allocateOAuthProxyCredentials(app, callback) {

    if (!app.oauthProxy) return callback(null);

-    var appId = 'proxy-' + app.id;
-    var id = 'cid-proxy-' + uuid.v4();
+    var id = 'cid-' + uuid.v4();
    var clientSecret = hat(256);
    var redirectURI = 'https://' + config.appFqdn(app.location);
-    var scope = 'profile,roleUser';
+    var scope = 'profile';

-    clientdb.add(id, appId, clientSecret, redirectURI, scope, callback);
+    clientdb.add(id, app.id, clientdb.TYPE_PROXY, clientSecret, redirectURI, scope, callback);
 }

 function removeOAuthProxyCredentials(app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-    clientdb.delByAppId('proxy-' + app.id, function (error) {
+    clientdb.delByAppIdAndType(app.id, clientdb.TYPE_PROXY, function (error) {
        if (error && error.reason !== DatabaseError.NOT_FOUND) {
            debugApp(app, 'Error removing OAuth client id', error);
            return callback(error);
@@ -347,87 +212,6 @@ function removeCollectdProfile(app, callback) {
    });
 }

-function startContainer(app, callback) {
-    appdb.getPortBindings(app.id, function (error, portBindings) {
-        if (error) return callback(error);
-
-        var manifest = app.manifest;
-
-        var dockerPortBindings = { };
-        var isMac = os.platform() === 'darwin';
-
-        // On Mac (boot2docker), we have to export the port to external world for port forwarding from Mac to work
-        dockerPortBindings[manifest.httpPort + '/tcp'] = [ { HostIp: isMac ? '0.0.0.0' : '127.0.0.1', HostPort: app.httpPort + '' } ];
-
-        for (var env in portBindings) {
-            var hostPort = portBindings[env];
-            var containerPort = manifest.tcpPorts[env].containerPort || hostPort;
-            dockerPortBindings[containerPort + '/tcp'] = [ { HostIp: '0.0.0.0', HostPort: hostPort + '' } ];
-            vbox.forwardFromHostToVirtualBox(app.id + '-tcp' + containerPort, hostPort);
-        }
-
-        var memoryLimit = manifest.memoryLimit || 1024 * 1024 * 200; // 200mb by default
-
-        var startOptions = {
-            Binds: addons.getBindsSync(app, app.manifest.addons),
-            Memory: memoryLimit / 2,
-            MemorySwap: memoryLimit, // Memory + Swap
-            PortBindings: dockerPortBindings,
-            PublishAllPorts: false,
-            ReadonlyRootfs: semver.gte(targetBoxVersion(app.manifest), '0.0.66'), // see also Volumes in startContainer
-            Links: addons.getLinksSync(app, app.manifest.addons),
-            RestartPolicy: {
-                "Name": "always",
-                "MaximumRetryCount": 0
-            },
-            CpuShares: 512, // relative to 1024 for system processes
-            SecurityOpt: config.CLOUDRON ? [ "apparmor:docker-cloudron-app" ] : null // profile available only on cloudron
-        };
-
-        var container = docker.getContainer(app.containerId);
-        debugApp(app, 'Starting container %s with options: %j', container.id, JSON.stringify(startOptions));
-
-        container.start(startOptions, function (error, data) {
-            if (error && error.statusCode !== 304) return callback(new Error('Error starting container:' + error));
-
-            return callback(null);
-        });
-    });
-}
-
-function stopContainer(app, callback) {
-    if (!app.containerId) {
-        debugApp(app, 'No previous container to stop');
-        return callback();
-    }
-
-    var container = docker.getContainer(app.containerId);
-    debugApp(app, 'Stopping container %s', container.id);
-
-    var options = {
-        t: 10 // wait for 10 seconds before killing it
-    };
-
-    container.stop(options, function (error) {
-        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error stopping container:' + error));
-
-        var tcpPorts = safe.query(app, 'manifest.tcpPorts', { });
-        for (var containerPort in tcpPorts) {
-            vbox.unforwardFromHostToVirtualBox(app.id + '-tcp' + containerPort);
-        }
-
-        debugApp(app, 'Waiting for container ' + container.id);
-
-        container.wait(function (error, data) {
-            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error waiting on container:' + error));
-
-            debugApp(app, 'Container stopped with status code [%s]', data ? String(data.StatusCode) : '');
-
-            return callback(null);
-        });
-    });
-}
-
 function verifyManifest(app, callback) {
    debugApp(app, 'Verifying manifest');

@@ -462,12 +246,10 @@ function downloadIcon(app, callback) {
 function registerSubdomain(app, callback) {
    // even though the bare domain is already registered in the appstore, we still
    // need to register it so that we have a dnsRecordId to wait for it to complete
-    var record = { subdomain: app.location, type: 'A', value: sysinfo.getIp() };
-
    async.retry({ times: 200, interval: 5000 }, function (retryCallback) {
        debugApp(app, 'Registering subdomain location [%s]', app.location);

-        subdomains.add(record, function (error, changeId) {
+        subdomains.add(app.location, 'A', [ sysinfo.getIp() ], function (error, changeId) {
            if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again

            retryCallback(null, error || changeId);
@@ -486,18 +268,16 @@ function unregisterSubdomain(app, location, callback) {
        return callback(null);
    }

-    var record = { subdomain: location, type: 'A', value: sysinfo.getIp() };
-
    async.retry({ times: 30, interval: 5000 }, function (retryCallback) {
        debugApp(app, 'Unregistering subdomain: %s', location);

-        subdomains.remove(record, function (error) {
-            if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR))return retryCallback(error); // try again
+        subdomains.remove(location, 'A', [ sysinfo.getIp() ], function (error) {
+            if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again

-            retryCallback(error);
+            retryCallback(null, error);
        });
-    }, function (error) {
-        if (error) debugApp(app, 'Error unregistering subdomain: %s', error);
+    }, function (error, result) {
+        if (error || result instanceof Error) return callback(error || result);

        updateApp(app, { dnsRecordId: null }, callback);
    });
@@ -565,7 +345,7 @@ function install(app, callback) {
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
-        deleteContainer.bind(null, app),
+        deleteContainers.bind(null, app),
        addons.teardownAddons.bind(null, app, app.manifest.addons),
        deleteVolume.bind(null, app),
        unregisterSubdomain.bind(null, app, app.location),
@@ -586,7 +366,7 @@ function install(app, callback) {
        registerSubdomain.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '40, Downloading image' }),
-        downloadImage.bind(null, app),
+        docker.downloadImage.bind(null, app.manifest),

        updateApp.bind(null, app, { installationProgress: '50, Creating volume' }),
        createVolume.bind(null, app),
@@ -651,14 +431,14 @@ function restore(app, callback) {
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
-        deleteContainer.bind(null, app),
+        deleteContainers.bind(null, app),
         // oldConfig can be null during upgrades
        addons.teardownAddons.bind(null, app, app.oldConfig ? app.oldConfig.manifest.addons : null),
        deleteVolume.bind(null, app),
        function deleteImageIfChanged(done) {
             if (!app.oldConfig || (app.oldConfig.manifest.dockerImage === app.manifest.dockerImage)) return done();

-             deleteImage(app, app.oldConfig.manifest, done);
+             docker.deleteImage(app.oldConfig.manifest, done);
        },
        removeOAuthProxyCredentials.bind(null, app),
        removeIcon.bind(null, app),
@@ -677,7 +457,7 @@ function restore(app, callback) {
        registerSubdomain.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '60, Downloading image' }),
-        downloadImage.bind(null, app),
+        docker.downloadImage.bind(null, app.manifest),

        updateApp.bind(null, app, { installationProgress: '65, Creating volume' }),
        createVolume.bind(null, app),
@@ -717,7 +497,7 @@ function configure(app, callback) {
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
-        deleteContainer.bind(null, app),
+        deleteContainers.bind(null, app),
        function (next) {
            // oldConfig can be null during an infra update
            if (!app.oldConfig || app.oldConfig.location === app.location) return next();
@@ -780,12 +560,12 @@ function update(app, callback) {
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
-        deleteContainer.bind(null, app),
+        deleteContainers.bind(null, app),
        addons.teardownAddons.bind(null, app, unusedAddons),
        function deleteImageIfChanged(done) {
             if (app.oldConfig.manifest.dockerImage === app.manifest.dockerImage) return done();

-             deleteImage(app, app.oldConfig.manifest, done);
+             docker.deleteImage(app.oldConfig.manifest, done);
        },
        // removeIcon.bind(null, app), // do not remove icon, otherwise the UI breaks for a short time...

@@ -802,7 +582,7 @@ function update(app, callback) {
        downloadIcon.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '45, Downloading image' }),
-        downloadImage.bind(null, app),
+        docker.downloadImage.bind(null, app.manifest),

        updateApp.bind(null, app, { installationProgress: '70, Updating addons' }),
        addons.setupAddons.bind(null, app, app.manifest.addons),
@@ -840,7 +620,7 @@ function uninstall(app, callback) {
        stopApp.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '20, Deleting container' }),
-        deleteContainer.bind(null, app),
+        deleteContainers.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '30, Teardown addons' }),
        addons.teardownAddons.bind(null, app, app.manifest.addons),
@@ -849,7 +629,7 @@ function uninstall(app, callback) {
        deleteVolume.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '50, Deleting image' }),
-        deleteImage.bind(null, app, app.manifest),
+        docker.deleteImage.bind(null, app.manifest),

        updateApp.bind(null, app, { installationProgress: '60, Unregistering subdomain' }),
        unregisterSubdomain.bind(null, app, app.location),
@@ -869,7 +649,7 @@ function uninstall(app, callback) {
 }

 function runApp(app, callback) {
-    startContainer(app, function (error) {
+    docker.startContainer(app.containerId, function (error) {
        if (error) return callback(error);

        updateApp(app, { runState: appdb.RSTATE_RUNNING }, callback);
@@ -877,7 +657,7 @@ function runApp(app, callback) {
 }

 function stopApp(app, callback) {
-    stopContainer(app, function (error) {
+    docker.stopContainers(app.id, function (error) {
        if (error) return callback(error);

        updateApp(app, { runState: appdb.RSTATE_STOPPED }, callback);
@@ -934,7 +714,7 @@ if (require.main === module) {
        if (error) throw error;

        startTask(process.argv[2], function (error) {
-            if (error) console.error(error);
+            if (error) debug('Apptask completed with error', error);

            debug('Apptask completed for %s', process.argv[2]);
            // https://nodejs.org/api/process.html are exit codes used by node. apps.js uses the value below
@@ -6,10 +6,6 @@ exports = module.exports = {
    getSignedUploadUrl: getSignedUploadUrl,
    getSignedDownloadUrl: getSignedDownloadUrl,

-    addSubdomain: addSubdomain,
-    delSubdomain: delSubdomain,
-    getChangeStatus: getChangeStatus,
-
    copyObject: copyObject
 };

@@ -20,7 +16,7 @@ var assert = require('assert'),
    SubdomainError = require('./subdomainerror.js'),
    superagent = require('superagent');

-function getAWSCredentials(callback) {
+function getBackupCredentials(callback) {
    assert.strictEqual(typeof callback, 'function');

    // CaaS
@@ -63,7 +59,7 @@ function getSignedUploadUrl(filename, callback) {

    debug('getSignedUploadUrl: %s', filename);

-    getAWSCredentials(function (error, credentials) {
+    getBackupCredentials(function (error, credentials) {
        if (error) return callback(error);

        var s3 = new AWS.S3(credentials);
@@ -86,7 +82,7 @@ function getSignedDownloadUrl(filename, callback) {

    debug('getSignedDownloadUrl: %s', filename);

-    getAWSCredentials(function (error, credentials) {
+    getBackupCredentials(function (error, credentials) {
        if (error) return callback(error);

        var s3 = new AWS.S3(credentials);
@@ -103,171 +99,12 @@ function getSignedDownloadUrl(filename, callback) {
    });
 }

-function getZoneByName(zoneName, callback) {
-    assert.strictEqual(typeof zoneName, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    debug('getZoneByName: %s', zoneName);
-
-    getAWSCredentials(function (error, credentials) {
-        if (error) return callback(error);
-
-        var route53 = new AWS.Route53(credentials);
-        route53.listHostedZones({}, function (error, result) {
-            if (error) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
-
-            var zone = result.HostedZones.filter(function (zone) {
-                return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
-            })[0];
-
-            if (!zone) return callback(new SubdomainError(SubdomainError.NOT_FOUND, 'no such zone'));
-
-            debug('getZoneByName: found zone', zone);
-
-            callback(null, zone);
-        });
-    });
-}
-
-function addSubdomain(zoneName, subdomain, type, value, callback) {
-    assert.strictEqual(typeof zoneName, 'string');
-    assert.strictEqual(typeof subdomain, 'string');
-    assert.strictEqual(typeof type, 'string');
-    assert.strictEqual(typeof value, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    debug('addSubdomain: ' + subdomain + ' for domain ' + zoneName + ' with value ' + value);
-
-    getZoneByName(zoneName, function (error, zone) {
-        if (error) return callback(error);
-
-        var fqdn = config.appFqdn(subdomain);
-        var params = {
-            ChangeBatch: {
-                Changes: [{
-                    Action: 'UPSERT',
-                    ResourceRecordSet: {
-                        Type: type,
-                        Name: fqdn,
-                        ResourceRecords: [{
-                            Value: value
-                        }],
-                        Weight: 0,
-                        SetIdentifier: fqdn,
-                        TTL: 1
-                    }
-                }]
-            },
-            HostedZoneId: zone.Id
-        };
-
-        getAWSCredentials(function (error, credentials) {
-            if (error) return callback(error);
-
-            var route53 = new AWS.Route53(credentials);
-            route53.changeResourceRecordSets(params, function(error, result) {
-                if (error && error.code === 'PriorRequestNotComplete') {
-                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, error.message));
-                } else if (error) {
-                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, error.message));
-                }
-
-                debug('addSubdomain: success. changeInfoId:%j', result);
-
-                callback(null, result.ChangeInfo.Id);
-            });
-        });
-    });
-}
-
-function delSubdomain(zoneName, subdomain, type, value, callback) {
-    assert.strictEqual(typeof zoneName, 'string');
-    assert.strictEqual(typeof subdomain, 'string');
-    assert.strictEqual(typeof type, 'string');
-    assert.strictEqual(typeof value, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    debug('delSubdomain: %s for domain %s.', subdomain, zoneName);
-
-    getZoneByName(zoneName, function (error, zone) {
-        if (error) return callback(error);
-
-        var fqdn = config.appFqdn(subdomain);
-        var resourceRecordSet = {
-            Name: fqdn,
-            Type: type,
-            ResourceRecords: [{
-                Value: value
-            }],
-            Weight: 0,
-            SetIdentifier: fqdn,
-            TTL: 1
-        };
-
-        var params = {
-            ChangeBatch: {
-                Changes: [{
-                    Action: 'DELETE',
-                    ResourceRecordSet: resourceRecordSet
-                }]
-            },
-            HostedZoneId: zone.Id
-        };
-
-        getAWSCredentials(function (error, credentials) {
-            if (error) return callback(error);
-
-            var route53 = new AWS.Route53(credentials);
-            route53.changeResourceRecordSets(params, function(error, result) {
-                if (error && error.message && error.message.indexOf('it was not found') !== -1) {
-                    debug('delSubdomain: resource record set not found.', error);
-                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
-                } else if (error && error.code === 'NoSuchHostedZone') {
-                    debug('delSubdomain: hosted zone not found.', error);
-                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
-                } else if (error && error.code === 'PriorRequestNotComplete') {
-                    debug('delSubdomain: resource is still busy', error);
-                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, new Error(error)));
-                } else if (error && error.code === 'InvalidChangeBatch') {
-                    debug('delSubdomain: invalid change batch. No such record to be deleted.');
-                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
-                } else if (error) {
-                    debug('delSubdomain: error', error);
-                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
-                }
-
-                debug('delSubdomain: success');
-
-                callback(null);
-            });
-        });
-    });
-}
-
-function getChangeStatus(changeId, callback) {
-    assert.strictEqual(typeof changeId, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    if (changeId === '') return callback(null, 'INSYNC');
-
-    getAWSCredentials(function (error, credentials) {
-        if (error) return callback(error);
-
-        var route53 = new AWS.Route53(credentials);
-        route53.getChange({ Id: changeId }, function (error, result) {
-            if (error) return callback(error);
-
-            callback(null, result.ChangeInfo.Status);
-        });
-    });
-}
-
 function copyObject(from, to, callback) {
    assert.strictEqual(typeof from, 'string');
    assert.strictEqual(typeof to, 'string');
    assert.strictEqual(typeof callback, 'function');

-    getAWSCredentials(function (error, credentials) {
+    getBackupCredentials(function (error, credentials) {
        if (error) return callback(error);

        var params = {
@@ -8,19 +8,27 @@ exports = module.exports = {
    getAllWithTokenCountByIdentifier: getAllWithTokenCountByIdentifier,
    add: add,
    del: del,
-    update: update,
    getByAppId: getByAppId,
-    delByAppId: delByAppId,
+    getByAppIdAndType: getByAppIdAndType,

-    _clear: clear
+    delByAppId: delByAppId,
+    delByAppIdAndType: delByAppIdAndType,
+
+    _clear: clear,
+
+    TYPE_EXTERNAL: 'external',
+    TYPE_OAUTH: 'addon-oauth',
+    TYPE_SIMPLE_AUTH: 'addon-simpleauth',
+    TYPE_PROXY: 'addon-proxy',
+    TYPE_ADMIN: 'admin'
 };

 var assert = require('assert'),
    database = require('./database.js'),
    DatabaseError = require('./databaseerror.js');

-var CLIENTS_FIELDS = [ 'id', 'appId', 'clientSecret', 'redirectURI', 'scope' ].join(',');
-var CLIENTS_FIELDS_PREFIXED = [ 'clients.id', 'clients.appId', 'clients.clientSecret', 'clients.redirectURI', 'clients.scope' ].join(',');
+var CLIENTS_FIELDS = [ 'id', 'appId', 'type', 'clientSecret', 'redirectURI', 'scope' ].join(',');
+var CLIENTS_FIELDS_PREFIXED = [ 'clients.id', 'clients.appId', 'clients.type', 'clients.clientSecret', 'clients.redirectURI', 'clients.scope' ].join(',');

 function get(id, callback) {
    assert.strictEqual(typeof id, 'string');
@@ -67,37 +75,33 @@ function getByAppId(appId, callback) {
    });
 }

-function add(id, appId, clientSecret, redirectURI, scope, callback) {
-    assert.strictEqual(typeof id, 'string');
+function getByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof appId, 'string');
-    assert.strictEqual(typeof clientSecret, 'string');
-    assert.strictEqual(typeof redirectURI, 'string');
-    assert.strictEqual(typeof scope, 'string');
+    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var data = [ id, appId, clientSecret, redirectURI, scope ];
+    database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? AND type = ? LIMIT 1', [ appId, type ], function (error, result) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

-    database.query('INSERT INTO clients (id, appId, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-
-        callback(null);
+        return callback(null, result[0]);
    });
 }

-function update(id, appId, clientSecret, redirectURI, scope, callback) {
+function add(id, appId, type, clientSecret, redirectURI, scope, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof clientSecret, 'string');
    assert.strictEqual(typeof redirectURI, 'string');
    assert.strictEqual(typeof scope, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var data = [ appId, clientSecret, redirectURI, scope, id ];
+    var data = [ id, appId, type, clientSecret, redirectURI, scope ];

-    database.query('UPDATE clients SET appId = ?, clientSecret = ?, redirectURI = ?, scope = ? WHERE id = ?', data, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+    database.query('INSERT INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -127,6 +131,19 @@ function delByAppId(appId, callback) {
    });
 }

+function delByAppIdAndType(appId, type, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('DELETE FROM clients WHERE appId=? AND type=?', [ appId, type ], function (error, result) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+
+        return callback(null);
+    });
+}
+
 function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

@@ -5,7 +5,6 @@ exports = module.exports = {

    add: add,
    get: get,
-    update: update,
    del: del,
    getAllWithDetailsByUserId: getAllWithDetailsByUserId,
    getClientTokensByUserId: getClientTokensByUserId,
@@ -43,6 +42,7 @@ function ClientsError(reason, errorOrMessage) {
 }
 util.inherits(ClientsError, Error);
 ClientsError.INVALID_SCOPE = 'Invalid scope';
+ClientsError.INVALID_CLIENT = 'Invalid client';

 function validateScope(scope) {
    assert.strictEqual(typeof scope, 'string');
@@ -55,8 +55,9 @@ function validateScope(scope) {
    return null;
 }

-function add(appIdentifier, redirectURI, scope, callback) {
-    assert.strictEqual(typeof appIdentifier, 'string');
+function add(appId, type, redirectURI, scope, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof redirectURI, 'string');
    assert.strictEqual(typeof scope, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -67,12 +68,13 @@ function add(appIdentifier, redirectURI, scope, callback) {
    var id = 'cid-' + uuid.v4();
    var clientSecret = hat(256);

-    clientdb.add(id, appIdentifier, clientSecret, redirectURI, scope, function (error) {
+    clientdb.add(id, appId, type, clientSecret, redirectURI, scope, function (error) {
        if (error) return callback(error);

        var client = {
            id: id,
-            appId: appIdentifier,
+            appId: appId,
+            type: type,
            clientSecret: clientSecret,
            redirectURI: redirectURI,
            scope: scope
@@ -92,23 +94,6 @@ function get(id, callback) {
    });
 }

-// we only allow appIdentifier and redirectURI to be updated
-function update(id, appIdentifier, redirectURI, callback) {
-    assert.strictEqual(typeof id, 'string');
-    assert.strictEqual(typeof appIdentifier, 'string');
-    assert.strictEqual(typeof redirectURI, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    clientdb.get(id, function (error, result) {
-        if (error) return callback(error);
-
-        clientdb.update(id, appIdentifier, result.clientSecret, redirectURI, result.scope, function (error, result) {
-            if (error) return callback(error);
-            callback(null, result);
-        });
-    });
-}
-
 function del(id, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -127,54 +112,29 @@ function getAllWithDetailsByUserId(userId, callback) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
        if (error) return callback(error);

-        // We have several types of records here
-        //   1) webadmin has an app id of 'webadmin'
-        //   2) oauth proxy records are always the app id prefixed with 'proxy-'
-        //   3) addon oauth records for apps prefixed with 'addon-'
-        //   4) external app records prefixed with 'external-'
-        //   5) normal apps on the cloudron without a prefix
-
        var tmp = [];
        async.each(results, function (record, callback) {
-            if (record.appId === constants.ADMIN_CLIENT_ID) {
+            if (record.type === clientdb.TYPE_ADMIN) {
                record.name = constants.ADMIN_NAME;
                record.location = constants.ADMIN_LOCATION;
-                record.type = 'webadmin';
-
-                tmp.push(record);
-
-                return callback(null);
-            } else if (record.appId === constants.TEST_CLIENT_ID) {
-                record.name = constants.TEST_NAME;
-                record.location = constants.TEST_LOCATION;
-                record.type = 'test';

                tmp.push(record);

                return callback(null);
            }

-            var appId = record.appId;
-            var type = 'app';
-
-            // Handle our different types of oauth clients
-            if (record.appId.indexOf('addon-') === 0) {
-                appId = record.appId.slice('addon-'.length);
-                type = 'addon';
-            } else if (record.appId.indexOf('proxy-') === 0) {
-                appId = record.appId.slice('proxy-'.length);
-                type = 'proxy';
-            }
-
-            appdb.get(appId, function (error, result) {
+            appdb.get(record.appId, function (error, result) {
                if (error) {
                    console.error('Failed to get app details for oauth client', result, error);
                    return callback(null);  // ignore error so we continue listing clients
                }

-                record.name = result.manifest.title + (record.appId.indexOf('proxy-') === 0 ? 'OAuth Proxy' : '');
+                if (record.type === clientdb.TYPE_PROXY) record.name = result.manifest.title + ' Website Proxy';
+                if (record.type === clientdb.TYPE_OAUTH) record.name = result.manifest.title + ' OAuth';
+                if (record.type === clientdb.TYPE_SIMPLE_AUTH) record.name = result.manifest.title + ' Simple Auth';
+                if (record.type === clientdb.TYPE_EXTERNAL) record.name = result.manifest.title + ' external';
+
                record.location = result.location;
-                record.type = type;

                tmp.push(record);

@@ -11,15 +11,19 @@ exports = module.exports = {
    getConfig: getConfig,
    getStatus: getStatus,

-    setCertificate: setCertificate,
-
    sendHeartbeat: sendHeartbeat,

    update: update,
    reboot: reboot,
    migrate: migrate,
    backup: backup,
-    ensureBackup: ensureBackup
+    ensureBackup: ensureBackup,
+
+    isActivatedSync: isActivatedSync,
+
+    events: new (require('events').EventEmitter)(),
+
+    EVENT_ACTIVATED: 'activated'
 };

 var apps = require('./apps.js'),
@@ -28,6 +32,7 @@ var apps = require('./apps.js'),
    async = require('async'),
    backups = require('./backups.js'),
    BackupsError = require('./backups.js').BackupsError,
+    bytes = require('bytes'),
    clientdb = require('./clientdb.js'),
    config = require('./config.js'),
    debug = require('debug')('box:cloudron'),
@@ -38,7 +43,6 @@ var apps = require('./apps.js'),
    progress = require('./progress.js'),
    safe = require('safetydance'),
    settings = require('./settings.js'),
-    SettingsError = settings.SettingsError,
    shell = require('./shell.js'),
    subdomains = require('./subdomains.js'),
    superagent = require('superagent'),
@@ -51,14 +55,16 @@ var apps = require('./apps.js'),
    util = require('util'),
    webhooks = require('./webhooks.js');

-var RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh'),
-    REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh'),
+var REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh'),
    BACKUP_BOX_CMD = path.join(__dirname, 'scripts/backupbox.sh'),
    BACKUP_SWAP_CMD = path.join(__dirname, 'scripts/backupswap.sh'),
    INSTALLER_UPDATE_URL = 'http://127.0.0.1:2020/api/v1/installer/update';

-var gAddDnsRecordsTimerId = null,
-    gCloudronDetails = null;            // cached cloudron details like region,size...
+var NOOP_CALLBACK = function (error) { if (error) debug(error); };
+
+var gUpdatingDns = false,                // flag for dns update reentrancy
+    gCloudronDetails = null,             // cached cloudron details like region,size...
+    gIsActivated = null;                // cached activation state so that return value is synchronous. null means we are not initialized yet

 function debugApp(app, args) {
    assert(!app || typeof app === 'object');
@@ -76,7 +82,6 @@ function ignoreError(func) {
    };
 }

-
 function CloudronError(reason, errorOrMessage) {
    assert.strictEqual(typeof reason, 'string');
    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
@@ -110,22 +115,29 @@ CloudronError.NOT_FOUND = 'Not found';
 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    if (process.env.BOX_ENV !== 'test') {
-        addDnsRecords();
-    }
+    settings.events.on(settings.DNS_CONFIG_KEY, function() { addDnsRecords(); });

-    callback(null);
+    userdb.count(function (error, count) {
+        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+
+        gIsActivated = count !== 0;
+
+        if (gIsActivated) addDnsRecords(); // reboot/restore/upgrade
+
+        callback(null);
+    });
 }

 function uninitialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    clearTimeout(gAddDnsRecordsTimerId);
-    gAddDnsRecordsTimerId = null;
-
    callback(null);
 }

+function isActivatedSync() {
+    return gIsActivated === true;
+}
+
 function setTimeZone(ip, callback) {
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -149,43 +161,40 @@ function setTimeZone(ip, callback) {
    });
 }

-function activate(username, password, email, name, ip, callback) {
+function activate(username, password, email, ip, callback) {
    assert.strictEqual(typeof username, 'string');
    assert.strictEqual(typeof password, 'string');
    assert.strictEqual(typeof email, 'string');
    assert.strictEqual(typeof ip, 'string');
-    assert(!name || typeof name, 'string');
    assert.strictEqual(typeof callback, 'function');

    debug('activating user:%s email:%s', username, email);

    setTimeZone(ip, function () { }); // TODO: get this from user. note that timezone is detected based on the browser location and not the cloudron region

-    if (!name) name = settings.getDefaultSync(settings.CLOUDRON_NAME_KEY);
-
-    settings.setCloudronName(name, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return callback(new CloudronError(CloudronError.BAD_NAME));
+    user.createOwner(username, password, email, function (error, userObject) {
+        if (error && error.reason === UserError.ALREADY_EXISTS) return callback(new CloudronError(CloudronError.ALREADY_PROVISIONED));
+        if (error && error.reason === UserError.BAD_USERNAME) return callback(new CloudronError(CloudronError.BAD_USERNAME));
+        if (error && error.reason === UserError.BAD_PASSWORD) return callback(new CloudronError(CloudronError.BAD_PASSWORD));
+        if (error && error.reason === UserError.BAD_EMAIL) return callback(new CloudronError(CloudronError.BAD_EMAIL));
        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-        user.createOwner(username, password, email, function (error, userObject) {
-            if (error && error.reason === UserError.ALREADY_EXISTS) return callback(new CloudronError(CloudronError.ALREADY_PROVISIONED));
-            if (error && error.reason === UserError.BAD_USERNAME) return callback(new CloudronError(CloudronError.BAD_USERNAME));
-            if (error && error.reason === UserError.BAD_PASSWORD) return callback(new CloudronError(CloudronError.BAD_PASSWORD));
-            if (error && error.reason === UserError.BAD_EMAIL) return callback(new CloudronError(CloudronError.BAD_EMAIL));
+        clientdb.getByAppIdAndType('webadmin', clientdb.TYPE_ADMIN, function (error, result) {
            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-            clientdb.getByAppId('webadmin', function (error, result) {
+            // Also generate a token so the admin creation can also act as a login
+            var token = tokendb.generateToken();
+            var expires = Date.now() + 24 * 60 * 60 * 1000; // 1 day
+
+            tokendb.add(token, tokendb.PREFIX_USER + userObject.id, result.id, expires, '*', function (error) {
                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-                // Also generate a token so the admin creation can also act as a login
-                var token = tokendb.generateToken();
-                var expires = Date.now() + 24 * 60 * 60 * 1000; // 1 day
+                gIsActivated = true;

-                tokendb.add(token, tokendb.PREFIX_USER + userObject.id, result.id, expires, '*', function (error) {
-                    if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+                // EE API is sync. do not keep the REST API reponse waiting
+                process.nextTick(function () { exports.events.emit(exports.EVENT_ACTIVATED); });

-                    callback(null, { token: token, expires: expires });
-                });
+                callback(null, { token: token, expires: expires });
            });
        });
    });
@@ -230,7 +239,6 @@ function getCloudronDetails(callback) {
 function getConfig(callback) {
    assert.strictEqual(typeof callback, 'function');

-    // TODO avoid pyramid of awesomeness with async
    getCloudronDetails(function (error, result) {
        if (error) {
            console.error('Failed to fetch cloudron details.', error);
@@ -242,6 +250,10 @@ function getConfig(callback) {
            };
        }

+        // We rely at the moment on the size being specified in 512mb,1gb,...
+        // TODO provide that number from the appstore
+        var memory = bytes(result.size) || 0;
+
        settings.getCloudronName(function (error, cloudronName) {
            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

@@ -261,6 +273,7 @@ function getConfig(callback) {
                    developerMode: developerMode,
                    region: result.region,
                    size: result.size,
+                    memory: memory,
                    cloudronName: cloudronName
                });
            });
@@ -269,9 +282,6 @@ function getConfig(callback) {
 }

 function sendHeartbeat() {
-    // Only send heartbeats after the admin dns record is synced to give appstore a chance to know that fact
-    if (!config.get('dnsInSync')) return;
-
    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/heartbeat';

    superagent.post(url).query({ token: config.token(), version: config.version() }).timeout(10000).end(function (error, result) {
@@ -281,92 +291,104 @@ function sendHeartbeat() {
    });
 }

-function addDnsRecords() {
-    if (config.get('dnsInSync')) return sendHeartbeat(); // already registered send heartbeat
-
-    var DKIM_SELECTOR = 'mail';
-    var DMARC_REPORT_EMAIL = 'dmarc-report@cloudron.io';
-
+function readDkimPublicKeySync() {
    var dkimPublicKeyFile = path.join(paths.MAIL_DATA_DIR, 'dkim/' + config.fqdn() + '/public');
    var publicKey = safe.fs.readFileSync(dkimPublicKeyFile, 'utf8');

    if (publicKey === null) {
-        console.error('Error reading dkim public key. Stop DNS setup.');
-        return;
+        debug('Error reading dkim public key.', safe.error);
+        return null;
    }

    // remove header, footer and new lines
    publicKey = publicKey.split('\n').slice(1, -2).join('');

-    // note that dmarc requires special DNS records for external RUF and RUA
-    var records = [
-        // naked domain
-        { subdomain: '', type: 'A', value: sysinfo.getIp() },
-        // webadmin domain
-        { subdomain: 'my', type: 'A', value: sysinfo.getIp() },
-        // softfail all mails not from our IP. Note that this uses IP instead of 'a' should we use a load balancer in the future
-        { subdomain: '', type: 'TXT', value: '"v=spf1 ip4:' + sysinfo.getIp() + ' ~all"' },
-        // t=s limits the domainkey to this domain and not it's subdomains
-        { subdomain: DKIM_SELECTOR + '._domainkey', type: 'TXT', value: '"v=DKIM1; t=s; p=' + publicKey + '"' },
-        // DMARC requires special setup if report email id is in different domain
-        { subdomain: '_dmarc', type: 'TXT', value: '"v=DMARC1; p=none; pct=100; rua=mailto:' + DMARC_REPORT_EMAIL + '; ruf=' + DMARC_REPORT_EMAIL + '"' }
-    ];
+    return publicKey;
+}

