Use local cache when looking up apps

Keep appstore url bar up-to-date with the selected app
This allows sharing links directly Fixes #526
2016-01-25 16:25:25 +01:00 · 2016-01-25 16:21:44 +01:00 · 2016-01-25 16:21:20 +01:00 · 2016-01-25 15:30:29 +01:00 · 2016-01-25 15:29:52 +01:00 · 2016-01-25 15:29:52 +01:00
135 changed files with 9046 additions and 3292 deletions
@@ -1,6 +1,7 @@
-# Skip files when using git archive
+# following files are skipped when exporting using git archive
+/release export-ignore
+/admin export-ignore
+test export-ignore
 .gitattributes export-ignore
 .gitignore export-ignore
-/scripts export-ignore
-test export-ignore

@@ -3,7 +3,9 @@ coverage/
 docs/
 webadmin/dist/
 setup/splash/website/
+installer/src/certs/server.key

 # vim swap files
 *.swp

+
@@ -0,0 +1,391 @@
+[0.0.1]
+- Hot Chocolate
+
+[0.0.2]
+- Hotfix appstore ui in webadim
+
+[0.0.3]
+- Tall Pike
+
+[0.0.4]
+- This will be 0.0.4 changes
+
+[0.0.5]
+- App install/configure route fixes
+
+[0.0.6]
+- Not sure what happenned here
+
+[0.0.7]
+- resetToken is now sent as part of create user
+- Same as 0.0.7 which got released by mistake
+
+[0.0.8]
+- Manifest changes
+
+[0.0.9]
+- Fix app restore
+- Fix backup issues
+
+[0.0.10]
+- Unknown orchestra
+
+[0.0.11]
+- Add ldap addon
+
+[0.0.12]
+- Support OAuth2 state
+
+[0.0.13]
+- Use docker image from cloudron repository
+
+[0.0.14]
+- Improve setup flow
+
+[0.0.15]
+- Improved Appstore view
+
+[0.0.16]
+- Improved Backup approach
+
+[0.0.17]
+- Upgrade testing
+- App auto updates
+- Usage graphs
+
+[0.0.18]
+- Rework backups and updates
+
+[0.0.19]
+- Graphite fixes
+- Avatar and Cloudron name support
+
+[0.0.20]
+- Apptask fixes
+- Chrome related fixes
+
+[0.0.21]
+- Increase nginx hostname size to 64
+
+[0.0.22]
+- Testing the e2e tests
+
+[0.0.23]
+- Better error status page
+- Fix updater and backup progress reporting
+- New avatar set
+- Improved setup wizard
+
+[0.0.24]
+- Hotfix the ldap support
+
+[0.0.25]
+- Add support page
+- Really fix ldap issues
+
+[0.0.26]
+- Add configurePath support
+
+[0.0.27]
+- Improved log collector
+
+[0.0.28]
+- Improve app feedback
+- Restyle login page
+
+[0.0.29]
+- Update to ubuntu 15.04
+
+[0.0.30]
+- Move to docker 1.7
+
+[0.0.31]
+- WARNING: This update restarts your containers
+- System processes are prioritized over apps
+- Add ldap group support
+
+[0.0.32]
+- MySQL addon update
+
+[0.0.33]
+- Fix graphs
+- Fix MySQL 5.6 memory usage
+
+[0.0.34]
+- Correctly mark apps pending for approval
+
+[0.0.35]
+- Fix ldap admin group username
+
+[0.0.36]
+- Fix restore without backup
+- Optimize image deletion during updates
+- Add memory accounting
+- Restrict access to metadata from containers
+
+[0.0.37]
+- Prepare for Selfhosting 1. part
+- Use userData instead of provisioning calls
+
+[0.0.38]
+- Account for Ext4 reserved block when partitioning disk
+
+[0.0.39]
+- Move subdomain management to the cloudron
+
+[0.0.40]
+- Add journal limit
+- Fix reprovisioning on reboot
+- Fix subdomain management during startup
+
+[0.0.41]
+- Finally bring things to a sane state
+
+[0.0.42]
+- Parallel apptask
+
+[0.0.43]
+- Move to systemd
+
+[0.0.44]
+- Fix apptask concurrency bug
+
+[0.0.45]
+- Retry subdomain registration
+
+[0.0.46]
+- Fix app update email notification
+
+[0.0.47]
+- Ensure box code quits within 5 seconds
+
+[0.0.48]
+- Styling fixes
+- Improved session handling
+
+[0.0.49]
+- Fix app autoupdate logic
+
+[0.0.50]
+- Use domainmanagement via CaaS
+
+[0.0.51]
+- Fix memory management
+
+[0.0.52]
+- Restrict addons memory
+- Get nofication about container OOMs
+
+[0.0.53]
+- Restrict addons memory
+- Get notification about container OOMs
+- Add retry to subdomain logic
+
+[0.0.54]
+- OAuth Proxy now uses internal port forwarding
+
+[0.0.55]
+- Setup cloudron timezone based on droplet region
+
+[0.0.56]
+- Use correct timezone in updater
+
+[0.0.57]
+- Fix systemd logging issues
+
+[0.0.58]
+- Ensure backups of failed apps are retained across archival cycles
+
+[0.0.59]
+- Installer API fixes
+
+[0.0.60]
+- Do full box backup on updates
+
+[0.0.61]
+- Track update notifications to inform admin only once
+
+[0.0.62]
+- Export bind dn and password from LDAP addon
+
+[0.0.63]
+- Fix creation of TXT records
+
+[0.0.64]
+- Stop apps in a retired cloudron
+- Retry downloading application on failure
+
+[0.0.65]
+- Do not send crash mails for apps in development
+
+[0.0.66]
+- Readonly application and addon containers
+
+[0.0.67]
+- Fix email notifications
+- Fix bug when restoring from certain backups
+
+[0.0.68]
+- Update graphite image
+- Add simpleauth addon support
+
+[0.0.69]
+- Support newer manifest format
+- Fix app listing rendering in chrome
+- Fix redis backup across upgrades
+
+[0.0.70]
+- Retry app download on error
+
+[0.0.71]
+- Fix oauth and simple auth login
+
+[0.0.72]
+- Cleanup application volumes periodically
+- New application logging design
+
+[0.0.73]
+- Update SSL certificate
+
+[0.0.74]
+- Support singleUser apps
+
+[0.0.75]
+- scheduler addon
+
+[0.0.76]
+- DNS Sync fixes
+- Show warning to user when memory limit reached
+
+[0.0.77]
+- Do not set hostname in app containers
+
+[0.0.78]
+- Support custom domains
+
+[0.0.79]
+- Move SSH Port
+
+[0.0.80]
+- Use journalctl for container logs
+
+[0.1.0]
+- Wait for configuration changes before starting Cloudron
+
+[0.1.1]
+- Ensure dns config for all cloudrons
+
+[0.1.2]
+- Make email work again
+- Add DKIM keys for custom domains
+
+[0.1.3]
+- Storage backend
+
+[0.1.4]
+- CaaS Backup configuration fix
+
+[0.1.5]
+- Use correct tokens for DNS backend
+
+[0.1.6]
+- Add hook to determine the api server of the box
+- Fix crash notification
+
+[0.2.0]
+- New cloudron exec implementation
+
+[0.2.1]
+- Update to node 4.1.1
+- Fix certification installation with custom domains
+
+[0.2.2]
+- Better debug output
+- Retry more times if docker registry goes down
+
+[0.3.0]
+- Update SSH keys
+- Allow bigger manifest files
+
+[0.4.0]
+- Update to docker 1.9.0
+
+[0.4.1]
+- Fix scheduler crash
+- Crucial OAuth fixes
+
+[0.4.2]
+- Fix crash when reporting backup error
+- Allow larger manifests
+
+[0.4.3]
+- Fix cloudron exec
+
+[0.4.4]
+- Initial Lets Encrypt integration
+
+[0.4.5]
+- Fixup nginx configuration to allow dynamic certificates
+
+[0.4.6]
+- LetsEncrypt integration for custom domains
+- Rate limit crash emails
+
+[0.5.0]
+- Enable staging Lets Encrypt Integration
+
+[0.5.1]
+- Display error dialog for app installation errors
+- Enable prod Lets Encrypt Integration
+- Handle apptask crashes correctly
+
+[0.5.2]
+- Fix apphealthtask crash
+- Use cgroup fs driver instead of systemd cgroup driver in docker
+
+[0.5.3]
+- Changes for e2e testing
+
+[0.5.4]
+- Fix bug in LE server selection
+
+[0.5.5]
+- Scheduler redesign
+- Fix journalctl logging
+
+[0.5.6]
+- Prepare for selfhosting option
+
+[0.5.7]
+- Move app images off the btrfs subvolume
+
+[0.6.0]
+- Consolidate code repositories
+
+[0.6.1]
+- Use no-reply as email from address for apps in naked domains
+- Update Lets Encrypt account with owner email when available
+- Fix email templates to indicate auto update
+- Add notification UI
+
+[0.6.2]
+- Fix `cloudron exec` container to have same namespaces as app
+- Add developmentMode to manifest
+
+[0.6.3]
+- Make sending invite for new users optional
+
+[0.6.4]
+- Add support for display names
+- Send invite links to admins for user setup
+- Enforce stronger passwords
+
+[0.6.5]
+- Finalize stronger password requirement
+
+[0.7.0]
+- Upgrade to 15.10
+- Do not remove docker images when in use by another container
+- Fix sporadic error when reconfiguring apps
+- Handle journald crashes gracefully
+
@@ -1,10 +1,17 @@
-The Box
-=======
+Cloudron a Smart Server
+=======================

-Development setup
-----------------
-* sudo useradd -m yellowtent
-** Add admin-localhost as 127.0.0.1 in /etc/hosts
-** All apps will be installed as hypened-subdomains of localhost. You should add
-   hyphened-subdomains of your apps into /etc/hosts

+
+Selfhost Instructions
+---------------------
+
+The smart server currently relies on an AWS account with access to Route53 and S3 and is tested on DigitalOcean and EC2.
+
+First create a virtual private server with Ubuntu 15.04 and run the following commands in an ssh session to initialize the base image:
+
+```
+curl https://s3.amazonaws.com/prod-cloudron-releases/installer.sh -o installer.sh
+chmod +x installer.sh
+./installer.sh <domain> <aws access key> <aws acccess secret> <backup bucket> <provider> <release sha1>
+```
@@ -0,0 +1,192 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+assertNotEmpty() {
+    : "${!1:? "$1 is not set."}"
+}
+
+readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd)"
+export JSON="${SOURCE_DIR}/node_modules/.bin/json"
+
+provider="digitalocean"
+installer_revision=$(git rev-parse HEAD)
+box_name=""
+server_id=""
+server_ip=""
+destroy_server="yes"
+deploy_env="dev"
+
+# Only GNU getopt supports long options. OS X comes bundled with the BSD getopt
+# brew install gnu-getopt to get the GNU getopt on OS X
+[[ $(uname -s) == "Darwin" ]] && GNU_GETOPT="/usr/local/opt/gnu-getopt/bin/getopt" || GNU_GETOPT="getopt"
+readonly GNU_GETOPT
+
+args=$(${GNU_GETOPT} -o "" -l "provider:,revision:,regions:,size:,name:,no-destroy,env:" -n "$0" -- "$@")
+eval set -- "${args}"
+
+while true; do
+    case "$1" in
+    --env) deploy_env="$2"; shift 2;;
+    --revision) installer_revision="$2"; shift 2;;
+    --provider) provider="$2"; shift 2;;
+    --name) box_name="$2"; destroy_server="no"; shift 2;;
+    --no-destroy) destroy_server="no"; shift 2;;
+    --) break;;
+    *) echo "Unknown option $1"; exit 1;;
+    esac
+done
+
+echo "Creating image using ${provider}"
+if [[ "${provider}" == "digitalocean" ]]; then
+    if [[ "${deploy_env}" == "staging" ]]; then
+        assertNotEmpty DIGITAL_OCEAN_TOKEN_STAGING
+        export DIGITAL_OCEAN_TOKEN="${DIGITAL_OCEAN_TOKEN_STAGING}"
+    elif [[ "${deploy_env}" == "dev" ]]; then
+        assertNotEmpty DIGITAL_OCEAN_TOKEN_DEV
+        export DIGITAL_OCEAN_TOKEN="${DIGITAL_OCEAN_TOKEN_DEV}"
+    elif [[ "${deploy_env}" == "prod" ]]; then
+        assertNotEmpty DIGITAL_OCEAN_TOKEN_PROD
+        export DIGITAL_OCEAN_TOKEN="${DIGITAL_OCEAN_TOKEN_PROD}"
+    else
+        echo "No such env ${deploy_env}."
+        exit 1
+    fi
+
+    vps="/bin/bash ${SCRIPT_DIR}/digitalocean.sh"
+else
+    echo "Unknown provider : ${provider}"
+    exit 1
+fi
+
+readonly ssh_keys="${HOME}/.ssh/id_rsa_caas_${deploy_env}"
+readonly scp202="scp -P 202 -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${ssh_keys}"
+readonly scp22="scp -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${ssh_keys}"
+
+readonly ssh202="ssh -p 202 -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${ssh_keys}"
+readonly ssh22="ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${ssh_keys}"
+
+if [[ ! -f "${ssh_keys}" ]]; then
+    echo "caas ssh key is missing at ${ssh_keys} (pick it up from secrets repo)"
+    exit 1
+fi
+
+function get_pretty_revision() {
+    local git_rev="$1"
+    local sha1=$(git rev-parse --short "${git_rev}" 2>/dev/null)
+
+    echo "${sha1}"
+}
+
+now=$(date "+%Y-%m-%d-%H%M%S")
+pretty_revision=$(get_pretty_revision "${installer_revision}")
+
+if [[ -z "${box_name}" ]]; then
+    # if you change this, change the regexp is appstore/janitor.js
+    box_name="box-${deploy_env}-${pretty_revision}-${now}" # remove slashes
+
+    # create a new server if no name given
+    if ! caas_ssh_key_id=$($vps get_ssh_key_id "caas"); then
+        echo "Could not query caas ssh key"
+        exit 1
+    fi
+    echo "Detected caas ssh key id: ${caas_ssh_key_id}"
+
+    echo "Creating Server with name [${box_name}]"
+    if ! server_id=$($vps create ${caas_ssh_key_id} ${box_name}); then
+        echo "Failed to create server"
+        exit 1
+    fi
+    echo "Created server with id: ${server_id}"
+
+    # If we run scripts overenthusiastically without the wait, setup script randomly fails
+    echo -n "Waiting 120 seconds for server creation"
+    for i in $(seq 1 24); do
+        echo -n "."
+        sleep 5
+    done
+    echo ""
+else
+    if ! server_id=$($vps get_id "${box_name}"); then
+        echo "Could not determine id from name"
+        exit 1
+    fi
+    echo "Reusing server with id: ${server_id}"
+
+    $vps power_on "${server_id}"
+fi
+
+# Query until we get an IP
+while true; do
+    echo "Trying to get the server IP"
+    if server_ip=$($vps get_ip "${server_id}"); then
+        echo "Server IP : [${server_ip}]"
+        break
+    fi
+    echo "Timedout, trying again in 10 seconds"
+    sleep 10
+done
+
+while true; do
+    echo "Trying to copy init script to server"
+    if $scp22 "${SCRIPT_DIR}/initializeBaseUbuntuImage.sh" root@${server_ip}:.; then
+        break
+    fi
+    echo "Timedout, trying again in 30 seconds"
+    sleep 30
+done
+
+echo "Copying INFRA_VERSION"
+$scp22 "${SCRIPT_DIR}/../setup/INFRA_VERSION" root@${server_ip}:.
+
+echo "Copying box source"
+cd "${SOURCE_DIR}"
+git archive --format=tar HEAD | $ssh22 "root@${server_ip}" "cat - > /tmp/box.tar.gz"
+
+echo "Executing init script"
+if ! $ssh22 "root@${server_ip}" "/bin/bash /root/initializeBaseUbuntuImage.sh ${installer_revision}"; then
+    echo "Init script failed"
+    exit 1
+fi
+
+echo "Copy over certs"
+cd "${SCRIPT_DIR}/../../secrets"
+blackbox_cat installer/server.crt.gpg | $ssh202 "root@${server_ip}" "cat - > /home/yellowtent/installer/src/certs/server.crt"
+blackbox_cat installer/server.key.gpg | $ssh202 "root@${server_ip}" "cat - > /home/yellowtent/installer/src/certs/server.key"
+blackbox_cat installer_ca/ca.crt.gpg  | $ssh202 "root@${server_ip}" "cat - > /home/yellowtent/installer/src/certs/ca.crt"
+
+echo "Shutting down server with id : ${server_id}"
+$ssh202 "root@${server_ip}" "shutdown -f now" || true # shutdown sometimes terminates ssh connection immediately making this command fail
+
+# wait 10 secs for actual shutdown
+echo "Waiting for 10 seconds for server to shutdown"
+sleep 30
+
+echo "Powering off server"
+if ! $vps power_off "${server_id}"; then
+    echo "Could not power off server"
+    exit 1
+fi
+
+snapshot_name="box-${deploy_env}-${pretty_revision}-${now}"
+echo "Snapshotting as ${snapshot_name}"
+if ! image_id=$($vps snapshot "${server_id}" "${snapshot_name}"); then
+    echo "Could not snapshot and get image id"
+    exit 1
+fi
+
+if [[ "${destroy_server}" == "yes" ]]; then
+    echo "Destroying server"
+    if ! $vps destroy "${server_id}"; then
+        echo "Could not destroy server"
+        exit 1
+    fi
+else
+    echo "Skipping server destroy"
+fi
+
+echo "Transferring image ${image_id} to other regions"
+$vps transfer_image_to_all_regions "${image_id}"
+
+echo "Done."
@@ -0,0 +1,240 @@
+#!/bin/bash
+
+if [[ -z "${DIGITAL_OCEAN_TOKEN}" ]]; then
+    echo "Script requires DIGITAL_OCEAN_TOKEN env to be set"
+    exit 1
+fi
+
+if [[ -z "${JSON}" ]]; then
+    echo "Script requires JSON env to be set to path of JSON binary"
+    exit 1
+fi
+
+readonly CURL="curl -s -u ${DIGITAL_OCEAN_TOKEN}:"
+
+function debug() {
+    echo "$@" >&2
+}
+
+function get_ssh_key_id() {
+    id=$($CURL "https://api.digitalocean.com/v2/account/keys" \
+        | $JSON ssh_keys \
+        | $JSON -c "this.name === \"$1\"" \
+        | $JSON 0.id)
+    [[ -z "$id" ]] && exit 1
+    echo "$id"
+}
+
+function create_droplet() {
+    local ssh_key_id="$1"
+    local box_name="$2"
+
+    local image_region="sfo1"
+    local ubuntu_image_slug="ubuntu-15-10-x64"
+    local box_size="512mb"
+
+    local data="{\"name\":\"${box_name}\",\"size\":\"${box_size}\",\"region\":\"${image_region}\",\"image\":\"${ubuntu_image_slug}\",\"ssh_keys\":[ \"${ssh_key_id}\" ],\"backups\":false}"
+
+    id=$($CURL -X POST -H 'Content-Type: application/json' -d "${data}" "https://api.digitalocean.com/v2/droplets" | $JSON droplet.id)
+    [[ -z "$id" ]] && exit 1
+    echo "$id"
+}
+
+function get_droplet_ip() {
+    local droplet_id="$1"
+    ip=$($CURL "https://api.digitalocean.com/v2/droplets/${droplet_id}" | $JSON "droplet.networks.v4[0].ip_address")
+    [[ -z "$ip" ]] && exit 1
+    echo "$ip"
+}
+
+function get_droplet_id() {
+    local droplet_name="$1"
+    id=$($CURL "https://api.digitalocean.com/v2/droplets?per_page=100" | $JSON "droplets" | $JSON -c "this.name === '${droplet_name}'" | $JSON "[0].id")
+    [[ -z "$id" ]] && exit 1
+    echo "$id"  
+}
+
+function power_off_droplet() {
+    local droplet_id="$1"
+    local data='{"type":"power_off"}'
+    local response=$($CURL -X POST -H 'Content-Type: application/json' -d "${data}" "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions")
+    local event_id=`echo "${response}" | $JSON action.id`
+
+    if [[ -z "${event_id}" ]]; then
+        debug "Got no event id, assuming already powered off."
+        debug "Response: ${response}"
+        return
+    fi
+
+    debug "Powered off droplet. Event id: ${event_id}"
+    debug -n "Waiting for droplet to power off"
+
+    while true; do
+        local event_status=`$CURL "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions/${event_id}" | $JSON action.status`
+        if [[ "${event_status}" == "completed" ]]; then
+            break
+        fi
+        debug -n "."
+        sleep 10
+    done
+    debug ""
+}
+
+function power_on_droplet() {
+    local droplet_id="$1"
+    local data='{"type":"power_on"}'
+    local event_id=`$CURL -X POST -H 'Content-Type: application/json' -d "${data}" "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions" | $JSON action.id`
+
+    debug "Powered on droplet. Event id: ${event_id}"
+
+    if [[ -z "${event_id}" ]]; then
+        debug "Got no event id, assuming already powered on"
+        return
+    fi
+
+    debug -n "Waiting for droplet to power on"
+
+    while true; do
+        local event_status=`$CURL "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions/${event_id}" | $JSON action.status`
+        if [[ "${event_status}" == "completed" ]]; then
+            break
+        fi
+        debug -n "."
+        sleep 10
+    done
+    debug ""
+}
+
+function get_image_id() {
+    local snapshot_name="$1"
+    local image_id=""
+
+    image_id=$($CURL "https://api.digitalocean.com/v2/images?per_page=100" \
+       | $JSON images \
+       | $JSON -c "this.name === \"${snapshot_name}\"" 0.id)
+
+    if [[ -n "${image_id}" ]]; then
+        echo "${image_id}"
+    fi
+}
+
+function snapshot_droplet() {
+    local droplet_id="$1"
+    local snapshot_name="$2"
+    local data="{\"type\":\"snapshot\",\"name\":\"${snapshot_name}\"}"
+    local event_id=`$CURL -X POST -H 'Content-Type: application/json' -d "${data}" "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions" | $JSON action.id`
+
+    debug "Droplet snapshotted as ${snapshot_name}. Event id: ${event_id}"
+    debug -n "Waiting for snapshot to complete"
+
+    while true; do
+        local event_status=`$CURL "https://api.digitalocean.com/v2/droplets/${droplet_id}/actions/${event_id}" | $JSON action.status`
+        if [[ "${event_status}" == "completed" ]]; then
+            break
+        fi
+        debug -n "."
+        sleep 10
+    done
+    debug ""
+
+    get_image_id "${snapshot_name}"
+}
+
+function destroy_droplet() {
+    local droplet_id="$1"
+    # TODO: check for 204 status
+    $CURL -X DELETE "https://api.digitalocean.com/v2/droplets/${droplet_id}"
+    debug "Droplet destroyed"
+    debug ""
+}
+
+function transfer_image() {
+    local image_id="$1"
+    local region_slug="$2"
+    local data="{\"type\":\"transfer\",\"region\":\"${region_slug}\"}"
+    local event_id=`$CURL -X POST -H 'Content-Type: application/json' -d "${data}" "https://api.digitalocean.com/v2/images/${image_id}/actions" | $JSON action.id`
+    echo "${event_id}"
+}
+
+function wait_for_image_event() {
+    local image_id="$1"
+    local event_id="$2"
+
+    debug -n "Waiting for ${event_id}"
+
+    while true; do
+        local event_status=`$CURL "https://api.digitalocean.com/v2/images/${image_id}/actions/${event_id}" | $JSON action.status`
+        if [[ "${event_status}" == "completed" ]]; then
+            break
+        fi
+        debug -n "."
+        sleep 10
+    done
+    debug ""
+}
+
+function transfer_image_to_all_regions() {
+    local image_id="$1"
+
+    xfer_events=()
+    image_regions=(ams3) ## sfo1 is where the image is created
+    for image_region in ${image_regions[@]}; do
+        xfer_event=$(transfer_image ${image_id} ${image_region})
+        echo "Image transfer to ${image_region} initiated. Event id: ${xfer_event}"
+        xfer_events+=("${xfer_event}")
+        sleep 1
+    done
+
+    echo "Image transfer initiated, but they will take some time to get transferred."
+
+    for xfer_event in ${xfer_events[@]}; do
+        $vps wait_for_image_event "${image_id}" "${xfer_event}"
+    done
+}
+
+if [[ $# -lt 1 ]]; then
+    debug "<command> <params...>"
+    exit 1
+fi
+
+case $1 in
+get_ssh_key_id)
+    get_ssh_key_id "${@:2}"
+    ;;
+
+create)
+    create_droplet "${@:2}"
+    ;;
+
+get_id)
+    get_droplet_id "${@:2}"
+    ;;
+
+get_ip)
+    get_droplet_ip "${@:2}"
+    ;;
+
+power_on)
+    power_on_droplet "${@:2}"
+    ;;
+
+power_off)
+    power_off_droplet "${@:2}"
+    ;;
+
+snapshot)
+    snapshot_droplet "${@:2}"
+    ;;
+
+destroy)
+    destroy_droplet "${@:2}"
+    ;;
+
+transfer_image_to_all_regions)
+    transfer_image_to_all_regions "${@:2}"
+    ;;
+
+*)
+    echo "Unknown command $1"
+    exit 1
+esac
@@ -0,0 +1,325 @@
+#!/bin/bash
+
+set -euv -o pipefail
+
+readonly USER=yellowtent
+readonly USER_HOME="/home/${USER}"
+readonly INSTALLER_SOURCE_DIR="${USER_HOME}/installer"
+readonly INSTALLER_REVISION="$1"
+readonly SELFHOSTED=$(( $# > 1 ? 1 : 0 ))
+readonly USER_DATA_FILE="/root/user_data.img"
+readonly USER_DATA_DIR="/home/yellowtent/data"
+
+readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+function die {
+    echo $1
+    exit 1
+}
+
+[[ "$(systemd --version 2>&1)" == *"systemd 225"* ]] || die "Expecting systemd to be 225"
+
+if [ -f "${SOURCE_DIR}/INFRA_VERSION" ]; then
+    source "${SOURCE_DIR}/INFRA_VERSION"
+else
+    echo "No INFRA_VERSION found, skip pulling docker images"
+fi
+
+if [ ${SELFHOSTED} == 0 ]; then
+    echo "!! Initializing Ubuntu image for CaaS"
+else
+    echo "!! Initializing Ubuntu image for Selfhosting"
+fi
+
+echo "==== Create User ${USER} ===="
+if ! id "${USER}"; then
+    useradd "${USER}" -m
+fi
+
+echo "=== Yellowtent base image preparation (installer revision - ${INSTALLER_REVISION}) ==="
+
+echo "=== Prepare installer source ==="
+rm -rf "${INSTALLER_SOURCE_DIR}" && mkdir -p "${INSTALLER_SOURCE_DIR}"
+rm -rf /tmp/box && mkdir -p /tmp/box
+tar xvf /tmp/box.tar.gz -C /tmp/box && rm /tmp/box.tar.gz
+cp -rf /tmp/box/installer/* "${INSTALLER_SOURCE_DIR}"
+echo "${INSTALLER_REVISION}" > "${INSTALLER_SOURCE_DIR}/REVISION"
+
+export DEBIAN_FRONTEND=noninteractive
+
+echo "=== Upgrade ==="
+apt-get update
+apt-get upgrade -y
+apt-get install -y curl
+
+# Setup firewall before everything. docker creates it's own chain and the -X below will remove it
+# Do NOT use iptables-persistent because it's startup ordering conflicts with docker
+echo "=== Setting up firewall ==="
+# clear tables and set default policy
+iptables -F # flush all chains
+iptables -X # delete all chains
+# default policy for filter table
+iptables -P INPUT DROP
+iptables -P FORWARD ACCEPT # TODO: disable icc and make this as reject
+iptables -P OUTPUT ACCEPT
+
+# NOTE: keep these in sync with src/apps.js validatePortBindings
+# allow ssh, http, https, ping, dns
+iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+if [ ${SELFHOSTED} == 0 ]; then
+    iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,202,443,886 -j ACCEPT
+else
+    iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,22,443,886 -j ACCEPT
+fi
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT # required to accept any connections from apps to our IP:<public port>
+
+# loopback
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# prevent DoS
+# iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+
+# log dropped incoming. keep this at the end of all the rules
+iptables -N LOGGING # new chain
+iptables -A INPUT -j LOGGING # last rule in INPUT chain
+iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
+iptables -A LOGGING -j DROP
+
+echo "==== Install btrfs tools ==="
+apt-get -y install btrfs-tools
+
+echo "==== Install docker ===="
+# install docker from binary to pin it to a specific version. the current debian repo does not allow pinning
+curl https://get.docker.com/builds/Linux/x86_64/docker-1.9.1 > /usr/bin/docker
+chmod +x /usr/bin/docker
+groupadd docker
+cat > /etc/systemd/system/docker.socket <<EOF
+[Unit]
+Description=Docker Socket for the API
+PartOf=docker.service
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat > /etc/systemd/system/docker.service <<EOF
+[Unit]
+Description=Docker Application Container Engine
+After=network.target docker.socket
+Requires=docker.socket
+
+[Service]
+ExecStart=/usr/bin/docker daemon -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs
+MountFlags=slave
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+echo "=== Setup btrfs data ==="
+fallocate -l "8192m" "${USER_DATA_FILE}" # 8gb start (this will get resized dynamically by box-setup.service)
+mkfs.btrfs -L UserHome "${USER_DATA_FILE}"
+echo "${USER_DATA_FILE} ${USER_DATA_DIR} btrfs loop,nosuid 0 0" >> /etc/fstab
+mkdir -p "${USER_DATA_DIR}" && mount "${USER_DATA_FILE}"
+
+systemctl daemon-reload
+systemctl enable docker
+systemctl start docker
+
+# give docker sometime to start up and create iptables rules
+# those rules come in after docker has started, and we want to wait for them to be sure iptables-save has all of them
+sleep 10
+
+# Disable forwarding to metadata route from containers
+iptables -I FORWARD -d 169.254.169.254 -j DROP
+
+# ubuntu will restore iptables from this file automatically. this is here so that docker's chain is saved to this file
+mkdir /etc/iptables && iptables-save > /etc/iptables/rules.v4
+
+echo "=== Enable memory accounting =="
+sed -e 's/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1 panic_on_oops=1 panic=5"/' -i /etc/default/grub
+update-grub
+
+# now add the user to the docker group
+usermod "${USER}" -a -G docker
+
+if [ -z $(echo "${INFRA_VERSION}") ]; then
+    echo "Skip pulling base docker images"
+else
+    echo "=== Pulling base docker images ==="
+    docker pull "${BASE_IMAGE}"
+
+    echo "=== Pulling mysql addon image ==="
+    docker pull "${MYSQL_IMAGE}"
+
+    echo "=== Pulling postgresql addon image ==="
+    docker pull "${POSTGRESQL_IMAGE}"
+
+    echo "=== Pulling redis addon image ==="
+    docker pull "${REDIS_IMAGE}"
+
+    echo "=== Pulling mongodb addon image ==="
+    docker pull "${MONGODB_IMAGE}"
+
+    echo "=== Pulling graphite docker images ==="
+    docker pull "${GRAPHITE_IMAGE}"
+
+    echo "=== Pulling mail relay ==="
+    docker pull "${MAIL_IMAGE}"
+fi
+
+echo "==== Install nginx ===="
+apt-get -y install nginx-full
+[[ "$(nginx -v 2>&1)" == *"nginx/1.9."* ]] || die "Expecting nginx version to be 1.9.x"
+
+echo "==== Install build-essential ===="
+apt-get -y install build-essential rcconf
+
+echo "==== Install mysql ===="
+debconf-set-selections <<< 'mysql-server mysql-server/root_password password password'
+debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password password'
+apt-get -y install mysql-server
+[[ "$(mysqld --version 2>&1)" == *"5.6."* ]] || die "Expecting nginx version to be 5.6.x"
+
+echo "==== Install pwgen ===="
+apt-get -y install pwgen
+
+echo "==== Install collectd ==="
+if ! apt-get install -y collectd collectd-utils; then
+    # FQDNLookup is true in default debian config. The box code has a custom collectd.conf that fixes this
+    echo "Failed to install collectd. Presumably because of http://mailman.verplant.org/pipermail/collectd/2015-March/006491.html"
+    sed -e 's/^FQDNLookup true/FQDNLookup false/' -i /etc/collectd/collectd.conf
+fi
+update-rc.d -f collectd remove
+
+# this simply makes it explicit that we run logrotate via cron. it's already part of base ubuntu
+echo "==== Install logrotate ==="
+apt-get install -y cron logrotate
+systemctl enable cron
+
+echo "==== Install nodejs ===="
+# Cannot use anything above 4.1.1 - https://github.com/nodejs/node/issues/3803
+mkdir -p /usr/local/node-4.1.1
+curl -sL https://nodejs.org/dist/v4.1.1/node-v4.1.1-linux-x64.tar.gz | tar zxvf - --strip-components=1 -C /usr/local/node-4.1.1
+ln -s /usr/local/node-4.1.1/bin/node /usr/bin/node
+ln -s /usr/local/node-4.1.1/bin/npm /usr/bin/npm
+apt-get install -y python   # Install python which is required for npm rebuild
+[[ "$(python --version 2>&1)" == "Python 2.7."* ]] || die "Expecting python version to be 2.7.x"
+
+echo "=== Rebuilding npm packages ==="
+cd "${INSTALLER_SOURCE_DIR}" && npm install --production
+chown "${USER}:${USER}" -R "${INSTALLER_SOURCE_DIR}"
+
+echo "==== Install installer systemd script ===="
+provisionEnv="PROVISION=digitalocean"
+if [ ${SELFHOSTED} == 1 ]; then
+    provisionEnv="PROVISION=local"
+fi
+
+cat > /etc/systemd/system/cloudron-installer.service <<EOF
+[Unit]
+Description=Cloudron Installer
+; journald crashes result in a EPIPE in node. Cannot ignore it as it results in loss of logs.
+BindsTo=systemd-journald.service
+
+[Service]
+Type=idle
+ExecStart="${INSTALLER_SOURCE_DIR}/src/server.js"
+Environment="DEBUG=installer*,connect-lastmile" ${provisionEnv}
+; kill any child (installer.sh, retire.sh) as well
+KillMode=control-group
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Restore iptables before docker
+echo "==== Install iptables-restore systemd script ===="
+cat > /etc/systemd/system/iptables-restore.service <<EOF
+[Unit]
+Description=IPTables Restore
+Before=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /etc/iptables/rules.v4
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Allocate swap files
+# https://bbs.archlinux.org/viewtopic.php?id=194792 ensures this runs after do-resize.service
+echo "==== Install box-setup systemd script ===="
+cat > /etc/systemd/system/box-setup.service <<EOF
+[Unit]
+Description=Box Setup
+Before=docker.service umount.target collectd.service
+After=do-resize.service
+
+[Service]
+Type=oneshot
+ExecStart="${INSTALLER_SOURCE_DIR}/systemd/box-setup.sh"
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable cloudron-installer
+systemctl enable iptables-restore
+systemctl enable box-setup
+
+# Configure systemd
+sed -e "s/^#SystemMaxUse=.*$/SystemMaxUse=100M/" \
+    -e "s/^#ForwardToSyslog=.*$/ForwardToSyslog=no/" \
+    -i /etc/systemd/journald.conf
+
+# When rotating logs, systemd kills journald too soon sometimes
+# See https://github.com/systemd/systemd/issues/1353 (this is upstream default)
+sed -e "s/^WatchdogSec=.*$/WatchdogSec=3min/" \
+    -i /lib/systemd/system/systemd-journald.service
+
+sync
+
+# Configure time
+sed -e 's/^#NTP=/NTP=0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf
+timedatectl set-ntp 1
+timedatectl set-timezone UTC
+
+# Give user access to system logs
+apt-get -y install acl
+usermod -a -G systemd-journal ${USER}
+mkdir -p /var/log/journal  # in some images, this directory is not created making system log to /run/systemd instead
+chown root:systemd-journal /var/log/journal
+systemctl restart systemd-journald
+setfacl -n -m u:${USER}:r /var/log/journal/*/system.journal
+
+if [ ${SELFHOSTED} == 0 ]; then
+    echo "==== Install ssh ==="
+    apt-get -y install openssh-server
+    # https://stackoverflow.com/questions/4348166/using-with-sed on why ? must be escaped
+    sed -e 's/^#\?Port .*/Port 202/g' \
+        -e 's/^#\?PermitRootLogin .*/PermitRootLogin without-password/g' \
+        -e 's/^#\?PermitEmptyPasswords .*/PermitEmptyPasswords no/g' \
+        -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/g' \
+        -i /etc/ssh/sshd_config
+
+    # required so we can connect to this machine since port 22 is blocked by iptables by now
+    systemctl reload sshd
+fi
@@ -14,9 +14,9 @@ var appHealthMonitor = require('./src/apphealthmonitor.js'),
    async = require('async'),
    config = require('./src/config.js'),
    ldap = require('./src/ldap.js'),
-    simpleauth = require('./src/simpleauth.js'),
    oauthproxy = require('./src/oauthproxy.js'),
-    server = require('./src/server.js');
+    server = require('./src/server.js'),
+    simpleauth = require('./src/simpleauth.js');

 console.log();
 console.log('==========================================');
@@ -26,7 +26,6 @@ console.log();
 console.log(' Environment:                    ', config.CLOUDRON ? 'CLOUDRON' : 'TEST');
 console.log(' Version:                        ', config.version());
 console.log(' Admin Origin:                   ', config.adminOrigin());
-console.log(' Appstore token:                 ', config.token());
 console.log(' Appstore API server origin:     ', config.apiServerOrigin());
 console.log(' Appstore Web server origin:     ', config.webServerOrigin());
 console.log();
@@ -39,7 +39,7 @@ gulp.task('3rdparty', function () {
 // JavaScript
 // --------------

-gulp.task('js', ['js-index', 'js-setup', 'js-update', 'js-error'], function () {});
+gulp.task('js', ['js-index', 'js-setup', 'js-update'], function () {});

 var oauth = {
    clientId: argv.clientId || 'cid-webadmin',
@@ -80,14 +80,6 @@ gulp.task('js-setup', function () {
        .pipe(gulp.dest('webadmin/dist/js'));
 });

-gulp.task('js-error', function () {
-    gulp.src(['webadmin/src/js/error.js'])
-        .pipe(sourcemaps.init())
-        .pipe(uglify())
-        .pipe(sourcemaps.write())
-        .pipe(gulp.dest('webadmin/dist/js'));
-});
-
 gulp.task('js-update', function () {
    gulp.src(['webadmin/src/js/update.js'])
        .pipe(sourcemaps.init())
@@ -102,7 +94,7 @@ gulp.task('js-update', function () {
 // HTML
 // --------------

-gulp.task('html', ['html-views', 'html-update'], function () {
+gulp.task('html', ['html-views', 'html-update', 'html-templates'], function () {
    return gulp.src('webadmin/src/*.html').pipe(gulp.dest('webadmin/dist'));
 });

@@ -114,6 +106,10 @@ gulp.task('html-views', function () {
    return gulp.src('webadmin/src/views/**/*.html').pipe(gulp.dest('webadmin/dist/views'));
 });

