Add 1.8.5 changes

Waiting -> Pending
Use updateConfig addons instead of manifest addons to setup
2017-12-26 05:48:51 -08:00 · 2017-12-26 05:43:08 -08:00 · 2017-12-26 05:42:46 -08:00 · 2017-12-07 20:17:35 +05:30 · 2017-12-07 20:13:28 +05:30 · 2017-12-07 20:12:34 +05:30
97 changed files with 3116 additions and 2506 deletions
@@ -1036,3 +1036,109 @@
 * Add button to send test email
 * Fix crash in carbon which made graphs disappear on some Cloudrons

+[1.7.2]
+* Add rsync format for backups. This feature allows incremental backups
+* Add Google DNS backend (thanks @syn)
+* Add Cloudscale and Exoscale as supported VPS providers
+* Display backup progress and status in the web interface
+* Preliminary IPv6 support
+* Add IP RBL status to web interface
+* Add auto-update pattern `Every wednesday night`
+* Update Haraka to 2.8.15. This fixes the issue where emails were bounced with the message 'Send MAIL FROM first'
+* Do not overwrite existing subdomain when app's location is changed
+* Add button to send test email
+* Fix crash in carbon which made graphs disappear on some Cloudrons
+* Fix issue where OAuth SSO did not work when alternate domain was used
+
+[1.7.3]
+* Add rsync format for backups. This feature allows incremental backups
+* Add Google DNS backend (thanks @syn)
+* Add Cloudscale and Exoscale as supported VPS providers
+* Display backup progress and status in the web interface
+* Preliminary IPv6 support
+* Add IP RBL status to web interface
+* Add auto-update pattern `Every wednesday night`
+* Update Haraka to 2.8.15. This fixes the issue where emails were bounced with the message 'Send MAIL FROM first'
+* Do not overwrite existing subdomain when app's location is changed
+* Add button to send test email
+* Fix crash in carbon which made graphs disappear on some Cloudrons
+* Fix issue where OAuth SSO did not work when alternate domain was used
+
+[1.7.4]
+* Add rsync format for backups. This feature allows incremental backups
+* Add Google DNS backend (thanks @syn)
+* Add DigitalOcean spaces backup storage backend
+* Add Cloudscale and Exoscale as supported VPS providers
+* Display backup progress and status in the web interface
+* Preliminary IPv6 support
+* Add IP RBL status to web interface
+* Add auto-update pattern `Every wednesday night`
+* Update Haraka to 2.8.15. This fixes the issue where emails were bounced with the message 'Send MAIL FROM first'
+* Do not overwrite existing subdomain when app's location is changed
+* Add button to send test email
+* Fix crash in carbon which made graphs disappear on some Cloudrons
+* Fix issue where OAuth SSO did not work when alternate domain was used
+* Changelog is now rendered in markdown format
+
+[1.7.5]
+* Expose a TLS relay port from mail container for Go applications
+
+[1.7.6]
+* Port bindings cannot be configured in update route anymore
+* Implement LDAP group compare
+* Pre-releases are now offered by appstore and not handled in box code anymore
+* LDAP pagination support. This will fix the warnings in NextCloud and Rocket.Chat
+* Check if directories can be created in the backup directory
+* Do not set the HTTPS agent when using HTTP with minio backup backend
+* Fix regression where a new domain config could not be set in the UI
+* New mail container release that fixes email sending with SOGo
+* Show 404 page for unknown domains
+
+[1.7.7]
+* Allow setting app memory till memory limit
+* Make the dkim selector dynamic
+* Fix issue where app update dialog did not close
+* Fix LE cert renewal failures
+* Send user and cert info in digest emails
+* Send oom, app failures and other important mails to cloudron owner's alt mail
+
+[1.8.0]
+* Fix group email bounce when a group has users that have not signed up yet
+* Do not restrict app memory limit to 4GB
+* Fix display of the latest backup in the weekly digest
+* Add UI to select users for access restriction
+* Update docker to 17.09
+* Update node to 6.11.5
+* Display package version of installed apps in the info dialog
+
+[1.8.1]
+* Update node modules
+* Allow a restore operation if app is already restoring
+* Remove pre-install bundle support since it was hardly used
+* Make the test email mail address configurable
+* Allow admins to access all apps
+* Send feedback via appstore API (instead of email)
+* Show documentation URL in the app info dialog
+* Update Lets Encrypt agrement URL (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)
+
+[1.8.2]
+* Update node modules
+* Allow a restore operation if app is already restoring
+* Remove pre-install bundle support since it was hardly used
+* Make the test email mail address configurable
+* Allow admins to access all apps
+* Send feedback via appstore API (instead of email)
+* Show documentation URL in the app info dialog
+* Update Lets Encrypt agrement URL (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)
+
+[1.8.3]
+* Ensure domain database record exists
+
+[1.8.4]
+* Fix issue where internal email was not delivered when email relay is enabled
+* Fix display of DNS records when email relay is enabled
+
+[1.8.5]
+* Fix issues where unused addons were not cleaned on an app update causing uninstall to fail
+* Change UI text from 'Waiting' to 'Pending'
+
@@ -630,7 +630,7 @@ state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

    box
-    Copyright (C) 2016 Cloudron UG
+    Copyright (C) 2016,2017 Cloudron UG

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as published
@@ -47,10 +47,10 @@ apt-get -y install \
 cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades

 echo "==> Installing node.js"
-mkdir -p /usr/local/node-6.11.3
-curl -sL https://nodejs.org/dist/v6.11.3/node-v6.11.3-linux-x64.tar.gz | tar zxvf - --strip-components=1 -C /usr/local/node-6.11.3
-ln -sf /usr/local/node-6.11.3/bin/node /usr/bin/node
-ln -sf /usr/local/node-6.11.3/bin/npm /usr/bin/npm
+mkdir -p /usr/local/node-6.11.5
+curl -sL https://nodejs.org/dist/v6.11.5/node-v6.11.5-linux-x64.tar.gz | tar zxvf - --strip-components=1 -C /usr/local/node-6.11.5
+ln -sf /usr/local/node-6.11.5/bin/node /usr/bin/node
+ln -sf /usr/local/node-6.11.5/bin/npm /usr/bin/npm
 apt-get install -y python   # Install python which is required for npm rebuild
 [[ "$(python --version 2>&1)" == "Python 2.7."* ]] || die "Expecting python version to be 2.7.x"

@@ -61,7 +61,7 @@ echo "==> Installing Docker"
 mkdir -p /etc/systemd/system/docker.service.d
 echo -e "[Service]\nExecStart=\nExecStart=/usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2" > /etc/systemd/system/docker.service.d/cloudron.conf

-curl -sL https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.03.1~ce-0~ubuntu-xenial_amd64.deb -o /tmp/docker.deb
+curl -sL https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -o /tmp/docker.deb
 # apt install with install deps (as opposed to dpkg -i)
 apt install -y /tmp/docker.deb
 rm /tmp/docker.deb
@@ -6,9 +6,9 @@ var argv = require('yargs').argv,
    autoprefixer = require('gulp-autoprefixer'),
    concat = require('gulp-concat'),
    cssnano = require('gulp-cssnano'),
-    del = require('del'),
    ejs = require('gulp-ejs'),
    gulp = require('gulp'),
+    rimraf = require('rimraf'),
    sass = require('gulp-sass'),
    serve = require('gulp-serve'),
    sourcemaps = require('gulp-sourcemaps'),
@@ -196,7 +196,8 @@ gulp.task('watch', ['default'], function () {
 });

 gulp.task('clean', function () {
-    del.sync(['webadmin/dist', 'setup/splash/website']);
+    rimraf.sync('webadmin/dist');
+    rimraf.sync('setup/splash/website');
 });

 gulp.task('default', ['clean', 'html', 'js', '3rdparty', 'images', 'css'], function () {});
@@ -0,0 +1,15 @@
+'use strict';
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps ADD COLUMN newConfigJson TEXT', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE apps DROP COLUMN newConfigJson', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
@@ -0,0 +1,40 @@
+'use strict';
+
+var async = require('async');
+
+exports.up = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE backups ADD COLUMN manifestJson TEXT'),
+
+        db.runSql.bind(db, 'START TRANSACTION;'),
+
+        // fill all the backups with restoreConfigs from current apps
+        function addManifests(callback) {
+            console.log('Importing manifests');
+
+            db.all('SELECT * FROM backups WHERE type="app"', function (error, backups) {
+                if (error) return callback(error);
+
+                async.eachSeries(backups, function (backup, next) {
+                    var m = backup.restoreConfigJson ? JSON.parse(backup.restoreConfigJson) : null;
+                    if (m) m = JSON.stringify(m.manifest);
+
+                    db.runSql('UPDATE backups SET manifestJson=? WHERE id=?', [ m, backup.id ], next);
+                }, callback);
+            });
+        },
+
+        db.runSql.bind(db, 'COMMIT'),
+
+        // remove the restoreConfig
+        db.runSql.bind(db, 'ALTER TABLE backups DROP COLUMN restoreConfigJson')
+    ], callback);
+};
+
+exports.down = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE backups DROP COLUMN manifestJson'),
+        db.runSql.bind(db, 'ALTER TABLE backups ADD COLUMN restoreConfigJson TEXT'),
+    ], callback);
+};
+
@@ -0,0 +1,15 @@
+'use strict';
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE newConfigJson updateConfigJson TEXT', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE updateConfigJson newConfigJson TEXT', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
@@ -0,0 +1,15 @@
+'use strict';
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE lastBackupId restoreConfigJson TEXT', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE apps CHANGE restoreConfigJson lastBackupId TEXT', [], function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};
@@ -72,8 +72,9 @@ CREATE TABLE IF NOT EXISTS apps(
    enableBackup BOOLEAN DEFAULT 1,

    // the following fields do not belong here, they can be removed when we use a queue for apptask
-    lastBackupId VARCHAR(128), // used to pass backupId to restore from to apptask
-    oldConfigJson TEXT, // used to pass old config for apptask
+    restoreConfigJson VARCHAR(256), // used to pass backupId to restore from to apptask
+    oldConfigJson TEXT, // used to pass old config for apptask (configure, restore)
+    updateConfigJson TEXT, // used to pass new config for apptask (update)

    PRIMARY KEY(id));

@@ -110,7 +111,8 @@ CREATE TABLE IF NOT EXISTS backups(
    type VARCHAR(16) NOT NULL, /* 'box' or 'app' */
    dependsOn TEXT, /* comma separate list of objects this backup depends on */
    state VARCHAR(16) NOT NULL,
-    restoreConfigJson TEXT, /* JSON including the manifest of the backed up app */
+    manifestJson TEXT, /* to validate if the app can be installed in this version of box */
+    format VARCHAR(16) DEFAULT "tgz",

    PRIMARY KEY (id));

@@ -14,89 +14,90 @@
    "node": ">=4.0.0 <=4.1.1"
  },
  "dependencies": {
-    "@google-cloud/dns": "^0.6.2",
+    "@google-cloud/dns": "^0.7.0",
    "@sindresorhus/df": "^2.1.0",
-    "async": "^2.5.0",
-    "aws-sdk": "^2.97.0",
-    "body-parser": "^1.17.2",
-    "cloudron-manifestformat": "^2.9.0",
+    "async": "^2.6.0",
+    "aws-sdk": "^2.151.0",
+    "body-parser": "^1.18.2",
+    "cloudron-manifestformat": "^2.10.0",
    "connect-ensure-login": "^0.1.1",
-    "connect-lastmile": "^0.1.0",
+    "connect-lastmile": "^1.0.2",
    "connect-timeout": "^1.9.0",
    "cookie-parser": "^1.3.5",
-    "cookie-session": "^1.1.0",
-    "cron": "^1.0.9",
+    "cookie-session": "^1.3.2",
+    "cron": "^1.3.0",
    "csurf": "^1.6.6",
-    "db-migrate": "^0.10.0-beta.20",
+    "db-migrate": "^0.10.0-beta.24",
    "db-migrate-mysql": "^1.1.10",
-    "debug": "^3.0.0",
-    "dockerode": "^2.4.3",
+    "debug": "^3.1.0",
+    "dockerode": "^2.5.3",
    "ejs": "^2.5.7",
    "ejs-cli": "^2.0.0",
-    "express": "^4.15.4",
-    "express-session": "^1.15.5",
+    "express": "^4.16.2",
+    "express-session": "^1.15.6",
    "gulp-sass": "^3.0.0",
    "hat": "0.0.3",
    "hock": "https://registry.npmjs.org/hock/-/hock-1.3.2.tgz",
    "json": "^9.0.3",
    "ldapjs": "^1.0.0",
    "lodash.chunk": "^4.2.0",
-    "mime": "^1.3.4",
-    "moment-timezone": "^0.5.5",
-    "morgan": "^1.7.0",
+    "mime": "^2.0.3",
+    "moment-timezone": "^0.5.14",
+    "morgan": "^1.9.0",
    "multiparty": "^4.1.2",
-    "mysql": "^2.7.0",
-    "nodemailer": "^4.0.1",
+    "mysql": "^2.15.0",
+    "nodemailer": "^4.4.0",
    "nodemailer-smtp-transport": "^2.7.4",
-    "oauth2orize": "^1.0.1",
+    "oauth2orize": "^1.11.0",
    "once": "^1.3.2",
    "parse-links": "^0.1.0",
-    "passport": "^0.2.2",
-    "passport-http": "^0.2.2",
+    "passport": "^0.4.0",
+    "passport-http": "^0.3.0",
    "passport-http-bearer": "^1.0.1",
    "passport-local": "^1.0.0",
    "passport-oauth2-client-password": "^0.1.2",
-    "password-generator": "^2.0.2",
+    "password-generator": "^2.2.0",
    "progress-stream": "^2.0.0",
-    "proxy-middleware": "^0.13.0",
+    "proxy-middleware": "^0.15.0",
+    "request": "^2.83.0",
    "s3-block-read-stream": "^0.2.0",
    "safetydance": "^0.7.1",
-    "semver": "^4.3.6",
-    "showdown": "^1.6.0",
+    "semver": "^5.4.1",
+    "showdown": "^1.8.2",
    "split": "^1.0.0",
-    "superagent": "^3.5.2",
+    "superagent": "^3.8.1",
    "supererror": "^0.7.1",
-    "tar-fs": "^1.15.3",
-    "tldjs": "^1.6.2",
+    "tar-fs": "^1.16.0",
+    "tar-stream": "^1.5.5",
+    "tldjs": "^2.2.0",
    "underscore": "^1.7.0",
    "uuid": "^3.1.0",
    "valid-url": "^1.0.9",
-    "validator": "^4.9.0",
-    "ws": "^2.3.1"
+    "validator": "^9.1.1",
+    "ws": "^3.3.1"
  },
  "devDependencies": {
    "bootstrap-sass": "^3.3.3",
-    "del": "^1.1.1",
    "expect.js": "*",
    "gulp": "^3.9.1",
-    "gulp-autoprefixer": "^2.3.0",
+    "gulp-autoprefixer": "^4.0.0",
    "gulp-concat": "^2.4.3",
    "gulp-cssnano": "^2.1.0",
-    "gulp-ejs": "^1.0.0",
+    "gulp-ejs": "^3.1.0",
    "gulp-sass": "^3.0.0",
    "gulp-serve": "^1.0.0",
-    "gulp-sourcemaps": "^1.5.2",
-    "gulp-uglify": "^1.1.0",
+    "gulp-sourcemaps": "^2.6.1",
+    "gulp-uglify": "^3.0.0",
    "hock": "~1.2.0",
    "istanbul": "*",
-    "js2xmlparser": "^1.0.0",
+    "js2xmlparser": "^3.0.0",
    "mocha": "*",
-    "mock-aws-s3": "^2.4.0",
+    "mock-aws-s3": "git+https://github.com/cloudron-io/mock-aws-s3.git",
    "nock": "^9.0.14",
-    "node-sass": "^3.13.1",
+    "node-sass": "^4.6.1",
    "readdirp": "https://registry.npmjs.org/readdirp/-/readdirp-2.1.0.tgz",
    "request": "^2.65.0",
-    "yargs": "^3.15.0"
+    "yargs": "^10.0.3"
  },
  "scripts": {
    "migrate_local": "DATABASE_URL=mysql://root:@localhost/box node_modules/.bin/db-migrate up",
@@ -45,6 +45,7 @@ fi
 initBaseImage="true"
 # provisioning data
 domain=""
+adminLocation="my"
 zoneName=""
 provider=""
 encryptionKey=""
@@ -63,13 +64,14 @@ baseDataDir=""
 # TODO this is still there for the restore case, see other occasions below
 versionsUrl="https://s3.amazonaws.com/prod-cloudron-releases/versions.json"