-    debug('addDnsRecords:', records);
+function txtRecordsWithSpf(callback) {
+    assert.strictEqual(typeof callback, 'function');

-    subdomains.addMany(records, function (error, changeIds) {
-        if (error) {
-            console.error('Admin DNS record addition failed', error);
-            gAddDnsRecordsTimerId = setTimeout(addDnsRecords, 10000);
-            return;
+    subdomains.get('', 'TXT', function (error, txtRecords) {
+        if (error) return callback(error);
+
+        debug('txtRecordsWithSpf: current txt records - %j', txtRecords);
+
+        var i, validSpf;
+
+        for (i = 0; i < txtRecords.length; i++) {
+            if (txtRecords[i].indexOf('"v=spf1 ') !== 0) continue; // not SPF
+
+            validSpf = txtRecords[i].indexOf(' a:' + config.fqdn() + ' ') !== -1;
+            break;
        }

-        function checkIfInSync() {
-            debug('addDnsRecords: Check if admin DNS record is in sync.');
+        if (validSpf) return callback(null, null);

-            async.eachSeries(changeIds, function (changeId, callback) {
-                subdomains.status(changeId, function (error, result) {
-                    if (error) return callback(new Error('Failed to check if admin DNS record is in sync.', error));
-
-                    if (result !== 'done') return callback(new Error(changeId + ' is not in sync. result:' + result));
-
-                    callback(null);
-                });
-            }, function (error) {
-                if (error) {
-                    console.error(error);
-                    gAddDnsRecordsTimerId = setTimeout(checkIfInSync, 5000);
-                    return;
-                }
-                debug('addDnsRecords: done');
-                config.set('dnsInSync', true);
-                sendHeartbeat(); // send heartbeat after the dns records are done
-            });
+        if (i == txtRecords.length) {
+            txtRecords[i] = '"v=spf1 a:' + config.fqdn() + ' ~all"';
+        } else {
+            txtRecords[i] = '"v=spf1 a:' + config.fqdn() + txtRecords[i].slice('"v=spf1"'.length);
        }

-        checkIfInSync();
+        return callback(null, txtRecords);
    });
 }

-function setCertificate(certificate, key, callback) {
-    assert.strictEqual(typeof certificate, 'string');
-    assert.strictEqual(typeof key, 'string');
-    assert.strictEqual(typeof callback, 'function');
+function addDnsRecords(callback) {
+    callback = callback || NOOP_CALLBACK;

-    debug('Updating certificates');
+    if (process.env.BOX_ENV === 'test') return callback();

-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), certificate)) {
-        return callback(new CloudronError(CloudronError.INTERNAL_ERROR, safe.error.message));
+    if (gUpdatingDns) {
+        debug('addDnsRecords: dns update already in progress');
+        return callback();
+    }
+    gUpdatingDns = true;
+
+    var DKIM_SELECTOR = 'cloudron';
+    var DMARC_REPORT_EMAIL = 'dmarc-report@cloudron.io';
+
+    var dkimKey = readDkimPublicKeySync();
+    if (!dkimKey) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, new Error('internal error failed to read dkim public key')));
+
+    var nakedDomainRecord = { subdomain: '', type: 'A', values: [ sysinfo.getIp() ] };
+    var webadminRecord = { subdomain: 'my', type: 'A', values: [ sysinfo.getIp() ] };
+    // t=s limits the domainkey to this domain and not it's subdomains
+    var dkimRecord = { subdomain: DKIM_SELECTOR + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
+    // DMARC requires special setup if report email id is in different domain
+    var dmarcRecord = { subdomain: '_dmarc', type: 'TXT', values: [ '"v=DMARC1; p=none; pct=100; rua=mailto:' + DMARC_REPORT_EMAIL + '; ruf=' + DMARC_REPORT_EMAIL + '"' ] };
+
+    var records = [ ];
+    if (config.isCustomDomain()) {
+        records.push(webadminRecord);
+    } else {
+        records.push(nakedDomainRecord);
+        records.push(webadminRecord);
+        records.push(dkimRecord);
+        records.push(dmarcRecord);
    }

-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), key)) {
-        return callback(new CloudronError(CloudronError.INTERNAL_ERROR, safe.error.message));
-    }
+    debug('addDnsRecords: %j', records);

-    shell.sudo('setCertificate', [ RELOAD_NGINX_CMD ], function (error) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+    async.retry({ times: 10, interval: 20000 }, function (retryCallback) {
+        txtRecordsWithSpf(function (error, txtRecords) {
+            if (error) return retryCallback(error);

-        return callback(null);
+            if (txtRecords) records.push({ subdomain: '', type: 'TXT', values: txtRecords });
+
+            debug('addDnsRecords: will update %j', records);
+
+            async.eachSeries(records, function (record, iteratorCallback) {
+                subdomains.update(record.subdomain, record.type, record.values, iteratorCallback);
+            }, retryCallback);
+        });
+    }, function (error) {
+        gUpdatingDns = false;
+
+        debug('addDnsRecords: done updating records with error:', error);
+
+        callback(error);
    });
 }

@@ -4,6 +4,8 @@

 exports = module.exports = {
    baseDir: baseDir,
+    dnsInSync: dnsInSync,
+    setDnsInSync: setDnsInSync,

    // values set here will be lost after a upgrade/update. use the sqlite database
    // for persistent values that need to be backed up
@@ -56,6 +58,14 @@ function baseDir() {

 var cloudronConfigFileName = path.join(baseDir(), 'configs/cloudron.conf');

+function dnsInSync() {
+    return !!safe.fs.statSync(require('./paths.js').DNS_IN_SYNC_FILE);
+}
+
+function setDnsInSync(content) {
+    safe.fs.writeFileSync(require('./paths.js').DNS_IN_SYNC_FILE, content || 'if this file exists, dns is in sync');
+}
+
 function saveSync() {
    fs.writeFileSync(cloudronConfigFileName, JSON.stringify(data, null, 4)); // functions are ignored by JSON.stringify
 }
@@ -83,7 +93,6 @@ function initConfig() {
        accessKeyId: null,      // selfhosting only
        secretAccessKey: null   // selfhosting only
    };
-    data.dnsInSync = false;

    if (exports.CLOUDRON) {
        data.port = 3000;
@@ -7,10 +7,6 @@ exports = module.exports = {
    ADMIN_NAME: 'Settings',

    ADMIN_CLIENT_ID: 'webadmin', // oauth client id
-    ADMIN_APPID: 'admin', // admin appid (settingsdb)
-
-    TEST_NAME: 'Test',
-    TEST_LOCATION: '',
-    TEST_CLIENT_ID: 'test'
+    ADMIN_APPID: 'admin' // admin appid (settingsdb)
 };

@@ -8,8 +8,11 @@ exports = module.exports = {
 var apps = require('./apps.js'),
    assert = require('assert'),
    cloudron = require('./cloudron.js'),
+    config = require('./config.js'),
    CronJob = require('cron').CronJob,
    debug = require('debug')('box:cron'),
+    janitor = require('./janitor.js'),
+    scheduler = require('./scheduler.js'),
    settings = require('./settings.js'),
    updateChecker = require('./updatechecker.js');

@@ -17,9 +20,10 @@ var gAutoupdaterJob = null,
    gBoxUpdateCheckerJob = null,
    gAppUpdateCheckerJob = null,
    gHeartbeatJob = null,
-    gBackupJob = null;
-
-var gInitialized = false;
+    gBackupJob = null,
+    gCleanupTokensJob = null,
+    gDockerVolumeCleanerJob = null,
+    gSchedulerSyncJob = null;

 var NOOP_CALLBACK = function (error) { if (error) console.error(error); };

@@ -34,14 +38,22 @@ var NOOP_CALLBACK = function (error) { if (error) console.error(error); };
 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    if (gInitialized) return callback();
-
    settings.events.on(settings.TIME_ZONE_KEY, recreateJobs);
    settings.events.on(settings.AUTOUPDATE_PATTERN_KEY, autoupdatePatternChanged);

-    gInitialized = true;
+    gHeartbeatJob = new CronJob({
+        cronTime: '00 */1 * * * *', // every minute
+        onTick: cloudron.sendHeartbeat,
+        start: true
+    });
+    cloudron.sendHeartbeat(); // latest unpublished version of CronJob has runOnInit

-    recreateJobs(callback);
+    if (cloudron.isActivatedSync()) {
+        recreateJobs(callback);
+    } else {
+        cloudron.events.on(cloudron.EVENT_ACTIVATED, recreateJobs);
+        callback();
+    }
 }

 function recreateJobs(unusedTimeZone, callback) {
@@ -50,14 +62,6 @@ function recreateJobs(unusedTimeZone, callback) {
    settings.getAll(function (error, allSettings) {
        debug('Creating jobs with timezone %s', allSettings[settings.TIME_ZONE_KEY]);

-        if (gHeartbeatJob) gHeartbeatJob.stop();
-        gHeartbeatJob = new CronJob({
-            cronTime: '00 */1 * * * *', // every minute
-            onTick: cloudron.sendHeartbeat,
-            start: true,
-            timeZone: allSettings[settings.TIME_ZONE_KEY]
-        });
-
        if (gBackupJob) gBackupJob.stop();
        gBackupJob = new CronJob({
            cronTime: '00 00 */4 * * *', // every 4 hours
@@ -82,6 +86,30 @@ function recreateJobs(unusedTimeZone, callback) {
            timeZone: allSettings[settings.TIME_ZONE_KEY]
        });

+        if (gCleanupTokensJob) gCleanupTokensJob.stop();
+        gCleanupTokensJob = new CronJob({
+            cronTime: '00 */30 * * * *', // every 30 minutes
+            onTick: janitor.cleanupTokens,
+            start: true,
+            timeZone: allSettings[settings.TIME_ZONE_KEY]
+        });
+
+        if (gDockerVolumeCleanerJob) gDockerVolumeCleanerJob.stop();
+        gDockerVolumeCleanerJob = new CronJob({
+            cronTime: '00 00 */12 * * *', // every 12 hours
+            onTick: janitor.cleanupDockerVolumes,
+            start: true,
+            timeZone: allSettings[settings.TIME_ZONE_KEY]
+        });
+
+        if (gSchedulerSyncJob) gSchedulerSyncJob.stop();
+        gSchedulerSyncJob = new CronJob({
+            cronTime: config.TEST ? '*/10 * * * * *' : '00 */1 * * * *', // every minute
+            onTick: scheduler.sync,
+            start: true,
+            timeZone: allSettings[settings.TIME_ZONE_KEY]
+        });
+
        autoupdatePatternChanged(allSettings[settings.AUTOUPDATE_PATTERN_KEY]);

        if (callback) callback();
@@ -119,25 +147,31 @@ function autoupdatePatternChanged(pattern) {
 function uninitialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    if (!gInitialized) return callback();
+    cloudron.events.removeListener(cloudron.EVENT_ACTIVATED, recreateJobs);

    if (gAutoupdaterJob) gAutoupdaterJob.stop();
    gAutoupdaterJob = null;

-    gBoxUpdateCheckerJob.stop();
+    if (gBoxUpdateCheckerJob) gBoxUpdateCheckerJob.stop();
    gBoxUpdateCheckerJob = null;

-    gAppUpdateCheckerJob.stop();
+    if (gAppUpdateCheckerJob) gAppUpdateCheckerJob.stop();
    gAppUpdateCheckerJob = null;

-    gHeartbeatJob.stop();
+    if (gHeartbeatJob) gHeartbeatJob.stop();
    gHeartbeatJob = null;

-    gBackupJob.stop();
+    if (gBackupJob) gBackupJob.stop();
    gBackupJob = null;

-    gInitialized = false;
+    if (gCleanupTokensJob) gCleanupTokensJob.stop();
+    gCleanupTokensJob = null;
+
+    if (gDockerVolumeCleanerJob) gDockerVolumeCleanerJob.stop();
+    gDockerVolumeCleanerJob = null;
+
+    if (gSchedulerSyncJob) gSchedulerSyncJob.stop();
+    gSchedulerSyncJob = null;

    callback();
 }
-
@@ -65,7 +65,7 @@ function issueDeveloperToken(user, callback) {
    var token = tokendb.generateToken();
    var expiresAt = Date.now() + 24 * 60 * 60 * 1000; // 1 day

-    tokendb.add(token, tokendb.PREFIX_DEV + user.id, '', expiresAt, 'apps,settings,roleDeveloper', function (error) {
+    tokendb.add(token, tokendb.PREFIX_DEV + user.id, '', expiresAt, 'developer,apps,settings,users', function (error) {
        if (error) return callback(new DeveloperError(DeveloperError.INTERNAL_ERROR, error));

        callback(null, { token: token, expiresAt: expiresAt });
@@ -1,46 +0,0 @@
-/* jslint node:true */
-
-'use strict';
-
-exports = module.exports = {
-    checkPtrRecord: checkPtrRecord
-};
-
-var assert = require('assert'),
-    debug = require('debug')('box:digitalocean'),
-    dns = require('native-dns');
-
-function checkPtrRecord(ip, fqdn, callback) {
-    assert(ip === null || typeof ip === 'string');
-    assert.strictEqual(typeof fqdn, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    debug('checkPtrRecord: ' + ip);
-
-    if (!ip) return callback(new Error('Network down'));
-
-    dns.resolve4('ns1.digitalocean.com', function (error, rdnsIps) {
-        if (error || rdnsIps.length === 0) return callback(new Error('Failed to query DO DNS'));
-
-        var reversedIp = ip.split('.').reverse().join('.');
-
-        var req = dns.Request({
-            question: dns.Question({ name: reversedIp + '.in-addr.arpa', type: 'PTR' }),
-            server: { address: rdnsIps[0] },
-            timeout: 5000
-        });
-
-        req.on('timeout', function () { return callback(new Error('Timedout')); });
-
-        req.on('message', function (error, message) {
-            if (error || !message.answer || message.answer.length === 0) return callback(new Error('Failed to query PTR'));
-
-            debug('checkPtrRecord: Actual:%s Expecting:%s', message.answer[0].data, fqdn);
-            callback(null, message.answer[0].data === fqdn);
-        });
-
-        req.send();
-    });
-}
-
-
@@ -3,32 +3,35 @@
 'use strict';

 exports = module.exports = {
-    addSubdomain: addSubdomain,
-    delSubdomain: delSubdomain,
-    getChangeStatus: getChangeStatus
+    add: add,
+    del: del,
+    update: update,
+    getChangeStatus: getChangeStatus,
+    get: get
 };

 var assert = require('assert'),
-    config = require('./config.js'),
-    debug = require('debug')('box:caas'),
-    SubdomainError = require('./subdomainerror.js'),
+    config = require('../config.js'),
+    debug = require('debug')('box:dns/caas'),
+    SubdomainError = require('../subdomainerror.js'),
    superagent = require('superagent'),
-    util = require('util');
+    util = require('util'),
+    _ = require('underscore');

-function addSubdomain(zoneName, subdomain, type, value, callback) {
+function add(zoneName, subdomain, type, values, callback) {
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
-    assert.strictEqual(typeof value, 'string');
+    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

    var fqdn = subdomain !== '' && type === 'TXT' ? subdomain + '.' + config.fqdn() : config.appFqdn(subdomain);

-    debug('addSubdomain: zoneName: %s subdomain: %s type: %s value: %s fqdn: %s', zoneName, subdomain, type, value, fqdn);
+    debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);

    var data = {
        type: type,
-        value: value
+        values: values
    };

    superagent
@@ -44,18 +47,55 @@ function addSubdomain(zoneName, subdomain, type, value, callback) {
        });
 }

-function delSubdomain(zoneName, subdomain, type, value, callback) {
+function get(zoneName, subdomain, type, callback) {
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
-    assert.strictEqual(typeof value, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug('delSubdomain: %s for domain %s.', subdomain, zoneName);
+    var fqdn = subdomain !== '' && type === 'TXT' ? subdomain + '.' + config.fqdn() : config.appFqdn(subdomain);
+
+    debug('get: zoneName: %s subdomain: %s type: %s fqdn: %s', zoneName, subdomain, type, fqdn);
+
+    superagent
+        .get(config.apiServerOrigin() + '/api/v1/domains/' + fqdn)
+        .query({ token: config.token(), type: type })
+        .end(function (error, result) {
+            if (error) return callback(error);
+            if (result.status !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+
+            return callback(null, result.body.values);
+        });
+}
+
+function update(zoneName, subdomain, type, values, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    get(zoneName, subdomain, type, function (error, result) {
+        if (error) return callback(error);
+
+        if (_.isEqual(values, result)) return callback();
+
+        add(zoneName, subdomain, type, values, callback);
+    });
+}
+
+function del(zoneName, subdomain, type, values, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);

    var data = {
        type: type,
-        value: value
+        values: values
    };

    superagent
@@ -0,0 +1,240 @@
+/* jslint node:true */
+
+'use strict';
+
+exports = module.exports = {
+    add: add,
+    get: get,
+    del: del,
+    update: update,
+    getChangeStatus: getChangeStatus
+};
+
+var assert = require('assert'),
+    AWS = require('aws-sdk'),
+    config = require('../config.js'),
+    debug = require('debug')('box:dns/route53'),
+    settings = require('../settings.js'),
+    SubdomainError = require('../subdomainerror.js'),
+    util = require('util'),
+    _ = require('underscore');
+
+function getDnsCredentials(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settings.getDnsConfig(function (error, dnsConfig) {
+        if (error) return callback(new SubdomainError(SubdomainError.INTERNAL_ERROR, error));
+
+        var credentials = {
+            accessKeyId: dnsConfig.accessKeyId,
+            secretAccessKey: dnsConfig.secretAccessKey,
+            region: dnsConfig.region
+        };
+
+        if (dnsConfig.endpoint) credentials.endpoint = new AWS.Endpoint(dnsConfig.endpoint);
+
+        callback(null, credentials);
+    });
+}
+
+function getZoneByName(zoneName, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getDnsCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var route53 = new AWS.Route53(credentials);
+        route53.listHostedZones({}, function (error, result) {
+            if (error) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+
+            var zone = result.HostedZones.filter(function (zone) {
+                return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
+            })[0];
+
+            if (!zone) return callback(new SubdomainError(SubdomainError.NOT_FOUND, 'no such zone'));
+
+            callback(null, zone);
+        });
+    });
+}
+
+function add(zoneName, subdomain, type, values, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);
+
+    getZoneByName(zoneName, function (error, zone) {
+        if (error) return callback(error);
+
+        var fqdn = config.appFqdn(subdomain);
+        var records = values.map(function (v) { return { Value: v }; });
+
+        var params = {
+            ChangeBatch: {
+                Changes: [{
+                    Action: 'UPSERT',
+                    ResourceRecordSet: {
+                        Type: type,
+                        Name: fqdn,
+                        ResourceRecords: records,
+                        Weight: 0,
+                        SetIdentifier: fqdn,
+                        TTL: 1
+                    }
+                }]
+            },
+            HostedZoneId: zone.Id
+        };
+
+        getDnsCredentials(function (error, credentials) {
+            if (error) return callback(error);
+
+            var route53 = new AWS.Route53(credentials);
+            route53.changeResourceRecordSets(params, function(error, result) {
+                if (error && error.code === 'PriorRequestNotComplete') {
+                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, error.message));
+                } else if (error) {
+                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, error.message));
+                }
+
+                debug('addSubdomain: success. changeInfoId:%j', result);
+
+                callback(null, result.ChangeInfo.Id);
+            });
+        });
+    });
+}
+
+function update(zoneName, subdomain, type, values, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    get(zoneName, subdomain, type, function (error, result) {
+        if (error) return callback(error);
+
+        if (_.isEqual(values, result)) return callback();
+
+        add(zoneName, subdomain, type, values, callback);
+    });
+}
+
+function get(zoneName, subdomain, type, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getZoneByName(zoneName, function (error, zone) {
+        if (error) return callback(error);
+
+        var params = {
+            HostedZoneId: zone.Id,
+            MaxItems: '1',
+            StartRecordName: (subdomain ? subdomain + '.' : '') + zoneName + '.',
+            StartRecordType: type
+        };
+
+        getDnsCredentials(function (error, credentials) {
+            if (error) return callback(error);
+
+            var route53 = new AWS.Route53(credentials);
+            route53.listResourceRecordSets(params, function (error, result) {
+                if (error) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+                if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);
+                if (result.ResourceRecordSets[0].Name !== params.StartRecordName && result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);
+
+                var values = result.ResourceRecordSets[0].ResourceRecords.map(function (record) { return record.Value; });
+
+                callback(null, values);
+            });
+        });
+    });
+}
+
+function del(zoneName, subdomain, type, values, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);
+
+    getZoneByName(zoneName, function (error, zone) {
+        if (error) return callback(error);
+
+        var fqdn = config.appFqdn(subdomain);
+        var records = values.map(function (v) { return { Value: v }; });
+
+        var resourceRecordSet = {
+            Name: fqdn,
+            Type: type,
+            ResourceRecords: records,
+            Weight: 0,
+            SetIdentifier: fqdn,
+            TTL: 1
+        };
+
+        var params = {
+            ChangeBatch: {
+                Changes: [{
+                    Action: 'DELETE',
+                    ResourceRecordSet: resourceRecordSet
+                }]
+            },
+            HostedZoneId: zone.Id
+        };
+
+        getDnsCredentials(function (error, credentials) {
+            if (error) return callback(error);
+
+            var route53 = new AWS.Route53(credentials);
+            route53.changeResourceRecordSets(params, function(error, result) {
+                if (error && error.message && error.message.indexOf('it was not found') !== -1) {
+                    debug('delSubdomain: resource record set not found.', error);
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error && error.code === 'NoSuchHostedZone') {
+                    debug('delSubdomain: hosted zone not found.', error);
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error && error.code === 'PriorRequestNotComplete') {
+                    debug('delSubdomain: resource is still busy', error);
+                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, new Error(error)));
+                } else if (error && error.code === 'InvalidChangeBatch') {
+                    debug('delSubdomain: invalid change batch. No such record to be deleted.');
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error) {
+                    debug('delSubdomain: error', error);
+                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+                }
+
+                callback(null);
+            });
+        });
+    });
+}
+
+function getChangeStatus(changeId, callback) {
+    assert.strictEqual(typeof changeId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (changeId === '') return callback(null, 'INSYNC');
+
+    getDnsCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var route53 = new AWS.Route53(credentials);
+        route53.getChange({ Id: changeId }, function (error, result) {
+            if (error) return callback(error);
+
+            callback(null, result.ChangeInfo.Status);
+        });
+    });
+}
@@ -1,42 +1,343 @@
 'use strict';

-var Docker = require('dockerode'),
-    fs = require('fs'),
-    os = require('os'),
-    path = require('path'),
-    url = require('url');
+var addons = require('./addons.js'),
+    async = require('async'),
+    assert = require('assert'),
+    config = require('./config.js'),
+    debug = require('debug')('box:src/docker.js'),
+    Docker = require('dockerode'),
+    safe = require('safetydance'),
+    semver = require('semver'),
+    util = require('util');

-exports = module.exports = (function () {
+exports = module.exports = {
+    connection: connectionInstance(),
+    downloadImage: downloadImage,
+    createContainer: createContainer,
+    startContainer: startContainer,
+    stopContainer: stopContainer,
+    stopContainers: stopContainers,
+    deleteContainer: deleteContainer,
+    deleteImage: deleteImage,
+    deleteContainers: deleteContainers,
+    createSubcontainer: createSubcontainer
+};
+
+function connectionInstance() {
    var docker;
-    var options = connectOptions(); // the real docker

    if (process.env.BOX_ENV === 'test') {
        // test code runs a docker proxy on this port
        docker = new Docker({ host: 'http://localhost', port: 5687 });
+
+        // proxy code uses this to route to the real docker
+        docker.options = { socketPath: '/var/run/docker.sock' };
    } else {
-        docker = new Docker(options);
+        docker = new Docker({ socketPath: '/var/run/docker.sock' });
    }

-    // proxy code uses this to route to the real docker
-    docker.options = options;
-
    return docker;
-})();
-
-function connectOptions() {
-    if (os.platform() === 'linux') return { socketPath: '/var/run/docker.sock' };
-
-    // boot2docker configuration
-    var DOCKER_CERT_PATH = process.env.DOCKER_CERT_PATH || path.join(process.env.HOME, '.boot2docker/certs/boot2docker-vm');
-    var DOCKER_HOST = process.env.DOCKER_HOST || 'tcp://192.168.59.103:2376';
-
-    return {
-        protocol: 'https',
-        host: url.parse(DOCKER_HOST).hostname,
-        port: url.parse(DOCKER_HOST).port,
-        ca: fs.readFileSync(path.join(DOCKER_CERT_PATH, 'ca.pem')),
-        cert: fs.readFileSync(path.join(DOCKER_CERT_PATH, 'cert.pem')),
-        key: fs.readFileSync(path.join(DOCKER_CERT_PATH, 'key.pem'))
-    };
 }

+function debugApp(app, args) {
+    assert(!app || typeof app === 'object');
+
+    var prefix = app ? (app.location || '(bare)') : '(no app)';
+    debug(prefix + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
+}
+
+function targetBoxVersion(manifest) {
+    if ('targetBoxVersion' in manifest) return manifest.targetBoxVersion;
+
+    if ('minBoxVersion' in manifest) return manifest.minBoxVersion;
+
+    return '0.0.1';
+}
+
+function pullImage(manifest, callback) {
+    var docker = exports.connection;
+
+    docker.pull(manifest.dockerImage, function (err, stream) {
+        if (err) return callback(new Error('Error connecting to docker. statusCode: %s' + err.statusCode));
+
+        // https://github.com/dotcloud/docker/issues/1074 says each status message
+        // is emitted as a chunk
+        stream.on('data', function (chunk) {
+            var data = safe.JSON.parse(chunk) || { };
+            debug('pullImage data: %j', data);
+
+            // The information here is useless because this is per layer as opposed to per image
+            if (data.status) {
+                // debugApp(app, 'progress: %s', data.status); // progressDetail { current, total }
+            } else if (data.error) {
+                debug('pullImage error detail: %s', data.errorDetail.message);
+            }
+        });
+
+        stream.on('end', function () {
+            debug('downloaded image %s successfully', manifest.dockerImage);
+
+            var image = docker.getImage(manifest.dockerImage);
+
+            image.inspect(function (err, data) {
+                if (err) return callback(new Error('Error inspecting image:' + err.message));
+                if (!data || !data.Config) return callback(new Error('Missing Config in image:' + JSON.stringify(data, null, 4)));
+                if (!data.Config.Entrypoint && !data.Config.Cmd) return callback(new Error('Only images with entry point are allowed'));
+
+                debug('This image exposes ports: %j', data.Config.ExposedPorts);
+
+                callback(null);
+            });
+        });
+
+        stream.on('error', function (error) {
+            debug('error pulling image %s : %j', manifest.dockerImage, error);
+
+            callback(error);
+        });
+    });
+}
+
+function downloadImage(manifest, callback) {
+    assert.strictEqual(typeof manifest, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('downloadImage %s', manifest.dockerImage);
+
+    var attempt = 1;
+
+    async.retry({ times: 5, interval: 15000 }, function (retryCallback) {
+        debug('Downloading image. attempt: %s', attempt++);
+
+        pullImage(manifest, function (error) {
+            if (error) console.error(error);
+
+            retryCallback(error);
+        });
+    }, callback);
+}
+
+function createSubcontainer(app, cmd, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert(!cmd || util.isArray(cmd));
+    assert.strictEqual(typeof callback, 'function');
+
+    var docker = exports.connection,
+        isAppContainer = !cmd;
+
+    var manifest = app.manifest;
+    var exposedPorts = {}, dockerPortBindings = { };
+    var stdEnv = [
+        'CLOUDRON=1',
+        'WEBADMIN_ORIGIN=' + config.adminOrigin(),
+        'API_ORIGIN=' + config.adminOrigin(),
+        'APP_ORIGIN=https://' + config.appFqdn(app.location),
+        'APP_DOMAIN=' + config.appFqdn(app.location)
+    ];
+
+    // docker portBindings requires ports to be exposed
+    exposedPorts[manifest.httpPort + '/tcp'] = {};
+
+    dockerPortBindings[manifest.httpPort + '/tcp'] = [ { HostIp: '127.0.0.1', HostPort: app.httpPort + '' } ];
+
+    var portEnv = [];
+    for (var e in app.portBindings) {
+        var hostPort = app.portBindings[e];
+        var containerPort = manifest.tcpPorts[e].containerPort || hostPort;
+
+        exposedPorts[containerPort + '/tcp'] = {};
+        portEnv.push(e + '=' + hostPort);
+
+        dockerPortBindings[containerPort + '/tcp'] = [ { HostIp: '0.0.0.0', HostPort: hostPort + '' } ];
+    }
+
+    var memoryLimit = manifest.memoryLimit || 1024 * 1024 * 200; // 200mb by default
+
+    addons.getEnvironment(app, function (error, addonEnv) {
+        if (error) return callback(new Error('Error getting addon environment : ' + error));
+
+        var containerOptions = {
+            // do _not_ set hostname to app fqdn. doing so sets up the dns name to look up the internal docker ip. this makes curl from within container fail
+            Hostname: semver.gte(targetBoxVersion(app.manifest), '0.0.77') ? app.location : config.appFqdn(app.location),
+            Tty: isAppContainer,
+            Image: app.manifest.dockerImage,
+            Cmd: cmd,
+            Env: stdEnv.concat(addonEnv).concat(portEnv),
+            ExposedPorts: isAppContainer ? exposedPorts : { },
+            Volumes: { // see also ReadonlyRootfs
+                '/tmp': {},
+                '/run': {}
+            },
+            Labels: {
+                "location": app.location,
+                "appId": app.id,
+                "isSubcontainer": String(!isAppContainer)
+            },
+            HostConfig: {
+                Binds: addons.getBindsSync(app, app.manifest.addons),
+                Memory: memoryLimit / 2,
+                MemorySwap: memoryLimit, // Memory + Swap
+                PortBindings: isAppContainer ? dockerPortBindings : { },
+                PublishAllPorts: false,
+                ReadonlyRootfs: semver.gte(targetBoxVersion(app.manifest), '0.0.66'), // see also Volumes in startContainer
+                Links: addons.getLinksSync(app, app.manifest.addons),
+                RestartPolicy: {
+                    "Name": isAppContainer ? "always" : "no",
+                    "MaximumRetryCount": 0
+                },
+                CpuShares: 512, // relative to 1024 for system processes
+                VolumesFrom: isAppContainer ? null : [ app.containerId + ":rw" ],
+                SecurityOpt: config.CLOUDRON ? [ "apparmor:docker-cloudron-app" ] : null // profile available only on cloudron
+            }
+        };
+
+        // older versions wanted a writable /var/log
+        if (semver.lte(targetBoxVersion(app.manifest), '0.0.71')) containerOptions.Volumes['/var/log'] = {};
+
+        debugApp(app, 'Creating container for %s', app.manifest.dockerImage);
+
+        docker.createContainer(containerOptions, callback);
+    });
+}
+
+function createContainer(app, callback) {
+    createSubcontainer(app, null, callback);
+}
+
+function startContainer(containerId, callback) {
+    assert.strictEqual(typeof containerId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var docker = exports.connection;
+
+    var container = docker.getContainer(containerId);
+    debug('Starting container %s', containerId);
+
+    container.start(function (error) {
+        if (error && error.statusCode !== 304) return callback(new Error('Error starting container :' + error));
+
+        return callback(null);
+    });
+}
+
+function stopContainer(containerId, callback) {
+    assert(!containerId || typeof containerId === 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (!containerId) {
+        debug('No previous container to stop');
+        return callback();
+    }
+
+    var docker = exports.connection;
+    var container = docker.getContainer(containerId);
+    debug('Stopping container %s', containerId);
+
+    var options = {
+        t: 10 // wait for 10 seconds before killing it
+    };
+
+    container.stop(options, function (error) {
+        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error stopping container:' + error));
+
+        debug('Waiting for container ' + containerId);
+
+        container.wait(function (error, data) {
+            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error waiting on container:' + error));
+
+            debug('Container %s stopped with status code [%s]', containerId, data ? String(data.StatusCode) : '');
+
+            return callback(null);
+        });
+    });
+}
+
+function deleteContainer(containerId, callback) {
+    assert(!containerId || typeof containerId === 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('deleting container %s', containerId);
+
+    if (containerId === null) return callback(null);
+
+    var docker = exports.connection;
+    var container = docker.getContainer(containerId);
+
+    var removeOptions = {
+        force: true, // kill container if it's running
+        v: true // removes volumes associated with the container (but not host mounts)
+    };
+
+    container.remove(removeOptions, function (error) {
+        if (error && error.statusCode === 404) return callback(null);
+
+        if (error) debug('Error removing container %s : %j', containerId, error);
+
+        callback(error);
+    });
+}
+
+function deleteContainers(appId, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var docker = exports.connection;
+
+    debug('deleting containers of %s', appId);
+
+    docker.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
+        if (error) return callback(error);
+
+        async.eachSeries(containers, function (container, iteratorDone) {
+            deleteContainer(container.Id, iteratorDone);
+        }, callback);
+    });
+}
+
+function stopContainers(appId, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var docker = exports.connection;
+
+    debug('stopping containers of %s', appId);
+
+    docker.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
+        if (error) return callback(error);
+
+        async.eachSeries(containers, function (container, iteratorDone) {
+            stopContainer(container.Id, iteratorDone);
+        }, callback);
+    });
+}
+
+function deleteImage(manifest, callback) {
+    assert(!manifest || typeof manifest === 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var dockerImage = manifest ? manifest.dockerImage : null;
+    if (!dockerImage) return callback(null);
+
+    var docker = exports.connection;
+
+    docker.getImage(dockerImage).inspect(function (error, result) {
+        if (error && error.statusCode === 404) return callback(null);
+
+        if (error) return callback(error);
+
+        var removeOptions = {
+            force: true,
+            noprune: false
+        };
+
+         // delete image by id because 'docker pull' pulls down all the tags and this is the only way to delete all tags
+        docker.getImage(result.Id).remove(removeOptions, function (error) {
+            if (error && error.statusCode === 404) return callback(null);
+            if (error && error.statusCode === 409) return callback(null); // another container using the image
+
+            if (error) debug('Error removing image %s : %j', dockerImage, error);
+
+            callback(error);
+        });
+    });
+}
@@ -0,0 +1,103 @@
+'use strict';
+
+var assert = require('assert'),
+    async = require('async'),
+    authcodedb = require('./authcodedb.js'),
+    debug = require('debug')('box:src/janitor'),
+    docker = require('./docker.js').connection,
+    tokendb = require('./tokendb.js');
+
+exports = module.exports = {
+    cleanupTokens: cleanupTokens,
+    cleanupDockerVolumes: cleanupDockerVolumes
+};
+
+var NOOP_CALLBACK = function () { };
+
+function ignoreError(func) {
+    return function (callback) {
+        func(function (error) {
+            if (error) console.error('Ignored error:', error);
+
+            callback();
+        });
+    };
+}
+
+function cleanupExpiredTokens(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    tokendb.delExpired(function (error, result) {
+        if (error) return callback(error);
+
+        debug('Cleaned up %s expired tokens.', result);
+
+        callback(null);
+    });
+}
+
+function cleanupExpiredAuthCodes(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    authcodedb.delExpired(function (error, result) {
+        if (error) return callback(error);
+
+        debug('Cleaned up %s expired authcodes.', result);
+
+        callback(null);
+    });
+}
+
+function cleanupTokens(callback) {
+    assert(!callback || typeof callback === 'function'); // callback is null when called from cronjob
+
+    debug('Cleaning up expired tokens');
+
+    async.series([
+        ignoreError(cleanupExpiredTokens),
+        ignoreError(cleanupExpiredAuthCodes)
+    ], callback);
+}
+
+function cleanupTmpVolume(containerInfo, callback) {
+    assert.strictEqual(typeof containerInfo, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var cmd = 'find /tmp -mtime +10 -exec rm -rf {} +'.split(' '); // 10 days old
+
+    debug('cleanupTmpVolume %j', containerInfo.Names);
+
+    docker.getContainer(containerInfo.Id).exec({ Cmd: cmd, AttachStdout: true, AttachStderr: true, Tty: false }, function (error, execContainer) {
+        if (error) return callback(new Error('Failed to exec container : ' + error.message));
+
+        execContainer.start(function(err, stream) {
+            if (error) return callback(new Error('Failed to start exec container : ' + error.message));
+
+            stream.on('error', callback);
+            stream.on('end', callback);
+
+            stream.setEncoding('utf8');
+            stream.pipe(process.stdout);
+        });
+    });
+}
+
+function cleanupDockerVolumes(callback) {
+    assert(!callback || typeof callback === 'function'); // callback is null when called from cronjob
+
+    callback = callback || NOOP_CALLBACK;
+
+    debug('Cleaning up docker volumes');
+
+    docker.listContainers({ all: 0 }, function (error, containers) {
+        if (error) return callback(error);
+
+        async.eachSeries(containers, function (container, iteratorDone) {
+            cleanupTmpVolume(container, function (error) {
+                if (error) debug('Error cleaning tmp: %s', error);
+
+                iteratorDone(); // intentionally ignore error
+            });
+        }, callback);
+    });
+}
@@ -2,9 +2,9 @@

 Dear <%= user.username %>,

-I am excited to welcome you to my Cloudron <%= fqdn %>!
+Welcome to my Cloudron <%= fqdn %>!