+gulp.task('html-templates', function () {
+    return gulp.src('webadmin/src/templates/**/*.html').pipe(gulp.dest('webadmin/dist/templates'));
+});
+
 // --------------
 // CSS
 // --------------
@@ -143,8 +139,8 @@ gulp.task('watch', ['default'], function () {
    gulp.watch(['webadmin/src/img/*'], ['images']);
    gulp.watch(['webadmin/src/**/*.html'], ['html']);
    gulp.watch(['webadmin/src/views/*.html'], ['html-views']);
+    gulp.watch(['webadmin/src/templates/*.html'], ['html-templates']);
    gulp.watch(['webadmin/src/js/update.js'], ['js-update']);
-    gulp.watch(['webadmin/src/js/error.js'], ['js-error']);
    gulp.watch(['webadmin/src/js/setup.js', 'webadmin/src/js/client.js'], ['js-setup']);
    gulp.watch(['webadmin/src/js/index.js', 'webadmin/src/js/client.js', 'webadmin/src/js/appstore.js', 'webadmin/src/js/main.js', 'webadmin/src/views/*.js'], ['js-index']);
    gulp.watch(['webadmin/src/3rdparty/**/*'], ['3rdparty']);
@@ -0,0 +1,159 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+echo ""
+echo "======== Cloudron Installer ========"
+echo ""
+
+if [ $# -lt 4 ]; then
+    echo "Usage: ./installer.sh <fqdn> <aws key id> <aws key secret> <bucket> <provider> <revision>"
+    exit 1
+fi
+
+# commandline arguments
+readonly fqdn="${1}"
+readonly aws_access_key_id="${2}"
+readonly aws_access_key_secret="${3}"
+readonly aws_backup_bucket="${4}"
+readonly provider="${5}"
+readonly revision="${6}"
+
+# environment specific urls
+readonly api_server_origin="https://api.dev.cloudron.io"
+readonly web_server_origin="https://dev.cloudron.io"
+readonly release_bucket_url="https://s3.amazonaws.com/dev-cloudron-releases"
+readonly versions_url="https://s3.amazonaws.com/dev-cloudron-releases/versions.json"
+readonly installer_code_url="${release_bucket_url}/box-${revision}.tar.gz"
+
+# runtime consts
+readonly installer_code_file="/tmp/box.tar.gz"
+readonly installer_tmp_dir="/tmp/box"
+readonly cert_folder="/tmp/certificates"
+
+# check for fqdn in /ets/hosts
+echo "[INFO] checking for hostname entry"
+readonly hostentry_found=$(grep "${fqdn}" /etc/hosts || true)
+if [[ -z $hostentry_found ]]; then
+    echo "[WARNING] No entry for ${fqdn} found in /etc/hosts"
+    echo "Adding an entry ..."
+
+    cat >> /etc/hosts <<EOF
+
+# The following line was added by the Cloudron installer script
+127.0.1.1 ${fqdn} ${fqdn}
+EOF
+else
+    echo "Valid hostname entry found in /etc/hosts"
+fi
+echo ""
+
+echo "[INFO] ensure minimal dependencies ..."
+apt-get update
+apt-get install -y curl
+echo ""
+
+echo "[INFO] Generating certificates ..."
+rm -rf "${cert_folder}"
+mkdir -p "${cert_folder}"
+
+cat > "${cert_folder}/CONFIG" <<EOF
+[ req ]
+default_bits           = 1024
+default_keyfile        = keyfile.pem
+distinguished_name     = req_distinguished_name
+prompt                 = no
+req_extensions         = v3_req
+
+[ req_distinguished_name ]
+C                      = DE
+ST                     = Berlin
+L                      = Berlin
+O                      = Cloudron UG
+OU                     = Cloudron
+CN                     = ${fqdn}
+emailAddress           = cert@cloudron.io
+
+[ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ${fqdn}
+DNS.2 = *.${fqdn}
+EOF
+
+# generate cert files
+openssl genrsa 2048 > "${cert_folder}/host.key"
+openssl req -new -out "${cert_folder}/host.csr" -key "${cert_folder}/host.key" -config "${cert_folder}/CONFIG"
+openssl x509 -req -days 3650 -in "${cert_folder}/host.csr" -signkey "${cert_folder}/host.key" -out "${cert_folder}/host.cert" -extensions v3_req -extfile "${cert_folder}/CONFIG"
+
+# make them json compatible, by collapsing to one line
+tls_cert=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.cert")
+tls_key=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.key")
+echo ""
+
+echo "[INFO] Fetching installer code ..."
+curl "${installer_code_url}" -o "${installer_code_file}"
+echo ""
+
+echo "[INFO] Extracting installer code to ${installer_tmp_dir} ..."
+rm -rf "${installer_tmp_dir}" && mkdir -p "${installer_tmp_dir}"
+tar xvf "${installer_code_file}" -C "${installer_tmp_dir}"
+echo ""
+
+echo "Creating initial provisioning config ..."
+cat > /root/provision.json <<EOF
+{
+    "sourceTarballUrl": "",
+    "data": {
+        "apiServerOrigin": "${api_server_origin}",
+        "webServerOrigin": "${web_server_origin}",
+        "fqdn": "${fqdn}",
+        "token": "",
+        "isCustomDomain": true,
+        "boxVersionsUrl": "${versions_url}",
+        "version": "",
+        "tlsCert": "${tls_cert}",
+        "tlsKey": "${tls_key}",
+        "provider": "${provider}",
+        "backupConfig": {
+            "provider": "s3",
+            "accessKeyId": "${aws_access_key_id}",
+            "secretAccessKey": "${aws_access_key_secret}",
+            "bucket": "${aws_backup_bucket}",
+            "prefix": "backups"
+        },
+        "dnsConfig": {
+            "provider": "route53",
+            "accessKeyId": "${aws_access_key_id}",
+            "secretAccessKey": "${aws_access_key_secret}"
+        },
+        "tlsConfig": {
+            "provider": "letsencrypt-dev"
+        }
+    }
+}
+EOF
+
+echo "[INFO] Running Ubuntu initializing script ..."
+/bin/bash "${installer_tmp_dir}/baseimage/initializeBaseUbuntuImage.sh" "${revision}" selfhosting
+echo ""
+
+echo "[INFO] Reloading systemd daemon ..."
+systemctl daemon-reload
+echo ""
+
+echo "[INFO] Restart docker ..."
+systemctl restart docker
+echo ""
+
+echo "[FINISHED] Now starting Cloudron init jobs ..."
+systemctl start box-setup
+
+# TODO this is only for convenience we should probably just let the user do a restart
+sleep 5 && sync
+systemctl start cloudron-installer
+journalctl -u cloudron-installer.service -f
@@ -0,0 +1,516 @@
+{
+  "name": "installer",
+  "version": "0.0.1",
+  "dependencies": {
+    "async": {
+      "version": "1.5.0",
+      "from": "async@>=1.5.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.0.tgz"
+    },
+    "body-parser": {
+      "version": "1.14.1",
+      "from": "body-parser@>=1.12.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.1.tgz",
+      "dependencies": {
+        "bytes": {
+          "version": "2.1.0",
+          "from": "bytes@2.1.0",
+          "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.1.0.tgz"
+        },
+        "content-type": {
+          "version": "1.0.1",
+          "from": "content-type@>=1.0.1 <1.1.0",
+          "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.1.tgz"
+        },
+        "depd": {
+          "version": "1.1.0",
+          "from": "depd@>=1.1.0 <1.2.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz"
+        },
+        "http-errors": {
+          "version": "1.3.1",
+          "from": "http-errors@>=1.3.1 <1.4.0",
+          "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.3.1.tgz",
+          "dependencies": {
+            "inherits": {
+              "version": "2.0.1",
+              "from": "inherits@>=2.0.1 <2.1.0",
+              "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz"
+            },
+            "statuses": {
+              "version": "1.2.1",
+              "from": "statuses@>=1.0.0 <2.0.0",
+              "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.2.1.tgz"
+            }
+          }
+        },
+        "iconv-lite": {
+          "version": "0.4.12",
+          "from": "iconv-lite@0.4.12",
+          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.12.tgz"
+        },
+        "on-finished": {
+          "version": "2.3.0",
+          "from": "on-finished@>=2.3.0 <2.4.0",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+          "dependencies": {
+            "ee-first": {
+              "version": "1.1.1",
+              "from": "ee-first@1.1.1",
+              "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz"
+            }
+          }
+        },
+        "qs": {
+          "version": "5.1.0",
+          "from": "qs@5.1.0",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-5.1.0.tgz"
+        },
+        "raw-body": {
+          "version": "2.1.4",
+          "from": "raw-body@>=2.1.4 <2.2.0",
+          "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.1.4.tgz",
+          "dependencies": {
+            "unpipe": {
+              "version": "1.0.0",
+              "from": "unpipe@1.0.0",
+              "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz"
+            }
+          }
+        },
+        "type-is": {
+          "version": "1.6.9",
+          "from": "type-is@>=1.6.9 <1.7.0",
+          "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.9.tgz",
+          "dependencies": {
+            "media-typer": {
+              "version": "0.3.0",
+              "from": "media-typer@0.3.0",
+              "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz"
+            },
+            "mime-types": {
+              "version": "2.1.7",
+              "from": "mime-types@>=2.1.7 <2.2.0",
+              "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.7.tgz",
+              "dependencies": {
+                "mime-db": {
+                  "version": "1.19.0",
+                  "from": "mime-db@>=1.19.0 <1.20.0",
+                  "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.19.0.tgz"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "connect-lastmile": {
+      "version": "0.0.13",
+      "from": "connect-lastmile@0.0.13",
+      "resolved": "https://registry.npmjs.org/connect-lastmile/-/connect-lastmile-0.0.13.tgz",
+      "dependencies": {
+        "debug": {
+          "version": "2.1.3",
+          "from": "debug@>=2.1.0 <2.2.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.1.3.tgz",
+          "dependencies": {
+            "ms": {
+              "version": "0.7.0",
+              "from": "ms@0.7.0",
+              "resolved": "http://registry.npmjs.org/ms/-/ms-0.7.0.tgz"
+            }
+          }
+        }
+      }
+    },
+    "debug": {
+      "version": "2.2.0",
+      "from": "debug@>=2.1.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz",
+      "dependencies": {
+        "ms": {
+          "version": "0.7.1",
+          "from": "ms@0.7.1",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz"
+        }
+      }
+    },
+    "express": {
+      "version": "4.13.3",
+      "from": "express@>=4.11.2 <5.0.0",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.13.3.tgz",
+      "dependencies": {
+        "accepts": {
+          "version": "1.2.13",
+          "from": "accepts@>=1.2.12 <1.3.0",
+          "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.2.13.tgz",
+          "dependencies": {
+            "mime-types": {
+              "version": "2.1.7",
+              "from": "mime-types@>=2.1.6 <2.2.0",
+              "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.7.tgz",
+              "dependencies": {
+                "mime-db": {
+                  "version": "1.19.0",
+                  "from": "mime-db@>=1.19.0 <1.20.0",
+                  "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.19.0.tgz"
+                }
+              }
+            },
+            "negotiator": {
+              "version": "0.5.3",
+              "from": "negotiator@0.5.3",
+              "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.5.3.tgz"
+            }
+          }
+        },
+        "array-flatten": {
+          "version": "1.1.1",
+          "from": "array-flatten@1.1.1",
+          "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz"
+        },
+        "content-disposition": {
+          "version": "0.5.0",
+          "from": "content-disposition@0.5.0",
+          "resolved": "http://registry.npmjs.org/content-disposition/-/content-disposition-0.5.0.tgz"
+        },
+        "content-type": {
+          "version": "1.0.1",
+          "from": "content-type@>=1.0.1 <1.1.0",
+          "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.1.tgz"
+        },
+        "cookie": {
+          "version": "0.1.3",
+          "from": "cookie@0.1.3",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.1.3.tgz"
+        },
+        "cookie-signature": {
+          "version": "1.0.6",
+          "from": "cookie-signature@1.0.6",
+          "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz"
+        },
+        "depd": {
+          "version": "1.0.1",
+          "from": "depd@>=1.0.1 <1.1.0",
+          "resolved": "http://registry.npmjs.org/depd/-/depd-1.0.1.tgz"
+        },
+        "escape-html": {
+          "version": "1.0.2",
+          "from": "escape-html@1.0.2",
+          "resolved": "http://registry.npmjs.org/escape-html/-/escape-html-1.0.2.tgz"
+        },
+        "etag": {
+          "version": "1.7.0",
+          "from": "etag@>=1.7.0 <1.8.0",
+          "resolved": "https://registry.npmjs.org/etag/-/etag-1.7.0.tgz"
+        },
+        "finalhandler": {
+          "version": "0.4.0",
+          "from": "finalhandler@0.4.0",
+          "resolved": "http://registry.npmjs.org/finalhandler/-/finalhandler-0.4.0.tgz",
+          "dependencies": {
+            "unpipe": {
+              "version": "1.0.0",
+              "from": "unpipe@>=1.0.0 <1.1.0",
+              "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz"
+            }
+          }
+        },
+        "fresh": {
+          "version": "0.3.0",
+          "from": "fresh@0.3.0",
+          "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.3.0.tgz"
+        },
+        "merge-descriptors": {
+          "version": "1.0.0",
+          "from": "merge-descriptors@1.0.0",
+          "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.0.tgz"
+        },
+        "methods": {
+          "version": "1.1.1",
+          "from": "methods@>=1.1.1 <1.2.0",
+          "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.1.tgz"
+        },
+        "on-finished": {
+          "version": "2.3.0",
+          "from": "on-finished@>=2.3.0 <2.4.0",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+          "dependencies": {
+            "ee-first": {
+              "version": "1.1.1",
+              "from": "ee-first@1.1.1",
+              "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz"
+            }
+          }
+        },
+        "parseurl": {
+          "version": "1.3.0",
+          "from": "parseurl@>=1.3.0 <1.4.0",
+          "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.0.tgz"
+        },
+        "path-to-regexp": {
+          "version": "0.1.7",
+          "from": "path-to-regexp@0.1.7",
+          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz"
+        },
+        "proxy-addr": {
+          "version": "1.0.8",
+          "from": "proxy-addr@>=1.0.8 <1.1.0",
+          "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.0.8.tgz",
+          "dependencies": {
+            "forwarded": {
+              "version": "0.1.0",
+              "from": "forwarded@>=0.1.0 <0.2.0",
+              "resolved": "http://registry.npmjs.org/forwarded/-/forwarded-0.1.0.tgz"
+            },
+            "ipaddr.js": {
+              "version": "1.0.1",
+              "from": "ipaddr.js@1.0.1",
+              "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.0.1.tgz"
+            }
+          }
+        },
+        "qs": {
+          "version": "4.0.0",
+          "from": "qs@4.0.0",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-4.0.0.tgz"
+        },
+        "range-parser": {
+          "version": "1.0.3",
+          "from": "range-parser@>=1.0.2 <1.1.0",
+          "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.0.3.tgz"
+        },
+        "send": {
+          "version": "0.13.0",
+          "from": "send@0.13.0",
+          "resolved": "http://registry.npmjs.org/send/-/send-0.13.0.tgz",
+          "dependencies": {
+            "destroy": {
+              "version": "1.0.3",
+              "from": "destroy@1.0.3",
+              "resolved": "http://registry.npmjs.org/destroy/-/destroy-1.0.3.tgz"
+            },
+            "http-errors": {
+              "version": "1.3.1",
+              "from": "http-errors@>=1.3.1 <1.4.0",
+              "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.3.1.tgz",
+              "dependencies": {
+                "inherits": {
+                  "version": "2.0.1",
+                  "from": "inherits@>=2.0.1 <2.1.0",
+                  "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz"
+                }
+              }
+            },
+            "mime": {
+              "version": "1.3.4",
+              "from": "mime@1.3.4",
+              "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz"
+            },
+            "ms": {
+              "version": "0.7.1",
+              "from": "ms@0.7.1",
+              "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz"
+            },
+            "statuses": {
+              "version": "1.2.1",
+              "from": "statuses@>=1.2.1 <1.3.0",
+              "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.2.1.tgz"
+            }
+          }
+        },
+        "serve-static": {
+          "version": "1.10.0",
+          "from": "serve-static@>=1.10.0 <1.11.0",
+          "resolved": "http://registry.npmjs.org/serve-static/-/serve-static-1.10.0.tgz"
+        },
+        "type-is": {
+          "version": "1.6.9",
+          "from": "type-is@>=1.6.9 <1.7.0",
+          "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.9.tgz",
+          "dependencies": {
+            "media-typer": {
+              "version": "0.3.0",
+              "from": "media-typer@0.3.0",
+              "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz"
+            },
+            "mime-types": {
+              "version": "2.1.7",
+              "from": "mime-types@>=2.1.6 <2.2.0",
+              "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.7.tgz",
+              "dependencies": {
+                "mime-db": {
+                  "version": "1.19.0",
+                  "from": "mime-db@>=1.19.0 <1.20.0",
+                  "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.19.0.tgz"
+                }
+              }
+            }
+          }
+        },
+        "utils-merge": {
+          "version": "1.0.0",
+          "from": "utils-merge@1.0.0",
+          "resolved": "http://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz"
+        },
+        "vary": {
+          "version": "1.0.1",
+          "from": "vary@>=1.0.1 <1.1.0",
+          "resolved": "https://registry.npmjs.org/vary/-/vary-1.0.1.tgz"
+        }
+      }
+    },
+    "json": {
+      "version": "9.0.3",
+      "from": "json@>=9.0.3 <10.0.0",
+      "resolved": "https://registry.npmjs.org/json/-/json-9.0.3.tgz"
+    },
+    "morgan": {
+      "version": "1.6.1",
+      "from": "morgan@>=1.5.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.6.1.tgz",
+      "dependencies": {
+        "basic-auth": {
+          "version": "1.0.3",
+          "from": "basic-auth@>=1.0.3 <1.1.0",
+          "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-1.0.3.tgz"
+        },
+        "depd": {
+          "version": "1.0.1",
+          "from": "depd@>=1.0.1 <1.1.0",
+          "resolved": "http://registry.npmjs.org/depd/-/depd-1.0.1.tgz"
+        },
+        "on-finished": {
+          "version": "2.3.0",
+          "from": "on-finished@>=2.3.0 <2.4.0",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+          "dependencies": {
+            "ee-first": {
+              "version": "1.1.1",
+              "from": "ee-first@1.1.1",
+              "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz"
+            }
+          }
+        },
+        "on-headers": {
+          "version": "1.0.1",
+          "from": "on-headers@>=1.0.0 <1.1.0",
+          "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.1.tgz"
+        }
+      }
+    },
+    "proxy-middleware": {
+      "version": "0.15.0",
+      "from": "proxy-middleware@>=0.15.0 <0.16.0",
+      "resolved": "https://registry.npmjs.org/proxy-middleware/-/proxy-middleware-0.15.0.tgz"
+    },
+    "safetydance": {
+      "version": "0.0.19",
+      "from": "safetydance@0.0.19",
+      "resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.0.19.tgz"
+    },
+    "semver": {
+      "version": "5.1.0",
+      "from": "semver@>=5.1.0 <6.0.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.1.0.tgz"
+    },
+    "superagent": {
+      "version": "0.21.0",
+      "from": "superagent@>=0.21.0 <0.22.0",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-0.21.0.tgz",
+      "dependencies": {
+        "component-emitter": {
+          "version": "1.1.2",
+          "from": "component-emitter@1.1.2",
+          "resolved": "http://registry.npmjs.org/component-emitter/-/component-emitter-1.1.2.tgz"
+        },
+        "cookiejar": {
+          "version": "2.0.1",
+          "from": "cookiejar@2.0.1",
+          "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.0.1.tgz"
+        },
+        "extend": {
+          "version": "1.2.1",
+          "from": "extend@>=1.2.1 <1.3.0",
+          "resolved": "https://registry.npmjs.org/extend/-/extend-1.2.1.tgz"
+        },
+        "form-data": {
+          "version": "0.1.3",
+          "from": "form-data@0.1.3",
+          "resolved": "http://registry.npmjs.org/form-data/-/form-data-0.1.3.tgz",
+          "dependencies": {
+            "async": {
+              "version": "0.9.2",
+              "from": "async@>=0.9.0 <0.10.0",
+              "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz"
+            },
+            "combined-stream": {
+              "version": "0.0.7",
+              "from": "combined-stream@>=0.0.4 <0.1.0",
+              "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz",
+              "dependencies": {
+                "delayed-stream": {
+                  "version": "0.0.5",
+                  "from": "delayed-stream@0.0.5",
+                  "resolved": "http://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz"
+                }
+              }
+            }
+          }
+        },
+        "formidable": {
+          "version": "1.0.14",
+          "from": "formidable@1.0.14",
+          "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.0.14.tgz"
+        },
+        "methods": {
+          "version": "1.0.1",
+          "from": "methods@1.0.1",
+          "resolved": "https://registry.npmjs.org/methods/-/methods-1.0.1.tgz"
+        },
+        "mime": {
+          "version": "1.2.11",
+          "from": "mime@1.2.11",
+          "resolved": "https://registry.npmjs.org/mime/-/mime-1.2.11.tgz"
+        },
+        "qs": {
+          "version": "1.2.0",
+          "from": "qs@1.2.0",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-1.2.0.tgz"
+        },
+        "readable-stream": {
+          "version": "1.0.27-1",
+          "from": "readable-stream@1.0.27-1",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.27-1.tgz",
+          "dependencies": {
+            "core-util-is": {
+              "version": "1.0.1",
+              "from": "core-util-is@>=1.0.0 <1.1.0",
+              "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.1.tgz"
+            },
+            "inherits": {
+              "version": "2.0.1",
+              "from": "inherits@>=2.0.1 <2.1.0",
+              "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz"
+            },
+            "isarray": {
+              "version": "0.0.1",
+              "from": "isarray@0.0.1",
+              "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+            },
+            "string_decoder": {
+              "version": "0.10.31",
+              "from": "string_decoder@>=0.10.0 <0.11.0",
+              "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"
+            }
+          }
+        },
+        "reduce-component": {
+          "version": "1.0.1",
+          "from": "reduce-component@1.0.1",
+          "resolved": "http://registry.npmjs.org/reduce-component/-/reduce-component-1.0.1.tgz"
+        }
+      }
+    }
+  }
+}
@@ -0,0 +1,47 @@
+{
+  "name": "installer",
+  "description": "Cloudron Installer",
+  "version": "0.0.1",
+  "private": "true",
+  "author": {
+    "name": "Cloudron authors"
+  },
+  "repository": {
+    "type": "git"
+  },
+  "engines": [
+    "node >=4.0.0 <=4.1.1"
+  ],
+  "dependencies": {
+    "async": "^1.5.0",
+    "body-parser": "^1.12.0",
+    "connect-lastmile": "0.0.13",
+    "debug": "^2.1.1",
+    "express": "^4.11.2",
+    "json": "^9.0.3",
+    "morgan": "^1.5.1",
+    "proxy-middleware": "^0.15.0",
+    "safetydance": "0.0.19",
+    "semver": "^5.1.0",
+    "superagent": "^0.21.0"
+  },
+  "devDependencies": {
+    "colors": "^1.1.2",
+    "commander": "^2.8.1",
+    "expect.js": "^0.3.1",
+    "istanbul": "^0.3.5",
+    "lodash": "^3.2.0",
+    "mocha": "^2.1.0",
+    "nock": "^0.59.1",
+    "sleep": "^3.0.0",
+    "superagent-sync": "^0.2.0",
+    "supererror": "^0.7.0",
+    "yesno": "0.0.1"
+  },
+  "scripts": {
+    "test": "NODE_ENV=test ./node_modules/istanbul/lib/cli.js test $1 ./node_modules/mocha/bin/_mocha -- -R spec ./src/test",
+    "precommit": "/bin/true",
+    "prepush": "npm test",
+    "postmerge": "/bin/true"
+  }
+}
@@ -0,0 +1,129 @@
+/* jslint node: true */
+
+'use strict';
+
+var assert = require('assert'),
+    child_process = require('child_process'),
+    debug = require('debug')('installer:installer'),
+    path = require('path'),
+    safe = require('safetydance'),
+    semver = require('semver'),
+    superagent = require('superagent'),
+    util = require('util');
+
+exports = module.exports = {
+    InstallerError: InstallerError,
+
+    provision: provision,
+    retire: retire,
+
+    _ensureVersion: ensureVersion
+};
+
+var INSTALLER_CMD = path.join(__dirname, 'scripts/installer.sh'),
+    RETIRE_CMD = path.join(__dirname, 'scripts/retire.sh'),
+    SUDO = '/usr/bin/sudo';
+
+function InstallerError(reason, info) {
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    this.message = !info ? reason : (typeof info === 'object' ? JSON.stringify(info) : info);
+}
+util.inherits(InstallerError, Error);
+InstallerError.INTERNAL_ERROR = 1;
+InstallerError.ALREADY_PROVISIONED = 2;
+
+// system until file has KillMode=control-group to bring down child processes
+function spawn(tag, cmd, args, callback) {
+    assert.strictEqual(typeof tag, 'string');
+    assert.strictEqual(typeof cmd, 'string');
+    assert(util.isArray(args));
+    assert.strictEqual(typeof callback, 'function');
+
+    var cp = child_process.spawn(cmd, args, { timeout: 0 });
+    cp.stdout.setEncoding('utf8');
+    cp.stdout.on('data', function (data) { debug('%s (stdout): %s', tag, data); });
+    cp.stderr.setEncoding('utf8');
+    cp.stderr.on('data', function (data) { debug('%s (stderr): %s', tag, data); });
+
+    cp.on('error', function (error) {
+        debug('%s : child process errored %s', tag, error.message);
+        callback(error);
+    });
+
+    cp.on('exit', function (code, signal) {
+        debug('%s : child process exited. code: %d signal: %d', tag, code, signal);
+        if (signal) return callback(new Error('Exited with signal ' + signal));
+        if (code !== 0) return callback(new Error('Exited with code ' + code));
+
+        callback(null);
+    });
+}
+
+function retire(args, callback) {
+    assert.strictEqual(typeof args, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var pargs = [ RETIRE_CMD ];
+    pargs.push('--data', JSON.stringify(args.data));
+
+    debug('retire: calling with args %j', pargs);
+
+    if (process.env.NODE_ENV === 'test') return callback(null);
+
+    // sudo is required for retire()
+    spawn('retire', SUDO, pargs, callback);
+}
+
+function ensureVersion(args, callback) {
+    assert.strictEqual(typeof args, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (!args.data || !args.data.boxVersionsUrl) return callback(new Error('No boxVersionsUrl specified'));
+
+    if (args.sourceTarballUrl) return callback(null, args);
+
+    superagent.get(args.data.boxVersionsUrl).end(function (error, result) {
+        if (error && !error.response) return callback(error);
+        if (result.statusCode !== 200) return callback(new Error(util.format('Bad status: %s %s', result.statusCode, result.text)));
+
+        var versions = safe.JSON.parse(result.text);
+
+        if (!versions || typeof versions !== 'object') return callback(new Error('versions is not in valid format:' + safe.error));
+
+        var latestVersion = Object.keys(versions).sort(semver.compare).pop();
+        debug('ensureVersion: Latest version is %s etag:%s', latestVersion, result.header['etag']);
+
+        if (!versions[latestVersion]) return callback(new Error('No version available'));
+        if (!versions[latestVersion].sourceTarballUrl) return callback(new Error('No sourceTarballUrl specified'));
+
+        args.sourceTarballUrl = versions[latestVersion].sourceTarballUrl;
+        args.data.version = latestVersion;
+
+        callback(null, args);
+    });
+}
+
+function provision(args, callback) {
+    assert.strictEqual(typeof args, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (process.env.NODE_ENV === 'test') return callback(null);
+
+    ensureVersion(args, function (error, result) {
+        if (error) return callback(error);
+
+        var pargs = [ INSTALLER_CMD ];
+        pargs.push('--sourcetarballurl', result.sourceTarballUrl);
+        pargs.push('--data', JSON.stringify(result.data));
+
+        debug('provision: calling with args %j', pargs);
+
+        // sudo is required for update()
+        spawn('provision', SUDO, pargs, callback);
+    });
+}
+
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+readonly BOX_SRC_DIR=/home/yellowtent/box
+readonly DATA_DIR=/home/yellowtent/data
+
+readonly script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly json="${script_dir}/../../node_modules/.bin/json"
+readonly curl="curl --fail --connect-timeout 20 --retry 10 --retry-delay 2 --max-time 180"
+
+readonly is_update=$([[ -d "${BOX_SRC_DIR}" ]] && echo "yes" || echo "no")
+
+# create a provision file for testing. %q escapes args. %q is reused as much as necessary to satisfy $@
+(echo -e "#!/bin/bash\n"; printf "%q " "${script_dir}/installer.sh" "$@") > /home/yellowtent/provision.sh
+chmod +x /home/yellowtent/provision.sh
+
+arg_source_tarball_url=""
+arg_data=""
+
+args=$(getopt -o "" -l "sourcetarballurl:,data:" -n "$0" -- "$@")
+eval set -- "${args}"
+
+while true; do
+    case "$1" in
+    --sourcetarballurl) arg_source_tarball_url="$2";;
+    --data) arg_data="$2";;
+    --) break;;
+    *) echo "Unknown option $1"; exit 1;;
+    esac
+
+    shift 2
+done
+
+box_src_tmp_dir=$(mktemp -dt box-src-XXXXXX)
+echo "Downloading box code from ${arg_source_tarball_url} to ${box_src_tmp_dir}"
+
+while true; do
+    if $curl -L "${arg_source_tarball_url}" | tar -zxf - -C "${box_src_tmp_dir}"; then break; fi
+    echo "Failed to download source tarball, trying again"
+    sleep 5
+done
+while true; do
+    # for reasons unknown, the dtrace package will fail. but rebuilding second time will work
+    if cd "${box_src_tmp_dir}" && npm rebuild; then break; fi
+    echo "Failed to rebuild, trying again"
+    sleep 5
+done
+
+if [[ "${is_update}" == "yes" ]]; then
+    echo "Setting up update splash screen"
+    "${box_src_tmp_dir}/setup/splashpage.sh" --data "${arg_data}" # show splash from new code
+    ${BOX_SRC_DIR}/setup/stop.sh # stop the old code
+fi
+
+# switch the codes
+rm -rf "${BOX_SRC_DIR}"
+mv "${box_src_tmp_dir}" "${BOX_SRC_DIR}"
+chown -R yellowtent.yellowtent "${BOX_SRC_DIR}"
+
+# create a start file for testing. %q escapes args
+(echo -e "#!/bin/bash\n"; printf "%q " "${BOX_SRC_DIR}/setup/start.sh" --data "${arg_data}") > /home/yellowtent/setup_start.sh
+chmod +x /home/yellowtent/setup_start.sh
+
+echo "Calling box setup script"
+"${BOX_SRC_DIR}/setup/start.sh" --data "${arg_data}"
+
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# This script is called once at the end of a cloudrons lifetime
+
+set -eu -o pipefail
+
+readonly BOX_SRC_DIR=/home/yellowtent/box
+
+arg_data=""
+
+args=$(getopt -o "" -l "data:" -n "$0" -- "$@")
+eval set -- "${args}"
+
+while true; do
+    case "$1" in
+    --data) arg_data="$2";;
+    --) break;;
+    *) echo "Unknown option $1"; exit 1;;
+    esac
+
+    shift 2
+done
+
+echo "Setting up splash screen"
+"${BOX_SRC_DIR}/setup/splashpage.sh" --retire --data "${arg_data}" # show splash
+"${BOX_SRC_DIR}/setup/stop.sh" # stop the cloudron code
+
+systemctl stop docker # stop the apps
+systemctl stop cloudron-installer # stop the installer
+
@@ -0,0 +1,213 @@
+#!/usr/bin/env node
+
+/* jslint node: true */
+
+'use strict';
+
+var assert = require('assert'),
+    async = require('async'),
+    debug = require('debug')('installer:server'),
+    express = require('express'),
+    fs = require('fs'),
+    http = require('http'),
+    HttpError = require('connect-lastmile').HttpError,
+    https = require('https'),
+    HttpSuccess = require('connect-lastmile').HttpSuccess,
+    installer = require('./installer.js'),
+    json = require('body-parser').json,
+    lastMile = require('connect-lastmile'),
+    morgan = require('morgan'),
+    path = require('path'),
+    superagent = require('superagent');
+
+exports = module.exports = {
+    start: start,
+    stop: stop
+};
+
+var PROVISION_CONFIG_FILE = '/root/provision.json';
+var CLOUDRON_CONFIG_FILE = '/home/yellowtent/configs/cloudron.conf';
+
+var gHttpsServer = null, // provision server; used for install/restore
+    gHttpServer = null; // update server; used for updates
+
+function provisionDigitalOcean(callback) {
+    if (fs.existsSync(CLOUDRON_CONFIG_FILE)) return callback(null); // already provisioned
+
+    superagent.get('http://169.254.169.254/metadata/v1.json').end(function (error, result) {
+        if (error || result.statusCode !== 200) {
+            console.error('Error getting metadata', error);
+            return callback(new Error('Error getting metadata'));
+        }
+
+        var userData = JSON.parse(result.body.user_data);
+
+        installer.provision(userData, callback);
+    });
+}
+
+function provisionLocal(callback) {
+    if (fs.existsSync(CLOUDRON_CONFIG_FILE)) return callback(null); // already provisioned
+
+    if (!fs.existsSync(PROVISION_CONFIG_FILE)) {
+        console.error('No provisioning data found at %s', PROVISION_CONFIG_FILE);
+        return callback(new Error('No provisioning data found'));
+    }
+
+    var userData = require(PROVISION_CONFIG_FILE);
+
+    installer.provision(userData, callback);
+}
+
+function update(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.sourceTarballUrl || typeof req.body.sourceTarballUrl !== 'string') return next(new HttpError(400, 'No sourceTarballUrl provided'));
+    if (!req.body.data || typeof req.body.data !== 'object') return next(new HttpError(400, 'No data provided'));
+
+    debug('provision: received from box %j', req.body);
+
+    installer.provision(req.body, function (error) {
+        if (error) console.error(error);
+    });
+
+    next(new HttpSuccess(202, { }));
+}
+
+function retire(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.data || typeof req.body.data !== 'object') return next(new HttpError(400, 'No data provided'));
+
+    if (typeof req.body.data.tlsCert !== 'string') console.error('No TLS cert provided');
+    if (typeof req.body.data.tlsKey !== 'string') console.error('No TLS key provided');
+
+    debug('retire: received from appstore %j', req.body);
+
+    installer.retire(req.body, function (error) {
+        if (error) console.error(error);
+    });
+
+    next(new HttpSuccess(202, {}));
+}
+
+function startUpdateServer(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Starting update server');
+
+    var app = express();
+
+    var router = new express.Router();
+
+    if (process.env.NODE_ENV !== 'test') app.use(morgan('dev', { immediate: false }));
+
+    app.use(json({ strict: true }))
+       .use(router)
+       .use(lastMile());
+
+    router.post('/api/v1/installer/update', update);
+
+    gHttpServer = http.createServer(app);
+    gHttpServer.on('error', console.error);
+
+    gHttpServer.listen(2020, '127.0.0.1', callback);
+}
+
+function startProvisionServer(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Starting provision server');
+
+    var app = express();
+
+    var router = new express.Router();
+
+    if (process.env.NODE_ENV !== 'test') app.use(morgan('dev', { immediate: false }));
+
+    app.use(json({ strict: true }))
+       .use(router)
+       .use(lastMile());
+
+    router.post('/api/v1/installer/retire', retire);
+
+    var caPath = path.join(__dirname, process.env.NODE_ENV === 'test' ? 'test/certs' : 'certs');
+    var certPath = path.join(__dirname, process.env.NODE_ENV === 'test' ? 'test/certs' : 'certs');
+
+    var options = {
+        key: fs.readFileSync(path.join(certPath, 'server.key')),
+        cert: fs.readFileSync(path.join(certPath, 'server.crt')),
+        ca: fs.readFileSync(path.join(caPath, 'ca.crt')),
+
+        // request cert from client and only allow from our CA
+        requestCert: true,
+        rejectUnauthorized: process.env.NODE_TLS_REJECT_UNAUTHORIZED !== '0' // this is set in the tests
+    };
+
+    gHttpsServer = https.createServer(options, app);
+    gHttpsServer.on('error', console.error);
+
+    gHttpsServer.listen(process.env.NODE_ENV === 'test' ? 4443 : 886, '0.0.0.0', callback);
+}
+
+function stopProvisionServer(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Stopping provision server');
+
+    if (!gHttpsServer) return callback(null);
+
+    gHttpsServer.close(callback);
+    gHttpsServer = null;
+}
+
+function stopUpdateServer(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Stopping update server');
+
+    if (!gHttpServer) return callback(null);
+
+    gHttpServer.close(callback);
+    gHttpServer = null;
+}
+
+function start(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    var actions;
+
+    if (process.env.PROVISION === 'local') {
+        debug('Starting Installer in selfhost mode');
+
+        actions = [
+            startUpdateServer,
+            provisionLocal
+        ];
+    } else {    // current fallback, should be 'digitalocean' eventually, see initializeBaseUbuntuImage.sh
+        debug('Starting Installer in managed mode');
+
+        actions = [
+            startUpdateServer,
+            startProvisionServer,
+            provisionDigitalOcean
+        ];
+    }
+
+    async.series(actions, callback);
+}
+
+function stop(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    async.series([
+        stopUpdateServer,
+        stopProvisionServer
+    ], callback);
+}
+
+if (require.main === module) {
+    start(function (error) {
+        if (error) console.error(error);
+    });
+}
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIJAMPL81PAySGAMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU0MxFTATBgNVBAoTDENsb3Vk
+cm9uIEluYzEaMBgGA1UEAxMRSW5zdGFsbCBTZXJ2ZXIgQ0EwHhcNMTUwMTE2MDEy
+NDM2WhcNMTYwMTE2MDEyNDM2WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
+CzAJBgNVBAcTAlNDMRUwEwYDVQQKEwxDbG91ZHJvbiBJbmMxGjAYBgNVBAMTEUlu
+c3RhbGwgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+31TkOEC3JXtieHiZgM5qWw771rV2JEDKs1C68+n/OmKrp3zAQV08A+w/KVurn1P9
+gZlYF+CBRVZDV8lYbWzc6PgMPWEDHHV72FS5Kq6ZyikB+r5OQJ8qU61y840h6ZCD
+MEYr6N9qXm9wSApJBQ/key/pg7+95B2CFYRrg5NVstIYqpJ1lyxCMFTrjYAmteOB
+Bi/4GPApu9Tj0ifTMbZFGTPtWm/yhCZ6Anm6w+ok9tDMpPC6kRgUJ3B4HY75D9dV
+aWSls9jdZw4JU1jIFlAdUjhGEEmHWOzAD8vBjvuBqcf9NQwvieWG5tDYfZ6DYRC2
+/aG1C5UWhFLDv2/F+56k3wIDAQABo4G/MIG8MB0GA1UdDgQWBBQ088hd2sIIqVtw
+xJeAkCORdclFRjCBjAYDVR0jBIGEMIGBgBQ088hd2sIIqVtwxJeAkCORdclFRqFe
+pFwwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQHEwJTQzEVMBMG
+A1UEChMMQ2xvdWRyb24gSW5jMRowGAYDVQQDExFJbnN0YWxsIFNlcnZlciBDQYIJ
+AMPL81PAySGAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJcW+Wmz
+/o0JBC2WsMjUjxVrzOiu9bdKQ1yn83Zcv74zEfmWfJotVOK1oKsTyOZfTvvWrpLc
+GXXhh4oXWsNnFII3uJyZIY3v/DoE0pa7TCZhLYFbL2kEaC5rTwe/+VScHy5ROOiu
+gnzOU3MyrcMTT0v4qcT0NlkIptRdvIYNpqfXO6vG9sMp4C/NwWhl/IfHkIAv0eH
+l3HTr8wxgldCjxbnJgYkyUcWAmLi2YEXKCEPWmsfqp3Z+Ng1M+A9OKjJLHWowl9X
+4arvn6WaUbZjRxxjvK199If1R6KWwD6YQ9cKH4Ex4/hhIqg5I3MQFu+pOq/b0XH/
+9I10o6FVU7vcFkQ=
+-----END CERTIFICATE-----
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhgCCQCDr1HQJBr1izANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNDMREwDwYDVQQKDAhDbG91ZHJvbjEe
+MBwGA1UEAwwVaW5zdGFsbGVyLmNsb3Vkcm9uLmlvMB4XDTE1MTExNjIzMTcwMloX
+DTE2MTExNTIzMTcwMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYD
+VQQHDAJTQzERMA8GA1UECgwIQ2xvdWRyb24xHjAcBgNVBAMMFWluc3RhbGxlci5j
+bG91ZHJvbi5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0suQX7
+hKBhYsSH0msnEPVbRDIotYbtVDav/v7Sb/fRU7qVoL31tj2iZRDJRJ27uRM3J4ye
+6hgJAAwQGtfXrcVZY3SOAlGXsFZF0wgBCw0pGtgF3HA1BcwbCwAd06J6w3lKActA
+DMEUio/jRXpYELUU2Nzopq0MsMyyBSBkNC18i0HUB8vkF8yQvb1OpbcxERbpf3D5
+zjeFf5kIE/k8lwBz1vMF0uAA2GfcXxs3dyDaxVteWeevVYZzAoY9EcUyBWX7OQnx
+aUygl3OywN+xOJKXKCQpckzDvr9Vp1sKItoMMy5y81SyNhZIMBYGGG+oNp/wSgQf
+Cht+LupI+bXoYrMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgPHZx52qYuEUdzVO
+t/+VXO7dxJkONYU8sjTYIfJme8ZZd7beZBMUni5s2gvv6i5HFyJ2Ol88sv8hAaI/
+6Vmbszml+5tLyPK8Gygk62l6OcKDwU/yazTxxCApulNy1SV34kzruXUMZ28ybcqA
+XJywMMx4RDmSIBXPdDCeaOgYwI7Wk56obJ8sa2+Z6100GNoX+qBSOsWMMJW+ohnp
+eQWHkTOJzU4hIMfZCbW0cF5Xn/35xEh0xxaH7XWglJLM9neBPba+Ydz7567mN9co
+vgv2dE5ZOKSjG63CtUvv819dvbWVKq8jiMCqPGRcr1iSeqbC02tnx0W762980uSx
+QfOgAw==
+-----END CERTIFICATE-----
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEArSy5BfuEoGFixIfSaycQ9VtEMii1hu1UNq/+/tJv99FTupWg
+vfW2PaJlEMlEnbu5EzcnjJ7qGAkADBAa19etxVljdI4CUZewVkXTCAELDSka2AXc
+cDUFzBsLAB3TonrDeUoBy0AMwRSKj+NFelgQtRTY3OimrQywzLIFIGQ0LXyLQdQH
+y+QXzJC9vU6ltzERFul/cPnON4V/mQgT+TyXAHPW8wXS4ADYZ9xfGzd3INrFW15Z
+569VhnMChj0RxTIFZfs5CfFpTKCXc7LA37E4kpcoJClyTMO+v1WnWwoi2gwzLnLz
+VLI2FkgwFgYYb6g2n/BKBB8KG34u6kj5tehiswIDAQABAoIBAGNAQ5bbLYsh5ZKP
+6ZhCHqUQtsgsrsVzFhX1zqbLgyK8VUmV4jedMOKoRVZWlD32zj7mGIOuvKoj1mQT
+gt78HPsDnU266jdLQeRgRm/K8UOMsHbo/QtOSFFPmoFpltcDly7XrKmJvwWWOUf4
+UOSqvoCaPyR1Lrn1kQrwaKHE7Ga4jfyOrIq9JI7y/ih+Y7D8xcMnyLAsjyVkSAtr
+XrGNHcx3yPuBmjaOglzeb6Ksdpt4ETElrvH3ByT5EV2zUVr9Txv+m8xSVBZfea9
+aE7lWSQoOUz+e6RhIX3Df/QfR6KkDblAwEF9Se98DWcz46Y34oc2E0lSoJYpoPxP
+vbRlfDkCgYEA3nAc8kDRkbQObSfnVjpijBSP5hfr3jX+XTbxK7Y3aTMViY+87iWK
+bLNuX+2JRCmRjk0wy2YXnJQV3sU/EO5gLhOz9060MIHgFISq4KRgPorN/EFWryOe
+mDzhPIuhZLMetv0ajS3Z5IxIAs+FLu7Yx9em80q540UA3kXsFWe2lpUCgYEAx03E
+kk5zLirVFtoyP/yAES+KVppqBweCUA5vVxB8H26oIhi8G8kT4b77x6wXxQzdsA4H
+a4ou3ZBZVK41PREgG1MWgzpbwk49T1FX6TLtvdhr/9QhYC+RIynynA/pA36LSKT5
+pvWegYB4+9jaPrQ5L1zcrLF2XlTsgpuC43kXKicCgYA0dXxeJatHEY/VbnPAgkR7
+hN3rBfk6jsFOeoamKHMo/EM4Dg4gm/npaOe+9+ZHjQYm6U14qrsm0kXWI+6br5w/
+QaZPzN/yEK8oJ6GlGR8ZoOKzezVWWLAudy0neka12QiFX2vDn+yjWfIht49RYkL9
+3n4hIp50WvG5egQTiEIngQKBgCn9yJzKypm/jIX0EwJIQPNeANeeURiKDHqxj+PY
+JU66EdKdQ4TXKMk3Y/T93UQ3Ib4mNooB4z3rW+brjWwAX7NiHiwn741QzroXeV44
+zL5jCt4r45xQaVPvUp5u+7kwwEfd+nui5HKEjvkBB3qOnj3MYvI/saDOY8Zg3YLv
+0GGhAoGANBwFcDgwP9KDt0NxKXhe3rlSUyfGSSUF89hZPrLDCiaGFURD/w4j3EGr
+Ui9Rcwm2ymqlFzTO4JYKy1/pRCWA7GDfslICJPOPG3Wytsjog0WymQuMjYC2tL/+
+RwD0qG0/aBGE4PbigPRoJ/7BGZLKtdy99P0wyFC3o6OBoAl3Zqo=
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,219 @@
+/* jslint node:true */
+/* global it:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+var expect = require('expect.js'),
+    fs = require('fs'),
+    path = require('path'),
+    nock = require('nock'),
+    os = require('os'),
+    request = require('superagent'),
+    server = require('../server.js'),
+    installer = require('../installer.js'),
+    _ = require('lodash');
+
+var EXTERNAL_SERVER_URL = 'https://localhost:4443';
+var INTERNAL_SERVER_URL = 'http://localhost:2020';
+var APPSERVER_ORIGIN = 'http://appserver';
+var FQDN = os.hostname();
+
+describe('Server', function () {
+    this.timeout(5000);
+
+    before(function (done) {
+        var user_data = JSON.stringify({ apiServerOrigin: APPSERVER_ORIGIN }); // user_data is a string
+        var scope = nock('http://169.254.169.254')
+            .persist()
+            .get('/metadata/v1.json')
+            .reply(200, JSON.stringify({ user_data: user_data }), { 'Content-Type': 'application/json' });
+        done();
+    });
+
+    after(function (done) {
+        nock.cleanAll();
+        done();
+    });
+
+    describe('starts and stop', function () {
+        it('starts', function (done) {
+            server.start(done);
+        });
+
+        it('stops', function (done) {
+            server.stop(done);
+        });
+    });
+
+    describe('update (internal server)', function () {
+        before(function (done) {
+            server.start(done);
+        });
+        after(function (done) {
+            server.stop(done);
+        });
+
+        it('does not respond to provision', function (done) {
+            request.post(INTERNAL_SERVER_URL + '/api/v1/installer/provision').send({ }).end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(404);
+                done();
+            });
+        });
+
+        it('does not respond to restore', function (done) {
+            request.post(INTERNAL_SERVER_URL + '/api/v1/installer/restore').send({ }).end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(404);
+                done();
+            });
+        });
+
+        var data = {
+            sourceTarballUrl: "https://foo.tar.gz",
+
+            data: {
+                token: 'sometoken',
+                apiServerOrigin: APPSERVER_ORIGIN,
+                webServerOrigin: 'https://somethingelse.com',
+                fqdn: 'www.something.com',
+                tlsKey: 'key',
+                tlsCert: 'cert',
+                boxVersionsUrl: 'https://versions.json',
+                version: '0.1'
+            }
+        };
+
+        Object.keys(data).forEach(function (key) {
+            it('fails due to missing ' + key, function (done) {
+                var dataCopy = _.merge({ }, data);
+                delete dataCopy[key];
+
+                request.post(INTERNAL_SERVER_URL + '/api/v1/installer/update').send(dataCopy).end(function (error, result) {
+                    expect(error).to.not.be.ok();
+                    expect(result.statusCode).to.equal(400);
+                    done();
+                });
+            });
+        });
+
+        it('succeeds', function (done) {
+            request.post(INTERNAL_SERVER_URL + '/api/v1/installer/update').send(data).end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(202);
+                done();
+            });
+        });
+    });
+
+    describe('retire', function () {
+        var data = {
+            data: {
+                tlsKey: 'key',
+                tlsCert: 'cert'
+            }
+        };
+
+        before(function (done) {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // TODO: use a installer ca signed cert instead
+            server.start(done);
+        });
+
+        after(function (done) {
+            server.stop(done);
+            delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+        });
+
+        Object.keys(data).forEach(function (key) {
+            it('fails due to missing ' + key, function (done) {
+                var dataCopy = _.merge({ }, data);
+                delete dataCopy[key];
+
+                request.post(EXTERNAL_SERVER_URL + '/api/v1/installer/retire').send(dataCopy).end(function (error, result) {
+                    expect(error).to.not.be.ok();
+                    expect(result.statusCode).to.equal(400);
+                    done();
+                });
+            });
+        });
+
+        it('succeeds', function (done) {
+            request.post(EXTERNAL_SERVER_URL + '/api/v1/installer/retire').send(data).end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(202);
+                done();
+            });
+        });
+    });
+
+    describe('ensureVersion', function () {
+        before(function () {
+            process.env.NODE_ENV = undefined;
+        });
+
+        after(function () {
+            process.env.NODE_ENV = 'test';
+        });
+
+        it ('fails without data', function (done) {
+            installer._ensureVersion({}, function (error) {
+                expect(error).to.be.an(Error);
+                done();
+            });
+        });
+
+        it ('fails without boxVersionsUrl', function (done) {
+            installer._ensureVersion({ data: {}}, function (error) {
+                expect(error).to.be.an(Error);
+                done();
+            });
+        });
+
+        it ('succeeds with sourceTarballUrl', function (done) {
+            var data = {
+                sourceTarballUrl: 'sometarballurl',
+                data: {
+                    boxVersionsUrl: 'http://foobar/versions.json'
+                }
+            };
+
+            installer._ensureVersion(data, function (error, result) {
+                expect(error).to.equal(null);
+                expect(result).to.eql(data);
+                done();
+            });
+        });
+
+        it ('succeeds without sourceTarballUrl', function (done) {
+            var versions = {
+                '0.1.0': {
+                    sourceTarballUrl: 'sometarballurl1'
+                },
+                '0.2.0': {
+                    sourceTarballUrl: 'sometarballurl2'
+                }
+            };
+
+            var scope = nock('http://foobar')
+                .get('/versions.json')
+                .reply(200, JSON.stringify(versions), { 'Content-Type': 'application/json' });
+
+            var data = {
+                data: {
+                    boxVersionsUrl: 'http://foobar/versions.json'
+                }
+            };
+
+            installer._ensureVersion(data, function (error, result) {
+                expect(error).to.equal(null);
+                expect(result.sourceTarballUrl).to.equal(versions['0.2.0'].sourceTarballUrl);
+                expect(result.data.boxVersionsUrl).to.equal(data.data.boxVersionsUrl);
+                done();
+            });
+        });
+    });
+});
+
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+readonly USER_HOME="/home/yellowtent"
+readonly APPS_SWAP_FILE="/apps.swap"
+readonly BACKUP_SWAP_FILE="/backup.swap" # used when doing app backups
+readonly USER_DATA_FILE="/root/user_data.img"
+readonly USER_DATA_DIR="/home/yellowtent/data"
+
+# detect device
+if [[ -b "/dev/vda1" ]]; then
+    disk_device="/dev/vda1"
+fi
+
+if [[ -b "/dev/xvda1" ]]; then
+    disk_device="/dev/xvda1"
+fi
+
+# all sizes are in mb
+readonly physical_memory=$(free -m | awk '/Mem:/ { print $2 }')
+readonly swap_size="${physical_memory}"
+readonly app_count=$((${physical_memory} / 200)) # estimated app count
+readonly disk_size_gb=$(fdisk -l ${disk_device} | grep "Disk ${disk_device}" | awk '{ print $3 }')
+readonly disk_size=$((disk_size_gb * 1024))
+readonly backup_swap_size=1024
+# readonly system_size=5120 # 5 gigs for system libs, installer, box code and tmp
+readonly system_size=10240 # 10 gigs for system libs, apps images, installer, box code and tmp
+readonly ext4_reserved=$((disk_size * 5 / 100)) # this can be changes using tune2fs -m percent /dev/vda1
+
+echo "Disk device: ${disk_device}"
+echo "Physical memory: ${physical_memory}"
+echo "Estimated app count: ${app_count}"
+echo "Disk size: ${disk_size}"
+
+# Allocate two sets of swap files - one for general app usage and another for backup
+# The backup swap is setup for swap on the fly by the backup scripts
+if [[ ! -f "${APPS_SWAP_FILE}" ]]; then
+    echo "Creating Apps swap file of size ${swap_size}M"
+    fallocate -l "${swap_size}m" "${APPS_SWAP_FILE}"
+    chmod 600 "${APPS_SWAP_FILE}"
+    mkswap "${APPS_SWAP_FILE}"
+    swapon "${APPS_SWAP_FILE}"
+    echo "${APPS_SWAP_FILE}  none  swap  sw  0 0" >> /etc/fstab
+else
+    echo "Apps Swap file already exists"
+fi
+
+if [[ ! -f "${BACKUP_SWAP_FILE}" ]]; then
+    echo "Creating Backup swap file of size ${backup_swap_size}M"
+    fallocate -l "${backup_swap_size}m" "${BACKUP_SWAP_FILE}"
+    chmod 600 "${BACKUP_SWAP_FILE}"
+    mkswap "${BACKUP_SWAP_FILE}"
+else
+    echo "Backups Swap file already exists"
+fi
+
+echo "Resizing data volume"
+home_data_size=$((disk_size - system_size - swap_size - backup_swap_size - ext4_reserved))
+echo "Resizing up btrfs user data to size ${home_data_size}M"
+umount "${USER_DATA_DIR}"
+fallocate -l "${home_data_size}m" "${USER_DATA_FILE}" # does not overwrite existing data
+mount "${USER_DATA_FILE}"
+btrfs filesystem resize max "${USER_DATA_DIR}"
+
@@ -0,0 +1,15 @@
+dbm = dbm || require('db-migrate');
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE users ADD COLUMN displayName VARCHAR(512) DEFAULT ""', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE users DROP COLUMN displayName', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
@@ -18,6 +18,7 @@ CREATE TABLE IF NOT EXISTS users(
    createdAt VARCHAR(512) NOT NULL,
    modifiedAt VARCHAR(512) NOT NULL,
    admin INTEGER NOT NULL,
+    displayName VARCHAR(512) DEFAULT '',
    PRIMARY KEY(id));