-args=$(getopt -o "" -l "domain:,help,skip-baseimage-init,data:,data-dir:,provider:,encryption-key:,restore-url:,tls-provider:,version:,dns-provider:,env:,prerelease,skip-reboot,source-url:" -n "$0" -- "$@")
+args=$(getopt -o "" -l "domain:,help,skip-baseimage-init,data:,data-dir:,provider:,encryption-key:,restore-url:,tls-provider:,version:,dns-provider:,env:,admin-location:,prerelease,skip-reboot,source-url:" -n "$0" -- "$@")
 eval set -- "${args}"

 while true; do
    case "$1" in
    --domain) domain="$2"; shift 2;;
-    --help) echo "See https://cloudron.io/references/selfhosting.html on how to install Cloudron"; exit 0;;
+    --admin-location) adminLocation="$2"; shift 2;;
+    --help) echo "See https://cloudron.io/documentation/installation/ on how to install Cloudron"; exit 0;;
    --provider) provider="$2"; shift 2;;
    --encryption-key) encryptionKey="$2"; shift 2;;
    --restore-url) restoreUrl="$2"; shift 2;;
@@ -105,12 +107,12 @@ done
 # validate arguments in the absence of data
 if [[ -z "${dataJson}" ]]; then
    if [[ -z "${provider}" ]]; then
-        echo "--provider is required (azure, cloudscale, digitalocean, ec2, exoscale, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic)"
+        echo "--provider is required (azure, cloudscale.ch, digitalocean, ec2, exoscale, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic)"
        exit 1
    elif [[  \
                "${provider}" != "ami" && \
                "${provider}" != "azure" && \
-                "${provider}" != "cloudscale" && \
+                "${provider}" != "cloudscale.ch" && \
                "${provider}" != "digitalocean" && \
                "${provider}" != "ec2" && \
                "${provider}" != "exoscale" && \
@@ -123,7 +125,7 @@ if [[ -z "${dataJson}" ]]; then
                "${provider}" != "vultr" && \
                "${provider}" != "generic" \
            ]]; then
-        echo "--provider must be one of: azure, cloudscale, digitalocean, ec2, exoscale, gce, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic"
+        echo "--provider must be one of: azure, cloudscale.ch, digitalocean, ec2, exoscale, gce, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic"
        exit 1
    fi

@@ -197,6 +199,7 @@ if [[ -z "${dataJson}" ]]; then
    {
        "boxVersionsUrl": "${versionsUrl}",
        "fqdn": "${domain}",
+        "adminLocation": "${adminLocation}",
        "zoneName": "${zoneName}",
        "provider": "${provider}",
        "apiServerOrigin": "${apiServerOrigin}",
@@ -214,9 +217,6 @@ if [[ -z "${dataJson}" ]]; then
            "format": "tgz",
            "retentionSecs": 172800
        },
-        "updateConfig": {
-            "prerelease": ${prerelease}
-        },
        "version": "${version}"
    }
 EOF
@@ -226,6 +226,7 @@ EOF
    {
        "boxVersionsUrl": "${versionsUrl}",
        "fqdn": "${domain}",
+        "adminLocation": "${adminLocation}",
        "zoneName": "${zoneName}",
        "provider": "${provider}",
        "apiServerOrigin": "${apiServerOrigin}",
@@ -262,17 +263,9 @@ fi

 echo "=> Installing version ${version} (this takes some time) ..."
 echo "${data}" > "${DATA_FILE}"
-# poor mans semver
-if [[ ${version} == "0.10"* ]]; then
-    if ! /bin/bash "${box_src_tmp_dir}/scripts/installer.sh" --data-file "${DATA_FILE}" &>> "${LOG_FILE}"; then
-        echo "Failed to install cloudron. See ${LOG_FILE} for details"
-        exit 1
-    fi
-else
-    if ! /bin/bash "${box_src_tmp_dir}/scripts/installer.sh" --data-file "${DATA_FILE}" --data-dir "${baseDataDir}" &>> "${LOG_FILE}"; then
-        echo "Failed to install cloudron. See ${LOG_FILE} for details"
-        exit 1
-    fi
+if ! /bin/bash "${box_src_tmp_dir}/scripts/installer.sh" --data-file "${DATA_FILE}" --data-dir "${baseDataDir}" &>> "${LOG_FILE}"; then
+    echo "Failed to install cloudron. See ${LOG_FILE} for details"
+    exit 1
 fi
 rm "${DATA_FILE}"

@@ -31,8 +31,8 @@ if ! $(cd "${SOURCE_DIR}" && git diff --exit-code >/dev/null); then
    exit 1
 fi

-if [[ "$(node --version)" != "v6.11.3" ]]; then
-    echo "This script requires node 6.11.3"
+if [[ "$(node --version)" != "v6.11.5" ]]; then
+    echo "This script requires node 6.11.5"
    exit 1
 fi

@@ -34,13 +34,41 @@ while true; do
    esac
 done

+echo "==> installer: updating docker"
+if [[ $(docker version --format {{.Client.Version}}) != "17.09.0-ce" ]]; then
+    $curl -sL https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -o /tmp/docker.deb
+
+    # https://download.docker.com/linux/ubuntu/dists/xenial/stable/binary-amd64/Packages
+    if [[ $(sha256sum /tmp/docker.deb | cut -d' ' -f1) != "d33f6eb134f0ab0876148bd96de95ea47d583d7f2cddfdc6757979453f9bd9bf" ]]; then
+        echo "docker binary download is corrupt"
+        exit 5
+    fi
+
+    echo "Waiting for all dpkg tasks to finish..."
+    while fuser /var/lib/dpkg/lock; do
+        sleep 1
+    done
+
+    while ! dpkg --force-confold --configure -a; do
+        echo "Failed to fix packages. Retry"
+        sleep 1
+    done
+
+    while ! apt install -y /tmp/docker.deb; do
+        echo "Failed to install docker. Retry"
+        sleep 1
+    done
+
+    rm /tmp/docker.deb
+fi
+
 echo "==> installer: updating node"
-if [[ "$(node --version)" != "v6.11.3" ]]; then
-    mkdir -p /usr/local/node-6.11.3
-    $curl -sL https://nodejs.org/dist/v6.11.3/node-v6.11.3-linux-x64.tar.gz | tar zxvf - --strip-components=1 -C /usr/local/node-6.11.3
-    ln -sf /usr/local/node-6.11.3/bin/node /usr/bin/node
-    ln -sf /usr/local/node-6.11.3/bin/npm /usr/bin/npm
-    rm -rf /usr/local/node-6.11.2
+if [[ "$(node --version)" != "v6.11.5" ]]; then
+    mkdir -p /usr/local/node-6.11.5
+    $curl -sL https://nodejs.org/dist/v6.11.5/node-v6.11.5-linux-x64.tar.gz | tar zxvf - --strip-components=1 -C /usr/local/node-6.11.5
+    ln -sf /usr/local/node-6.11.5/bin/node /usr/bin/node
+    ln -sf /usr/local/node-6.11.5/bin/npm /usr/bin/npm
+    rm -rf /usr/local/node-6.11.3
 fi

 for try in `seq 1 10`; do
@@ -81,9 +109,6 @@ fi
 # ensure we are not inside the source directory, which we will remove now
 cd /root

-echo "==> installer: updating packages"
-# add logic to update apt packages here
-
 echo "==> installer: switching the box code"
 rm -rf "${BOX_SRC_DIR}"
 mv "${box_src_tmp_dir}" "${BOX_SRC_DIR}"
@@ -6,6 +6,7 @@ json="${source_dir}/../node_modules/.bin/json"
 # IMPORTANT: Fix cloudron.js:doUpdate if you add/remove any arg. keep these sorted for readability
 arg_api_server_origin=""
 arg_fqdn=""
+arg_admin_location=""
 arg_zone_name=""
 arg_is_custom_domain="false"
 arg_restore_key=""
@@ -20,9 +21,7 @@ arg_version=""
 arg_web_server_origin=""
 arg_backup_config=""
 arg_dns_config=""
-arg_update_config=""
 arg_provider=""
-arg_app_bundle=""
 arg_is_demo="false"

 args=$(getopt -o "" -l "data:,retire-reason:,retire-info:" -n "$0" -- "$@")
@@ -46,19 +45,19 @@ while true; do
        arg_is_custom_domain=$(echo "$2" | $json isCustomDomain)
        [[ "${arg_is_custom_domain}" == "" ]] && arg_is_custom_domain="true"

+        arg_admin_location=$(echo "$2" | $json adminLocation)
+        [[ "${arg_admin_location}" == "" ]] && arg_admin_location="my"
+
        # only update/restore have this valid (but not migrate)
        arg_api_server_origin=$(echo "$2" | $json apiServerOrigin)
        [[ "${arg_api_server_origin}" == "" ]] && arg_api_server_origin="https://api.cloudron.io"
        arg_web_server_origin=$(echo "$2" | $json webServerOrigin)
        [[ "${arg_web_server_origin}" == "" ]] && arg_web_server_origin="https://cloudron.io"

-        # TODO check if an where this is used
+        # TODO check if and where this is used
        arg_version=$(echo "$2" | $json version)

        # read possibly empty parameters here
-        arg_app_bundle=$(echo "$2" | $json appBundle)
-        [[ "${arg_app_bundle}" == "" ]] && arg_app_bundle="[]"
-
        arg_is_demo=$(echo "$2" | $json isDemo)
        [[ "${arg_is_demo}" == "" ]] && arg_is_demo="false"

@@ -86,9 +85,6 @@ while true; do
        arg_dns_config=$(echo "$2" | $json dnsConfig)
        [[ "${arg_dns_config}" == "null" ]] && arg_dns_config=""

-        arg_update_config=$(echo "$2" | $json updateConfig)
-        [[ "${arg_update_config}" == "null" ]] && arg_update_config=""
-
        shift 2
        ;;
    --) break;;
@@ -7,7 +7,6 @@ readonly SETUP_WEBSITE_DIR="/home/yellowtent/setup/website"
 script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 readonly box_src_dir="$(realpath ${script_dir}/..)"
 readonly PLATFORM_DATA_DIR="/home/yellowtent/platformdata"
-readonly ADMIN_LOCATION="my" # keep this in sync with constants.js

 echo "Setting up nginx update page"

@@ -19,7 +18,7 @@ fi
 source "${script_dir}/argparser.sh" "$@" # this injects the arg_* variables used below

 # keep this is sync with config.js appFqdn()
-admin_fqdn=$([[ "${arg_is_custom_domain}" == "true" ]] && echo "${ADMIN_LOCATION}.${arg_fqdn}" ||  echo "${ADMIN_LOCATION}-${arg_fqdn}")
+admin_fqdn=$([[ "${arg_is_custom_domain}" == "true" ]] && echo "${arg_admin_location}.${arg_fqdn}" ||  echo "${arg_admin_location}-${arg_fqdn}")
 admin_origin="https://${admin_fqdn}"

 # copy the website
@@ -95,11 +95,6 @@ mkdir -p "${BOX_DATA_DIR}/mail/dkim"
 mkdir -p /var/backups
 chmod 777 /var/backups

-echo "==> Migrating mail data"
-if [[ -d "${PLATFORM_DATA_DIR}/mail" ]]; then
-    find "${PLATFORM_DATA_DIR}/mail" -mindepth 1 -maxdepth 1 -exec mv --target-directory="${BOX_DATA_DIR}/mail" '{}' +
-fi
-
 echo "==> Configuring journald"
 sed -e "s/^#SystemMaxUse=.*$/SystemMaxUse=100M/" \
    -e "s/^#ForwardToSyslog=.*$/ForwardToSyslog=no/" \
@@ -191,7 +186,11 @@ if [[ ! -f /etc/mysql/mysql.cnf ]] || ! diff -q "${script_dir}/start/mysql.cnf"
        echo "Waiting for mysql jobs..."
        sleep 1
    done
-    systemctl restart mysql
+    while true; do
+        if systemctl restart mysql; then break; fi
+        echo "Restarting MySql again after sometime since this fails randomly"
+        sleep 1
+    done
 else
    systemctl start mysql
 fi
@@ -203,20 +202,31 @@ mysql -u root -p${mysql_root_password} -e 'CREATE DATABASE IF NOT EXISTS box'
 if [[ -n "${arg_restore_url}" ]]; then
    set_progress "30" "Downloading restore data"

-    decrypt=""
-    if [[ "${arg_restore_url}" == *.tar.gz.enc || -n "${arg_restore_key}" ]]; then
-        echo "==> Downloading encrypted backup: ${arg_restore_url} and key: ${arg_restore_key}"
-        decrypt=(openssl aes-256-cbc -d -nosalt -pass "pass:${arg_restore_key}")
-    else
-        echo "==> Downloading backup: ${arg_restore_url}"
-        decrypt=(cat -)
-    fi
+    readonly restore_dir="${arg_restore_url#file://}"