-The Cloudron is our own Private Cloud. You can read more about it
+The Cloudron is our own Smart Server. You can read more about it
 at https://www.cloudron.io.

           You username is '<%= user.username %>'
@@ -25,16 +25,16 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
+    cloudron = require('./cloudron.js'),
    config = require('./config.js'),
    debug = require('debug')('box:mailer'),
-    digitalocean = require('./digitalocean.js'),
-    docker = require('./docker.js'),
+    dns = require('native-dns'),
+    docker = require('./docker.js').connection,
    ejs = require('ejs'),
    nodemailer = require('nodemailer'),
    path = require('path'),
    safe = require('safetydance'),
    smtpTransport = require('nodemailer-smtp-transport'),
-    sysinfo = require('./sysinfo.js'),
    userdb = require('./userdb.js'),
    util = require('util'),
    _ = require('underscore');
@@ -48,13 +48,20 @@ var gMailQueue = [ ],
 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    checkDns();
+    if (cloudron.isActivatedSync()) {
+        checkDns();
+    } else {
+        cloudron.events.on(cloudron.EVENT_ACTIVATED, checkDns);
+    }
+
    callback(null);
 }

 function uninitialize(callback) {
    assert.strictEqual(typeof callback, 'function');

+    cloudron.events.removeListener(cloudron.EVENT_ACTIVATED, checkDns);
+
    // TODO: interrupt processQueue as well
    clearTimeout(gCheckDnsTimerId);
    gCheckDnsTimerId = null;
@@ -65,15 +72,59 @@ function uninitialize(callback) {
    callback(null);
 }

+function getTxtRecords(callback) {
+    dns.resolveNs(config.zoneName(), function (error, nameservers) {
+        if (error || !nameservers) return callback(error || new Error('Unable to get nameservers'));
+
+        var nameserver = nameservers[0];
+
+        dns.resolve4(nameserver, function (error, nsIps) {
+            if (error || !nsIps || nsIps.length === 0) return callback(error);
+
+            var req = dns.Request({
+                question: dns.Question({ name: config.fqdn(), type: 'TXT' }),
+                server: { address: nsIps[0] },
+                timeout: 5000
+            });
+
+            req.on('timeout', function () { return callback(new Error('ETIMEOUT')); });
+
+            req.on('message', function (error, message) {
+                if (error || !message.answer || message.answer.length === 0) return callback(null, null);
+
+                var records = message.answer.map(function (a) { return a.data[0]; });
+                callback(null, records);
+            });
+
+            req.send();
+        });
+    });
+}
+
 function checkDns() {
-    digitalocean.checkPtrRecord(sysinfo.getIp(), config.fqdn(), function (error, ok) {
-        if (error || !ok) {
-            debug('PTR record not setup yet');
-            gCheckDnsTimerId = setTimeout(checkDns, 10000);
+    getTxtRecords(function (error, records) {
+        if (error || !records) {
+            debug('checkDns: DNS error or no records looking up TXT records for %s %s', config.fqdn(), error, records);
+            gCheckDnsTimerId = setTimeout(checkDns, 60000);
            return;
        }

-        gDnsReady = true;
+        var allowedToSendMail = false;
+
+        for (var i = 0; i < records.length; i++) {
+            if (records[i].indexOf('v=spf1 ') !== 0) continue; // not SPF
+
+            allowedToSendMail = records[i].indexOf('a:' + config.fqdn()) !== -1;
+            break; // only one SPF record can exist (https://support.google.com/a/answer/4568483?hl=en)
+        }
+
+        if (!allowedToSendMail) {
+            debug('checkDns: SPF records disallow sending email from cloudron. %j', records);
+            gCheckDnsTimerId = setTimeout(checkDns, 60000);
+            return;
+        }
+
+        debug('checkDns: SPF check passed. commencing mail processing');
        processQueue();
    });
 }
@@ -1,8 +0,0 @@
-'use strict';
-
-module.exports = function contentType(type) {
-    return function (req, res, next) {
-        res.setHeader('Content-Type', type);
-        next();
-    };
-};
@@ -1,7 +1,6 @@
 'use strict';

 exports = module.exports = {
-    contentType: require('./contentType'),
    cookieParser: require('cookie-parser'),
    cors: require('./cors'),
    csrf: require('csurf'),
@@ -1,4 +1,4 @@
-<% include header %>
+<!-- callback tester -->

 <script>

@@ -43,5 +43,3 @@ if (code && redirectURI) {
 }

 </script>
-
-<% include footer %>;
@@ -1,5 +1,7 @@
 <% include header %>

+<!-- error tester -->
+
 <br/>

 <div class="container">
@@ -32,7 +32,7 @@
        <div class="container-fluid">
            <div class="navbar-header">
                <span class="navbar-brand navbar-brand-icon"><img src="/api/v1/cloudron/avatar" width="40" height="40"/></span>
-                <span class="navbar-brand"><%= cloudronName %></span>
+                <span class="navbar-brand">Cloudron</span>
            </div>
        </div>
    </nav>
@@ -1,5 +1,7 @@
 <% include header %>

+<!-- login tester -->
+
 <div class="container">
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
@@ -9,12 +9,14 @@ var appdb = require('./appdb.js'),
    assert = require('assert'),
    clientdb = require('./clientdb.js'),
    config = require('./config.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:proxy'),
    express = require('express'),
    http = require('http'),
    proxy = require('proxy-middleware'),
    session = require('cookie-session'),
    superagent = require('superagent'),
+    tokendb = require('./tokendb.js'),
    url = require('url'),
    uuid = require('node-uuid');

@@ -24,13 +26,20 @@ var gHttpServer = null;

 var CALLBACK_URI = '/callback';

+function clearSession(req) {
+    delete gSessions[req.session.id];
+
+    req.session.id = uuid.v4();
+    gSessions[req.session.id] = {};
+
+    req.sessionData = gSessions[req.session.id];
+
+}
+
 function attachSessionData(req, res, next) {
    assert.strictEqual(typeof req.session, 'object');

-    if (!req.session.id || !gSessions[req.session.id]) {
-        req.session.id = uuid.v4();
-        gSessions[req.session.id] = {};
-    }
+    if (!req.session.id || !gSessions[req.session.id]) clearSession(req);

    // attach the session data to the requeset
    req.sessionData = gSessions[req.session.id];
@@ -46,16 +55,10 @@ function verifySession(req, res, next) {
        return next();
    }

-    // use http admin origin so that it works with self-signed certs
-    superagent
-        .get(config.internalAdminOrigin() + '/api/v1/profile')
-        .query({ access_token: req.sessionData.accessToken})
-        .end(function (error, result) {
-        if (error) {
-            console.error(error);
-            req.authenticated = false;
-        } else if (result.statusCode !== 200) {
-            req.sessionData.accessToken = null;
+    tokendb.get(req.sessionData.accessToken, function (error, token) {
+        if (error)  {
+            if (error.reason !== DatabaseError.NOT_FOUND) console.error(error);
+            clearSession(req);
            req.authenticated = false;
        } else {
            req.authenticated = true;
@@ -121,7 +124,7 @@ function authenticate(req, res, next) {
                return res.send(500, 'Unknown app.');
            }

-            clientdb.getByAppId('proxy-' + result.id, function (error, result) {
+            clientdb.getByAppIdAndType(result.id, clientdb.TYPE_PROXY, function (error, result) {
                if (error) {
                    console.error('Unkonwn OAuth client.', error);
                    return res.send(500, 'Unknown OAuth client.');
@@ -133,7 +136,7 @@ function authenticate(req, res, next) {
                req.sessionData.clientSecret = result.clientSecret;

                var callbackUrl = result.redirectURI + CALLBACK_URI;
-                var scope = 'profile,roleUser';
+                var scope = 'profile';
                var oauthLogin = config.adminOrigin() + '/api/v1/oauth/dialog/authorize?response_type=code&client_id=' + result.id + '&redirect_uri=' + callbackUrl + '&scope=' + scope;

                debug('begin OAuth flow for client %s.', result.name);
@@ -12,6 +12,9 @@ exports = module.exports = {
    NGINX_CERT_DIR: path.join(config.baseDir(), 'data/nginx/cert'),

    ADDON_CONFIG_DIR: path.join(config.baseDir(), 'data/addons'),
+    SCHEDULER_FILE: path.join(config.baseDir(), 'data/addons/scheduler.json'),
+
+    DNS_IN_SYNC_FILE: path.join(config.baseDir(), 'data/dns_in_sync'),

    COLLECTD_APPCONFIG_DIR: path.join(config.baseDir(), 'data/collectd/collectd.conf.d'),

@@ -19,6 +22,7 @@ exports = module.exports = {
    BOX_DATA_DIR: path.join(config.baseDir(), 'data/box'),
    // this is not part of appdata because an icon may be set before install
    APPICONS_DIR: path.join(config.baseDir(), 'data/box/appicons'),
+    APP_CERTS_DIR: path.join(config.baseDir(), 'data/box/certs'),
    MAIL_DATA_DIR: path.join(config.baseDir(), 'data/box/mail'),

    CLOUDRON_AVATAR_FILE: path.join(config.baseDir(), 'data/box/avatar.png'),
@@ -114,21 +114,27 @@ function installApp(req, res, next) {
    if (typeof data.appStoreId !== 'string') return next(new HttpError(400, 'appStoreId is required'));
    if (typeof data.location !== 'string') return next(new HttpError(400, 'location is required'));
    if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
-    if (typeof data.accessRestriction !== 'string') return next(new HttpError(400, 'accessRestriction is required'));
+    if (typeof data.accessRestriction !== 'object') return next(new HttpError(400, 'accessRestriction is required'));
    if (typeof data.oauthProxy !== 'boolean') return next(new HttpError(400, 'oauthProxy must be a boolean'));
    if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));
+    if (data.cert && typeof data.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
+    if (data.key && typeof data.key !== 'string') return next(new HttpError(400, 'key must be a string'));
+    if (data.cert && !data.key) return next(new HttpError(400, 'key must be provided'));
+    if (!data.cert && data.key) return next(new HttpError(400, 'cert must be provided'));

    // allow tests to provide an appId for testing
    var appId = (process.env.BOX_ENV === 'test' && typeof data.appId === 'string') ? data.appId : uuid.v4();

-    debug('Installing app id:%s storeid:%s loc:%s port:%j restrict:%s oauthproxy:%s manifest:%j', appId, data.appStoreId, data.location, data.portBindings, data.accessRestriction, data.oauthProxy, data.manifest);
+    debug('Installing app id:%s storeid:%s loc:%s port:%j accessRestriction:%j oauthproxy:%s manifest:%j', appId, data.appStoreId, data.location, data.portBindings, data.accessRestriction, data.oauthProxy, data.manifest);

-    apps.install(appId, data.appStoreId, data.manifest, data.location, data.portBindings || null, data.accessRestriction, data.oauthProxy, data.icon || null, function (error) {
+    apps.install(appId, data.appStoreId, data.manifest, data.location, data.portBindings || null, data.accessRestriction, data.oauthProxy, data.icon || null, data.cert || null, data.key || null, function (error) {
        if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.'));
        if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.'));
        if (error && error.reason === AppsError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === AppsError.BILLING_REQUIRED) return next(new HttpError(402, 'Billing required'));
+        if (error && error.reason === AppsError.BAD_CERTIFICATE) return next(new HttpError(400, error.message));
+        if (error && error.reason === AppsError.USER_REQUIRED) return next(new HttpError(400, 'accessRestriction must specify one user'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, { id: appId } ));
@@ -151,18 +157,23 @@ function configureApp(req, res, next) {
    if (!data) return next(new HttpError(400, 'Cannot parse data field'));
    if (typeof data.location !== 'string') return next(new HttpError(400, 'location is required'));
    if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
-    if (typeof data.accessRestriction !== 'string') return next(new HttpError(400, 'accessRestriction is required'));
+    if (typeof data.accessRestriction !== 'object') return next(new HttpError(400, 'accessRestriction is required'));
    if (typeof data.oauthProxy !== 'boolean') return next(new HttpError(400, 'oauthProxy must be a boolean'));
+    if (data.cert && typeof data.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
+    if (data.key && typeof data.key !== 'string') return next(new HttpError(400, 'key must be a string'));
+    if (data.cert && !data.key) return next(new HttpError(400, 'key must be provided'));
+    if (!data.cert && data.key) return next(new HttpError(400, 'cert must be provided'));

-    debug('Configuring app id:%s location:%s bindings:%j', req.params.id, data.location, data.portBindings);
+    debug('Configuring app id:%s location:%s bindings:%j accessRestriction:%j oauthProxy:%s', req.params.id, data.location, data.portBindings, data.accessRestriction, data.oauthProxy);

-    apps.configure(req.params.id, data.location, data.portBindings || null, data.accessRestriction, data.oauthProxy, function (error) {
+    apps.configure(req.params.id, data.location, data.portBindings || null, data.accessRestriction, data.oauthProxy, data.cert || null, data.key || null, function (error) {
        if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.'));
        if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.'));
        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
        if (error && error.reason === AppsError.BAD_STATE) return next(new HttpError(409, error.message));
        if (error && error.reason === AppsError.BAD_FIELD) return next(new HttpError(400, error.message));
+        if (error && error.reason === AppsError.BAD_CERTIFICATE) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, { }));
@@ -256,7 +267,7 @@ function updateApp(req, res, next) {
    if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));
    if ('force' in data && typeof data.force !== 'boolean') return next(new HttpError(400, 'force must be a boolean'));

-    debug('Update app id:%s to manifest:%j', req.params.id, data.manifest);
+    debug('Update app id:%s to manifest:%j with portBindings:%j', req.params.id, data.manifest, data.portBindings);

    apps.update(req.params.id, data.force || false, data.manifest, data.portBindings, data.icon, function (error) {
        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
@@ -5,7 +5,6 @@
 exports = module.exports = {
    add: add,
    get: get,
-    update: update,
    del: del,
    getAllByUserId: getAllByUserId,
    getClientTokens: getClientTokens,
@@ -13,12 +12,13 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    validUrl = require('valid-url'),
+    clientdb = require('../clientdb.js'),
    clients = require('../clients.js'),
    ClientsError = clients.ClientsError,
    DatabaseError = require('../databaseerror.js'),
    HttpError = require('connect-lastmile').HttpError,
-    HttpSuccess = require('connect-lastmile').HttpSuccess;
+    HttpSuccess = require('connect-lastmile').HttpSuccess,
+    validUrl = require('valid-url');

 function add(req, res, next) {
    var data = req.body;
@@ -29,10 +29,7 @@ function add(req, res, next) {
    if (typeof data.scope !== 'string' || !data.scope) return next(new HttpError(400, 'scope is required'));
    if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));

-    // prefix as this route only allows external apps for developers
-    var appId = 'external-' + data.appId;
-
-    clients.add(appId, data.redirectURI, data.scope, function (error, result) {
+    clients.add(data.appId, clientdb.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
        if (error && error.reason === ClientsError.INVALID_SCOPE) return next(new HttpError(400, 'Invalid scope'));
        if (error) return next(new HttpError(500, error));
        next(new HttpSuccess(201, result));
@@ -49,22 +46,6 @@ function get(req, res, next) {
    });
 }

-function update(req, res, next) {
-    assert.strictEqual(typeof req.params.clientId, 'string');
-
-    var data = req.body;
-
-    if (!data) return next(new HttpError(400, 'Cannot parse data field'));
-    if (typeof data.appId !== 'string' || !data.appId) return next(new HttpError(400, 'appId is required'));
-    if (typeof data.redirectURI !== 'string' || !data.redirectURI) return next(new HttpError(400, 'redirectURI is required'));
-    if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
-
-    clients.update(req.params.clientId, data.appId, data.redirectURI, function (error, result) {
-        if (error) return next(new HttpError(500, error));
-        next(new HttpSuccess(202, result));
-    });
-}
-
 function del(req, res, next) {
    assert.strictEqual(typeof req.params.clientId, 'string');

@@ -11,7 +11,6 @@ exports = module.exports = {
    getConfig: getConfig,
    update: update,
    migrate: migrate,
-    setCertificate: setCertificate,
    feedback: feedback
 };

@@ -25,7 +24,6 @@ var assert = require('assert'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    superagent = require('superagent'),
-    safe = require('safetydance'),
    updateChecker = require('../updatechecker.js');

 /**
@@ -44,22 +42,19 @@ function activate(req, res, next) {
    if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));
    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
-    if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));

    var username = req.body.username;
    var password = req.body.password;
    var email = req.body.email;
-    var name = req.body.name || null;

    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
    debug('activate: username:%s ip:%s', username, ip);

-    cloudron.activate(username, password, email, name, ip, function (error, info) {
+    cloudron.activate(username, password, email, ip, function (error, info) {
        if (error && error.reason === CloudronError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));
        if (error && error.reason === CloudronError.BAD_USERNAME) return next(new HttpError(400, 'Bad username'));
        if (error && error.reason === CloudronError.BAD_PASSWORD) return next(new HttpError(400, 'Bad password'));
        if (error && error.reason === CloudronError.BAD_EMAIL) return next(new HttpError(400, 'Bad email'));
-        if (error && error.reason === CloudronError.BAD_NAME) return next(new HttpError(400, 'Bad name'));
        if (error) return next(new HttpError(500, error));

        // Now let the api server know we got activated
@@ -143,23 +138,6 @@ function migrate(req, res, next) {
    });
 }

-function setCertificate(req, res, next) {
-    assert.strictEqual(typeof req.files, 'object');
-
-    if (!req.files.certificate) return next(new HttpError(400, 'certificate must be provided'));
-    var certificate = safe.fs.readFileSync(req.files.certificate.path, 'utf8');
-
-    if (!req.files.key) return next(new HttpError(400, 'key must be provided'));
-    var key = safe.fs.readFileSync(req.files.key.path, 'utf8');
-
-    cloudron.setCertificate(certificate, key, function (error) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
-
-        next(new HttpSuccess(202, {}));
-    });
-}
-
 function feedback(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

@@ -3,6 +3,7 @@
 'use strict';

 var assert = require('assert'),
+    apps = require('../apps'),
    authcodedb = require('../authcodedb'),
    clientdb = require('../clientdb'),
    config = require('../config.js'),
@@ -27,34 +28,21 @@ var assert = require('assert'),
 // create OAuth 2.0 server
 var gServer = oauth2orize.createServer();

+
 // Register serialialization and deserialization functions.
 //
-// When a client redirects a user to user authorization endpoint, an
-// authorization transaction is initiated.  To complete the transaction, the
-// user must authenticate and approve the authorization request.  Because this
-// may involve multiple HTTP request/response exchanges, the transaction is
-// stored in the session.
-//
-// An application must supply serialization functions, which determine how the
-// client object is serialized into the session.  Typically this will be a
-// simple matter of serializing the client's ID, and deserializing by finding
-// the client by ID from the database.
+// The client id is stored in the session and can thus be retrieved for each
+// step in the oauth flow transaction, which involves multiple http requests.

 gServer.serializeClient(function (client, callback) {
-    debug('server serialize:', client);
-
    return callback(null, client.id);
 });

 gServer.deserializeClient(function (id, callback) {
-    debug('server deserialize:', id);
-
-    clientdb.get(id, function (error, client) {
-        if (error) { return callback(error); }
-        return callback(null, client);
-    });
+    clientdb.get(id, callback);
 });

+
 // Register supported grant types.

 // Grant authorization codes.  The callback takes the `client` requesting
@@ -64,21 +52,17 @@ gServer.deserializeClient(function (id, callback) {
 // the application.  The application issues a code, which is bound to these
 // values, and will be exchanged for an access token.

-// we use , (comma) as scope separator
 gServer.grant(oauth2orize.grant.code({ scopeSeparator: ',' }, function (client, redirectURI, user, ares, callback) {
-    debug('grant code:', client, redirectURI, user.id, ares);
+    debug('grant code:', client.id, redirectURI, user.id, ares);

    var code = hat(256);
    var expiresAt = Date.now() + 60 * 60000; // 1 hour
-    var scopes = client.scope ? client.scope.split(',') : ['profile','roleUser'];
-
-    if (scopes.indexOf('roleAdmin') !== -1 && !user.admin) {
-        debug('grant code: not allowed, you need to be admin');
-        return callback(new Error('Admin capabilities required'));
-    }

    authcodedb.add(code, client.id, user.username, expiresAt, function (error) {
        if (error) return callback(error);
+
+        debug('grant code: new auth code for client %s code %s', client.id, code);
+
        callback(null, code);
    });
 }));
@@ -93,7 +77,7 @@ gServer.grant(oauth2orize.grant.token({ scopeSeparator: ',' }, function (client,
    tokendb.add(token, tokendb.PREFIX_USER + user.id, client.id, expires, client.scope, function (error) {
        if (error) return callback(error);

-        debug('new access token for client ' + client.id + ' token ' + token);
+        debug('grant token: new access token for client %s token %s', client.id, token);

        callback(null, token);
    });
@@ -123,7 +107,7 @@ gServer.exchange(oauth2orize.exchange.code(function (client, code, redirectURI,
            tokendb.add(token, tokendb.PREFIX_USER + authCode.userId, authCode.clientId, expires, client.scope, function (error) {
                if (error) return callback(error);

-                debug('new access token for client ' + client.id + ' token ' + token);
+                debug('exchange: new access token for client %s token %s', client.id, token);

                callback(null, token);
            });
@@ -153,14 +137,7 @@ function renderTemplate(res, template, data) {
    assert.strictEqual(typeof template, 'string');
    assert.strictEqual(typeof data, 'object');

-    settings.getCloudronName(function (error, cloudronName) {
-        if (error) console.error(error);
-
-        // amend details which the header expects
-        data.cloudronName = cloudronName || 'Cloudron';
-
-        res.render(template, data);
-    });
+    res.render(template, data);
 }

 function sendErrorPageOrRedirect(req, res, message) {
@@ -168,7 +145,7 @@ function sendErrorPageOrRedirect(req, res, message) {
    assert.strictEqual(typeof res, 'object');
    assert.strictEqual(typeof message, 'string');

-    debug('sendErrorPageOrRedirect: returnTo "%s".', req.query.returnTo, message);
+    debug('sendErrorPageOrRedirect: returnTo %s.', req.query.returnTo, message);

    if (typeof req.query.returnTo !== 'string') {
        renderTemplate(res, 'error', {
@@ -178,11 +155,10 @@ function sendErrorPageOrRedirect(req, res, message) {
    } else {
        var u = url.parse(req.query.returnTo);
        if (!u.protocol || !u.host) {
-            renderTemplate(res, 'error', {
+            return renderTemplate(res, 'error', {
                adminOrigin: config.adminOrigin(),
                message: 'Invalid request. returnTo query is not a valid URI. ' + message
            });
-            return;
        }

        res.redirect(util.format('%s//%s', u.protocol, u.host));
@@ -202,7 +178,7 @@ function sendError(req, res, message) {
    });
 }

-// Main login form username and password
+// -> GET /api/v1/session/login
 function loginForm(req, res) {
    if (typeof req.session.returnTo !== 'string') return sendErrorPageOrRedirect(req, res, 'Invalid login request. No returnTo provided.');

@@ -222,23 +198,14 @@ function loginForm(req, res) {
    clientdb.get(u.query.client_id, function (error, result) {
        if (error) return sendError(req, res, 'Unknown OAuth client');

-        // Handle our different types of oauth clients
-        var appId = result.appId;
-        if (appId === constants.ADMIN_CLIENT_ID) {
-            return render(constants.ADMIN_NAME, '/api/v1/cloudron/avatar');
-        } else if (appId === constants.TEST_CLIENT_ID) {
-            return render(constants.TEST_NAME, '/api/v1/cloudron/avatar');
-        } else if (appId.indexOf('external-') === 0) {
-            return render('External Application', '/api/v1/cloudron/avatar');
-        } else if (appId.indexOf('addon-oauth-') === 0) {
-            appId = appId.slice('addon-oauth-'.length);
-        } else if (appId.indexOf('addon-simpleauth-') === 0) {
-            appId = appId.slice('addon-simpleauth-'.length);
-        } else if (appId.indexOf('proxy-') === 0) {
-            appId = appId.slice('proxy-'.length);
+        switch (result.type) {
+            case clientdb.TYPE_ADMIN: return render(constants.ADMIN_NAME, '/api/v1/cloudron/avatar');
+            case clientdb.TYPE_EXTERNAL: return render('External Application', '/api/v1/cloudron/avatar');
+            case clientdb.TYPE_SIMPLE_AUTH: return sendError(req, res, 'Unknown OAuth client');
+            default: break;
        }

-        appdb.get(appId, function (error, result) {
+        appdb.get(result.appId, function (error, result) {
            if (error) return sendErrorPageOrRedirect(req, res, 'Unknown Application for those OAuth credentials');

            var applicationName = result.location || config.fqdn();
@@ -247,7 +214,7 @@ function loginForm(req, res) {
    });
 }

-// performs the login POST from the login form
+// -> POST /api/v1/session/login
 function login(req, res) {
    var returnTo = req.session.returnTo || req.query.returnTo;

@@ -259,7 +226,7 @@ function login(req, res) {
    });
 }

-// ends the current session
+// -> GET /api/v1/session/logout
 function logout(req, res) {
    req.logout();

@@ -301,8 +268,6 @@ function passwordSentSite(req, res) {
 function passwordSetupSite(req, res, next) {
    if (!req.query.reset_token) return next(new HttpError(400, 'Missing reset_token'));

-    debug('passwordSetupSite: with token %s.', req.query.reset_token);
-
    user.getByResetToken(req.query.reset_token, function (error, user) {
        if (error) return next(new HttpError(401, 'Invalid reset_token'));

@@ -319,8 +284,6 @@ function passwordSetupSite(req, res, next) {
 function passwordResetSite(req, res, next) {
    if (!req.query.reset_token) return next(new HttpError(400, 'Missing reset_token'));

-    debug('passwordResetSite: with token %s.', req.query.reset_token);
-
    user.getByResetToken(req.query.reset_token, function (error, user) {
        if (error) return next(new HttpError(401, 'Invalid reset_token'));

@@ -355,50 +318,28 @@ function passwordReset(req, res, next) {
 }


-/*
-
-  The callback page takes the redirectURI and the authCode and redirects the browser accordingly
-
-*/
+// The callback page takes the redirectURI and the authCode and redirects the browser accordingly
+//
+// -> GET /api/v1/session/callback
 var callback = [
    session.ensureLoggedIn('/api/v1/session/login'),
    function (req, res) {
-        debug('callback: with callback server ' + req.query.redirectURI);
        renderTemplate(res, 'callback', { adminOrigin: config.adminOrigin(), callbackServer: req.query.redirectURI });
    }
 ];


-/*
-
-  This indicates a missing OAuth client session or invalid client ID
-
-*/
-var error = [
-    session.ensureLoggedIn('/api/v1/session/login'),
-    function (req, res) {
-        sendErrorPageOrRedirect(req, res, 'Invalid OAuth Client');
-    }
-];
-
-
-/*
-
-  The authorization endpoint is the entry point for an OAuth login.
-
-  Each app would start OAuth by redirecting the user to:
-
-    /api/v1/oauth/dialog/authorize?response_type=code&client_id=<clientId>&redirect_uri=<callbackURL>&scope=<ignored>
-
-  - First, this will ensure the user is logged in.
-  - Then in normal OAuth it would ask the user for permissions to the scopes, which we will do on app installation
-  - Then it will redirect the browser to the given <callbackURL> containing the authcode in the query
-
-  Scopes are set by the app during installation, the ones given on OAuth transaction start are simply ignored.
-
-*/
+// The authorization endpoint is the entry point for an OAuth login.
+//
+// Each app would start OAuth by redirecting the user to:
+//
+//    /api/v1/oauth/dialog/authorize?response_type=code&client_id=<clientId>&redirect_uri=<callbackURL>&scope=<ignored>
+//
+//  - First, this will ensure the user is logged in.
+//  - Then it will redirect the browser to the given <callbackURL> containing the authcode in the query
+//
+// -> GET /api/v1/oauth/dialog/authorize
 var authorization = [
-    // extract the returnTo origin and set as query param
    function (req, res, next) {
        if (!req.query.redirect_uri) return sendErrorPageOrRedirect(req, res, 'Invalid request. redirect_uri query param is not set.');
        if (!req.query.client_id) return sendErrorPageOrRedirect(req, res, 'Invalid request. client_id query param is not set.');
@@ -407,10 +348,10 @@ var authorization = [

        session.ensureLoggedIn('/api/v1/session/login?returnTo=' + req.query.redirect_uri)(req, res, next);
    },
-    gServer.authorization(function (clientID, redirectURI, callback) {
-        debug('authorization: client %s with callback to %s.', clientID, redirectURI);
+    gServer.authorization({}, function (clientId, redirectURI, callback) {
+        debug('authorization: client %s with callback to %s.', clientId, redirectURI);

-        clientdb.get(clientID, function (error, client) {
+        clientdb.get(clientId, function (error, client) {
            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, false);
            if (error) return callback(error);

@@ -421,23 +362,33 @@ var authorization = [
            callback(null, client, '/api/v1/session/callback?redirectURI=' + url.resolve(redirectOrigin, redirectPath));
        });
    }),
-    // we do not have a decision dialog, no need to load the transaction
-    gServer.decision({ loadTransaction: false }, function (req, done) {
-        debug('decision: with scope', req.oauth2.client.scope);
-        return done(null, { scope: req.oauth2.client.scope });
-    })
+    function (req, res, next) {
+        // Handle our different types of oauth clients
+        var type = req.oauth2.client.type;
+
+        if (type === clientdb.TYPE_ADMIN) return next();
+        if (type === clientdb.TYPE_EXTERNAL) return next();
+        if (type === clientdb.TYPE_SIMPLE_AUTH) return sendError(req, res, 'Unkonwn OAuth client.');
+
+        appdb.get(req.oauth2.client.appId, function (error, appObject) {
+            if (error) return sendErrorPageOrRedirect(req, res, 'Invalid request. Unknown app for this client_id.');
+
+            if (!apps.hasAccessTo(appObject, req.oauth2.user)) return sendErrorPageOrRedirect(req, res, 'No access to this app.');
+
+            next();
+        });
+    },
+    gServer.decision({ loadTransaction: false })
 ];