 CREATE TABLE IF NOT EXISTS tokens(
@@ -14,10 +14,11 @@
  ],
  "dependencies": {
    "async": "^1.2.1",
+    "attempt": "^1.0.1",
    "aws-sdk": "^2.1.46",
    "body-parser": "^1.13.1",
    "bytes": "^2.1.0",
-    "cloudron-manifestformat": "^2.0.0",
+    "cloudron-manifestformat": "^2.2.0",
    "connect-ensure-login": "^0.1.1",
    "connect-lastmile": "0.0.13",
    "connect-timeout": "^1.5.0",
@@ -41,6 +42,7 @@
    "multiparty": "^4.1.2",
    "mysql": "^2.7.0",
    "native-dns": "^0.7.0",
+    "node-df": "^0.1.1",
    "node-uuid": "^1.4.3",
    "nodemailer": "^1.3.0",
    "nodemailer-smtp-transport": "^1.0.3",
@@ -51,23 +53,25 @@
    "passport-http-bearer": "^1.0.1",
    "passport-local": "^1.0.0",
    "passport-oauth2-client-password": "^0.1.2",
-    "password-generator": "^1.0.0",
+    "password-generator": "^2.0.2",
    "proxy-middleware": "^0.13.0",
-    "safetydance": "0.0.19",
+    "safetydance": "^0.1.0",
    "semver": "^4.3.6",
    "serve-favicon": "^2.2.0",
    "split": "^1.0.0",
-    "superagent": "~0.21.0",
+    "superagent": "^1.5.0",
    "supererror": "^0.7.1",
    "tail-stream": "https://registry.npmjs.org/tail-stream/-/tail-stream-0.2.1.tgz",
    "underscore": "^1.7.0",
+    "ursa": "^0.9.1",
    "valid-url": "^1.0.9",
-    "validator": "^3.30.0",
+    "validator": "^4.4.0",
    "x509": "^0.2.2"
  },
  "devDependencies": {
    "apidoc": "*",
    "bootstrap-sass": "^3.3.3",
+    "deep-extend": "^0.4.1",
    "del": "^1.1.1",
    "expect.js": "*",
    "gulp": "^3.8.11",
@@ -83,9 +87,9 @@
    "istanbul": "*",
    "js2xmlparser": "^1.0.0",
    "mocha": "*",
-    "nock": "^2.6.0",
+    "nock": "^3.4.0",
    "node-sass": "^3.0.0-alpha.0",
-    "redis": "^0.12.1",
+    "redis": "^2.4.2",
    "request": "^2.65.0",
    "sinon": "^1.12.2",
    "yargs": "^3.15.0"
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+set -eu
+
+assertNotEmpty() {
+    : "${!1:? "$1 is not set."}"
+}
+
+# Only GNU getopt supports long options. OS X comes bundled with the BSD getopt
+# brew install gnu-getopt to get the GNU getopt on OS X
+[[ $(uname -s) == "Darwin" ]] && GNU_GETOPT="/usr/local/opt/gnu-getopt/bin/getopt" || GNU_GETOPT="getopt"
+readonly GNU_GETOPT
+
+args=$(${GNU_GETOPT} -o "" -l "revision:,output:,publish,no-upload" -n "$0" -- "$@")
+eval set -- "${args}"
+
+readonly RELEASE_TOOL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../release" && pwd)"
+readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+
+delete_bundle="yes"
+commitish="HEAD"
+publish="no"
+upload="yes"
+bundle_file=""
+
+while true; do
+    case "$1" in
+    --revision) commitish="$2"; shift 2;;
+    --output) bundle_file="$2"; delete_bundle="no"; shift 2;;
+    --no-upload) upload="no"; shift;;
+    --publish) publish="yes"; shift;;
+    --) break;;
+    *) echo "Unknown option $1"; exit 1;;
+    esac
+done
+
+if [[ "${upload}" == "no" && "${publish}" == "yes" ]]; then
+    echo "Cannot publish without uploading"
+    exit 1
+fi
+
+readonly TMPDIR=${TMPDIR:-/tmp} # why is this not set on mint?
+
+assertNotEmpty AWS_DEV_ACCESS_KEY
+assertNotEmpty AWS_DEV_SECRET_KEY
+
+if ! $(cd "${SOURCE_DIR}" && git diff --exit-code >/dev/null); then
+    echo "You have local changes, stash or commit them to proceed"
+    exit 1
+fi
+
+if [[ "$(node --version)" != "v4.1.1" ]]; then
+    echo "This script requires node 4.1.1"
+    exit 1
+fi
+
+version=$(cd "${SOURCE_DIR}" && git rev-parse "${commitish}")
+bundle_dir=$(mktemp -d -t box 2>/dev/null || mktemp -d box-XXXXXXXXXX --tmpdir=$TMPDIR)
+[[ -z "$bundle_file" ]] && bundle_file="${TMPDIR}/box-${version}.tar.gz"
+
+chmod "o+rx,g+rx" "${bundle_dir}" # otherwise extracted tarball director won't be readable by others/group
+echo "Checking out code [${version}] into ${bundle_dir}"
+(cd "${SOURCE_DIR}" && git archive --format=tar ${version} | (cd "${bundle_dir}" && tar xf -))
+
+if diff "${TMPDIR}/boxtarball.cache/npm-shrinkwrap.json.all" "${bundle_dir}/npm-shrinkwrap.json" >/dev/null 2>&1; then
+    echo "Reusing dev modules from cache"
+    cp -r "${TMPDIR}/boxtarball.cache/node_modules-all/." "${bundle_dir}/node_modules"
+else
+    echo "Installing modules with dev dependencies"
+    (cd "${bundle_dir}" && npm install)
+
+    echo "Caching dev dependencies"
+    mkdir -p "${TMPDIR}/boxtarball.cache/node_modules-all"
+    rsync -a --delete "${bundle_dir}/node_modules/" "${TMPDIR}/boxtarball.cache/node_modules-all/"
+    cp "${bundle_dir}/npm-shrinkwrap.json" "${TMPDIR}/boxtarball.cache/npm-shrinkwrap.json.all"
+fi
+
+echo "Building webadmin assets"
+(cd "${bundle_dir}" && gulp)
+
+echo "Remove intermediate files required at build-time only"
+rm -rf "${bundle_dir}/node_modules/"
+rm -rf "${bundle_dir}/webadmin/src"
+rm -rf "${bundle_dir}/gulpfile.js"
+
+if diff "${TMPDIR}/boxtarball.cache/npm-shrinkwrap.json.prod" "${bundle_dir}/npm-shrinkwrap.json" >/dev/null 2>&1; then
+    echo "Reusing prod modules from cache"
+    cp -r "${TMPDIR}/boxtarball.cache/node_modules-prod/." "${bundle_dir}/node_modules"
+else
+    echo "Installing modules for production"
+    (cd "${bundle_dir}" && npm install --production --no-optional)
+
+    echo "Caching prod dependencies"
+    mkdir -p "${TMPDIR}/boxtarball.cache/node_modules-prod"
+    rsync -a --delete "${bundle_dir}/node_modules/" "${TMPDIR}/boxtarball.cache/node_modules-prod/"
+    cp "${bundle_dir}/npm-shrinkwrap.json" "${TMPDIR}/boxtarball.cache/npm-shrinkwrap.json.prod"
+fi
+
+echo "Create final tarball"
+(cd "${bundle_dir}" && tar czf "${bundle_file}" .)
+echo "Cleaning up ${bundle_dir}"
+rm -rf "${bundle_dir}"
+
+if [[ "${upload}" == "yes" ]]; then
+    echo "Uploading bundle to S3"
+    # That special header is needed to allow access with singed urls created with different aws credentials than the ones the file got uploaded
+    s3cmd --multipart-chunk-size-mb=5 --ssl --acl-public --access_key="${AWS_DEV_ACCESS_KEY}" --secret_key="${AWS_DEV_SECRET_KEY}" --no-mime-magic put "${bundle_file}" "s3://dev-cloudron-releases/box-${version}.tar.gz"
+
+    versions_file_url="https://dev-cloudron-releases.s3.amazonaws.com/box-${version}.tar.gz"
+    echo "The URL for the versions file is: ${versions_file_url}"
+
+    if [[ "${publish}" == "yes" ]]; then
+        echo "Publishing to dev"
+        ${RELEASE_TOOL_DIR}/release create --env dev --code "${versions_file_url}"
+    fi
+fi
+
+if [[ "${delete_bundle}" == "no" ]]; then
+    echo "Tarball preserved at ${bundle_file}"
+else
+    rm "${bundle_file}"
+fi
+
@@ -11,6 +11,7 @@ arg_is_custom_domain="false"
 arg_restore_key=""
 arg_restore_url=""
 arg_retire="false"
+arg_tls_config=""
 arg_tls_cert=""
 arg_tls_key=""
 arg_token=""
@@ -18,6 +19,8 @@ arg_version=""
 arg_web_server_origin=""
 arg_backup_config=""
 arg_dns_config=""
+arg_update_config=""
+arg_provider=""

 args=$(getopt -o "" -l "data:,retire" -n "$0" -- "$@")
 eval set -- "${args}"
@@ -30,12 +33,17 @@ while true; do
        ;;
    --data)
        # only read mandatory non-empty parameters here
-        read -r arg_api_server_origin arg_web_server_origin arg_fqdn arg_token arg_is_custom_domain arg_box_versions_url arg_version <<EOF
-        $(echo "$2" | $json apiServerOrigin webServerOrigin fqdn token isCustomDomain boxVersionsUrl version | tr '\n' ' ')
+        read -r arg_api_server_origin arg_web_server_origin arg_fqdn arg_is_custom_domain arg_box_versions_url arg_version <<EOF
+        $(echo "$2" | $json apiServerOrigin webServerOrigin fqdn isCustomDomain boxVersionsUrl version | tr '\n' ' ')
 EOF
        # read possibly empty parameters here
        arg_tls_cert=$(echo "$2" | $json tlsCert)
        arg_tls_key=$(echo "$2" | $json tlsKey)
+        arg_token=$(echo "$2" | $json token)
+        arg_provider=$(echo "$2" | $json provider)
+
+        arg_tls_config=$(echo "$2" | $json tlsConfig)
+        [[ "${arg_tls_config}" == "null" ]] && arg_tls_config=""

        arg_restore_url=$(echo "$2" | $json restore.url)
        [[ "${arg_restore_url}" == "null" ]] && arg_restore_url=""
@@ -49,6 +57,9 @@ EOF
        arg_dns_config=$(echo "$2" | $json dnsConfig)
        [[ "${arg_dns_config}" == "null" ]] && arg_dns_config=""

+        arg_update_config=$(echo "$2" | $json updateConfig)
+        [[ "${arg_update_config}" == "null" ]] && arg_update_config=""
+
        shift 2
        ;;
    --) break;;
@@ -66,5 +77,7 @@ echo "restore url: ${arg_restore_url}"
 echo "tls cert: ${arg_tls_cert}"
 echo "tls key: ${arg_tls_key}"
 echo "token: ${arg_token}"
+echo "tlsConfig: ${arg_tls_config}"
 echo "version: ${arg_version}"
 echo "web server: ${arg_web_server_origin}"
+echo "provider: ${arg_provider}"
@@ -20,7 +20,7 @@ systemctl daemon-reload
 systemctl enable cloudron.target

 ########## sudoers
-rm -f /etc/sudoers.d/*
+rm -f /etc/sudoers.d/yellowtent
 cp "${container_files}/sudoers" /etc/sudoers.d/yellowtent

 ########## collectd
@@ -1,3 +1,6 @@
+# sudo logging breaks journalctl output with very long urls (systemd bug)
+Defaults !syslog
+
 Defaults!/home/yellowtent/box/src/scripts/createappdir.sh env_keep="HOME BOX_ENV"
 yellowtent ALL=(root) NOPASSWD: /home/yellowtent/box/src/scripts/createappdir.sh

@@ -2,6 +2,8 @@
 Description=Cloudron Admin
 OnFailure=crashnotifier@%n.service
 StopWhenUnneeded=true
+; journald crashes result in a EPIPE in node. Cannot ignore it as it results in loss of logs.
+BindsTo=systemd-journald.service

 [Service]
 Type=idle
@@ -9,9 +11,12 @@ WorkingDirectory=/home/yellowtent/box
 Restart=always
 ExecStart=/usr/bin/node --max_old_space_size=150 /home/yellowtent/box/box.js
 Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
-KillMode=process
+; kill apptask processes as well
+KillMode=control-group
 User=yellowtent
 Group=yellowtent
 MemoryLimit=200M
 TimeoutStopSec=5s
+StartLimitInterval=1
+StartLimitBurst=60

@@ -40,6 +40,7 @@ set_progress "10" "Ensuring directories"
 mkdir -p "${DATA_DIR}/box/appicons"
 mkdir -p "${DATA_DIR}/box/certs"
 mkdir -p "${DATA_DIR}/box/mail"
+mkdir -p "${DATA_DIR}/box/acme" # acme keys
 mkdir -p "${DATA_DIR}/graphite"

 mkdir -p "${DATA_DIR}/mysql"
@@ -48,6 +49,7 @@ mkdir -p "${DATA_DIR}/mongodb"
 mkdir -p "${DATA_DIR}/snapshots"
 mkdir -p "${DATA_DIR}/addons"
 mkdir -p "${DATA_DIR}/collectd/collectd.conf.d"
+mkdir -p "${DATA_DIR}/acme" # acme challenges

 # bookkeep the version as part of data
 echo "{ \"version\": \"${arg_version}\", \"boxVersionsUrl\": \"${arg_box_versions_url}\" }" > "${DATA_DIR}/box/version"
@@ -90,27 +92,19 @@ EOF

 set_progress "28" "Setup collectd"
 cp "${script_dir}/start/collectd.conf" "${DATA_DIR}/collectd/collectd.conf"
-# collectd 5.4.1 has some bug where we simply cannot get it to create df-vda1
-mkdir -p "${DATA_DIR}/graphite/whisper/collectd/localhost/"
-vda1_id=$(blkid -s UUID -o value /dev/vda1)
-ln -sfF "df-disk_by-uuid_${vda1_id}" "${DATA_DIR}/graphite/whisper/collectd/localhost/df-vda1"
 service collectd restart

 set_progress "30" "Setup nginx"
-# setup naked domain to use admin by default. app restoration will overwrite this config
 mkdir -p "${DATA_DIR}/nginx/applications"
+cp "${script_dir}/start/nginx/nginx.conf" "${DATA_DIR}/nginx/nginx.conf"
 cp "${script_dir}/start/nginx/mime.types" "${DATA_DIR}/nginx/mime.types"

-# generate the main nginx config file
-${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/nginx.ejs" \
-    -O "{ \"sourceDir\": \"${BOX_SRC_DIR}\" }" > "${DATA_DIR}/nginx/nginx.conf"
-
 # generate these for update code paths as well to overwrite splash
-admin_cert_file="cert/host.cert"
-admin_key_file="cert/host.key"
-if [[ -f "${DATA_DIR}/box/certs/admin.cert" && -f "${DATA_DIR}/box/certs/admin.key" ]]; then
-    admin_cert_file="${DATA_DIR}/box/certs/admin.cert"
-    admin_key_file="${DATA_DIR}/box/certs/admin.key"
+admin_cert_file="${DATA_DIR}/nginx/cert/host.cert"
+admin_key_file="${DATA_DIR}/nginx/cert/host.key"
+if [[ -f "${DATA_DIR}/box/certs/${admin_fqdn}.cert" && -f "${DATA_DIR}/box/certs/${admin_fqdn}.key" ]]; then
+    admin_cert_file="${DATA_DIR}/box/certs/${admin_fqdn}.cert"
+    admin_key_file="${DATA_DIR}/box/certs/${admin_fqdn}.key"
 fi
 ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \
    -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"admin\", \"sourceDir\": \"${BOX_SRC_DIR}\", \"certFilePath\": \"${admin_cert_file}\", \"keyFilePath\": \"${admin_key_file}\" }" > "${DATA_DIR}/nginx/applications/admin.conf"
@@ -125,7 +119,7 @@ else
 fi

 set_progress "33" "Changing ownership"
-chown "${USER}:${USER}" -R "${DATA_DIR}/box" "${DATA_DIR}/nginx" "${DATA_DIR}/collectd" "${DATA_DIR}/addons"
+chown "${USER}:${USER}" -R "${DATA_DIR}/box" "${DATA_DIR}/nginx" "${DATA_DIR}/collectd" "${DATA_DIR}/addons" "${DATA_DIR}/acme"
 chown "${USER}:${USER}" "${DATA_DIR}"

 set_progress "40" "Setting up infra"
@@ -145,6 +139,7 @@ cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
    "isCustomDomain": ${arg_is_custom_domain},
    "boxVersionsUrl": "${arg_box_versions_url}",
    "adminEmail": "admin@${arg_fqdn}",
+    "provider": "${arg_provider}",
    "database": {
        "hostname": "localhost",
        "username": "root",
@@ -179,6 +174,22 @@ if [[ ! -z "${arg_dns_config}" ]]; then
        -e "REPLACE INTO settings (name, value) VALUES (\"dns_config\", '$arg_dns_config')" box
 fi

+# Add Update Configuration
+if [[ ! -z "${arg_update_config}" ]]; then
+    echo "Add Update Config"
+
+    mysql -u root -p${mysql_root_password} \
+        -e "REPLACE INTO settings (name, value) VALUES (\"update_config\", '$arg_update_config')" box
+fi
+
+# Add TLS Configuration
+if [[ ! -z "${arg_tls_config}" ]]; then
+    echo "Add TLS Config"
+
+    mysql -u root -p${mysql_root_password} \
+        -e "REPLACE INTO settings (name, value) VALUES (\"tls_config\", '$arg_tls_config')" box
+fi
+
 # Add webadmin oauth client
 # The domain might have changed, therefor we have to update the record
 # !!! This needs to be in sync with the webadmin, specifically login_callback.js
@@ -133,10 +133,10 @@ LoadPlugin nginx
 #   Globals true
 #</LoadPlugin>
 #LoadPlugin pinba
-LoadPlugin ping
+#LoadPlugin ping
 #LoadPlugin postgresql
 #LoadPlugin powerdns
-LoadPlugin processes
+#LoadPlugin processes
 #LoadPlugin protocols
 #<LoadPlugin python>
 #   Globals true
@@ -161,7 +161,7 @@ LoadPlugin tail
 #LoadPlugin users
 #LoadPlugin uuid
 #LoadPlugin varnish
-LoadPlugin vmem
+#LoadPlugin vmem
 #LoadPlugin vserver
 #LoadPlugin wireless
 LoadPlugin write_graphite
@@ -193,11 +193,11 @@ LoadPlugin write_graphite
 </Plugin>

 <Plugin df>
-   FSType "tmpfs"
-   MountPoint "/dev"
+   FSType "ext4"
+   FSType "btrfs"

   ReportByDevice true
-   IgnoreSelected true
+   IgnoreSelected false

   ValuesAbsolute true
   ValuesPercentage true
@@ -212,17 +212,6 @@ LoadPlugin write_graphite
   URL "http://127.0.0.1/nginx_status"
 </Plugin>

-<Plugin ping>
-   Host "google.com"
-   Interval 1.0
-   Timeout 0.9
-   TTL 255
-</Plugin>
-
-<Plugin processes>
-   ProcessMatch "app" "node box.js"
-</Plugin>
-
 <Plugin swap>
   ReportByDevice false
   ReportBytes true
@@ -255,10 +244,6 @@ LoadPlugin write_graphite
   </File>
 </Plugin>

-<Plugin vmem>
-   Verbose false
-</Plugin>
-
 <Plugin write_graphite>
   <Node "graphing">
       Host "localhost"
@@ -58,6 +58,11 @@ server {
            client_max_body_size 1m;
        }

+        location ~ ^/api/v1/apps/.*/exec$ {
+            proxy_pass   http://127.0.0.1:3000;
+            proxy_read_timeout 30m;
+        }
+
        # graphite paths
        location ~ ^/(graphite|content|metrics|dashboard|render|browser|composer)/ {
            proxy_pass   http://127.0.0.1:8000;
@@ -38,6 +38,12 @@ http {
            deny all;
        }

+        # acme challenges
+        location /.well-known/acme-challenge/ {
+            default_type text/plain;
+            alias /home/yellowtent/data/acme/;
+        }
+
        location / {
            # redirect everything to HTTPS
            return 301 https://$host$request_uri;
@@ -52,14 +58,31 @@ http {
        ssl_certificate      cert/host.cert;
        ssl_certificate_key  cert/host.key;

+        # increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers)
+        proxy_buffer_size       128k;
+        proxy_buffers           4 256k;
+        proxy_busy_buffers_size 256k;
+
+        # Disable check to allow unlimited body sizes
+        client_max_body_size 0;
+
        error_page 404 = @fallback;
        location @fallback {
            internal;
-            root <%= sourceDir %>/webadmin/dist;
+            root /home/yellowtent/box/webadmin/dist;
            rewrite ^/$ /nakeddomain.html break;
        }

-        return 404;
+        location / {
+            internal;
+            root /home/yellowtent/box/webadmin/dist;
+            rewrite ^/$ /nakeddomain.html break;
+        }
+
+        location /api/ {
+            proxy_pass http://127.0.0.1:3000;
+            client_max_body_size 1m;
+        }
    }

    include applications/*.conf;
@@ -388,10 +388,12 @@ function setupSendMail(app, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

+    var username = app.location ? app.location + '-app' : 'no-reply'; // use no-reply for bare domains
+
    var env = [
        'MAIL_SMTP_SERVER=mail',
        'MAIL_SMTP_PORT=2500', // if you change this, change the mail container
-        'MAIL_SMTP_USERNAME=' + (app.location || app.id) + '-app', // use app.id for bare domains
+        'MAIL_SMTP_USERNAME=' + username,
        'MAIL_DOMAIN=' + config.fqdn()
    ];

@@ -764,7 +766,7 @@ function setupRedis(app, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    var redisPassword = generatePassword(64, false /* memorable */);
+    var redisPassword = generatePassword(64, false /* memorable */, /[\w\d_]/); // ensure no / in password for being sed friendly (and be uri friendly)
    var redisVarsFile = path.join(paths.ADDON_CONFIG_DIR, 'redis-' + app.id + '_vars.sh');
    var redisDataDir = path.join(paths.DATA_DIR, app.id + '/redis');

@@ -368,7 +368,7 @@ function setInstallationCommand(appId, installationState, values, callback) {
        updateWithConstraints(appId, values, '', callback);
    } else if (installationState === exports.ISTATE_PENDING_RESTORE) {
        updateWithConstraints(appId, values, 'AND (installationState = "installed" OR installationState = "error")', callback);
-    } else if (installationState === exports.ISTATE_PENDING_UPDATE || exports.ISTATE_PENDING_CONFIGURE || installationState == exports.ISTATE_PENDING_BACKUP) {
+    } else if (installationState === exports.ISTATE_PENDING_UPDATE || installationState === exports.ISTATE_PENDING_CONFIGURE || installationState === exports.ISTATE_PENDING_BACKUP) {
        updateWithConstraints(appId, values, 'AND installationState = "installed"', callback);
    } else {
        callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, 'invalid installationState'));
@@ -92,8 +92,10 @@ function checkAppHealth(app, callback) {
            .redirects(0)
            .timeout(HEALTHCHECK_INTERVAL)
            .end(function (error, res) {
-
-            if (error || res.status >= 400) { // 2xx and 3xx are ok
+            if (error && !error.response) {
+                debugApp(app, 'not alive (network error): %s', error.message);
+                setHealth(app, appdb.HEALTH_UNHEALTHY, callback);
+            } else if (res.statusCode >= 400) { // 2xx and 3xx are ok
                debugApp(app, 'not alive : %s', error || res.status);
                setHealth(app, appdb.HEALTH_UNHEALTHY, callback);
            } else {
@@ -22,6 +22,7 @@ exports = module.exports = {

    backup: backup,
    backupApp: backupApp,
+    listBackups: listBackups,

    getLogs: getLogs,

@@ -48,6 +49,7 @@ var addons = require('./addons.js'),
    async = require('async'),
    backups = require('./backups.js'),
    BackupsError = require('./backups.js').BackupsError,
+    certificates = require('./certificates.js'),
    config = require('./config.js'),
    constants = require('./constants.js'),
    DatabaseError = require('./databaseerror.js'),
@@ -55,11 +57,9 @@ var addons = require('./addons.js'),
    docker = require('./docker.js'),
    fs = require('fs'),
    manifestFormat = require('cloudron-manifestformat'),
-    once = require('once'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
-    settings = require('./settings.js'),
    semver = require('semver'),
    shell = require('./shell.js'),
    spawn = require('child_process').spawn,
@@ -73,8 +73,6 @@ var BACKUP_APP_CMD = path.join(__dirname, 'scripts/backupapp.sh'),
    RESTORE_APP_CMD = path.join(__dirname, 'scripts/restoreapp.sh'),
    BACKUP_SWAP_CMD = path.join(__dirname, 'scripts/backupswap.sh');

-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
-
 function debugApp(app, args) {
    assert(!app || typeof app === 'object');

@@ -288,13 +286,16 @@ function purchase(appStoreId, callback) {
    // Skip purchase if appStoreId is empty
    if (appStoreId === '') return callback(null);

+    // Skip if we don't have an appstore token
+    if (config.token() === '') return callback(null);
+
    var url = config.apiServerOrigin() + '/api/v1/apps/' + appStoreId + '/purchase';

    superagent.post(url).query({ token: config.token() }).end(function (error, res) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
-        if (res.status === 402) return callback(new AppsError(AppsError.BILLING_REQUIRED));
-        if (res.status === 404) return callback(new AppsError(AppsError.NOT_FOUND));
-        if (res.status !== 201 && res.status !== 200) return callback(new Error(util.format('App purchase failed. %s %j', res.status, res.body)));
+        if (error && !error.response) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error));
+        if (res.statusCode === 402) return callback(new AppsError(AppsError.BILLING_REQUIRED));
+        if (res.statusCode === 404) return callback(new AppsError(AppsError.NOT_FOUND));
+        if (res.statusCode !== 201 && res.statusCode !== 200) return callback(new Error(util.format('App purchase failed. %s %j', res.status, res.body)));

        callback(null);
    });
@@ -340,7 +341,7 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest
        }
    }

-    error = settings.validateCertificate(cert, key, config.appFqdn(location));
+    error = certificates.validateCertificate(cert, key, config.appFqdn(location));
    if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));

    debug('Will install app with id : ' + appId);
@@ -381,7 +382,7 @@ function configure(appId, location, portBindings, accessRestriction, oauthProxy,
    error = validateAccessRestriction(accessRestriction);
    if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message));

-    error = settings.validateCertificate(cert, key, config.appFqdn(location));
+    error = certificates.validateCertificate(cert, key, config.appFqdn(location));
    if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));

    appdb.get(appId, function (error, app) {
@@ -497,8 +498,6 @@ function getLogs(appId, lines, follow, callback) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-        if (app.installationState !== appdb.ISTATE_INSTALLED) return callback(new AppsError(AppsError.BAD_STATE, util.format('App is in %s state.', app.installationState)));
-
        var args = [ '--output=json', '--no-pager', '--lines=' + lines ];
        if (follow) args.push('--follow');
        args = args.concat(appLogFilter(app));
@@ -647,42 +646,31 @@ function exec(appId, options, callback) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-       var createOptions = {
+        var container = docker.connection.getContainer(app.containerId);
+
+       var execOptions = {
            AttachStdin: true,
            AttachStdout: true,
            AttachStderr: true,
-            OpenStdin: true,
-            StdinOnce: false,
-            Tty: true
+            Tty: options.tty,
+            Cmd: cmd
        };

-        docker.createSubcontainer(app, app.id + '-exec-' + Date.now(), cmd, createOptions, function (error, container) {
+        container.exec(execOptions, function (error, exec) {
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
-
-            container.attach({ stream: true, stdin: true, stdout: true, stderr: true }, function (error, stream) {
+            var startOptions = {
+                Detach: false,
+                Tty: options.tty,
+                stdin: true // this is a dockerode option that enabled openStdin in the modem
+            };
+            exec.start(startOptions, function(error, stream) {
                if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-                docker.startContainer(container.id, function (error) {
-                    if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+                if (options.rows && options.columns) {
+                    exec.resize({ h: options.rows, w: options.columns }, function (error) { if (error) debug('Error resizing console', error); });
+                }

-                    if (options.rows && options.columns) {
-                        container.resize({ h: options.rows, w: options.columns }, NOOP_CALLBACK);
-                    }
-
-                    var deleteContainer = once(docker.deleteContainer.bind(null, container.id, NOOP_CALLBACK));
-
-                    container.wait(function (error) {
-                        if (error) debug('Error waiting on container', error);
-
-                        debug('exec: container finished', container.id);
-
-                        deleteContainer();
-                    });
-
-                    stream.close = deleteContainer;
-
-                    callback(null, stream);
-                });
+                return callback(null, stream);
            });
        });
    });
@@ -841,9 +829,9 @@ function backup(appId, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof callback, 'function');

-    get(appId, function (error, app) {
-        if (error && error.reason === AppsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
+    appdb.exists(appId, function (error, exists) {
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (!exists) return callback(new AppsError(AppsError.NOT_FOUND));

        appdb.setInstallationCommand(appId, appdb.ISTATE_PENDING_BACKUP, function (error) {
            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.BAD_STATE)); // might be a bad guess
@@ -856,13 +844,14 @@ function backup(appId, callback) {
    });
 }

-function restoreApp(app, addonsToRestore, callback) {
+function restoreApp(app, addonsToRestore, backupId, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof addonsToRestore, 'object');
+    assert.strictEqual(typeof backupId, 'string');
    assert.strictEqual(typeof callback, 'function');
    assert(app.lastBackupId);

-    backups.getRestoreUrl(app.lastBackupId, function (error, result) {
+    backups.getRestoreUrl(backupId, function (error, result) {
        if (error && error.reason == BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

@@ -875,3 +864,31 @@ function restoreApp(app, addonsToRestore, callback) {
        });
    });
 }
+
+function listBackups(appId, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    appdb.exists(appId, function (error, exists) {
+        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (!exists) return callback(new AppsError(AppsError.NOT_FOUND));
+
+        // TODO pagination is not implemented in the backend yet
+        backups.getAllPaged(0, 1000, function (error, result) {
+            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+
+            var appBackups = [];
+
+            result.forEach(function (backup) {
+                appBackups = appBackups.concat(backup.dependsOn.filter(function (d) {
+                    return d.indexOf('appbackup_' + appId) === 0;
+                }));
+            });
+
+            // alphabetic should be sufficient
+            appBackups.sort();
+
+            callback(null, appBackups);
+        });
+    });
+}
@@ -9,7 +9,7 @@ exports = module.exports = {
    startTask: startTask,

    // exported for testing
-    _getFreePort: getFreePort,
+    _reserveHttpPort: reserveHttpPort,
    _configureNginx: configureNginx,
    _unconfigureNginx: unconfigureNginx,
    _createVolume: createVolume,
@@ -19,7 +19,6 @@ exports = module.exports = {
    _verifyManifest: verifyManifest,
    _registerSubdomain: registerSubdomain,
    _unregisterSubdomain: unregisterSubdomain,
-    _reloadNginx: reloadNginx,
    _waitForDnsPropagation: waitForDnsPropagation
 };

@@ -36,6 +35,7 @@ var addons = require('./addons.js'),
    apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
+    certificates = require('./certificates.js'),
    clientdb = require('./clientdb.js'),
    config = require('./config.js'),
    database = require('./database.js'),
@@ -47,6 +47,7 @@ var addons = require('./addons.js'),
    hat = require('hat'),
    manifestFormat = require('cloudron-manifestformat'),
    net = require('net'),
+    nginx = require('./nginx.js'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
@@ -59,87 +60,66 @@ var addons = require('./addons.js'),
    uuid = require('node-uuid'),
    _ = require('underscore');

-var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
-    COLLECTD_CONFIG_EJS = fs.readFileSync(__dirname + '/collectd.config.ejs', { encoding: 'utf8' }),
-    RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh'),
+var COLLECTD_CONFIG_EJS = fs.readFileSync(__dirname + '/collectd.config.ejs', { encoding: 'utf8' }),
    RELOAD_COLLECTD_CMD = path.join(__dirname, 'scripts/reloadcollectd.sh'),
    RMAPPDIR_CMD = path.join(__dirname, 'scripts/rmappdir.sh'),
    CREATEAPPDIR_CMD = path.join(__dirname, 'scripts/createappdir.sh');

 function initialize(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
    database.initialize(callback);
 }

-function debugApp(app, args) {
-    assert(!app || typeof app === 'object');
+function debugApp(app) {
+    assert.strictEqual(typeof app, 'object');

    var prefix = app ? (app.location || '(bare)') : '(no app)';
    debug(prefix + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }

-// We expect conflicts to not happen despite closing the port (parallel app installs, app update does not reconfigure nginx etc)
-// https://tools.ietf.org/html/rfc6056#section-3.5 says linux uses random ephemeral port allocation
-function getFreePort(callback) {
+function reserveHttpPort(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    var server = net.createServer();
    server.listen(0, function () {
        var port = server.address().port;
-        server.close(function () {
-            return callback(null, port);
+        updateApp(app, { httpPort: port }, function (error) {
+            if (error) {
+                server.close();
+                return callback(error);
+            }
+
+            server.close(callback);
        });
    });
 }

-function reloadNginx(callback) {
-    shell.sudo('reloadNginx', [ RELOAD_NGINX_CMD ], callback);
-}
-
 function configureNginx(app, callback) {
-    getFreePort(function (error, freePort) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var vhost = config.appFqdn(app.location);
+
+    certificates.ensureCertificate(vhost, function (error, certFilePath, keyFilePath) {
        if (error) return callback(error);