-    while true; do
-        if $curl -L "${arg_restore_url}" | "${decrypt[@]}" \
-        | tar -zxf - --overwrite -C "${BOX_DATA_DIR}"; then break; fi
-        echo "Failed to download data, trying again"
-    done
+    if [[ -d "${restore_dir}" ]]; then # rsync backup
+        echo "==> Copying backup: ${restore_dir}"
+        if [[ $(stat -c "%d" "${BOX_DATA_DIR}") == $(stat -c "%d" "${restore_dir}") ]]; then
+            cp -rfl "${restore_dir}/." "${BOX_DATA_DIR}"
+        else
+            cp -rf "${restore_dir}/." "${BOX_DATA_DIR}"
+        fi
+    else # tgz backup
+        decrypt=""
+        if [[ "${arg_restore_url}" == *.tar.gz.enc || -n "${arg_restore_key}" ]]; then
+            echo "==> Downloading encrypted backup: ${arg_restore_url} and key: ${arg_restore_key}"
+            decrypt=(openssl aes-256-cbc -d -nosalt -pass "pass:${arg_restore_key}")
+        elif [[ "${arg_restore_url}" == *.tar.gz ]]; then
+            echo "==> Downloading backup: ${arg_restore_url}"
+            decrypt=(cat -)
+        fi
+
+        while true; do
+            if $curl -L "${arg_restore_url}" | "${decrypt[@]}" \
+            | tar -zxf - --overwrite -C "${BOX_DATA_DIR}"; then break; fi
+            echo "Failed to download data, trying again"
+        done
+    fi

    set_progress "35" "Setting up MySQL"
    if [[ -f "${BOX_DATA_DIR}/box.mysqldump" ]]; then
@@ -232,6 +242,24 @@ cd "${BOX_SRC_DIR}"
 BOX_ENV=cloudron DATABASE_URL=mysql://root:${mysql_root_password}@127.0.0.1/box "${BOX_SRC_DIR}/node_modules/.bin/db-migrate" up
 EOF

+echo "==> Adding automated configs"
+mysql -u root -p${mysql_root_password} -e "REPLACE INTO settings (name, value) VALUES (\"domain\", '{ \"fqdn\": \"$arg_fqdn\", \"zoneName\": \"$arg_zone_name\", \"adminLocation\": \"$arg_admin_location\" }')" box
+
+if [[ ! -z "${arg_backup_config}" ]]; then
+    mysql -u root -p${mysql_root_password} \
+        -e "REPLACE INTO settings (name, value) VALUES (\"backup_config\", '$arg_backup_config')" box
+fi
+
+if [[ ! -z "${arg_dns_config}" ]]; then
+    mysql -u root -p${mysql_root_password} \
+        -e "REPLACE INTO settings (name, value) VALUES (\"dns_config\", '$arg_dns_config')" box
+fi
+
+if [[ ! -z "${arg_tls_config}" ]]; then
+    mysql -u root -p${mysql_root_password} \
+        -e "REPLACE INTO settings (name, value) VALUES (\"tls_config\", '$arg_tls_config')" box
+fi
+
 echo "==> Creating cloudron.conf"
 cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
 {
@@ -240,18 +268,11 @@ cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
    "apiServerOrigin": "${arg_api_server_origin}",
    "webServerOrigin": "${arg_web_server_origin}",
    "fqdn": "${arg_fqdn}",
+    "adminLocation": "${arg_admin_location}",
    "zoneName": "${arg_zone_name}",
    "isCustomDomain": ${arg_is_custom_domain},
    "provider": "${arg_provider}",
-    "isDemo": ${arg_is_demo},
-    "database": {
-        "hostname": "127.0.0.1",
-        "username": "root",
-        "password": "${mysql_root_password}",
-        "port": 3306,
-        "name": "box"
-    },
-    "appBundle": ${arg_app_bundle}
+    "isDemo": ${arg_is_demo}
 }
 CONF_END
 # pass these out-of-band because they have new lines which interfere with json
@@ -278,31 +299,13 @@ fi
 echo "==> Changing ownership"
 chown "${USER}:${USER}" -R "${CONFIG_DIR}"
 chown "${USER}:${USER}" -R "${PLATFORM_DATA_DIR}/nginx" "${PLATFORM_DATA_DIR}/collectd" "${PLATFORM_DATA_DIR}/logrotate.d" "${PLATFORM_DATA_DIR}/addons" "${PLATFORM_DATA_DIR}/acme" "${PLATFORM_DATA_DIR}/backup"
-chown "${USER}:${USER}" -R "${BOX_DATA_DIR}"
-chown "${USER}:${USER}" -R "${BOX_DATA_DIR}/mail/dkim" # this is owned by box currently since it generates the keys
 chown "${USER}:${USER}" "${PLATFORM_DATA_DIR}/INFRA_VERSION" 2>/dev/null || true
 chown "${USER}:${USER}" "${PLATFORM_DATA_DIR}"

-echo "==> Adding automated configs"
-if [[ ! -z "${arg_backup_config}" ]]; then
-    mysql -u root -p${mysql_root_password} \
-        -e "REPLACE INTO settings (name, value) VALUES (\"backup_config\", '$arg_backup_config')" box
-fi
-
-if [[ ! -z "${arg_dns_config}" ]]; then
-    mysql -u root -p${mysql_root_password} \
-        -e "REPLACE INTO settings (name, value) VALUES (\"dns_config\", '$arg_dns_config')" box
-fi
-
-if [[ ! -z "${arg_update_config}" ]]; then
-    mysql -u root -p${mysql_root_password} \
-        -e "REPLACE INTO settings (name, value) VALUES (\"update_config\", '$arg_update_config')" box
-fi
-
-if [[ ! -z "${arg_tls_config}" ]]; then
-    mysql -u root -p${mysql_root_password} \
-        -e "REPLACE INTO settings (name, value) VALUES (\"tls_config\", '$arg_tls_config')" box
-fi
+# do not chown the boxdata/mail directory; dovecot gets upset
+chown "${USER}:${USER}" "${BOX_DATA_DIR}"
+find "${BOX_DATA_DIR}" -mindepth 1 -maxdepth 1 -not -path "${BOX_DATA_DIR}/mail" -exec chown -R "${USER}:${USER}" {} \;
+chown "${USER}:${USER}" -R "${BOX_DATA_DIR}/mail/dkim" # this is owned by box currently since it generates the keys

 set_progress "60" "Starting Cloudron"
 systemctl start cloudron.target
@@ -4,6 +4,41 @@ map $http_upgrade $connection_upgrade {
    '' close;
 }

+# http server
+server {
+    listen       80;
+<% if (hasIPv6) { -%>
+    listen       [::]:80;
+<% } -%>
+
+<% if (vhost) { -%>
+    server_name  <%= vhost %>;
+<% } else { -%>
+    # IP based access from collectd or initial cloudron setup. TODO: match the IPv6 address
+    server_name  "~^\d+\.\d+\.\d+\.\d+$";
+
+    # collectd
+    location /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        deny all;
+    }
+<% } -%>
+
+    # acme challenges (for cert renewal where the vhost config exists)
+    location /.well-known/acme-challenge/ {
+        default_type text/plain;
+        alias /home/yellowtent/platformdata/acme/;
+    }
+
+    location / {
+        # redirect everything to HTTPS
+        return 301 https://$host$request_uri;
+    }
+}
+
+# https server
 server {
 <% if (vhost) { -%>
    server_name  <%= vhost %>;
@@ -36,28 +36,21 @@ http {
    # zones for rate limiting
    limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second

-    # HTTP server
+
+    # default http server that returns 404 for any domain we are not listening on
    server {
-        listen      80;
-        listen      [::]:80;
+        listen      80 default_server;
+        listen      [::]:80 default_server;
+        server_name does_not_match_anything;

-        # collectd
-        location /nginx_status {
-            stub_status on;
-            access_log off;
-            allow 127.0.0.1;
-            deny all;
-        }
-
-        # acme challenges
+        # acme challenges (for app installation and re-configure when the vhost config does not exist)
        location /.well-known/acme-challenge/ {
            default_type text/plain;
            alias /home/yellowtent/platformdata/acme/;
        }

        location / {
-            # redirect everything to HTTPS
-            return 301 https://$host$request_uri;
+            return 404;
        }
    }

@@ -363,6 +363,7 @@ function setupSendMail(app, options, callback) {
        var env = [
            { name: 'MAIL_SMTP_SERVER', value: 'mail' },
            { name: 'MAIL_SMTP_PORT', value: '2525' },
+            { name: 'MAIL_SMTPS_PORT', value: '4650' },
            { name: 'MAIL_SMTP_USERNAME', value: mailbox.name },
            { name: 'MAIL_SMTP_PASSWORD', value: password },
            { name: 'MAIL_FROM', value: mailbox.name + '@' + config.fqdn() },
@@ -10,6 +10,7 @@ exports = module.exports = {
    update: update,
    getAll: getAll,
    getPortBindings: getPortBindings,
+    delPortBinding: delPortBinding,

    setAddonConfig: setAddonConfig,
    getAddonConfig: getAddonConfig,
@@ -59,7 +60,7 @@ var assert = require('assert'),

 var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.installationProgress', 'apps.runState',
    'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.httpPort', 'apps.location', 'apps.dnsRecordId',
-    'apps.accessRestrictionJson', 'apps.lastBackupId', 'apps.oldConfigJson', 'apps.memoryLimit', 'apps.altDomain',
+    'apps.accessRestrictionJson', 'apps.restoreConfigJson', 'apps.oldConfigJson', 'apps.updateConfigJson', 'apps.memoryLimit', 'apps.altDomain',
    'apps.xFrameOptions', 'apps.sso', 'apps.debugModeJson', 'apps.robotsTxt', 'apps.enableBackup' ].join(',');

 var PORT_BINDINGS_FIELDS = [ 'hostPort', 'environmentVariable', 'appId' ].join(',');
@@ -75,6 +76,14 @@ function postProcess(result) {
    result.oldConfig = safe.JSON.parse(result.oldConfigJson);
    delete result.oldConfigJson;

+    assert(result.updateConfigJson === null || typeof result.updateConfigJson === 'string');
+    result.updateConfig = safe.JSON.parse(result.updateConfigJson);
+    delete result.updateConfigJson;
+
+    assert(result.restoreConfigJson === null || typeof result.restoreConfigJson === 'string');
+    result.restoreConfig = safe.JSON.parse(result.restoreConfigJson);
+    delete result.restoreConfigJson;
+
    assert(result.hostPorts === null || typeof result.hostPorts === 'string');
    assert(result.environmentVariables === null || typeof result.environmentVariables === 'string');

@@ -188,14 +197,14 @@ function add(id, appStoreId, manifest, location, portBindings, data, callback) {
    var altDomain = data.altDomain || null;
    var xFrameOptions = data.xFrameOptions || '';
    var installationState = data.installationState || exports.ISTATE_PENDING_INSTALL;
-    var lastBackupId = data.lastBackupId || null; // used when cloning
+    var restoreConfigJson = data.restoreConfig ? JSON.stringify(data.restoreConfig) : null; // used when cloning
    var sso = 'sso' in data ? data.sso : null;
    var debugModeJson = data.debugMode ? JSON.stringify(data.debugMode) : null;

    var queries = [];
    queries.push({
-        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, location, accessRestrictionJson, memoryLimit, altDomain, xFrameOptions, lastBackupId, sso, debugModeJson) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
-        args: [ id, appStoreId, manifestJson, installationState, location, accessRestrictionJson, memoryLimit, altDomain, xFrameOptions, lastBackupId, sso, debugModeJson ]
+        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, location, accessRestrictionJson, memoryLimit, altDomain, xFrameOptions, restoreConfigJson, sso, debugModeJson) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
+        args: [ id, appStoreId, manifestJson, installationState, location, accessRestrictionJson, memoryLimit, altDomain, xFrameOptions, restoreConfigJson, sso, debugModeJson ]
    });

    Object.keys(portBindings).forEach(function (env) {
@@ -248,6 +257,18 @@ function getPortBindings(id, callback) {
    });
 }

+function delPortBinding(hostPort, callback) {
+    assert.strictEqual(typeof hostPort, 'number');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('DELETE FROM appPortBindings WHERE hostPort=?', [ hostPort ], function (error, result) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+
+        callback(null);
+    });
+}
+
 function del(id, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -305,17 +326,8 @@ function updateWithConstraints(id, app, constraints, callback) {

    var fields = [ ], values = [ ];
    for (var p in app) {
-        if (p === 'manifest') {
-            fields.push('manifestJson = ?');
-            values.push(JSON.stringify(app[p]));
-        } else if (p === 'oldConfig') {
-            fields.push('oldConfigJson = ?');
-            values.push(JSON.stringify(app[p]));
-        } else if (p === 'accessRestriction') {
-            fields.push('accessRestrictionJson = ?');
-            values.push(JSON.stringify(app[p]));
-        } else if (p === 'debugMode') {
-            fields.push('debugModeJson = ?');
+        if (p === 'manifest' || p === 'oldConfig' || p === 'updateConfig' || p === 'restoreConfig' || p === 'accessRestriction' || p === 'debugMode') {
+            fields.push(`${p}Json = ?`);
            values.push(JSON.stringify(app[p]));
        } else if (p !== 'portBindings') {
            fields.push(p + ' = ?');
@@ -368,14 +380,14 @@ function setInstallationCommand(appId, installationState, values, callback) {
    // Rules are:
    // uninstall is allowed in any state
    // force update is allowed in any state including pending_uninstall! (for better or worse)
-    // restore is allowed from installed or error state
+    // restore is allowed from installed or error state or currently restoring
    // configure is allowed in installed state or currently configuring or in error state
    // update and backup are allowed only in installed state

    if (installationState === exports.ISTATE_PENDING_UNINSTALL || installationState === exports.ISTATE_PENDING_FORCE_UPDATE) {
        updateWithConstraints(appId, values, '', callback);
    } else if (installationState === exports.ISTATE_PENDING_RESTORE) {
-        updateWithConstraints(appId, values, 'AND (installationState = "installed" OR installationState = "error")', callback);
+        updateWithConstraints(appId, values, 'AND (installationState = "installed" OR installationState = "error" OR installationState = "pending_restore")', callback);
    } else if (installationState === exports.ISTATE_PENDING_UPDATE || installationState === exports.ISTATE_PENDING_BACKUP) {
        updateWithConstraints(appId, values, 'AND installationState = "installed"', callback);
    } else if (installationState === exports.ISTATE_PENDING_CONFIGURE) {
@@ -65,6 +65,7 @@ var addons = require('./addons.js'),
    groups = require('./groups.js'),
    mailboxdb = require('./mailboxdb.js'),
    manifestFormat = require('cloudron-manifestformat'),
+    os = require('os'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
@@ -118,7 +119,7 @@ AppsError.BAD_CERTIFICATE = 'Invalid certificate';
 // https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names
 // We are validating the validity of the location-fqdn as host name
 function validateHostname(location, fqdn) {
-    var RESERVED_LOCATIONS = [ constants.ADMIN_LOCATION, constants.API_LOCATION, constants.SMTP_LOCATION, constants.IMAP_LOCATION, constants.MAIL_LOCATION, constants.POSTMAN_LOCATION ];
+    var RESERVED_LOCATIONS = [ config.adminLocation(), constants.API_LOCATION, constants.SMTP_LOCATION, constants.IMAP_LOCATION, config.mailLocation(), constants.POSTMAN_LOCATION ];