-/*
-
-  The token endpoint allows an OAuth client to exchange an authcode with an accesstoken.
-
-  Authcodes are obtained using the authorization endpoint. The route is authenticated by
-  providing a Basic auth with clientID as username and clientSecret as password.
-  An authcode is only good for one such exchange to an accesstoken.
-
-*/
+//  The token endpoint allows an OAuth client to exchange an authcode with an accesstoken.
+//
+//  Authcodes are obtained using the authorization endpoint. The route is authenticated by
+//  providing a Basic auth with clientID as username and clientSecret as password.
+//  An authcode is only good for one such exchange to an accesstoken.
+//
+// -> POST /api/v1/oauth/token
 var token = [
    passport.authenticate(['basic', 'oauth2-client-password'], { session: false }),
    gServer.token(),
@@ -445,18 +396,15 @@ var token = [
 ];


-/*
-
-  The scope middleware provides an auth middleware for routes.
-
-  It is used for API routes, which are authenticated using accesstokens.
-  Those accesstokens carry OAuth scopes and the middleware takes the required
-  scope as an argument and will verify the accesstoken against it.
-
-  See server.js:
-    var profileScope = routes.oauth2.scope('profile');
-
-*/
+//  The scope middleware provides an auth middleware for routes.
+//
+//  It is used for API routes, which are authenticated using accesstokens.
+//  Those accesstokens carry OAuth scopes and the middleware takes the required
+//  scope as an argument and will verify the accesstoken against it.
+//
+//  See server.js:
+//    var profileScope = routes.oauth2.scope('profile');
+//
 function scope(requestedScope) {
    assert.strictEqual(typeof requestedScope, 'string');

@@ -498,7 +446,6 @@ exports = module.exports = {
    login: login,
    logout: logout,
    callback: callback,
-    error: error,
    passwordResetRequestSite: passwordResetRequestSite,
    passwordResetRequest: passwordResetRequest,
    passwordSentSite: passwordSentSite,
@@ -10,7 +10,13 @@ exports = module.exports = {
    setCloudronName: setCloudronName,

    getCloudronAvatar: getCloudronAvatar,
-    setCloudronAvatar: setCloudronAvatar
+    setCloudronAvatar: setCloudronAvatar,
+
+    getDnsConfig: getDnsConfig,
+    setDnsConfig: setDnsConfig,
+
+    setCertificate: setCertificate,
+    setAdminCertificate: setAdminCertificate
 };

 var assert = require('assert'),
@@ -83,3 +89,54 @@ function getCloudronAvatar(req, res, next) {
        res.status(200).send(avatar);
    });
 }
+
+function getDnsConfig(req, res, next) {
+    settings.getDnsConfig(function (error, config) {
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200, config));
+    });
+}
+
+function setDnsConfig(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider is required'));
+
+    settings.setDnsConfig(req.body, function (error) {
+        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200));
+    });
+}
+
+// default fallback cert
+function setCertificate(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.cert || typeof req.body.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
+    if (!req.body.key || typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string'));
+
+    settings.setCertificate(req.body.cert, req.body.key, function (error) {
+        if (error && error.reason === SettingsError.INVALID_CERT) return next(new HttpError(400, 'cert not applicable'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(202, {}));
+    });
+}
+
+// only webadmin cert, until it can be treated just like a normal app
+function setAdminCertificate(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.cert || typeof req.body.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
+    if (!req.body.key || typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string'));
+
+    settings.setAdminCertificate(req.body.cert, req.body.key, function (error) {
+        if (error && error.reason === SettingsError.INVALID_CERT) return next(new HttpError(400, 'cert not applicable'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(202, {}));
+    });
+}
@@ -16,7 +16,7 @@ var appdb = require('../../appdb.js'),
    config = require('../../config.js'),
    constants = require('../../constants.js'),
    database = require('../../database.js'),
-    docker = require('../../docker.js'),
+    docker = require('../../docker.js').connection,
    expect = require('expect.js'),
    fs = require('fs'),
    hock = require('hock'),
@@ -25,7 +25,6 @@ var appdb = require('../../appdb.js'),
    js2xml = require('js2xmlparser'),
    net = require('net'),
    nock = require('nock'),
-    os = require('os'),
    paths = require('../../paths.js'),
    redis = require('redis'),
    request = require('superagent'),
@@ -42,21 +41,27 @@ var SERVER_URL = 'http://localhost:' + config.get('port');

 // Test image information
 var TEST_IMAGE_REPO = 'cloudron/test';
-var TEST_IMAGE_TAG = '6.0.0';
-var TEST_IMAGE_ID = '7a53b21358cd7b014d29ee85f16ac535c37c11fb1f4c124197941236eb4d7c64';
+var TEST_IMAGE_TAG = '10.0.0';
+var TEST_IMAGE_ID = child_process.execSync('docker inspect --format={{.Id}} ' + TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG).toString('utf8').trim();

 var APP_STORE_ID = 'test', APP_ID;
 var APP_LOCATION = 'appslocation';
 var APP_LOCATION_2 = 'appslocationtwo';
 var APP_LOCATION_NEW = 'appslocationnew';
+
 var APP_MANIFEST = JSON.parse(fs.readFileSync(__dirname + '/../../../../test-app/CloudronManifest.json', 'utf8'));
 APP_MANIFEST.dockerImage = TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG;
+
+var APP_MANIFEST_1 = JSON.parse(fs.readFileSync(__dirname + '/../../../../test-app/CloudronManifest.json', 'utf8'));
+APP_MANIFEST_1.dockerImage = TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG;
+APP_MANIFEST_1.singleUser = true;
+
 var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='admin@me.com';
 var USERNAME_1 = 'user', PASSWORD_1 = 'password', EMAIL_1 ='user@me.com';
 var token = null; // authentication token
 var token_1 = null;

- var awsHostedZones = {
+var awsHostedZones = {
     HostedZones: [{
         Id: '/hostedzone/ZONEID',
         Name: 'localhost.',
@@ -221,7 +226,7 @@ describe('App API', function () {
    it('app install fails - invalid location', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: '!awesome', accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: '!awesome', accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('Hostname can only contain alphanumerics and hyphen');
@@ -232,7 +237,7 @@ describe('App API', function () {
    it('app install fails - invalid location type', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: 42, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: 42, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('location is required');
@@ -243,7 +248,7 @@ describe('App API', function () {
    it('app install fails - reserved admin location', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.ADMIN_LOCATION, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.ADMIN_LOCATION, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql(constants.ADMIN_LOCATION + ' is reserved');
@@ -254,7 +259,7 @@ describe('App API', function () {
    it('app install fails - reserved api location', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.API_LOCATION, accessRestriction: '', oauthProxy: true })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.API_LOCATION, accessRestriction: null, oauthProxy: true })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql(constants.API_LOCATION + ' is reserved');
@@ -265,7 +270,7 @@ describe('App API', function () {
    it('app install fails - portBindings must be object', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: 23, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: 23, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('portBindings must be an object');
@@ -284,10 +289,43 @@ describe('App API', function () {
        });
    });

+    it('app install fails - accessRestriction type is wrong', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/install')
+               .query({ access_token: token })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: '', oauthProxy: false })
+               .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            expect(res.body.message).to.eql('accessRestriction is required');
+            done(err);
+        });
+    });
+
+    it('app install fails - accessRestriction no users not allowed', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/install')
+               .query({ access_token: token })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST_1, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: null, oauthProxy: false })
+               .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            expect(res.body.message).to.eql('accessRestriction must specify one user');
+            done(err);
+        });
+    });
+
+    it('app install fails - accessRestriction too many users not allowed', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/install')
+               .query({ access_token: token })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST_1, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: { users: [ 'one', 'two' ] }, oauthProxy: false })
+               .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            expect(res.body.message).to.eql('accessRestriction must specify one user');
+            done(err);
+        });
+    });
+
    it('app install fails - oauthProxy is required', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: '' })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: null })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('oauthProxy must be a boolean');
@@ -298,7 +336,7 @@ describe('App API', function () {
    it('app install fails for non admin', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token_1 })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
            done(err);
@@ -310,7 +348,7 @@ describe('App API', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(402);
            expect(fake.isDone()).to.be.ok();
@@ -323,7 +361,7 @@ describe('App API', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
            expect(res.body.id).to.be.a('string');
@@ -338,7 +376,7 @@ describe('App API', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(409);
            expect(fake.isDone()).to.be.ok();
@@ -462,7 +500,7 @@ describe('App API', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION_2, portBindings: null, accessRestriction: '', oauthProxy: false })
+               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION_2, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
            expect(res.body.id).to.be.a('string');
@@ -491,7 +529,7 @@ describe('App API', function () {

                request.post(SERVER_URL + '/api/v1/apps/install')
                       .query({ access_token: token })
-                       .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, location: APP_LOCATION+APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+                       .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, location: APP_LOCATION+APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
                       .end(function (err, res) {
                    expect(res.statusCode).to.equal(202);
                    expect(res.body.id).to.be.a('string');
@@ -546,15 +584,14 @@ describe('App installation', function () {
            function (callback) {
                apiHockInstance
                    .get('/api/v1/apps/' + APP_STORE_ID + '/versions/' + APP_MANIFEST.version + '/icon')
-                    .replyWithFile(200, path.resolve(__dirname, '../../../webadmin/src/img/appicon_fallback.png'))
-                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
-                    .max(Infinity)
-                    .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } }, { 'Content-Type': 'application/json' });
+                    .replyWithFile(200, path.resolve(__dirname, '../../../webadmin/src/img/appicon_fallback.png'));

                var port = parseInt(url.parse(config.apiServerOrigin()).port, 10);
                apiHockServer = http.createServer(apiHockInstance.handler).listen(port, callback);
            },

+            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' }),
+
            function (callback) {
                awsHockInstance
                    .get('/2013-04-01/hostedzone')
@@ -565,8 +602,7 @@ describe('App installation', function () {
                    .max(Infinity)
                    .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'dnsrecordid', Status: 'INSYNC' } }), { 'Content-Type': 'application/xml' });

-                var port = parseInt(url.parse(config.aws().endpoint).port, 10);
-                awsHockServer = http.createServer(awsHockInstance.handler).listen(port, callback);
+                awsHockServer = http.createServer(awsHockInstance.handler).listen(5353, callback);
            }
        ], done);
    });
@@ -602,7 +638,7 @@ describe('App installation', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
              .query({ access_token: token })
-              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: '', oauthProxy: false })
+              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
            expect(fake.isDone()).to.be.ok();
@@ -634,9 +670,12 @@ describe('App installation', function () {
            expect(data.Config.Env).to.contain('WEBADMIN_ORIGIN=' + config.adminOrigin());
            expect(data.Config.Env).to.contain('API_ORIGIN=' + config.adminOrigin());
            expect(data.Config.Env).to.contain('CLOUDRON=1');
-            clientdb.getByAppId('addon-oauth-' + appResult.id, function (error, client) {
+            expect(data.Config.Env).to.contain('APP_ORIGIN=https://' + config.appFqdn(APP_LOCATION));
+            expect(data.Config.Env).to.contain('APP_DOMAIN=' + config.appFqdn(APP_LOCATION));
+            expect(data.Config.Hostname).to.be(APP_LOCATION);
+            clientdb.getByAppIdAndType(appResult.id, clientdb.TYPE_OAUTH, function (error, client) {
                expect(error).to.not.be.ok();
-                expect(client.id.length).to.be(52); // cid-addon-oauth- + 32 hex chars (128 bits) + 4 hyphens
+                expect(client.id.length).to.be(40); // cid- + 32 hex chars (128 bits) + 4 hyphens
                expect(client.clientSecret.length).to.be(64); // 32 hex chars (256 bits)
                expect(data.Config.Env).to.contain('OAUTH_CLIENT_ID=' + client.id);
                expect(data.Config.Env).to.contain('OAUTH_CLIENT_SECRET=' + client.clientSecret);
@@ -719,10 +758,7 @@ describe('App installation', function () {

            expect(urlp.hostname).to.be('redis-' + APP_ID);

-            var isMac = os.platform() === 'darwin';
-            var client =
-                isMac ? redis.createClient(parseInt(exportedRedisPort, 10), '127.0.0.1', { auth_pass: password })
-                      : redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
+            var client = redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
            client.on('error', done);
            client.set('key', 'value');
            client.get('key', function (err, reply) {
@@ -794,6 +830,14 @@ describe('App installation', function () {
        });
    });

+    it('installation - scheduler', function (done) {
+        async.retry({ times: 100, interval: 1000 }, function (retryCallback) {
+            if (fs.existsSync(paths.DATA_DIR + '/' + APP_ID + '/data/every_minute.env')) return retryCallback();
+
+            retryCallback(new Error('not run yet'));
+        }, done);
+    });
+
    it('logs - stdout and stderr', function (done) {
        request.get(SERVER_URL + '/api/v1/apps/' + APP_ID + '/logs')
            .query({ access_token: token })
@@ -977,8 +1021,15 @@ describe('App installation - port bindings', function () {
    var awsHockInstance = hock.createHock({ throwOnUnmatched: false }), awsHockServer;
    var imageDeleted = false, imageCreated = false;

+    // *.foobar.com
+    var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQCg957GWuHtbzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE1\nMTAyODEzMDI1MFoXDTE2MTAyNzEzMDI1MFowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQC0FKf07ZWMcABFlZw+GzXK9EiZrlJ1lpnu64RhN99z7MXRr8cF\nnZVgY3jgatuyR5s3WdzUvye2eJ0rNicl2EZJAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAw4bteMZAeJWl2wgNLw+wTwAH96E0jyxwreCnT5AxJLmgimyQ0XOF4FsssdRFj\nxD9WA+rktelBodJyPeTDNhIh\n-----END CERTIFICATE-----';
+    var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBALQUp/TtlYxwAEWVnD4bNcr0SJmuUnWWme7rhGE333PsxdGvxwWd\nlWBjeOBq27JHmzdZ3NS/J7Z4nSs2JyXYRkkCAwEAAQJALV2eykcoC48TonQEPmkg\nbhaIS57syw67jMLsQImQ02UABKzqHPEKLXPOZhZPS9hsC/hGIehwiYCXMUlrl+WF\nAQIhAOntBI6qaecNjAAVG7UbZclMuHROUONmZUF1KNq6VyV5AiEAxRLkfHWy52CM\njOQrX347edZ30f4QczvugXwsyuU9A1ECIGlGZ8Sk4OBA8n6fAUcyO06qnmCJVlHg\npTUeOvKk5c9RAiBs28+8dCNbrbhVhx/yQr9FwNM0+ttJW/yWJ+pyNQhr0QIgJTT6\nxwCWYOtbioyt7B9l+ENy3AMSO3Uq+xmIKkvItK4=\n-----END RSA PRIVATE KEY-----';
+
    before(function (done) {
+        config.set('fqdn', 'test.foobar.com');
+
        APP_ID = uuid.v4();
+
        async.series([
            function (callback) {
                dockerProxy = startDockerProxy(function interceptor(req, res) {
@@ -1002,15 +1053,14 @@ describe('App installation - port bindings', function () {
            function (callback) {
                apiHockInstance
                    .get('/api/v1/apps/' + APP_STORE_ID + '/versions/' + APP_MANIFEST.version + '/icon')
-                    .replyWithFile(200, path.resolve(__dirname, '../../../webadmin/src/img/appicon_fallback.png'))
-                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
-                    .max(Infinity)
-                    .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } }, { 'Content-Type': 'application/json' });
+                    .replyWithFile(200, path.resolve(__dirname, '../../../webadmin/src/img/appicon_fallback.png'));

                var port = parseInt(url.parse(config.apiServerOrigin()).port, 10);
                apiHockServer = http.createServer(apiHockInstance.handler).listen(port, callback);
            },

+            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' }),
+
            function (callback) {
                awsHockInstance
                    .get('/2013-04-01/hostedzone')
@@ -1021,8 +1071,7 @@ describe('App installation - port bindings', function () {
                    .max(Infinity)
                    .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'dnsrecordid', Status: 'INSYNC' } }), { 'Content-Type': 'application/xml' });

-                var port = parseInt(url.parse(config.aws().endpoint).port, 10);
-                awsHockServer = http.createServer(awsHockInstance.handler).listen(port, callback);
+                awsHockServer = http.createServer(awsHockInstance.handler).listen(5353, callback);
            }
        ], done);
    });
@@ -1057,7 +1106,7 @@ describe('App installation - port bindings', function () {

        request.post(SERVER_URL + '/api/v1/apps/install')
              .query({ access_token: token })
-              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: { ECHO_SERVER_PORT: 7171 }, accessRestriction: '', oauthProxy: false })
+              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: { ECHO_SERVER_PORT: 7171 }, accessRestriction: null, oauthProxy: false })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
            expect(fake.isDone()).to.be.ok();
@@ -1182,10 +1231,7 @@ describe('App installation - port bindings', function () {
            expect(data.Config.Env).to.contain('REDIS_PASSWORD=' + password);

            function checkRedis() {
-                var isMac = os.platform() === 'darwin';
-                var client =
-                    isMac ? redis.createClient(parseInt(exportedRedisPort, 10), '127.0.0.1', { auth_pass: password })
-                          : redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
+                var client = redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
                client.on('error', done);
                client.set('key', 'value');
                client.get('key', function (err, reply) {
@@ -1218,7 +1264,7 @@ describe('App installation - port bindings', function () {
    it('cannot reconfigure app with missing location', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
-              .send({ appId: APP_ID, password: PASSWORD, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: 'roleAdmin', oauthProxy: true })
+              .send({ appId: APP_ID, password: PASSWORD, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            done();
@@ -1238,7 +1284,47 @@ describe('App installation - port bindings', function () {
    it('cannot reconfigure app with missing oauthProxy', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
-              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: '' })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null })
+              .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            done();
+        });
+    });
+
+    it('cannot reconfigure app with only the cert, no key', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+              .query({ access_token: token })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1 })
+              .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            done();
+        });
+    });
+
+    it('cannot reconfigure app with only the key, no cert', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+              .query({ access_token: token })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, key: validKey1 })
+              .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            done();
+        });
+    });
+
+    it('cannot reconfigure app with cert not bein a string', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+              .query({ access_token: token })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: 1234, key: validKey1 })
+              .end(function (err, res) {
+            expect(res.statusCode).to.equal(400);
+            done();
+        });
+    });
+
+    it('cannot reconfigure app with key not bein a string', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+              .query({ access_token: token })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1, key: 1234 })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            done();
@@ -1248,7 +1334,7 @@ describe('App installation - port bindings', function () {
    it('non admin cannot reconfigure app', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token_1 })
-              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: 'roleAdmin', oauthProxy: true })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
            done();
@@ -1258,7 +1344,7 @@ describe('App installation - port bindings', function () {
    it('can reconfigure app', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
-              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: '', oauthProxy: true })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
            checkConfigureStatus(0, done);
@@ -1317,10 +1403,7 @@ describe('App installation - port bindings', function () {
            expect(data.Config.Env).to.contain('REDIS_HOST=redis-' + APP_ID);
            expect(data.Config.Env).to.contain('REDIS_PASSWORD=' + password);

-            var isMac = os.platform() === 'darwin';
-            var client =
-                isMac ? redis.createClient(parseInt(exportedRedisPort, 10), '127.0.0.1', { auth_pass: password })
-                      : redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
+            var client = redis.createClient(parseInt(urlp.port, 10), redisIp, { auth_pass: password });
            client.on('error', done);
            client.set('key', 'value');
            client.get('key', function (err, reply) {
@@ -1332,6 +1415,26 @@ describe('App installation - port bindings', function () {
        });
    });

+    it('scheduler works after reconfiguration', function (done) {
+        async.retry({ times: 100, interval: 1000 }, function (callback) {
+            var data = safe.fs.readFileSync(paths.DATA_DIR + '/' + APP_ID + '/data/every_minute.env', 'utf8');
+
+            if (data && data.indexOf('ECHO_SERVER_PORT=7172') !== -1) return callback();
+
+            callback(new Error('not run yet'));
+        }, done);
+    });
+
+    it('can reconfigure app with custom certificate', function (done) {
+        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+              .query({ access_token: token })
+              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1, key: validKey1 })
+              .end(function (err, res) {
+            expect(res.statusCode).to.equal(202);
+            checkConfigureStatus(0, done);
+        });
+    });
+
    it('can stop app', function (done) {
        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
            .query({ access_token: token })
@@ -51,7 +51,7 @@ function setup(done) {

        function addApp(callback) {
            var manifest = { version: '0.0.1', manifestVersion: 1, dockerImage: 'foo', healthCheckPath: '/', httpPort: 3, title: 'ok', addons: { } };
-            appdb.add('appid', 'appStoreId', manifest, 'location', [ ] /* portBindings */, '' /* accessRestriction */, false /* oauthProxy */, callback);
+            appdb.add('appid', 'appStoreId', manifest, 'location', [ ] /* portBindings */, null /* accessRestriction */, false /* oauthProxy */, callback);
        }
    ], done);
 }
@@ -71,7 +71,7 @@ describe('OAuth Clients API', function () {
            it('fails', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
@@ -87,7 +87,7 @@ describe('OAuth Clients API', function () {

            it('fails without token', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
-                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
@@ -98,7 +98,7 @@ describe('OAuth Clients API', function () {
            it('fails without appId', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ redirectURI: 'http://foobar.com', scope: 'profile,roleUser' })
+                       .send({ redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
@@ -109,7 +109,7 @@ describe('OAuth Clients API', function () {
            it('fails with empty appId', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: '', redirectURI: 'http://foobar.com', scope: 'profile,roleUser' })
+                       .send({ appId: '', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
@@ -142,7 +142,7 @@ describe('OAuth Clients API', function () {
            it('fails without redirectURI', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: 'someApp', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
@@ -153,7 +153,7 @@ describe('OAuth Clients API', function () {
            it('fails with empty redirectURI', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: 'someApp', redirectURI: '', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', redirectURI: '', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
@@ -164,7 +164,7 @@ describe('OAuth Clients API', function () {
            it('fails with malformed redirectURI', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: 'someApp', redirectURI: 'foobar', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', redirectURI: 'foobar', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
@@ -175,7 +175,7 @@ describe('OAuth Clients API', function () {
            it('succeeds', function (done) {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .query({ access_token: token })
-                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile,roleUser' })
+                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(201);
@@ -195,7 +195,7 @@ describe('OAuth Clients API', function () {
            id: '',
            appId: 'someAppId-0',
            redirectURI: 'http://some.callback0',
-            scope: 'profile,roleUser'
+            scope: 'profile'
        };

        before(function (done) {
@@ -297,183 +297,12 @@ describe('OAuth Clients API', function () {
        });
    });

-    describe('update', function () {
-        var CLIENT_0 = {
-            id: '',
-            appId: 'someAppId-0',
-            redirectURI: 'http://some.callback0',
-            scope: 'profile,roleUser'
-        };
-        var CLIENT_1 = {
-            id: '',
-            appId: 'someAppId-1',
-            redirectURI: 'http://some.callback1',
-            scope: 'profile,roleUser'
-        };
-
-        before(function (done) {
-            async.series([
-                server.start.bind(null),
-                database._clear.bind(null),
-
-                function (callback) {
-                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
-                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
-
-                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
-                           .query({ setupToken: 'somesetuptoken' })
-                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
-                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
-                        expect(result).to.be.ok();
-                        expect(result.statusCode).to.equal(201);
-                        expect(scope1.isDone()).to.be.ok();
-                        expect(scope2.isDone()).to.be.ok();
-
-                        // stash token for further use
-                        token = result.body.token;
-
-                        callback();
-                    });
-                },
-
-                settings.setDeveloperMode.bind(null, true),
-
-                function (callback) {
-                    superagent.post(SERVER_URL + '/api/v1/oauth/clients')
-                           .query({ access_token: token })
-                           .send({ appId: CLIENT_0.appId, redirectURI: CLIENT_0.redirectURI, scope: CLIENT_0.scope })
-                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
-                        expect(result.statusCode).to.equal(201);
-
-                        CLIENT_0 = result.body;
-
-                        callback();
-                    });
-                }
-            ], done);
-        });
-
-        after(cleanup);
-
-        describe('without developer mode', function () {
-            before(function (done) {
-                settings.setDeveloperMode(false, done);
-            });
-
-            it('fails', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(412);
-                    done();
-                });
-            });
-        });
-
-        describe('with developer mode', function () {
-            before(function (done) {
-                settings.setDeveloperMode(true, done);
-            });
-
-            it('fails without token', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com' })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(401);
-                    done();
-                });
-            });
-
-
-            it('fails without appId', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ redirectURI: CLIENT_1.redirectURI })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(400);
-                    done();
-                });
-            });
-
-            it('fails with empty appId', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: '', redirectURI: CLIENT_1.redirectURI })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(400);
-                    done();
-                });
-            });
-
-            it('fails without redirectURI', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: CLIENT_1.appId })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(400);
-                    done();
-                });
-            });
-
-            it('fails with empty redirectURI', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: CLIENT_1.appId, redirectURI: '' })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(400);
-                    done();
-                });
-            });
-
-            it('fails with malformed redirectURI', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: CLIENT_1.appId, redirectURI: 'foobar' })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(400);
-                    done();
-                });
-            });
-
-            it('succeeds', function (done) {
-                superagent.put(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                       .query({ access_token: token })
-                       .send({ appId: CLIENT_1.appId, redirectURI: CLIENT_1.redirectURI })
-                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
-                    expect(result.statusCode).to.equal(202);
-
-                    superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
-                           .query({ access_token: token })
-                           .end(function (error, result) {
-                        expect(error).to.be(null);
-                        expect(result.statusCode).to.equal(200);
-                        expect(result.body.appId).to.equal(CLIENT_1.appId);
-                        expect(result.body.redirectURI).to.equal(CLIENT_1.redirectURI);
-
-                        done();
-                   });
-                });
-            });
-        });
-    });
-
    describe('del', function () {
        var CLIENT_0 = {
            id: '',
            appId: 'someAppId-0',
            redirectURI: 'http://some.callback0',
-            scope: 'profile,roleUser'
+            scope: 'profile'
        };

        before(function (done) {
@@ -10,11 +10,7 @@ var async = require('async'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
-    fs = require('fs'),
-    os = require('os'),
-    path = require('path'),
    nock = require('nock'),
-    paths = require('../../paths.js'),
    request = require('superagent'),
    server = require('../../server.js'),
    shell = require('../../shell.js');
@@ -28,6 +24,7 @@ var server;
 function setup(done) {
    nock.cleanAll();
    config.set('version', '0.5.0');
+    config.set('fqdn', 'localhost');
    server.start(done);
 }

@@ -167,101 +164,6 @@ describe('Cloudron', function () {
        });
    });

-    describe('Certificates API', function () {
-        var certFile, keyFile;
-
-        before(function (done) {
-            certFile = path.join(os.tmpdir(), 'host.cert');
-            fs.writeFileSync(certFile, 'test certificate');
-
-            keyFile = path.join(os.tmpdir(), 'host.key');
-            fs.writeFileSync(keyFile, 'test key');
-
-            async.series([
-                setup,
-
-                function (callback) {
-                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
-                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
-
-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
-                           .query({ setupToken: 'somesetuptoken' })
-                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
-                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
-                        expect(result).to.be.ok();
-                        expect(scope1.isDone()).to.be.ok();
-                        expect(scope2.isDone()).to.be.ok();
-
-                        // stash token for further use
-                        token = result.body.token;
-
-                        callback();
-                    });
-                },
-            ], done);
-        });
-
-        after(function (done) {
-            fs.unlinkSync(certFile);
-            fs.unlinkSync(keyFile);
-
-            cleanup(done);
-        });
-
-        it('cannot set certificate without token', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/certificate')
-                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
-                expect(result.statusCode).to.equal(401);
-                done();
-            });
-        });
-
-        it('cannot set certificate without certificate', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/certificate')
-                   .query({ access_token: token })
-                   .attach('key', keyFile, 'key')
-                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
-                expect(result.statusCode).to.equal(400);
-                done();
-            });
-        });
-
-        it('cannot set certificate without key', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/certificate')
-                   .query({ access_token: token })
-                   .attach('certificate', certFile, 'certificate')
-                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
-                expect(result.statusCode).to.equal(400);
-                done();
-            });
-        });
-
-        it('can set certificate', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/certificate')
-                   .query({ access_token: token })
-                   .attach('key', keyFile, 'key')
-                   .attach('certificate', certFile, 'certificate')
-                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
-                expect(result.statusCode).to.equal(202);
-                done();
-            });
-        });
-
-        it('did set the certificate', function (done) {
-            var cert = fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'));
-            expect(cert).to.eql(fs.readFileSync(certFile));
-
-            var key = fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'));
-            expect(key).to.eql(fs.readFileSync(keyFile));
-            done();
-        });
-    });
-
    describe('get config', function () {
        before(function (done) {
            async.series([
@@ -310,14 +212,15 @@ describe('Cloudron', function () {
                expect(result.statusCode).to.equal(200);
                expect(result.body.apiServerOrigin).to.eql('http://localhost:6060');
                expect(result.body.webServerOrigin).to.eql(null);
-                expect(result.body.fqdn).to.eql('localhost');
+                expect(result.body.fqdn).to.eql(config.fqdn());
                expect(result.body.isCustomDomain).to.eql(false);
                expect(result.body.progress).to.be.an('object');
                expect(result.body.update).to.be.an('object');
-                expect(result.body.version).to.eql('0.5.0');
+                expect(result.body.version).to.eql(config.version());
                expect(result.body.developerMode).to.be.a('boolean');
                expect(result.body.size).to.eql(null);
                expect(result.body.region).to.eql(null);
+                expect(result.body.memory).to.eql(0);
                expect(result.body.cloudronName).to.be.a('string');

                done();
@@ -325,7 +228,7 @@ describe('Cloudron', function () {
        });

        it('succeeds', function (done) {
-            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/localhost?token=' + config.token()).reply(200, { box: { region: 'sfo', size: 'small' }});
+            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/localhost?token=' + config.token()).reply(200, { box: { region: 'sfo', size: '1gb' }});

            request.get(SERVER_URL + '/api/v1/cloudron/config')
                   .query({ access_token: token })
@@ -334,14 +237,15 @@ describe('Cloudron', function () {
                expect(result.statusCode).to.equal(200);
                expect(result.body.apiServerOrigin).to.eql('http://localhost:6060');
                expect(result.body.webServerOrigin).to.eql(null);
-                expect(result.body.fqdn).to.eql('localhost');
+                expect(result.body.fqdn).to.eql(config.fqdn());
                expect(result.body.isCustomDomain).to.eql(false);
                expect(result.body.progress).to.be.an('object');
                expect(result.body.update).to.be.an('object');
-                expect(result.body.version).to.eql('0.5.0');
+                expect(result.body.version).to.eql(config.version());
                expect(result.body.developerMode).to.be.a('boolean');
-                expect(result.body.size).to.eql('small');
+                expect(result.body.size).to.eql('1gb');
                expect(result.body.region).to.eql('sfo');
+                expect(result.body.memory).to.eql(1073741824);
                expect(result.body.cloudronName).to.be.a('string');

                expect(scope.isDone()).to.be.ok();
@@ -455,7 +359,7 @@ describe('Cloudron', function () {
                    .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });

            var scope3 = nock(config.apiServerOrigin())
-                    .post('/api/v1/boxes/' + config.fqdn() + '/backupDone?token=APPSTORE_TOKEN', function (body) { 
+                    .post('/api/v1/boxes/' + config.fqdn() + '/backupDone?token=APPSTORE_TOKEN', function (body) {
                        return body.boxVersion && body.restoreKey && !body.appId && !body.appVersion && body.appBackupIds.length === 0;
                    })
                    .reply(200, { id: 'someid' });
@@ -494,7 +398,7 @@ describe('Cloudron', function () {
            }).reply(202, {});

            var scope2 = nock(config.apiServerOrigin())
-                    .post('/api/v1/boxes/' + config.fqdn() + '/backupDone?token=APPSTORE_TOKEN', function (body) { 
+                    .post('/api/v1/boxes/' + config.fqdn() + '/backupDone?token=APPSTORE_TOKEN', function (body) {
                        return body.boxVersion && body.restoreKey && !body.appId && !body.appVersion && body.appBackupIds.length === 0;
                    })
                    .reply(200, { id: 'someid' });
@@ -11,6 +11,7 @@ var appdb = require('../../appdb.js'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
+    path = require('path'),
    paths = require('../../paths.js'),
    request = require('superagent'),
    server = require('../../server.js'),
@@ -26,6 +27,8 @@ var token = null;

 var server;
 function setup(done) {
+    config.set('fqdn', 'foobar.com');
+
    async.series([
        server.start.bind(server),