-        var sourceDir = path.resolve(__dirname, '..');
-        var endpoint = app.oauthProxy ? 'oauthproxy' : 'app';
-        var vhost = config.appFqdn(app.location);
-        var certFilePath = safe.fs.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.cert')) ? path.join(paths.APP_CERTS_DIR, vhost + '.cert') : 'cert/host.cert';
-        var keyFilePath = safe.fs.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.key')) ? path.join(paths.APP_CERTS_DIR, vhost + '.key') : 'cert/host.key';
-
-        var data = {
-            sourceDir: sourceDir,
-            adminOrigin: config.adminOrigin(),
-            vhost: vhost,
-            port: freePort,
-            endpoint: endpoint,
-            certFilePath: certFilePath,
-            keyFilePath: keyFilePath
-        };
-        var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
-
-        var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
-        debugApp(app, 'writing config to %s', nginxConfigFilename);
-
-        if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
-            debugApp(app, 'Error creating nginx config : %s', safe.error.message);
-            return callback(safe.error);
-        }
-
-        async.series([
-            exports._reloadNginx,
-            updateApp.bind(null, app, { httpPort: freePort })
-        ], callback);
+        nginx.configureApp(app, certFilePath, keyFilePath, callback);
    });
 }

 function unconfigureNginx(app, callback) {
-    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
-    if (!safe.fs.unlinkSync(nginxConfigFilename)) {
-        debugApp(app, 'Error removing nginx configuration : %s', safe.error.message);
-        return callback(null);
-    }
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');

-    exports._reloadNginx(callback);
+    // TODO: maybe revoke the cert
+    nginx.unconfigureApp(app, callback);
 }

 function createContainer(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
    assert(!app.containerId); // otherwise, it will trigger volumeFrom

    debugApp(app, 'creating container');
@@ -152,6 +132,9 @@ function createContainer(app, callback) {
 }

 function deleteContainers(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'deleting containers');

    docker.deleteContainers(app.id, function (error) {
@@ -162,10 +145,16 @@ function deleteContainers(app, callback) {
 }

 function createVolume(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    shell.sudo('createVolume', [ CREATEAPPDIR_CMD, app.id ], callback);
 }

 function deleteVolume(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    shell.sudo('deleteVolume', [ RMAPPDIR_CMD, app.id ], callback);
 }

@@ -198,6 +187,9 @@ function removeOAuthProxyCredentials(app, callback) {
 }

 function addCollectdProfile(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    var collectdConf = ejs.render(COLLECTD_CONFIG_EJS, { appId: app.id, containerId: app.containerId });
    fs.writeFile(path.join(paths.COLLECTD_APPCONFIG_DIR, app.id + '.conf'), collectdConf, function (error) {
        if (error) return callback(error);
@@ -206,6 +198,9 @@ function addCollectdProfile(app, callback) {
 }

 function removeCollectdProfile(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    fs.unlink(path.join(paths.COLLECTD_APPCONFIG_DIR, app.id + '.conf'), function (error) {
        if (error && error.code !== 'ENOENT') debugApp(app, 'Error removing collectd profile', error);
        shell.sudo('removeCollectdProfile', [ RELOAD_COLLECTD_CMD ], callback);
@@ -213,6 +208,9 @@ function removeCollectdProfile(app, callback) {
 }

 function verifyManifest(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'Verifying manifest');

    var manifest = app.manifest;
@@ -226,6 +224,9 @@ function verifyManifest(app, callback) {
 }

 function downloadIcon(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'Downloading icon of %s@%s', app.appStoreId, app.manifest.version);

    var iconUrl = config.apiServerOrigin() + '/api/v1/apps/' + app.appStoreId + '/versions/' + app.manifest.version + '/icon';
@@ -234,8 +235,8 @@ function downloadIcon(app, callback) {
        .get(iconUrl)
        .buffer(true)
        .end(function (error, res) {
-            if (error) return callback(new Error('Error downloading icon:' + error.message));
-            if (res.status !== 200) return callback(null); // ignore error. this can also happen for apps installed with cloudron-cli
+            if (error && !error.response) return callback(new Error('Network error downloading icon:' + error.message));
+            if (res.statusCode !== 200) return callback(null); // ignore error. this can also happen for apps installed with cloudron-cli

            if (!safe.fs.writeFileSync(path.join(paths.APPICONS_DIR, app.id + '.png'), res.body)) return callback(new Error('Error saving icon:' + safe.error.message));

@@ -244,46 +245,64 @@ function downloadIcon(app, callback) {
 }

 function registerSubdomain(app, callback) {
-    // even though the bare domain is already registered in the appstore, we still
-    // need to register it so that we have a dnsRecordId to wait for it to complete
-    async.retry({ times: 200, interval: 5000 }, function (retryCallback) {
-        debugApp(app, 'Registering subdomain location [%s]', app.location);
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');

-        subdomains.add(app.location, 'A', [ sysinfo.getIp() ], function (error, changeId) {
-            if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again
+    sysinfo.getIp(function (error, ip) {
+        if (error) return callback(error);

-            retryCallback(null, error || changeId);
+        // even though the bare domain is already registered in the appstore, we still
+        // need to register it so that we have a dnsRecordId to wait for it to complete
+        async.retry({ times: 200, interval: 5000 }, function (retryCallback) {
+            debugApp(app, 'Registering subdomain location [%s]', app.location);
+
+            subdomains.add(app.location, 'A', [ ip ], function (error, changeId) {
+                if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again
+
+                retryCallback(null, error || changeId);
+            });
+        }, function (error, result) {
+            if (error || result instanceof Error) return callback(error || result);
+
+            updateApp(app, { dnsRecordId: result }, callback);
        });
-    }, function (error, result) {
-        if (error || result instanceof Error) return callback(error || result);
-
-        updateApp(app, { dnsRecordId: result }, callback);
    });
 }

 function unregisterSubdomain(app, location, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof location, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
    // do not unregister bare domain because we show a error/cloudron info page there
    if (location === '') {
        debugApp(app, 'Skip unregister of empty subdomain');
        return callback(null);
    }

-    async.retry({ times: 30, interval: 5000 }, function (retryCallback) {
-        debugApp(app, 'Unregistering subdomain: %s', location);
+    sysinfo.getIp(function (error, ip) {
+        if (error) return callback(error);

-        subdomains.remove(location, 'A', [ sysinfo.getIp() ], function (error) {
-            if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again
+        async.retry({ times: 30, interval: 5000 }, function (retryCallback) {
+            debugApp(app, 'Unregistering subdomain: %s', location);

-            retryCallback(null, error);
+            subdomains.remove(location, 'A', [ ip ], function (error) {
+                if (error && (error.reason === SubdomainError.STILL_BUSY || error.reason === SubdomainError.EXTERNAL_ERROR)) return retryCallback(error); // try again
+
+                retryCallback(null, error);
+            });
+        }, function (error, result) {
+            if (error || result instanceof Error) return callback(error || result);
+
+            updateApp(app, { dnsRecordId: null }, callback);
        });
-    }, function (error, result) {
-        if (error || result instanceof Error) return callback(error || result);
-
-        updateApp(app, { dnsRecordId: null }, callback);
    });
 }

 function removeIcon(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    fs.unlink(path.join(paths.APPICONS_DIR, app.id + '.png'), function (error) {
        if (error && error.code !== 'ENOENT') debugApp(app, 'cannot remove icon : %s', error);
        callback(null);
@@ -291,6 +310,9 @@ function removeIcon(app, callback) {
 }

 function waitForDnsPropagation(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    if (!config.CLOUDRON) {
        debugApp(app, 'Skipping dns propagation check for development');
        return callback(null);
@@ -314,6 +336,10 @@ function waitForDnsPropagation(app, callback) {

 // updates the app object and the database
 function updateApp(app, values, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof values, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'updating app with values: %j', values);

    appdb.update(app.id, values, function (error) {
@@ -338,11 +364,15 @@ function updateApp(app, values, callback) {
 //   - setup the container (requires image, volumes, addons)
 //   - setup collectd (requires container id)
 function install(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    async.series([
        verifyManifest.bind(null, app),

        // teardown for re-installs
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
+        unconfigureNginx.bind(null, app),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
        deleteContainers.bind(null, app),
@@ -351,10 +381,8 @@ function install(app, callback) {
        unregisterSubdomain.bind(null, app, app.location),
        removeOAuthProxyCredentials.bind(null, app),
        // removeIcon.bind(null, app), // do not remove icon for non-appstore installs
-        unconfigureNginx.bind(null, app),

-        updateApp.bind(null, app, { installationProgress: '15, Configure nginx' }),
-        configureNginx.bind(null, app),
+        reserveHttpPort.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '20, Downloading icon' }),
        downloadIcon.bind(null, app),
@@ -385,6 +413,9 @@ function install(app, callback) {
        updateApp.bind(null, app, { installationProgress: '90, Waiting for DNS propagation' }),
        exports._waitForDnsPropagation.bind(null, app),

+        updateApp.bind(null, app, { installationProgress: '95, Configure nginx' }),
+        configureNginx.bind(null, app),
+
        // done!
        function (callback) {
            debugApp(app, 'installed');
@@ -400,6 +431,9 @@ function install(app, callback) {
 }

 function backup(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    async.series([
        updateApp.bind(null, app, { installationProgress: '10, Backing up' }),
        apps.backupApp.bind(null, app, app.manifest.addons),
@@ -420,6 +454,9 @@ function backup(app, callback) {

 // restore is also called for upgrades and infra updates. note that in those cases it is possible there is no backup
 function restore(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    // we don't have a backup, same as re-install. this allows us to install from install failures (update failures always
    // have a backupId)
    if (!app.lastBackupId) {
@@ -427,8 +464,11 @@ function restore(app, callback) {
        return install(app, callback);
    }

+    var backupId = app.lastBackupId;
+
    async.series([
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
+        unconfigureNginx.bind(null, app),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
        deleteContainers.bind(null, app),
@@ -442,10 +482,8 @@ function restore(app, callback) {
        },
        removeOAuthProxyCredentials.bind(null, app),
        removeIcon.bind(null, app),
-        unconfigureNginx.bind(null, app),

-        updateApp.bind(null, app, { installationProgress: '30, Configuring Nginx' }),
-        configureNginx.bind(null, app),
+        reserveHttpPort.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '40, Downloading icon' }),
        downloadIcon.bind(null, app),
@@ -463,7 +501,7 @@ function restore(app, callback) {
        createVolume.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '70, Download backup and restore addons' }),
-        apps.restoreApp.bind(null, app, app.manifest.addons),
+        apps.restoreApp.bind(null, app, app.manifest.addons, backupId),

        updateApp.bind(null, app, { installationProgress: '75, Creating container' }),
        createContainer.bind(null, app),
@@ -476,6 +514,9 @@ function restore(app, callback) {
        updateApp.bind(null, app, { installationProgress: '90, Waiting for DNS propagation' }),
        exports._waitForDnsPropagation.bind(null, app),

+        updateApp.bind(null, app, { installationProgress: '95, Configuring Nginx' }),
+        configureNginx.bind(null, app),
+
        // done!
        function (callback) {
            debugApp(app, 'restored');
@@ -493,8 +534,12 @@ function restore(app, callback) {

 // note that configure is called after an infra update as well
 function configure(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    async.series([
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
+        unconfigureNginx.bind(null, app),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
        deleteContainers.bind(null, app),
@@ -504,10 +549,8 @@ function configure(app, callback) {
            unregisterSubdomain(app, app.oldConfig.location, next);
        },
        removeOAuthProxyCredentials.bind(null, app),
-        unconfigureNginx.bind(null, app),

-        updateApp.bind(null, app, { installationProgress: '25, Configuring Nginx' }),
-        configureNginx.bind(null, app),
+        reserveHttpPort.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '30, Create OAuth proxy credentials' }),
        allocateOAuthProxyCredentials.bind(null, app),
@@ -530,6 +573,9 @@ function configure(app, callback) {
        updateApp.bind(null, app, { installationProgress: '80, Waiting for DNS propagation' }),
        exports._waitForDnsPropagation.bind(null, app),

+        updateApp.bind(null, app, { installationProgress: '90, Configuring Nginx' }),
+        configureNginx.bind(null, app),
+
        // done!
        function (callback) {
            debugApp(app, 'configured');
@@ -546,6 +592,9 @@ function configure(app, callback) {

 // nginx configuration is skipped because app.httpPort is expected to be available
 function update(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'Updating to %s', safe.query(app, 'manifest.version'));

    // app does not want these addons anymore
@@ -610,6 +659,9 @@ function update(app, callback) {
 }

 function uninstall(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    debugApp(app, 'uninstalling');

    async.series([
@@ -649,6 +701,9 @@ function uninstall(app, callback) {
 }

 function runApp(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    docker.startContainer(app.containerId, function (error) {
        if (error) return callback(error);

@@ -657,14 +712,20 @@ function runApp(app, callback) {
 }

 function stopApp(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    docker.stopContainers(app.id, function (error) {
        if (error) return callback(error);

-        updateApp(app, { runState: appdb.RSTATE_STOPPED }, callback);
+        updateApp(app, { runState: appdb.RSTATE_STOPPED, health: null }, callback);
    });
 }

 function handleRunCommand(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
    if (app.runState === appdb.RSTATE_PENDING_STOP) {
        return stopApp(app, callback);
    }
@@ -680,6 +741,9 @@ function handleRunCommand(app, callback) {
 }

 function startTask(appId, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
    // determine what to do
    appdb.get(appId, function (error, app) {
        if (error) return callback(error);
@@ -723,4 +787,3 @@ if (require.main === module) {
        });
    });
 }
-
@@ -62,7 +62,7 @@ function getAllPaged(page, perPage, callback) {
        api(backupConfig.provider).getAllPaged(backupConfig, page, perPage, function (error, backups) {
            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error));

-            return callback(null, backups); // [ { creationTime, boxVersion, restoreKey, dependsOn: [ ] } ] sorted by time (latest first
+            return callback(null, backups); // [ { creationTime, restoreKey } ] sorted by time (latest first
        });
    });
 }
@@ -0,0 +1,443 @@
+/* jslint node:true */
+
+'use strict';
+
+var assert = require('assert'),
+    async = require('async'),
+    crypto = require('crypto'),
+    debug = require('debug')('box:cert/acme'),
+    fs = require('fs'),
+    path = require('path'),
+    paths = require('../paths.js'),
+    safe = require('safetydance'),
+    superagent = require('superagent'),
+    ursa = require('ursa'),
+    util = require('util'),
+    _ = require('underscore');
+
+var CA_PROD = 'https://acme-v01.api.letsencrypt.org',
+    CA_STAGING = 'https://acme-staging.api.letsencrypt.org',
+    LE_AGREEMENT = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+
+exports = module.exports = {
+    getCertificate: getCertificate
+};
+
+function AcmeError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(AcmeError, Error);
+AcmeError.INTERNAL_ERROR = 'Internal Error';
+AcmeError.EXTERNAL_ERROR = 'External Error';
+AcmeError.ALREADY_EXISTS = 'Already Exists';
+AcmeError.NOT_COMPLETED = 'Not Completed';
+AcmeError.FORBIDDEN = 'Forbidden';
+
+// http://jose.readthedocs.org/en/latest/
+// https://www.ietf.org/proceedings/92/slides/slides-92-acme-1.pdf
+// https://community.letsencrypt.org/t/list-of-client-implementations/2103
+
+function Acme(options) {
+    assert.strictEqual(typeof options, 'object');
+
+    this.caOrigin = options.prod ? CA_PROD : CA_STAGING;
+    this.accountKeyPem = null; // Buffer
+    this.email = options.email;
+    this.chainPem = options.prod ? safe.fs.readFileSync(__dirname + '/lets-encrypt-x1-cross-signed.pem.txt') : new Buffer('');
+}
+
+Acme.prototype.getNonce = function (callback) {
+    superagent.get(this.caOrigin + '/directory', function (error, response) {
+        if (error) return callback(error);
+        if (response.statusCode !== 200) return callback(new Error('Invalid response code when fetching nonce : ' + response.statusCode));
+
+        return callback(null, response.headers['Replay-Nonce'.toLowerCase()]);
+    });
+};
+
+// urlsafe base64 encoding (jose)
+function urlBase64Encode(string) {
+    return string.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}
+
+function b64(str) {
+    var buf = util.isBuffer(str) ? str : new Buffer(str);
+   return urlBase64Encode(buf.toString('base64'));
+}
+
+Acme.prototype.sendSignedRequest = function (url, payload, callback) {
+    assert.strictEqual(typeof url, 'string');
+    assert.strictEqual(typeof payload, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    assert(util.isBuffer(this.accountKeyPem));
+    var privateKey = ursa.createPrivateKey(this.accountKeyPem);
+
+    var header = {
+        alg: 'RS256',
+        jwk: {
+            e: b64(privateKey.getExponent()),
+            kty: 'RSA',
+            n: b64(privateKey.getModulus())
+        }
+    };
+ 
+    var payload64 = b64(payload);
+
+    this.getNonce(function (error, nonce) {
+        if (error) return callback(error);
+
+        debug('sendSignedRequest: using nonce %s for url %s', nonce, url);
+
+        var protected64 = b64(JSON.stringify(_.extend({ }, header, { nonce: nonce })));
+
+        var signer = ursa.createSigner('sha256');
+        signer.update(protected64 + '.' + payload64, 'utf8');
+        var signature64 = urlBase64Encode(signer.sign(privateKey, 'base64'));
+
+        var data = {
+            header: header,
+            protected: protected64,
+            payload: payload64,
+            signature: signature64
+        };
+
+        superagent.post(url).set('Content-Type', 'application/x-www-form-urlencoded').send(JSON.stringify(data)).end(function (error, res) {
+            if (error && !error.response) return callback(error); // network errors
+
+            callback(null, res);
+        });
+    });
+};
+
+Acme.prototype.updateContact = function (registrationUri, callback) {
+    assert.strictEqual(typeof registrationUri, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('updateContact: %s %s', registrationUri, this.email);
+
+    // https://github.com/ietf-wg-acme/acme/issues/30
+    var payload = {
+        resource: 'reg',
+        contact: [ 'mailto:' + this.email ],
+        agreement: LE_AGREEMENT
+    };
+
+    var that = this;
+    this.sendSignedRequest(registrationUri, JSON.stringify(payload), function (error, result) {
+        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when registering user: ' + error.message));
+        if (result.statusCode !== 202) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to update contact. Expecting 202, got %s %s', result.statusCode, result.text)));
+
+        debug('updateContact: contact of user updated to %s', that.email);
+
+        callback();
+    });
+};
+
+Acme.prototype.registerUser = function (callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    var payload = {
+        resource: 'new-reg',
+        contact: [ 'mailto:' + this.email ],
+        agreement: LE_AGREEMENT
+    };
+
+    debug('registerUser: %s', this.email);
+
+    var that = this;
+    this.sendSignedRequest(this.caOrigin + '/acme/new-reg', JSON.stringify(payload), function (error, result) {
+        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when registering user: ' + error.message));
+        if (result.statusCode === 409) return that.updateContact(result.headers.location, callback); // already exists
+        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
+
+        debug('registerUser: registered user %s', that.email);
+
+        callback(null);
+    });
+};
+
+Acme.prototype.registerDomain = function (domain, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var payload = {
+        resource: 'new-authz',
+        identifier: {
+            type: 'dns',
+            value: domain
+        }
+    };
+
+    debug('registerDomain: %s', domain);
+
+    this.sendSignedRequest(this.caOrigin + '/acme/new-authz', JSON.stringify(payload), function (error, result) {
+        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when registering domain: ' + error.message));
+        if (result.statusCode === 403) return callback(new AcmeError(AcmeError.FORBIDDEN, result.body.detail));
+        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
+
+        debug('registerDomain: registered %s', domain);
+
+        callback(null, result.body);
+    });
+};
+
+Acme.prototype.prepareHttpChallenge = function (challenge, callback) {
+    assert.strictEqual(typeof challenge, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('prepareHttpChallenge: preparing for challenge %j', challenge);
+
+    var token = challenge.token;
+
+    assert(util.isBuffer(this.accountKeyPem));
+    var privateKey = ursa.createPrivateKey(this.accountKeyPem);
+
+    var jwk = {
+        e: b64(privateKey.getExponent()),
+        kty: 'RSA',
+        n: b64(privateKey.getModulus())
+    };
+
+    var shasum = crypto.createHash('sha256');
+    shasum.update(JSON.stringify(jwk));
+    var thumbprint = urlBase64Encode(shasum.digest('base64'));
+    var keyAuthorization = token + '.' + thumbprint;
+
+    debug('prepareHttpChallenge: writing %s to %s', keyAuthorization, path.join(paths.ACME_CHALLENGES_DIR, token));
+
+    fs.writeFile(path.join(paths.ACME_CHALLENGES_DIR, token), token + '.' + thumbprint, function (error) {
+        if (error) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, error));
+
+        callback();
+    });
+};
+
+Acme.prototype.notifyChallengeReady = function (challenge, callback) {
+    assert.strictEqual(typeof challenge, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('notifyChallengeReady: %s was met', challenge.uri);
+
+    var keyAuthorization = fs.readFileSync(path.join(paths.ACME_CHALLENGES_DIR, challenge.token), 'utf8');
+
+    var payload = {
+        resource: 'challenge',
+        keyAuthorization: keyAuthorization
+    };
+
+    this.sendSignedRequest(challenge.uri, JSON.stringify(payload), function (error, result) {
+        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when notifying challenge: ' + error.message));
+        if (result.statusCode !== 202) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to notify challenge. Expecting 202, got %s %s', result.statusCode, result.text)));
+
+        callback();
+    });
+};
+
+Acme.prototype.waitForChallenge = function (challenge, callback) {
+    assert.strictEqual(typeof challenge, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('waitingForChallenge: %j', challenge);
+
+    async.retry({ times: 10, interval: 5000 }, function (retryCallback) {
+        debug('waitingForChallenge: getting status');
+
+        superagent.get(challenge.uri).end(function (error, result) {
+            if (error && !error.response) {
+                debug('waitForChallenge: network error getting uri %s', challenge.uri);
+                return retryCallback(new AcmeError(AcmeError.EXTERNAL_ERROR, error.message)); // network error
+            }
+            if (result.statusCode !== 202) {
+                debug('waitForChallenge: invalid response code getting uri %s', result.statusCode);
+                return retryCallback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Bad response code:' + result.statusCode));
+            }
+
+            debug('waitForChallenge: status is "%s"', result.body.status);
+
+            if (result.body.status === 'pending') return retryCallback(new AcmeError(AcmeError.NOT_COMPLETED));
+            else if (result.body.status === 'valid') return retryCallback();
+            else return retryCallback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Unexpected status: ' + result.body.status));
+        });
+    }, function retryFinished(error) {
+        // async.retry will pass 'undefined' as second arg making it unusable with async.waterfall()
+        callback(error);
+    });
+};
+
+// https://community.letsencrypt.org/t/public-beta-rate-limits/4772 for rate limits
+Acme.prototype.signCertificate = function (domain, csrDer, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert(util.isBuffer(csrDer));
+    assert.strictEqual(typeof callback, 'function');
+
+    var outdir = paths.APP_CERTS_DIR;
+
+    var payload = {
+        resource: 'new-cert',
+        csr: b64(csrDer)
+    };
+
+    debug('signCertificate: sending new-cert request');
+
+    this.sendSignedRequest(this.caOrigin + '/acme/new-cert', JSON.stringify(payload), function (error, result) {
+        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when signing certificate: ' + error.message));
+        // 429 means we reached the cert limit for this domain
+        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to sign certificate. Expecting 201, got %s %s', result.statusCode, result.text)));
+
+        var certUrl = result.headers.location;
+
+        if (!certUrl) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Missing location in downloadCertificate'));
+
+        safe.fs.writeFileSync(path.join(outdir, domain + '.url'), certUrl, 'utf8'); // for renewal
+
+        return callback(null, result.headers.location);
+    });
+};
+
+Acme.prototype.createKeyAndCsr = function (domain, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var outdir = paths.APP_CERTS_DIR;
+    var execSync = safe.child_process.execSync;
+
+    var privateKeyFile = path.join(outdir, domain + '.key');
+    var key = execSync('openssl genrsa 4096');
+    if (!key) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+    if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+
+    debug('createKeyAndCsr: key file saved at %s', privateKeyFile);
+
+    var csrDer = execSync(util.format('openssl req -new -key %s -outform DER -subj /CN=%s', privateKeyFile, domain));
+    if (!csrDer) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+    var csrFile = path.join(outdir, domain + '.csr');
+    if (!safe.fs.writeFileSync(csrFile, csrFile)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+
+    debug('createKeyAndCsr: csr file (DER) saved at %s', csrFile);
+
+    callback(null, csrDer);
+};
+
+Acme.prototype.downloadCertificate = function (domain, certUrl, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof certUrl, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var outdir = paths.APP_CERTS_DIR;
+    var that = this;
+
+    superagent.get(certUrl).buffer().parse(function (res, done) {
+        var data = [ ];
+        res.on('data', function(chunk) { data.push(chunk); });
+        res.on('end', function () { res.text = Buffer.concat(data); done(); });
+    }).end(function (error, result) {
+        if (error && !error.response) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when downloading certificate'));
+        if (result.statusCode === 202) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, 'Retry not implemented yet'));
+        if (result.statusCode !== 200) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to get cert. Expecting 200, got %s %s', result.statusCode, result.text)));
+
+        var certificateDer = result.text;
+        var execSync = safe.child_process.execSync;
+
+        safe.fs.writeFileSync(path.join(outdir, domain + '.der'), certificateDer);
+        debug('downloadCertificate: cert der file saved');
+
+        var certificatePem = execSync('openssl x509 -inform DER -outform PEM', { input: certificateDer }); // this is really just base64 encoding with header
+        if (!certificatePem) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+
+        var certificateFile = path.join(outdir, domain + '.cert');
+        var fullChainPem = Buffer.concat([certificatePem, that.chainPem]);
+        if (!safe.fs.writeFileSync(certificateFile, fullChainPem)) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+
+        debug('downloadCertificate: cert file saved at %s', certificateFile);
+
+        callback();
+    });
+};
+
+Acme.prototype.acmeFlow = function (domain, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (!fs.existsSync(paths.ACME_ACCOUNT_KEY_FILE)) {
+        debug('getCertificate: generating acme account key on first run');
+        this.accountKeyPem = safe.child_process.execSync('openssl genrsa 4096');
+        if (!this.accountKeyPem) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+
+        safe.fs.writeFileSync(paths.ACME_ACCOUNT_KEY_FILE, this.accountKeyPem);
+    } else {
+        debug('getCertificate: using existing acme account key');
+        this.accountKeyPem = fs.readFileSync(paths.ACME_ACCOUNT_KEY_FILE);
+    }
+
+    var that = this;
+    this.registerUser(function (error) {
+        if (error) return callback(error);
+
+        that.registerDomain(domain, function (error, result) {
+            if (error) return callback(error);
+
+            debug('acmeFlow: challenges: %j', result);
+
+            var httpChallenges = result.challenges.filter(function(x) { return x.type === 'http-01'; });
+            if (httpChallenges.length === 0) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'no http challenges'));
+            var challenge = httpChallenges[0];
+
+            async.waterfall([
+                that.prepareHttpChallenge.bind(that, challenge),
+                that.notifyChallengeReady.bind(that, challenge),
+                that.waitForChallenge.bind(that, challenge),
+                that.createKeyAndCsr.bind(that, domain),
+                that.signCertificate.bind(that, domain),
+                that.downloadCertificate.bind(that, domain)
+            ], callback);
+        });
+    });
+};
+
+Acme.prototype.getCertificate = function (domain, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var outdir = paths.APP_CERTS_DIR;
+    var certUrl = safe.fs.readFileSync(path.join(outdir, domain + '.url'), 'utf8');
+    var certificateGetter;
+
+    if (certUrl) {
+        debug('getCertificate: renewing existing cert for %s from %s', domain, certUrl);
+        certificateGetter = this.downloadCertificate.bind(this, domain, certUrl);
+    } else {
+        debug('getCertificate: start acme flow for %s from %s', domain, this.caOrigin);
+        certificateGetter = this.acmeFlow.bind(this, domain);
+    }
+
+    certificateGetter(function (error) {
+        if (error) return callback(error);
+
+        callback(null, path.join(outdir, domain + '.cert'), path.join(outdir, domain + '.key'));
+    });
+};
+
+function getCertificate(domain, options, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var acme = new Acme(options || { });
+    acme.getCertificate(domain, callback);
+}
@@ -0,0 +1,18 @@
+'use strict';
+
+exports = module.exports = {
+    getCertificate: getCertificate
+};
+
+var assert = require('assert'),
+	debug = require('debug')('box:cert/caas.js');
+
+function getCertificate(domain, options, callback) {
+	assert.strictEqual(typeof domain, 'string');
+	assert.strictEqual(typeof options, 'object');
+	assert.strictEqual(typeof callback, 'function');
+
+    debug('getCertificate: using fallback certificate', domain);
+
+    return callback(null, 'cert/host.cert', 'cert/host.key');
+}
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
@@ -0,0 +1,259 @@
+/* jslint node:true */
+
+'use strict';
+
+var acme = require('./cert/acme.js'),
+    assert = require('assert'),
+    async = require('async'),
+    caas = require('./cert/caas.js'),
+    cloudron = require('./cloudron.js'),
+    config = require('./config.js'),
+    constants = require('./constants.js'),
+    debug = require('debug')('box:src/certificates'),
+    fs = require('fs'),
+    nginx = require('./nginx.js'),
+    path = require('path'),
+    paths = require('./paths.js'),
+    safe = require('safetydance'),
+    settings = require('./settings.js'),
+    sysinfo = require('./sysinfo.js'),
+    user = require('./user.js'),
+    util = require('util'),
+    waitForDns = require('./waitfordns.js'),
+    x509 = require('x509');
+
+exports = module.exports = {
+    installAdminCertificate: installAdminCertificate,
+    autoRenew: autoRenew,
+    setFallbackCertificate: setFallbackCertificate,
+    setAdminCertificate: setAdminCertificate,
+    CertificatesError: CertificatesError,
+    validateCertificate: validateCertificate,
+    ensureCertificate: ensureCertificate
+};
+
+var NOOP_CALLBACK = function (error) { if (error) debug(error); };
+
+function CertificatesError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(CertificatesError, Error);
+CertificatesError.INTERNAL_ERROR = 'Internal Error';
+CertificatesError.INVALID_CERT = 'Invalid certificate';
+
+function getApi(callback) {
+    settings.getTlsConfig(function (error, tlsConfig) {
+        if (error) return callback(error);
+
+        var api = tlsConfig.provider === 'caas' ? caas : acme;
+
+        var options = { };
+        options.prod = tlsConfig.provider.match(/.*-prod/) !== null;
+
+        // registering user with an email requires A or MX record (https://github.com/letsencrypt/boulder/issues/1197)
+        // we cannot use admin@fqdn because the user might not have set it up.
+        // we simply update the account with the latest email we have each time when getting letsencrypt certs
+        // https://github.com/ietf-wg-acme/acme/issues/30
+        user.getOwner(function (error, owner) {
+            options.email = error ? 'admin@cloudron.io' : owner.email; // can error if not activated yet
+
+            callback(null, api, options);
+        });
+    });
+}
+
+function installAdminCertificate(callback) {
+    if (cloudron.isConfiguredSync()) return callback();
+
+    settings.getTlsConfig(function (error, tlsConfig) {
+        if (error) return callback(error);
+
+        if (tlsConfig.provider === 'caas') return callback();
+
+        sysinfo.getIp(function (error, ip) {
+            if (error) return callback(error);
+
+            waitForDns(config.adminFqdn(), ip, config.fqdn(), function (error) {
+                if (error) return callback(error); // this cannot happen because we retry forever
+
+                ensureCertificate(config.adminFqdn(), function (error, certFilePath, keyFilePath) {
+                    if (error) { // currently, this can never happen
+                        debug('Error obtaining certificate. Proceed anyway', error);
+                        return callback();
+                    }
+
+                    nginx.configureAdmin(certFilePath, keyFilePath, callback);
+                });
+            });
+        });
+    });
+}
+
+function needsRenewalSync(certFilePath) {
+    var result = safe.child_process.execSync('openssl x509 -checkend %s -in %s', 60 * 60 * 24 * 5, certFilePath);
+
+    return result === null; // command errored
+}
+
+function autoRenew(callback) {
+    debug('autoRenew: Checking certificates for renewal');
+    callback = callback || NOOP_CALLBACK;
+
+    var filenames = safe.fs.readdirSync(paths.APP_CERTS_DIR);
+    if (!filenames) {
+        debug('autoRenew: Error getting filenames: %s', safe.error.message);
+        return;
+    }
+
+    var certs = filenames.filter(function (f) {
+        return f.match(/\.cert$/) !== null && needsRenewalSync(path.join(paths.APP_CERTS_DIR, f));
+    });
+
+    debug('autoRenew: %j needs to be renewed', certs);
+
+    getApi(function (error, api, apiOptions) {
+        if (error) return callback(error);
+
+        async.eachSeries(certs, function iterator(cert, iteratorCallback) {
+            var domain = cert.match(/^(.*)\.cert$/)[1];
+            if (domain === 'host') return iteratorCallback(); // cannot renew fallback cert
+
+            debug('autoRenew: renewing cert for %s with options %j', domain, apiOptions);
+
+            api.getCertificate(domain, apiOptions, function (error) {
+                if (error) debug('autoRenew: could not renew cert for %s', domain, error);
+
+                iteratorCallback(); // move on to next cert
+            });
+        });
+    });
+}
+
+// note: https://tools.ietf.org/html/rfc4346#section-7.4.2 (certificate_list) requires that the
+// servers certificate appears first (and not the intermediate cert)
+function validateCertificate(cert, key, fqdn) {
+    assert(cert === null || typeof cert === 'string');
+    assert(key === null || typeof key === 'string');
+    assert.strictEqual(typeof fqdn, 'string');
+
+    if (cert === null && key === null) return null;
+    if (!cert && key) return new Error('missing cert');
+    if (cert && !key) return new Error('missing key');
+
+    var content;
+    try {
+        content = x509.parseCert(cert);
+    } catch (e) {
+        return new Error('invalid cert: ' + e.message);
+    }
+
+    // check expiration
+    if (content.notAfter < new Date()) return new Error('cert expired');
+
+    function matchesDomain(domain) {
+        if (domain === fqdn) return true;
+        if (domain.indexOf('*') === 0 && domain.slice(2) === fqdn.slice(fqdn.indexOf('.') + 1)) return true;
+
+        return false;
+    }
+
+    // check domain
+    var domains = content.altNames.concat(content.subject.commonName);
+    if (!domains.some(matchesDomain)) return new Error(util.format('cert is not valid for this domain. Expecting %s in %j', fqdn, domains));
+
+    // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
+    var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert });
+    var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
+    if (certModulus !== keyModulus) return new Error('key does not match the cert');
+
+    return null;
+}
+
+function setFallbackCertificate(cert, key, callback) {
+    assert.strictEqual(typeof cert, 'string');
+    assert.strictEqual(typeof key, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var error = validateCertificate(cert, key, '*.' + config.fqdn());
+    if (error) return callback(new CertificatesError(CertificatesError.INVALID_CERT, error.message));
+
+    // backup the cert
+    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, 'host.cert'), cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, 'host.key'), key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+
+    // copy over fallback cert
+    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+
+    nginx.reload(function (error) {
+        if (error) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, error));
+
+        return callback(null);
+    });
+}
+
+function setAdminCertificate(cert, key, callback) {
+    assert.strictEqual(typeof cert, 'string');
+    assert.strictEqual(typeof key, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var vhost = config.appFqdn(constants.ADMIN_LOCATION);
+    var certFilePath = path.join(paths.APP_CERTS_DIR, vhost + '.cert');
+    var keyFilePath = path.join(paths.APP_CERTS_DIR, vhost + '.key');
+
+    var error = validateCertificate(cert, key, vhost);
+    if (error) return callback(new CertificatesError(CertificatesError.INVALID_CERT, error.message));
+
+    // backup the cert
+    if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+
+    nginx.configureAdmin(certFilePath, keyFilePath, callback);
+}
+
+function ensureCertificate(domain, callback) {
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    // check if user uploaded a specific cert. ideally, we should not mix user certs and automatic certs as we do here...
+    var userCertFilePath = path.join(paths.APP_CERTS_DIR, domain + '.cert');
+    var userKeyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.key');
+
+    if (fs.existsSync(userCertFilePath) && fs.existsSync(userKeyFilePath)) {
+        debug('ensureCertificate: %s. certificate already exists at %s', domain, userKeyFilePath);
+
+        if (!needsRenewalSync(userCertFilePath)) return callback(null, userCertFilePath, userKeyFilePath);
+
+        debug('ensureCertificate: %s cert require renewal', domain);
+    }
+
+    getApi(function (error, api, apiOptions) {
+        if (error) return callback(error);
+
+        debug('ensureCertificate: getting certificate for %s with options %j', domain, apiOptions);
+
+        api.getCertificate(domain, apiOptions, function (error, certFilePath, keyFilePath) {
+            if (error) {
+                debug('ensureCertificate: could not get certificate. using fallback certs', error);
+                return callback(null, 'cert/host.cert', 'cert/host.key'); // use fallback certs
+            }
+
+            callback(null, certFilePath, keyFilePath);
+        });
+    });
+}
@@ -13,6 +13,7 @@ exports = module.exports = {

    sendHeartbeat: sendHeartbeat,

+    updateToLatest: updateToLatest,
    update: update,
    reboot: reboot,
    migrate: migrate,
@@ -21,6 +22,8 @@ exports = module.exports = {

    isConfiguredSync: isConfiguredSync,

+    checkDiskSpace: checkDiskSpace,
+
    events: new (require('events').EventEmitter)(),

    EVENT_ACTIVATED: 'activated',
@@ -33,12 +36,14 @@ var apps = require('./apps.js'),
    async = require('async'),
    backups = require('./backups.js'),
    BackupsError = require('./backups.js').BackupsError,
-    bytes = require('bytes'),
    clientdb = require('./clientdb.js'),
    config = require('./config.js'),
    debug = require('debug')('box:cloudron'),
+    df = require('node-df'),
    fs = require('fs'),
    locker = require('./locker.js'),
+    mailer = require('./mailer.js'),
+    os = require('os'),
    path = require('path'),
    paths = require('./paths.js'),
    progress = require('./progress.js'),
@@ -111,6 +116,7 @@ CloudronError.BAD_EMAIL = 'Bad email';
 CloudronError.BAD_PASSWORD = 'Bad password';
 CloudronError.BAD_NAME = 'Bad name';
 CloudronError.BAD_STATE = 'Bad state';
+CloudronError.ALREADY_UPTODATE = 'No Update Available';
 CloudronError.NOT_FOUND = 'Not found';

 function initialize(callback) {
@@ -178,8 +184,8 @@ function setTimeZone(ip, callback) {
    debug('setTimeZone ip:%s', ip);

    superagent.get('http://www.telize.com/geoip/' + ip).end(function (error, result) {
-        if (error || result.statusCode !== 200) {
-            debug('Failed to get geo location', error);
+        if ((error && !error.response) || result.statusCode !== 200) {
+            debug('Failed to get geo location: %s', error.message);
            return callback(null);
        }

@@ -194,10 +200,11 @@ function setTimeZone(ip, callback) {
    });
 }

-function activate(username, password, email, ip, callback) {
+function activate(username, password, email, displayName, ip, callback) {
    assert.strictEqual(typeof username, 'string');
    assert.strictEqual(typeof password, 'string');
    assert.strictEqual(typeof email, 'string');
+    assert.strictEqual(typeof displayName, 'string');
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');

@@ -205,7 +212,7 @@ function activate(username, password, email, ip, callback) {

    setTimeZone(ip, function () { }); // TODO: get this from user. note that timezone is detected based on the browser location and not the cloudron region

-    user.createOwner(username, password, email, function (error, userObject) {
+    user.createOwner(username, password, email, displayName, function (error, userObject) {
        if (error && error.reason === UserError.ALREADY_EXISTS) return callback(new CloudronError(CloudronError.ALREADY_PROVISIONED));
        if (error && error.reason === UserError.BAD_USERNAME) return callback(new CloudronError(CloudronError.BAD_USERNAME));
        if (error && error.reason === UserError.BAD_PASSWORD) return callback(new CloudronError(CloudronError.BAD_PASSWORD));
@@ -245,6 +252,7 @@ function getStatus(callback) {
                version: config.version(),
                boxVersionsUrl: config.get('boxVersionsUrl'),
                apiServerOrigin: config.apiServerOrigin(), // used by CaaS tool
+                provider: config.provider(),
                cloudronName: cloudronName
            });
        });
@@ -256,12 +264,21 @@ function getCloudronDetails(callback) {

    if (gCloudronDetails) return callback(null, gCloudronDetails);

+    if (!config.token()) {
+        gCloudronDetails = {
+            region: null,
+            size: null
+        };
+
+        return callback(null, gCloudronDetails);
+    }
+
    superagent
        .get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn())
        .query({ token: config.token() })
        .end(function (error, result) {
-            if (error) return callback(error);
-            if (result.status !== 200) return callback(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return callback(error);
+            if (result.statusCode !== 200) return callback(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));

            gCloudronDetails = result.body.box;

@@ -283,31 +300,32 @@ function getConfig(callback) {
            };
        }

-        // We rely at the moment on the size being specified in 512mb,1gb,...
-        // TODO provide that number from the appstore
-        var memory = bytes(result.size) || 0;
-
        settings.getCloudronName(function (error, cloudronName) {
            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

            settings.getDeveloperMode(function (error, developerMode) {
                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-                callback(null, {
-                    apiServerOrigin: config.apiServerOrigin(),
-                    webServerOrigin: config.webServerOrigin(),
-                    isDev: config.isDev(),
-                    fqdn: config.fqdn(),
-                    ip: sysinfo.getIp(),
-                    version: config.version(),
-                    update: updateChecker.getUpdateInfo(),
-                    progress: progress.get(),
-                    isCustomDomain: config.isCustomDomain(),
-                    developerMode: developerMode,
-                    region: result.region,
-                    size: result.size,
-                    memory: memory,
-                    cloudronName: cloudronName
+                sysinfo.getIp(function (error, ip) {
+                    if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+
+                    callback(null, {
+                        apiServerOrigin: config.apiServerOrigin(),
+                        webServerOrigin: config.webServerOrigin(),
+                        isDev: config.isDev(),
+                        fqdn: config.fqdn(),
+                        ip: ip,
+                        version: config.version(),
+                        update: updateChecker.getUpdateInfo(),
+                        progress: progress.get(),
+                        isCustomDomain: config.isCustomDomain(),
+                        developerMode: developerMode,
+                        region: result.region,
+                        size: result.size,
+                        memory: os.totalmem(),
+                        provider: config.provider(),
+                        cloudronName: cloudronName
+                    });
                });
            });
        });
@@ -315,10 +333,11 @@ function getConfig(callback) {
 }

 function sendHeartbeat() {
-    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/heartbeat';
+    if (!config.token()) return;