    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new AppsError(AppsError.BAD_FIELD, location + ' is reserved');

@@ -208,7 +209,7 @@ function validateMemoryLimit(manifest, memoryLimit) {
    assert.strictEqual(typeof memoryLimit, 'number');

    var min = manifest.memoryLimit || constants.DEFAULT_MEMORY_LIMIT;
-    var max = (4096 * 1024 * 1024);
+    var max = os.totalmem() * 2; // this will overallocate since we don't allocate equal swap always (#466)

    // allow 0, which indicates that it is not set, the one from the manifest will be choosen but we don't commit any user value
    // this is needed so an app update can change the value in the manifest, and if not set by the user, the new value should be used
@@ -258,6 +259,12 @@ function validateRobotsTxt(robotsTxt) {
    return null;
 }

+function validateBackupFormat(format) {
+    if (format === 'tgz' || format == 'rsync') return null;
+
+    return new AppsError(AppsError.BAD_FIELD, 'Invalid backup format');
+}
+
 function getDuplicateErrorDetails(location, portBindings, error) {
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof portBindings, 'object');
@@ -308,12 +315,18 @@ function hasAccessTo(app, user, callback) {
    if (app.accessRestriction.users.some(function (e) { return e === user.id; })) return callback(null, true);

    // check group access
-    if (!app.accessRestriction.groups) return callback(null, false);
+    groups.getGroups(user.id, function (error, groupIds) {
+        if (error) return callback(null, false);

-    async.some(app.accessRestriction.groups, function (groupId, iteratorDone) {
-        groups.isMember(groupId, user.id, iteratorDone);
-    }, function (error, result) {
-        callback(null, !error && result);
+        const isAdmin = groupIds.indexOf(constants.ADMIN_GROUP_ID) !== -1;
+
+        if (isAdmin) return callback(null, true); // admins can always access any app
+
+        if (!app.accessRestriction.groups) return callback(null, false);
+
+        if (app.accessRestriction.groups.some(function (gid) { return groupIds.indexOf(gid) !== -1; })) return callback(null, true);
+
+        callback(null, false);
    });
 }

@@ -420,7 +433,8 @@ function install(data, auditSource, callback) {
        debugMode = data.debugMode || null,
        robotsTxt = data.robotsTxt || null,
        enableBackup = 'enableBackup' in data ? data.enableBackup : true,
-        backupId = data.backupId || null;
+        backupId = data.backupId || null,
+        backupFormat = data.backupFormat || 'tgz';

    assert(data.appStoreId || data.manifest); // atleast one of them is required

@@ -454,6 +468,9 @@ function install(data, auditSource, callback) {
        error = validateRobotsTxt(robotsTxt);
        if (error) return callback(error);

+        error = validateBackupFormat(backupFormat);
+        if (error) return callback(error);
+
        if ('sso' in data && !('optionalSso' in manifest)) return callback(new AppsError(AppsError.BAD_FIELD, 'sso can only be specified for apps with optionalSso'));
        // if sso was unspecified, enable it by default if possible
        if (sso === null) sso = !!manifest.addons['ldap'] || !!manifest.addons['oauth'];
@@ -489,7 +506,7 @@ function install(data, auditSource, callback) {
                sso: sso,
                debugMode: debugMode,
                mailboxName: (location ? location : manifest.title.toLowerCase().replace(/[^a-zA-Z0-9]/g, '')) + '.app',
-                lastBackupId: backupId,
+                restoreConfig: backupId ? { backupId: backupId, backupFormat: backupFormat } : null,
                enableBackup: enableBackup,
                robotsTxt: robotsTxt
            };
@@ -629,7 +646,7 @@ function update(appId, data, auditSource, callback) {
    downloadManifest(data.appStoreId, data.manifest, function (error, appStoreId, manifest) {
        if (error) return callback(error);

-        var values = { };
+        var updateConfig = { };

        error = manifestFormat.parse(manifest);
        if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Manifest error:' + error.message));
@@ -637,13 +654,7 @@ function update(appId, data, auditSource, callback) {
        error = checkManifestConstraints(manifest);
        if (error) return callback(error);

-        values.manifest = manifest;
-
-        if ('portBindings' in data) {
-            values.portBindings = data.portBindings;
-            error = validatePortBindings(data.portBindings, values.manifest.tcpPorts);
-            if (error) return callback(error);
-        }
+        updateConfig.manifest = manifest;

        if ('icon' in data) {
            if (data.icon) {
@@ -663,26 +674,23 @@ function update(appId, data, auditSource, callback) {

            // prevent user from installing a app with different manifest id over an existing app
            // this allows cloudron install -f --app <appid> for an app installed from the appStore
-            if (app.manifest.id !== values.manifest.id) {
+            if (app.manifest.id !== updateConfig.manifest.id) {
                if (!data.force) return callback(new AppsError(AppsError.BAD_FIELD, 'manifest id does not match. force to override'));
                // clear appStoreId so that this app does not get updates anymore
-                values.appStoreId = '';
+                updateConfig.appStoreId = '';
            }

            // do not update apps in debug mode
            if (app.debugMode && !data.force) return callback(new AppsError(AppsError.BAD_STATE, 'debug mode enabled. force to override'));

            // Ensure we update the memory limit in case the new app requires more memory as a minimum
-            // 0 and -1 are special values for memory limit indicating unset and unlimited
-            if (app.memoryLimit > 0 && values.manifest.memoryLimit && app.memoryLimit < values.manifest.memoryLimit) {
-                values.memoryLimit = values.manifest.memoryLimit;
+            // 0 and -1 are special updateConfig for memory limit indicating unset and unlimited
+            if (app.memoryLimit > 0 && updateConfig.manifest.memoryLimit && app.memoryLimit < updateConfig.manifest.memoryLimit) {
+                updateConfig.memoryLimit = updateConfig.manifest.memoryLimit;
            }

-            values.oldConfig = getAppConfig(app);
-
-            appdb.setInstallationCommand(appId, data.force ? appdb.ISTATE_PENDING_FORCE_UPDATE : appdb.ISTATE_PENDING_UPDATE, values, function (error) {
+            appdb.setInstallationCommand(appId, data.force ? appdb.ISTATE_PENDING_FORCE_UPDATE : appdb.ISTATE_PENDING_UPDATE, { updateConfig: updateConfig }, function (error) {
                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.BAD_STATE)); // might be a bad guess
-                if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails('' /* location cannot conflict */, values.portBindings, error));
                if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

                taskmanager.restartAppTask(appId);
@@ -763,22 +771,22 @@ function restore(appId, data, auditSource, callback) {
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

        // for empty or null backupId, use existing manifest to mimic a reinstall
-        var func = data.backupId ? backups.getRestoreConfig.bind(null, data.backupId) : function (next) { return next(null, { manifest: app.manifest }); };
+        var func = data.backupId ? backups.get.bind(null, data.backupId) : function (next) { return next(null, { manifest: app.manifest }); };

-        func(function (error, restoreConfig) {
+        func(function (error, backupInfo) {
            if (error && error.reason === BackupsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-            if (!restoreConfig) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore config'));
+            if (!backupInfo.manifest) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore manifest'));

            // re-validate because this new box version may not accept old configs
-            error = checkManifestConstraints(restoreConfig.manifest);
+            error = checkManifestConstraints(backupInfo.manifest);
            if (error) return callback(error);

            var values = {
-                lastBackupId: data.backupId || null, // when null, apptask simply reinstalls
-                manifest: restoreConfig.manifest,
+                restoreConfig: data.backupId ? { backupId: data.backupId, backupFormat: backupInfo.format } : null, // when null, apptask simply reinstalls
+                manifest: backupInfo.manifest,

                oldConfig: getAppConfig(app)
            };
@@ -817,24 +825,24 @@ function clone(appId, data, auditSource, callback) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-        backups.getRestoreConfig(backupId, function (error, restoreConfig) {
+        backups.get(backupId, function (error, backupInfo) {
            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
            if (error && error.reason === BackupsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-            if (!restoreConfig) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore config'));
+            if (!backupInfo.manifest) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore config'));

            // re-validate because this new box version may not accept old configs
-            error = checkManifestConstraints(restoreConfig.manifest);
+            error = checkManifestConstraints(backupInfo.manifest);
            if (error) return callback(error);

            error = validateHostname(location, config.fqdn());
            if (error) return callback(error);

-            error = validatePortBindings(portBindings, restoreConfig.manifest.tcpPorts);
+            error = validatePortBindings(portBindings, backupInfo.manifest.tcpPorts);
            if (error) return callback(error);

-            var newAppId = uuid.v4(), appStoreId = app.appStoreId, manifest = restoreConfig.manifest;
+            var newAppId = uuid.v4(), appStoreId = app.appStoreId, manifest = backupInfo.manifest;

            appstore.purchase(newAppId, appStoreId, function (error) {
                if (error && error.reason === AppstoreError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
@@ -847,7 +855,7 @@ function clone(appId, data, auditSource, callback) {
                    memoryLimit: app.memoryLimit,
                    accessRestriction: app.accessRestriction,
                    xFrameOptions: app.xFrameOptions,
-                    lastBackupId: backupId,
+                    restoreConfig: { backupId: backupId, backupFormat: backupInfo.format },
                    sso: !!app.sso,
                    mailboxName: (location ? location : manifest.title.toLowerCase().replace(/[^a-zA-Z0-9]/g, '')) + '.app'
                };
@@ -1013,14 +1021,9 @@ function autoupdateApps(updateInfo, auditSource, callback) { // updateInfo is {
        if ((semver.major(app.manifest.version) !== 0) && (semver.major(app.manifest.version) !== semver.major(newManifest.version))) return new Error('Major version change'); // major changes are blocking

        var newTcpPorts = newManifest.tcpPorts || { };
-        var oldTcpPorts = app.manifest.tcpPorts || { };
        var portBindings = app.portBindings; // this is never null

-        for (var env in newTcpPorts) {
-            if (!(env in oldTcpPorts)) return new Error(env + ' is required from user');
-        }
-
-        for (env in portBindings) {
+        for (var env in portBindings) {
            if (!(env in newTcpPorts)) return new Error(env + ' was in use but new update removes it');
        }

@@ -1035,7 +1038,7 @@ function autoupdateApps(updateInfo, auditSource, callback) { // updateInfo is {
            if (error) {
                debug('Cannot autoupdate app %s : %s', appId, error.message);
                return iteratorDone();
-           }
+            }

            error = canAutoupdateApp(app, updateInfo[appId].manifest);
            if (error) {
@@ -1105,10 +1108,14 @@ function restoreInstalledApps(callback) {
        async.map(apps, function (app, iteratorDone) {
            debug('marking %s for restore', app.location || app.id);

-            appdb.setInstallationCommand(app.id, appdb.ISTATE_PENDING_RESTORE, { oldConfig: null }, function (error) {
-                if (error) debug('did not mark %s for restore', app.location || app.id, error);
+            backups.getByAppIdPaged(1, 1, app.id, function (error, results) {
+                var restoreConfig = !error && results.length ? { backupId: results[0].id, backupFormat: results[0].format } : null;

-                iteratorDone(); // always succeed
+                appdb.setInstallationCommand(app.id, appdb.ISTATE_PENDING_RESTORE, { restoreConfig: restoreConfig, oldConfig: null }, function (error) {
+                    if (error) debug('did not mark %s for restore', app.location || app.id, error);
+
+                    iteratorDone(); // always succeed
+                });
            });
        }, callback);
    });
@@ -1206,7 +1213,7 @@ function uploadFile(appId, sourceFilePath, destFilePath, callback) {
        if (error) return callback(error);

        var readFile = fs.createReadStream(sourceFilePath);
-        readFile.on('error', console.error);
+        readFile.on('error', callback);

        readFile.pipe(stream);

@@ -13,6 +13,8 @@ exports = module.exports = {

    getAccount: getAccount,

+    sendFeedback: sendFeedback,
+
    AppstoreError: AppstoreError
 };

@@ -164,16 +166,17 @@ function sendAliveStatus(data, callback) {
                    provider: result[settings.TLS_CONFIG_KEY].provider
                },
                backupConfig: {
-                    provider: result[settings.BACKUP_CONFIG_KEY].provider
+                    provider: result[settings.BACKUP_CONFIG_KEY].provider,
+                    hardlinks: !result[settings.BACKUP_CONFIG_KEY].noHardlinks
                },
                mailConfig: {
                    enabled: result[settings.MAIL_CONFIG_KEY].enabled
-            },
-            mailRelay: {
-                provider: result[settings.MAIL_RELAY_KEY].provider
-            },
-            mailCatchAll: {
-                count: result[settings.CATCH_ALL_ADDRESS_KEY].length
+                },
+                mailRelay: {
+                    provider: result[settings.MAIL_RELAY_KEY].provider
+                },
+                mailCatchAll: {
+                    count: result[settings.CATCH_ALL_ADDRESS_KEY].length
                },
                autoupdatePattern: result[settings.AUTOUPDATE_PATTERN_KEY],
                timeZone: result[settings.TIME_ZONE_KEY],
@@ -182,6 +185,7 @@ function sendAliveStatus(data, callback) {
            var data = {
                domain: config.fqdn(),
                version: config.version(),
+                adminFqdn: config.adminFqdn(),
                provider: config.provider(),
                backendSettings: backendSettings,
                machine: {
@@ -265,3 +269,26 @@ function getAccount(callback) {
        });
    });
 }
+
+function sendFeedback(info, callback) {
+    assert.strictEqual(typeof info, 'object');
+    assert.strictEqual(typeof info.email, 'string');
+    assert.strictEqual(typeof info.displayName, 'string');
+    assert.strictEqual(typeof info.type, 'string');
+    assert.strictEqual(typeof info.subject, 'string');
+    assert.strictEqual(typeof info.description, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getAppstoreConfig(function (error, appstoreConfig) {
+        if (error) return callback(error);
+
+        var url = config.apiServerOrigin() + '/api/v1/users/' + appstoreConfig.userId + '/cloudrons/' + appstoreConfig.cloudronId + '/feedback';
+
+        superagent.post(url).query({ accessToken: appstoreConfig.token }).send(info).timeout(10 * 1000).end(function (error, result) {
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
+            if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+
+            callback(null);
+        });
+    });
+}
@@ -35,6 +35,7 @@ var addons = require('./addons.js'),
    certificates = require('./certificates.js'),
    config = require('./config.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:apptask'),
    docker = require('./docker.js'),
    ejs = require('ejs'),
@@ -202,13 +203,10 @@ function removeLogrotateConfig(app, callback) {
    shell.sudo('removeLogrotateConfig', [ CONFIGURE_LOGROTATE_CMD, 'remove', app.id ], callback);
 }