@@ -54,7 +57,7 @@ function setup(done) {

        function addApp(callback) {
            var manifest = { version: '0.0.1', manifestVersion: 1, dockerImage: 'foo', healthCheckPath: '/', httpPort: 3, title: 'ok' };
-            appdb.add('appid', 'appStoreId', manifest, 'location', [ ] /* portBindings */, '' /* accessRestriction */, false /* oauthProxy */, callback);
+            appdb.add('appid', 'appStoreId', manifest, 'location', [ ] /* portBindings */, null /* accessRestriction */, false /* oauthProxy */, callback);
        }
    ], done);
 }
@@ -229,5 +232,141 @@ describe('Settings API', function () {
            });
        });
    });
+
+    describe('dns_config', function () {
+        it('get dns_config fails', function (done) {
+            request.get(SERVER_URL + '/api/v1/settings/dns_config')
+                   .query({ access_token: token })
+                   .end(function (err, res) {
+                expect(res.statusCode).to.equal(200);
+                expect(res.body).to.eql({});
+                done(err);
+            });
+        });
+
+        it('cannot set without data', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/dns_config')
+                   .query({ access_token: token })
+                   .end(function (err, res) {
+                expect(res.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('set succeeds', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/dns_config')
+                   .query({ access_token: token })
+                   .send({ provider: 'route53', accessKeyId: 'accessKey', secretAccessKey: 'secretAccessKey' })
+                   .end(function (err, res) {
+                expect(res.statusCode).to.equal(200);
+                done();
+            });
+        });
+
+        it('get succeeds', function (done) {
+            request.get(SERVER_URL + '/api/v1/settings/dns_config')
+                   .query({ access_token: token })
+                   .end(function (err, res) {
+                expect(res.statusCode).to.equal(200);
+                expect(res.body).to.eql({ provider: 'route53', accessKeyId: 'accessKey', secretAccessKey: 'secretAccessKey', region: 'us-east-1', endpoint: null });
+                done(err);
+            });
+        });
+    });
+
+    describe('Certificates API', function () {
+        // foobar.com
+        var validCert0 = '-----BEGIN CERTIFICATE-----\nMIIBujCCAWQCCQCjLyTKzAJ4FDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKZm9vYmFyLmNvbTAeFw0xNTEw\nMjgxMjM5MjZaFw0xNjEwMjcxMjM5MjZaMGQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI\nDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEQMA4GA1UECgwHTmVidWxvbjEMMAoG\nA1UECwwDQ1RPMRMwEQYDVQQDDApmb29iYXIuY29tMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9Z7b6\n+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAATANBgkqhkiG9w0BAQsFAANBAJI7\nFUUHXjR63UFk8pgxp0c7hEGqj4VWWGsmo8oZnnX8jGVmQDKbk8o3MtDujfqupmMR\nMo7tSAFlG7zkm3GYhpw=\n-----END CERTIFICATE-----';
+        var validKey0 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9\nZ7b6+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAAQJBAJS59Sb8o6i8JT9NJxvQ\nMQCkSJGqEaosZJ0uccSZ7aE48v+H7HiPzXAueitohcEif2Wp1EZ1RbRMURhznNiZ\neLECIQDxxqhakO6wc7H68zmpRXJ5ZxGUNbM24AMtpONAtEw9iwIhANNWtp6P74OV\ntvfOmtubbqw768fmGskFCOcp5oF8oF29AiBkTAf9AhCyjFwyAYJTEScq67HkLN66\njfVjkvpfFixmfwIgI+xldmZ5DCDyzQSthg7RrS0yUvRmMS1N6h1RNUl96PECIQDl\nit4lFcytbqNo1PuBZvzQE+plCjiJqXHYo3WCst1Jbg==\n-----END RSA PRIVATE KEY-----';
+
+        // *.foobar.com
+        var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQCg957GWuHtbzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE1\nMTAyODEzMDI1MFoXDTE2MTAyNzEzMDI1MFowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQC0FKf07ZWMcABFlZw+GzXK9EiZrlJ1lpnu64RhN99z7MXRr8cF\nnZVgY3jgatuyR5s3WdzUvye2eJ0rNicl2EZJAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAw4bteMZAeJWl2wgNLw+wTwAH96E0jyxwreCnT5AxJLmgimyQ0XOF4FsssdRFj\nxD9WA+rktelBodJyPeTDNhIh\n-----END CERTIFICATE-----';
+        var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBALQUp/TtlYxwAEWVnD4bNcr0SJmuUnWWme7rhGE333PsxdGvxwWd\nlWBjeOBq27JHmzdZ3NS/J7Z4nSs2JyXYRkkCAwEAAQJALV2eykcoC48TonQEPmkg\nbhaIS57syw67jMLsQImQ02UABKzqHPEKLXPOZhZPS9hsC/hGIehwiYCXMUlrl+WF\nAQIhAOntBI6qaecNjAAVG7UbZclMuHROUONmZUF1KNq6VyV5AiEAxRLkfHWy52CM\njOQrX347edZ30f4QczvugXwsyuU9A1ECIGlGZ8Sk4OBA8n6fAUcyO06qnmCJVlHg\npTUeOvKk5c9RAiBs28+8dCNbrbhVhx/yQr9FwNM0+ttJW/yWJ+pyNQhr0QIgJTT6\nxwCWYOtbioyt7B9l+ENy3AMSO3Uq+xmIKkvItK4=\n-----END RSA PRIVATE KEY-----';
+
+        it('cannot set certificate without token', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+        });
+
+        it('cannot set certificate without certificate', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ key: validKey1 })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('cannot set certificate without key', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ cert: validCert1 })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('cannot set certificate with cert not being a string', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ cert: 1234, key: validKey1 })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('cannot set certificate with key not being a string', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ cert: validCert1, key: true })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('cannot set non wildcard certificate', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ cert: validCert0, key: validKey0 })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('can set certificate', function (done) {
+            request.post(SERVER_URL + '/api/v1/settings/certificate')
+                   .query({ access_token: token })
+                   .send({ cert: validCert1, key: validKey1 })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(202);
+                done();
+            });
+        });
+
+        it('did set the certificate', function (done) {
+            var cert = fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf-8');
+            expect(cert).to.eql(validCert1);
+
+            var key = fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf-8');
+            expect(key).to.eql(validKey1);
+
+            done();
+        });
+    });
 });

@@ -7,6 +7,7 @@
 'use strict';

 var clientdb = require('../../clientdb.js'),
+    appdb = require('../../appdb.js'),
    async = require('async'),
    config = require('../../config.js'),
    database = require('../../database.js'),
@@ -14,64 +15,132 @@ var clientdb = require('../../clientdb.js'),
    request = require('superagent'),
    server = require('../../server.js'),
    simpleauth = require('../../simpleauth.js'),
-    nock = require('nock'),
-    userdb = require('../../userdb.js');
-
-var SERVER_URL = 'http://localhost:' + config.get('port');
-var SIMPLE_AUTH_ORIGIN = 'http://localhost:' + config.get('simpleAuthPort');
-
-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
-var CLIENT = {
-    id: 'someclientid',
-    appId: 'someappid',
-    clientSecret: 'someclientsecret',
-    redirectURI: '',
-    scope: 'user,profile'
-};
-
-var server;
-function setup(done) {
-    async.series([
-        server.start.bind(server),
-        simpleauth.start.bind(simpleauth),
-
-        userdb._clear,
-
-        function createAdmin(callback) {
-            var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
-            var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
-
-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
-                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
-                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
-                expect(result).to.be.ok();
-                expect(result.statusCode).to.eql(201);
-                expect(scope1.isDone()).to.be.ok();
-                expect(scope2.isDone()).to.be.ok();
-
-                callback();
-            });
-        },
-
-        function addClient(callback) {
-            clientdb.add(CLIENT.id, CLIENT.appId, CLIENT.clientSecret, CLIENT.redirectURI, CLIENT.scope, callback);
-        }
-    ], done);
-}
-
-function cleanup(done) {
-    database._clear(function (error) {
-        expect(!error).to.be.ok();
-
-        server.stop(done);
-    });
-}
+    nock = require('nock');

 describe('SimpleAuth API', function () {
-    before(setup);
-    after(cleanup);
+    var SERVER_URL = 'http://localhost:' + config.get('port');
+    var SIMPLE_AUTH_ORIGIN = 'http://localhost:' + config.get('simpleAuthPort');
+
+    var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+
+    var APP_0 = {
+        id: 'app0',
+        appStoreId: '',
+        manifest: { version: '0.1.0', addons: { } },
+        location: 'test0',
+        portBindings: {},
+        accessRestriction: { users: [ 'foobar', 'someone'] },
+        oauthProxy: true
+    };
+
+    var APP_1 = {
+        id: 'app1',
+        appStoreId: '',
+        manifest: { version: '0.1.0', addons: { } },
+        location: 'test1',
+        portBindings: {},
+        accessRestriction: { users: [ 'foobar', USERNAME, 'someone' ] },
+        oauthProxy: true
+    };
+
+    var APP_2 = {
+        id: 'app2',
+        appStoreId: '',
+        manifest: { version: '0.1.0', addons: { } },
+        location: 'test2',
+        portBindings: {},
+        accessRestriction: null,
+        oauthProxy: true
+    };
+
+    var CLIENT_0 = {
+        id: 'someclientid',
+        appId: 'someappid',
+        type: clientdb.TYPE_SIMPLE_AUTH,
+        clientSecret: 'someclientsecret',
+        redirectURI: '',
+        scope: 'user,profile'
+    };
+
+    var CLIENT_1 = {
+        id: 'someclientid1',
+        appId: APP_0.id,
+        type: clientdb.TYPE_SIMPLE_AUTH,
+        clientSecret: 'someclientsecret1',
+        redirectURI: '',
+        scope: 'user,profile'
+    };
+
+    var CLIENT_2 = {
+        id: 'someclientid2',
+        appId: APP_1.id,
+        type: clientdb.TYPE_SIMPLE_AUTH,
+        clientSecret: 'someclientsecret2',
+        redirectURI: '',
+        scope: 'user,profile'
+    };
+
+    var CLIENT_3 = {
+        id: 'someclientid3',
+        appId: APP_2.id,
+        type: clientdb.TYPE_SIMPLE_AUTH,
+        clientSecret: 'someclientsecret3',
+        redirectURI: '',
+        scope: 'user,profile'
+    };
+
+    var CLIENT_4 = {
+        id: 'someclientid4',
+        appId: APP_2.id,
+        type: clientdb.TYPE_OAUTH,
+        clientSecret: 'someclientsecret4',
+        redirectURI: '',
+        scope: 'user,profile'
+    };
+
+    before(function (done) {
+        async.series([
+            server.start.bind(server),
+            simpleauth.start.bind(simpleauth),
+
+            database._clear,
+
+            function createAdmin(callback) {
+                var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
+                var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
+
+                request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                       .query({ setupToken: 'somesetuptoken' })
+                       .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
+                       .end(function (error, result) {
+                    expect(error).to.not.be.ok();
+                    expect(result).to.be.ok();
+                    expect(result.statusCode).to.eql(201);
+                    expect(scope1.isDone()).to.be.ok();
+                    expect(scope2.isDone()).to.be.ok();
+
+                    callback();
+                });
+            },
+
+            clientdb.add.bind(null, CLIENT_0.id, CLIENT_0.appId, CLIENT_0.type, CLIENT_0.clientSecret, CLIENT_0.redirectURI, CLIENT_0.scope),
+            clientdb.add.bind(null, CLIENT_1.id, CLIENT_1.appId, CLIENT_1.type, CLIENT_1.clientSecret, CLIENT_1.redirectURI, CLIENT_1.scope),
+            clientdb.add.bind(null, CLIENT_2.id, CLIENT_2.appId, CLIENT_2.type, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope),
+            clientdb.add.bind(null, CLIENT_3.id, CLIENT_3.appId, CLIENT_3.type, CLIENT_3.clientSecret, CLIENT_3.redirectURI, CLIENT_3.scope),
+            clientdb.add.bind(null, CLIENT_4.id, CLIENT_4.appId, CLIENT_4.type, CLIENT_4.clientSecret, CLIENT_4.redirectURI, CLIENT_4.scope),
+            appdb.add.bind(null, APP_0.id, APP_0.appStoreId, APP_0.manifest, APP_0.location, APP_0.portBindings, APP_0.accessRestriction, APP_0.oauthProxy),
+            appdb.add.bind(null, APP_1.id, APP_1.appStoreId, APP_1.manifest, APP_1.location, APP_1.portBindings, APP_1.accessRestriction, APP_1.oauthProxy),
+            appdb.add.bind(null, APP_2.id, APP_2.appStoreId, APP_2.manifest, APP_2.location, APP_2.portBindings, APP_2.accessRestriction, APP_2.oauthProxy)
+        ], done);
+    });
+
+    after(function (done) {
+        async.series([
+            database._clear,
+            simpleauth.stop.bind(simpleauth),
+            server.stop.bind(server)
+        ], done);
+    });

    describe('login', function () {
        it('cannot login without clientId', function (done) {
@@ -117,7 +186,7 @@ describe('SimpleAuth API', function () {

        it('cannot login with unkown clientId', function (done) {
            var body = {
-                clientId: CLIENT.id+CLIENT.id,
+                clientId: CLIENT_0.id+CLIENT_0.id,
                username: USERNAME,
                password: PASSWORD
            };
@@ -133,7 +202,7 @@ describe('SimpleAuth API', function () {

        it('cannot login with unkown user', function (done) {
            var body = {
-                clientId: CLIENT.id,
+                clientId: CLIENT_0.id,
                username: USERNAME+USERNAME,
                password: PASSWORD
            };
@@ -149,7 +218,7 @@ describe('SimpleAuth API', function () {

        it('cannot login with empty password', function (done) {
            var body = {
-                clientId: CLIENT.id,
+                clientId: CLIENT_0.id,
                username: USERNAME,
                password: ''
            };
@@ -163,9 +232,9 @@ describe('SimpleAuth API', function () {
            });
        });

-        it('cannot login with wrgon password', function (done) {
+        it('cannot login with wrong password', function (done) {
            var body = {
-                clientId: CLIENT.id,
+                clientId: CLIENT_0.id,
                username: USERNAME,
                password: PASSWORD+PASSWORD
            };
@@ -179,9 +248,41 @@ describe('SimpleAuth API', function () {
            });
        });

-        it('succeeds', function (done) {
+        it('fails for unkown app', function (done) {
            var body = {
-                clientId: CLIENT.id,
+                clientId: CLIENT_0.id,
+                username: USERNAME,
+                password: PASSWORD
+            };
+
+            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            .send(body)
+            .end(function (error, result) {
+                expect(error).to.be(null);
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+        });
+
+        it('fails for disallowed app', function (done) {
+            var body = {
+                clientId: CLIENT_1.id,
+                username: USERNAME,
+                password: PASSWORD
+            };
+
+            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            .send(body)
+            .end(function (error, result) {
+                expect(error).to.be(null);
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+        });
+
+        it('succeeds for allowed app', function (done) {
+            var body = {
+                clientId: CLIENT_2.id,
                username: USERNAME,
                password: PASSWORD
            };
@@ -209,6 +310,53 @@ describe('SimpleAuth API', function () {
                });
            });
        });
+
+        it('succeeds for app without accessRestriction', function (done) {
+            var body = {
+                clientId: CLIENT_3.id,
+                username: USERNAME,
+                password: PASSWORD
+            };
+
+            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            .send(body)
+            .end(function (error, result) {
+                expect(error).to.be(null);
+                expect(result.statusCode).to.equal(200);
+                expect(result.body.accessToken).to.be.a('string');
+                expect(result.body.user).to.be.an('object');
+                expect(result.body.user.id).to.be.a('string');
+                expect(result.body.user.username).to.be.a('string');
+                expect(result.body.user.email).to.be.a('string');
+                expect(result.body.user.admin).to.be.a('boolean');
+
+                request.get(SERVER_URL + '/api/v1/profile')
+                .query({ access_token: result.body.accessToken })
+                .end(function (error, result) {
+                    expect(error).to.be(null);
+                    expect(result.body).to.be.an('object');
+                    expect(result.body.username).to.eql(USERNAME);
+
+                    done();
+                });
+            });
+        });
+
+        it('fails for wrong client credentials', function (done) {
+            var body = {
+                clientId: CLIENT_4.id,
+                username: USERNAME,
+                password: PASSWORD
+            };
+
+            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            .send(body)
+            .end(function (error, result) {
+                expect(error).to.be(null);
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+        });
    });

    describe('logout', function () {
@@ -216,7 +364,7 @@ describe('SimpleAuth API', function () {

        before(function (done) {
            var body = {
-                clientId: CLIENT.id,
+                clientId: CLIENT_3.id,
                username: USERNAME,
                password: PASSWORD
            };
@@ -25,7 +25,7 @@ start_postgresql() {
    docker rm -f postgresql 2>/dev/null 1>&2 || true

    docker run -dtP --name=postgresql -v "${postgresqldatadir}:/var/lib/postgresql" \
-         --read-only -v /tmp -v /run -v /var/log \
+        --read-only -v /tmp -v /run \
        -v /tmp/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh "${POSTGRESQL_IMAGE}" >/dev/null
 }

@@ -43,7 +43,7 @@ start_mysql() {
    docker rm -f mysql 2>/dev/null 1>&2 || true

    docker run -dP --name=mysql -v "${mysqldatadir}:/var/lib/mysql" \
-        --read-only -v /tmp -v /run -v /var/log \
+        --read-only -v /tmp -v /run \
        -v /tmp/mysql_vars.sh:/etc/mysql/mysql_vars.sh "${MYSQL_IMAGE}" >/dev/null
 }

@@ -61,7 +61,7 @@ start_mongodb() {
    docker rm -f mongodb 2>/dev/null 1>&2 || true

    docker run -dP --name=mongodb -v "${mongodbdatadir}:/var/lib/mongodb" \
-        --read-only -v /tmp -v /run -v /var/log \
+        --read-only -v /tmp -v /run \
        -v /tmp/mongodb_vars.sh:/etc/mongodb_vars.sh "${MONGODB_IMAGE}" >/dev/null
 }

@@ -71,7 +71,7 @@ start_mail() {
    docker rm -f mail 2>/dev/null 1>&2 || true

    docker run -dP --name=mail -e DOMAIN_NAME="localhost" \
-        --read-only -v /tmp -v /run -v /var/log \
+        --read-only -v /tmp -v /run \
        -v /tmp/maildata:/app/data "${MAIL_IMAGE}" >/dev/null
 }

@@ -0,0 +1,192 @@
+'use strict';
+
+exports = module.exports = {
+    sync: sync
+};
+
+var appdb = require('./appdb.js'),
+    apps = require('./apps.js'),
+    assert = require('assert'),
+    async = require('async'),
+    config = require('./config.js'),
+    CronJob = require('cron').CronJob,
+    debug = require('debug')('box:src/scheduler'),
+    docker = require('./docker.js'),
+    paths = require('./paths.js'),
+    safe = require('safetydance'),
+    _ = require('underscore');
+
+var NOOP_CALLBACK = function (error) { if (error) debug('Unhandled error: ', error); };
+
+// appId -> { schedulerConfig (manifest), cronjobs, containerIds }
+var gState = (function loadState() {
+    var state = safe.JSON.parse(safe.fs.readFileSync(paths.SCHEDULER_FILE, 'utf8'));
+    return state || { };
+})();
+
+function saveState(state) {
+    // do not save cronJobs
+    var safeState = { };
+    for (var appId in state) {
+        safeState[appId] = {
+            schedulerConfig: state[appId].schedulerConfig,
+            containerIds: state[appId].containerIds
+        };
+    }
+    safe.fs.writeFileSync(paths.SCHEDULER_FILE, JSON.stringify(safeState, null, 4), 'utf8');
+}
+
+function sync(callback) {
+    assert(!callback || typeof callback === 'function');
+
+    callback = callback || NOOP_CALLBACK;
+
+    debug('Syncing');
+
+    apps.getAll(function (error, allApps) {
+        if (error) return callback(error);
+
+        // stop tasks of apps that went away
+        var allAppIds = allApps.map(function (app) { return app.id; });
+        var removedAppIds = _.difference(Object.keys(gState), allAppIds);
+        async.eachSeries(removedAppIds, function (appId, iteratorDone) {
+            stopJobs(appId, gState[appId], true /* killContainers */, iteratorDone);
+        }, function (error) {
+            if (error) debug('Error stopping jobs : %j', error);
+
+            gState = _.omit(gState, removedAppIds);
+
+            // start tasks of new apps
+            async.eachSeries(allApps, function (app, iteratorDone) {
+                var appState = gState[app.id] || null;
+                var schedulerConfig = app.manifest.addons.scheduler || null;
+
+                if (!appState && !schedulerConfig) return iteratorDone(); // nothing changed
+
+                if (appState && _.isEqual(appState.schedulerConfig, schedulerConfig) && appState.cronJobs) {
+                    return iteratorDone(); // nothing changed
+                }
+
+                var killContainers = appState && !appState.cronJobs ? true : false; // keep the old containers on 'startup'
+                stopJobs(app.id, appState, killContainers, function (error) {
+                    if (error) debug('Error stopping jobs for %s : %s', app.id, error.message);
+
+                    if (!schedulerConfig) {
+                        delete gState[app.id];
+                        return iteratorDone();
+                    }
+
+                    gState[app.id] = {
+                        schedulerConfig: schedulerConfig,
+                        cronJobs: createCronJobs(app.id, schedulerConfig),
+                        containerIds: { }
+                    };
+
+                    saveState(gState);
+
+                    iteratorDone();
+                });
+            });
+
+            debug('Done syncing');
+        });
+    });
+}
+
+function killContainer(containerId, callback) {
+    if (!containerId) return callback();
+
+    async.series([
+        docker.stopContainer.bind(null, containerId),
+        docker.deleteContainer.bind(null, containerId)
+    ], function (error) {
+        if (error) debug('Failed to kill task with containerId %s : %s', containerId, error.message);
+
+        callback(error);
+    });
+}
+
+function stopJobs(appId, appState, killContainers, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof appState, 'object');
+    assert.strictEqual(typeof killContainers, 'boolean');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('stopJobs for %s', appId);
+
+    if (!appState) return callback();
+
+    async.eachSeries(Object.keys(appState.schedulerConfig), function (taskName, iteratorDone) {
+        if (appState.cronJobs && appState.cronJobs[taskName]) {  // could be null across restarts
+            appState.cronJobs[taskName].stop();
+        }
+
+        if (!killContainers) return iteratorDone();
+
+        killContainer(appState.containerIds[taskName], iteratorDone);
+    }, callback);
+}
+
+function createCronJobs(appId, schedulerConfig) {
+    assert.strictEqual(typeof appId, 'string');
+    assert(schedulerConfig && typeof schedulerConfig === 'object');
+
+    debug('creating cron jobs for app %s', appId);
+
+    var jobs = { };
+
+    Object.keys(schedulerConfig).forEach(function (taskName) {
+        var task = schedulerConfig[taskName];
+
+        var cronTime = (config.TEST ? '*/5 ' : '00 ') + task.schedule; // time ticks faster in tests
+
+        debug('scheduling task for %s/%s @ %s : %s', appId, taskName, cronTime, task.command);
+
+        var cronJob = new CronJob({
+            cronTime: cronTime, // at this point, the pattern has been validated
+            onTick: doTask.bind(null, appId, taskName),
+            start: true
+        });
+
+        jobs[taskName] = cronJob;
+    });
+
+    return jobs;
+}
+
+function doTask(appId, taskName, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof taskName, 'string');
+    assert(!callback || typeof callback === 'function');
+
+    callback = callback || NOOP_CALLBACK;
+
+    var appState = gState[appId];
+
+    debug('Executing task %s/%s', appId, taskName);
+
+    apps.get(appId, function (error, app) {
+        if (error) return callback(error);
+
+        if (app.installationState !== appdb.ISTATE_INSTALLED || app.runState !== appdb.RSTATE_RUNNING) {
+            debug('task %s skipped. app %s is not installed/running', taskName, app.id);
+            return callback();
+        }
+
+        if (appState.containerIds[taskName]) debug('task %s/%s has existing container %s. killing it', appId, taskName, appState.containerIds[taskName]);
+
+        killContainer(appState.containerIds[taskName], function (error) {
+            if (error) return callback(error);
+
+            debug('Creating createSubcontainer for %s/%s : %s', app.id, taskName, gState[appId].schedulerConfig[taskName].command);
+
+            docker.createSubcontainer(app, [ '/bin/sh', '-c', gState[appId].schedulerConfig[taskName].command ], function (error, container) {
+                appState.containerIds[taskName] = container.id;
+
+                saveState(gState);
+
+                docker.startContainer(container.id, callback);
+            });
+        });
+    });
+}
@@ -95,7 +95,6 @@ function initializeExpressSync() {
    router.post('/api/v1/cloudron/update', rootScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.cloudron.update);
    router.post('/api/v1/cloudron/reboot', rootScope, routes.cloudron.reboot);
    router.post('/api/v1/cloudron/migrate', rootScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.cloudron.migrate);
-    router.post('/api/v1/cloudron/certificate', rootScope, multipart, routes.cloudron.setCertificate);
    router.get ('/api/v1/cloudron/graphs', rootScope, routes.graphs.getGraphs);

    // feedback
@@ -116,7 +115,6 @@ function initializeExpressSync() {
    router.post('/api/v1/session/login', csrf, routes.oauth2.login);
    router.get ('/api/v1/session/logout', routes.oauth2.logout);
    router.get ('/api/v1/session/callback', routes.oauth2.callback);
-    router.get ('/api/v1/session/error', routes.oauth2.error);
    router.get ('/api/v1/session/password/resetRequest.html', csrf, routes.oauth2.passwordResetRequestSite);
    router.post('/api/v1/session/password/resetRequest', csrf, routes.oauth2.passwordResetRequest);
    router.get ('/api/v1/session/password/sent.html', routes.oauth2.passwordSentSite);
@@ -131,7 +129,6 @@ function initializeExpressSync() {
    router.post('/api/v1/oauth/clients', routes.developer.enabled, settingsScope, routes.clients.add);
    router.get ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.get);
    router.post('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.add);
-    router.put ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.update);
    router.del ('/api/v1/oauth/clients/:clientId', routes.developer.enabled, settingsScope, routes.clients.del);
    router.get ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.getClientTokens);
    router.del ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.delClientTokens);
@@ -163,6 +160,10 @@ function initializeExpressSync() {
    router.post('/api/v1/settings/cloudron_name',      settingsScope, routes.settings.setCloudronName);
    router.get ('/api/v1/settings/cloudron_avatar',    settingsScope, routes.settings.getCloudronAvatar);
    router.post('/api/v1/settings/cloudron_avatar',    settingsScope, multipart, routes.settings.setCloudronAvatar);
+    router.get ('/api/v1/settings/dns_config',         settingsScope, routes.settings.getDnsConfig);
+    router.post('/api/v1/settings/dns_config',         settingsScope, routes.settings.setDnsConfig);
+    router.post('/api/v1/settings/certificate',        settingsScope, routes.settings.setCertificate);
+    router.post('/api/v1/settings/admin_certificate',  settingsScope, routes.settings.setAdminCertificate);

    // backup routes
    router.get ('/api/v1/backups', settingsScope, routes.backups.get);
@@ -233,8 +234,8 @@ function start(callback) {
    async.series([
        auth.initialize,
        database.initialize,
+        cloudron.initialize, // keep this here because it reads activation state that others depend on
        taskmanager.initialize,
-        cloudron.initialize,
        mailer.initialize,
        cron.initialize,
        gHttpServer.listen.bind(gHttpServer, config.get('port'), '127.0.0.1'),
@@ -20,25 +20,39 @@ exports = module.exports = {
    getDeveloperMode: getDeveloperMode,
    setDeveloperMode: setDeveloperMode,

+    getDnsConfig: getDnsConfig,
+    setDnsConfig: setDnsConfig,
+
    getDefaultSync: getDefaultSync,
    getAll: getAll,

+    validateCertificate: validateCertificate,
+    setCertificate: setCertificate,
+    setAdminCertificate: setAdminCertificate,
+
    AUTOUPDATE_PATTERN_KEY: 'autoupdate_pattern',
    TIME_ZONE_KEY: 'time_zone',
    CLOUDRON_NAME_KEY: 'cloudron_name',
    DEVELOPER_MODE_KEY: 'developer_mode',
+    DNS_CONFIG_KEY: 'dns_config',

    events: new (require('events').EventEmitter)()
 };

 var assert = require('assert'),
    config = require('./config.js'),
+    constants = require('./constants.js'),
    CronJob = require('cron').CronJob,
    DatabaseError = require('./databaseerror.js'),
+    ejs = require('ejs'),
+    fs = require('fs'),
+    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    settingsdb = require('./settingsdb.js'),
+    shell = require('./shell.js'),
    util = require('util'),
+    x509 = require('x509'),
    _ = require('underscore');

 var gDefaults = (function () {
@@ -47,10 +61,14 @@ var gDefaults = (function () {
    result[exports.TIME_ZONE_KEY] = 'America/Los_Angeles';
    result[exports.CLOUDRON_NAME_KEY] = 'Cloudron';
    result[exports.DEVELOPER_MODE_KEY] = false;
+    result[exports.DNS_CONFIG_KEY] = { };

    return result;
 })();

+var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
+    RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
+
 if (config.TEST) {
    // avoid noisy warnings during npm test
    exports.events.setMaxListeners(100);
@@ -78,6 +96,7 @@ util.inherits(SettingsError, Error);
 SettingsError.INTERNAL_ERROR = 'Internal Error';
 SettingsError.NOT_FOUND = 'Not Found';
 SettingsError.BAD_FIELD = 'Bad Field';
+SettingsError.INVALID_CERT = 'Invalid certificate';

 function setAutoupdatePattern(pattern, callback) {
    assert.strictEqual(typeof pattern, 'string');
@@ -207,6 +226,51 @@ function setDeveloperMode(enabled, callback) {
    });
 }

+function getDnsConfig(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.get(exports.DNS_CONFIG_KEY, function (error, value) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.DNS_CONFIG_KEY]);
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        callback(null, JSON.parse(value)); // accessKeyId, secretAccessKey, region
+    });
+}
+
+function setDnsConfig(dnsConfig, callback) {
+    assert.strictEqual(typeof dnsConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var credentials;
+
+    if (dnsConfig.provider === 'route53') {
+        if (typeof dnsConfig.accessKeyId !== 'string') return callback(new SettingsError(SettingsError.BAD_FIELD, 'accessKeyId must be a string'));
+        if (typeof dnsConfig.secretAccessKey !== 'string') return callback(new SettingsError(SettingsError.BAD_FIELD, 'secretAccessKey must be a string'));
+
+        credentials = {
+            provider: dnsConfig.provider,
+            accessKeyId: dnsConfig.accessKeyId,
+            secretAccessKey: dnsConfig.secretAccessKey,
+            region: dnsConfig.region || 'us-east-1',
+            endpoint: dnsConfig.endpoint || null
+        };
+    } else if (dnsConfig.provider === 'caas') {
+        credentials = {
+            provider: dnsConfig.provider
+        };
+    } else {
+        return callback(new SettingsError(SettingsError.BAD_FIELD, 'provider must be route53 or caas'));
+    }
+
+    settingsdb.set(exports.DNS_CONFIG_KEY, JSON.stringify(credentials), function (error) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        exports.events.emit(exports.DNS_CONFIG_KEY, dnsConfig);
+
+        callback(null);
+    });
+}
+
 function getDefaultSync(name) {
    assert.strictEqual(typeof name, 'string');

@@ -225,3 +289,101 @@ function getAll(callback) {
        callback(null, result);
    });
 }
+
+function validateCertificate(cert, key, fqdn) {
+    assert(cert === null || typeof cert === 'string');
+    assert(key === null || typeof key === 'string');
+    assert.strictEqual(typeof fqdn, 'string');
+
+    if (cert === null && key === null) return null;
+    if (!cert && key) return new Error('missing cert');
+    if (cert && !key) return new Error('missing key');
+
+    var content;
+    try {
+        content = x509.parseCert(cert);
+    } catch (e) {
+        return new Error('invalid cert');
+    }
+
+    // check expiration
+    if (content.notAfter < new Date()) return new Error('cert expired');
+
+    function matchesDomain(domain) {
+        if (domain === fqdn) return true;
+        if (domain.indexOf('*') === 0 && domain.slice(2) === fqdn.slice(fqdn.indexOf('.') + 1)) return true;
+
+        return false;
+    }
+
+    // check domain
+    var domains = content.altNames.concat(content.subject.commonName);
+    if (!domains.some(matchesDomain)) return new Error('cert is not valid for this domain');
+
+    // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
+    var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert });
+    var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
+    if (certModulus !== keyModulus) return new Error('key does not match the cert');
+
+    return null;
+}
+
+function setCertificate(cert, key, callback) {
+    assert.strictEqual(typeof cert, 'string');
+    assert.strictEqual(typeof key, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var error = validateCertificate(cert, key, '*.' + config.fqdn());
+    if (error) return callback(new SettingsError(SettingsError.INVALID_CERT, error.message));
+
+    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), cert)) {
+        return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
+    }
+
+    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), key)) {
+        return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
+    }
+
+    shell.sudo('setCertificate', [ RELOAD_NGINX_CMD ], function (error) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        return callback(null);
+    });
+}
+
+function setAdminCertificate(cert, key, callback) {
+    assert.strictEqual(typeof cert, 'string');
+    assert.strictEqual(typeof key, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var sourceDir = path.resolve(__dirname, '..');
+    var endpoint = 'admin';
+    var vhost = config.appFqdn(constants.ADMIN_LOCATION);
+    var certFilePath = path.join(paths.APP_CERTS_DIR, 'admin.cert');
+    var keyFilePath = path.join(paths.APP_CERTS_DIR, 'admin.key');
+
+    var error = validateCertificate(cert, key, vhost);
+    if (error) return callback(new SettingsError(SettingsError.INVALID_CERT, error.message));
+
+    if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
+
+    var data = {
+        sourceDir: sourceDir,
+        adminOrigin: config.adminOrigin(),
+        vhost: vhost,
+        endpoint: endpoint,
+        certFilePath: certFilePath,
+        keyFilePath: keyFilePath
+    };
+    var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
+    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, 'admin.conf');
+
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
+
+    shell.sudo('setAdminCertificate', [ RELOAD_NGINX_CMD ], function (error) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        return callback(null);
+    });
+}
@@ -5,20 +5,23 @@ exports = module.exports = {
    stop: stop
 };