+    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/heartbeat';
    superagent.post(url).query({ token: config.token(), version: config.version() }).timeout(10000).end(function (error, result) {
-        if (error) debug('Error sending heartbeat.', error);
+        if (error && !error.response) debug('Network error sending heartbeat.', error);
        else if (result.statusCode !== 200) debug('Server responded to heartbeat with %s %s', result.statusCode, result.text);
        else debug('Heartbeat sent to %s', url);
    });
@@ -385,49 +404,53 @@ function addDnsRecords() {
    var dkimKey = readDkimPublicKeySync();
    if (!dkimKey) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, new Error('internal error failed to read dkim public key')));

-    var nakedDomainRecord = { subdomain: '', type: 'A', values: [ sysinfo.getIp() ] };
-    var webadminRecord = { subdomain: 'my', type: 'A', values: [ sysinfo.getIp() ] };
-    // t=s limits the domainkey to this domain and not it's subdomains
-    var dkimRecord = { subdomain: DKIM_SELECTOR + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
-    // DMARC requires special setup if report email id is in different domain
-    var dmarcRecord = { subdomain: '_dmarc', type: 'TXT', values: [ '"v=DMARC1; p=none; pct=100; rua=mailto:' + DMARC_REPORT_EMAIL + '; ruf=' + DMARC_REPORT_EMAIL + '"' ] };
+    sysinfo.getIp(function (error, ip) {
+        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-    var records = [ ];
-    if (config.isCustomDomain()) {
-        records.push(webadminRecord);
-        records.push(dkimRecord);
-    } else {
-        records.push(nakedDomainRecord);
-        records.push(webadminRecord);
-        records.push(dkimRecord);
-        records.push(dmarcRecord);
-    }
+        var nakedDomainRecord = { subdomain: '', type: 'A', values: [ ip ] };
+        var webadminRecord = { subdomain: 'my', type: 'A', values: [ ip ] };
+        // t=s limits the domainkey to this domain and not it's subdomains
+        var dkimRecord = { subdomain: DKIM_SELECTOR + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
+        // DMARC requires special setup if report email id is in different domain
+        var dmarcRecord = { subdomain: '_dmarc', type: 'TXT', values: [ '"v=DMARC1; p=none; pct=100; rua=mailto:' + DMARC_REPORT_EMAIL + '; ruf=' + DMARC_REPORT_EMAIL + '"' ] };

-    debug('addDnsRecords: %j', records);
+        var records = [ ];
+        if (config.isCustomDomain()) {
+            records.push(webadminRecord);
+            records.push(dkimRecord);
+        } else {
+            records.push(nakedDomainRecord);
+            records.push(webadminRecord);
+            records.push(dkimRecord);
+            records.push(dmarcRecord);
+        }

-    async.retry({ times: 10, interval: 20000 }, function (retryCallback) {
-        txtRecordsWithSpf(function (error, txtRecords) {
-            if (error) return retryCallback(error);
+        debug('addDnsRecords: %j', records);

-            if (txtRecords) records.push({ subdomain: '', type: 'TXT', values: txtRecords });
+        async.retry({ times: 10, interval: 20000 }, function (retryCallback) {
+            txtRecordsWithSpf(function (error, txtRecords) {
+                if (error) return retryCallback(error);

-            debug('addDnsRecords: will update %j', records);
+                if (txtRecords) records.push({ subdomain: '', type: 'TXT', values: txtRecords });

-            async.mapSeries(records, function (record, iteratorCallback) {
-                subdomains.update(record.subdomain, record.type, record.values, iteratorCallback);
-            }, function (error, changeIds) {
-                if (error) debug('addDnsRecords: failed to update : %s. will retry', error);
-                else debug('addDnsRecords: records %j added with changeIds %j', records, changeIds);
+                debug('addDnsRecords: will update %j', records);

-                retryCallback(error);
+                async.mapSeries(records, function (record, iteratorCallback) {
+                    subdomains.update(record.subdomain, record.type, record.values, iteratorCallback);
+                }, function (error, changeIds) {
+                    if (error) debug('addDnsRecords: failed to update : %s. will retry', error);
+                    else debug('addDnsRecords: records %j added with changeIds %j', records, changeIds);
+
+                    retryCallback(error);
+                });
            });
+        }, function (error) {
+            gUpdatingDns = false;
+
+            debug('addDnsRecords: done updating records with error:', error);
+
+            callback(error);
        });
-    }, function (error) {
-        gUpdatingDns = false;
-
-        debug('addDnsRecords: done updating records with error:', error);
-
-        callback(error);
    });
 }

@@ -466,10 +489,10 @@ function migrate(size, region, callback) {
          .query({ token: config.token() })
          .send({ size: size, region: region, restoreKey: restoreKey })
          .end(function (error, result) {
-            if (error) return unlock(error);
-            if (result.status === 409) return unlock(new CloudronError(CloudronError.BAD_STATE));
-            if (result.status === 404) return unlock(new CloudronError(CloudronError.NOT_FOUND));
-            if (result.status !== 202) return unlock(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return unlock(error);
+            if (result.statusCode === 409) return unlock(new CloudronError(CloudronError.BAD_STATE));
+            if (result.statusCode === 404) return unlock(new CloudronError(CloudronError.NOT_FOUND));
+            if (result.statusCode !== 202) return unlock(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));

            return unlock(null);
        });
@@ -487,6 +510,9 @@ function update(boxUpdateInfo, callback) {
    var error = locker.lock(locker.OP_BOX_UPDATE);
    if (error) return callback(new CloudronError(CloudronError.BAD_STATE, error.message));

+    // ensure tools can 'wait' on progress
+    progress.set(progress.UPDATE, 0, 'Starting');
+
    // initiate the update/upgrade but do not wait for it
    if (boxUpdateInfo.upgrade) {
        debug('Starting upgrade');
@@ -509,6 +535,16 @@ function update(boxUpdateInfo, callback) {
    callback(null);
 }

+
+function updateToLatest(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    var boxUpdateInfo = updateChecker.getUpdateInfo().box;
+    if (!boxUpdateInfo) return callback(new CloudronError(CloudronError.ALREADY_UPTODATE, 'No update available'));
+
+    update(boxUpdateInfo, callback);
+}
+
 function doUpgrade(boxUpdateInfo, callback) {
    assert(boxUpdateInfo !== null && typeof boxUpdateInfo === 'object');

@@ -526,8 +562,8 @@ function doUpgrade(boxUpdateInfo, callback) {
          .query({ token: config.token() })
          .send({ version: boxUpdateInfo.version })
          .end(function (error, result) {
-            if (error) return upgradeError(new Error('Error making upgrade request: ' + error));
-            if (result.status !== 202) return upgradeError(new Error(util.format('Server not ready to upgrade. statusCode: %s body: %j', result.status, result.body)));
+            if (error && !error.response) return upgradeError(new Error('Network error making upgrade request: ' + error));
+            if (result.statusCode !== 202) return upgradeError(new Error(util.format('Server not ready to upgrade. statusCode: %s body: %j', result.status, result.body)));

            progress.set(progress.UPDATE, 10, 'Updating base system');

@@ -551,58 +587,44 @@ function doUpdate(boxUpdateInfo, callback) {
    backupBoxAndApps(function (error) {
        if (error) return updateError(error);

-        // fetch a signed sourceTarballUrl
-        superagent.get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/sourcetarballurl')
-          .query({ token: config.token(), boxVersion: boxUpdateInfo.version })
-          .end(function (error, result) {
-            if (error) return updateError(new Error('Error fetching sourceTarballUrl: ' + error));
-            if (result.status !== 200) return updateError(new Error('Error fetching sourceTarballUrl status: ' + result.status));
-            if (!safe.query(result, 'body.url')) return updateError(new Error('Error fetching sourceTarballUrl response: ' + JSON.stringify(result.body)));
+        // NOTE: the args here are tied to the installer revision, box code and appstore provisioning logic
+        var args = {
+            sourceTarballUrl: boxUpdateInfo.sourceTarballUrl,

-            // NOTE: the args here are tied to the installer revision, box code and appstore provisioning logic
-            var args = {
-                sourceTarballUrl: result.body.url,
+            // this data is opaque to the installer
+            data: {
+                token: config.token(),
+                apiServerOrigin: config.apiServerOrigin(),
+                webServerOrigin: config.webServerOrigin(),
+                fqdn: config.fqdn(),
+                tlsCert: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf8'),
+                tlsKey: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf8'),
+                isCustomDomain: config.isCustomDomain(),

-                // this data is opaque to the installer
-                data: {
+                appstore: {
+                    token: config.token(),
+                    apiServerOrigin: config.apiServerOrigin()
+                },
+                caas: {
                    token: config.token(),
                    apiServerOrigin: config.apiServerOrigin(),
-                    webServerOrigin: config.webServerOrigin(),
-                    fqdn: config.fqdn(),
-                    tlsCert: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf8'),
-                    tlsKey: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf8'),
-                    isCustomDomain: config.isCustomDomain(),
+                    webServerOrigin: config.webServerOrigin()
+                },

-                    appstore: {
-                        token: config.token(),
-                        apiServerOrigin: config.apiServerOrigin()
-                    },
-                    caas: {
-                        token: config.token(),
-                        apiServerOrigin: config.apiServerOrigin(),
-                        webServerOrigin: config.webServerOrigin()
-                    },
-                    tlsConfig: {
-                        provider: 'caas',
-                        cert: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf8'),
-                        key: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf8'),
-                    },
+                version: boxUpdateInfo.version,
+                boxVersionsUrl: config.get('boxVersionsUrl')
+            }
+        };

-                    version: boxUpdateInfo.version,
-                    boxVersionsUrl: config.get('boxVersionsUrl')
-                }
-            };
+        debug('updating box %j', args);

-            debug('updating box %j', args);
+        superagent.post(INSTALLER_UPDATE_URL).send(args).end(function (error, result) {
+            if (error && !error.response) return updateError(error);
+            if (result.statusCode !== 202) return updateError(new Error('Error initiating update: ' + JSON.stringify(result.body)));

-            superagent.post(INSTALLER_UPDATE_URL).send(args).end(function (error, result) {
-                if (error) return updateError(error);
-                if (result.status !== 202) return updateError(new Error('Error initiating update: ' + JSON.stringify(result.body)));
+            progress.set(progress.UPDATE, 10, 'Updating cloudron software');

-                progress.set(progress.UPDATE, 10, 'Updating cloudron software');
-
-                callback(null);
-            });
+            callback(null);
        });

        // Do not add any code here. The installer script will stop the box code any instant
@@ -615,8 +637,8 @@ function backup(callback) {
    var error = locker.lock(locker.OP_FULL_BACKUP);
    if (error) return callback(new CloudronError(CloudronError.BAD_STATE, error.message));

-    // clearing backup ensures tools can 'wait' on progress
-    progress.clear(progress.BACKUP);
+    // ensure tools can 'wait' on progress
+    progress.set(progress.BACKUP, 0, 'Starting');

    // start the backup operation in the background
    backupBoxAndApps(function (error) {
@@ -724,3 +746,28 @@ function backupBoxAndApps(callback) {
        });
    });
 }
+
+function checkDiskSpace(callback) {
+    callback = callback || function () { }; // callback can be empty for timer triggered check
+
+    debug('Checking disk space');
+
+    df(function (error, entries) {
+        if (error) {
+            debug('df error %s', error.message);
+            mailer.outOfDiskSpace(error.message);
+            return callback();
+        }
+
+        var oos = entries.some(function (entry) {
+            return (entry.mount === paths.DATA_DIR && entry.capacity >= 0.90) ||
+                   (entry.mount === '/' && entry.capacity >= 0.95);
+        });
+
+        debug('Disk space checked. ok: %s', !oos);
+
+        if (oos) mailer.outOfDiskSpace(JSON.stringify(entries, null, 4));
+
+        callback();
+    });
+}
@@ -1,6 +1,6 @@
 LoadPlugin "table"
 <Plugin table>
-  <Table "/sys/fs/cgroup/memory/system.slice/docker-<%= containerId %>.scope/memory.stat">
+  <Table "/sys/fs/cgroup/memory/system.slice/docker.service/docker/<%= containerId %>/memory.stat">
    Instance "<%= appId %>-memory"
    Separator " \\n"
    <Result>
@@ -10,7 +10,7 @@ LoadPlugin "table"
    </Result>
  </Table>

-  <Table "/sys/fs/cgroup/memory/system.slice/docker-<%= containerId %>.scope/memory.max_usage_in_bytes">
+  <Table "/sys/fs/cgroup/memory/system.slice/docker.service/docker/<%= containerId %>/memory.max_usage_in_bytes">
    Instance "<%= appId %>-memory"
    Separator "\\n"
    <Result>
@@ -20,7 +20,7 @@ LoadPlugin "table"
    </Result>
  </Table>

-  <Table "/sys/fs/cgroup/cpuacct/system.slice/docker-<%= containerId %>.scope/cpuacct.stat">
+  <Table "/sys/fs/cgroup/cpuacct/system.slice/docker/<%= containerId %>/cpuacct.stat">
    Instance "<%= appId %>-cpu"
    Separator " \\n"
    <Result>
@@ -17,6 +17,7 @@ exports = module.exports = {
    TEST: process.env.BOX_ENV === 'test',

    // convenience getters
+    provider: provider,
    apiServerOrigin: apiServerOrigin,
    webServerOrigin: webServerOrigin,
    fqdn: fqdn,
@@ -28,6 +29,7 @@ exports = module.exports = {
    // these values are derived
    adminOrigin: adminOrigin,
    internalAdminOrigin: internalAdminOrigin,
+    adminFqdn: adminFqdn,
    appFqdn: appFqdn,
    zoneName: zoneName,

@@ -81,6 +83,7 @@ function initConfig() {
    data.ldapPort = 3002;
    data.oauthProxyPort = 3003;
    data.simpleAuthPort = 3004;
+    data.provider = 'caas';

    if (exports.CLOUDRON) {
        data.port = 3000;
@@ -97,6 +100,7 @@ function initConfig() {
            name: 'boxtest'
        };
        data.token = 'APPSTORE_TOKEN';
+        data.adminEmail = 'test@cloudron.foo';
    } else {
        assert(false, 'Unknown environment. This should not happen!');
    }
@@ -155,6 +159,10 @@ function appFqdn(location) {
    return isCustomDomain() ? location + '.' + fqdn() : location + '-' + fqdn();
 }

+function adminFqdn() {
+    return appFqdn(constants.ADMIN_LOCATION);
+}
+
 function adminOrigin() {
    return 'https://' + appFqdn(constants.ADMIN_LOCATION);
 }
@@ -189,3 +197,7 @@ function database() {
 function isDev() {
    return /dev/i.test(get('boxVersionsUrl'));
 }
+
+function provider() {
+    return get('provider');
+}
@@ -7,6 +7,7 @@ exports = module.exports = {

 var apps = require('./apps.js'),
    assert = require('assert'),
+    certificates = require('./certificates.js'),
    cloudron = require('./cloudron.js'),
    config = require('./config.js'),
    CronJob = require('cron').CronJob,
@@ -23,7 +24,9 @@ var gAutoupdaterJob = null,
    gBackupJob = null,
    gCleanupTokensJob = null,
    gDockerVolumeCleanerJob = null,
-    gSchedulerSyncJob = null;
+    gSchedulerSyncJob = null,
+    gCertificateRenewJob = null,
+    gCheckDiskSpaceJob = null;

 var NOOP_CALLBACK = function (error) { if (error) console.error(error); };

@@ -67,6 +70,14 @@ function recreateJobs(unusedTimeZone, callback) {
            timeZone: allSettings[settings.TIME_ZONE_KEY]
        });

+        if (gCheckDiskSpaceJob) gCheckDiskSpaceJob.stop();
+        gCheckDiskSpaceJob = new CronJob({
+            cronTime: '00 30 */4 * * *', // every 4 hours
+            onTick: cloudron.checkDiskSpace,
+            start: true,
+            timeZone: allSettings[settings.TIME_ZONE_KEY]
+        });
+
        if (gBoxUpdateCheckerJob) gBoxUpdateCheckerJob.stop();
        gBoxUpdateCheckerJob = new CronJob({
            cronTime: '00 */10 * * * *', // every 10 minutes
@@ -107,6 +118,14 @@ function recreateJobs(unusedTimeZone, callback) {
            timeZone: allSettings[settings.TIME_ZONE_KEY]
        });

+        if (gCertificateRenewJob) gCertificateRenewJob.stop();
+        gCertificateRenewJob = new CronJob({
+            cronTime: '00 00 */12 * * *', // every 12 hours
+            onTick: certificates.autoRenew,
+            start: true,
+            timeZone: allSettings[settings.TIME_ZONE_KEY]
+        });
+
        settings.events.removeListener(settings.AUTOUPDATE_PATTERN_KEY, autoupdatePatternChanged);
        settings.events.on(settings.AUTOUPDATE_PATTERN_KEY, autoupdatePatternChanged);
        autoupdatePatternChanged(allSettings[settings.AUTOUPDATE_PATTERN_KEY]);
@@ -179,5 +198,8 @@ function uninitialize(callback) {
    if (gSchedulerSyncJob) gSchedulerSyncJob.stop();
    gSchedulerSyncJob = null;

+    if (gCertificateRenewJob) gCertificateRenewJob.stop();
+    gCertificateRenewJob = null;
+
    callback();
 }
@@ -126,6 +126,8 @@ function clear(callback) {
 function beginTransaction(callback) {
    assert.strictEqual(typeof callback, 'function');

+    if (gConnectionPool === null) return callback(new Error('No database connection pool.'));
+
    gConnectionPool.getConnection(function (error, connection) {
        if (error) return callback(error);

@@ -13,6 +13,7 @@ exports = module.exports = {

 var assert = require('assert'),
    config = require('./config.js'),
+    debug = require('debug')('box:developer'),
    tokendb = require('./tokendb.js'),
    settings = require('./settings.js'),
    superagent = require('superagent'),
@@ -38,6 +39,7 @@ function DeveloperError(reason, errorOrMessage) {
 }
 util.inherits(DeveloperError, Error);
 DeveloperError.INTERNAL_ERROR = 'Internal Error';
+DeveloperError.EXTERNAL_ERROR = 'External Error';

 function enabled(callback) {
    assert.strictEqual(typeof callback, 'function');
@@ -77,8 +79,12 @@ function getNonApprovedApps(callback) {

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/apps';
    superagent.get(url).query({ token: config.token(), boxVersion: config.version() }).end(function (error, result) {
-        if (error) return callback(new DeveloperError(DeveloperError.INTERNAL_ERROR, error));
-        if (result.status !== 200) return callback(new DeveloperError(DeveloperError.INTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
+        if (error && !error.response) return callback(new DeveloperError(DeveloperError.EXTERNAL_ERROR, error));
+        if (result.statusCode === 401) {
+            debug('Failed to list apps in development. Appstore token invalid or missing. Returning empty list.', result.body);
+            return callback(null, []);
+        }
+        if (result.statusCode !== 200) return callback(new DeveloperError(DeveloperError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));

        callback(null, result.body.apps || []);
    });
@@ -40,9 +40,9 @@ function add(dnsConfig, zoneName, subdomain, type, values, callback) {
        .query({ token: dnsConfig.token })
        .send(data)
        .end(function (error, result) {
-            if (error) return callback(error);
-            if (result.status === 420) return callback(new SubdomainError(SubdomainError.STILL_BUSY));
-            if (result.status !== 201) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return callback(error);
+            if (result.statusCode === 420) return callback(new SubdomainError(SubdomainError.STILL_BUSY));
+            if (result.statusCode !== 201) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null, result.body.changeId);
        });
@@ -63,8 +63,8 @@ function get(dnsConfig, zoneName, subdomain, type, callback) {
        .get(config.apiServerOrigin() + '/api/v1/domains/' + fqdn)
        .query({ token: dnsConfig.token, type: type })
        .end(function (error, result) {
-            if (error) return callback(error);
-            if (result.status !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return callback(error);
+            if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null, result.body.values);
        });
@@ -107,10 +107,10 @@ function del(dnsConfig, zoneName, subdomain, type, values, callback) {
        .query({ token: dnsConfig.token })
        .send(data)
        .end(function (error, result) {
-            if (error) return callback(error);
-            if (result.status === 420) return callback(new SubdomainError(SubdomainError.STILL_BUSY));
-            if (result.status === 404) return callback(new SubdomainError(SubdomainError.NOT_FOUND));
-            if (result.status !== 204) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return callback(error);
+            if (result.statusCode === 420) return callback(new SubdomainError(SubdomainError.STILL_BUSY));
+            if (result.statusCode === 404) return callback(new SubdomainError(SubdomainError.NOT_FOUND));
+            if (result.statusCode !== 204) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null);
        });
@@ -127,8 +127,8 @@ function getChangeStatus(dnsConfig, changeId, callback) {
        .get(config.apiServerOrigin() + '/api/v1/domains/' + config.fqdn() + '/status/' + changeId)
        .query({ token: dnsConfig.token })
        .end(function (error, result) {
-            if (error) return callback(error);
-            if (result.status !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            if (error && !error.response) return callback(error);
+            if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null, result.body.status);
        });
@@ -176,19 +176,19 @@ function del(dnsConfig, zoneName, subdomain, type, values, callback) {
        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.changeResourceRecordSets(params, function(error, result) {
            if (error && error.message && error.message.indexOf('it was not found') !== -1) {
-                debug('delSubdomain: resource record set not found.', error);
+                debug('del: resource record set not found.', error);
                return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
            } else if (error && error.code === 'NoSuchHostedZone') {
-                debug('delSubdomain: hosted zone not found.', error);
+                debug('del: hosted zone not found.', error);
                return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
            } else if (error && error.code === 'PriorRequestNotComplete') {
-                debug('delSubdomain: resource is still busy', error);
+                debug('del: resource is still busy', error);
                return callback(new SubdomainError(SubdomainError.STILL_BUSY, new Error(error)));
            } else if (error && error.code === 'InvalidChangeBatch') {
-                debug('delSubdomain: invalid change batch. No such record to be deleted.');
+                debug('del: invalid change batch. No such record to be deleted.');
                return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
            } else if (error) {
-                debug('delSubdomain: error', error);
+                debug('del: error', error);
                return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
            }

@@ -17,8 +17,10 @@ exports = module.exports = {
    createContainer: createContainer,
    startContainer: startContainer,
    stopContainer: stopContainer,
+    stopContainerByName: stopContainer,
    stopContainers: stopContainers,
    deleteContainer: deleteContainer,
+    deleteContainerByName: deleteContainer,
    deleteImage: deleteImage,
    deleteContainers: deleteContainers,
    createSubcontainer: createSubcontainer
@@ -52,7 +54,7 @@ function targetBoxVersion(manifest) {

    if ('minBoxVersion' in manifest) return manifest.minBoxVersion;

-    return '0.0.1';
+    return '99999.99999.99999'; // compatible with the latest version
 }

 function pullImage(manifest, callback) {
@@ -128,6 +130,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
        isAppContainer = !cmd;

    var manifest = app.manifest;
+    var developmentMode = !!manifest.developmentMode;
    var exposedPorts = {}, dockerPortBindings = { };
    var stdEnv = [
        'CLOUDRON=1',
@@ -153,7 +156,10 @@ function createSubcontainer(app, name, cmd, options, callback) {
        dockerPortBindings[containerPort + '/tcp'] = [ { HostIp: '0.0.0.0', HostPort: hostPort + '' } ];
    }

-    var memoryLimit = manifest.memoryLimit || 1024 * 1024 * 200; // 200mb by default
+    var memoryLimit = manifest.memoryLimit || (developmentMode ? 0 : 1024 * 1024 * 200); // 200mb by default
+    // for subcontainers, this should ideally be false. but docker does not allow network sharing if the app container is not running
+    // this means cloudron exec does not work
+    var isolatedNetworkNs = true;

    addons.getEnvironment(app, function (error, addonEnv) {
        if (error) return callback(new Error('Error getting addon environment : ' + error));
@@ -161,10 +167,11 @@ function createSubcontainer(app, name, cmd, options, callback) {
        var containerOptions = {
            name: name, // used for filtering logs
            // do _not_ set hostname to app fqdn. doing so sets up the dns name to look up the internal docker ip. this makes curl from within container fail
-            Hostname: semver.gte(targetBoxVersion(app.manifest), '0.0.77') ? app.location : config.appFqdn(app.location),
+            // for subcontainers, this should not be set because we already share the network namespace with app container
+            Hostname: isolatedNetworkNs ? (semver.gte(targetBoxVersion(app.manifest), '0.0.77') ? app.location : config.appFqdn(app.location)) : null,
            Tty: isAppContainer,
            Image: app.manifest.dockerImage,
-            Cmd: cmd,
+            Cmd: (isAppContainer && developmentMode) ? [ '/bin/bash', '-c', 'echo "Development mode. Use cloudron exec to debug. Sleeping" && sleep infinity' ] : cmd,
            Env: stdEnv.concat(addonEnv).concat(portEnv),
            ExposedPorts: isAppContainer ? exposedPorts : { },
            Volumes: { // see also ReadonlyRootfs
@@ -182,22 +189,20 @@ function createSubcontainer(app, name, cmd, options, callback) {
                MemorySwap: memoryLimit, // Memory + Swap
                PortBindings: isAppContainer ? dockerPortBindings : { },
                PublishAllPorts: false,
-                ReadonlyRootfs: semver.gte(targetBoxVersion(app.manifest), '0.0.66'), // see also Volumes in startContainer
-                Links: addons.getLinksSync(app, app.manifest.addons),
+                ReadonlyRootfs: !developmentMode, // see also Volumes in startContainer
                RestartPolicy: {
                    "Name": isAppContainer ? "always" : "no",
                    "MaximumRetryCount": 0
                },
                CpuShares: 512, // relative to 1024 for system processes
                VolumesFrom: isAppContainer ? null : [ app.containerId + ":rw" ],
+                NetworkMode: isolatedNetworkNs ? 'default' : ('container:' + app.containerId), // share network namespace with parent
+                Links: isolatedNetworkNs ? addons.getLinksSync(app, app.manifest.addons) : null, // links is redundant with --net=container
                SecurityOpt: config.CLOUDRON ? [ "apparmor:docker-cloudron-app" ] : null // profile available only on cloudron
            }
        };
        containerOptions = _.extend(containerOptions, options);

-        // older versions wanted a writable /var/log
-        if (semver.lte(targetBoxVersion(app.manifest), '0.0.71')) containerOptions.Volumes['/var/log'] = {};
-
        debugApp(app, 'Creating container for %s with options %j', app.manifest.dockerImage, containerOptions);

        docker.createContainer(containerOptions, callback);
@@ -324,24 +329,20 @@ function deleteImage(manifest, callback) {

    var docker = exports.connection;

-    docker.getImage(dockerImage).inspect(function (error, result) {
+    var removeOptions = {
+        force: false, // might be shared with another instance of this app
+        noprune: false // delete untagged parents
+    };
+
+    // registry v1 used to pull down all *tags*. this meant that deleting image by tag was not enough (since that
+    // just removes the tag). we used to remove the image by id. this is not required anymore because aliases are
+    // not created anymore after https://github.com/docker/docker/pull/10571
+    docker.getImage(dockerImage).remove(removeOptions, function (error) {
        if (error && error.statusCode === 404) return callback(null);
+        if (error && error.statusCode === 409) return callback(null); // another container using the image

-        if (error) return callback(error);
+        if (error) debug('Error removing image %s : %j', dockerImage, error);

-        var removeOptions = {
-            force: true,
-            noprune: false
-        };
-
-         // delete image by id because 'docker pull' pulls down all the tags and this is the only way to delete all tags
-        docker.getImage(result.Id).remove(removeOptions, function (error) {
-            if (error && error.statusCode === 404) return callback(null);
-            if (error && error.statusCode === 409) return callback(null); // another container using the image
-
-            if (error) debug('Error removing image %s : %j', dockerImage, error);
-
-            callback(error);
-        });
+        callback(error);
    });
 }
@@ -54,7 +54,7 @@ function start(callback) {
                        cn: entry.id,
                        uid: entry.id,
                        mail: entry.email,
-                        displayname: entry.username,
+                        displayname: entry.displayName || entry.username,
                        username: entry.username,
                        samaccountname: entry.username,      // to support ActiveDirectory clients
                        memberof: groups
@@ -115,9 +115,11 @@ function start(callback) {
    gServer.bind('ou=users,dc=cloudron', function(req, res, next) {
        debug('ldap user bind: %s', req.dn.toString());

-        if (!req.dn.rdns[0].cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        // extract the common name which might have different attribute names
+        var commonName = req.dn.rdns[0][Object.keys(req.dn.rdns[0])[0]];
+        if (!commonName) return next(new ldap.NoSuchObjectError(req.dn.toString()));

-        user.verify(req.dn.rdns[0].cn, req.credentials || '', function (error, result) {
+        user.verify(commonName, req.credentials || '', function (error, result) {
            if (error && error.reason === UserError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
            if (error && error.reason === UserError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
            if (error) return next(new ldap.OperationsError(error));
@@ -5,8 +5,7 @@ Dear Admin,
 The application titled '<%= title %>' that you installed at <%= appFqdn %>
 is not responding.

-This is most likely a problem in the application. Please report this issue to
-support@cloudron.io (by forwarding this email).
+This is most likely a problem in the application.

 You are receiving this email because you are an Admin of the Cloudron at <%= fqdn %>.

@@ -4,10 +4,10 @@ Dear Admin,

 A new version of the app '<%= app.manifest.title %>' installed at <%= app.fqdn %> is available!

-Please update at your convenience at <%= webadminUrl %>.
+The app will update automatically tonight. Alternately, update immediately at <%= webadminUrl %>.

 Thank you,
-Update Manager
+your Cloudron

 <% } else { %>

@@ -4,7 +4,7 @@ Dear Admin,

 A new version of Cloudron <%= fqdn %> is available!

-Please update at your convenience at <%= webadminUrl %>.
+Your Cloudron will update automatically tonight. Alternately, update immediately at <%= webadminUrl %>.

 Changelog:
 <% for (var i = 0; i < changelog.length; i++) { %>
@@ -12,7 +12,7 @@ Changelog:
 <% } %>

 Thank you,
-Update Manager
+your Cloudron

 <% } else { %>

@@ -0,0 +1,19 @@
+<%if (format === 'text') { %>
+
+Dear Cloudron Team,
+
+<%= fqdn %> is running out of disk space.
+
+Please see some excerpts of the logs below.
+
+Thank you,
+Your Cloudron
+
+-------------------------------------
+
+<%- message %>
+
+<% } else { %>
+
+<% } %>
+
@@ -0,0 +1,23 @@
+<%if (format === 'text') { %>
+
+Dear Admin,
+
+User with name '<%= username %>' (<%= email %>) was added in the Cloudron at <%= fqdn %>.
+
+You are receiving this email because you are an Admin of the Cloudron at <%= fqdn %>.
+
+<% if (inviteLink) { %>
+This user was not invited immediately, he has to get invited manually later, using the "send invite" button in the admin panel.
+To perform any configuration on behalf of the user, please use this link
+<%= inviteLink %>
+It allows to setup a temporary password, which the user will be able to override, once he gets invited.
+This link will become invalid as soon as the user was invited.
+<% } %>
+
+Thank you,
+User Manager
+
+<% } else { %>
+
+<% } %>
+
@@ -15,8 +15,12 @@ To get started, create your account by visiting the following page:
 When you visit the above page, you will be prompted to enter a new password.
 After you have submitted the form, you can login using the new password.

+<% if (invitor && invitor.email) { %>
 Thank you,
 <%= invitor.email %>
+<% } else { %>
+Thank you
+<% } %>

 <% } else { %>

@@ -13,14 +13,20 @@ exports = module.exports = {
    boxUpdateAvailable: boxUpdateAvailable,
    appUpdateAvailable: appUpdateAvailable,

+    sendInvite: sendInvite,
    sendCrashNotification: sendCrashNotification,

    appDied: appDied,

+    outOfDiskSpace: outOfDiskSpace,
+
    FEEDBACK_TYPE_FEEDBACK: 'feedback',
    FEEDBACK_TYPE_TICKET: 'ticket',
    FEEDBACK_TYPE_APP: 'app',
-    sendFeedback: sendFeedback
+    sendFeedback: sendFeedback,
+
+    _getMailQueue: _getMailQueue,
+    _clearMailQueue: _clearMailQueue
 };

 var assert = require('assert'),
@@ -35,7 +41,7 @@ var assert = require('assert'),
    path = require('path'),
    safe = require('safetydance'),
    smtpTransport = require('nodemailer-smtp-transport'),
-    userdb = require('./userdb.js'),
+    users = require('./user.js'),
    util = require('util'),
    _ = require('underscore');

@@ -170,6 +176,9 @@ function sendMails(queue) {
 function enqueue(mailOptions) {
    assert.strictEqual(typeof mailOptions, 'object');

+    if (!mailOptions.from) console.error('from is missing');
+    if (!mailOptions.to) console.error('to is missing');
+
    debug('Queued mail for ' + mailOptions.from + ' to ' + mailOptions.to);
    gMailQueue.push(mailOptions);

@@ -184,7 +193,7 @@ function render(templateFile, params) {
 }

 function getAdminEmails(callback) {
-    userdb.getAllAdmins(function (error, admins) {
+    users.getAllAdmins(function (error, admins) {
        if (error) return callback(error);

        var adminEmails = [ ];
@@ -214,11 +223,11 @@ function mailUserEventToAdmins(user, event) {
    });
 }

-function userAdded(user, invitor) {
+function sendInvite(user, invitor) {
    assert.strictEqual(typeof user, 'object');
    assert(typeof invitor === 'object');

-    debug('Sending mail for userAdded');
+    debug('Sending invite mail');

    var templateData = {
        user: user,
@@ -237,8 +246,30 @@ function userAdded(user, invitor) {
    };

    enqueue(mailOptions);
+}

-    mailUserEventToAdmins(user, 'was added');
+function userAdded(user, inviteSent) {
+    assert.strictEqual(typeof user, 'object');
+    assert.strictEqual(typeof inviteSent, 'boolean');
+
+    debug('Sending mail for userAdded %s including invite link', inviteSent ? 'not' : '');
+
+    getAdminEmails(function (error, adminEmails) {
+        if (error) return console.log('Error getting admins', error);
+
+        adminEmails = _.difference(adminEmails, [ user.email ]);
+
+        var inviteLink = inviteSent ? null : config.adminOrigin() + '/api/v1/session/password/setup.html?reset_token=' + user.resetToken;
+
+        var mailOptions = {
+            from: config.get('adminEmail'),
+            to: adminEmails.join(', '),
+            subject: util.format('%s added in Cloudron %s', user.username, config.fqdn()),
+            text: render('user_added.ejs', { fqdn: config.fqdn(), username: user.username, email: user.email, inviteLink: inviteLink, format: 'text' }),
+        };
+
+        enqueue(mailOptions);
+    });
 }

 function userRemoved(username) {
@@ -284,7 +315,7 @@ function appDied(app) {

        var mailOptions = {
            from: config.get('adminEmail'),
-            to: adminEmails.join(', '),
+            to: adminEmails.concat('support@cloudron.io').join(', '),
            subject: util.format('App %s is down', app.location),
            text: render('app_down.ejs', { fqdn: config.fqdn(), title: app.manifest.title, appFqdn: config.appFqdn(app.location), format: 'text' })
        };
@@ -329,6 +360,19 @@ function appUpdateAvailable(app, updateInfo) {
    });
 }

+function outOfDiskSpace(message) {
+    assert.strictEqual(typeof message, 'string');
+
+    var mailOptions = {
+        from: config.get('adminEmail'),
+        to: 'admin@cloudron.io',
+        subject: util.format('[%s] Out of disk space alert', config.fqdn()),
+        text: render('out_of_disk_space.ejs', { fqdn: config.fqdn(), message: message, format: 'text' })
+    };
+
+    sendMails([ mailOptions ]);
+}
+
 // this function bypasses the queue intentionally. it is also expected to work without the mailer module initialized
 // crashnotifier should be able to send mail when there is no db
 function sendCrashNotification(program, context) {
@@ -362,3 +406,11 @@ function sendFeedback(user, type, subject, description) {

    enqueue(mailOptions);
 }
+
+function _getMailQueue() {
+    return gMailQueue;
+}
+
+function _clearMailQueue() {
+    gMailQueue = [];
+}
@@ -0,0 +1,93 @@
+/* jslint node:true */
+
+'use strict';
+
+var assert = require('assert'),
+    config = require('./config.js'),
+    debug = require('debug')('box:src/nginx'),
+    ejs = require('ejs'),
+    fs = require('fs'),
+    path = require('path'),
+    paths = require('./paths.js'),
+    safe = require('safetydance'),
+    shell = require('./shell.js');
+
+exports = module.exports = {
+    configureAdmin: configureAdmin,
+    configureApp: configureApp,
+    unconfigureApp: unconfigureApp,
+    reload: reload
+};
+
+var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
+    RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
+
+function configureAdmin(certFilePath, keyFilePath, callback) {
+    assert.strictEqual(typeof certFilePath, 'string');
+    assert.strictEqual(typeof keyFilePath, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var data = {
+        sourceDir: path.resolve(__dirname, '..'),
+        adminOrigin: config.adminOrigin(),
+        vhost: config.adminFqdn(),
+        endpoint: 'admin',
+        certFilePath: certFilePath,
+        keyFilePath: keyFilePath
+    };
+    var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
+    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, 'admin.conf');
+
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
+
+    reload(callback);
+}
+
+function configureApp(app, certFilePath, keyFilePath, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof certFilePath, 'string');
+    assert.strictEqual(typeof keyFilePath, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var sourceDir = path.resolve(__dirname, '..');
+    var endpoint = app.oauthProxy ? 'oauthproxy' : 'app';
+    var vhost = config.appFqdn(app.location);
+
+    var data = {
+        sourceDir: sourceDir,
+        adminOrigin: config.adminOrigin(),
+        vhost: vhost,
+        port: app.httpPort,
+        endpoint: endpoint,
+        certFilePath: certFilePath,
+        keyFilePath: keyFilePath
+    };
+    var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
+
+    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
+    debug('writing config for "%s" to %s', app.location, nginxConfigFilename);
+
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
+        debug('Error creating nginx config for "%s" : %s', app.location, safe.error.message);
+        return callback(safe.error);
+    }
+
+    reload(callback);
+}
+
+function unconfigureApp(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
+    if (!safe.fs.unlinkSync(nginxConfigFilename)) {
+        debug('Error removing nginx configuration of "%s": %s', app.location, safe.error.message);
+        return callback(null);
+    }
+
+    reload(callback);
+}
+
+function reload(callback) {
+    shell.sudo('reload', [ RELOAD_NGINX_CMD ], callback);
+}
@@ -4,7 +4,7 @@
    <meta charset="utf-8" />
    <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height" />

-    <title> Cloudron Login </title>
+    <title> <%= title %> </title>

    <link href="/api/v1/cloudron/avatar" rel="icon" type="image/png">

@@ -25,10 +25,16 @@ app.controller('Controller', [function () {}]);

                <div class="form-group" ng-class="{ 'has-error': resetForm.password.$dirty && resetForm.password.$invalid }">
                    <label class="control-label" for="inputPassword">New Password</label>
-                    <input type="password" class="form-control" id="inputPassword" ng-model="password" name="password" ng-maxlength="512" ng-minlength="5" autofocus required>
+                    <div class="control-label" ng-show="resetForm.password.$dirty && resetForm.password.$invalid">
+                        <small ng-show="resetForm.password.$dirty && resetForm.password.$invalid">Password must be 8-30 character with at least one uppercase, one numeric and one special character</small>
+                    </div>
+                    <input type="password" class="form-control" id="inputPassword" ng-model="password" name="password" ng-pattern="/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{8,30}$/" autofocus required>
                </div>
-                <div class="form-group" ng-class="{ 'has-error': resetForm.passwordRepeat.$dirty && (resetForm.passwordRepeat.$invalid || password !== passwordRepeat) }">
+                <div class="form-group" ng-class="{ 'has-error': resetForm.passwordRepeat.$dirty && (password !== passwordRepeat) }">
                    <label class="control-label" for="inputPasswordRepeat">Repeat Password</label>
+                    <div class="control-label" ng-show="resetForm.passwordRepeat.$dirty && (password !== passwordRepeat)">
+                        <small ng-show="resetForm.passwordRepeat.$dirty && (password !== passwordRepeat)">Passwords don't match</small>
+                    </div>
                    <input type="password" class="form-control" id="inputPasswordRepeat" ng-model="passwordRepeat" name="passwordRepeat" required>
                </div>
                <input class="btn btn-primary btn-outline pull-right" type="submit" value="Create" ng-disabled="resetForm.$invalid || password !== passwordRepeat"/>
@@ -25,10 +25,16 @@ app.controller('Controller', [function () {}]);

                <div class="form-group" ng-class="{ 'has-error': setupForm.password.$dirty && setupForm.password.$invalid }">
                    <label class="control-label" for="inputPassword">New Password</label>
-                    <input type="password" class="form-control" id="inputPassword" ng-model="password" name="password" ng-maxlength="512" ng-minlength="5" autofocus required>
+                    <div class="control-label" ng-show="setupForm.password.$dirty && setupForm.password.$invalid">
+                        <small ng-show="setupForm.password.$dirty && setupForm.password.$invalid">Password must be 8-30 character with at least one uppercase, one numeric and one special character</small>
+                    </div>
+                    <input type="password" class="form-control" id="inputPassword" ng-model="password" name="password" ng-maxlength="30" ng-minlength="8" autofocus required>
                </div>
-                <div class="form-group" ng-class="{ 'has-error': setupForm.passwordRepeat.$dirty && (setupForm.passwordRepeat.$invalid || password !== passwordRepeat) }">
+                <div class="form-group" ng-class="{ 'has-error': setupForm.passwordRepeat.$dirty && (password !== passwordRepeat) }">
                    <label class="control-label" for="inputPasswordRepeat">Repeat Password</label>
+                    <div class="control-label" ng-show="setupForm.passwordRepeat.$dirty && (password !== passwordRepeat)">
+                        <small ng-show="setupForm.passwordRepeat.$dirty && (password !== passwordRepeat)">Passwords don't match</small>
+                    </div>
                    <input type="password" class="form-control" id="inputPasswordRepeat" ng-model="passwordRepeat" name="passwordRepeat" required>
                </div>
                <input class="btn btn-primary btn-outline pull-right" type="submit" value="Create" ng-disabled="setupForm.$invalid || password !== passwordRepeat"/>
@@ -92,7 +92,7 @@ function authenticate(req, res, next) {
            .post(config.internalAdminOrigin() + '/api/v1/oauth/token')
            .query(query).send(data)
            .end(function (error, result) {
-            if (error) {
+            if (error && !error.response) {
                console.error(error);
                return res.send(500, 'Unable to contact the oauth server.');
            }
@@ -0,0 +1,47 @@
+/* jslint node:true */
+
+'use strict';
+
+// From https://www.npmjs.com/package/password-generator
+
+exports = module.exports = {
+    generate: generate,
+    validate: validate
+};
+
+var assert = require('assert'),
+    generatePassword = require('password-generator');
+
+// http://www.w3resource.com/javascript/form/example4-javascript-form-validation-password.html
+// WARNING!!! if this is changed, the UI parts in the setup and account view have to be adjusted!
+var gPasswordTestRegExp = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{8,30}$/;
+
+var UPPERCASE_RE = /([A-Z])/g;
+var LOWERCASE_RE = /([a-z])/g;
+var NUMBER_RE = /([\d])/g;
+var SPECIAL_CHAR_RE = /([\?\-])/g;
+
+function isStrongEnough(password) {
+    var uc = password.match(UPPERCASE_RE);
+    var lc = password.match(LOWERCASE_RE);
+    var n = password.match(NUMBER_RE);
+    var sc = password.match(SPECIAL_CHAR_RE);
+
+    return uc && lc && n && sc;
+}
+
+function generate() {
+    var password = '';
+
+    while (!isStrongEnough(password)) password = generatePassword(8, false, /[\w\d\?\-]/);
+
+    return password;
+}
+
+function validate(password) {
+    assert.strictEqual(typeof password, 'string');
+
+    if (!password.match(gPasswordTestRegExp)) return new Error('Password must be 8-30 character with at least one uppercase, one numeric and one special character');
+
+    return null;
+}
@@ -12,7 +12,6 @@ exports = module.exports = {
    NGINX_CERT_DIR: path.join(config.baseDir(), 'data/nginx/cert'),