-function verifyManifest(app, callback) {
-    assert.strictEqual(typeof app, 'object');
+function verifyManifest(manifest, callback) {
+    assert.strictEqual(typeof manifest, 'object');
    assert.strictEqual(typeof callback, 'function');

-    debugApp(app, 'Verifying manifest');
-
-    var manifest = app.manifest;
    var error = manifestFormat.parse(manifest);
    if (error) return callback(new Error(util.format('Manifest error: %s', error.message)));

@@ -386,14 +384,17 @@ function updateApp(app, values, callback) {
 //   - setup addons (requires the above volume)
 //   - setup the container (requires image, volumes, addons)
 //   - setup collectd (requires container id)
+// restore is also handled here since restore is just an install with some oldConfig to clean up
 function install(app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-    const backupId = app.lastBackupId, isRestoring = app.installationState === appdb.ISTATE_PENDING_RESTORE;
+    const restoreConfig = app.restoreConfig, isRestoring = app.installationState === appdb.ISTATE_PENDING_RESTORE;

    async.series([
-        verifyManifest.bind(null, app),
+        // this protects against the theoretical possibility of an app being marked for install/restore from
+        // a previous version of box code
+        verifyManifest.bind(null, app.manifest),

        // teardown for re-installs
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
@@ -428,7 +429,7 @@ function install(app, callback) {
        createVolume.bind(null, app),

        function restoreFromBackup(next) {
-            if (!backupId) {
+            if (!restoreConfig) {
                async.series([
                    updateApp.bind(null, app, { installationProgress: '60, Setting up addons' }),
                    addons.setupAddons.bind(null, app, app.manifest.addons),
@@ -436,7 +437,7 @@ function install(app, callback) {
            } else {
                async.series([
                    updateApp.bind(null, app, { installationProgress: '60, Download backup and restoring addons' }),
-                    backups.restoreApp.bind(null, app, app.manifest.addons, backupId),
+                    backups.restoreApp.bind(null, app, app.manifest.addons, restoreConfig),
                ], next);
            }
        },
@@ -456,7 +457,7 @@ function install(app, callback) {
        exports._waitForDnsPropagation.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '90, Waiting for External Domain setup' }),
-        exports._waitForAltDomainDnsPropagation.bind(null, app), // required when restoring and !lastBackupId
+        exports._waitForAltDomainDnsPropagation.bind(null, app), // required when restoring and !restoreConfig

        updateApp.bind(null, app, { installationProgress: '95, Configure nginx' }),
        configureNginx.bind(null, app),
@@ -479,7 +480,6 @@ function backup(app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-
    async.series([
        updateApp.bind(null, app, { installationProgress: '10, Backing up' }),
        backups.backupApp.bind(null, app, app.manifest),
@@ -575,51 +575,77 @@ function update(app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-    debugApp(app, 'Updating to %s', safe.query(app, 'manifest.version'));
+    debugApp(app, `Updating to ${app.updateConfig.manifest.version}`);

    // app does not want these addons anymore
    // FIXME: this does not handle option changes (like multipleDatabases)
-    var unusedAddons = _.omit(app.oldConfig.manifest.addons, Object.keys(app.manifest.addons));
+    var unusedAddons = _.omit(app.manifest.addons, Object.keys(app.updateConfig.manifest.addons));

    async.series([
+        // this protects against the theoretical possibility of an app being marked for update from
+        // a previous version of box code
        updateApp.bind(null, app, { installationProgress: '0, Verify manifest' }),
-        verifyManifest.bind(null, app),
-
-        // download new image before app is stopped. this is so we can reduce downtime
-        // and also not remove the 'common' layers when the old image is deleted
-        updateApp.bind(null, app, { installationProgress: '15, Downloading image' }),
-        docker.downloadImage.bind(null, app.manifest),
-
-        // note: we cleanup first and then backup. this is done so that the app is not running should backup fail
-        // we cannot easily 'recover' from backup failures because we have to revert manfest and portBindings
-        updateApp.bind(null, app, { installationProgress: '25, Cleaning up old install' }),
-        removeCollectdProfile.bind(null, app),
-        removeLogrotateConfig.bind(null, app),
-        stopApp.bind(null, app),
-        deleteContainers.bind(null, app),
-        function deleteImageIfChanged(done) {
-            if (app.oldConfig.manifest.dockerImage === app.manifest.dockerImage) return done();
-
-            docker.deleteImage(app.oldConfig.manifest, done);
-        },
+        verifyManifest.bind(null, app.updateConfig.manifest),

        function (next) {
            if (app.installationState === appdb.ISTATE_PENDING_FORCE_UPDATE) return next(null);

            async.series([
-                updateApp.bind(null, app, { installationProgress: '30, Backing up app' }),
-                backups.backupApp.bind(null, app, app.oldConfig.manifest)
+                updateApp.bind(null, app, { installationProgress: '15, Backing up app' }),
+                backups.backupApp.bind(null, app, app.manifest)
            ], next);
        },

+        // download new image before app is stopped. this is so we can reduce downtime
+        // and also not remove the 'common' layers when the old image is deleted
+        updateApp.bind(null, app, { installationProgress: '25, Downloading image' }),
+        docker.downloadImage.bind(null, app.updateConfig.manifest),
+
+        // note: we cleanup first and then backup. this is done so that the app is not running should backup fail
+        // we cannot easily 'recover' from backup failures because we have to revert manfest and portBindings
+        updateApp.bind(null, app, { installationProgress: '35, Cleaning up old install' }),
+        removeCollectdProfile.bind(null, app),
+        removeLogrotateConfig.bind(null, app),
+        stopApp.bind(null, app),
+        deleteContainers.bind(null, app),
+        function deleteImageIfChanged(done) {
+            if (app.manifest.dockerImage === app.updateConfig.manifest.dockerImage) return done();
+
+            docker.deleteImage(app.manifest, done);
+        },
+
        // only delete unused addons after backup
        addons.teardownAddons.bind(null, app, unusedAddons),

+        // free unused ports
+        function (next) {
+            // make sure we always have objects
+            var currentPorts = app.portBindings || {};
+            var newPorts = app.updateConfig.manifest.tcpPorts || {};
+
+            async.each(Object.keys(currentPorts), function (portName, callback) {
+                if (newPorts[portName]) return callback(); // port still in use
+
+                appdb.delPortBinding(currentPorts[portName], function (error) {
+                    if (error && error.reason === DatabaseError.NOT_FOUND) console.error('Portbinding does not exist in database.');
+                    else if (error) return next(error);
+
+                    // also delete from app object for further processing (the db is updated in the next step)
+                    delete app.portBindings[portName];
+
+                    callback();
+                });
+            }, next);
+        },
+
+        // switch over to the new config. manifest, memoryLimit, portBindings, appstoreId are updated here
+        updateApp.bind(null, app, app.updateConfig),
+
        updateApp.bind(null, app, { installationProgress: '45, Downloading icon' }),
        downloadIcon.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '70, Updating addons' }),
-        addons.setupAddons.bind(null, app, app.manifest.addons),
+        addons.setupAddons.bind(null, app, app.updateConfig.manifest.addons),

        updateApp.bind(null, app, { installationProgress: '80, Creating container' }),
        createContainer.bind(null, app),
@@ -635,7 +661,7 @@ function update(app, callback) {
        // done!
        function (callback) {
            debugApp(app, 'updated');
-            updateApp(app, { installationState: appdb.ISTATE_INSTALLED, installationProgress: '', health: null }, callback);
+            updateApp(app, { installationState: appdb.ISTATE_INSTALLED, installationProgress: '', health: null, updateConfig: null }, callback);
        }
    ], function seriesDone(error) {
        if (error) {
@@ -6,7 +6,7 @@ var assert = require('assert'),
    safe = require('safetydance'),
    util = require('util');

-var BACKUPS_FIELDS = [ 'id', 'creationTime', 'version', 'type', 'dependsOn', 'state', 'restoreConfigJson', 'format' ];
+var BACKUPS_FIELDS = [ 'id', 'creationTime', 'version', 'type', 'dependsOn', 'state', 'manifestJson', 'format' ];

 exports = module.exports = {
    add: add,
@@ -34,8 +34,8 @@ function postProcess(result) {

    result.dependsOn = result.dependsOn ? result.dependsOn.split(',') : [ ];

-    result.restoreConfig = result.restoreConfigJson ? safe.JSON.parse(result.restoreConfigJson) : null;
-    delete result.restoreConfigJson;
+    result.manifest = result.manifestJson ? safe.JSON.parse(result.manifestJson) : null;
+    delete result.manifestJson;
 }

 function getByTypeAndStatePaged(type, state, page, perPage, callback) {
@@ -109,15 +109,15 @@ function add(backup, callback) {
    assert.strictEqual(typeof backup.version, 'string');
    assert(backup.type === exports.BACKUP_TYPE_APP || backup.type === exports.BACKUP_TYPE_BOX);
    assert(util.isArray(backup.dependsOn));
-    assert.strictEqual(typeof backup.restoreConfig, 'object');
+    assert.strictEqual(typeof backup.manifest, 'object');
    assert.strictEqual(typeof backup.format, 'string');
    assert.strictEqual(typeof callback, 'function');

    var creationTime = backup.creationTime || new Date(); // allow tests to set the time
-    var restoreConfig = backup.restoreConfig ? JSON.stringify(backup.restoreConfig) : '';
+    var manifestJson = JSON.stringify(backup.manifest);

-    database.query('INSERT INTO backups (id, version, type, creationTime, state, dependsOn, restoreConfigJson, format) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
-        [ backup.id, backup.version, backup.type, creationTime, exports.BACKUP_STATE_NORMAL, backup.dependsOn.join(','), restoreConfig, backup.format ],
+    database.query('INSERT INTO backups (id, version, type, creationTime, state, dependsOn, manifestJson, format) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
+        [ backup.id, backup.version, backup.type, creationTime, exports.BACKUP_STATE_NORMAL, backup.dependsOn.join(','), manifestJson, backup.format ],
        function (error) {
            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
@@ -8,7 +8,7 @@ exports = module.exports = {
    getByStatePaged: getByStatePaged,
    getByAppIdPaged: getByAppIdPaged,

-    getRestoreConfig: getRestoreConfig,
+    get: get,

    ensureBackup: ensureBackup,

@@ -28,8 +28,8 @@ exports = module.exports = {
    _getBackupFilePath: getBackupFilePath,
    _createTarPackStream: createTarPackStream,
    _tarExtract: tarExtract,
-    _createEmptyDirs: createEmptyDirs,
-    _saveEmptyDirs: saveEmptyDirs
+    _restoreFsMetadata: restoreFsMetadata,
+    _saveFsMetadata: saveFsMetadata
 };

 var addons = require('./addons.js'),
@@ -150,16 +150,15 @@ function getByAppIdPaged(page, perPage, appId, callback) {
    });
 }

-function getRestoreConfig(backupId, callback) {
+function get(backupId, callback) {
    assert.strictEqual(typeof backupId, 'string');
    assert.strictEqual(typeof callback, 'function');

    backupdb.get(backupId, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND, error));
        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
-        if (!result.restoreConfig)  return callback(new BackupsError(BackupsError.NOT_FOUND, error));

-        callback(null, result.restoreConfig);
+        callback(null, result);
    });
 }

@@ -170,12 +169,17 @@ function getBackupFilePath(backupConfig, backupId, format) {

    if (format === 'tgz') {
        const fileType = backupConfig.key ? '.tar.gz.enc' : '.tar.gz';
-        return path.join(backupConfig.prefix || backupConfig.backupFolder, backupId+fileType);
+        return path.join(backupConfig.prefix || backupConfig.backupFolder || '', backupId+fileType);
    } else {
-        return path.join(backupConfig.prefix || backupConfig.backupFolder, backupId);
+        return path.join(backupConfig.prefix || backupConfig.backupFolder || '', backupId);
    }
 }

+function log(detail) {
+    safe.fs.appendFileSync(paths.BACKUP_LOG_FILE, detail + '\n', 'utf8');
+    progress.setDetail(progress.BACKUP, detail);
+}
+
 function createTarPackStream(sourceDir, key) {
    assert.strictEqual(typeof sourceDir, 'string');
    assert(key === null || typeof key === 'string');
@@ -229,18 +233,30 @@ function sync(backupConfig, backupId, dataDir, callback) {
        debug('sync: processing task: %j', task);
        var backupFilePath = path.join(getBackupFilePath(backupConfig, backupId, backupConfig.format), task.path);

-        if (task.operation === 'add') {
-            safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, 'Adding ' + task.path);
-            var stream = fs.createReadStream(path.join(dataDir, task.path));
-            stream.on('error', function () { return iteratorCallback(); }); // ignore error if file disappears
-            api(backupConfig.provider).upload(backupConfig, backupFilePath, stream, iteratorCallback);
+        if (task.operation === 'removedir') {
+            safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, `Removing directory ${task.path}`);
+            return api(backupConfig.provider).removeDir(backupConfig, backupFilePath)
+                .on('progress', function (detail) {
+                    debug(`sync: ${detail}`);
+                    safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, detail);
+                })
+                .on('done', iteratorCallback);
        } else if (task.operation === 'remove') {
-            safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, 'Removing ' + task.path);
-            api(backupConfig.provider).remove(backupConfig, backupFilePath, iteratorCallback);
-        } else if (task.operation === 'removedir') {
-            safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, 'Removing directory ' + task.path);
-            api(backupConfig.provider).removeDir(backupConfig, backupFilePath, iteratorCallback);
+            safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, `Removing ${task.path}`);
+            return api(backupConfig.provider).remove(backupConfig, backupFilePath, iteratorCallback);
        }
+
+        var retryCount = 0;
+        async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
+            ++retryCount;
+            debug(`${task.operation} ${task.path} try ${retryCount}`);
+            if (task.operation === 'add') {
+                safe.fs.writeFileSync(paths.BACKUP_RESULT_FILE, `Adding ${task.path}`);
+                var stream = fs.createReadStream(path.join(dataDir, task.path));
+                stream.on('error', function () { return retryCallback(); }); // ignore error if file disappears
+                api(backupConfig.provider).upload(backupConfig, backupFilePath, stream, retryCallback);
+            }
+        }, iteratorCallback);
    }, 10 /* concurrency */, function (error) {
        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

@@ -248,15 +264,23 @@ function sync(backupConfig, backupId, dataDir, callback) {
    });
 }

-function saveEmptyDirs(appDataDir, callback) {
+function saveFsMetadata(appDataDir, callback) {
    assert.strictEqual(typeof appDataDir, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var emptyDirs = safe.child_process.execSync('find . -type d -empty', { cwd: `${appDataDir}` });
-
+    var emptyDirs = safe.child_process.execSync('find . -type d -empty', { cwd: `${appDataDir}`, encoding: 'utf8' });
    if (emptyDirs === null) return callback(safe.error);