-var assert = require('assert'),
-    debug = require('debug')('box:simpleauth'),
-    user = require('./user.js'),
-    tokendb = require('./tokendb.js'),
+var apps = require('./apps.js'),
+    AppsError = apps.AppsError,
+    assert = require('assert'),
+    clientdb = require('./clientdb.js'),
    clients = require('./clients.js'),
+    ClientsError = clients.ClientsError,
    config = require('./config.js'),
-    debug = require('debug')('box:proxy'),
-    middleware = require('./middleware'),
+    DatabaseError = require('./databaseerror.js'),
+    debug = require('debug')('box:src/simpleauth'),
    express = require('express'),
+    http = require('http'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
-    DatabaseError = require('./databaseerror.js'),
-    UserError = require('./user.js').UserError,
-    http = require('http');
+    middleware = require('./middleware'),
+    tokendb = require('./tokendb.js'),
+    user = require('./user.js'),
+    UserError = require('./user.js').UserError;

 var gHttpServer = null;

@@ -33,18 +36,27 @@ function loginLogic(clientId, username, password, callback) {
    clients.get(clientId, function (error, clientObject) {
        if (error) return callback(error);

+        // only allow simple auth clients
+        if (clientObject.type !== clientdb.TYPE_SIMPLE_AUTH) return callback(new ClientsError(ClientsError.INVALID_CLIENT));
+
        user.verify(username, password, function (error, userObject) {
            if (error) return callback(error);

-            var accessToken = tokendb.generateToken();
-            var expires = Date.now() + 24 * 60 * 60 * 1000; // 1 day
-
-            tokendb.add(accessToken, tokendb.PREFIX_USER + userObject.id, clientId, expires, clientObject.scope, function (error) {
+            apps.get(clientObject.appId, function (error, appObject) {
                if (error) return callback(error);

-                debug('login: new access token for client %s and user %s: %s', clientId, username, accessToken);
+                if (!apps.hasAccessTo(appObject, userObject)) return callback(new AppsError(AppsError.ACCESS_DENIED));

-                callback(null, { accessToken: accessToken, user: userObject });
+                var accessToken = tokendb.generateToken();
+                var expires = Date.now() + 24 * 60 * 60 * 1000; // 1 day
+
+                tokendb.add(accessToken, tokendb.PREFIX_USER + userObject.id, clientId, expires, clientObject.scope, function (error) {
+                    if (error) return callback(error);
+
+                    debug('login: new access token for client %s and user %s: %s', clientId, username, accessToken);
+
+                    callback(null, { accessToken: accessToken, user: userObject });
+                });
            });
        });
    });
@@ -71,8 +83,11 @@ function login(req, res, next) {

    loginLogic(req.body.clientId, req.body.username, req.body.password, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new HttpError(401, 'Unknown client'));
+        if (error && error.reason === ClientsError.INVALID_CLIENT) return next(new HttpError(401, 'Unkown client'));
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(401, 'Forbidden'));
+        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(401, 'Unkown app'));
        if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(401, 'Forbidden'));
+        if (error && error.reason === AppsError.ACCESS_DENIED) return next(new HttpError(401, 'Forbidden'));
        if (error) return next(new HttpError(500, error));

        var tmp = {
@@ -3,75 +3,71 @@
 'use strict';

 var assert = require('assert'),
-    async = require('async'),
-    aws = require('./aws.js'),
-    caas = require('./caas.js'),
+    caas = require('./dns/caas.js'),
    config = require('./config.js'),
-    debug = require('debug')('box:subdomains'),
-    util = require('util'),
-    SubdomainError = require('./subdomainerror.js');
+    route53 = require('./dns/route53.js'),
+    SubdomainError = require('./subdomainerror.js'),
+    util = require('util');

 module.exports = exports = {
    add: add,
-    addMany: addMany,
    remove: remove,
-    status: status
+    status: status,
+    update: update, // unlike add, this fetches latest value, compares and adds if necessary. atomicity depends on backend
+    get: get
 };

-// choose which subdomain backend we use
-// for test purpose we use aws
+// choose which subdomain backend we use for test purpose we use route53
 function api() {
-    return config.token() && !config.TEST ? caas : aws;
+    return config.isCustomDomain() || config.TEST ? route53 : caas;
 }

-function add(record, callback) {
-    assert.strictEqual(typeof record, 'object');
-    assert.strictEqual(typeof record.subdomain, 'string');
-    assert.strictEqual(typeof record.type, 'string');
-    assert.strictEqual(typeof record.value, 'string');
+function add(subdomain, type, values, callback) {
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

-    debug('add: ', record);
-
-    api().addSubdomain(config.zoneName(), record.subdomain, record.type, record.value, function (error, changeId) {
+    api().add(config.zoneName(), subdomain, type, values, function (error, changeId) {
        if (error) return callback(error);
        callback(null, changeId);
    });
 }

-function addMany(records, callback) {
-    assert(util.isArray(records));
+function get(subdomain, type, callback) {
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug('addMany: ', records);
-
-    var changeIds = [];
-
-    async.eachSeries(records, function (record, callback) {
-        add(record, function (error, changeId) {
-            if (error) return callback(error);
-
-            changeIds.push(changeId);
-
-            callback(null);
-        });
-    }, function (error) {
+    api().get(config.zoneName(), subdomain, type, function (error, values) {
        if (error) return callback(error);
-        callback(null, changeIds);
+
+        callback(null, values);
    });
 }

-function remove(record, callback) {
-    assert.strictEqual(typeof record, 'object');
+function update(subdomain, type, values, callback) {
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

-    debug('remove: ', record);
+    api().update(config.zoneName(), subdomain, type, values, function (error) {
+        if (error) return callback(error);

-    api().delSubdomain(config.zoneName(), record.subdomain, record.type, record.value, function (error) {
+        callback(null);
+    });
+}
+
+function remove(subdomain, type, values, callback) {
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert(util.isArray(values));
+    assert.strictEqual(typeof callback, 'function');
+
+    api().del(config.zoneName(), subdomain, type, values, function (error) {
        if (error && error.reason !== SubdomainError.NOT_FOUND) return callback(error);

-        debug('deleteSubdomain: successfully deleted subdomain from aws.');
-
        callback(null);
    });
 }
@@ -36,7 +36,7 @@ describe('Apps', function () {
        containerId: null,
        portBindings: { PORT: 5678 },
        healthy: null,
-        accessRestriction: '',
+        accessRestriction: null,
        oauthProxy: false
    };

@@ -158,5 +158,48 @@ describe('Apps', function () {
            });
        });
    });
-});

+    describe('validateAccessRestriction', function () {
+        it('allows null input', function () {
+            expect(apps._validateAccessRestriction(null)).to.eql(null);
+        });
+
+        it('does not allow wrong user type', function () {
+            expect(apps._validateAccessRestriction({ users: {} })).to.be.an(Error);
+        });
+
+        it('does not allow no user input', function () {
+            expect(apps._validateAccessRestriction({ users: [] })).to.be.an(Error);
+        });
+
+        it('allows single user input', function () {
+            expect(apps._validateAccessRestriction({ users: [ 'someuserid' ] })).to.eql(null);
+        });
+
+        it('allows multi user input', function () {
+            expect(apps._validateAccessRestriction({ users: [ 'someuserid', 'someuserid1', 'someuserid2', 'someuserid3' ] })).to.eql(null);
+        });
+    });
+
+    describe('hasAccessTo', function () {
+        it('returns true for unrestricted access', function () {
+            expect(apps.hasAccessTo({ accessRestriction: null }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns true for allowed user', function () {
+            expect(apps.hasAccessTo({ accessRestriction: { users: [ 'someuser' ] } }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns true for allowed user with multiple allowed', function () {
+            expect(apps.hasAccessTo({ accessRestriction: { users: [ 'foo', 'someuser', 'anotheruser' ] } }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns false for not allowed user', function () {
+            expect(apps.hasAccessTo({ accessRestriction: { users: [ 'foo' ] } }, { id: 'someuser' })).to.equal(false);
+        });
+
+        it('returns false for not allowed user with multiple allowed', function () {
+            expect(apps.hasAccessTo({ accessRestriction: { users: [ 'foo', 'anotheruser' ] } }, { id: 'someuser' })).to.equal(false);
+        });
+    });
+});
@@ -9,6 +9,7 @@
 var addons = require('../addons.js'),
    appdb = require('../appdb.js'),
    apptask = require('../apptask.js'),
+    async = require('async'),
    config = require('../config.js'),
    database = require('../database.js'),
    expect = require('expect.js'),
@@ -17,6 +18,7 @@ var addons = require('../addons.js'),
    net = require('net'),
    nock = require('nock'),
    paths = require('../paths.js'),
+    settings = require('../settings.js'),
    _ = require('underscore');

 var MANIFEST = {
@@ -29,7 +31,7 @@ var MANIFEST = {
  "contactEmail": "support@cloudron.io",
  "version": "0.1.0",
  "manifestVersion": 1,
-  "dockerImage": "cloudron/test:2.0.0",
+  "dockerImage": "cloudron/test:8.0.0",
  "healthCheckPath": "/",
  "httpPort": 7777,
  "tcpPorts": {
@@ -57,7 +59,7 @@ var APP = {
    containerId: null,
    httpPort: 4567,
    portBindings: null,
-    accessRestriction: '',
+    accessRestriction: null,
    oauthProxy: false,
    dnsRecordId: 'someDnsRecordId'
 };
@@ -80,10 +82,11 @@ var APP = {
 describe('apptask', function () {
    before(function (done) {
        config.set('version', '0.5.0');
-        database.initialize(function (error) {
-            expect(error).to.be(null);
-            appdb.add(APP.id, APP.appStoreId, APP.manifest, APP.location, APP.portBindings, APP.accessRestriction, APP.oauthProxy, done);
-        });
+        async.series([
+            database.initialize,
+            appdb.add.bind(null, APP.id, APP.appStoreId, APP.manifest, APP.location, APP.portBindings, APP.accessRestriction, APP.oauthProxy),
+            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' })
+        ], done);
    });

    after(function (done) {
@@ -200,12 +203,8 @@ describe('apptask', function () {

    it('registers subdomain', function (done) {
        nock.cleanAll();
-        var scope = nock(config.apiServerOrigin())
-            .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
-            .times(2)
-            .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });

-        var awsScope = nock(config.aws().endpoint)
+        var awsScope = nock('http://localhost:5353')
            .get('/2013-04-01/hostedzone')
            .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { arrayMap: { HostedZones: 'HostedZone'} }))
            .post('/2013-04-01/hostedzone/ZONEID/rrset/')
@@ -213,7 +212,6 @@ describe('apptask', function () {

        apptask._registerSubdomain(APP, function (error) {
            expect(error).to.be(null);
-            expect(scope.isDone()).to.be.ok();
            expect(awsScope.isDone()).to.be.ok();
            done();
        });
@@ -221,10 +219,6 @@ describe('apptask', function () {

    it('unregisters subdomain', function (done) {
        nock.cleanAll();
-        var scope = nock(config.apiServerOrigin())
-            .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
-            .times(2)
-            .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });

        var awsScope = nock(config.aws().endpoint)
            .get('/2013-04-01/hostedzone')
@@ -234,7 +228,6 @@ describe('apptask', function () {

        apptask._unregisterSubdomain(APP, APP.location, function (error) {
            expect(error).to.be(null);
-            expect(scope.isDone()).to.be.ok();
            expect(awsScope.isDone()).to.be.ok();
            done();
        });
@@ -3,6 +3,7 @@
 set -eu

 readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+readonly TEST_IMAGE="cloudron/test:10.0.0"

 source ${SOURCE_DIR}/setup/INFRA_VERSION

@@ -34,8 +35,8 @@ for script in "${scripts[@]}"; do
    fi
 done

-if ! docker inspect cloudron/test:3.0.0 >/dev/null 2>/dev/null; then
-    echo "docker pull cloudron/test:3.0.0 for tests to run"
+if ! docker inspect "${TEST_IMAGE}" >/dev/null 2>/dev/null; then
+    echo "docker pull "${TEST_IMAGE}" for tests to run"
    exit 1
 fi

@@ -9,17 +9,21 @@
 var constants = require('../constants.js'),
    expect = require('expect.js'),
    fs = require('fs'),
-    path = require('path');
+    path = require('path'),
+    paths = require('../paths.js'),
+    safe = require('safetydance');

 var config = null;

 describe('config', function () {
    before(function () {
+        safe.fs.unlinkSync(paths.DNS_IN_SYNC_FILE);
        delete require.cache[require.resolve('../config.js')];
        config = require('../config.js');
    });

    after(function () {
+        safe.fs.unlinkSync(paths.DNS_IN_SYNC_FILE);
        delete require.cache[require.resolve('../config.js')];
    });

@@ -28,6 +32,17 @@ describe('config', function () {
        done();
    });

+    it('dnsInSync() is unset', function (done) {
+        expect(config.dnsInSync()).to.not.be.ok();
+        done();
+    });
+
+    it('dnsInSync() is set', function (done) {
+        config.setDnsInSync();
+        expect(config.dnsInSync()).to.be.ok();
+        done();
+    });
+
    it('cloudron.conf generated automatically', function (done) {
        expect(fs.existsSync(path.join(config.baseDir(), 'configs/cloudron.conf'))).to.be.ok();
        done();
@@ -478,7 +478,7 @@ describe('database', function () {
            containerId: null,
            portBindings: { port: 5678 },
            health: null,
-            accessRestriction: '',
+            accessRestriction: null,
            oauthProxy: false,
            lastBackupId: null,
            lastBackupConfig: null,
@@ -497,7 +497,7 @@ describe('database', function () {
            containerId: null,
            portBindings: { },
            health: null,
-            accessRestriction: 'roleAdmin',
+            accessRestriction: { users: [ 'foobar' ] },
            oauthProxy: true,
            lastBackupId: null,
            lastBackupConfig: null,
@@ -790,6 +790,7 @@ describe('database', function () {
        var CLIENT_0 = {
            id: 'cid-0',
            appId: 'someappid_0',
+            type: clientdb.TYPE_OAUTH,
            clientSecret: 'secret-0',
            redirectURI: 'http://foo.bar',
            scope: '*'
@@ -798,23 +799,17 @@ describe('database', function () {
        var CLIENT_1 = {
            id: 'cid-1',
            appId: 'someappid_1',
+            type: clientdb.TYPE_OAUTH,
            clientSecret: 'secret-',
            redirectURI: 'http://foo.bar',
            scope: '*'
        };
-        var CLIENT_2 = {
-            id: 'cid-2',
-            appId: 'someappid_2',
-            clientSecret: 'secret-2',
-            redirectURI: 'http://foo.bar.baz',
-            scope: 'profile,roleUser'
-        };

        it('add succeeds', function (done) {
-            clientdb.add(CLIENT_0.id, CLIENT_0.appId, CLIENT_0.clientSecret, CLIENT_0.redirectURI, CLIENT_0.scope, function (error) {
+            clientdb.add(CLIENT_0.id, CLIENT_0.appId, CLIENT_0.type, CLIENT_0.clientSecret, CLIENT_0.redirectURI, CLIENT_0.scope, function (error) {
                expect(error).to.be(null);

-                clientdb.add(CLIENT_1.id, CLIENT_1.appId, CLIENT_1.clientSecret, CLIENT_1.redirectURI, CLIENT_1.scope, function (error) {
+                clientdb.add(CLIENT_1.id, CLIENT_1.appId, CLIENT_0.type, CLIENT_1.clientSecret, CLIENT_1.redirectURI, CLIENT_1.scope, function (error) {
                    expect(error).to.be(null);
                    done();
                });
@@ -822,7 +817,7 @@ describe('database', function () {
        });

        it('add same client id fails', function (done) {
-            clientdb.add(CLIENT_0.id, CLIENT_0.appId, CLIENT_0.clientSecret, CLIENT_0.redirectURI, CLIENT_0.scope, function (error) {
+            clientdb.add(CLIENT_0.id, CLIENT_0.appId, CLIENT_0.type, CLIENT_0.clientSecret, CLIENT_0.redirectURI, CLIENT_0.scope, function (error) {
                expect(error).to.be.a(DatabaseError);
                expect(error.reason).to.equal(DatabaseError.ALREADY_EXISTS);
                done();
@@ -845,6 +840,14 @@ describe('database', function () {
            });
        });

+        it('getByAppIdAndType succeeds', function (done) {
+            clientdb.getByAppIdAndType(CLIENT_0.appId, CLIENT_0.type, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.eql(CLIENT_0);
+                done();
+            });
+        });
+
        it('getByAppId fails for unknown client id', function (done) {
            clientdb.getByAppId(CLIENT_0.appId + CLIENT_0.appId, function (error, result) {
                expect(error).to.be.a(DatabaseError);
@@ -865,24 +868,14 @@ describe('database', function () {
            });
        });

-        it('update client fails due to unknown client id', function (done) {
-            clientdb.update(CLIENT_2.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) {
-                expect(error).to.be.a(DatabaseError);
-                expect(error.reason).to.equal(DatabaseError.NOT_FOUND);
-                done();
-            });
-        });
-
-        it('update client succeeds', function (done) {
-            clientdb.update(CLIENT_1.id, CLIENT_2.appId, CLIENT_2.clientSecret, CLIENT_2.redirectURI, CLIENT_2.scope, function (error) {
+        it('delByAppIdAndType succeeds', function (done) {
+            clientdb.delByAppIdAndType(CLIENT_1.appId, CLIENT_1.type, function (error) {
                expect(error).to.be(null);

-                clientdb.get(CLIENT_1.id, function (error, result) {
-                    expect(error).to.be(null);
-                    expect(result.appId).to.eql(CLIENT_2.appId);
-                    expect(result.clientSecret).to.eql(CLIENT_2.clientSecret);
-                    expect(result.redirectURI).to.eql(CLIENT_2.redirectURI);
-                    expect(result.scope).to.eql(CLIENT_2.scope);
+                clientdb.getByAppIdAndType(CLIENT_1.appId, CLIENT_1.type, function (error, result) {
+                    expect(error).to.be.a(DatabaseError);
+                    expect(error.reason).to.equal(DatabaseError.NOT_FOUND);
+                    expect(result).to.not.be.ok();
                    done();
                });
            });
@@ -0,0 +1,99 @@
+/* jslint node:true */
+/* global it:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+var async = require('async'),
+    authcodedb = require('../authcodedb.js'),
+    database = require('../database'),
+    DatabaseError = require('../databaseerror.js'),
+    expect = require('expect.js'),
+    janitor = require('../janitor.js'),
+    tokendb = require('../tokendb.js');
+
+describe('janitor', function () {
+    var AUTHCODE_0 = {
+        authCode: 'authcode-0',
+        clientId: 'clientid-0',
+        userId: 'userid-0',
+        expiresAt: Date.now() + 5000
+    };
+    var AUTHCODE_1 = {
+        authCode: 'authcode-1',
+        clientId: 'clientid-1',
+        userId: 'userid-1',
+        expiresAt: Date.now() - 5000
+    };
+
+    var TOKEN_0 = {
+        accessToken: tokendb.generateToken(),
+        identifier: tokendb.PREFIX_USER + '0',
+        clientId: 'clientid-0',
+        expires: Date.now() + 60 * 60000,
+        scope: '*'
+    };
+    var TOKEN_1 = {
+        accessToken: tokendb.generateToken(),
+        identifier: tokendb.PREFIX_USER + '1',
+        clientId: 'clientid-1',
+        expires: Date.now() - 1000,
+        scope: '*',
+    };
+
+    before(function (done) {
+        async.series([
+            database.initialize,
+            database._clear,
+            authcodedb.add.bind(null, AUTHCODE_0.authCode, AUTHCODE_0.clientId, AUTHCODE_0.userId, AUTHCODE_0.expiresAt),
+            authcodedb.add.bind(null, AUTHCODE_1.authCode, AUTHCODE_1.clientId, AUTHCODE_1.userId, AUTHCODE_1.expiresAt),
+            tokendb.add.bind(null, TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope),
+            tokendb.add.bind(null, TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope)
+        ], done);
+    });
+
+    after(function (done) {
+        database._clear(done);
+    });
+
+    it('can cleanupTokens', function (done) {
+        janitor.cleanupTokens(done);
+    });
+
+    it('did not remove the non-expired authcode', function (done) {
+        authcodedb.get(AUTHCODE_0.authCode, function (error, result) {
+            expect(error).to.be(null);
+            expect(result).to.be.eql(AUTHCODE_0);
+            done();
+        });
+    });
+
+    it('did remove expired authcode', function (done) {
+        authcodedb.get(AUTHCODE_1.authCode, function (error, result) {
+            expect(error).to.be.a(DatabaseError);
+            expect(error.reason).to.be(DatabaseError.NOT_FOUND);
+            expect(result).to.not.be.ok();
+            done();
+        });
+    });
+
+    it('did not remove the non-expired token', function (done) {
+        tokendb.get(TOKEN_0.accessToken, function (error, result) {
+            expect(error).to.be(null);
+            expect(result).to.be.eql(TOKEN_0);
+            done();
+        });
+    });
+
+    it('did remove the non-expired token', function (done) {
+        tokendb.get(TOKEN_1.accessToken, function (error, result) {
+            expect(error).to.be.a(DatabaseError);
+            expect(error.reason).to.be(DatabaseError.NOT_FOUND);
+            expect(result).to.not.be.ok();
+            done();
+        });
+    });
+});
+
@@ -23,71 +23,172 @@ function cleanup(done) {
 }

 describe('Settings', function () {
-    before(setup);
-    after(cleanup);
+    describe('values', function () {
+        before(setup);
+        after(cleanup);

-    it('can get default timezone', function (done) {
-        settings.getTimeZone(function (error, tz) {
-            expect(error).to.be(null);
-            expect(tz.length).to.not.be(0);
-            done();
+        it('can get default timezone', function (done) {
+            settings.getTimeZone(function (error, tz) {
+                expect(error).to.be(null);
+                expect(tz.length).to.not.be(0);
+                done();
+            });
+        });
+
+        it('can get default autoupdate_pattern', function (done) {
+            settings.getAutoupdatePattern(function (error, pattern) {
+                expect(error).to.be(null);
+                expect(pattern).to.be('00 00 1,3,5,23 * * *');
+                done();
+            });
+        });
+
+        it ('can get default cloudron name', function (done) {
+            settings.getCloudronName(function (error, name) {
+                expect(error).to.be(null);
+                expect(name).to.be('Cloudron');
+                done();
+            });
+        });
+
+        it('can get default cloudron avatar', function (done) {
+            settings.getCloudronAvatar(function (error, gravatar) {
+                expect(error).to.be(null);
+                expect(gravatar).to.be.a(Buffer);
+                done();
+            });
+        });
+
+        it('can get default developer mode', function (done) {
+            settings.getDeveloperMode(function (error, enabled) {
+                expect(error).to.be(null);
+                expect(enabled).to.equal(false);
+                done();
+            });
+        });
+
+        it('can set developer mode', function (done) {
+            settings.setDeveloperMode(true, function (error) {
+                expect(error).to.be(null);
+                done();
+            });
+        });
+
+        it('can get developer mode', function (done) {
+            settings.getDeveloperMode(function (error, enabled) {
+                expect(error).to.be(null);
+                expect(enabled).to.equal(true);
+                done();
+            });
+        });
+
+        it('can set dns config', function (done) {
+            settings.setDnsConfig({ provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey' }, function (error) {
+                expect(error).to.be(null);
+                done();
+            });
+        });
+
+        it('can get dns config', function (done) {
+            settings.getDnsConfig(function (error, dnsConfig) {
+                expect(error).to.be(null);
+                expect(dnsConfig.provider).to.be('route53');
+                expect(dnsConfig.accessKeyId).to.be('accessKeyId');
+                expect(dnsConfig.secretAccessKey).to.be('secretAccessKey');
+                expect(dnsConfig.region).to.be('us-east-1');
+                done();
+            });
+        });
+
+        it('can get all values', function (done) {
+            settings.getAll(function (error, allSettings) {
+                expect(error).to.be(null);
+                expect(allSettings[settings.TIME_ZONE_KEY]).to.be.a('string');
+                expect(allSettings[settings.AUTOUPDATE_PATTERN_KEY]).to.be.a('string');
+                expect(allSettings[settings.CLOUDRON_NAME_KEY]).to.be.a('string');
+                done();
+            });
        });
    });

-    it('can get default autoupdate_pattern', function (done) {
-        settings.getAutoupdatePattern(function (error, pattern) {
-            expect(error).to.be(null);
-            expect(pattern).to.be('00 00 1,3,5,23 * * *');
-            done();
-        });
-    });
+    describe('validateCertificate', function () {
+        before(setup);
+        after(cleanup);

-    it ('can get default cloudron name', function (done) {
-        settings.getCloudronName(function (error, name) {
-            expect(error).to.be(null);
-            expect(name).to.be('Cloudron');
-            done();
-        });
-    });
+        /*
+          Generate these with:
+            openssl genrsa -out server.key 512
+            openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=Nebulon/OU=CTO/CN=baz.foobar.com"
+            openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+        */

-    it('can get default cloudron avatar', function (done) {
-        settings.getCloudronAvatar(function (error, gravatar) {
-            expect(error).to.be(null);
-            expect(gravatar).to.be.a(Buffer);
-            done();
-        });
-    });
+        // foobar.com
+        var validCert0 = '-----BEGIN CERTIFICATE-----\nMIIBujCCAWQCCQCjLyTKzAJ4FDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKZm9vYmFyLmNvbTAeFw0xNTEw\nMjgxMjM5MjZaFw0xNjEwMjcxMjM5MjZaMGQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI\nDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEQMA4GA1UECgwHTmVidWxvbjEMMAoG\nA1UECwwDQ1RPMRMwEQYDVQQDDApmb29iYXIuY29tMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9Z7b6\n+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAATANBgkqhkiG9w0BAQsFAANBAJI7\nFUUHXjR63UFk8pgxp0c7hEGqj4VWWGsmo8oZnnX8jGVmQDKbk8o3MtDujfqupmMR\nMo7tSAFlG7zkm3GYhpw=\n-----END CERTIFICATE-----';
+        var validKey0 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9\nZ7b6+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAAQJBAJS59Sb8o6i8JT9NJxvQ\nMQCkSJGqEaosZJ0uccSZ7aE48v+H7HiPzXAueitohcEif2Wp1EZ1RbRMURhznNiZ\neLECIQDxxqhakO6wc7H68zmpRXJ5ZxGUNbM24AMtpONAtEw9iwIhANNWtp6P74OV\ntvfOmtubbqw768fmGskFCOcp5oF8oF29AiBkTAf9AhCyjFwyAYJTEScq67HkLN66\njfVjkvpfFixmfwIgI+xldmZ5DCDyzQSthg7RrS0yUvRmMS1N6h1RNUl96PECIQDl\nit4lFcytbqNo1PuBZvzQE+plCjiJqXHYo3WCst1Jbg==\n-----END RSA PRIVATE KEY-----';

-    it('can get default developer mode', function (done) {
-        settings.getDeveloperMode(function (error, enabled) {
-            expect(error).to.be(null);
-            expect(enabled).to.equal(false);
-            done();
-        });
-    });
+        // *.foobar.com
+        var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQCg957GWuHtbzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE1\nMTAyODEzMDI1MFoXDTE2MTAyNzEzMDI1MFowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQC0FKf07ZWMcABFlZw+GzXK9EiZrlJ1lpnu64RhN99z7MXRr8cF\nnZVgY3jgatuyR5s3WdzUvye2eJ0rNicl2EZJAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAw4bteMZAeJWl2wgNLw+wTwAH96E0jyxwreCnT5AxJLmgimyQ0XOF4FsssdRFj\nxD9WA+rktelBodJyPeTDNhIh\n-----END CERTIFICATE-----';
+        var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBALQUp/TtlYxwAEWVnD4bNcr0SJmuUnWWme7rhGE333PsxdGvxwWd\nlWBjeOBq27JHmzdZ3NS/J7Z4nSs2JyXYRkkCAwEAAQJALV2eykcoC48TonQEPmkg\nbhaIS57syw67jMLsQImQ02UABKzqHPEKLXPOZhZPS9hsC/hGIehwiYCXMUlrl+WF\nAQIhAOntBI6qaecNjAAVG7UbZclMuHROUONmZUF1KNq6VyV5AiEAxRLkfHWy52CM\njOQrX347edZ30f4QczvugXwsyuU9A1ECIGlGZ8Sk4OBA8n6fAUcyO06qnmCJVlHg\npTUeOvKk5c9RAiBs28+8dCNbrbhVhx/yQr9FwNM0+ttJW/yWJ+pyNQhr0QIgJTT6\nxwCWYOtbioyt7B9l+ENy3AMSO3Uq+xmIKkvItK4=\n-----END RSA PRIVATE KEY-----';

-    it('can set developer mode', function (done) {
-        settings.setDeveloperMode(true, function (error) {
-            expect(error).to.be(null);
-            done();
-        });
-    });
+        // baz.foobar.com
+        var validCert2 = '-----BEGIN CERTIFICATE-----\nMIIBwjCCAWwCCQDIKtL9RCDCkDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wHhcN\nMTUxMDI4MTMwNTMzWhcNMTYxMDI3MTMwNTMzWjBoMQswCQYDVQQGEwJERTEPMA0G\nA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05lYnVsb24x\nDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wXDANBgkqhkiG\n9w0BAQEFAANLADBIAkEAw7UWW/VoQePv2l92l3XcntZeyw1nBiHxk1axZwC6auOW\n2/zfA//Tg7fv4q5qKnV1n/71IiMAheeFcpfogY5rTwIDAQABMA0GCSqGSIb3DQEB\nCwUAA0EAtluL6dGNfOdNkzoO/UwzRaIvEm2reuqe+Ik4WR/k+DJ4igrmRCQqXwjW\nJaGYsFWsuk3QLOWQ9YgCKlcIYd+1/A==\n-----END CERTIFICATE-----';
+        var validKey2 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAMO1Flv1aEHj79pfdpd13J7WXssNZwYh8ZNWsWcAumrjltv83wP/\n04O37+Kuaip1dZ/+9SIjAIXnhXKX6IGOa08CAwEAAQJAUPD3Y2cXDJFaJQXwhWnw\nqhzdLbvITUgCor5rNr+dWhE2MopGPpRHiabA1PeWEPx8CfblyTZGd8KUR/2W1c0r\naQIhAP4ZxB3+uhuzzMfyRrn/khr12pFn/FCIDbwnDbyUxLrTAiEAxSuVOFs+Mupt\nYCz/pPrDCx3eid0wyXRObbkLHOxJiBUCIBTp5fxaBNNW3xnt1OhmIo5Zgd3J4zh1\nmjvMMxM8Y1zFAiAxOP0qsZSoj1+41+MGY9fXaaCJ2F96m3+M4tpEYTTGNQIgdESZ\nz+hzHBeYVbWJpIR8uaNkx7wveUF90FpipXyeTsA=\n-----END RSA PRIVATE KEY-----';

-    it('can get developer mode', function (done) {
-        settings.getDeveloperMode(function (error, enabled) {
-            expect(error).to.be(null);
-            expect(enabled).to.equal(true);
-            done();
+        it('allows both null', function () {
+            expect(settings.validateCertificate(null, null, 'foobar.com')).to.be(null);
        });
-    });

-    it('can get all values', function (done) {
-        settings.getAll(function (error, allSettings) {
-            expect(error).to.be(null);
-            expect(allSettings[settings.TIME_ZONE_KEY]).to.be.a('string');
-            expect(allSettings[settings.AUTOUPDATE_PATTERN_KEY]).to.be.a('string');
-            expect(allSettings[settings.CLOUDRON_NAME_KEY]).to.be.a('string');
-            done();
+        it('does not allow only cert', function () {
+            expect(settings.validateCertificate('cert', null, 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow only key', function () {
+            expect(settings.validateCertificate(null, 'key', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow empty string for cert', function () {
+            expect(settings.validateCertificate('', 'key', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow empty string for key', function () {
+            expect(settings.validateCertificate('cert', '', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid cert', function () {
+            expect(settings.validateCertificate('someinvalidcert', validKey0, 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid key', function () {
+            expect(settings.validateCertificate(validCert0, 'invalidkey', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow cert without matching domain', function () {
+            expect(settings.validateCertificate(validCert0, validKey0, 'cloudron.io')).to.be.an(Error);
+        });
+
+        it('allows valid cert with matching domain', function () {
+            expect(settings.validateCertificate(validCert0, validKey0, 'foobar.com')).to.be(null);
+        });
+
+        it('allows valid cert with matching domain (wildcard)', function () {
+            expect(settings.validateCertificate(validCert1, validKey1, 'abc.foobar.com')).to.be(null);
+        });
+
+        it('does now allow cert without matching domain (wildcard)', function () {
+            expect(settings.validateCertificate(validCert1, validKey1, 'foobar.com')).to.be.an(Error);
+            expect(settings.validateCertificate(validCert1, validKey1, 'bar.abc.foobar.com')).to.be.an(Error);
+        });
+
+        it('allows valid cert with matching domain (subdomain)', function () {
+            expect(settings.validateCertificate(validCert2, validKey2, 'baz.foobar.com')).to.be(null);
+        });
+
+        it('does not allow cert without matching domain (subdomain)', function () {
+            expect(settings.validateCertificate(validCert0, validKey0, 'baz.foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid cert/key tuple', function () {
+            expect(settings.validateCertificate(validCert0, validKey1, 'foobar.com')).to.be.an(Error);
        });
    });
 });
@@ -11,10 +11,10 @@ readonly source_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)"
 rm -rf $HOME/.cloudron_test
 mkdir -p $HOME/.cloudron_test
 cd $HOME/.cloudron_test
-mkdir -p data/appdata data/box/appicons data/mail data/nginx/cert data/nginx/applications data/collectd/collectd.conf.d data/addons configs
+mkdir -p data/appdata data/box/appicons data/mail data/nginx/cert data/nginx/applications data/collectd/collectd.conf.d data/addons configs data/box/certs

-webadmin_scopes="root,profile,users,apps,settings,roleAdmin"
+webadmin_scopes="root,profile,users,apps,settings"
 webadmin_origin="https://${ADMIN_LOCATION}-localhost"
 mysql --user=root --password="" \
-    -e "REPLACE INTO clients (id, appId, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"webadmin\", \"secret-webadmin\", \"${webadmin_origin}\", \"${webadmin_scopes}\")" boxtest
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"webadmin\", \"admin\", \"secret-webadmin\", \"${webadmin_origin}\", \"${webadmin_scopes}\")" boxtest

@@ -340,7 +340,7 @@ function setPassword(userId, newPassword, callback) {
                if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));

                // Also generate a token so the new user can get logged in immediately
-                clientdb.getByAppId('webadmin', function (error, result) {
+                clientdb.getByAppIdAndType('webadmin', clientdb.TYPE_ADMIN, function (error, result) {
                    if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));

                    var token = tokendb.generateToken();
@@ -1,40 +0,0 @@
-'use strict';
-
-// we can possibly remove this entire file and make our tests
-// smarter to just use the host interface provided by boot2docker
-// https://github.com/boot2docker/boot2docker#container-port-redirection
-// https://github.com/boot2docker/boot2docker/pull/93
-// https://github.com/docker/docker/issues/4007
-
-exports = module.exports = {
-    forwardFromHostToVirtualBox: forwardFromHostToVirtualBox,
-    unforwardFromHostToVirtualBox: unforwardFromHostToVirtualBox
-};
-
-var assert = require('assert'),
-    child_process = require('child_process'),
-    debug = require('debug')('box:vbox'),
-    os = require('os');
-
-
-function forwardFromHostToVirtualBox(rulename, port) {
-    assert.strictEqual(typeof rulename, 'string');
-    assert.strictEqual(typeof port, 'number');
-
-    if (os.platform() === 'darwin') {
-        debug('Setting up VirtualBox port forwarding for '+ rulename + ' at ' + port);
-        child_process.exec(
-            'VBoxManage controlvm boot2docker-vm natpf1 delete ' + rulename + ';' +
-            'VBoxManage controlvm boot2docker-vm natpf1 ' + rulename + ',tcp,127.0.0.1,' + port + ',,' + port);
-    }
-}
-
-function unforwardFromHostToVirtualBox(rulename) {
-    assert.strictEqual(typeof rulename, 'string');
-
-    if (os.platform() === 'darwin') {
-        debug('Removing VirtualBox port forwarding for '+ rulename);
-        child_process.exec('VBoxManage controlvm boot2docker-vm natpf1 delete ' + rulename);
-    }
-}
-
@@ -1,2 +0,0 @@
-{
-}
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html ng-app="Application" ng-controller="Controller">
+<html>
 <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height" />
@@ -13,41 +13,6 @@
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">

-    <!-- jQuery-->
-    <script src="3rdparty/js/jquery.min.js"></script>
-
-    <!-- Bootstrap Core JavaScript -->
-    <script src="3rdparty/js/bootstrap.min.js"></script>
-
-    <!-- Angularjs scripts -->
-    <script src="3rdparty/js/angular.min.js"></script>
-    <script src="3rdparty/js/angular-loader.min.js"></script>
-
-    <script>
-
-        'use strict';
-
-        // create main application module
-        var app = angular.module('Application', []);
-
-        app.controller('Controller', ['$scope', '$http', function ($scope, $http) {
-            var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
-
-            $scope.cloudronName = 'Cloudron';
-            $scope.referrer = search.referrer || null;
-
-            // try to fetch cloudron status
-            $http.get('/api/v1/cloudron/status').success(function(data, status) {
-                if (status !== 200 || typeof data !== 'object') return console.error(status, data);
-                $scope.cloudronName = data.cloudronName;
-                document.title = $scope.cloudronName + ' App Error';
-            }).error(function (data, status) {
-                console.error(status, data);
-            });
-        }]);
-
-    </script>
-
 </head>

 <body class="status-page">
@@ -55,10 +20,9 @@
 <div class="wrapper">
    <div class="content">
        <img src="/img/logo_inverted_192.png"/>
-        <h1> {{cloudronName}} </h1>

        <h3> <i class="fa fa-frown-o fa-fw text-danger"></i> Something has gone wrong </h3>
-        This app is currently not running. <a href="{{ referrer }}">Please retry later</a>.
+        This app is currently not running. <a id="appLink" href="">Please retry later</a>.