    ADDON_CONFIG_DIR: path.join(config.baseDir(), 'data/addons'),
-    SCHEDULER_FILE: path.join(config.baseDir(), 'data/addons/scheduler.json'),

    DNS_IN_SYNC_FILE: path.join(config.baseDir(), 'data/dns_in_sync'),

@@ -28,5 +27,8 @@ exports = module.exports = {
    CLOUDRON_AVATAR_FILE: path.join(config.baseDir(), 'data/box/avatar.png'),
    CLOUDRON_DEFAULT_AVATAR_FILE: path.join(__dirname + '/../assets/avatar.png'),

-    UPDATE_CHECKER_FILE: path.join(config.baseDir(), 'data/box/updatechecker.json')
+    UPDATE_CHECKER_FILE: path.join(config.baseDir(), 'data/box/updatechecker.json'),
+
+    ACME_CHALLENGES_DIR: path.join(config.baseDir(), 'data/acme'),
+    ACME_ACCOUNT_KEY_FILE: path.join(config.baseDir(), 'data/box/acme/acme.key')
 };
@@ -15,6 +15,7 @@ exports = module.exports = {
    updateApp: updateApp,
    getLogs: getLogs,
    getLogStream: getLogStream,
+    listBackups: listBackups,

    stopApp: stopApp,
    startApp: startApp,
@@ -357,7 +358,9 @@ function exec(req, res, next) {
    var rows = req.query.rows ? parseInt(req.query.rows, 10) : null;
    if (isNaN(rows)) return next(new HttpError(400, 'rows must be a number'));

-    apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns }, function (error, duplexStream) {
+    var tty = req.query.tty === 'true' ? true : false;
+
+    apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
        if (error && error.reason === AppsError.BAD_STATE) return next(new HttpError(409, error.message));
        if (error) return next(new HttpError(500, error));
@@ -369,8 +372,16 @@ function exec(req, res, next) {

        duplexStream.pipe(res.socket);
        res.socket.pipe(duplexStream);
-
-        res.on('close', duplexStream.close);
    });
 }

+function listBackups(req, res, next) {
+    assert.strictEqual(typeof req.params.id, 'string');
+
+    apps.listBackups(req.params.id, function (error, result) {
+        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200, { backups: result }));
+    });
+}
@@ -23,8 +23,7 @@ var assert = require('assert'),
    debug = require('debug')('box:routes/cloudron'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
-    superagent = require('superagent'),
-    updateChecker = require('../updatechecker.js');
+    superagent = require('superagent');

 /**
 * Creating an admin user and activate the cloudron.
@@ -42,27 +41,32 @@ function activate(req, res, next) {
    if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));
    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
+    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var username = req.body.username;
    var password = req.body.password;
    var email = req.body.email;
+    var displayName = req.body.displayName || '';

    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
    debug('activate: username:%s ip:%s', username, ip);

-    cloudron.activate(username, password, email, ip, function (error, info) {
+    cloudron.activate(username, password, email, displayName, ip, function (error, info) {
        if (error && error.reason === CloudronError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));
        if (error && error.reason === CloudronError.BAD_USERNAME) return next(new HttpError(400, 'Bad username'));
        if (error && error.reason === CloudronError.BAD_PASSWORD) return next(new HttpError(400, 'Bad password'));
        if (error && error.reason === CloudronError.BAD_EMAIL) return next(new HttpError(400, 'Bad email'));
        if (error) return next(new HttpError(500, error));

+        // only in caas case do we have to notify the api server about activation
+        if (config.provider() !== 'caas') return next(new HttpSuccess(201, info));
+
        // Now let the api server know we got activated
-        superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/done').query({ setupToken:req.query.setupToken }).end(function (error, result) {
-            if (error) return next(new HttpError(500, error));
+        superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/done').query({ setupToken: req.query.setupToken }).end(function (error, result) {
+            if (error && !error.response) return next(new HttpError(500, error));
            if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
            if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
-            if (result.statusCode !== 201) return next(new HttpError(500, result.text ? result.text.message : 'Internal error'));
+            if (result.statusCode !== 201) return next(new HttpError(500, result.text || 'Internal error'));

            next(new HttpSuccess(201, info));
        });
@@ -72,13 +76,16 @@ function activate(req, res, next) {
 function setupTokenAuth(req, res, next) {
    assert.strictEqual(typeof req.query, 'object');

+    // skip setupToken auth for non caas case
+    if (config.provider() !== 'caas') return next();
+
    if (typeof req.query.setupToken !== 'string') return next(new HttpError(400, 'no setupToken provided'));

    superagent.get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/verify').query({ setupToken:req.query.setupToken }).end(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error && !error.response) return next(new HttpError(500, error));
        if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
        if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
-        if (result.statusCode !== 200) return next(new HttpError(500, result.text ? result.text.message : 'Internal error'));
+        if (result.statusCode !== 200) return next(new HttpError(500, result.text || 'Internal error'));

        next();
    });
@@ -112,11 +119,9 @@ function getConfig(req, res, next) {
 }

 function update(req, res, next) {
-    var boxUpdateInfo = updateChecker.getUpdateInfo().box;
-    if (!boxUpdateInfo) return next(new HttpError(422, 'No update available'));
-
    // this only initiates the update, progress can be checked via the progress route
-    cloudron.update(boxUpdateInfo, function (error) {
+    cloudron.updateToLatest(function (error) {
+        if (error && error.reason === CloudronError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));
        if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));
        if (error) return next(new HttpError(500, error));

@@ -3,7 +3,8 @@
 'use strict';

 exports = module.exports = {
-    backup: backup
+    backup: backup,
+    update: update
 };

 var cloudron = require('../cloudron.js'),
@@ -13,7 +14,7 @@ var cloudron = require('../cloudron.js'),
    HttpSuccess = require('connect-lastmile').HttpSuccess;

 function backup(req, res, next) {
-    debug('trigger backup');
+    debug('triggering backup');

    // note that cloudron.backup only waits for backup initiation and not for backup to complete
    // backup progress can be checked up ny polling the progress api call
@@ -24,3 +25,17 @@ function backup(req, res, next) {
        next(new HttpSuccess(202, {}));
    });
 }
+
+function update(req, res, next) {
+    debug('triggering update');
+
+    // this only initiates the update, progress can be checked via the progress route
+    cloudron.updateToLatest(function (error) {
+        if (error && error.reason === CloudronError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));
+        if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(202, {}));
+    });
+}
+
@@ -150,14 +150,16 @@ function sendErrorPageOrRedirect(req, res, message) {
    if (typeof req.query.returnTo !== 'string') {
        renderTemplate(res, 'error', {
            adminOrigin: config.adminOrigin(),
-            message: message
+            message: message,
+            title: 'Cloudron Error'
        });
    } else {
        var u = url.parse(req.query.returnTo);
        if (!u.protocol || !u.host) {
            return renderTemplate(res, 'error', {
                adminOrigin: config.adminOrigin(),
-                message: 'Invalid request. returnTo query is not a valid URI. ' + message
+                message: 'Invalid request. returnTo query is not a valid URI. ' + message,
+                title: 'Cloudron Error'
            });
        }

@@ -174,7 +176,8 @@ function sendError(req, res, message) {

    renderTemplate(res, 'error', {
        adminOrigin: config.adminOrigin(),
-        message: message
+        message: message,
+        title: 'Cloudron Error'
    });
 }

@@ -191,7 +194,8 @@ function loginForm(req, res) {
            csrf: req.csrfToken(),
            applicationName: applicationName,
            applicationLogo: applicationLogo,
-            error: req.query.error || null
+            error: req.query.error || null,
+            title: applicationName + ' Login'
        });
    }

@@ -237,7 +241,7 @@ function logout(req, res) {
 // Form to enter email address to send a password reset request mail
 // -> GET /api/v1/session/password/resetRequest.html
 function passwordResetRequestSite(req, res) {
-    renderTemplate(res, 'password_reset_request', { adminOrigin: config.adminOrigin(), csrf: req.csrfToken() });
+    renderTemplate(res, 'password_reset_request', { adminOrigin: config.adminOrigin(), csrf: req.csrfToken(), title: 'Cloudron Password Reset' });
 }

 // This route is used for above form submission
@@ -261,7 +265,7 @@ function passwordResetRequest(req, res, next) {

 // -> GET /api/v1/session/password/sent.html
 function passwordSentSite(req, res) {
-    renderTemplate(res, 'password_reset_sent', { adminOrigin: config.adminOrigin() });
+    renderTemplate(res, 'password_reset_sent', { adminOrigin: config.adminOrigin(), title: 'Cloudron Password Reset' });
 }

 // -> GET /api/v1/session/password/setup.html
@@ -275,7 +279,8 @@ function passwordSetupSite(req, res, next) {
            adminOrigin: config.adminOrigin(),
            user: user,
            csrf: req.csrfToken(),
-            resetToken: req.query.reset_token
+            resetToken: req.query.reset_token,
+            title: 'Cloudron Password Setup'
        });
    });
 }
@@ -291,7 +296,8 @@ function passwordResetSite(req, res, next) {
            adminOrigin: config.adminOrigin(),
            user: user,
            csrf: req.csrfToken(),
-            resetToken: req.query.reset_token
+            resetToken: req.query.reset_token,
+            title: 'Cloudron Password Reset'
        });
    });
 }
@@ -23,6 +23,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
+    certificates = require('../certificates.js'),
+    CertificatesError = require('../certificates.js').CertificatesError,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    safe = require('safetydance'),
@@ -142,8 +144,8 @@ function setCertificate(req, res, next) {
    if (!req.body.cert || typeof req.body.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
    if (!req.body.key || typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string'));

-    settings.setCertificate(req.body.cert, req.body.key, function (error) {
-        if (error && error.reason === SettingsError.INVALID_CERT) return next(new HttpError(400, error.message));
+    certificates.setFallbackCertificate(req.body.cert, req.body.key, function (error) {
+        if (error && error.reason === CertificatesError.INVALID_CERT) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, {}));
@@ -157,8 +159,8 @@ function setAdminCertificate(req, res, next) {
    if (!req.body.cert || typeof req.body.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
    if (!req.body.key || typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string'));

-    settings.setAdminCertificate(req.body.cert, req.body.key, function (error) {
-        if (error && error.reason === SettingsError.INVALID_CERT) return next(new HttpError(400, error.message));
+    certificates.setAdminCertificate(req.body.cert, req.body.key, function (error) {
+        if (error && error.reason === CertificatesError.INVALID_CERT) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, {}));
@@ -27,7 +27,7 @@ var appdb = require('../../appdb.js'),
    nock = require('nock'),
    paths = require('../../paths.js'),
    redis = require('redis'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    safe = require('safetydance'),
    server = require('../../server.js'),
    settings = require('../../settings.js'),
@@ -42,7 +42,8 @@ var SERVER_URL = 'http://localhost:' + config.get('port');
 // Test image information
 var TEST_IMAGE_REPO = 'cloudron/test';
 var TEST_IMAGE_TAG = '10.0.0';
-var TEST_IMAGE_ID = child_process.execSync('docker inspect --format={{.Id}} ' + TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG).toString('utf8').trim();
+var TEST_IMAGE = TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG;
+var TEST_IMAGE_ID = child_process.execSync('docker inspect --format={{.Id}} ' + TEST_IMAGE).toString('utf8').trim();

 var APP_STORE_ID = 'test', APP_ID;
 var APP_LOCATION = 'appslocation';
@@ -50,14 +51,14 @@ var APP_LOCATION_2 = 'appslocationtwo';
 var APP_LOCATION_NEW = 'appslocationnew';

 var APP_MANIFEST = JSON.parse(fs.readFileSync(__dirname + '/../../../../test-app/CloudronManifest.json', 'utf8'));
-APP_MANIFEST.dockerImage = TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG;
+APP_MANIFEST.dockerImage = TEST_IMAGE;

 var APP_MANIFEST_1 = JSON.parse(fs.readFileSync(__dirname + '/../../../../test-app/CloudronManifest.json', 'utf8'));
-APP_MANIFEST_1.dockerImage = TEST_IMAGE_REPO + ':' + TEST_IMAGE_TAG;
+APP_MANIFEST_1.dockerImage = TEST_IMAGE;
 APP_MANIFEST_1.singleUser = true;

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='admin@me.com';
-var USERNAME_1 = 'user', PASSWORD_1 = 'password', EMAIL_1 ='user@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='admin@me.com';
+var USERNAME_1 = 'user', PASSWORD_1 = 'Foobar?1338', EMAIL_1 ='user@me.com';
 var token = null; // authentication token
 var token_1 = null;

@@ -114,11 +115,10 @@ function setup(done) {
            var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
            var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
                   .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result).to.be.ok();
                expect(result.statusCode).to.eql(201);
                expect(scope1.isDone()).to.be.ok();
@@ -137,11 +137,10 @@ function setup(done) {
        },

        function (callback) {
-            request.post(SERVER_URL + '/api/v1/users')
+            superagent.post(SERVER_URL + '/api/v1/users')
                   .query({ access_token: token })
-                   .send({ username: USERNAME_1, email: EMAIL_1 })
+                   .send({ username: USERNAME_1, email: EMAIL_1, invite: false })
                   .end(function (err, res) {
-                expect(err).to.not.be.ok();
                expect(res.statusCode).to.equal(201);

                callback(null);
@@ -156,6 +155,7 @@ function setup(done) {
        },

        settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' }),
+        settings.setTlsConfig.bind(null, { provider: 'caas' }),
        settings.setBackupConfig.bind(null, { provider: 'caas', token: 'BACKUP_TOKEN', bucket: 'Bucket', prefix: 'Prefix' })
    ], done);
 }
@@ -177,7 +177,7 @@ describe('App API', function () {

    before(function (done) {
        dockerProxy = startDockerProxy(function interceptor(req, res) {
-            if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE_ID + '?force=true&noprune=false') {
+            if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE + '?force=false&noprune=false') {
                res.writeHead(200);
                res.end();
                return true;
@@ -197,174 +197,174 @@ describe('App API', function () {
    });

    it('app install fails - missing manifest', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('manifest is required');
-            done(err);
+            done();
        });
    });

    it('app install fails - missing appId', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ manifest: APP_MANIFEST, password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('appStoreId is required');
-            done(err);
+            done();
        });
    });

    it('app install fails - invalid json', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send('garbage')
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('app install fails - invalid location', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: '!awesome', accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('Hostname can only contain alphanumerics and hyphen');
-            done(err);
+            done();
        });
    });

    it('app install fails - invalid location type', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: 42, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('location is required');
-            done(err);
+            done();
        });
    });

    it('app install fails - reserved admin location', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.ADMIN_LOCATION, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql(constants.ADMIN_LOCATION + ' is reserved');
-            done(err);
+            done();
        });
    });

    it('app install fails - reserved api location', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: constants.API_LOCATION, accessRestriction: null, oauthProxy: true })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql(constants.API_LOCATION + ' is reserved');
-            done(err);
+            done();
        });
    });

    it('app install fails - portBindings must be object', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: 23, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('portBindings must be an object');
-            done(err);
+            done();
        });
    });

    it('app install fails - accessRestriction is required', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('accessRestriction is required');
-            done(err);
+            done();
        });
    });

    it('app install fails - accessRestriction type is wrong', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: '', oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('accessRestriction is required');
-            done(err);
+            done();
        });
    });

    it('app install fails - accessRestriction no users not allowed', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST_1, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('accessRestriction must specify one user');
-            done(err);
+            done();
        });
    });

    it('app install fails - accessRestriction too many users not allowed', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST_1, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: { users: [ 'one', 'two' ] }, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('accessRestriction must specify one user');
-            done(err);
+            done();
        });
    });

    it('app install fails - oauthProxy is required', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: {}, accessRestriction: null })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(res.body.message).to.eql('oauthProxy must be a boolean');
-            done(err);
+            done();
        });
    });

    it('app install fails for non admin', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token_1 })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('app install fails due to purchase failure', function (done) {
        var fake = nock(config.apiServerOrigin()).post('/api/v1/apps/test/purchase?token=APPSTORE_TOKEN').reply(402, {});

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(402);
            expect(fake.isDone()).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('app install succeeds with purchase', function (done) {
        var fake = nock(config.apiServerOrigin()).post('/api/v1/apps/test/purchase?token=APPSTORE_TOKEN').reply(201, {});

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
@@ -372,14 +372,14 @@ describe('App API', function () {
            expect(res.body.id).to.be.a('string');
            APP_ID = res.body.id;
            expect(fake.isDone()).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('app install fails because of conflicting location', function (done) {
        var fake = nock(config.apiServerOrigin()).post('/api/v1/apps/test/purchase?token=APPSTORE_TOKEN').reply(201, {});

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
@@ -390,120 +390,120 @@ describe('App API', function () {
    });

    it('can get app status', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+        superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
               .query({ access_token: token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.id).to.eql(APP_ID);
            expect(res.body.installationState).to.be.ok();
-            done(err);
+            done();
         });
    });

    it('cannot get invalid app status', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps/kubachi')
+        superagent.get(SERVER_URL + '/api/v1/apps/kubachi')
               .query({ access_token: token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(404);
-            done(err);
+            done();
         });
    });

    it('can get all apps', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps')
+        superagent.get(SERVER_URL + '/api/v1/apps')
               .query({ access_token: token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.apps).to.be.an('array');
            expect(res.body.apps[0].id).to.eql(APP_ID);
            expect(res.body.apps[0].installationState).to.be.ok();
-            done(err);
+            done();
         });
    });

    it('non admin can get all apps', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps')
+        superagent.get(SERVER_URL + '/api/v1/apps')
               .query({ access_token: token_1 })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.apps).to.be.an('array');
            expect(res.body.apps[0].id).to.eql(APP_ID);
            expect(res.body.apps[0].installationState).to.be.ok();
-            done(err);
+            done();
         });
    });

    it('can get appBySubdomain', function (done) {
-        request.get(SERVER_URL + '/api/v1/subdomains/' + APP_LOCATION)
+        superagent.get(SERVER_URL + '/api/v1/subdomains/' + APP_LOCATION)
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.id).to.eql(APP_ID);
            expect(res.body.installationState).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('cannot get invalid app by Subdomain', function (done) {
-        request.get(SERVER_URL + '/api/v1/subdomains/tikaloma')
+        superagent.get(SERVER_URL + '/api/v1/subdomains/tikaloma')
               .end(function (err, res) {
            expect(res.statusCode).to.equal(404);
-            done(err);
+            done();
        });
    });

    it('cannot uninstall invalid app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/whatever/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/whatever/uninstall')
            .send({ password: PASSWORD })
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(404);
-            done(err);
+            done();
        });
    });

    it('cannot uninstall app without password', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('cannot uninstall app with wrong password', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .send({ password: PASSWORD+PASSWORD })
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('non admin cannot uninstall app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .send({ password: PASSWORD })
            .query({ access_token: token_1 })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('can uninstall app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .send({ password: PASSWORD })
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
-            done(err);
+            done();
        });
    });

    it('app install succeeds already purchased', function (done) {
        var fake = nock(config.apiServerOrigin()).post('/api/v1/apps/test/purchase?token=APPSTORE_TOKEN').reply(200, {});

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
               .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION_2, portBindings: null, accessRestriction: null, oauthProxy: false })
               .end(function (err, res) {
@@ -511,7 +511,7 @@ describe('App API', function () {
            expect(res.body.id).to.be.a('string');
            APP_ID = res.body.id;
            expect(fake.isDone()).to.be.ok();
-            done(err);
+            done();
        });
    });

@@ -521,7 +521,7 @@ describe('App API', function () {
        settings.setDeveloperMode(true, function (error) {
            expect(error).to.be(null);

-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME, password: PASSWORD })
                   .end(function (error, result) {
                expect(error).to.not.be.ok();
@@ -532,7 +532,7 @@ describe('App API', function () {
                // overwrite non dev token
                token = result.body.token;

-                request.post(SERVER_URL + '/api/v1/apps/install')
+                superagent.post(SERVER_URL + '/api/v1/apps/install')
                       .query({ access_token: token })
                       .send({ appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, location: APP_LOCATION+APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
                       .end(function (err, res) {
@@ -540,18 +540,18 @@ describe('App API', function () {
                    expect(res.body.id).to.be.a('string');
                    expect(fake.isDone()).to.be.ok();
                    APP_ID = res.body.id;
-                    done(err);
+                    done();
                });
            });
        });
    });

    it('can uninstall app without password but developer token', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
-            done(err);
+            done();
        });
    });
 });
@@ -574,7 +574,7 @@ describe('App installation', function () {
                        res.writeHead(200);
                        res.end();
                        return true;
-                    } else if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE_ID + '?force=true&noprune=false') {
+                    } else if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE + '?force=false&noprune=false') {
                        imageDeleted = true;
                        res.writeHead(200);
                        res.end();
@@ -628,7 +628,7 @@ describe('App installation', function () {

        var count = 0;
        function checkInstallStatus() {
-            request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+            superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
               .query({ access_token: token })
               .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
@@ -639,7 +639,7 @@ describe('App installation', function () {
            });
        }

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
              .query({ access_token: token })
              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: null, accessRestriction: null, oauthProxy: false })
              .end(function (err, res) {
@@ -705,7 +705,7 @@ describe('App installation', function () {
    it('installation - is up and running', function (done) {
        expect(appResult.httpPort).to.be(undefined);
        setTimeout(function () {
-            request.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
+            superagent.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
                .end(function (err, res) {
                expect(!err).to.be.ok();
                expect(res.statusCode).to.equal(200);
@@ -842,7 +842,7 @@ describe('App installation', function () {
    });

    xit('logs - stdout and stderr', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps/' + APP_ID + '/logs')
+        superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID + '/logs')
            .query({ access_token: token })
            .end(function (err, res) {
            var data = '';
@@ -856,7 +856,7 @@ describe('App installation', function () {
    });

    xit('logStream - requires event-stream accept header', function (done) {
-        request.get(SERVER_URL + '/api/v1/apps/' + APP_ID + '/logstream')
+        superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID + '/logstream')
            .query({ access_token: token, fromLine: 0 })
            .end(function (err, res) {
            expect(res.statusCode).to.be(400);
@@ -895,7 +895,7 @@ describe('App installation', function () {
    });

    it('non admin cannot stop app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
            .query({ access_token: token_1 })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
@@ -904,7 +904,7 @@ describe('App installation', function () {
    });

    it('can stop app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
@@ -915,7 +915,7 @@ describe('App installation', function () {
    it('did stop the app', function (done) {
        // give the app a couple of seconds to die
        setTimeout(function () {
-            request.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
+            superagent.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
                .end(function (err, res) {
                expect(err).to.be.ok();
                done();
@@ -924,7 +924,7 @@ describe('App installation', function () {
    });

    it('nonadmin cannot start app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/start')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/start')
            .query({ access_token: token_1 })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
@@ -933,7 +933,7 @@ describe('App installation', function () {
    });

    it('can start app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/start')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/start')
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
@@ -942,20 +942,23 @@ describe('App installation', function () {
    });

    it('did start the app', function (done) {
-        setTimeout(function () {
-            request.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
+        var count = 0;
+        function checkStartState() {
+            superagent.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
                .end(function (err, res) {
-                expect(!err).to.be.ok();
-                expect(res.statusCode).to.equal(200);
-                done();
+                if (res && res.statusCode === 200) return done();
+                if (++count > 50) return done(new Error('Timedout'));
+                setTimeout(checkStartState, 500);
            });
-        }, 2000); // give some time for docker to settle
+        }
+
+        checkStartState();
    });

    it('can uninstall app', function (done) {
        var count = 0;
        function checkUninstallStatus() {
-            request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+            superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
               .query({ access_token: token })
               .end(function (err, res) {
                if (res.statusCode === 404) return done(null);
@@ -964,7 +967,7 @@ describe('App installation', function () {
            });
        }

-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .send({ password: PASSWORD })
            .query({ access_token: token })
            .end(function (err, res) {
@@ -1041,7 +1044,7 @@ describe('App installation - port bindings', function () {
                        res.writeHead(200);
                        res.end();
                        return true;
-                    } else if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE_ID + '?force=true&noprune=false') {
+                    } else if (req.method === 'DELETE' && req.url === '/images/' + TEST_IMAGE + '?force=false&noprune=false') {
                        imageDeleted = true;
                        res.writeHead(200);
                        res.end();
@@ -1064,6 +1067,8 @@ describe('App installation - port bindings', function () {

            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' }),

+            settings.setTlsConfig.bind(null, { provider: 'caas' }),
+
            function (callback) {
                awsHockInstance
                    .get('/2013-04-01/hostedzone')
@@ -1096,7 +1101,7 @@ describe('App installation - port bindings', function () {

        var count = 0;
        function checkInstallStatus() {
-            request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+            superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
               .query({ access_token: token })
               .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
@@ -1107,7 +1112,7 @@ describe('App installation - port bindings', function () {
            });
        }

-        request.post(SERVER_URL + '/api/v1/apps/install')
+        superagent.post(SERVER_URL + '/api/v1/apps/install')
              .query({ access_token: token })
              .send({ appId: APP_ID, appStoreId: APP_STORE_ID, manifest: APP_MANIFEST, password: PASSWORD, location: APP_LOCATION, portBindings: { ECHO_SERVER_PORT: 7171 }, accessRestriction: null, oauthProxy: false })
              .end(function (err, res) {
@@ -1163,7 +1168,7 @@ describe('App installation - port bindings', function () {
        var tryCount = 20;
        expect(appResult.httpPort).to.be(undefined);
        (function healthCheck() {
-            request.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
+            superagent.get('http://localhost:' + appEntry.httpPort + appResult.manifest.healthCheckPath)
                .end(function (err, res) {
                if (err || res.statusCode !== 200) {
                    if (--tryCount === 0) return done(new Error('Timedout'));
@@ -1253,7 +1258,7 @@ describe('App installation - port bindings', function () {
        assert.strictEqual(typeof count, 'number');
        assert.strictEqual(typeof done, 'function');

-        request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+        superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
           .query({ access_token: token })
           .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
@@ -1265,7 +1270,7 @@ describe('App installation - port bindings', function () {
    }

    it('cannot reconfigure app with missing location', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
@@ -1275,7 +1280,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with missing accessRestriction', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, oauthProxy: false })
              .end(function (err, res) {
@@ -1285,7 +1290,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with missing oauthProxy', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null })
              .end(function (err, res) {
@@ -1295,7 +1300,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with only the cert, no key', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1 })
              .end(function (err, res) {
@@ -1305,7 +1310,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with only the key, no cert', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, key: validKey1 })
              .end(function (err, res) {
@@ -1315,7 +1320,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with cert not bein a string', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: 1234, key: validKey1 })
              .end(function (err, res) {
@@ -1325,7 +1330,7 @@ describe('App installation - port bindings', function () {
    });

    it('cannot reconfigure app with key not bein a string', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1, key: 1234 })
              .end(function (err, res) {
@@ -1335,7 +1340,7 @@ describe('App installation - port bindings', function () {
    });

    it('non admin cannot reconfigure app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token_1 })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
@@ -1345,7 +1350,7 @@ describe('App installation - port bindings', function () {
    });

    it('can reconfigure app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true })
              .end(function (err, res) {
@@ -1429,7 +1434,7 @@ describe('App installation - port bindings', function () {
    });

    it('can reconfigure app with custom certificate', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
              .query({ access_token: token })
              .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: validCert1, key: validKey1 })
              .end(function (err, res) {
@@ -1439,7 +1444,7 @@ describe('App installation - port bindings', function () {
    });

    it('can stop app', function (done) {
-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop')
            .query({ access_token: token })
            .end(function (err, res) {
            expect(res.statusCode).to.equal(202);
@@ -1464,7 +1469,7 @@ describe('App installation - port bindings', function () {
    it('can uninstall app', function (done) {
        var count = 0;
        function checkUninstallStatus() {
-            request.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
+            superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID)
               .query({ access_token: token })
               .end(function (err, res) {
                if (res.statusCode === 404) return done(null);
@@ -1473,7 +1478,7 @@ describe('App installation - port bindings', function () {
            });
        }

-        request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
+        superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/uninstall')
            .send({ password: PASSWORD })
            .query({ access_token: token })
            .end(function (err, res) {
@@ -11,7 +11,7 @@ var appdb = require('../../appdb.js'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    server = require('../../server.js'),
    settings = require('../../settings.js'),
    nock = require('nock'),
@@ -19,7 +19,7 @@ var appdb = require('../../appdb.js'),

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
 var token = null;

 var server;
@@ -33,11 +33,10 @@ function setup(done) {
            var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
            var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
                   .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result).to.be.ok();
                expect(result.statusCode).to.eql(201);
                expect(scope1.isDone()).to.be.ok();
@@ -74,22 +73,22 @@ describe('Backups API', function () {
    after(cleanup);

    describe('get', function () {
-        it('cannot get backups with appstore request failing', function (done) {
+        it('cannot get backups with appstore superagent failing', function (done) {
            var req = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/backups?token=BACKUP_TOKEN').reply(401, {});

-            request.get(SERVER_URL + '/api/v1/backups')
+            superagent.get(SERVER_URL + '/api/v1/backups')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(503);
                expect(req.isDone()).to.be.ok();
-                done(err);
+                done();
            });
        });

        it('can get backups', function (done) {
            var req = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/backups?token=BACKUP_TOKEN').reply(200, { backups: ['foo', 'bar']});

-            request.get(SERVER_URL + '/api/v1/backups')
+            superagent.get(SERVER_URL + '/api/v1/backups')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
@@ -97,26 +96,24 @@ describe('Backups API', function () {
                expect(res.body.backups).to.be.an(Array);
                expect(res.body.backups[0]).to.eql('foo');
                expect(res.body.backups[1]).to.eql('bar');
-                done(err);
+                done();
            });
        });
    });

    describe('create', function () {
        it('fails due to mising token', function (done) {
-            request.post(SERVER_URL + '/api/v1/backups')
+            superagent.post(SERVER_URL + '/api/v1/backups')
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails due to wrong token', function (done) {
-            request.post(SERVER_URL + '/api/v1/backups')
+            superagent.post(SERVER_URL + '/api/v1/backups')
                   .query({ access_token: token.toUpperCase() })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -127,10 +124,9 @@ describe('Backups API', function () {
                        .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=BACKUP_TOKEN')
                        .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });

-            request.post(SERVER_URL + '/api/v1/backups')
+            superagent.post(SERVER_URL + '/api/v1/backups')
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(202);

                function checkAppstoreServerCalled() {
@@ -20,7 +20,7 @@ var async = require('async'),

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
 var token = null; // authentication token

 function cleanup(done) {
@@ -46,7 +46,6 @@ describe('OAuth Clients API', function () {
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(result.statusCode).to.equal(201);
                        expect(scope1.isDone()).to.be.ok();
@@ -73,7 +72,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
                    done();
                });
@@ -89,7 +87,6 @@ describe('OAuth Clients API', function () {
                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
                    done();
                });
@@ -100,7 +97,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -111,7 +107,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: '', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -122,7 +117,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -133,7 +127,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: '' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -144,7 +137,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -155,7 +147,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: '', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -166,7 +157,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: 'foobar', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(400);
                    done();
                });
@@ -177,7 +167,6 @@ describe('OAuth Clients API', function () {
                       .query({ access_token: token })
                       .send({ appId: 'someApp', redirectURI: 'http://foobar.com', scope: 'profile' })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(201);
                    expect(result.body.id).to.be.a('string');
                    expect(result.body.appId).to.be.a('string');
@@ -211,7 +200,6 @@ describe('OAuth Clients API', function () {
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -230,7 +218,6 @@ describe('OAuth Clients API', function () {
                           .query({ access_token: token })
                           .send({ appId: CLIENT_0.appId, redirectURI: CLIENT_0.redirectURI, scope: CLIENT_0.scope })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result.statusCode).to.equal(201);

                        CLIENT_0 = result.body;
@@ -252,7 +239,6 @@ describe('OAuth Clients API', function () {
                superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
                    done();
                });
@@ -267,7 +253,6 @@ describe('OAuth Clients API', function () {
            it('fails without token', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
                    done();
                });
@@ -278,7 +263,6 @@ describe('OAuth Clients API', function () {
                superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id.toUpperCase())
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(404);
                    done();
                });
@@ -288,7 +272,6 @@ describe('OAuth Clients API', function () {
                superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(200);
                    expect(result.body).to.eql(CLIENT_0);
                    done();
@@ -318,7 +301,6 @@ describe('OAuth Clients API', function () {
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -337,7 +319,6 @@ describe('OAuth Clients API', function () {
                           .query({ access_token: token })
                           .send({ appId: CLIENT_0.appId, redirectURI: CLIENT_0.redirectURI, scope: CLIENT_0.scope })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result.statusCode).to.equal(201);

                        CLIENT_0 = result.body;
@@ -359,7 +340,6 @@ describe('OAuth Clients API', function () {
                superagent.del(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
                    done();
                });
@@ -374,7 +354,6 @@ describe('OAuth Clients API', function () {
            it('fails without token', function (done) {
                superagent.del(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
                    done();
                });
@@ -385,7 +364,6 @@ describe('OAuth Clients API', function () {
                superagent.del(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id.toUpperCase())
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(404);
                    done();
                });
@@ -395,13 +373,11 @@ describe('OAuth Clients API', function () {
                superagent.del(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(204);

                    superagent.get(SERVER_URL + '/api/v1/oauth/clients/' + CLIENT_0.id)
                           .query({ access_token: token })
                           .end(function (error, result) {
-                        expect(error).to.be(null);
                        expect(result.statusCode).to.equal(404);

                        done();
@@ -416,7 +392,7 @@ describe('Clients', function () {
    var USER_0 = {
        userId: uuid.v4(),
        username: 'someusername',
-        password: 'somepassword',
+        password: 'Strong#$%2345',
        email: 'some@email.com',
        admin: true,
        salt: 'somesalt',
@@ -443,7 +419,6 @@ describe('Clients', function () {
                       .query({ setupToken: 'somesetuptoken' })
                       .send({ username: USER_0.username, password: USER_0.password, email: USER_0.email })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result).to.be.ok();
                    expect(result.statusCode).to.eql(201);
                    expect(scope1.isDone()).to.be.ok();
@@ -473,7 +448,6 @@ describe('Clients', function () {
        it('fails due to missing token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -483,7 +457,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients')
            .query({ access_token: '' })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -493,7 +466,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients')
            .query({ access_token: token.toUpperCase() })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -503,7 +475,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients')
            .query({ access_token: token })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);

                expect(result.body.clients.length).to.eql(1);
@@ -521,7 +492,6 @@ describe('Clients', function () {
        it('fails due to missing token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -531,7 +501,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: '' })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -541,7 +510,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: token.toUpperCase() })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -551,7 +519,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/CID-WEBADMIN/tokens')
            .query({ access_token: token })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(404);
                done();
            });
@@ -561,7 +528,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: token })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);

                expect(result.body.tokens.length).to.eql(1);
@@ -579,7 +545,6 @@ describe('Clients', function () {
        it('fails due to missing token', function (done) {
            superagent.del(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -589,7 +554,6 @@ describe('Clients', function () {
            superagent.del(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: '' })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -599,7 +563,6 @@ describe('Clients', function () {
            superagent.del(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: token.toUpperCase() })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -609,7 +572,6 @@ describe('Clients', function () {
            superagent.del(SERVER_URL + '/api/v1/oauth/clients/CID-WEBADMIN/tokens')
            .query({ access_token: token })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(404);
                done();
            });
@@ -619,7 +581,6 @@ describe('Clients', function () {
            superagent.get(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
            .query({ access_token: token })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);

                expect(result.body.tokens.length).to.eql(1);
@@ -628,14 +589,12 @@ describe('Clients', function () {
                superagent.del(SERVER_URL + '/api/v1/oauth/clients/cid-webadmin/tokens')
                .query({ access_token: token })
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(204);

                    // further calls with this token should not work
                    superagent.get(SERVER_URL + '/api/v1/profile')
                    .query({ access_token: token })
                    .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result.statusCode).to.equal(401);
                        done();
                    });
@@ -11,13 +11,14 @@ var async = require('async'),
    database = require('../../database.js'),
    expect = require('expect.js'),
    nock = require('nock'),
-    request = require('superagent'),
+    os = require('os'),
+    superagent = require('superagent'),
    server = require('../../server.js'),
    shell = require('../../shell.js');

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
 var token = null; // authentication token

 var server;
@@ -54,23 +55,34 @@ describe('Cloudron', function () {
        after(cleanup);

        it('fails due to missing setupToken', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .send({ username: '', password: 'somepassword', email: 'admin@foo.bar' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

+        it('fails due to internal server error on appstore side', function (done) {
+            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(500, { message: 'this is wrong' });
+
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
+                   .query({ setupToken: 'somesetuptoken' })
+                   .send({ username: 'someuser', password: 'strong#A3asdf', email: 'admin@foo.bar' })
+                   .end(function (error, result) {
+                expect(result.statusCode).to.equal(500);
+                expect(scope.isDone()).to.be.ok();
+                done();
+            });
+        });
+
        it('fails due to empty username', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: '', password: 'somepassword', email: 'admin@foo.bar' })
+                   .send({ username: '', password: 'ADSFsdf$%436', email: 'admin@foo.bar' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                expect(scope.isDone()).to.be.ok();
                done();
@@ -80,11 +92,10 @@ describe('Cloudron', function () {
        it('fails due to empty password', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
                   .send({ username: 'someuser', password: '', email: 'admin@foo.bar' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                expect(scope.isDone()).to.be.ok();
                done();
@@ -94,25 +105,23 @@ describe('Cloudron', function () {
        it('fails due to empty email', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: 'someuser', password: 'somepassword', email: '' })
+                   .send({ username: 'someuser', password: 'ADSF#asd546', email: '' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                expect(scope.isDone()).to.be.ok();
                done();
            });
        });

-        it('fails due to empty name', function (done) {
+        it('fails due to wrong displayName type', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: 'someuser', password: '', email: 'admin@foo.bar', name: '' })
+                   .send({ username: 'someuser', password: 'ADSF?#asd546', email: 'admin@foo.bar', displayName: 1234 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                expect(scope.isDone()).to.be.ok();
                done();
@@ -122,11 +131,10 @@ describe('Cloudron', function () {
        it('fails due to invalid email', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: 'someuser', password: 'somepassword', email: 'invalidemail' })
+                   .send({ username: 'someuser', password: 'ADSF#asd546', email: 'invalidemail' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                expect(scope.isDone()).to.be.ok();
                done();
@@ -137,11 +145,10 @@ describe('Cloudron', function () {
            var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
            var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: 'someuser', password: 'somepassword', email: 'admin@foo.bar', name: 'tester' })
+                   .send({ username: 'someuser', password: 'ADSF#asd546', email: 'admin@foo.bar', displayName: 'tester' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(201);
                expect(scope1.isDone()).to.be.ok();
                expect(scope2.isDone()).to.be.ok();
@@ -152,11 +159,10 @@ describe('Cloudron', function () {
        it('fails the second time', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
-                   .send({ username: 'someuser', password: 'somepassword', email: 'admin@foo.bar' })
+                   .send({ username: 'someuser', password: 'ADSF#asd546', email: 'admin@foo.bar' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(409);
                expect(scope.isDone()).to.be.ok();
                done();
@@ -175,11 +181,10 @@ describe('Cloudron', function () {

                    config._reset();

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -196,19 +201,17 @@ describe('Cloudron', function () {
        after(cleanup);

        it('cannot get without token', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/config')
+            superagent.get(SERVER_URL + '/api/v1/cloudron/config')
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('succeeds without appstore', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/config')
+            superagent.get(SERVER_URL + '/api/v1/cloudron/config')
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);
                expect(result.body.apiServerOrigin).to.eql('http://localhost:6060');
                expect(result.body.webServerOrigin).to.eql(null);
@@ -220,7 +223,7 @@ describe('Cloudron', function () {
                expect(result.body.developerMode).to.be.a('boolean');
                expect(result.body.size).to.eql(null);
                expect(result.body.region).to.eql(null);
-                expect(result.body.memory).to.eql(0);
+                expect(result.body.memory).to.eql(os.totalmem());
                expect(result.body.cloudronName).to.be.a('string');

                done();
@@ -230,10 +233,9 @@ describe('Cloudron', function () {
        it('succeeds', function (done) {
            var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/localhost?token=' + config.token()).reply(200, { box: { region: 'sfo', size: '1gb' }});

-            request.get(SERVER_URL + '/api/v1/cloudron/config')
+            superagent.get(SERVER_URL + '/api/v1/cloudron/config')
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);
                expect(result.body.apiServerOrigin).to.eql('http://localhost:6060');
                expect(result.body.webServerOrigin).to.eql(null);
@@ -245,7 +247,7 @@ describe('Cloudron', function () {
                expect(result.body.developerMode).to.be.a('boolean');
                expect(result.body.size).to.eql('1gb');
                expect(result.body.region).to.eql('sfo');
-                expect(result.body.memory).to.eql(1073741824);
+                expect(result.body.memory).to.eql(os.totalmem());
                expect(result.body.cloudronName).to.be.a('string');

                expect(scope.isDone()).to.be.ok();
@@ -267,11 +269,10 @@ describe('Cloudron', function () {

                    config._reset();