-    if (!safe.fs.writeFileSync(`${appDataDir}/emptydirs.txt`, emptyDirs)) return callback(safe.error);
+    var execFiles = safe.child_process.execSync('find . -type f -executable', { cwd: `${appDataDir}`, encoding: 'utf8' });
+    if (execFiles === null) return callback(safe.error);
+
+    var metadata = {
+        emptyDirs: emptyDirs.length === 0 ? [ ] : emptyDirs.trim().split('\n'),
+        execFiles: execFiles.length === 0 ? [ ] : execFiles.trim().split('\n')
+    };
+
+    if (!safe.fs.writeFileSync(`${appDataDir}/fsmetadata.json`, JSON.stringify(metadata, null, 4))) return callback(safe.error);
+
    callback();
 }

@@ -275,12 +299,15 @@ function upload(backupId, format, dataDir, callback) {
        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        if (format === 'tgz') {
-            var tarStream = createTarPackStream(dataDir, backupConfig.key || null);
-            tarStream.on('error', callback); // already returns BackupsError
-            api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, callback);
+            async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
+                var tarStream = createTarPackStream(dataDir, backupConfig.key || null);
+                tarStream.on('error', retryCallback); // already returns BackupsError
+
+                api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, retryCallback);
+            }, callback);
        } else {
            async.series([
-                saveEmptyDirs.bind(null, dataDir),
+                saveFsMetadata.bind(null, dataDir),
                sync.bind(null, backupConfig, backupId, dataDir)
            ], callback);
        }
@@ -335,18 +362,28 @@ function tarExtract(inStream, destination, key, callback) {
    }
 }

-function createEmptyDirs(appDataDir, callback) {
+function restoreFsMetadata(appDataDir, callback) {
    assert.strictEqual(typeof appDataDir, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug('createEmptyDirs: recreating empty directories');
+    log('Recreating empty directories');

-    var emptyDirs = safe.fs.readFileSync(path.join(appDataDir, 'emptydirs.txt'), 'utf8');
-    if (emptyDirs === null) return callback(new Error('emptydirs.txt was not found:' + safe.error.message));
+    var metadata = safe.JSON.parse(safe.fs.readFileSync(path.join(appDataDir, 'fsmetadata.json'), 'utf8'));
+    if (metadata === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error loading fsmetadata.txt:' + safe.error.message));

-    async.eachSeries(emptyDirs.trim().split('\n'), function createPath(emptyDir, iteratorDone) {
+    async.eachSeries(metadata.emptyDirs, function createPath(emptyDir, iteratorDone) {
        mkdirp(path.join(appDataDir, emptyDir), iteratorDone);
-    }, callback);
+    }, function (error) {
+        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
+
+        async.eachSeries(metadata.execFiles, function createPath(execFile, iteratorDone) {
+            fs.chmod(path.join(appDataDir, execFile), parseInt('0755', 8), iteratorDone);
+        }, function (error) {
+            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
+
+            callback();
+        });
+    });
 }

 function download(backupId, format, dataDir, callback) {
@@ -355,7 +392,9 @@ function download(backupId, format, dataDir, callback) {
    assert.strictEqual(typeof dataDir, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug('download: id %s dataDir %s format %s', backupId, dataDir, format);
+    safe.fs.unlinkSync(paths.BACKUP_LOG_FILE); // start fresh log file
+
+    log(`Downloading ${backupId} of format ${format} to ${dataDir}`);

    settings.getBackupConfig(function (error, backupConfig) {
        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
@@ -367,14 +406,37 @@ function download(backupId, format, dataDir, callback) {
                tarExtract(sourceStream, dataDir, backupConfig.key || null, callback);
            });
        } else {
-            async.series([
-                api(backupConfig.provider).downloadDir.bind(null, backupConfig, getBackupFilePath(backupConfig, backupId, format), dataDir),
-                createEmptyDirs.bind(null, dataDir)
-            ], callback);
+            var events = api(backupConfig.provider).downloadDir(backupConfig, getBackupFilePath(backupConfig, backupId, format), dataDir);
+            events.on('progress', log);
+            events.on('done', function (error) {
+                if (error) return callback(error);
+
+                restoreFsMetadata(dataDir, callback);
+            });
        }
    });
 }

+function restoreApp(app, addonsToRestore, restoreConfig, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof addonsToRestore, 'object');
+    assert.strictEqual(typeof restoreConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var appDataDir = safe.fs.realpathSync(path.join(paths.APPS_DATA_DIR, app.id));
+
+    var startTime = new Date();
+
+    async.series([
+        download.bind(null, restoreConfig.backupId, restoreConfig.backupFormat, appDataDir),
+        addons.restoreAddons.bind(null, app, addonsToRestore)
+    ], function (error) {
+        debug('restoreApp: time: %s', (new Date() - startTime)/1000);
+
+        callback(error);
+    });
+}
+
 function runBackupTask(backupId, format, dataDir, callback) {
    assert.strictEqual(typeof backupId, 'string');
    assert.strictEqual(typeof format, 'string');
@@ -383,7 +445,8 @@ function runBackupTask(backupId, format, dataDir, callback) {

    var killTimerId = null, progressTimerId = null;

-    var cp = shell.sudo(`backup-${backupId}`, [ BACKUPTASK_CMD, backupId, format, dataDir ], { env: process.env, logFile: paths.BACKUP_LOG_FILE }, function (error) {
+    var logStream = fs.createWriteStream(paths.BACKUP_LOG_FILE, { flags: 'a' });
+    var cp = shell.sudo(`backup-${backupId}`, [ BACKUPTASK_CMD, backupId, format, dataDir ], { env: process.env, logStream: logStream }, function (error) {
        clearTimeout(killTimerId);
        clearInterval(progressTimerId);

@@ -408,6 +471,11 @@ function runBackupTask(backupId, format, dataDir, callback) {
        debug('runBackupTask: backup task taking too long. killing');
        cp.kill();
    }, 4 * 60 * 60 * 1000); // 4 hours
+
+    logStream.on('error', function (error) {
+        debug('runBackupTask: error in logging stream', error);
+        cp.kill();
+    });
 }

 function getSnapshotInfo(id) {
@@ -435,6 +503,8 @@ function setSnapshotInfo(id, info, callback) {
 function snapshotBox(callback) {
    assert.strictEqual(typeof callback, 'function');

+    log('Snapshotting box');
+
    var password = config.database().password ? '-p' + config.database().password : '--skip-password';
    var mysqlDumpArgs = [
        '-c',
@@ -457,16 +527,12 @@ function uploadBoxSnapshot(backupConfig, callback) {
    snapshotBox(function (error) {
        if (error) return callback(error);

-        // for the moment, box backups are always tarball based. this is because it makes it easy to restore
-        // in the future, if required, we can move out the mailboxes to a separate virtual app backup
-        const format = 'tgz';
-
-        runBackupTask('snapshot/box', format, paths.BOX_DATA_DIR, function (error) {
+        runBackupTask('snapshot/box', backupConfig.format, paths.BOX_DATA_DIR, function (error) {
            if (error) return callback(error);

            debug('uploadBoxSnapshot: time: %s secs', (new Date() - startTime)/1000);

-            setSnapshotInfo('box', { timestamp: new Date().toISOString(), format: format }, callback);
+            setSnapshotInfo('box', { timestamp: new Date().toISOString(), format: backupConfig.format }, callback);
        });
    });
 }
@@ -482,26 +548,23 @@ function rotateBoxBackup(backupConfig, timestamp, appBackupIds, callback) {

    var snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,'');
    var backupId = util.format('%s/box_%s_v%s', timestamp, snapshotTime, config.version());
-    const format = 'tgz';
+    const format = backupConfig.format;

-    debug('rotateBoxBackup: rotating to id:%s', backupId);
+    log(`Rotating box backup to id ${backupId}`);

-    backupdb.add({ id: backupId, version: config.version(), type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, restoreConfig: null, format: format }, function (error) {
+    backupdb.add({ id: backupId, version: config.version(), type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, manifest: null, format: format }, function (error) {
        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-        progress.setDetail(progress.BACKUP, 'Rotating box snapshot');
-
        var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, 'snapshot/box', format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', function (detail) { progress.setDetail(progress.BACKUP, detail); });
-
+        copy.on('progress', log);
        copy.on('done', function (copyBackupError) {
            const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;

            backupdb.update(backupId, { state: state }, function (error) {
-                if (copyBackupError) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, copyBackupError.message));
+                if (copyBackupError) return callback(copyBackupError);
                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-                debug('rotateBoxBackup: successful id:%s', backupId);
+                log(`Rotated box backup successfully as id ${backupId}`);

                // FIXME this is only needed for caas, hopefully we can remove that in the future
                api(backupConfig.provider).backupDone(backupConfig, backupId, appBackupIds, function (error) {
@@ -544,29 +607,15 @@ function snapshotApp(app, manifest, callback) {
    assert(manifest && typeof manifest === 'object');
    assert.strictEqual(typeof callback, 'function');

-    var restoreConfig = apps.getAppConfig(app);
-    restoreConfig.manifest = manifest;
+    log(`Snapshotting app ${app.id}`);

-    if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(restoreConfig))) {
+    if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(apps.getAppConfig(app)))) {
        return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error creating config.json: ' + safe.error.message));
    }

    addons.backupAddons(app, manifest.addons, function (error) {
        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

-        return callback(null, restoreConfig);
-    });
-}
-
-function setRestorePoint(appId, lastBackupId, callback) {
-    assert.strictEqual(typeof appId, 'string');
-    assert.strictEqual(typeof lastBackupId, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    appdb.update(appId, { lastBackupId: lastBackupId }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND, 'No such app'));
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
-
        return callback(null);
    });
 }
@@ -581,34 +630,27 @@ function rotateAppBackup(backupConfig, app, timestamp, callback) {
    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));

    var snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,'');
-    var restoreConfig = snapshotInfo.restoreConfig;
-    var manifest = restoreConfig.manifest;
+    var manifest = snapshotInfo.restoreConfig ? snapshotInfo.restoreConfig.manifest : snapshotInfo.manifest; // compat
    var backupId = util.format('%s/app_%s_%s_v%s', timestamp, app.id, snapshotTime, manifest.version);
    const format = backupConfig.format;

-    debugApp(app, 'rotateAppBackup: rotating to id:%s', backupId);
+    log(`Rotating app backup of ${app.id} to id ${backupId}`);

-    backupdb.add({ id: backupId, version: manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ], restoreConfig: restoreConfig, format: format }, function (error) {
+    backupdb.add({ id: backupId, version: manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ], manifest: manifest, format: format }, function (error) {
        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-        progress.setDetail(progress.BACKUP, 'Rotating app snapshot');
-
        var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${app.id}`, format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', function (detail) { progress.setDetail(progress.BACKUP, detail); });
-
+        copy.on('progress', log);
        copy.on('done', function (copyBackupError) {
            const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;
-            debugApp(app, 'rotateAppBackup: successful id:%s', backupId);

            backupdb.update(backupId, { state: state }, function (error) {
-                if (copyBackupError) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, copyBackupError.message));
+                if (copyBackupError) return callback(copyBackupError);
                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-                setRestorePoint(app.id, backupId, function (error) {
-                    if (error) return callback(error);
+                log(`Rotated app backup of ${app.id} successfully to id ${backupId}`);

-                    return callback(null, backupId);
-                });
+                callback(null, backupId);
            });
        });
    });
@@ -624,7 +666,7 @@ function uploadAppSnapshot(backupConfig, app, manifest, callback) {

    var startTime = new Date();

-    snapshotApp(app, manifest, function (error, restoreConfig) {
+    snapshotApp(app, manifest, function (error) {
        if (error) return callback(error);

        var backupId = util.format('snapshot/app_%s', app.id);
@@ -634,7 +676,7 @@ function uploadAppSnapshot(backupConfig, app, manifest, callback) {

            debugApp(app, 'uploadAppSnapshot: %s done time: %s secs', backupId, (new Date() - startTime)/1000);

-            setSnapshotInfo(app.id, { timestamp: new Date().toISOString(), restoreConfig: restoreConfig, format: backupConfig.format }, callback);
+            setSnapshotInfo(app.id, { timestamp: new Date().toISOString(), manifest: manifest, format: backupConfig.format }, callback);
        });
    });
 }
@@ -664,6 +706,7 @@ function backupApp(app, manifest, callback) {
    assert.strictEqual(typeof callback, 'function');

    const timestamp = (new Date()).toISOString().replace(/[T.]/g, '-').replace(/[:Z]/g,'');
+    safe.fs.unlinkSync(paths.BACKUP_LOG_FILE); // start fresh log file

    progress.set(progress.BACKUP, 10,  'Backing up ' + (app.altDomain || config.appFqdn(app.location)));

@@ -681,6 +724,7 @@ function backupBoxAndApps(auditSource, callback) {
    callback = callback || NOOP_CALLBACK;

    var timestamp = (new Date()).toISOString().replace(/[T.]/g, '-').replace(/[:Z]/g,'');
+    safe.fs.unlinkSync(paths.BACKUP_LOG_FILE); // start fresh log file

    eventlog.add(eventlog.ACTION_BACKUP_START, auditSource, { });

@@ -697,7 +741,7 @@ function backupBoxAndApps(auditSource, callback) {

            if (!app.enableBackup) {
                progress.set(progress.BACKUP, step * processed, 'Skipped backup ' + (app.altDomain || config.appFqdn(app.location)));
-                return iteratorCallback(null, app.lastBackupId); // just use the last backup
+                return iteratorCallback(null, null); // nothing to backup
            }

            backupAppWithTimestamp(app, app.manifest, timestamp, function (error, backupId) {
@@ -720,12 +764,12 @@ function backupBoxAndApps(auditSource, callback) {

            progress.set(progress.BACKUP, step * processed, 'Backing up system data');

-            backupBoxWithAppBackupIds(backupIds, timestamp, function (error, filename) {
+            backupBoxWithAppBackupIds(backupIds, timestamp, function (error, backupId) {
                progress.set(progress.BACKUP, 100, error ? error.message : '');

-                eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { errorMessage: error ? error.message : null, filename: filename });
+                eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { errorMessage: error ? error.message : null, backupId: backupId, timestamp: timestamp });

-                callback(error, filename);
+                callback(error, backupId);
            });
        });
    });
@@ -775,41 +819,14 @@ function ensureBackup(auditSource, callback) {
    });
 }

-function restoreApp(app, addonsToRestore, backupId, callback) {
-    assert.strictEqual(typeof app, 'object');
-    assert.strictEqual(typeof addonsToRestore, 'object');
-    assert.strictEqual(typeof backupId, 'string');
-    assert.strictEqual(typeof callback, 'function');
-    assert(app.lastBackupId);
-
-    var appDataDir = safe.fs.realpathSync(path.join(paths.APPS_DATA_DIR, app.id));
-
-    var startTime = new Date();
-
-    backupdb.get(backupId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND, error));
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
-
-        async.series([
-            download.bind(null, backupId, result.format, appDataDir),
-            addons.restoreAddons.bind(null, app, addonsToRestore)
-        ], function (error) {
-            debug('restoreApp: time: %s', (new Date() - startTime)/1000);
-
-            callback(error);
-        });
-    });
-}
-
 function cleanupBackup(backupConfig, backup, callback) {
    assert.strictEqual(typeof backupConfig, 'object');
    assert.strictEqual(typeof backup, 'object');
    assert.strictEqual(typeof callback, 'function');