        <footer>
            <span class="text-muted"><a href="mailto: support@cloudron.io">Contact Support</a> - Copyright &copy; Cloudron 2014-15</span>
@@ -66,5 +30,17 @@
    </div>
 </div>

+<script>
+
+    (function () {
+        'use strict';
+
+        var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
+
+        document.getElementById('appLink').href = search.referrer;
+    })();
+
+</script>
+
 </body>
 </html>
@@ -31,7 +31,6 @@
        var app = angular.module('Application', []);

        app.controller('Controller', ['$scope', '$http', function ($scope, $http) {
-            $scope.cloudronName = 'Cloudron';
            $scope.webServerOriginLink = '/';
            $scope.errorMessage = '';

@@ -44,15 +43,6 @@
                else console.error(status, data);
            });

-            // try to fetch cloudron status
-            $http.get('/api/v1/cloudron/status').success(function(data, status) {
-                if (status !== 200 || typeof data !== 'object') return console.error(status, data);
-                $scope.cloudronName  = data.cloudronName;
-                document.title = $scope.cloudronName + ' Error';
-            }).error(function (data, status) {
-                console.error(status, data);
-            });
-
            var search = window.location.search.slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});

            $scope.errorCode = search.errorCode || 0;
@@ -68,7 +58,7 @@
 <div class="wrapper">
    <div class="content">
        <img src="/api/v1/cloudron/avatar" onerror="this.src = '/img/logo_inverted_192.png'"/>
-        <h1> {{cloudronName}} </h1>
+        <h1> Cloudron </h1>

        <div ng-show="errorCode == 0">
            <h3> <i class="fa fa-frown-o fa-fw text-danger"></i> Something has gone wrong </h3>
@@ -121,7 +121,7 @@
                        <span class="icon-bar"></span>
                    </button>
                    <a class="navbar-brand navbar-brand-icon" href="index.html"><img src="/api/v1/cloudron/avatar" width="40" height="40"/></a>
-                    <a class="navbar-brand" href="index.html">{{config.cloudronName || 'Cloudron'}}</a>
+                    <a class="navbar-brand" href="index.html">Cloudron</a>
                </div>
                <!-- /.navbar-header -->

@@ -145,7 +145,6 @@
                            <a href="" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><img ng-src="{{user.gravatar}}"/> {{user.username}} <span class="caret"></span></a>
                            <ul class="dropdown-menu" role="menu">
                                <li><a href="#/account"><i class="fa fa-user fa-fw"></i> Account</a></li>
-                                <li ng-show="user.admin && config.isDev"><a href="#/dns"><i class="fa fa-wrench fa-fw"></i> DNS Management</a></li>
                                <li ng-show="user.admin"><a href="#/graphs"><i class="fa fa-bar-chart fa-fw"></i> Graphs</a></li>
                                <li><a href="#/support"><i class="fa fa-comment fa-fw"></i> Support</a></li>
                                <li ng-show="user.admin"><a href="#/settings"><i class="fa fa-wrench fa-fw"></i> Settings</a></li>
@@ -6,6 +6,9 @@
 angular.module('Application').service('Client', ['$http', 'md5', 'Notification', function ($http, md5, Notification) {
    var client = null;

+    // Keep this in sync with docs and docker.js
+    var DEFAULT_MEMORY_LIMIT = 1024 * 1024 * 200;
+
    function ClientError(statusCode, messageOrObject) {
        Error.call(this);
        this.name = this.constructor.name;
@@ -58,6 +61,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        this._configListener = [];
        this._readyListener = [];
        this._userInfo = {
+            id: null,
            username: null,
            email: null,
            admin: false
@@ -76,7 +80,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
            developerMode: false,
            region: null,
            size: null,
-            cloudronName: null
+            memory: 0
        };
        this._installedApps = [];
        this._clientId = '<%= oauth.clientId %>';
@@ -119,6 +123,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',

    Client.prototype.setUserInfo = function (userInfo) {
        // In order to keep the angular bindings alive, set each property individually
+        this._userInfo.id = userInfo.id;
        this._userInfo.username = userInfo.username;
        this._userInfo.email = userInfo.email;
        this._userInfo.admin = !!userInfo.admin;
@@ -186,20 +191,6 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

-    Client.prototype.changeCloudronName = function (name, callback) {
-        var that = this;
-
-        var data = { name: name };
-        $http.post(client.apiOrigin + '/api/v1/settings/cloudron_name', data).success(function (data, status) {
-            if (status !== 200) return callback(new ClientError(status, data));
-
-            // will get overriden after polling for config, but ensures quick UI update
-            that._config.cloudronName = name;
-
-            callback(null);
-        }).error(defaultErrorHandler(callback));
-    };
-
    Client.prototype.changeCloudronAvatar = function (avatarFile, callback) {
        var fd = new FormData();
        fd.append('avatar', avatarFile);
@@ -215,7 +206,17 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',

    Client.prototype.installApp = function (id, manifest, title, config, callback) {
        var that = this;
-        var data = { appStoreId: id, manifest: manifest, location: config.location, portBindings: config.portBindings, accessRestriction: config.accessRestriction, oauthProxy: config.oauthProxy };
+        var data = {
+            appStoreId: id,
+            manifest: manifest,
+            location: config.location,
+            portBindings: config.portBindings,
+            accessRestriction: config.accessRestriction,
+            oauthProxy: config.oauthProxy,
+            cert: config.cert,
+            key: config.key
+        };
+
        $http.post(client.apiOrigin + '/api/v1/apps/install', data).success(function (data, status) {
            if (status !== 202 || typeof data !== 'object') return defaultErrorHandler(callback);

@@ -249,7 +250,17 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
    };

    Client.prototype.configureApp = function (id, password, config, callback) {
-        var data = { appId: id, password: password, location: config.location, portBindings: config.portBindings, accessRestriction: config.accessRestriction, oauthProxy: config.oauthProxy };
+        var data = {
+            appId: id,
+            password: password,
+            location: config.location,
+            portBindings: config.portBindings,
+            accessRestriction: config.accessRestriction,
+            oauthProxy: config.oauthProxy,
+            cert: config.cert,
+            key: config.key
+        };
+
        $http.post(client.apiOrigin + '/api/v1/apps/' + id + '/configure', data).success(function (data, status) {
            if (status !== 202) return callback(new ClientError(status, data));
            callback(null);
@@ -303,6 +314,20 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

+    Client.prototype.setDnsConfig = function (dnsConfig, callback) {
+         $http.post(client.apiOrigin + '/api/v1/settings/dns_config', dnsConfig).success(function(data, status) {
+            if (status !== 200) return callback(new ClientError(status, data));
+            callback(null);
+        }).error(defaultErrorHandler(callback));
+    };
+
+    Client.prototype.getDnsConfig = function (callback) {
+         $http.get(client.apiOrigin + '/api/v1/settings/dns_config').success(function(data, status) {
+            if (status !== 200) return callback(new ClientError(status, data));
+            callback(null, data);
+        }).error(defaultErrorHandler(callback));
+    };
+
    Client.prototype.getBackups = function (callback) {
        $http.get(client.apiOrigin + '/api/v1/backups').success(function (data, status) {
            if (status !== 200 || typeof data !== 'object') return callback(new ClientError(status, data));
@@ -324,6 +349,13 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

+    Client.prototype.getUsers = function (callback) {
+        $http.get(client.apiOrigin + '/api/v1/users').success(function (data, status) {
+            if (status !== 200 || typeof data !== 'object') return callback(new ClientError(status, data));
+            callback(null, data.users);
+        }).error(defaultErrorHandler(callback));
+    };
+
    Client.prototype.getNonApprovedApps = function (callback) {
        if (!this._config.developerMode) return callback(null, []);

@@ -376,12 +408,11 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

-    Client.prototype.createAdmin = function (username, password, email, name, setupToken, callback) {
+    Client.prototype.createAdmin = function (username, password, email, setupToken, callback) {
        var payload = {
            username: username,
            password: password,
-            email: email,
-            name: name
+            email: email
        };

        var that = this;
@@ -439,16 +470,14 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
    };

    Client.prototype.setCertificate = function (certificateFile, keyFile, callback) {
-        console.log('will set certificate');
+        $http.post(client.apiOrigin + '/api/v1/settings/certificate', { cert: certificateFile, key: keyFile }).success(function(data, status) {
+            if (status !== 202) return callback(new ClientError(status, data));
+            callback(null);
+        }).error(defaultErrorHandler(callback));
+    };

-        var fd = new FormData();
-        fd.append('certificate', certificateFile);
-        fd.append('key', keyFile);
-
-        $http.post(client.apiOrigin + '/api/v1/cloudron/certificate', fd, {
-            headers: { 'Content-Type': undefined },
-            transformRequest: angular.identity
-        }).success(function(data, status) {
+    Client.prototype.setAdminCertificate = function (certificateFile, keyFile, callback) {
+        $http.post(client.apiOrigin + '/api/v1/settings/admin_certificate', { cert: certificateFile, key: keyFile }).success(function(data, status) {
            if (status !== 202) return callback(new ClientError(status, data));
            callback(null);
        }).error(defaultErrorHandler(callback));
@@ -610,7 +639,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        this._userInfo = {};

        var callbackURL = window.location.protocol + '//' + window.location.host + '/login_callback.html';
-        var scope = 'root,profile,apps,roleUser';
+        var scope = 'root,profile,apps';

        // generate a state id to protect agains csrf
        var state = Math.floor((1 + Math.random()) * 0x1000000000000).toString(16).substring(1);
@@ -647,6 +676,14 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

+    Client.prototype.enoughResourcesAvailable = function (app) {
+        var needed = app.manifest.memoryLimit || DEFAULT_MEMORY_LIMIT;
+        var used = this.getInstalledApps().reduce(function (prev, cur) { return prev + (cur.manifest.memoryLimit || DEFAULT_MEMORY_LIMIT); }, 0);
+        var available = (this.getConfig().memory || 0) - used;
+
+        return (available - needed) > 0;
+    };
+
    client = new Client();
    return client;
 }]);
@@ -25,9 +25,6 @@ app.config(['$routeProvider', function ($routeProvider) {
    }).when('/apps', {
        controller: 'AppsController',
        templateUrl: 'views/apps.html'
-    }).when('/dns', {
-        controller: 'DnsController',
-        templateUrl: 'views/dns.html'
    }).when('/account', {
        controller: 'AccountController',
        templateUrl: 'views/account.html'
@@ -112,10 +112,6 @@ angular.module('Application').controller('MainController', ['$scope', '$route',
        if (config.progress.update && config.progress.update.percent !== -1) {
            window.location.href = '/update.html';
        }
-
-        if (config.cloudronName) {
-            document.title = config.cloudronName;
-        }
    });

    // setup all the dialog focus handling
@@ -28,8 +28,11 @@ app.config(['$routeProvider', function ($routeProvider) {
        controller: 'StepController',
        templateUrl: 'views/setup/step2.html'
    }).when('/step3', {
-        controller: 'FinishController',
+        controller: 'StepController',
        templateUrl: 'views/setup/step3.html'
+    }).when('/step4', {
+        controller: 'FinishController',
+        templateUrl: 'views/setup/step4.html'
    }).otherwise({ redirectTo: '/'});
 }]);

@@ -40,7 +43,6 @@ app.service('Wizard', [ function () {
        this.username = '';
        this.email = '';
        this.password = '';
-        this.name = '';
        this.availableAvatars = [{
            file: null,
            data: null,
@@ -96,6 +98,7 @@ app.service('Wizard', [ function () {
        }];
        this.avatar = {};
        this.avatarBlob = null;
+        this.dnsConfig = null;
    }

    Wizard.prototype.setPreviewAvatar = function (avatar) {
@@ -191,14 +194,16 @@ app.controller('StepController', ['$scope', '$route', '$location', 'Wizard', fun
            image = null;
        };
        image.src = $scope.wizard.availableAvatars[randomIndex].data || $scope.wizard.availableAvatars[randomIndex].url;
+    } else if ($route.current.templateUrl === 'views/setup/step3.html' && Wizard.dnsConfig.provider === 'caas') {
+        $location.path('/step4'); // not using custom domain
    }

 }]);

-app.controller('FinishController', ['$scope', '$location', '$timeout', 'Wizard', 'Client', function ($scope, $location, $timeout, Wizard, Client) {
+app.controller('FinishController', ['$scope', '$location', 'Wizard', 'Client', function ($scope, $location, Wizard, Client) {
    $scope.wizard = Wizard;

-    Client.createAdmin($scope.wizard.username, $scope.wizard.password, $scope.wizard.email, $scope.wizard.name, $scope.setupToken, function (error) {
+    Client.createAdmin($scope.wizard.username, $scope.wizard.password, $scope.wizard.email, $scope.setupToken, function (error) {
        if (error) {
            console.error('Internal error', error);
            window.location.href = '/error.html';
@@ -208,7 +213,11 @@ app.controller('FinishController', ['$scope', '$location', '$timeout', 'Wizard',
        Client.changeCloudronAvatar($scope.wizard.avatarBlob, function (error) {
            if (error) return console.error('Unable to set avatar.', error);

-            window.location.href = '/';
+            Client.setDnsConfig($scope.wizard.dnsConfig, function (error) {
+                if (error) return console.error('Unable to set dns config.', error);
+
+                window.location.href = '/';
+            });
        });
    });
 }]);
@@ -225,7 +234,19 @@ app.controller('SetupController', ['$scope', '$location', 'Client', 'Wizard', fu
    if (!search.email) return window.location.href = '/error.html?errorCode=3';
    Wizard.email = search.email;

-    Wizard.hostname = window.location.host.indexOf('my-') === 0 ? window.location.host.slice(3) : window.location.host;
+    if (search.customDomain === 'true') {
+        Wizard.dnsConfig = {
+            provider: 'route53',
+            accessKeyId: null,
+            secretAccessKey: null
+        };
+    } else {
+        Wizard.dnsConfig = {
+            provider: 'caas',
+            accessKeyId: '',
+            secretAccessKey: ''
+        };
+    }

    Client.isServerFirstTime(function (error, isFirstTime) {
        if (error) {
@@ -38,18 +38,9 @@
            else return 'https://my' + tmp.slice(tmp.indexOf('-')) + host.slice(tmp.length);
        }

-        app.controller('Controller', ['$scope', '$http', function ($scope, $http) {
+        app.controller('Controller', ['$scope', function ($scope) {
            $scope.apiOrigin = detectApiOrigin();
            $scope.cloudronAvatar = $scope.apiOrigin + '/api/v1/cloudron/avatar';
-            $scope.cloudronName = 'Cloudron';
-
-            $http.get($scope.apiOrigin + '/api/v1/cloudron/status').success(function(data, status) {
-                if (status !== 200 || typeof data !== 'object') return console.error(status, data);
-                $scope.cloudronName  = data.cloudronName;
-                document.title = $scope.cloudronName;
-            }).error(function (data, status) {
-                console.error(status, data);
-            });
        }]);

    </script>
@@ -60,7 +51,7 @@
 <div class="wrapper">
    <div class="content">
        <img ng-src="{{ cloudronAvatar || '/img/logo_inverted_192.png' }}" onerror="this.src = '/img/logo_inverted_192.png'"/>
-        <h1> {{cloudronName}} </h1>
+        <h1> Cloudron </h1>
        <p>
            There is no app configured for this domain. If you want to put an app at this location,<br/>
            please reconfigure the app in the <a ng-href="{{apiOrigin}}">settings panel</a> and leave the location empty.
@@ -152,7 +152,7 @@
                                <h4 class="text-muted">Credentials</h4>
                                <p>Permissions: <b>{{ client.scope }}</b></p>
                                <p>Client ID: <b>{{ client.id }}</b></p>
-                                <p>Client Secret: <b>{{ client.clientSecret }}</b></p>
+                                <p ng-show="client.clientSecret">Client Secret: <b>{{ client.clientSecret }}</b></p>
                            </div>
                        </div>
                    </div>
@@ -36,19 +36,41 @@
                                </div>
                            </ng-form>
                        </div>
-                        <div class="form-group">
-                            <label class="control-label" for="accessRestriction">Website Visibility</label>
-                            <div class="checkbox">
-                                <label>
-                                    <input type="checkbox" ng-model="appConfigure.oauthProxy"> Cloudron users only
-                                </label>
-                            </div>
-<!--                             <label class="control-label" for="accessRestriction">Website Visibility</label>
-                            <select class="form-control" id="accessRestriction" ng-model="appConfigure.accessRestriction">
-                                <option value="">Visible to all</option>
-                                <option value="roleUser">Visible only to Cloudron users</option>
-                            </select> -->
+                        <div class="form-group" ng-show="appConfigure.app.manifest.singleUser">
+                            <label class="control-label">User</label>
+                            <p>This is a single user application. Access is granted to <b>{{appConfigure.app.accessRestriction.users[0]}}</b>.</p>
                        </div>
+                        <div class="form-group">
+                            <label class="control-label" for="oauthProxy">Website Visibility</label>
+                            <select class="form-control" id="oauthProxy" ng-model="appConfigure.oauthProxy">
+                                <option value="">Visible to all</option>
+                                <option value="1">Visible only to Cloudron users</option>
+                            </select>
+                        </div>
+
+                        <br/>
+
+                        <label class="control-label" for="appConfigureCertificateInput" ng-show="config.isCustomDomain">Certificate (optional)</label>
+                        <div class="has-error text-center" ng-show="appConfigure.error.cert && config.isCustomDomain">{{ appConfigure.error.cert }}</div>
+                        <div class="form-group" ng-class="{ 'has-error': !appConfigureForm.certificate.$dirty && appConfigure.error.cert }" ng-show="config.isCustomDomain">
+                            <div class="input-group">
+                                <input type="file" id="appConfigureCertificateFileInput" style="display:none"/>
+                                <input type="text" class="form-control" placeholder="Certificate" ng-model="appConfigure.certificateFileName" id="appConfigureCertificateInput" name="certificate" onclick="getElementById('appConfigureCertificateFileInput').click();" style="cursor: pointer;" ng-required="appConfigure.keyFileName">
+                                <span class="input-group-addon">
+                                    <i class="fa fa-upload" onclick="getElementById('appConfigureCertificateFileInput').click();"></i>
+                                </span>
+                            </div>
+                        </div>
+                        <div class="form-group" ng-class="{ 'has-error': !appConfigureForm.key.$dirty && appConfigure.error.cert }" ng-show="config.isCustomDomain">
+                            <div class="input-group">
+                                <input type="file" id="appConfigureKeyFileInput" style="display:none"/>
+                                <input type="text" class="form-control" placeholder="Key" ng-model="appConfigure.keyFileName" id="appConfigureKeyInput" name="key" onclick="getElementById('appConfigureKeyFileInput').click();" style="cursor: pointer;" ng-required="appConfigure.certificateFileName">
+                                <span class="input-group-addon">
+                                    <i class="fa fa-upload" onclick="getElementById('appConfigureKeyFileInput').click();"></i>
+                                </span>
+                            </div>
+                        </div>
+
                        <a ng-show="!!appConfigure.app.manifest.configurePath" ng-href="https://{{ appConfigure.app.location }}{{ !appConfigure.app.location ? '' : (config.isCustomDomain ? '.' : '-') }}{{ config.fqdn }}/{{ appConfigure.app.manifest.configurePath }}" target="_blank">Application Specific Settings</a>
                        <br/>
                        <br/>
@@ -222,7 +244,7 @@
                    <div class="grid-item-bottom-mobile" ng-show="user.admin">
                        <div class="row">
                            <div class="col-xs-4 text-left">
-                                <a href="" ng-click="showRestore(app)" ng-show="(app | installError) === true">
+                                <a href="" ng-click="showRestore(app)" ng-show="app.lastBackupId != null || (app | installError) === true">
                                    <i class="fa fa-undo scale"></i>
                                </a>

@@ -251,7 +273,7 @@
                            <a href="" ng-click="showUninstall(app)" title="Uninstall App"><i class="fa fa-remove scale"></i></a>
                        </div>

-                        <div ng-show="(app | installError) === true">
+                        <div ng-show="app.lastBackupId !== null || (app | installError) === true">
                            <a href="" ng-click="showRestore(app)" title="Restore App"><i class="fa fa-undo scale"></i></a>
                        </div>

@@ -19,8 +19,11 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        portBindings: {},
        portBindingsEnabled: {},
        portBindingsInfo: {},
-        accessRestriction: '',
-        oauthProxy: false
+        oauthProxy: '',
+        certificateFile: null,
+        certificateFileName: '',
+        keyFile: null,
+        keyFileName: ''
    };

    $scope.appUninstall = {
@@ -52,9 +55,13 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $scope.appConfigure.app = {};
        $scope.appConfigure.location = '';
        $scope.appConfigure.password = '';
-        $scope.appConfigure.portBindings = {};
-        $scope.appConfigure.accessRestriction = '';
-        $scope.appConfigure.oauthProxy = false;
+        $scope.appConfigure.portBindings = {};          // This is the actual model holding the env:port pair
+        $scope.appConfigure.portBindingsEnabled = {};   // This is the actual model holding the enabled/disabled flag
+        $scope.appConfigure.oauthProxy = '';
+        $scope.appConfigure.certificateFile = null;
+        $scope.appConfigure.certificateFileName = '';
+        $scope.appConfigure.keyFile = null;
+        $scope.appConfigure.keyFileName = '';

        $scope.appConfigureForm.$setPristine();
        $scope.appConfigureForm.$setUntouched();
@@ -86,16 +93,42 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $scope.appRestoreForm.$setUntouched();
    };

+    document.getElementById('appConfigureCertificateFileInput').onchange = function (event) {
+        $scope.$apply(function () {
+            $scope.appConfigure.certificateFile = null;
+            $scope.appConfigure.certificateFileName = event.target.files[0].name;
+
+            var reader = new FileReader();
+            reader.onload = function (result) {
+                if (!result.target || !result.target.result) return console.error('Unable to read local file');
+                $scope.appConfigure.certificateFile = result.target.result;
+            };
+            reader.readAsText(event.target.files[0]);
+        });
+    };
+
+    document.getElementById('appConfigureKeyFileInput').onchange = function (event) {
+        $scope.$apply(function () {
+            $scope.appConfigure.keyFile = null;
+            $scope.appConfigure.keyFileName = event.target.files[0].name;
+
+            var reader = new FileReader();
+            reader.onload = function (result) {
+                if (!result.target || !result.target.result) return console.error('Unable to read local file');
+                $scope.appConfigure.keyFile = result.target.result;
+            };
+            reader.readAsText(event.target.files[0]);
+        });
+    };
+
    $scope.showConfigure = function (app) {
        $scope.reset();

+        // fill relevant info from the app
        $scope.appConfigure.app = app;
        $scope.appConfigure.location = app.location;
-        $scope.appConfigure.accessRestriction = app.accessRestriction;
-        $scope.appConfigure.oauthProxy = app.oauthProxy;
+        $scope.appConfigure.oauthProxy = app.oauthProxy ? '1' : '';
        $scope.appConfigure.portBindingsInfo = app.manifest.tcpPorts || {}; // Portbinding map only for information
-        $scope.appConfigure.portBindings = {};                              // This is the actual model holding the env:port pair
-        $scope.appConfigure.portBindingsEnabled = {};                       // This is the actual model holding the enabled/disabled flag

        // fill the portBinding structures. There might be holes in the app.portBindings, which signalizes a disabled port
        for (var env in $scope.appConfigure.portBindingsInfo) {
@@ -125,7 +158,16 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
            }
        }

-        Client.configureApp($scope.appConfigure.app.id, $scope.appConfigure.password, { location: $scope.appConfigure.location || '', portBindings: finalPortBindings, accessRestriction: $scope.appConfigure.accessRestriction, oauthProxy: $scope.appConfigure.oauthProxy }, function (error) {
+        var data = {
+            location: $scope.appConfigure.location || '',
+            portBindings: finalPortBindings,
+            oauthProxy: !!$scope.appConfigure.oauthProxy,
+            accessRestriction: $scope.appConfigure.app.accessRestriction,
+            cert: $scope.appConfigure.certificateFile,
+            key: $scope.appConfigure.keyFile,
+        };
+
+        Client.configureApp($scope.appConfigure.app.id, $scope.appConfigure.password, data, function (error) {
            if (error) {
                if (error.statusCode === 409 && (error.message.indexOf('is reserved') !== -1 || error.message.indexOf('is already in use') !== -1)) {
                    $scope.appConfigure.error.port = error.message;
@@ -137,6 +179,12 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
                    $scope.appConfigure.error.password = 'Wrong password provided.';
                    $scope.appConfigure.password = '';
                    $('#appConfigurePasswordInput').focus();
+                } else if (error.statusCode === 400 && error.message.indexOf('cert') !== -1 ) {
+                    $scope.appConfigure.error.cert = error.message;
+                    $scope.appConfigure.certificateFileName = '';
+                    $scope.appConfigure.certificateFile = null;
+                    $scope.appConfigure.keyFileName = '';
+                    $scope.appConfigure.keyFile = null;
                } else {
                    $scope.appConfigure.error.other = error.message;
                }
@@ -24,6 +24,7 @@
                                </div>
                            </div>
                        </div>
+
                        <div class="has-error text-center" ng-show="appInstall.error.port">{{ appInstall.error.port }}</div>
                        <div ng-repeat="(env, info) in appInstall.portBindingsInfo">
                            <ng-form name="portInfo_form">
@@ -33,15 +34,37 @@
                                </div>
                            </ng-form>
                        </div>
-<!--
-                        <div class="form-group">
-                            <label class="control-label" for="accessRestriction">Access Restriction</label>
-                            <select class="form-control" id="accessRestriction" ng-model="appInstall.accessRestriction">
-                                <option value="">None</option>
-                                <option value="roleUser">Only for Cloudron Users</option>
+
+                        <div class="form-group" ng-show="appInstall.app.manifest.singleUser">
+                            <label class="control-label" for="accessRestriction">User</label>
+                            <p>This is a single user application.</p>
+                            <select class="form-control" id="accessRestriction" ng-model="appInstall.accessRestriction" ng-options="user as user.username for user in users track by user.id" ng-required="appInstall.app.manifest.singleUser">
                            </select>
                        </div>
-->
+
+                        <br/>
+
+                        <label class="control-label" for="appInstallCertificateInput" ng-show="config.isCustomDomain">Certificate (optional)</label>
+                        <div class="has-error text-center" ng-show="appInstall.error.cert && config.isCustomDomain">{{ appInstall.error.cert }}</div>
+                        <div class="form-group" ng-class="{ 'has-error': !appInstallForm.certificate.$dirty && appInstall.error.cert }" ng-show="config.isCustomDomain">
+                            <div class="input-group">
+                                <input type="file" id="appInstallCertificateFileInput" style="display:none"/>
+                                <input type="text" class="form-control" placeholder="Certificate" ng-model="appInstall.certificateFileName" id="appInstallCertificateInput" name="certificate" onclick="getElementById('appInstallCertificateFileInput').click();" style="cursor: pointer;" ng-required="appInstall.keyFileName">
+                                <span class="input-group-addon">
+                                    <i class="fa fa-upload" onclick="getElementById('appInstallCertificateFileInput').click();"></i>
+                                </span>
+                            </div>
+                        </div>
+                        <div class="form-group" ng-class="{ 'has-error': !appInstallForm.key.$dirty && appInstall.error.cert }" ng-show="config.isCustomDomain">
+                            <div class="input-group">
+                                <input type="file" id="appInstallKeyFileInput" style="display:none"/>
+                                <input type="text" class="form-control" placeholder="Key" ng-model="appInstall.keyFileName" id="appInstallKeyInput" name="key" onclick="getElementById('appInstallKeyFileInput').click();" style="cursor: pointer;" ng-required="appInstall.certificateFileName">
+                                <span class="input-group-addon">
+                                    <i class="fa fa-upload" onclick="getElementById('appInstallKeyFileInput').click();"></i>
+                                </span>
+                            </div>
+                        </div>
+
                        <input class="ng-hide" type="submit" ng-disabled="appInstallForm.$invalid || busy"/>
                    </form>
                </div>
@@ -54,11 +77,15 @@
                        <div ng-bind-html="appInstall.app.manifest.description | markdown2html"></div>
                    </div>
                </div>
+                <div class="collapse" id="collapseResourceConstraint" data-toggle="false">
+                    <h4 class="text-danger">Not enough resources left to install this application.</h4>
+                    <p>The Cloudron's resources can be extended with a model upgrade or available resources may be freed up by uninstalling unused applications.</p>
+                </div>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
-                <button type="button" class="btn btn-success" ng-show="!appInstall.installFormVisible && user.admin" ng-click="showInstallForm()">Install</button>
-                <button type="button" class="btn btn-success" ng-show="appInstall.installFormVisible && user.admin" ng-click="doInstall()" ng-disabled="appInstallForm.$invalid || appInstall.busy"><i class="fa fa-spinner fa-pulse" ng-show="appInstall.busy"></i> Install</button>
+                <button type="button" class="btn btn-success" ng-show="!appInstall.installFormVisible && user.admin && !appInstall.resourceConstraintVisible" ng-click="showInstallForm()">Install</button>
+                <button type="button" class="btn btn-success" ng-show="appInstall.installFormVisible && user.admin && !appInstall.resourceConstraintVisible" ng-click="doInstall()" ng-disabled="appInstallForm.$invalid || appInstall.busy"><i class="fa fa-spinner fa-pulse" ng-show="appInstall.busy"></i> Install</button>
            </div>
        </div>
    </div>
@@ -5,6 +5,7 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
    $scope.apps = [];
    $scope.config = Client.getConfig();
    $scope.user = Client.getUserInfo();
+    $scope.users = [];
    $scope.category = '';
    $scope.cachedCategory = ''; // used to cache the selected category while searching
    $scope.searchString = '';
@@ -16,9 +17,13 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
        app: {},
        location: '',
        portBindings: {},
-        accessRestriction: '',
+        accessRestriction: null,
        oauthProxy: false,
-        mediaLinks: []
+        mediaLinks: [],
+        certificateFile: null,
+        certificateFileName: '',
+        keyFile: null,
+        keyFileName: ''
    };