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -284,11 +285,10 @@ describe('Cloudron', function () {
                },

                function setupBackupConfig(callback) {
-                    request.post(SERVER_URL + '/api/v1/settings/backup_config')
+                    superagent.post(SERVER_URL + '/api/v1/settings/backup_config')
                           .send({ provider: 'caas', token: 'BACKUP_TOKEN', bucket: 'Bucket', prefix: 'Prefix' })
                           .query({ access_token: token })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result.statusCode).to.equal(200);

                        callback();
@@ -301,65 +301,59 @@ describe('Cloudron', function () {
        after(cleanup);

        it('fails without token', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', region: 'sfo'})
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails without password', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', region: 'sfo'})
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with missing size', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ region: 'sfo', password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with wrong size type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 4, region: 'sfo', password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with missing region', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with wrong region type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', region: 4, password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -383,11 +377,10 @@ describe('Cloudron', function () {

            injectShellMock();

-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', region: 'sfo', password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(202);

                function checkAppstoreServerCalled() {
@@ -420,11 +413,10 @@ describe('Cloudron', function () {

            injectShellMock();

-            request.post(SERVER_URL + '/api/v1/cloudron/migrate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/migrate')
                   .send({ size: 'small', region: 'sfo', password: PASSWORD })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(202);

                function checkAppstoreServerCalled() {
@@ -452,11 +444,10 @@ describe('Cloudron', function () {

                    config._reset();

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -473,125 +464,112 @@ describe('Cloudron', function () {
        after(cleanup);

        it('fails without token', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails without type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with empty type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: '', subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with unknown type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'foobar', subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('succeeds with ticket type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(201);
                done();
            });
        });

        it('succeeds with app type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'app', subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(201);
                done();
            });
        });

        it('fails without description', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', subject: 'some subject' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with empty subject', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', subject: '', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with empty description', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', subject: 'some subject', description: '' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('succeeds with feedback type', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'feedback', subject: 'some subject', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(201);
                done();
            });
        });

        it('fails without subject', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/feedback')
                   .send({ type: 'ticket', description: 'some description' })
                   .query({ access_token: token })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });
    });
 });
-
-
@@ -11,13 +11,13 @@ var async = require('async'),
    database = require('../../database.js'),
    expect = require('expect.js'),
    nock = require('nock'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    server = require('../../server.js'),
    settings = require('../../settings.js');

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
 var token = null; // authentication token

 var server;
@@ -43,11 +43,10 @@ describe('Developer API', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -67,9 +66,8 @@ describe('Developer API', function () {
            settings.setDeveloperMode(true, function (error) {
                expect(error).to.be(null);

-                request.get(SERVER_URL + '/api/v1/developer')
+                superagent.get(SERVER_URL + '/api/v1/developer')
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
                    done();
                });
@@ -80,10 +78,9 @@ describe('Developer API', function () {
            settings.setDeveloperMode(true, function (error) {
                expect(error).to.be(null);

-                request.get(SERVER_URL + '/api/v1/developer')
+                superagent.get(SERVER_URL + '/api/v1/developer')
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(200);
                    done();
                });
@@ -94,10 +91,9 @@ describe('Developer API', function () {
            settings.setDeveloperMode(false, function (error) {
                expect(error).to.be(null);

-                request.get(SERVER_URL + '/api/v1/developer')
+                superagent.get(SERVER_URL + '/api/v1/developer')
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
                    done();
                });
@@ -114,11 +110,10 @@ describe('Developer API', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -135,82 +130,74 @@ describe('Developer API', function () {
        after(cleanup);

        it('fails without token', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .send({ enabled: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails due to missing password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ enabled: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails due to empty password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: '', enabled: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(403);
                done();
            });
        });

        it('fails due to wrong password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: PASSWORD.toUpperCase(), enabled: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(403);
                done();
            });
        });

        it('fails due to missing enabled property', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails due to wrong enabled property type', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: PASSWORD, enabled: 'true' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('succeeds enabling', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: PASSWORD, enabled: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);

-                request.get(SERVER_URL + '/api/v1/developer')
+                superagent.get(SERVER_URL + '/api/v1/developer')
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(200);
                    done();
                });
@@ -218,17 +205,15 @@ describe('Developer API', function () {
        });

        it('succeeds disabling', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer')
+            superagent.post(SERVER_URL + '/api/v1/developer')
                   .query({ access_token: token })
                   .send({ password: PASSWORD, enabled: false })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);

-                request.get(SERVER_URL + '/api/v1/developer')
+                superagent.get(SERVER_URL + '/api/v1/developer')
                       .query({ access_token: token })
                       .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(412);
                    done();
                });
@@ -247,11 +232,10 @@ describe('Developer API', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                           .query({ setupToken: 'somesetuptoken' })
                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                           .end(function (error, result) {
-                        expect(error).to.not.be.ok();
                        expect(result).to.be.ok();
                        expect(scope1.isDone()).to.be.ok();
                        expect(scope2.isDone()).to.be.ok();
@@ -268,79 +252,71 @@ describe('Developer API', function () {
        after(cleanup);

        it('fails without body', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails without username', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails without password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails with empty username', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: '', password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails with empty password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME, password: '' })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails with unknown username', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME.toUpperCase(), password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails with wrong password', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME, password: PASSWORD.toUpperCase() })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('with username succeeds', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: USERNAME, password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);
                expect(result.body.expiresAt).to.be.a('number');
                expect(result.body.token).to.be.a('string');
@@ -349,10 +325,9 @@ describe('Developer API', function () {
        });

        it('with email succeeds', function (done) {
-            request.post(SERVER_URL + '/api/v1/developer/login')
+            superagent.post(SERVER_URL + '/api/v1/developer/login')
                   .send({ username: EMAIL, password: PASSWORD })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);
                expect(result.body.expiresAt).to.be.a('number');
                expect(result.body.token).to.be.a('string');
@@ -139,13 +139,14 @@ describe('OAuth2', function () {
        var USER_0 = {
            id: uuid.v4(),
            username: 'someusername',
-            password: 'somepassword',
+            password: '@#45Strongpassword',
            email: 'some@email.com',
            admin: true,
            salt: 'somesalt',
            createdAt: (new Date()).toUTCString(),
            modifiedAt: (new Date()).toUTCString(),
-            resetToken: hat(256)
+            resetToken: hat(256),
+            displayName: ''
        };

        var APP_0 = {
@@ -291,7 +292,7 @@ describe('OAuth2', function () {
                appdb.add.bind(null, APP_1.id, APP_1.appStoreId, APP_1.manifest, APP_1.location, APP_1.portBindings, APP_1.accessRestriction, APP_1.oauthProxy),
                appdb.add.bind(null, APP_2.id, APP_2.appStoreId, APP_2.manifest, APP_2.location, APP_2.portBindings, APP_2.accessRestriction, APP_2.oauthProxy),
                function (callback) {
-                    user.create(USER_0.username, USER_0.password, USER_0.email, true, '', function (error, userObject) {
+                    user.create(USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, true, '', false, function (error, userObject) {
                        expect(error).to.not.be.ok();

                        // update the global objects to reflect the new user id
@@ -319,7 +320,6 @@ describe('OAuth2', function () {
            it('fails due to missing redirect_uri param', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid request. redirect_uri query param is not set.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -330,7 +330,6 @@ describe('OAuth2', function () {
            it('fails due to missing client_id param', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid request. client_id query param is not set.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -341,7 +340,6 @@ describe('OAuth2', function () {
            it('fails due to missing response_type param', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect&client_id=someclientid')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid request. response_type query param is not set.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -352,7 +350,6 @@ describe('OAuth2', function () {
            it('fails for unkown grant type', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect&client_id=someclientid&response_type=foobar')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid request. Only token and code response types are supported.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -363,7 +360,6 @@ describe('OAuth2', function () {
            it('succeeds for grant type code', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect&client_id=someclientid&response_type=code')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text).to.eql('<script>window.location.href = "/api/v1/session/login?returnTo=http://someredirect";</script>');
                    expect(result.statusCode).to.equal(200);
                    done();
@@ -373,7 +369,6 @@ describe('OAuth2', function () {
            it('succeeds for grant type token', function (done) {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect&client_id=someclientid&response_type=token')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text).to.eql('<script>window.location.href = "/api/v1/session/login?returnTo=http://someredirect";</script>');
                    expect(result.statusCode).to.equal(200);
                    done();
@@ -388,7 +383,6 @@ describe('OAuth2', function () {
            it('fails without prior authentication call and not returnTo query', function (done) {
                superagent.get(SERVER_URL + '/api/v1/session/login')
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid login request. No returnTo provided.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -401,7 +395,6 @@ describe('OAuth2', function () {
                superagent.get(SERVER_URL + '/api/v1/session/login?returnTo=http://someredirect')
                .redirects(0)
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(302);
                    expect(result.headers.location).to.eql('http://someredirect');

@@ -413,7 +406,6 @@ describe('OAuth2', function () {
                superagent.get(SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=http://someredirect&response_type=code')
                .redirects(0)
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.text.indexOf('<!-- error tester -->')).to.not.equal(-1);
                    expect(result.text.indexOf('Invalid request. client_id query param is not set.')).to.not.equal(-1);
                    expect(result.statusCode).to.equal(200);
@@ -1248,13 +1240,14 @@ describe('Password', function () {
    var USER_0 = {
        userId: uuid.v4(),
        username: 'someusername',
-        password: 'somepassword',
+        password: 'passWord%1234',
        email: 'some@email.com',
        admin: true,
        salt: 'somesalt',
        createdAt: (new Date()).toUTCString(),
        modifiedAt: (new Date()).toUTCString(),
-        resetToken: hat(256)
+        resetToken: hat(256),
+        displayName: ''
    };

    // make csrf always succeed for testing
@@ -1289,7 +1282,6 @@ describe('Password', function () {
        it('reset request succeeds', function (done) {
            superagent.get(SERVER_URL + '/api/v1/session/password/resetRequest.html')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.text.indexOf('<!-- tester -->')).to.not.equal(-1);
                expect(result.statusCode).to.equal(200);
                done();
@@ -1299,7 +1291,6 @@ describe('Password', function () {
        it('setup fails due to missing reset_token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/session/password/setup.html')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -1309,7 +1300,6 @@ describe('Password', function () {
            superagent.get(SERVER_URL + '/api/v1/session/password/setup.html')
            .query({ reset_token: hat(256) })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -1319,7 +1309,6 @@ describe('Password', function () {
            superagent.get(SERVER_URL + '/api/v1/session/password/setup.html')
            .query({ reset_token: USER_0.resetToken })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(200);
                expect(result.text.indexOf('<!-- tester -->')).to.not.equal(-1);
                done();
@@ -1329,7 +1318,6 @@ describe('Password', function () {
        it('reset fails due to missing reset_token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/session/password/reset.html')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -1339,7 +1327,6 @@ describe('Password', function () {
            superagent.get(SERVER_URL + '/api/v1/session/password/reset.html')
            .query({ reset_token: hat(256) })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -1349,7 +1336,6 @@ describe('Password', function () {
            superagent.get(SERVER_URL + '/api/v1/session/password/reset.html')
            .query({ reset_token: USER_0.resetToken })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.text.indexOf('<!-- tester -->')).to.not.equal(-1);
                expect(result.statusCode).to.equal(200);
                done();
@@ -1359,7 +1345,6 @@ describe('Password', function () {
        it('sent succeeds', function (done) {
            superagent.get(SERVER_URL + '/api/v1/session/password/sent.html')
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.text.indexOf('<!-- tester -->')).to.not.equal(-1);
                expect(result.statusCode).to.equal(200);
                done();
@@ -1375,7 +1360,6 @@ describe('Password', function () {
            superagent.post(SERVER_URL + '/api/v1/session/password/resetRequest')
            .send({ identifier: USER_0.email })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.text.indexOf('<!-- tester -->')).to.not.equal(-1);
                expect(result.statusCode).to.equal(200);
                done();
@@ -1391,7 +1375,6 @@ describe('Password', function () {
            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
            .send({ password: 'somepassword' })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -1401,7 +1384,6 @@ describe('Password', function () {
            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
            .send({ resetToken: hat(256) })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -1411,7 +1393,6 @@ describe('Password', function () {
            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
            .send({ password: '', resetToken: hat(256) })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -1421,7 +1402,6 @@ describe('Password', function () {
            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
            .send({ password: '', resetToken: '' })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -1437,9 +1417,8 @@ describe('Password', function () {
                .get('/?accessToken=token&expiresAt=1234').reply(200, {});

            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
-            .send({ password: 'somepassword', resetToken: USER_0.resetToken })
+            .send({ password: 'ASF23$%somepassword', resetToken: USER_0.resetToken })
            .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(scope.isDone()).to.be.ok();
                expect(result.statusCode).to.equal(200);
                done();
@@ -13,7 +13,7 @@ var appdb = require('../../appdb.js'),
    expect = require('expect.js'),
    path = require('path'),
    paths = require('../../paths.js'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    server = require('../../server.js'),
    settings = require('../../settings.js'),
    fs = require('fs'),
@@ -22,7 +22,7 @@ var appdb = require('../../appdb.js'),

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
 var token = null;

 var server;
@@ -38,11 +38,10 @@ function setup(done) {
            var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
            var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-            request.post(SERVER_URL + '/api/v1/cloudron/activate')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                   .query({ setupToken: 'somesetuptoken' })
                   .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result).to.be.ok();
                expect(result.statusCode).to.eql(201);
                expect(scope1.isDone()).to.be.ok();
@@ -78,17 +77,17 @@ describe('Settings API', function () {

    describe('autoupdate_pattern', function () {
        it('can get auto update pattern (default)', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
+            superagent.get(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body.pattern).to.be.ok();
-                done(err);
+                done();
            });
        });

        it('cannot set autoupdate_pattern without pattern', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
+            superagent.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(400);
@@ -102,7 +101,7 @@ describe('Settings API', function () {
                eventPattern = pattern;
            });

-            request.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
+            superagent.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
                   .query({ access_token: token })
                   .send({ pattern: '00 30 11 * * 1-5' })
                   .end(function (err, res) {
@@ -118,7 +117,7 @@ describe('Settings API', function () {
                eventPattern = pattern;
            });

-            request.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
+            superagent.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
                   .query({ access_token: token })
                   .send({ pattern: 'never' })
                   .end(function (err, res) {
@@ -129,7 +128,7 @@ describe('Settings API', function () {
        });

        it('cannot set invalid autoupdate_pattern', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
+            superagent.post(SERVER_URL + '/api/v1/settings/autoupdate_pattern')
                   .query({ access_token: token })
                   .send({ pattern: '1 3 x 5 6' })
                   .end(function (err, res) {
@@ -143,17 +142,17 @@ describe('Settings API', function () {
        var name = 'foobar';

        it('get default succeeds', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/cloudron_name')
+            superagent.get(SERVER_URL + '/api/v1/settings/cloudron_name')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body.name).to.be.ok();
-                done(err);
+                done();
            });
        });

        it('cannot set without name', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/cloudron_name')
+            superagent.post(SERVER_URL + '/api/v1/settings/cloudron_name')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(400);
@@ -162,7 +161,7 @@ describe('Settings API', function () {
        });

        it('cannot set empty name', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/cloudron_name')
+            superagent.post(SERVER_URL + '/api/v1/settings/cloudron_name')
                   .query({ access_token: token })
                   .send({ name: '' })
                   .end(function (err, res) {
@@ -172,7 +171,7 @@ describe('Settings API', function () {
        });

        it('set succeeds', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/cloudron_name')
+            superagent.post(SERVER_URL + '/api/v1/settings/cloudron_name')
                   .query({ access_token: token })
                   .send({ name: name })
                   .end(function (err, res) {
@@ -182,29 +181,29 @@ describe('Settings API', function () {
        });

        it('get succeeds', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/cloudron_name')
+            superagent.get(SERVER_URL + '/api/v1/settings/cloudron_name')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body.name).to.eql(name);
-                done(err);
+                done();
            });
        });
    });

    describe('cloudron_avatar', function () {
        it('get default succeeds', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/cloudron_avatar')
+            superagent.get(SERVER_URL + '/api/v1/settings/cloudron_avatar')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body).to.be.a(Buffer);
-                done(err);
+                done();
            });
        });

        it('cannot set without data', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/cloudron_avatar')
+            superagent.post(SERVER_URL + '/api/v1/settings/cloudron_avatar')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(400);
@@ -213,7 +212,7 @@ describe('Settings API', function () {
        });

        it('set succeeds', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/cloudron_avatar')
+            superagent.post(SERVER_URL + '/api/v1/settings/cloudron_avatar')
                   .query({ access_token: token })
                   .attach('avatar', paths.CLOUDRON_DEFAULT_AVATAR_FILE)
                   .end(function (err, res) {
@@ -223,7 +222,7 @@ describe('Settings API', function () {
        });

        it('get succeeds', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/cloudron_avatar')
+            superagent.get(SERVER_URL + '/api/v1/settings/cloudron_avatar')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
@@ -235,17 +234,17 @@ describe('Settings API', function () {

    describe('dns_config', function () {
        it('get dns_config fails', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/dns_config')
+            superagent.get(SERVER_URL + '/api/v1/settings/dns_config')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body).to.eql({});
-                done(err);
+                done();
            });
        });

        it('cannot set without data', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/dns_config')
+            superagent.post(SERVER_URL + '/api/v1/settings/dns_config')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(400);
@@ -254,7 +253,7 @@ describe('Settings API', function () {
        });

        it('set succeeds', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/dns_config')
+            superagent.post(SERVER_URL + '/api/v1/settings/dns_config')
                   .query({ access_token: token })
                   .send({ provider: 'route53', accessKeyId: 'accessKey', secretAccessKey: 'secretAccessKey' })
                   .end(function (err, res) {
@@ -264,12 +263,12 @@ describe('Settings API', function () {
        });

        it('get succeeds', function (done) {
-            request.get(SERVER_URL + '/api/v1/settings/dns_config')
+            superagent.get(SERVER_URL + '/api/v1/settings/dns_config')
                   .query({ access_token: token })
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(200);
                expect(res.body).to.eql({ provider: 'route53', accessKeyId: 'accessKey', secretAccessKey: 'secretAccessKey', region: 'us-east-1', endpoint: null });
-                done(err);
+                done();
            });
        });
    });
@@ -284,75 +283,68 @@ describe('Settings API', function () {
        var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBALQUp/TtlYxwAEWVnD4bNcr0SJmuUnWWme7rhGE333PsxdGvxwWd\nlWBjeOBq27JHmzdZ3NS/J7Z4nSs2JyXYRkkCAwEAAQJALV2eykcoC48TonQEPmkg\nbhaIS57syw67jMLsQImQ02UABKzqHPEKLXPOZhZPS9hsC/hGIehwiYCXMUlrl+WF\nAQIhAOntBI6qaecNjAAVG7UbZclMuHROUONmZUF1KNq6VyV5AiEAxRLkfHWy52CM\njOQrX347edZ30f4QczvugXwsyuU9A1ECIGlGZ8Sk4OBA8n6fAUcyO06qnmCJVlHg\npTUeOvKk5c9RAiBs28+8dCNbrbhVhx/yQr9FwNM0+ttJW/yWJ+pyNQhr0QIgJTT6\nxwCWYOtbioyt7B9l+ENy3AMSO3Uq+xmIKkvItK4=\n-----END RSA PRIVATE KEY-----';

        it('cannot set certificate without token', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('cannot set certificate without certificate', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ key: validKey1 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('cannot set certificate without key', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ cert: validCert1 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('cannot set certificate with cert not being a string', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ cert: 1234, key: validKey1 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('cannot set certificate with key not being a string', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ cert: validCert1, key: true })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('cannot set non wildcard certificate', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ cert: validCert0, key: validKey0 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('can set certificate', function (done) {
-            request.post(SERVER_URL + '/api/v1/settings/certificate')
+            superagent.post(SERVER_URL + '/api/v1/settings/certificate')
                   .query({ access_token: token })
                   .send({ cert: validCert1, key: validKey1 })
                   .end(function (error, result) {
-                expect(error).to.not.be.ok();
                expect(result.statusCode).to.equal(202);
                done();
            });
@@ -12,7 +12,7 @@ var clientdb = require('../../clientdb.js'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    server = require('../../server.js'),
    simpleauth = require('../../simpleauth.js'),
    nock = require('nock');
@@ -21,7 +21,7 @@ describe('SimpleAuth API', function () {
    var SERVER_URL = 'http://localhost:' + config.get('port');
    var SIMPLE_AUTH_ORIGIN = 'http://localhost:' + config.get('simpleAuthPort');

-    var USERNAME = 'admin', PASSWORD = 'password', EMAIL ='silly@me.com';
+    var USERNAME = 'admin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';

    var APP_0 = {
        id: 'app0',
@@ -109,7 +109,7 @@ describe('SimpleAuth API', function () {
                var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                       .query({ setupToken: 'somesetuptoken' })
                       .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                       .end(function (error, result) {
@@ -146,10 +146,9 @@ describe('SimpleAuth API', function () {
        it('cannot login without clientId', function (done) {
            var body = {};

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -160,10 +159,9 @@ describe('SimpleAuth API', function () {
                clientId: 'someclientid'
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -175,10 +173,9 @@ describe('SimpleAuth API', function () {
                username: USERNAME
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(400);
                done();
            });
@@ -191,10 +188,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -207,10 +203,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -223,10 +218,9 @@ describe('SimpleAuth API', function () {
                password: ''
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -239,10 +233,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD+PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -255,10 +248,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -271,10 +263,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -287,7 +278,7 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
                expect(error).to.be(null);
@@ -299,7 +290,7 @@ describe('SimpleAuth API', function () {
                expect(result.body.user.email).to.be.a('string');
                expect(result.body.user.admin).to.be.a('boolean');

-                request.get(SERVER_URL + '/api/v1/profile')
+                superagent.get(SERVER_URL + '/api/v1/profile')
                .query({ access_token: result.body.accessToken })
                .end(function (error, result) {
                    expect(error).to.be(null);
@@ -318,7 +309,7 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
                expect(error).to.be(null);
@@ -330,7 +321,7 @@ describe('SimpleAuth API', function () {
                expect(result.body.user.email).to.be.a('string');
                expect(result.body.user.admin).to.be.a('boolean');

-                request.get(SERVER_URL + '/api/v1/profile')
+                superagent.get(SERVER_URL + '/api/v1/profile')
                .query({ access_token: result.body.accessToken })
                .end(function (error, result) {
                    expect(error).to.be(null);
@@ -349,10 +340,9 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
@@ -369,7 +359,7 @@ describe('SimpleAuth API', function () {
                password: PASSWORD
            };

-            request.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
+            superagent.post(SIMPLE_AUTH_ORIGIN + '/api/v1/login')
            .send(body)
            .end(function (error, result) {
                expect(error).to.be(null);
@@ -382,35 +372,32 @@ describe('SimpleAuth API', function () {
        });

        it('fails without access_token', function (done) {
-            request.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
+            superagent.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(400);
                done();
            });
        });

        it('fails with unkonwn access_token', function (done) {
-            request.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
+            superagent.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
            .query({ access_token: accessToken+accessToken })
            .end(function (error, result) {
-                expect(error).to.be(null);
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('succeeds', function (done) {
-            request.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
+            superagent.get(SIMPLE_AUTH_ORIGIN + '/api/v1/logout')
            .query({ access_token: accessToken })
            .end(function (error, result) {
                expect(error).to.be(null);
                expect(result.statusCode).to.equal(200);

-                request.get(SERVER_URL + '/api/v1/profile')
+                superagent.get(SERVER_URL + '/api/v1/profile')
                .query({ access_token: accessToken })
                .end(function (error, result) {
-                    expect(error).to.be(null);
                    expect(result.statusCode).to.equal(401);

                    done();
@@ -10,14 +10,15 @@ var config = require('../../config.js'),
    database = require('../../database.js'),
    tokendb = require('../../tokendb.js'),
    expect = require('expect.js'),
-    request = require('superagent'),
+    mailer = require('../../mailer.js'),
+    superagent = require('superagent'),
    nock = require('nock'),
    server = require('../../server.js'),
    userdb = require('../../userdb.js');

 var SERVER_URL = 'http://localhost:' + config.get('port');

-var USERNAME_0 = 'admin', PASSWORD = 'password', EMAIL = 'silly@me.com', EMAIL_0_NEW = 'stupid@me.com';
+var USERNAME_0 = 'admin', PASSWORD = 'Foobar?1337', EMAIL = 'silly@me.com', EMAIL_0_NEW = 'stupid@me.com', DISPLAY_NAME_0_NEW = 'New Name';
 var USERNAME_1 = 'userTheFirst', EMAIL_1 = 'tao@zen.mac';
 var USERNAME_2 = 'userTheSecond', EMAIL_2 = 'user@foo.bar';
 var USERNAME_3 = 'userTheThird', EMAIL_3 = 'user3@foo.bar';
@@ -26,6 +27,9 @@ var server;
 function setup(done) {
    server.start(function (error) {
        expect(!error).to.be.ok();
+
+        mailer._clearMailQueue();
+
        userdb._clear(done);
    });
 }
@@ -34,10 +38,21 @@ function cleanup(done) {
    database._clear(function (error) {
        expect(!error).to.be.ok();

+        mailer._clearMailQueue();
+
        server.stop(done);
    });
 }

+function checkMails(number, done) {
+    // mails are enqueued async
+    setTimeout(function () {
+        expect(mailer._getMailQueue().length).to.equal(number);
+        mailer._clearMailQueue();
+        done();
+    }, 500);
+}
+
 describe('User API', function () {
    this.timeout(5000);

@@ -50,7 +65,7 @@ describe('User API', function () {
    after(cleanup);

    it('device is in first time mode', function (done) {
-        request.get(SERVER_URL + '/api/v1/cloudron/status')
+        superagent.get(SERVER_URL + '/api/v1/cloudron/status')
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.activated).to.not.be.ok();
@@ -61,21 +76,21 @@ describe('User API', function () {
    it('create admin fails due to missing parameters', function (done) {
        var scope = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});

-        request.post(SERVER_URL + '/api/v1/cloudron/activate')
+        superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
               .query({ setupToken: 'somesetuptoken' })
               .send({ username: USERNAME_0 })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
            expect(scope.isDone()).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('create admin fails because only POST is allowed', function (done) {
-        request.get(SERVER_URL + '/api/v1/cloudron/activate')
+        superagent.get(SERVER_URL + '/api/v1/cloudron/activate')
               .end(function (err, res) {
            expect(res.statusCode).to.equal(404);
-            done(err);
+            done();
        });
    });

@@ -83,7 +98,7 @@ describe('User API', function () {
        var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
        var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-        request.post(SERVER_URL + '/api/v1/cloudron/activate')
+        superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
               .query({ setupToken: 'somesetuptoken' })
               .send({ username: USERNAME_0, password: PASSWORD, email: EMAIL })
               .end(function (err, res) {
@@ -99,16 +114,16 @@ describe('User API', function () {
    });

    it('device left first time mode', function (done) {
-        request.get(SERVER_URL + '/api/v1/cloudron/status')
+        superagent.get(SERVER_URL + '/api/v1/cloudron/status')
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.activated).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('can get userInfo with token', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
        .query({ access_token: token })
        .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
@@ -119,7 +134,7 @@ describe('User API', function () {
            // stash for further use
            user_0 = res.body;

-            done(err);
+            done();
        });
    });

@@ -131,10 +146,9 @@ describe('User API', function () {
            expect(error).to.not.be.ok();

            setTimeout(function () {
-                request.get(SERVER_URL + '/api/v1/users/' + user_0.username)
+                superagent.get(SERVER_URL + '/api/v1/users/' + user_0.username)
                .query({ access_token: token })
                .end(function (error, result) {
-                    expect(error).to.not.be.ok();
                    expect(result.statusCode).to.equal(401);
                    done();
                });
@@ -143,188 +157,229 @@ describe('User API', function () {
    });

    it('can get userInfo with token', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.username).to.equal(USERNAME_0);
            expect(res.body.email).to.equal(EMAIL);
            expect(res.body.admin).to.be.ok();
-            done(err);
+            done();
        });
    });

    it('cannot get userInfo only with basic auth', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .auth(USERNAME_0, PASSWORD)
               .end(function (err, res) {
            expect(res.statusCode).to.equal(401);
-            done(err);
+            done();
        });
    });

    it('cannot get userInfo with invalid token (token length)', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: 'x' + token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(401);
-            done(err);
+            done();
        });
    });

    it('cannot get userInfo with invalid token (wrong token)', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token.toUpperCase() })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(401);
-            done(err);
+            done();
        });
    });

    it('can get userInfo with token in auth header', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .set('Authorization', 'Bearer ' + token)
               .end(function (err, res) {
            expect(res.statusCode).to.equal(200);
            expect(res.body.username).to.equal(USERNAME_0);
            expect(res.body.email).to.equal(EMAIL);
            expect(res.body.admin).to.be.ok();
+            expect(res.body.displayName).to.be.a('string');
            expect(res.body.password).to.not.be.ok();
            expect(res.body.salt).to.not.be.ok();
-            done(err);
+            done();
        });
    });

    it('cannot get userInfo with invalid token in auth header', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .set('Authorization', 'Bearer ' + 'x' + token)
               .end(function (err, res) {
            expect(res.statusCode).to.equal(401);
-            done(err);
+            done();
        });
    });

    it('cannot get userInfo with invalid token (wrong token)', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .set('Authorization', 'Bearer ' + 'x' + token.toUpperCase())
               .end(function (err, res) {
            expect(res.statusCode).to.equal(401);
-            done(err);
+            done();
        });
    });

    it('create second user succeeds', function (done) {
-        request.post(SERVER_URL + '/api/v1/users')
+        mailer._clearMailQueue();
+
+        superagent.post(SERVER_URL + '/api/v1/users')
               .query({ access_token: token })
-               .send({ username: USERNAME_1, email: EMAIL_1 })
+               .send({ username: USERNAME_1, email: EMAIL_1, invite: true })
               .end(function (err, res) {
            expect(err).to.not.be.ok();
            expect(res.statusCode).to.equal(201);

-            // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-            tokendb.add(token_1, tokendb.PREFIX_USER + USERNAME_1, 'test-client-id',  Date.now() + 10000, '*', done);
+            checkMails(2, function () {
+              // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
+              tokendb.add(token_1, tokendb.PREFIX_USER + USERNAME_1, 'test-client-id',  Date.now() + 10000, '*', done);
+            });
+        });
+    });
+
+    it('reinvite unknown user fails', function (done) {
+        mailer._clearMailQueue();
+
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_1+USERNAME_1 + '/invite')
+               .query({ access_token: token })
+               .send({})
+               .end(function (err, res) {
+            expect(err).to.be.an(Error);
+            expect(res.statusCode).to.equal(404);
+            checkMails(0, done);
+        });
+    });
+
+    it('reinvite second user succeeds', function (done) {
+        mailer._clearMailQueue();
+
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_1 + '/invite')
+               .query({ access_token: token })
+               .send({})
+               .end(function (err, res) {
+            expect(err).to.not.be.ok();
+            expect(res.statusCode).to.equal(200);
+            checkMails(1, done);
        });
    });

    it('set second user as admin succeeds', function (done) {
        // TODO is USERNAME_1 in body and url redundant?
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_1 + '/admin')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_1 + '/admin')
               .query({ access_token: token })
               .send({ username: USERNAME_1, admin: true })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(204);
-            done(err);
+            done();
        });
    });

    it('remove first user from admins succeeds', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/admin')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/admin')
               .query({ access_token: token_1 })
               .send({ username: USERNAME_0, admin: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(204);
-            done(err);
+            done();
        });
    });

    it('remove second user by first, now normal, user fails', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_1)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_1)
               .query({ access_token: token })
               .send({ password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('remove second user from admins and thus last admin fails', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_1 + '/admin')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_1 + '/admin')
               .query({ access_token: token_1 })
               .send({ username: USERNAME_1, admin: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('reset first user as admin succeeds', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/admin')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/admin')
               .query({ access_token: token_1 })
               .send({ username: USERNAME_0, admin: true })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(204);
-            done(err);
+            done();
        });
    });

    it('create user missing username fails', function (done) {
-        request.post(SERVER_URL + '/api/v1/users')
+        superagent.post(SERVER_URL + '/api/v1/users')
               .query({ access_token: token })
               .send({ email: EMAIL_2 })
               .end(function (error, result) {
-            expect(error).to.not.be.ok();
            expect(result.statusCode).to.equal(400);
            done();
        });
    });

    it('create user missing email fails', function (done) {
-        request.post(SERVER_URL + '/api/v1/users')
+        superagent.post(SERVER_URL + '/api/v1/users')
               .query({ access_token: token })
               .send({ username: USERNAME_2 })
               .end(function (error, result) {
-            expect(error).to.not.be.ok();
+            expect(result.statusCode).to.equal(400);
+            done();
+        });
+    });
+
+    it('create user missing invite fails', function (done) {
+        superagent.post(SERVER_URL + '/api/v1/users')
+               .query({ access_token: token })
+               .send({ username: USERNAME_2, email: EMAIL_2 })
+               .end(function (error, result) {
            expect(result.statusCode).to.equal(400);
            done();
        });
    });

    it('create second and third user', function (done) {
-        request.post(SERVER_URL + '/api/v1/users')
+        mailer._clearMailQueue();
+
+        superagent.post(SERVER_URL + '/api/v1/users')
               .query({ access_token: token })
-               .send({ username: USERNAME_2, email: EMAIL_2 })
+               .send({ username: USERNAME_2, email: EMAIL_2, invite: false })
               .end(function (error, res) {
-            expect(error).to.not.be.ok();
            expect(res.statusCode).to.equal(201);

-            request.post(SERVER_URL + '/api/v1/users')
+            superagent.post(SERVER_URL + '/api/v1/users')
                   .query({ access_token: token })
-                   .send({ username: USERNAME_3, email: EMAIL_3 })
+                   .send({ username: USERNAME_3, email: EMAIL_3, invite: true })
                   .end(function (error, res) {
-                expect(error).to.not.be.ok();
                expect(res.statusCode).to.equal(201);

-                // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                tokendb.add(token_2, tokendb.PREFIX_USER + USERNAME_2, 'test-client-id',  Date.now() + 10000, '*', done);
+                // one mail for first user creation, two mails for second user creation (see 'invite' flag)
+                checkMails(3, function () {
+                    // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
+                    tokendb.add(token_2, tokendb.PREFIX_USER + USERNAME_2, 'test-client-id',  Date.now() + 10000, '*', done);
+                });
            });
        });
    });

    it('second user userInfo', function (done) {
-        request.get(SERVER_URL + '/api/v1/users/' + USERNAME_2)
+        superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_2)
               .query({ access_token: token_1 })
               .end(function (error, result) {
-            expect(error).to.be(null);
            expect(result.statusCode).to.equal(200);
            expect(result.body.username).to.equal(USERNAME_2);
            expect(result.body.email).to.equal(EMAIL_2);
@@ -335,17 +390,17 @@ describe('User API', function () {
    });

    it('create user with same username should fail', function (done) {
-        request.post(SERVER_URL + '/api/v1/users')
+        superagent.post(SERVER_URL + '/api/v1/users')
               .query({ access_token: token })
-               .send({ username: USERNAME_2, email: EMAIL })
+               .send({ username: USERNAME_2, email: EMAIL, invite: false })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(409);
-            done(err);
+            done();
        });
    });

    it('list users', function (done) {
-        request.get(SERVER_URL + '/api/v1/users')
+        superagent.get(SERVER_URL + '/api/v1/users')
        .query({ access_token: token_2 })
        .end(function (error, res) {
            expect(error).to.be(null);
@@ -367,162 +422,204 @@ describe('User API', function () {
    });

    it('user removes himself is not allowed', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('admin cannot remove normal user without giving a password', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
               .query({ access_token: token })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('admin cannot remove normal user with empty password', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
               .query({ access_token: token })
               .send({ password: '' })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('admin cannot remove normal user with giving wrong password', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
               .query({ access_token: token })
               .send({ password: PASSWORD + PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('admin removes normal user', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_3)
               .query({ access_token: token })
               .send({ password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(204);
-            done(err);
+            done();
        });
    });

    it('admin removes himself should not be allowed', function (done) {
-        request.del(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.del(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    // Change email
    it('change email fails due to missing token', function (done) {
-        request.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .send({ password: PASSWORD, email: EMAIL_0_NEW })
               .end(function (error, result) {
            expect(result.statusCode).to.equal(401);
-            done(error);
+            done();
        });
    });

    it('change email fails due to missing password', function (done) {
-        request.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ email: EMAIL_0_NEW })
               .end(function (error, result) {
            expect(result.statusCode).to.equal(400);
-            done(error);
+            done();
        });
    });

    it('change email fails due to wrong password', function (done) {
-        request.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ password: PASSWORD+PASSWORD, email: EMAIL_0_NEW })
               .end(function (error, result) {
            expect(result.statusCode).to.equal(403);
-            done(error);
+            done();
        });
    });

    it('change email fails due to invalid email', function (done) {
-        request.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ password: PASSWORD, email: 'foo@bar' })
               .end(function (error, result) {
            expect(result.statusCode).to.equal(400);
-            done(error);
+            done();
+        });
+    });
+
+    it('change user succeeds without email nor displayName', function (done) {
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+               .query({ access_token: token })
+               .send({ password: PASSWORD })
+               .end(function (error, result) {
+            expect(result.statusCode).to.equal(204);
+            done();
        });
    });

    it('change email succeeds', function (done) {
-        request.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
               .query({ access_token: token })
               .send({ password: PASSWORD, email: EMAIL_0_NEW })
               .end(function (error, result) {
            expect(result.statusCode).to.equal(204);
-            done(error);
+
+            superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+                  .query({ access_token: token })
+                  .end(function (err, res) {
+                expect(res.statusCode).to.equal(200);
+                expect(res.body.username).to.equal(USERNAME_0);
+                expect(res.body.email).to.equal(EMAIL_0_NEW);
+                expect(res.body.admin).to.be.ok();
+                expect(res.body.displayName).to.equal('');
+
+                done();
+            });
+        });
+    });
+
+    it('change displayName succeeds', function (done) {
+        superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+               .query({ access_token: token })
+               .send({ password: PASSWORD, displayName: DISPLAY_NAME_0_NEW })
+               .end(function (error, result) {
+            expect(result.statusCode).to.equal(204);
+
+            superagent.get(SERVER_URL + '/api/v1/users/' + USERNAME_0)
+                  .query({ access_token: token })
+                  .end(function (err, res) {
+                expect(res.statusCode).to.equal(200);
+                expect(res.body.username).to.equal(USERNAME_0);
+                expect(res.body.email).to.equal(EMAIL_0_NEW);
+                expect(res.body.admin).to.be.ok();
+                expect(res.body.displayName).to.equal(DISPLAY_NAME_0_NEW);
+
+                done();
+            });
        });
    });

    // Change password
    it('change password fails due to missing current password', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
               .query({ access_token: token })
               .send({ newPassword: 'some wrong password' })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('change password fails due to missing new password', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
               .query({ access_token: token })
               .send({ password: PASSWORD })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('change password fails due to wrong password', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
               .query({ access_token: token })
-               .send({ password: 'some wrong password', newPassword: 'newpassword' })
+               .send({ password: 'some wrong password', newPassword: 'MOre#$%34' })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(403);
-            done(err);
+            done();
        });
    });

    it('change password fails due to invalid password', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
               .query({ access_token: token })
               .send({ password: PASSWORD, newPassword: 'five' })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            done(err);
+            done();
        });
    });

    it('change password succeeds', function (done) {
-        request.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
+        superagent.post(SERVER_URL + '/api/v1/users/' + USERNAME_0 + '/password')
               .query({ access_token: token })
-               .send({ password: PASSWORD, newPassword: 'new_password' })
+               .send({ password: PASSWORD, newPassword: 'MOre#$%34' })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(204);
-            done(err);
+            done();
        });
    });
 });
@@ -12,27 +12,18 @@ exports = module.exports = {
    changeAdmin: changeAdmin,
    remove: removeUser,
    verifyPassword: verifyPassword,
-    requireAdmin: requireAdmin
+    requireAdmin: requireAdmin,
+    sendInvite: sendInvite
 };

 var assert = require('assert'),
+    generatePassword = require('../password.js').generate,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    user = require('../user.js'),
    tokendb = require('../tokendb.js'),
    UserError = user.UserError;

-// http://stackoverflow.com/questions/1497481/javascript-password-generator#1497512
-function generatePassword() {
-    var length = 8,
-        charset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
-        retVal = '';
-    for (var i = 0, n = charset.length; i < length; ++i) {
-        retVal += charset.charAt(Math.floor(Math.random() * n));
-    }
-    return retVal;
-}
-
 function profile(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

@@ -44,6 +35,7 @@ function profile(req, res, next) {
        result.username = req.user.username;
        result.email = req.user.email;
        result.admin = req.user.admin;
+        result.displayName = req.user.displayName;
    }

    next(new HttpSuccess(200, result));
@@ -54,12 +46,16 @@ function createUser(req, res, next) {

    if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
+    if (typeof req.body.invite !== 'boolean') return next(new HttpError(400, 'invite must be boolean'));
+    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var username = req.body.username;
    var password = generatePassword();
    var email = req.body.email;
+    var sendInvite = req.body.invite;
+    var displayName = req.body.displayName || '';

-    user.create(username, password, email, false /* admin */, req.user /* creator */, function (error, user) {
+    user.create(username, password, email, displayName, false /* admin */, req.user /* creator */, sendInvite, function (error, user) {
        if (error && error.reason === UserError.BAD_USERNAME) return next(new HttpError(400, 'Invalid username'));
        if (error && error.reason === UserError.BAD_EMAIL) return next(new HttpError(400, 'Invalid email'));
        if (error && error.reason === UserError.BAD_PASSWORD) return next(new HttpError(400, 'Invalid password'));
@@ -80,19 +76,26 @@ function createUser(req, res, next) {
 }

 function update(req, res, next) {
+    assert.strictEqual(typeof req.params.userId, 'string');
    assert.strictEqual(typeof req.user, 'object');
    assert.strictEqual(typeof req.body, 'object');

-    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
+    if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
+    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    if (req.user.tokenType !== tokendb.TYPE_USER) return next(new HttpError(403, 'Token type not allowed'));

-    user.update(req.user.id, req.user.username, req.body.email, function (error) {
-        if (error && error.reason === UserError.BAD_EMAIL) return next(new HttpError(400, error.message));
-        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
+    user.get(req.params.userId, function (error, result) {
+        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
        if (error) return next(new HttpError(500, error));

-        next(new HttpSuccess(204));
+        user.update(req.params.userId, result.username, req.body.email || result.email, req.body.displayName || result.displayName, function (error) {
+            if (error && error.reason === UserError.BAD_EMAIL) return next(new HttpError(400, error.message));
+            if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
+            if (error) return next(new HttpError(500, error));
+
+            next(new HttpSuccess(204));
+        });
    });
 }