-    var removeFunc = backup.format ==='tgz' ? api(backupConfig.provider).remove : api(backupConfig.provider).removeDir;
    var backupFilePath = getBackupFilePath(backupConfig, backup.id, backup.format);

-    removeFunc(backupConfig, backupFilePath, function (error) {
+    function done(error) {
        if (error) {
            debug('cleanupBackup: error removing backup %j : %s', backup, error.message);
            callback();
@@ -826,7 +843,15 @@ function cleanupBackup(backupConfig, backup, callback) {
                callback();
            });
        });
-    });
+    }
+
+    if (backup.format ==='tgz') {
+        api(backupConfig.provider).remove(backupConfig, backupFilePath, done);
+    } else {
+        var events = api(backupConfig.provider).removeDir(backupConfig, backupFilePath);
+        events.on('progress', function (detail) { debug(`cleanupBackup: ${detail}`); });
+        events.on('done', done);
+    }
 }

 function cleanupAppBackups(backupConfig, referencedAppBackups, callback) {
@@ -925,8 +950,7 @@ function cleanupSnapshots(backupConfig, callback) {
        apps.get(appId, function (error /*, app */) {
            if (!error || error.reason !== AppsError.NOT_FOUND) return iteratorDone();

-            var removeFunc = info[appId].format ==='tgz' ? api(backupConfig.provider).remove : api(backupConfig.provider).removeDir;
-            removeFunc(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${appId}`, info[appId].format), function (/* ignoredError */) {
+            function done(/* ignoredError */) {
                safe.fs.unlinkSync(path.join(paths.BACKUP_INFO_DIR, `${appId}.sync.cache`));
                safe.fs.unlinkSync(path.join(paths.BACKUP_INFO_DIR, `${appId}.sync.cache.new`));

@@ -935,7 +959,15 @@ function cleanupSnapshots(backupConfig, callback) {

                    iteratorDone();
                });
-            });
+            }
+
+            if (info[appId].format ==='tgz') {
+                api(backupConfig.provider).remove(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${appId}`, info[appId].format), done);
+            } else {
+                var events = api(backupConfig.provider).removeDir(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${appId}`, info[appId].format));
+                events.on('progress', function (detail) { debug(`cleanupSnapshots: ${detail}`); });
+                events.on('done', done);
+            }
        });
    }, function () {
        debug('cleanupSnapshots: done');
@@ -16,7 +16,7 @@ var assert = require('assert'),

 var CA_PROD = 'https://acme-v01.api.letsencrypt.org',
    CA_STAGING = 'https://acme-staging.api.letsencrypt.org',
-    LE_AGREEMENT = 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf';
+    LE_AGREEMENT = 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf';

 exports = module.exports = {
    getCertificate: getCertificate,
@@ -177,7 +177,7 @@ function renewAll(auditSource, callback) {
    apps.getAll(function (error, allApps) {
        if (error) return callback(error);

-        allApps.push({ location: constants.ADMIN_LOCATION }); // inject fake webadmin app
+        allApps.push({ location: config.adminLocation() }); // inject fake webadmin app

        var expiringApps = [ ];
        for (var i = 0; i < allApps.length; i++) {
@@ -239,7 +239,7 @@ function renewAll(auditSource, callback) {
                    }

                    // reconfigure and reload nginx. this is required for the case where we got a renewed cert after fallback
-                    var configureFunc = app.location === constants.ADMIN_LOCATION ?
+                    var configureFunc = app.location === config.adminLocation() ?
                        nginx.configureAdmin.bind(null, certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn())
                        : nginx.configureApp.bind(null, app, certFilePath, keyFilePath);

@@ -12,7 +12,7 @@ exports = module.exports = {
    dnsSetup: dnsSetup,
    getLogs: getLogs,

-    sendHeartbeat: sendHeartbeat,
+    sendCaasHeartbeat: sendCaasHeartbeat,

    updateToLatest: updateToLatest,
    reboot: reboot,
@@ -52,6 +52,7 @@ var appdb = require('./appdb.js'),
    safe = require('safetydance'),
    settings = require('./settings.js'),
    SettingsError = settings.SettingsError,
+    settingsdb = require('./settingsdb.js'),
    shell = require('./shell.js'),
    spawn = require('child_process').spawn,
    split = require('split'),
@@ -63,7 +64,6 @@ var appdb = require('./appdb.js'),
    updateChecker = require('./updatechecker.js'),
    user = require('./user.js'),
    UserError = user.UserError,
-    user = require('./user.js'),
    util = require('util'),
    _ = require('underscore');

@@ -127,7 +127,6 @@ function initialize(callback) {
    async.series([
        certificates.initialize,
        settings.initialize,
-        installAppBundle,
        configureDefaultServer,
        onDomainConfigured
    ], function (error) {
@@ -185,12 +184,18 @@ function dnsSetup(dnsConfig, domain, zoneName, callback) {
        config.setFqdn(domain); // set fqdn only after dns config is valid, otherwise cannot re-setup if we failed
        config.setZoneName(zoneName);

-        async.series([ // do not block
-            onDomainConfigured,
-            configureWebadmin
-        ], NOOP_CALLBACK);
+        // upsert the temporary domain record in settings db
+        // This can be removed after this release
+        settingsdb.set('domain', JSON.stringify({ fqdn: domain, zoneName: zoneName }), function (error) {
+            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

-        callback();
+            async.series([ // do not block
+                onDomainConfigured,
+                configureWebadmin
+            ], NOOP_CALLBACK);
+
+            callback();
+        });
    });
 }

@@ -239,7 +244,7 @@ function configureWebadmin(callback) {
    function configureNginx(error) {
        debug('configureNginx: dns update:%j', error);

-        certificates.ensureCertificate({ location: constants.ADMIN_LOCATION }, function (error, certFilePath, keyFilePath) {
+        certificates.ensureCertificate({ location: config.adminLocation() }, function (error, certFilePath, keyFilePath) {
            if (error) return done(error);

            gWebadminStatus.tls = true;
@@ -418,6 +423,9 @@ function getConfig(callback) {
                    apiServerOrigin: config.apiServerOrigin(),
                    webServerOrigin: config.webServerOrigin(),
                    fqdn: config.fqdn(),
+                    adminLocation: config.adminLocation(),
+                    adminFqdn: config.adminFqdn(),
+                    mailFqdn: config.mailFqdn(),
                    version: config.version(),
                    update: updateChecker.getUpdateInfo(),
                    progress: progress.getAll(),
@@ -438,8 +446,8 @@ function getConfig(callback) {
    });
 }

-function sendHeartbeat() {
-    if (config.provider() !== 'caas') return;
+function sendCaasHeartbeat() {
+    assert(config.provider() === 'caas', 'Heartbeat is only sent for managed cloudrons');

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/heartbeat';
    superagent.post(url).query({ token: config.token(), version: config.version() }).timeout(30 * 1000).end(function (error, result) {
@@ -539,9 +547,9 @@ function addDnsRecords(ip, callback) {
    var dkimKey = readDkimPublicKeySync();
    if (!dkimKey) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, new Error('Failed to read dkim public key')));

-    var webadminRecord = { subdomain: constants.ADMIN_LOCATION, type: 'A', values: [ ip ] };
+    var webadminRecord = { subdomain: config.adminLocation(), type: 'A', values: [ ip ] };
    // t=s limits the domainkey to this domain and not it's subdomains
-    var dkimRecord = { subdomain: constants.DKIM_SELECTOR + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
+    var dkimRecord = { subdomain: config.dkimSelector() + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };

    var records = [ ];
    if (config.isCustomDomain()) {
@@ -671,19 +679,19 @@ function doUpgrade(boxUpdateInfo, callback) {
        if (error) return upgradeError(error);

        superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/upgrade')
-          .query({ token: config.token() })
-          .send({ version: boxUpdateInfo.version })
-          .timeout(30 * 1000)
-          .end(function (error, result) {
-            if (error && !error.response) return upgradeError(new Error('Network error making upgrade request: ' + error));
-            if (result.statusCode !== 202) return upgradeError(new Error(util.format('Server not ready to upgrade. statusCode: %s body: %j', result.status, result.body)));
+            .query({ token: config.token() })
+            .send({ version: boxUpdateInfo.version })
+            .timeout(30 * 1000)
+            .end(function (error, result) {
+                if (error && !error.response) return upgradeError(new Error('Network error making upgrade request: ' + error));
+                if (result.statusCode !== 202) return upgradeError(new Error(util.format('Server not ready to upgrade. statusCode: %s body: %j', result.status, result.body)));

-            progress.set(progress.UPDATE, 10, 'Updating base system');
+                progress.set(progress.UPDATE, 10, 'Updating base system');

-            // no need to unlock since this is the last thing we ever do on this box
-            callback();
-            retire('upgrade');
-        });
+                // no need to unlock since this is the last thing we ever do on this box
+                callback();
+                retire('upgrade');
+            });
    });
 }

@@ -707,6 +715,7 @@ function doUpdate(boxUpdateInfo, callback) {
            apiServerOrigin: config.apiServerOrigin(),
            webServerOrigin: config.webServerOrigin(),
            fqdn: config.fqdn(),
+            adminLocation: config.adminLocation(),
            tlsCert: config.tlsCert(),
            tlsKey: config.tlsKey(),
            isCustomDomain: config.isCustomDomain(),
@@ -738,36 +747,6 @@ function doUpdate(boxUpdateInfo, callback) {
    });
 }

-function installAppBundle(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    if (fs.existsSync(paths.FIRST_RUN_FILE)) return callback();
-
-    var bundle = config.get('appBundle');
-    debug('initialize: installing app bundle on first run: %j', bundle);
-
-    if (!bundle || bundle.length === 0) return callback();
-
-    async.eachSeries(bundle, function (appInfo, iteratorCallback) {
-        debug('autoInstall: installing %s at %s', appInfo.appstoreId, appInfo.location);
-
-        var data = {
-            appStoreId: appInfo.appstoreId,
-            location: appInfo.location,
-            portBindings: appInfo.portBindings || null,
-            accessRestriction: appInfo.accessRestriction || null,
-        };
-
-        apps.install(data, { userId: null, username: 'autoinstaller' }, iteratorCallback);
-    }, function (error) {
-        if (error) debug('autoInstallApps: ', error);
-
-        fs.writeFileSync(paths.FIRST_RUN_FILE, 'been there, done that', 'utf8');
-
-        callback();
-    });
-}
-
 function checkDiskSpace(callback) {
    callback = callback || NOOP_CALLBACK;

@@ -845,20 +824,20 @@ function doMigrate(options, callback) {
        debug('migrate: domain: %s size %s region %s', options.domain, options.size, options.region);

        superagent
-          .post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/migrate')
-          .query({ token: config.token() })
-          .send(options)
-          .timeout(30 * 1000)
-          .end(function (error, result) {
-            if (error && !error.response) return unlock(error); // network error
-            if (result.statusCode === 409) return unlock(new CloudronError(CloudronError.BAD_STATE));
-            if (result.statusCode === 404) return unlock(new CloudronError(CloudronError.NOT_FOUND));
-            if (result.statusCode !== 202) return unlock(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
+            .post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/migrate')
+            .query({ token: config.token() })
+            .send(options)
+            .timeout(30 * 1000)
+            .end(function (error, result) {
+                if (error && !error.response) return unlock(error); // network error
+                if (result.statusCode === 409) return unlock(new CloudronError(CloudronError.BAD_STATE));
+                if (result.statusCode === 404) return unlock(new CloudronError(CloudronError.NOT_FOUND));
+                if (result.statusCode !== 202) return unlock(new CloudronError(CloudronError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));

-            progress.set(progress.MIGRATE, 10, 'Migrating');
+                progress.set(progress.MIGRATE, 10, 'Migrating');

-            retire('migrate', _.pick(options, 'domain', 'size', 'region'));
-        });
+                retire('migrate', _.pick(options, 'domain', 'size', 'region'));
+            });
    });

    callback(null);
@@ -17,6 +17,7 @@ exports = module.exports = {
    apiServerOrigin: apiServerOrigin,
    webServerOrigin: webServerOrigin,
    fqdn: fqdn,
+    zoneName: zoneName,
    setFqdn: setFqdn,
    token: token,
    version: version,
@@ -28,12 +29,14 @@ exports = module.exports = {
    adminOrigin: adminOrigin,
    internalAdminOrigin: internalAdminOrigin,
    sysadminOrigin: sysadminOrigin, // caas routes
+    adminLocation: adminLocation,
    adminFqdn: adminFqdn,
+    mailLocation: mailLocation,
    mailFqdn: mailFqdn,
    appFqdn: appFqdn,
-    zoneName: zoneName,
    setZoneName: setZoneName,
    hasIPv6: hasIPv6,
+    dkimSelector: dkimSelector,

    isDemo: isDemo,

@@ -45,13 +48,17 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    constants = require('./constants.js'),
+    debug = require('debug')('box:config.js'),
    fs = require('fs'),
    path = require('path'),
    safe = require('safetydance'),
    tld = require('tldjs'),
    _ = require('underscore');

+
+// assert on unknown environment can't proceed
+assert(exports.CLOUDRON || exports.TEST, 'Unknown environment. This should not happen!');
+
 var homeDir = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;

 var data = { };
@@ -63,8 +70,25 @@ function baseDir() {

 var cloudronConfigFileName = path.join(baseDir(), 'configs/cloudron.conf');

+// only tests can run without a config file on disk, they use the defaults with runtime overrides
+if (exports.CLOUDRON) assert(fs.existsSync(cloudronConfigFileName), 'No cloudron.conf found, cannot proceed');
+
 function saveSync() {
-    fs.writeFileSync(cloudronConfigFileName, JSON.stringify(data, null, 4)); // functions are ignored by JSON.stringify
+    // only save values we want to have in the cloudron.conf, see start.sh
+    var conf = {
+        version: data.version,
+        token: data.token,
+        apiServerOrigin: data.apiServerOrigin,
+        webServerOrigin: data.webServerOrigin,
+        fqdn: data.fqdn,
+        zoneName: data.zoneName,
+        adminLocation: data.adminLocation,
+        isCustomDomain: data.isCustomDomain,
+        provider: data.provider,
+        isDemo: data.isDemo
+    };
+
+    fs.writeFileSync(cloudronConfigFileName, JSON.stringify(conf, null, 4)); // functions are ignored by JSON.stringify
 }

 function _reset(callback) {
@@ -77,45 +101,41 @@ function _reset(callback) {

 function initConfig() {
    // setup defaults
-    data.fqdn = 'localhost';
+    data.fqdn = '';
    data.zoneName = '';
-
+    data.adminLocation = 'my';
+    data.port = 3000;
    data.token = null;
    data.version = null;
    data.isCustomDomain = true;
+    data.apiServerOrigin = null;
    data.webServerOrigin = null;
-    data.smtpPort = 2525; // // this value comes from mail container
+    data.provider = 'caas';
+    data.smtpPort = 2525; // this value comes from mail container
    data.sysadminPort = 3001;
    data.ldapPort = 3002;
-    data.provider = 'caas';
-    data.appBundle = [ ];