    $scope.appNotFound = {
@@ -136,11 +141,18 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
        $scope.appInstall.error = {};
        $scope.appInstall.location = '';
        $scope.appInstall.portBindings = {};
-        $scope.appInstall.accessRestriction = '';
+        $scope.appInstall.accessRestriction = null;
        $scope.appInstall.oauthProxy = false;
        $scope.appInstall.installFormVisible = false;
+        $scope.appInstall.resourceConstraintVisible = false;
        $scope.appInstall.mediaLinks = [];
+        $scope.appInstall.certificateFile = null;
+        $scope.appInstall.certificateFileName = '';
+        $scope.appInstall.keyFile = null;
+        $scope.appInstall.keyFileName = '';
+
        $('#collapseInstallForm').collapse('hide');
+        $('#collapseResourceConstraint').collapse('hide');
        $('#collapseMediaLinksCarousel').collapse('show');

        $scope.appInstallForm.$setPristine();
@@ -148,10 +160,44 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
    };

    $scope.showInstallForm = function () {
-        $scope.appInstall.installFormVisible = true;
-        $('#collapseMediaLinksCarousel').collapse('hide');
-        $('#collapseInstallForm').collapse('show');
-        $('#appInstallLocationInput').focus();
+        if (Client.enoughResourcesAvailable($scope.appInstall.app)) {
+            $scope.appInstall.installFormVisible = true;
+            $('#collapseMediaLinksCarousel').collapse('hide');
+            $('#collapseInstallForm').collapse('show');
+            $('#appInstallLocationInput').focus();
+        } else {
+            $scope.appInstall.resourceConstraintVisible = true;
+            $('#collapseMediaLinksCarousel').collapse('hide');
+            $('#collapseResourceConstraint').collapse('show');
+        }
+    };
+
+    document.getElementById('appInstallCertificateFileInput').onchange = function (event) {
+        $scope.$apply(function () {
+            $scope.appInstall.certificateFile = null;
+            $scope.appInstall.certificateFileName = event.target.files[0].name;
+
+            var reader = new FileReader();
+            reader.onload = function (result) {
+                if (!result.target || !result.target.result) return console.error('Unable to read local file');
+                $scope.appInstall.certificateFile = result.target.result;
+            };
+            reader.readAsText(event.target.files[0]);
+        });
+    };
+
+    document.getElementById('appInstallKeyFileInput').onchange = function (event) {
+        $scope.$apply(function () {
+            $scope.appInstall.keyFile = null;
+            $scope.appInstall.keyFileName = event.target.files[0].name;
+
+            var reader = new FileReader();
+            reader.onload = function (result) {
+                if (!result.target || !result.target.result) return console.error('Unable to read local file');
+                $scope.appInstall.keyFile = result.target.result;
+            };
+            reader.readAsText(event.target.files[0]);
+        });
    };

    $scope.showInstall = function (app) {
@@ -166,8 +212,8 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
        $scope.appInstall.portBindingsInfo = $scope.appInstall.app.manifest.tcpPorts || {};   // Portbinding map only for information
        $scope.appInstall.portBindings = {};                            // This is the actual model holding the env:port pair
        $scope.appInstall.portBindingsEnabled = {};                     // This is the actual model holding the enabled/disabled flag
-        $scope.appInstall.accessRestriction = app.accessRestriction || '';
-        $scope.appInstall.oauthProxy = app.oauthProxy || false;
+        $scope.appInstall.accessRestriction = app.accessRestriction ? app.accessRestriction.users[0] : $scope.user;
+        $scope.appInstall.oauthProxy = false;

        // set default ports
        for (var env in $scope.appInstall.app.manifest.tcpPorts) {
@@ -197,7 +243,21 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
            }
        }

-        Client.installApp($scope.appInstall.app.id, $scope.appInstall.app.manifest, $scope.appInstall.app.title, { location: $scope.appInstall.location || '', portBindings: finalPortBindings, accessRestriction: $scope.appInstall.accessRestriction, oauthProxy: $scope.appInstall.oauthProxy }, function (error) {
+        // translate to accessRestriction object
+        var accessRestriction = $scope.appInstall.app.manifest.singleUser ? {
+            users: [ $scope.appInstall.accessRestriction.id ]
+        } : null;
+
+        var data = {
+            location: $scope.appInstall.location || '',
+            portBindings: finalPortBindings,
+            accessRestriction: accessRestriction,
+            oauthProxy: $scope.appInstall.oauthProxy,
+            cert: $scope.appInstall.certificateFile,
+            key: $scope.appInstall.keyFile,
+        };
+
+        Client.installApp($scope.appInstall.app.id, $scope.appInstall.app.manifest, $scope.appInstall.app.title, data, function (error) {
            if (error) {
                if (error.statusCode === 409 && (error.message.indexOf('is reserved') !== -1 || error.message.indexOf('is already in use') !== -1)) {
                    $scope.appInstall.error.port = error.message;
@@ -207,6 +267,12 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
                    $('#appInstallLocationInput').focus();
                } else if (error.statusCode === 402) {
                    $scope.appInstall.error.other = 'Unable to purchase this app<br/>Please make sure your payment is setup <a href="' + $scope.config.webServerOrigin + '/console.html#/userprofile" target="_blank">here</a>';
+                } else if (error.statusCode === 400 && error.message.indexOf('cert') !== -1 ) {
+                    $scope.appInstall.error.cert = error.message;
+                    $scope.appInstall.certificateFileName = '';
+                    $scope.appInstall.certificateFile = null;
+                    $scope.appInstall.keyFileName = '';
+                    $scope.appInstall.keyFile = null;
                } else {
                    $scope.appInstall.error.other = error.message;
                }
@@ -230,40 +296,49 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
    function refresh() {
        $scope.ready = false;

-        getAppList(function (error, apps) {
+        Client.getUsers(function (error, users) {
            if (error) {
                console.error(error);
                return $timeout(refresh, 1000);
            }

-            $scope.apps = apps;
+            $scope.users = users;

-            // show install app dialog immediately if an app id was passed in the query
-            if ($routeParams.appId) {
-                if ($routeParams.version) {
-                    AppStore.getAppByIdAndVersion($routeParams.appId, $routeParams.version, function (error, result) {
-                        if (error) {
-                            $scope.showAppNotFound($routeParams.appId, $routeParams.version);
-                            console.error(error);
-                            return;
-                        }
+            getAppList(function (error, apps) {
+                if (error) {
+                    console.error(error);
+                    return $timeout(refresh, 1000);
+                }

-                        $scope.showInstall(result);
-                    });
-                } else {
-                    var found = apps.filter(function (app) {
-                        return (app.id === $routeParams.appId) && ($routeParams.version ? $routeParams.version === app.manifest.version : true);
-                    });
+                $scope.apps = apps;

-                    if (found.length) {
-                        $scope.showInstall(found[0]);
+                // show install app dialog immediately if an app id was passed in the query
+                if ($routeParams.appId) {
+                    if ($routeParams.version) {
+                        AppStore.getAppByIdAndVersion($routeParams.appId, $routeParams.version, function (error, result) {
+                            if (error) {
+                                $scope.showAppNotFound($routeParams.appId, $routeParams.version);
+                                console.error(error);
+                                return;
+                            }
+
+                            $scope.showInstall(result);
+                        });
                    } else {
-                        $scope.showAppNotFound($routeParams.appId, null);
+                        var found = apps.filter(function (app) {
+                            return (app.id === $routeParams.appId) && ($routeParams.version ? $routeParams.version === app.manifest.version : true);
+                        });
+
+                        if (found.length) {
+                            $scope.showInstall(found[0]);
+                        } else {
+                            $scope.showAppNotFound($routeParams.appId, null);
+                        }
                    }
                }
-            }

-            $scope.ready = true;
+                $scope.ready = true;
+            });
        });
    }

@@ -1,46 +0,0 @@
-<div class="row">
-    <div class="col-lg-12">
-        <h1>DNS Management</h1>
-    </div>
-</div>
-
-<div class="row">
-    <div class="col-md-6 grid-item">
-        <div class="grid-item-content">
-            <div class="grid-item-top">
-                <big>Certificate</big>
-            </div>
-            <div class="grid-item-bottom text-right">
-                <ul class="list-group">
-                     <li class="list-group-item">
-                        <input type="file" id="idCertificate" style="display:none"/>
-
-                        <div class="input-group">
-                            <span class="input-group-btn">
-                                <button class="btn btn-default" type="button" onclick="getElementById('idCertificate').click();">Certificate</button>
-                            </span>
-                            <input type="text" class="form-control" ng-model="certificateFileName" onclick="getElementById('idCertificate').click();" style="cursor: pointer;"/>
-                            <span class="input-group-addon">
-                                <i class="fa fa-upload" onclick="getElementById('idCertificate').click();"></i>
-                            </span>
-                        </div>
-                    </li>
-                    <li class="list-group-item">
-                        <input type="file" id="idKey" style="display:none"/>
-
-                        <div class="input-group">
-                            <span class="input-group-btn">
-                                <button class="btn btn-default" type="button" onclick="getElementById('idKey').click();">Key</button>
-                            </span>
-                            <input type="text" class="form-control" ng-model="keyFileName" onclick="getElementById('idKey').click();" style="cursor: pointer;"/>
-                            <span class="input-group-addon">
-                                <i class="fa fa-upload" onclick="getElementById('idKey').click();"></i>
-                            </span>
-                        </div>
-                    </li>
-                </ul>
-                <button class="btn btn-outline btn-success" ng-click="setCertificate()">Upload Certificate</button>
-            </div>
-        </div>
-    </div>
-</div>
@@ -1,35 +0,0 @@
-'use strict';
-
-angular.module('Application').controller('DnsController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
-
-    $scope.certificateFile = null;
-    $scope.certificateFileName = '';
-    $scope.keyFile = null;
-    $scope.keyFileName = '';
-
-    document.getElementById('idCertificate').onchange = function (event) {
-        $scope.$apply(function () {
-            $scope.certificateFile = event.target.files[0];
-            $scope.certificateFileName = event.target.files[0].name;
-        });
-    };
-
-    document.getElementById('idKey').onchange = function (event) {
-        $scope.$apply(function () {
-            $scope.keyFile = event.target.files[0];
-            $scope.keyFileName = event.target.files[0].name;
-        });
-    };
-
-    $scope.setCertificate = function () {
-        if (!$scope.certificateFile) return console.log('Certificate not set');
-        if (!$scope.keyFile) return console.log('Key not set');
-
-        Client.setCertificate($scope.certificateFile, $scope.keyFile, function (error) {
-            if (error) return console.error(error);
-
-            window.setTimeout(window.location.reload.bind(window.location, true), 3000);
-        });
-    };
-}]);
@@ -32,36 +32,6 @@
    </div>
 </div>

-<!-- Modal change name -->
-<div class="modal fade" id="nameChangeModal" tabindex="-1" role="dialog">
-    <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h4 class="modal-title">Change the Cloudron Name</h4>
-            </div>
-            <div class="modal-body">
-                <form name="nameChangeForm" class="form-signin" role="form" novalidate ng-submit="doChangeName()" autocomplete="off">
-                    <fieldset>
-                        <div class="form-group" ng-class="{ 'has-error': (nameChangeForm.name.$dirty && nameChangeForm.name.$invalid) }">
-                            <label class="control-label" for="inputNameChangeName">New Cloudron Name</label>
-                            <div class="control-label" ng-show="(!nameChangeForm.name.$dirty && nameChange.error.name) || (nameChangeForm.name.$dirty && nameChangeForm.name.$invalid)">
-                                <small ng-show="nameChangeForm.name.$error.required">A valid name is required</small>
-                                <small ng-show="(nameChangeForm.name.$dirty && nameChangeForm.name.$invalid) && !nameChangeForm.name.$error.required">The name is not valid</small>
-                            </div>
-                            <input type="text" class="form-control" ng-model="nameChange.name" id="inputNameChangeName" name="name" ng-maxlength="512" ng-minlength="1" required autofocus>
-                        </div>
-                        <input class="ng-hide" type="submit" ng-disabled="nameChangeForm.$invalid"/>
-                    </fieldset>
-                </form>
-            </div>
-            <div class="modal-footer">
-                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-                <button type="button" class="btn btn-success" ng-click="doChangeName()" ng-disabled="nameChangeForm.$invalid || nameChange.busy"><i class="fa fa-spinner fa-pulse" ng-show="nameChange.busy"></i> Change</button>
-            </div>
-        </div>
-    </div>
-</div>
-
 <!-- Modal change avatar -->
 <div class="modal fade" id="avatarChangeModal" tabindex="-1" role="dialog">
    <div class="modal-dialog">
@@ -160,10 +130,6 @@
        </div>
        <div class="col-xs-8">
            <table width="100%">
-                <tr>
-                    <td class="text-muted" style="vertical-align: top;">Name</td>
-                    <td class="text-right" style="vertical-align: top; white-space: nowrap;">{{ config.cloudronName }} <a href="" ng-click="showChangeName()"><i class="fa fa-pencil text-small"></i></a></td>
-                </tr>
                <tr>
                    <td class="text-muted" style="vertical-align: top;">Model</td>
                    <td class="text-right" style="vertical-align: top; white-space: nowrap;">{{ config.size }} - {{ config.region }}</td>
@@ -177,6 +143,126 @@
    </div>
 </div>

+<div style="max-width: 600px; margin: 0 auto;" ng-show="user.admin && config.isCustomDomain">
+    <div class="text-left">
+        <h3>SSL Certificates</h3>
+    </div>
+</div>
+
+<div class="card" style="margin-bottom: 15px;" ng-show="user.admin && config.isCustomDomain">
+    <div class="row">
+        <div class="col-md-12">
+            <form name="defaultCertForm" ng-submit="setDefaultCert()">
+                <fieldset>
+                    <label class="control-label" for="defaultCertInput">Fallback Certificate</label>
+                    <p>This certificate has to be wildcard certificates and will be used for all apps, which were not configured to use a specific certificate.</p>
+                    <div class="has-error text-center" ng-show="defaultCert.error">{{ defaultCert.error }}</div>
+                    <div class="text-success text-center" ng-show="defaultCert.success"><b>Upload successful</b></div>
+                    <div class="form-group" ng-class="{ 'has-error': (!defaultCert.cert.$dirty && defaultCert.error) }">
+                        <div class="input-group">
+                            <input type="file" id="defaultCertFileInput" style="display:none"/>
+                            <input type="text" class="form-control" placeholder="Certificate" ng-model="defaultCert.certificateFileName" id="defaultCertInput" name="cert" onclick="getElementById('defaultCertFileInput').click();" style="cursor: pointer;" ng-disabled="defaultCert.busy" required>
+                            <span class="input-group-addon">
+                                <i class="fa fa-upload" onclick="getElementById('defaultCertFileInput').click();"></i>
+                            </span>
+                        </div>
+                    </div>
+                    <div class="form-group" ng-class="{ 'has-error': (!defaultCert.key.$dirty && defaultCert.error) }">
+                        <div class="input-group">
+                            <input type="file" id="defaultKeyFileInput" style="display:none"/>
+                            <input type="text" class="form-control" placeholder="Key" ng-model="defaultCert.keyFileName" id="defaultKeyInput" name="key" onclick="getElementById('defaultKeyFileInput').click();" style="cursor: pointer;" ng-disabled="defaultCert.busy" required>
+                            <span class="input-group-addon">
+                                <i class="fa fa-upload" onclick="getElementById('defaultKeyFileInput').click();"></i>
+                            </span>
+                        </div>
+                    </div>
+                    <button type="submit" class="btn btn-outline btn-success pull-right" ng-disabled="defaultCertForm.$invalid || busy"><i class="fa fa-spinner fa-pulse" ng-show="defaultCert.busy"></i> Upload</button>
+                </fieldset>
+            </form>
+        </div>
+    </div>
+    <div class="row">
+        <div class="col-md-12">
+            <form name="adminCertForm" ng-submit="setAdminCert()">
+                <fieldset>
+                    <label class="control-label" for="adminCertInput">Settings Certificate</label>
+                    <p>This certificate will be used for this Settings application.</p>
+                    <div class="has-error text-center" ng-show="adminCert.error">{{ adminCert.error }}</div>
+                    <div class="text-success text-center" ng-show="adminCert.success"><b>Upload successful</b></div>
+                    <div class="form-group" ng-class="{ 'has-error': (!adminCert.cert.$dirty && adminCert.error) }">
+                        <div class="input-group">
+                            <input type="file" id="adminCertFileInput" style="display:none"/>
+                            <input type="text" class="form-control" placeholder="Certificate" ng-model="adminCert.certificateFileName" id="adminCertInput" name="cert" onclick="getElementById('adminCertFileInput').click();" style="cursor: pointer;" ng-disabled="adminCert.busy" required>
+                            <span class="input-group-addon">
+                                <i class="fa fa-upload" onclick="getElementById('adminCertFileInput').click();"></i>
+                            </span>
+                        </div>
+                    </div>
+                    <div class="form-group" ng-class="{ 'has-error': (!adminCert.key.$dirty && adminCert.error) }">
+                        <div class="input-group">
+                            <input type="file" id="adminKeyFileInput" style="display:none"/>
+                            <input type="text" class="form-control" placeholder="Key" ng-model="adminCert.keyFileName" id="adminKeyInput" name="key" onclick="getElementById('adminKeyFileInput').click();" style="cursor: pointer;" ng-disabled="adminCert.busy" required>
+                            <span class="input-group-addon">
+                                <i class="fa fa-upload" onclick="getElementById('adminKeyFileInput').click();"></i>
+                            </span>
+                        </div>
+                    </div>
+                    <button type="submit" class="btn btn-outline btn-success pull-right" ng-disabled="adminCertForm.$invalid || busy"><i class="fa fa-spinner fa-pulse" ng-show="adminCert.busy"></i> Upload</button>
+                </fieldset>
+            </form>
+        </div>
+    </div>
+</div>
+
+<div style="max-width: 600px; margin: 0 auto;" ng-show="user.admin && config.isCustomDomain">
+    <div class="text-left">
+        <h3>DNS Credentials</h3>
+    </div>
+</div>
+
+<div class="card" style="margin-bottom: 15px;" ng-show="user.admin && config.isCustomDomain">
+    <div class="row">
+        <div class="col-md-12">
+            <p>Currently only Amazon <a href="https://aws.amazon.com/route53/">Route53</a> is supported. Let us know if you require a different DNS provider <a href="#/support">here</a>.</p>
+
+            <table width="100%">
+                <tr>
+                    <td class="text-muted" style="vertical-align: top;">Access Key Id</td>
+                    <td class="text-right" style="vertical-align: top; white-space: nowrap;">{{ dnsConfig.accessKeyId }}</td>
+                </tr>
+                <tr>
+                    <td class="text-muted" style="vertical-align: top;">Secret Access Key</td>
+                    <td class="text-right" style="vertical-align: top; white-space: nowrap;"><i>hidden</i></td>
+                </tr>
+                <tr>
+                    <td class="text-muted" style="vertical-align: top;"></td>
+                    <td class="text-right" style="vertical-align: top;"><span class="text-success" ng-show="dnsCredentials.success"><b>Done</b></span> &nbsp; &nbsp; <button class="btn btn-outline btn-xs btn-primary" ng-show="!dnsCredentials.formVisible" ng-click="showDnsCredentialsForm()">Change</button></td>
+                </tr>
+            </table>
+
+            <div class="collapse" id="collapseDnsCredentialsForm" data-toggle="false">
+                <p>The security credentials have to be valid for full Route53 access.</p>
+                <form name="dnsCredentialsForm" ng-submit="setDnsCredentials()">
+                    <fieldset>
+                        <div class="has-error text-center" ng-show="dnsCredentials.error">{{ dnsCredentials.error }}</div>
+
+                        <div class="form-group" ng-class="{ 'has-error': false }">
+                            <label class="control-label" for="dnsCredentialsAccessKeyId">Access Key Id</label>
+                            <input type="text" class="form-control" ng-model="dnsCredentials.accessKeyId" id="dnsCredentialsAccessKeyId" name="accessKeyId" ng-disabled="dnsCredentials.busy" ng-minlength="16" ng-maxlength="32" required>
+                        </div>
+                        <div class="form-group" ng-class="{ 'has-error': false }">
+                            <label class="control-label" for="dnsCredentialsSecretAccessKey">Secret Access Key</label>
+                            <input type="text" class="form-control" ng-model="dnsCredentials.secretAccessKey" id="dnsCredentialsSecretAccessKey" name="secretAccessKey" ng-disabled="dnsCredentials.busy" required>
+                        </div>
+
+                        <button type="submit" class="btn btn-outline btn-success pull-right" ng-disabled="dnsCredentialsForm.$invalid || busy"><i class="fa fa-spinner fa-pulse" ng-show="dnsCredentials.busy"></i> Save</button>
+                    </fieldset>
+                </form>
+            </div>
+        </div>
+    </div>
+ </div>
+
 <div style="max-width: 600px; margin: 0 auto;" ng-show="user.admin">
    <div class="text-left">
        <h3>Developer Mode</h3>
@@ -5,6 +5,7 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca

    $scope.user = Client.getUserInfo();
    $scope.config = Client.getConfig();
+    $scope.dnsConfig = {};

    $scope.lastBackup = null;
    $scope.backups = [];
@@ -24,12 +25,6 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        percent: 100
    };

-    $scope.nameChange = {
-        busy: false,
-        error: {},
-        name: ''
-    };
-
    $scope.avatarChange = {
        busy: false,
        error: {},
@@ -89,6 +84,124 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        }]
    };

+    $scope.defaultCert = {
+        error: null,
+        success: false,
+        busy: false,
+        certificateFile: null,
+        certificateFileName: '',
+        keyFile: null,
+        keyFileName: ''
+    };
+
+    $scope.adminCert = {
+        error: null,
+        success: false,
+        busy: false,
+        certificateFile: null,
+        certificateFileName: '',
+        keyFile: null,
+        keyFileName: ''
+    };
+
+    $scope.dnsCredentials = {
+        error: null,
+        success: false,
+        busy: false,
+        formVisible: false,
+        accessKeyId: '',
+        secretAccessKey: '',
+        provider: 'route53'
+    };
+
+    function readFileLocally(obj, file, fileName) {
+        return function (event) {
+            $scope.$apply(function () {
+                obj[file] = null;
+                obj[fileName] = event.target.files[0].name;
+
+                var reader = new FileReader();
+                reader.onload = function (result) {
+                    if (!result.target || !result.target.result) return console.error('Unable to read local file');
+                    obj[file] = result.target.result;
+                };
+                reader.readAsText(event.target.files[0]);
+            });
+        };
+    }
+
+    document.getElementById('defaultCertFileInput').onchange = readFileLocally($scope.defaultCert, 'certificateFile', 'certificateFileName');
+    document.getElementById('defaultKeyFileInput').onchange = readFileLocally($scope.defaultCert, 'keyFile', 'keyFileName');
+    document.getElementById('adminCertFileInput').onchange = readFileLocally($scope.adminCert, 'certificateFile', 'certificateFileName');
+    document.getElementById('adminKeyFileInput').onchange = readFileLocally($scope.adminCert, 'keyFile', 'keyFileName');
+
+    $scope.setDefaultCert = function () {
+        $scope.defaultCert.busy = true;
+        $scope.defaultCert.error = null;
+        $scope.defaultCert.success = false;
+
+        Client.setCertificate($scope.defaultCert.certificateFile, $scope.defaultCert.keyFile, function (error) {
+            if (error) {
+                $scope.defaultCert.error = error.message;
+            } else {
+                $scope.defaultCert.success = true;
+                $scope.defaultCert.certificateFileName = '';
+                $scope.defaultCert.keyFileName = '';
+            }
+
+            $scope.defaultCert.busy = false;
+        });
+    };
+
+    $scope.setAdminCert = function () {
+        $scope.adminCert.busy = true;
+        $scope.adminCert.error = null;
+        $scope.adminCert.success = false;
+
+        Client.setAdminCertificate($scope.adminCert.certificateFile, $scope.adminCert.keyFile, function (error) {
+            if (error) {
+                $scope.adminCert.error = error.message;
+            } else {
+                $scope.adminCert.success = true;
+                $scope.adminCert.certificateFileName = '';
+                $scope.adminCert.keyFileName = '';
+            }
+
+            $scope.adminCert.busy = false;
+        });
+    };
+
+    $scope.setDnsCredentials = function () {
+        $scope.dnsCredentials.busy = true;
+        $scope.dnsCredentials.error = null;
+        $scope.dnsCredentials.success = false;
+
+        var data = {
+            provider: $scope.dnsCredentials.provider,
+            accessKeyId: $scope.dnsCredentials.accessKeyId,
+            secretAccessKey: $scope.dnsCredentials.secretAccessKey
+        };
+
+        Client.setDnsConfig(data, function (error) {
+            if (error) {
+                $scope.dnsCredentials.error = error.message;
+            } else {
+                $scope.dnsCredentials.success = true;
+
+                $scope.dnsConfig.accessKeyId = $scope.dnsCredentials.accessKeyId;
+                $scope.dnsConfig.secretAccessKey = $scope.dnsCredentials.secretAccessKey;
+
+                $scope.dnsCredentials.accessKeyId = '';
+                $scope.dnsCredentials.secretAccessKey = '';
+
+                $('#collapseDnsCredentialsForm').collapse('hide');
+                $scope.dnsCredentials.formVisible = false;
+            }
+
+            $scope.dnsCredentials.busy = false;
+        });
+    };
+
    $scope.setPreviewAvatar = function (avatar) {
        $scope.avatarChange.avatar = avatar;
    };
@@ -97,14 +210,6 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        $('#avatarFileInput').click();
    };

-    function nameChangeReset() {
-        $scope.nameChange.error.name = null;
-        $scope.nameChange.name = '';
-
-        $scope.nameChangeForm.$setPristine();
-        $scope.nameChangeForm.$setUntouched();
-    }
-
    function avatarChangeReset() {
        $scope.avatarChange.error.avatar = null;
        $scope.avatarChange.avatar = null;
@@ -156,22 +261,6 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        });
    };

-    $scope.doChangeName = function () {
-        $scope.nameChange.error.name = null;
-        $scope.nameChange.busy = true;
-
-        Client.changeCloudronName($scope.nameChange.name, function (error) {
-            if (error) {
-                console.error('Unable to change name.', error);
-            } else {
-                nameChangeReset();
-                $('#nameChangeModal').modal('hide');
-            }
-
-            $scope.nameChange.busy = false;
-        });
-    };
-
    function getBlobFromImg(img, callback) {
        var size = 256;

@@ -258,16 +347,25 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        });
    };

+    $scope.showDnsCredentialsForm = function () {
+        $scope.dnsCredentials.busy = false;
+        $scope.dnsCredentials.success = false;
+        $scope.dnsCredentials.error = null;
+        $scope.dnsCredentials.accessKeyId = '';
+        $scope.dnsCredentials.secretAccessKey = '';
+        $scope.dnsCredentialsForm.$setPristine();
+        $scope.dnsCredentialsForm.$setUntouched();
+
+        $scope.dnsCredentials.formVisible = true;
+        $('#collapseDnsCredentialsForm').collapse('show');
+        $('#dnsCredentialsAccessKeyId').focus();
+    };
+
    $scope.showChangeDeveloperMode = function () {
        developerModeChangeReset();
        $('#developerModeChangeModal').modal('show');
    };

-    $scope.showChangeName = function () {
-        nameChangeReset();
-        $('#nameChangeModal').modal('show');
-    };
-
    $scope.showCreateBackup = function () {
        $('#createBackupModal').modal('show');
    };
@@ -298,10 +396,16 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        fetchBackups();

        $scope.avatar.url = '//my-' + $scope.config.fqdn + '/api/v1/cloudron/avatar';
+
+        Client.getDnsConfig(function (error, result) {
+            if (error) return console.error(error);
+
+            $scope.dnsConfig = result;
+        });
    });

    // setup all the dialog focus handling
-    ['developerModeChangeModal', 'nameChangeModal'].forEach(function (id) {
+    ['developerModeChangeModal'].forEach(function (id) {
        $('#' + id).on('shown.bs.modal', function () {
            $(this).find("[autofocus]:first").focus();
        });
@@ -3,7 +3,7 @@
        <h1>Welcome to your Cloudron!</h1>
        <hr/>
        <h3 class="">
-                Choose a name and avatar for your Cloudron
+                Choose an avatar
        </h3>
    </div>
 </div>
@@ -19,16 +19,6 @@
 <br/>
 <br/>

-<div class="row">
-    <div class="col-md-4 col-md-offset-4 text-center">
-        <div class="form-group" ng-class="{ 'has-error': setup_form.name.$dirty && setup_form.name.$invalid }">
-            <!-- <label class="control-label" for="inputName">Name</label> -->
-            <input type="text" class="form-control" ng-model="wizard.name" id="inputName" name="name" placeholder="Name" ng-enter="next('/step2', setup_form.name.$invalid)" ng-maxlength="512" ng-minlength="1" autofocus required autocomplete="off">
-        </div>
-    </div>
-</div>
-
-
 <div class="row">
    <div class="col-md-12 settings-avatar-selector">
        <input type="file" id="avatarFileInput" style="display: none" accept="image/png"/>
@@ -48,6 +38,6 @@

 <div class="row">
    <div class="col-md-12 text-center">
-        <a class="btn btn-primary" href="#/step2" ng-disabled="setup_form.name.$invalid">Next</a>
+        <a class="btn btn-primary" href="#/step2">Next</a>
    </div>
 </div>
@@ -1,6 +1,6 @@
 <div class="row">
    <div class="col-md-12 text-center">
-        <h1>Create an Administrator for <b>{{ wizard.name }}</b></h1>
+        <h1>Create an Administrator for your Cloudron</h1>
        <h4 class="">
            This admin account is separate from your <a href="https://cloudron.io">cloudron.io</a> account.
        </h4>
@@ -22,6 +22,6 @@
 </div>
 <div class="row">
    <div class="col-md-12 text-center">
-        <a class="btn btn-primary" href="#/step3" ng-disabled="setup_form.username.$invalid">Done</a>
+        <button class="btn btn-primary" ng-click="next('/step3', setup_form.username.$invalid || setup_form.password.$invalid)" ng-disabled="setup_form.username.$invalid || setup_form.password.$invalid">Done</button>
    </div>
 </div>
@@ -1,8 +1,27 @@
-<center>
-    <h1>All done!</h1>
-    <br/>
-    <br/>
-    <i class="fa fa-spinner fa-pulse fa-5x"></i>
-    <br/>
-    <br/>
-</center>
+<div class="row">
+    <div class="col-md-12 text-center">
+        <h1>Custom domain configuration</h1>
+        <h4 class="">
+            Provide <a href="https://aws.amazon.com/route53/">Route53</a> access keys here
+        </h4>
+    </div>
+</div>
+<br/>
+<br/>
+<div class="row">
+    <div class="col-md-4 col-md-offset-4 text-center">
+        <div class="form-group" ng-class="{ 'has-error': setup_form.accessKeyId.$dirty && setup_form.accessKeyId.$invalid }">
+            <!-- <label class="control-label" for="inputUsername">Username</label> -->
+            <input type="text" class="form-control" ng-model="wizard.dnsConfig.accessKeyId" id="inputAccessKeyId" name="accessKeyId" placeholder="Access Key Id" ng-enter="focusNext('inputSecretAccessKey', setup_form.accessKeyId.$invalid)" ng-maxlength="512" ng-minlength="3" autofocus required autocomplete="off">
+        </div>
+        <div class="form-group" ng-class="{ 'has-error': setup_form.secretAccessKey.$dirty && setup_form.secretAccessKey.$invalid }">
+            <!-- <label class="control-label" for="inputPassword">Password</label> -->
+            <input type="text" class="form-control" ng-model="wizard.dnsConfig.secretAccessKey" id="inputSecretAccessKey" name="secretAccessKey" placeholder="Secret Access Key" ng-enter="next('/step4', setup_form.secretAccessKey.$invalid)" ng-maxlength="512" ng-minlength="3" required autocomplete="off">
+        </div>
+    </div>
+</div>
+<div class="row">
+    <div class="col-md-12 text-center">
+        <button class="btn btn-primary"  ng-click="next('/step4', setup_form.accessKeyId.$invalid || setup_form.secretAccessKey.$invalid)" ng-disabled="setup_form.accessKeyId.$invalid || setup_form.secretAccessKey.$invalid">Done</button>
+    </div>
+</div>
@@ -0,0 +1,8 @@
+<center>
+    <h1>All done!</h1>
+    <br/>
+    <br/>
+    <i class="fa fa-spinner fa-pulse fa-5x"></i>
+    <br/>
+    <br/>
+</center>