@@ -147,7 +150,8 @@ function info(req, res, next) {
            id: result.id,
            username: result.username,
            email: result.email,
-            admin: result.admin
+            admin: result.admin,
+            displayName: result.displayName
        }));
    });
 }
@@ -178,6 +182,9 @@ function verifyPassword(req, res, next) {

    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));

+    // Only allow admins or users, operating on themselves
+    if (req.params.userId && !(req.user.id === req.params.userId || req.user.admin)) return next(new HttpError(403, 'Not allowed'));
+
    user.verify(req.user.username, req.body.password, function (error) {
        if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(403, 'Password incorrect'));
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(403, 'Password incorrect'));
@@ -198,3 +205,13 @@ function requireAdmin(req, res, next) {
    next();
 }

+function sendInvite(req, res, next) {
+    assert.strictEqual(typeof req.params.userId, 'string');
+
+    user.sendInvite(req.params.userId, function (error) {
+        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200, {}));
+    });
+}
@@ -12,29 +12,12 @@ var appdb = require('./appdb.js'),
    CronJob = require('cron').CronJob,
    debug = require('debug')('box:src/scheduler'),
    docker = require('./docker.js'),
-    paths = require('./paths.js'),
-    safe = require('safetydance'),
    _ = require('underscore');

 var NOOP_CALLBACK = function (error) { if (error) debug('Unhandled error: ', error); };

-// appId -> { schedulerConfig (manifest), cronjobs, containerIds }
-var gState = (function loadState() {
-    var state = safe.JSON.parse(safe.fs.readFileSync(paths.SCHEDULER_FILE, 'utf8'));
-    return state || { };
-})();
-
-function saveState(state) {
-    // do not save cronJobs
-    var safeState = { };
-    for (var appId in state) {
-        safeState[appId] = {
-            schedulerConfig: state[appId].schedulerConfig,
-            containerIds: state[appId].containerIds
-        };
-    }
-    safe.fs.writeFileSync(paths.SCHEDULER_FILE, JSON.stringify(safeState, null, 4), 'utf8');
-}
+// appId -> { schedulerConfig (manifest), cronjobs }
+var gState = { };

 function sync(callback) {
    assert(!callback || typeof callback === 'function');
@@ -46,17 +29,18 @@ function sync(callback) {
    apps.getAll(function (error, allApps) {
        if (error) return callback(error);

-        // stop tasks of apps that went away
        var allAppIds = allApps.map(function (app) { return app.id; });
        var removedAppIds = _.difference(Object.keys(gState), allAppIds);
+        if (removedAppIds.length !== 0) debug('sync: stopping jobs of removed apps %j', removedAppIds);
+
        async.eachSeries(removedAppIds, function (appId, iteratorDone) {
-            stopJobs(appId, gState[appId], true /* killContainers */, iteratorDone);
+            stopJobs(appId, gState[appId], iteratorDone);
        }, function (error) {
-            if (error) debug('Error stopping jobs : %j', error);
+            if (error) debug('Error stopping jobs of removed apps', error);

            gState = _.omit(gState, removedAppIds);

-            // start tasks of new apps
+            debug('sync: checking apps %j', allAppIds);
            async.eachSeries(allApps, function (app, iteratorDone) {
                var appState = gState[app.id] || null;
                var schedulerConfig = app.manifest.addons.scheduler || null;
@@ -67,8 +51,8 @@ function sync(callback) {
                    return iteratorDone(); // nothing changed
                }

-                var killContainers = appState && !appState.cronJobs ? true : false; // keep the old containers on 'startup'
-                stopJobs(app.id, appState, killContainers, function (error) {
+                debug('sync: app %s changed', app.id);
+                stopJobs(app.id, appState, function (error) {
                    if (error) debug('Error stopping jobs for %s : %s', app.id, error.message);

                    if (!schedulerConfig) {
@@ -78,12 +62,9 @@ function sync(callback) {

                    gState[app.id] = {
                        schedulerConfig: schedulerConfig,
-                        cronJobs: createCronJobs(app.id, schedulerConfig),
-                        containerIds: { }
+                        cronJobs: createCronJobs(app.id, schedulerConfig)
                    };

-                    saveState(gState);
-
                    iteratorDone();
                });
            });
@@ -93,23 +74,22 @@ function sync(callback) {
    });
 }

-function killContainer(containerId, callback) {
-    if (!containerId) return callback();
+function killContainer(containerName, callback) {
+    if (!containerName) return callback();

    async.series([
-        docker.stopContainer.bind(null, containerId),
-        docker.deleteContainer.bind(null, containerId)
+        docker.stopContainerByName.bind(null, containerName),
+        docker.deleteContainerByName.bind(null, containerName)
    ], function (error) {
-        if (error) debug('Failed to kill task with containerId %s : %s', containerId, error.message);
+        if (error) debug('Failed to kill task with name %s : %s', containerName, error.message);

        callback(error);
    });
 }

-function stopJobs(appId, appState, killContainers, callback) {
+function stopJobs(appId, appState, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof appState, 'object');
-    assert.strictEqual(typeof killContainers, 'boolean');
    assert.strictEqual(typeof callback, 'function');

    debug('stopJobs for %s', appId);
@@ -121,9 +101,8 @@ function stopJobs(appId, appState, killContainers, callback) {
            appState.cronJobs[taskName].stop();
        }

-        if (!killContainers) return iteratorDone();
-
-        killContainer(appState.containerIds[taskName], iteratorDone);
+        var containerName = appId + '-' + taskName;
+        killContainer(containerName, iteratorDone);
    }, callback);
 }

@@ -161,8 +140,6 @@ function doTask(appId, taskName, callback) {

    callback = callback || NOOP_CALLBACK;

-    var appState = gState[appId];
-
    debug('Executing task %s/%s', appId, taskName);

    apps.get(appId, function (error, app) {
@@ -173,21 +150,17 @@ function doTask(appId, taskName, callback) {
            return callback();
        }

-        if (appState.containerIds[taskName]) debug('task %s/%s has existing container %s. killing it', appId, taskName, appState.containerIds[taskName]);
+        var containerName = app.id + '-' + taskName;

-        killContainer(appState.containerIds[taskName], function (error) {
+        killContainer(containerName, function (error) {
            if (error) return callback(error);

-            debug('Creating createSubcontainer for %s/%s : %s', app.id, taskName, gState[appId].schedulerConfig[taskName].command);
+            debug('Creating subcontainer for %s/%s : %s', app.id, taskName, gState[appId].schedulerConfig[taskName].command);

            // NOTE: if you change container name here, fix addons.js to return correct container names
-            docker.createSubcontainer(app, app.id + '-' + taskName, [ '/bin/sh', '-c', gState[appId].schedulerConfig[taskName].command ], { } /* options */, function (error, container) {
+            docker.createSubcontainer(app, containerName, [ '/bin/sh', '-c', gState[appId].schedulerConfig[taskName].command ], { } /* options */, function (error, container) {
                if (error) return callback(error);

-                appState.containerIds[taskName] = container.id;
-
-                saveState(gState);
-
                docker.startContainer(container.id, callback);
            });
        });
@@ -42,7 +42,7 @@ for try in `seq 1 5`; do

    if tar -cvzf - -C "${app_data_snapshot}" . \
           | openssl aes-256-cbc -e -pass "pass:${backup_key}" \
-           | curl --fail -X PUT "${headers[@]}" --data-binary @- "${backup_url}" 2>"${error_log}"; then
+           | curl --fail -X PUT ${headers[@]} --data-binary @- "${backup_url}" 2>"${error_log}"; then
        break
    fi
    cat "${error_log}" && rm "${error_log}"
@@ -21,7 +21,7 @@ readonly program_name=$1

 echo "${program_name}.log"
 echo "-------------------"
-journalctl --no-pager -u ${program_name} -n 100
+journalctl --all --no-pager -u ${program_name} -n 100
 echo
 echo
 echo "dmesg"
@@ -31,7 +31,7 @@ echo
 echo
 echo "docker"
 echo "------"
-journalctl --no-pager -u docker -n 50
+journalctl --all --no-pager -u docker -n 50
 echo
 echo

@@ -10,6 +10,7 @@ exports = module.exports = {
 var assert = require('assert'),
    async = require('async'),
    auth = require('./auth.js'),
+    certificates = require('./certificates.js'),
    cloudron = require('./cloudron.js'),
    cron = require('./cron.js'),
    config = require('./config.js'),
@@ -33,7 +34,7 @@ function initializeExpressSync() {
    var QUERY_LIMIT = '10mb', // max size for json and urlencoded queries
        FIELD_LIMIT = 2 * 1024 * 1024; // max fields that can appear in multipart

-    var REQUEST_TIMEOUT = 10000; // timeout for all requests
+    var REQUEST_TIMEOUT = 10000; // timeout for all requests (see also setTimeout on the httpServer)

    var json = middleware.json({ strict: true, limit: QUERY_LIMIT }), // application/json
        urlencoded = middleware.urlencoded({ extended: false, limit: QUERY_LIMIT }); // application/x-www-form-urlencoded
@@ -107,6 +108,7 @@ function initializeExpressSync() {
    router.del ('/api/v1/users/:userId', usersScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.user.remove);
    router.post('/api/v1/users/:userId/password', usersScope, routes.user.changePassword); // changePassword verifies password
    router.post('/api/v1/users/:userId/admin', usersScope, routes.user.requireAdmin, routes.user.changeAdmin);
+    router.post('/api/v1/users/:userId/invite', usersScope, routes.user.requireAdmin, routes.user.sendInvite);

    // form based login routes used by oauth2 frame
    router.get ('/api/v1/session/login', csrf, routes.oauth2.loginForm);
@@ -142,6 +144,7 @@ function initializeExpressSync() {
    router.post('/api/v1/apps/:id/update',    appsScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.apps.updateApp);
    router.post('/api/v1/apps/:id/restore',   appsScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.apps.restoreApp);
    router.post('/api/v1/apps/:id/backup',    appsScope, routes.user.requireAdmin, routes.apps.backupApp);
+    router.get ('/api/v1/apps/:id/backups',   appsScope, routes.user.requireAdmin, routes.apps.listBackups);
    router.post('/api/v1/apps/:id/stop',      appsScope, routes.user.requireAdmin, routes.apps.stopApp);
    router.post('/api/v1/apps/:id/start',     appsScope, routes.user.requireAdmin, routes.apps.startApp);
    router.get ('/api/v1/apps/:id/logstream', appsScope, routes.user.requireAdmin, routes.apps.getLogStream);
@@ -169,6 +172,9 @@ function initializeExpressSync() {
    router.get ('/api/v1/backups', settingsScope, routes.backups.get);
    router.post('/api/v1/backups', settingsScope, routes.backups.create);

+    // disable server timeout. we use the timeout middleware to handle timeouts on a route level
+    httpServer.setTimeout(0);
+
    // upgrade handler
    httpServer.on('upgrade', function (req, socket, head) {
        if (req.headers['upgrade'] !== 'tcp') return req.end('Only TCP upgrades are possible');
@@ -220,6 +226,7 @@ function initializeInternalExpressSync() {

    // internal routes
    router.post('/api/v1/backup', routes.internal.backup);
+    router.post('/api/v1/update', routes.internal.update);

    return httpServer;
 }
@@ -235,6 +242,7 @@ function start(callback) {
        auth.initialize,
        database.initialize,
        cloudron.initialize, // keep this here because it reads activation state that others depend on
+        certificates.installAdminCertificate, // keep this before cron to block heartbeats until cert is ready
        taskmanager.initialize,
        mailer.initialize,
        cron.initialize,
@@ -26,37 +26,35 @@ exports = module.exports = {
    getBackupConfig: getBackupConfig,
    setBackupConfig: setBackupConfig,

+    getTlsConfig: getTlsConfig,
+    setTlsConfig: setTlsConfig,
+
+    getUpdateConfig: getUpdateConfig,
+    setUpdateConfig: setUpdateConfig,
+
    getDefaultSync: getDefaultSync,
    getAll: getAll,

-    validateCertificate: validateCertificate,
-    setCertificate: setCertificate,
-    setAdminCertificate: setAdminCertificate,
-
    AUTOUPDATE_PATTERN_KEY: 'autoupdate_pattern',
    TIME_ZONE_KEY: 'time_zone',
    CLOUDRON_NAME_KEY: 'cloudron_name',
    DEVELOPER_MODE_KEY: 'developer_mode',
    DNS_CONFIG_KEY: 'dns_config',
    BACKUP_CONFIG_KEY: 'backup_config',
+    TLS_CONFIG_KEY: 'tls_config',
+    UPDATE_CONFIG_KEY: 'update_config',

    events: new (require('events').EventEmitter)()
 };

 var assert = require('assert'),
    config = require('./config.js'),
-    constants = require('./constants.js'),
    CronJob = require('cron').CronJob,
    DatabaseError = require('./databaseerror.js'),
-    ejs = require('ejs'),
-    fs = require('fs'),
-    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    settingsdb = require('./settingsdb.js'),
-    shell = require('./shell.js'),
    util = require('util'),
-    x509 = require('x509'),
    _ = require('underscore');

 var gDefaults = (function () {
@@ -67,13 +65,12 @@ var gDefaults = (function () {
    result[exports.DEVELOPER_MODE_KEY] = false;
    result[exports.DNS_CONFIG_KEY] = { };
    result[exports.BACKUP_CONFIG_KEY] = { };
+    result[exports.TLS_CONFIG_KEY] = { provider: 'caas' };
+    result[exports.UPDATE_CONFIG_KEY] = { prerelease: false };

    return result;
 })();

-var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
-    RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
-
 if (config.TEST) {
    // avoid noisy warnings during npm test
    exports.events.setMaxListeners(100);
@@ -101,7 +98,6 @@ util.inherits(SettingsError, Error);
 SettingsError.INTERNAL_ERROR = 'Internal Error';
 SettingsError.NOT_FOUND = 'Not Found';
 SettingsError.BAD_FIELD = 'Bad Field';
-SettingsError.INVALID_CERT = 'Invalid certificate';

 function setAutoupdatePattern(pattern, callback) {
    assert.strictEqual(typeof pattern, 'string');
@@ -276,6 +272,34 @@ function setDnsConfig(dnsConfig, callback) {
    });
 }

+function getTlsConfig(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.get(exports.TLS_CONFIG_KEY, function (error, value) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.TLS_CONFIG_KEY]);
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        callback(null, JSON.parse(value)); // provider
+    });
+}
+
+function setTlsConfig(tlsConfig, callback) {
+    assert.strictEqual(typeof tlsConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (tlsConfig.provider !== 'caas' && tlsConfig.provider.indexOf('le-') !== 0) {
+        return callback(new SettingsError(SettingsError.BAD_FIELD, 'provider must be caas or le-*'));
+    }
+
+    settingsdb.set(exports.TLS_CONFIG_KEY, JSON.stringify(tlsConfig), function (error) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        exports.events.emit(exports.TLS_CONFIG_KEY, tlsConfig);
+
+        callback(null);
+    });
+}
+
 function getBackupConfig(callback) {
    assert.strictEqual(typeof callback, 'function');

@@ -304,6 +328,30 @@ function setBackupConfig(backupConfig, callback) {
    });
 }

+function getUpdateConfig(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.get(exports.UPDATE_CONFIG_KEY, function (error, value) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.UPDATE_CONFIG_KEY]);
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        callback(null, JSON.parse(value)); // { prerelease }
+    });
+}
+
+function setUpdateConfig(updateConfig, callback) {
+    assert.strictEqual(typeof updateConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.set(exports.UPDATE_CONFIG_KEY, JSON.stringify(updateConfig), function (error) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+
+        exports.events.emit(exports.UPDATE_CONFIG_KEY, updateConfig);
+
+        callback(null);
+    });
+}
+
 function getDefaultSync(name) {
    assert.strictEqual(typeof name, 'string');

@@ -322,104 +370,3 @@ function getAll(callback) {
        callback(null, result);
    });
 }
-
-// note: https://tools.ietf.org/html/rfc4346#section-7.4.2 (certificate_list) requires that the
-// servers certificate appears first (and not the intermediate cert)
-function validateCertificate(cert, key, fqdn) {
-    assert(cert === null || typeof cert === 'string');
-    assert(key === null || typeof key === 'string');
-    assert.strictEqual(typeof fqdn, 'string');
-
-    if (cert === null && key === null) return null;
-    if (!cert && key) return new Error('missing cert');
-    if (cert && !key) return new Error('missing key');
-
-    var content;
-    try {
-        content = x509.parseCert(cert);
-    } catch (e) {
-        return new Error('invalid cert: ' + e.message);
-    }
-
-    // check expiration
-    if (content.notAfter < new Date()) return new Error('cert expired');
-
-    function matchesDomain(domain) {
-        if (domain === fqdn) return true;
-        if (domain.indexOf('*') === 0 && domain.slice(2) === fqdn.slice(fqdn.indexOf('.') + 1)) return true;
-
-        return false;
-    }
-
-    // check domain
-    var domains = content.altNames.concat(content.subject.commonName);
-    if (!domains.some(matchesDomain)) return new Error(util.format('cert is not valid for this domain. Expecting %s in %j', fqdn, domains));
-
-    // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
-    var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert });
-    var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
-    if (certModulus !== keyModulus) return new Error('key does not match the cert');
-
-    return null;
-}
-
-function setCertificate(cert, key, callback) {
-    assert.strictEqual(typeof cert, 'string');
-    assert.strictEqual(typeof key, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    var error = validateCertificate(cert, key, '*.' + config.fqdn());
-    if (error) return callback(new SettingsError(SettingsError.INVALID_CERT, error.message));
-
-    // backup the cert
-    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, 'host.cert'), cert)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, 'host.key'), key)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-
-    // copy over fallback cert
-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), cert)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), key)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-
-    shell.sudo('setCertificate', [ RELOAD_NGINX_CMD ], function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        return callback(null);
-    });
-}
-
-function setAdminCertificate(cert, key, callback) {
-    assert.strictEqual(typeof cert, 'string');
-    assert.strictEqual(typeof key, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    var sourceDir = path.resolve(__dirname, '..');
-    var endpoint = 'admin';
-    var vhost = config.appFqdn(constants.ADMIN_LOCATION);
-    var certFilePath = path.join(paths.APP_CERTS_DIR, 'admin.cert');
-    var keyFilePath = path.join(paths.APP_CERTS_DIR, 'admin.key');
-
-    var error = validateCertificate(cert, key, vhost);
-    if (error) return callback(new SettingsError(SettingsError.INVALID_CERT, error.message));
-
-    // backup the cert
-    if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-    if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error.message));
-
-    var data = {
-        sourceDir: sourceDir,
-        adminOrigin: config.adminOrigin(),
-        vhost: vhost,
-        endpoint: endpoint,
-        certFilePath: certFilePath,
-        keyFilePath: keyFilePath
-    };
-    var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
-    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, 'admin.conf');
-
-    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
-
-    shell.sudo('setAdminCertificate', [ RELOAD_NGINX_CMD ], function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        return callback(null);
-    });
-}
@@ -24,7 +24,7 @@ function getBackupCredentials(backupConfig, callback) {

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/awscredentials';
    superagent.post(url).query({ token: backupConfig.token }).end(function (error, result) {
-        if (error) return callback(error);
+        if (error && !error.response) return callback(error);
        if (result.statusCode !== 201) return callback(new Error(result.text));
        if (!result.body || !result.body.credentials) return callback(new Error('Unexpected response'));

@@ -49,11 +49,10 @@ function getAllPaged(backupConfig, page, perPage, callback) {

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/backups';
    superagent.get(url).query({ token: backupConfig.token }).end(function (error, result) {
-        if (error) return callback(error);
+        if (error && !error.response) return callback(error);
        if (result.statusCode !== 200) return callback(new Error(result.text));
        if (!result.body || !util.isArray(result.body.backups)) return callback(new Error('Unexpected response'));

-        // [ { creationTime, boxVersion, restoreKey, dependsOn: [ ] } ] sorted by time (latest first)
        return callback(null, result.body.backups);
    });
 }
@@ -36,7 +36,33 @@ function getAllPaged(backupConfig, page, perPage, callback) {
    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    return callback(new Error('Not implemented yet'));
+    getBackupCredentials(backupConfig, function (error, credentials) {
+        if (error) return callback(error);
+
+        var s3 = new AWS.S3(credentials);
+
+        var params = {
+            Bucket: backupConfig.bucket,
+            EncodingType: 'url',
+            Prefix: backupConfig.prefix + '/backup_'
+        };
+
+        s3.listObjects(params, function (error, data) {
+            if (error) return callback(error);
+
+            var results = data.Contents.map(function (backup) {
+                return {
+                    creationTime: backup.LastModified,
+                    restoreKey: backup.Key.slice(backupConfig.prefix.length + 1),
+                    dependsOn: [] // FIXME empty dependsOn is wrong and version property is missing!!
+                };
+            });
+
+            results.sort(function (a, b) { return a.creationTime < b.creationTime; });
+
+            return callback(null, results);
+        });
+    });
 }

 function getSignedUploadUrl(backupConfig, filename, callback) {
@@ -1,28 +1,68 @@
+/* jslint node:true */
+
 'use strict';

+var assert = require('assert'),
+    caas = require('./sysinfo/caas.js'),
+    config = require('./config.js'),
+    ec2 = require('./sysinfo/ec2.js'),
+    util = require('util');
+
 exports = module.exports = {
+    SysInfoError: SysInfoError,
+
    getIp: getIp
 };

-var os = require('os');
-
 var gCachedIp = null;

-function getIp() {
-    if (gCachedIp) return gCachedIp;
+function SysInfoError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');

-    var ifaces = os.networkInterfaces();
-    for (var dev in ifaces) {
-        if (dev.match(/^(en|eth|wlp).*/) === null) continue;
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);

-        for (var i = 0; i < ifaces[dev].length; i++) {
-            if (ifaces[dev][i].family === 'IPv4') {
-                gCachedIp = ifaces[dev][i].address;
-                return gCachedIp;
-            }
-        }
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
    }
+}
+util.inherits(SysInfoError, Error);
+SysInfoError.INTERNAL_ERROR = 'Internal Error';

-    return null;
+function getApi(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    switch (config.provider()) {
+        case '': return callback(null, caas);   // current fallback for caas
+        case 'caas': return callback(null, caas);
+        case 'digitalocean': return callback(null, caas);
+        case 'ec2': return callback(null, ec2);
+        default: return callback(new Error('Unkown provider ' + config.provider()));
+    }
 }

+function getIp(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    if (gCachedIp) return callback(null, gCachedIp);
+
+    getApi(function (error, api) {
+        if (error) return callback(error);
+
+        api.getIp(function (error, ip) {
+            if (error) return callback(error);
+
+            gCachedIp = ip;
+
+            callback(null, gCachedIp);
+        });
+    });
+}
@@ -0,0 +1,26 @@
+'use strict';
+
+exports = module.exports = {
+    getIp: getIp
+};
+
+var assert = require('assert'),
+    os = require('os'),
+    SysInfoError = require('../sysinfo.js').SysInfoError;
+
+function getIp(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    var ifaces = os.networkInterfaces();
+    for (var dev in ifaces) {
+        if (dev.match(/^(en|eth|wlp).*/) === null) continue;
+
+        for (var i = 0; i < ifaces[dev].length; i++) {
+            if (ifaces[dev][i].family === 'IPv4') {
+                return callback(null, ifaces[dev][i].address);
+            }
+        }
+    }
+
+    callback(new SysInfoError(SysInfoError.INTERNAL_ERROR, 'No IP found'));
+}
@@ -0,0 +1,21 @@
+'use strict';
+
+exports = module.exports = {
+    getIp: getIp
+};
+
+var assert = require('assert'),
+    superagent = require('superagent'),
+    SysInfoError = require('../sysinfo.js').SysInfoError,
+    util = require('util');
+
+function getIp(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    superagent.get('http://169.254.169.254/latest/meta-data/public-ipv4').end(function (error, result) {
+        if (error) return callback(new SysInfoError(SysInfoError.INTERNAL_ERROR, error.status ? 'Request failed: ' + error.status : 'Network failure'));
+        if (result.statusCode !== 200) return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+
+        callback(null, result.text);
+    });
+}
@@ -92,15 +92,17 @@ function startAppTask(appId) {
        return;
    }

+    // when parent process dies, apptask processes are killed because KillMode=control-group in systemd unit file
    gActiveTasks[appId] = child_process.fork(__dirname + '/apptask.js', [ appId ]);

    var pid = gActiveTasks[appId].pid;
    debug('Started task of %s pid: %s', appId, pid);

-    gActiveTasks[appId].once('exit', function (code) {
+    gActiveTasks[appId].once('exit', function (code, signal) {
        debug('Task for %s pid %s completed with status %s', appId, pid, code);
-        if (code && code !== 50) { // apptask crashed
-            appdb.update(appId, { installationState: appdb.ISTATE_ERROR, installationProgress: 'Apptask crashed with code ' + code }, NOOP_CALLBACK);
+        if (code === null /* signal */ || (code !== 0 && code !== 50)) { // apptask crashed
+            debug('Apptask crashed with code %s and signal %s', code, signal);
+            appdb.update(appId, { installationState: appdb.ISTATE_ERROR, installationProgress: 'Apptask crashed with code ' + code + ' and signal ' + signal }, NOOP_CALLBACK);
        }
        delete gActiveTasks[appId];
        locker.unlock(locker.OP_APPTASK); // unlock event will trigger next task
@@ -85,7 +85,8 @@ describe('apptask', function () {
        async.series([
            database.initialize,
            appdb.add.bind(null, APP.id, APP.appStoreId, APP.manifest, APP.location, APP.portBindings, APP.accessRestriction, APP.oauthProxy),
-            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' })
+            settings.setDnsConfig.bind(null, { provider: 'route53', accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', endpoint: 'http://localhost:5353' }),
+            settings.setTlsConfig.bind(null, { provider: 'caas' })
        ], done);
    });

@@ -97,12 +98,12 @@ describe('apptask', function () {
        apptask.initialize(done);
    });

-    it('free port', function (done) {
-        apptask._getFreePort(function (error, port) {
-            expect(error).to.be(null);
-            expect(port).to.be.a('number');
-            var client = net.connect(port);
-            client.on('connect', function () { done(new Error('Port is not free:' + port)); });
+    it('reserve port', function (done) {
+        apptask._reserveHttpPort(APP, function (error) {
+            expect(error).to.not.be.ok();
+            expect(APP.httpPort).to.be.a('number');
+            var client = net.connect(APP.httpPort);
+            client.on('connect', function () { done(new Error('Port is not free:' + APP.httpPort)); });
            client.on('error', function (error) { done(); });
        });
    });
@@ -0,0 +1,90 @@
+/* jslint node:true */
+/* global it:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+var certificates = require('../certificates.js'),
+    expect = require('expect.js');
+
+describe('Certificates', function () {
+    describe('validateCertificate', function () {
+        /*
+          Generate these with:
+            openssl genrsa -out server.key 512
+            openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=Nebulon/OU=CTO/CN=baz.foobar.com"
+            openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+        */
+
+        // foobar.com
+        var validCert0 = '-----BEGIN CERTIFICATE-----\nMIIBujCCAWQCCQCjLyTKzAJ4FDANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKZm9vYmFyLmNvbTAeFw0xNTEw\nMjgxMjM5MjZaFw0xNjEwMjcxMjM5MjZaMGQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI\nDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEQMA4GA1UECgwHTmVidWxvbjEMMAoG\nA1UECwwDQ1RPMRMwEQYDVQQDDApmb29iYXIuY29tMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9Z7b6\n+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAATANBgkqhkiG9w0BAQsFAANBAJI7\nFUUHXjR63UFk8pgxp0c7hEGqj4VWWGsmo8oZnnX8jGVmQDKbk8o3MtDujfqupmMR\nMo7tSAFlG7zkm3GYhpw=\n-----END CERTIFICATE-----';
+        var validKey0 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMeYofgwHeNVmGkGe0gj4dnX2ciifDi7X2K/oVHp7mxuHjGMSYP9\nZ7b6+mu0IMf4OedwXStHBeO8mwjKxZmE7p8CAwEAAQJBAJS59Sb8o6i8JT9NJxvQ\nMQCkSJGqEaosZJ0uccSZ7aE48v+H7HiPzXAueitohcEif2Wp1EZ1RbRMURhznNiZ\neLECIQDxxqhakO6wc7H68zmpRXJ5ZxGUNbM24AMtpONAtEw9iwIhANNWtp6P74OV\ntvfOmtubbqw768fmGskFCOcp5oF8oF29AiBkTAf9AhCyjFwyAYJTEScq67HkLN66\njfVjkvpfFixmfwIgI+xldmZ5DCDyzQSthg7RrS0yUvRmMS1N6h1RNUl96PECIQDl\nit4lFcytbqNo1PuBZvzQE+plCjiJqXHYo3WCst1Jbg==\n-----END RSA PRIVATE KEY-----';
+
+        // *.foobar.com
+        var validCert1 = '-----BEGIN CERTIFICATE-----\nMIIBvjCCAWgCCQCg957GWuHtbzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEVMBMGA1UEAwwMKi5mb29iYXIuY29tMB4XDTE1\nMTAyODEzMDI1MFoXDTE2MTAyNzEzMDI1MFowZjELMAkGA1UEBhMCREUxDzANBgNV\nBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRAwDgYDVQQKDAdOZWJ1bG9uMQww\nCgYDVQQLDANDVE8xFTATBgNVBAMMDCouZm9vYmFyLmNvbTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQC0FKf07ZWMcABFlZw+GzXK9EiZrlJ1lpnu64RhN99z7MXRr8cF\nnZVgY3jgatuyR5s3WdzUvye2eJ0rNicl2EZJAgMBAAEwDQYJKoZIhvcNAQELBQAD\nQQAw4bteMZAeJWl2wgNLw+wTwAH96E0jyxwreCnT5AxJLmgimyQ0XOF4FsssdRFj\nxD9WA+rktelBodJyPeTDNhIh\n-----END CERTIFICATE-----';
+        var validKey1 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBALQUp/TtlYxwAEWVnD4bNcr0SJmuUnWWme7rhGE333PsxdGvxwWd\nlWBjeOBq27JHmzdZ3NS/J7Z4nSs2JyXYRkkCAwEAAQJALV2eykcoC48TonQEPmkg\nbhaIS57syw67jMLsQImQ02UABKzqHPEKLXPOZhZPS9hsC/hGIehwiYCXMUlrl+WF\nAQIhAOntBI6qaecNjAAVG7UbZclMuHROUONmZUF1KNq6VyV5AiEAxRLkfHWy52CM\njOQrX347edZ30f4QczvugXwsyuU9A1ECIGlGZ8Sk4OBA8n6fAUcyO06qnmCJVlHg\npTUeOvKk5c9RAiBs28+8dCNbrbhVhx/yQr9FwNM0+ttJW/yWJ+pyNQhr0QIgJTT6\nxwCWYOtbioyt7B9l+ENy3AMSO3Uq+xmIKkvItK4=\n-----END RSA PRIVATE KEY-----';
+
+        // baz.foobar.com
+        var validCert2 = '-----BEGIN CERTIFICATE-----\nMIIBwjCCAWwCCQDIKtL9RCDCkDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJE\nRTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05l\nYnVsb24xDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wHhcN\nMTUxMDI4MTMwNTMzWhcNMTYxMDI3MTMwNTMzWjBoMQswCQYDVQQGEwJERTEPMA0G\nA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB05lYnVsb24x\nDDAKBgNVBAsMA0NUTzEXMBUGA1UEAwwOYmF6LmZvb2Jhci5jb20wXDANBgkqhkiG\n9w0BAQEFAANLADBIAkEAw7UWW/VoQePv2l92l3XcntZeyw1nBiHxk1axZwC6auOW\n2/zfA//Tg7fv4q5qKnV1n/71IiMAheeFcpfogY5rTwIDAQABMA0GCSqGSIb3DQEB\nCwUAA0EAtluL6dGNfOdNkzoO/UwzRaIvEm2reuqe+Ik4WR/k+DJ4igrmRCQqXwjW\nJaGYsFWsuk3QLOWQ9YgCKlcIYd+1/A==\n-----END CERTIFICATE-----';
+        var validKey2 = '-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAMO1Flv1aEHj79pfdpd13J7WXssNZwYh8ZNWsWcAumrjltv83wP/\n04O37+Kuaip1dZ/+9SIjAIXnhXKX6IGOa08CAwEAAQJAUPD3Y2cXDJFaJQXwhWnw\nqhzdLbvITUgCor5rNr+dWhE2MopGPpRHiabA1PeWEPx8CfblyTZGd8KUR/2W1c0r\naQIhAP4ZxB3+uhuzzMfyRrn/khr12pFn/FCIDbwnDbyUxLrTAiEAxSuVOFs+Mupt\nYCz/pPrDCx3eid0wyXRObbkLHOxJiBUCIBTp5fxaBNNW3xnt1OhmIo5Zgd3J4zh1\nmjvMMxM8Y1zFAiAxOP0qsZSoj1+41+MGY9fXaaCJ2F96m3+M4tpEYTTGNQIgdESZ\nz+hzHBeYVbWJpIR8uaNkx7wveUF90FpipXyeTsA=\n-----END RSA PRIVATE KEY-----';
+
+        it('allows both null', function () {
+            expect(certificates.validateCertificate(null, null, 'foobar.com')).to.be(null);
+        });
+
+        it('does not allow only cert', function () {
+            expect(certificates.validateCertificate('cert', null, 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow only key', function () {
+            expect(certificates.validateCertificate(null, 'key', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow empty string for cert', function () {
+            expect(certificates.validateCertificate('', 'key', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow empty string for key', function () {
+            expect(certificates.validateCertificate('cert', '', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid cert', function () {
+            expect(certificates.validateCertificate('someinvalidcert', validKey0, 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid key', function () {
+            expect(certificates.validateCertificate(validCert0, 'invalidkey', 'foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow cert without matching domain', function () {
+            expect(certificates.validateCertificate(validCert0, validKey0, 'cloudron.io')).to.be.an(Error);
+        });
+
+        it('allows valid cert with matching domain', function () {
+            expect(certificates.validateCertificate(validCert0, validKey0, 'foobar.com')).to.be(null);
+        });
+
+        it('allows valid cert with matching domain (wildcard)', function () {
+            expect(certificates.validateCertificate(validCert1, validKey1, 'abc.foobar.com')).to.be(null);
+        });
+
+        it('does now allow cert without matching domain (wildcard)', function () {
+            expect(certificates.validateCertificate(validCert1, validKey1, 'foobar.com')).to.be.an(Error);
+            expect(certificates.validateCertificate(validCert1, validKey1, 'bar.abc.foobar.com')).to.be.an(Error);
+        });
+
+        it('allows valid cert with matching domain (subdomain)', function () {
+            expect(certificates.validateCertificate(validCert2, validKey2, 'baz.foobar.com')).to.be(null);
+        });
+
+        it('does not allow cert without matching domain (subdomain)', function () {
+            expect(certificates.validateCertificate(validCert0, validKey0, 'baz.foobar.com')).to.be.an(Error);
+        });
+
+        it('does not allow invalid cert/key tuple', function () {
+            expect(certificates.validateCertificate(validCert0, validKey1, 'foobar.com')).to.be.an(Error);
+        });
+    });
+});
@@ -40,7 +40,8 @@ describe('database', function () {
            salt: 'morton',
            createdAt: 'sometime back',
            modifiedAt: 'now',
-            resetToken: hat(256)
+            resetToken: hat(256),
+            displayName: ''
        };

        var ADMIN_0 = {
@@ -52,7 +53,8 @@ describe('database', function () {
            salt: 'tata',
            createdAt: 'sometime back',
            modifiedAt: 'now',
-            resetToken: ''
+            resetToken: '',
+            displayName: 'Herbert Heidelberg'
        };

        it('can add user', function (done) {
@@ -154,10 +156,11 @@ describe('database', function () {
        });

        it('can update the user', function (done) {
-            userdb.update(USER_0.id, { email: 'some@thing.com' }, function (error) {
+            userdb.update(USER_0.id, { email: 'some@thing.com', displayName: 'Heiter' }, function (error) {
                expect(error).to.not.be.ok();
                userdb.get(USER_0.id, function (error, user) {
                    expect(user.email).to.equal('some@thing.com');
+                    expect(user.displayName).to.equal('Heiter');
                    done();
                });
            });
@@ -17,14 +17,16 @@ var database = require('../database.js'),

 var USER_0 = {
    username: 'foobar0',
-    password: 'password0',
-    email: 'foo0@bar.com'
+    password: 'Foobar?1234',
+    email: 'foo0@bar.com',
+    displayName: 'Bob bobson'
 };

 var USER_1 = {
    username: 'foobar1',
-    password: 'password1',
-    email: 'foo1@bar.com'
+    password: 'Foobar?12345',
+    email: 'foo1@bar.com',
+    displayName: 'Jesus'
 };

 function setup(done) {
@@ -32,8 +34,8 @@ function setup(done) {
        database.initialize.bind(null),
        database._clear.bind(null),
        ldapServer.start.bind(null),
-        user.create.bind(null, USER_0.username, USER_0.password, USER_0.email, true, null),
-        user.create.bind(null, USER_1.username, USER_1.password, USER_1.email, false, USER_0)
+        user.create.bind(null, USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, true, null, false),
+        user.create.bind(null, USER_1.username, USER_1.password, USER_1.email, USER_0.displayName, false, USER_0, false)
    ], done);
 }

@@ -11,7 +11,7 @@ var progress = require('../progress.js'),
    database = require('../database.js'),
    expect = require('expect.js'),
    nock = require('nock'),
-    request = require('superagent'),
+    superagent = require('superagent'),
    server = require('../server.js');

 var SERVER_URL = 'http://localhost:' + config.get('port');
@@ -46,7 +46,7 @@ describe('Server', function () {
        });

        it('is reachable', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/status', function (err, res) {
+            superagent.get(SERVER_URL + '/api/v1/cloudron/status', function (err, res) {
                expect(res.statusCode).to.equal(200);
                done(err);
            });
@@ -79,32 +79,32 @@ describe('Server', function () {
            });
        });

-        it('random bad requests', function (done) {
-            request.get(SERVER_URL + '/random', function (err, res) {
-                expect(err).to.not.be.ok();
+        it('random bad superagents', function (done) {
+            superagent.get(SERVER_URL + '/random', function (err, res) {
+                expect(err).to.be.ok();
                expect(res.statusCode).to.equal(404);
-                done(err);
+                done();
            });
        });

        it('version', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/status', function (err, res) {
+            superagent.get(SERVER_URL + '/api/v1/cloudron/status', function (err, res) {
                expect(err).to.not.be.ok();
                expect(res.statusCode).to.equal(200);
                expect(res.body.version).to.equal('0.5.0');
-                done(err);
+                done();
            });
        });

        it('status route is GET', function (done) {
-            request.post(SERVER_URL + '/api/v1/cloudron/status')
+            superagent.post(SERVER_URL + '/api/v1/cloudron/status')
                   .end(function (err, res) {
                expect(res.statusCode).to.equal(404);

-                request.get(SERVER_URL + '/api/v1/cloudron/status')
+                superagent.get(SERVER_URL + '/api/v1/cloudron/status')
                       .end(function (err, res) {
                    expect(res.statusCode).to.equal(200);
-                    done(err);
+                    done();
                });
            });
        });
@@ -122,18 +122,16 @@ describe('Server', function () {
        });

        it('config fails due missing token', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/config', function (err, res) {
-                expect(err).to.not.be.ok();
+            superagent.get(SERVER_URL + '/api/v1/cloudron/config', function (err, res) {
                expect(res.statusCode).to.equal(401);
-                done(err);
+                done();
            });
        });

        it('config fails due wrong token', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/config').query({ access_token: 'somewrongtoken' }).end(function (err, res) {
-                expect(err).to.not.be.ok();
+            superagent.get(SERVER_URL + '/api/v1/cloudron/config').query({ access_token: 'somewrongtoken' }).end(function (err, res) {
                expect(res.statusCode).to.equal(401);
-                done(err);
+                done();
            });
        });
    });
@@ -150,8 +148,7 @@ describe('Server', function () {
        });

        it('succeeds with no progress', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
-                expect(error).to.not.be.ok();
+            superagent.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
                expect(result.statusCode).to.equal(200);
                expect(result.body.update).to.be(null);
                expect(result.body.backup).to.be(null);
@@ -162,8 +159,7 @@ describe('Server', function () {
        it('succeeds with update progress', function (done) {
            progress.set(progress.UPDATE, 13, 'This is some status string');

-            request.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
-                expect(error).to.not.be.ok();
+            superagent.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
                expect(result.statusCode).to.equal(200);
                expect(result.body.update).to.be.an('object');
                expect(result.body.update.percent).to.be.a('number');
@@ -179,8 +175,7 @@ describe('Server', function () {
        it('succeeds with no progress after clearing the update', function (done) {
            progress.clear(progress.UPDATE);

-            request.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
-                expect(error).to.not.be.ok();
+            superagent.get(SERVER_URL + '/api/v1/cloudron/progress', function (error, result) {
                expect(result.statusCode).to.equal(200);
                expect(result.body.update).to.be(null);
                expect(result.body.backup).to.be(null);
@@ -211,8 +206,9 @@ describe('Server', function () {
        });

        it('is not reachable anymore', function (done) {
-            request.get(SERVER_URL + '/api/v1/cloudron/status', function (error, result) {
+            superagent.get(SERVER_URL + '/api/v1/cloudron/status', function (error, result) {
                expect(error).to.not.be(null);
+                expect(!error.response).to.be.ok();
                done();
            });
        });
@@ -226,15 +222,15 @@ describe('Server', function () {
        });

        it('responds to OPTIONS', function (done) {
-            request('OPTIONS', SERVER_URL + '/api/v1/cloudron/status')
+            superagent('OPTIONS', SERVER_URL + '/api/v1/cloudron/status')
                .set('Access-Control-Request-Method', 'GET')
-                .set('Access-Control-Request-Headers', 'accept, origin, x-requested-with')
+                .set('Access-Control-Request-Headers', 'accept, origin, x-superagented-with')
                .set('Origin', 'http://localhost')
-                .end(function (res) {
+                .end(function (error, res) {
                expect(res.headers['access-control-allow-methods']).to.be('GET, PUT, DELETE, POST, OPTIONS');
                expect(res.headers['access-control-allow-credentials']).to.be('true');
-                expect(res.headers['access-control-allow-headers']).to.be('accept, origin, x-requested-with'); // mirrored from request
-                expect(res.headers['access-control-allow-origin']).to.be('http://localhost'); // mirrors from request
+                expect(res.headers['access-control-allow-headers']).to.be('accept, origin, x-superagented-with'); // mirrored from superagent
+                expect(res.headers['access-control-allow-origin']).to.be('http://localhost'); // mirrors from superagent
                done();
            });
        });
--- a/Show More
+++ b/Show More