-    if (exports.CLOUDRON) {
-        data.port = 3000;
-        data.apiServerOrigin = null;
-        data.database = null;
-    } else if (exports.TEST) {
+    // keep in sync with start.sh
+    data.database = {
+        hostname: '127.0.0.1',
+        username: 'root',
+        password: 'password',
+        port: 3306,
+        name: 'box'
+    };
+
+    // overrides for local testings
+    if (exports.TEST) {
        data.port = 5454;
-        data.apiServerOrigin = 'http://localhost:6060'; // hock doesn't support https
-        data.database = {
-            hostname: '127.0.0.1',
-            username: 'root',
-            password: '',
-            port: 3306,
-            name: 'boxtest'
-        };
        data.token = 'APPSTORE_TOKEN';
-    } else {
-        assert(false, 'Unknown environment. This should not happen!');
+        data.apiServerOrigin = 'http://localhost:6060'; // hock doesn't support https
+        data.database.password = '';
+        data.database.name = 'boxtest';
    }

-    if (safe.fs.existsSync(cloudronConfigFileName)) {
-        var existingData = safe.JSON.parse(safe.fs.readFileSync(cloudronConfigFileName, 'utf8'));
-        _.extend(data, existingData); // overwrite defaults with saved config
-        return;
-    }
-
-    saveSync();
+    // overwrite defaults with saved config
+    var existingData = safe.JSON.parse(safe.fs.readFileSync(cloudronConfigFileName, 'utf8'));
+    _.extend(data, existingData);
 }

 initConfig();
@@ -176,16 +196,24 @@ function appFqdn(location) {
    return isCustomDomain() ? location + '.' + fqdn() : location + '-' + fqdn();
 }

-function adminFqdn() {
-    return appFqdn(constants.ADMIN_LOCATION);
+function mailLocation() {
+    return get('adminLocation'); // not a typo! should be same as admin location until we figure out certificates
 }

 function mailFqdn() {
-    return appFqdn(constants.MAIL_LOCATION);
+    return appFqdn(mailLocation());
+}
+
+function adminLocation() {
+    return get('adminLocation');
+}
+
+function adminFqdn() {
+    return appFqdn(adminLocation());
 }

 function adminOrigin() {
-    return 'https://' + appFqdn(constants.ADMIN_LOCATION);
+    return 'https://' + appFqdn(adminLocation());
 }

 function internalAdminOrigin() {
@@ -235,6 +263,12 @@ function tlsKey() {
 }

 function hasIPv6() {
-    // require here to avoid cyclic dependencies, it is cached anyways
-    return fs.existsSync(require('./paths.js').IPV6_PROC_FILE);
-}
+    const IPV6_PROC_FILE = '/proc/net/if_inet6';
+    return fs.existsSync(IPV6_PROC_FILE);
+}
+
+function dkimSelector() {
+    var loc = adminLocation();
+    return loc === 'my' ? 'cloudron' : `cloudron-${loc.replace(/\./g, '')}`;
+}
+
@@ -1,12 +1,9 @@
 'use strict';

- // default admin installation location. keep in sync with ADMIN_LOCATION in setup/start.sh and BOX_ADMIN_LOCATION in appstore constants.js
 exports = module.exports = {
-    ADMIN_LOCATION: 'my',
    API_LOCATION: 'api', // this is unused but reserved for future use (#403)
    SMTP_LOCATION: 'smtp',
    IMAP_LOCATION: 'imap',
-    MAIL_LOCATION: 'my', // not a typo! should be same as admin location until we figure out certificates
    POSTMAN_LOCATION: 'postman', // used in dovecot bounces

    // These are combined into one array because users and groups become mailboxes
@@ -36,8 +33,6 @@ exports = module.exports = {

    DEMO_USERNAME: 'cloudron',

-    DKIM_SELECTOR: 'cloudron',
-
    AUTOUPDATE_PATTERN_NEVER: 'never'
 };

@@ -35,7 +35,7 @@ var gAliveJob = null, // send periodic stats
    gCleanupTokensJob = null,
    gDockerVolumeCleanerJob = null,
    gDynamicDNSJob = null,
-    gHeartbeatJob = null, // for CaaS health check
+    gCaasHeartbeatJob = null, // for CaaS health check
    gSchedulerSyncJob = null,
    gDigestEmailJob = null;

@@ -53,18 +53,20 @@ var AUDIT_SOURCE = { userId: null, username: 'cron' };
 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    gHeartbeatJob = new CronJob({
-        cronTime: '00 */1 * * * *', // every minute
-        onTick: cloudron.sendHeartbeat,
-        start: false
-    });
-    // hack: send the first heartbeat only after we are running for 60 seconds
-    // required as we end up sending a heartbeat and then cloudron-setup reboots the server
-    setTimeout(function () {
-        if (!gHeartbeatJob) return; // already uninitalized
-        gHeartbeatJob.start();
-        cloudron.sendHeartbeat();
-    }, 1000 * 60);
+    if (config.provider() === 'caas') {
+        gCaasHeartbeatJob = new CronJob({
+            cronTime: '00 */1 * * * *', // every minute
+            onTick: cloudron.sendCaasHeartbeat,
+            start: false
+        });
+        // hack: send the first heartbeat only after we are running for 60 seconds
+        // required as we end up sending a heartbeat and then cloudron-setup reboots the server
+        setTimeout(function () {
+            if (!gCaasHeartbeatJob) return; // already uninitalized
+            gCaasHeartbeatJob.start();
+            cloudron.sendCaasHeartbeat();
+        }, 1000 * 60);
+    }

    var randomHourMinute = Math.floor(60*Math.random());
    gAliveJob = new CronJob({
@@ -252,8 +254,8 @@ function uninitialize(callback) {
    if (gAppUpdateCheckerJob) gAppUpdateCheckerJob.stop();
    gAppUpdateCheckerJob = null;

-    if (gHeartbeatJob) gHeartbeatJob.stop();
-    gHeartbeatJob = null;
+    if (gCaasHeartbeatJob) gCaasHeartbeatJob.stop();
+    gCaasHeartbeatJob = null;

    if (gAliveJob) gAliveJob.stop();
    gAliveJob = null;
@@ -7,19 +7,15 @@ exports = module.exports = {

    isEnabled: isEnabled,
    setEnabled: setEnabled,
-    issueDeveloperToken: issueDeveloperToken,
-    getNonApprovedApps: getNonApprovedApps
+    issueDeveloperToken: issueDeveloperToken
 };

 var assert = require('assert'),
    clients = require('./clients.js'),
-    config = require('./config.js'),
    constants = require('./constants.js'),
-    debug = require('debug')('box:developer'),
    eventlog = require('./eventlog.js'),
    tokendb = require('./tokendb.js'),
    settings = require('./settings.js'),
-    superagent = require('superagent'),
    util = require('util');

 function DeveloperError(reason, errorOrMessage) {
@@ -84,19 +80,3 @@ function issueDeveloperToken(user, auditSource, callback) {
        callback(null, { token: token, expiresAt: new Date(expiresAt).toISOString() });
    });
 }
-
-function getNonApprovedApps(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/apps';
-    superagent.get(url).query({ token: config.token(), boxVersion: config.version() }).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new DeveloperError(DeveloperError.EXTERNAL_ERROR, error));
-        if (result.statusCode === 401 || result.statusCode === 403) {
-            debug('Failed to list apps in development. Appstore token invalid or missing. Returning empty list.', result.body);
-            return callback(null, []);
-        }
-        if (result.statusCode !== 200) return callback(new DeveloperError(DeveloperError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
-
-        callback(null, result.body.apps || []);
-    });
-}
@@ -33,31 +33,38 @@ function maybeSend(callback) {

            var hasSubscription = result && result.plan.id !== 'free' && result.plan.id !== 'undecided';

-            eventlog.getByActionLastWeek(eventlog.ACTION_APP_UPDATE, function (error, appUpdates) {
+            eventlog.getByCreationTime(new Date(new Date() - 7*86400000), function (error, events) {
                if (error) return callback(error);

-                eventlog.getByActionLastWeek(eventlog.ACTION_UPDATE, function (error, boxUpdates) {
-                    if (error) return callback(error);
+                var appUpdates = events.filter(function (e) { return e.action === eventlog.ACTION_APP_UPDATE; }).map(function (e) { return e.data; });
+                var boxUpdates = events.filter(function (e) { return e.action === eventlog.ACTION_UPDATE; }).map(function (e) { return e.data; });
+                var certRenewals = events.filter(function (e) { return e.action === eventlog.ACTION_CERTIFICATE_RENEWAL; }).map(function (e) { return e.data; });
+                var usersAdded = events.filter(function (e) { return e.action === eventlog.ACTION_USER_ADD; }).map(function (e) { return e.data; });
+                var usersRemoved = events.filter(function (e) { return e.action === eventlog.ACTION_USER_REMOVE; }).map(function (e) { return e.data; });
+                var finishedBackups = events.filter(function (e) { return e.action === eventlog.ACTION_BACKUP_FINISH && !e.errorMessage; }).map(function (e) { return e.data; });

-                    var info = {
-                        hasSubscription: hasSubscription,
+                if (error) return callback(error);

-                        pendingAppUpdates: pendingAppUpdates,
-                        pendingBoxUpdate: updateInfo.box || null,
+                var info = {
+                    hasSubscription: hasSubscription,

-                        finishedAppUpdates: (appUpdates || []).map(function (e) { return e.data; }),
-                        finishedBoxUpdates: (boxUpdates || []).map(function (e) { return e.data; })
-                    };
+                    pendingAppUpdates: pendingAppUpdates,
+                    pendingBoxUpdate: updateInfo.box || null,

-                    if (info.pendingAppUpdates.length || info.pendingBoxUpdate || info.finishedAppUpdates.length || info.finishedBoxUpdates.length) {
-                        debug('maybeSend: sending digest email', info);
-                        mailer.sendDigest(info);
-                    } else {
-                        debug('maybeSend: nothing happened, NOT sending digest email');
-                    }
+                    finishedAppUpdates: appUpdates,
+                    finishedBoxUpdates: boxUpdates,

-                    callback();
-                });
+                    certRenewals: certRenewals,
+                    finishedBackups: finishedBackups, // only the successful backups
+                    usersAdded: usersAdded,
+                    usersRemoved: usersRemoved // unused because we don't have username to work with
+                };
+
+                // always send digest for backup failure notification
+                debug('maybeSend: sending digest email', info);
+                mailer.sendDigest(info);
+
+                callback();
            });
        });
    });
@@ -10,7 +10,7 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    constants = require('../constants.js'),
+    config = require('../config.js'),
    debug = require('debug')('box:dns/digitalocean'),
    dns = require('dns'),
    safe = require('safetydance'),
@@ -37,22 +37,22 @@ function getInternal(dnsConfig, zoneName, subdomain, type, callback) {
        var url = nextPage ? nextPage : DIGITALOCEAN_ENDPOINT + '/v2/domains/' + zoneName + '/records';

        superagent.get(url)
-          .set('Authorization', 'Bearer ' + dnsConfig.token)
-          .timeout(30 * 1000)
-          .end(function (error, result) {
-            if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 404) return callback(new SubdomainError(SubdomainError.NOT_FOUND, formatError(result)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));
+            .set('Authorization', 'Bearer ' + dnsConfig.token)
+            .timeout(30 * 1000)
+            .end(function (error, result) {
+                if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (result.statusCode === 404) return callback(new SubdomainError(SubdomainError.NOT_FOUND, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));

-            matchingRecords = matchingRecords.concat(result.body.domain_records.filter(function (record) {
-                return (record.type === type && record.name === subdomain);
-            }));
+                matchingRecords = matchingRecords.concat(result.body.domain_records.filter(function (record) {
+                    return (record.type === type && record.name === subdomain);
+                }));

-            nextPage = (result.body.links && result.body.links.pages) ? result.body.links.pages.next : null;
+                nextPage = (result.body.links && result.body.links.pages) ? result.body.links.pages.next : null;

-            iteratorDone();
-        });
+                iteratorDone();
+            });
    }, function () { return !!nextPage; }, function (error) {
        if (error) return callback(error);

@@ -98,37 +98,37 @@ function upsert(dnsConfig, zoneName, subdomain, type, values, callback) {

            if (i >= result.length) {
                superagent.post(DIGITALOCEAN_ENDPOINT + '/v2/domains/' + zoneName + '/records')
-                  .set('Authorization', 'Bearer ' + dnsConfig.token)
-                  .send(data)
-                  .timeout(30 * 1000)
-                  .end(function (error, result) {
-                    if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                    if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
-                    if (result.statusCode === 422) return callback(new SubdomainError(SubdomainError.BAD_FIELD, result.body.message));
-                    if (result.statusCode !== 201) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));
+                    .set('Authorization', 'Bearer ' + dnsConfig.token)
+                    .send(data)
+                    .timeout(30 * 1000)
+                    .end(function (error, result) {
+                        if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                        if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return callback(new SubdomainError(SubdomainError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 201) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));

-                    recordIds.push(safe.query(result.body, 'domain_record.id'));
+                        recordIds.push(safe.query(result.body, 'domain_record.id'));

-                    return callback(null);
-                });
+                        return callback(null);
+                    });
            } else {
                superagent.put(DIGITALOCEAN_ENDPOINT + '/v2/domains/' + zoneName + '/records/' + result[i].id)
-                  .set('Authorization', 'Bearer ' + dnsConfig.token)
-                  .send(data)
-                  .timeout(30 * 1000)
-                  .end(function (error, result) {
+                    .set('Authorization', 'Bearer ' + dnsConfig.token)
+                    .send(data)
+                    .timeout(30 * 1000)
+                    .end(function (error, result) {
                    // increment, as we have consumed the record
-                    ++i;
+                        ++i;

-                    if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                    if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
-                    if (result.statusCode === 422) return callback(new SubdomainError(SubdomainError.BAD_FIELD, result.body.message));
-                    if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                        if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return callback(new SubdomainError(SubdomainError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 200) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));

-                    recordIds.push(safe.query(result.body, 'domain_record.id'));
+                        recordIds.push(safe.query(result.body, 'domain_record.id'));

-                    return callback(null);
-                });
+                        return callback(null);
+                    });
            }
        }, function (error, id) {
            if (error) return callback(error);
@@ -183,18 +183,18 @@ function del(dnsConfig, zoneName, subdomain, type, values, callback) {
        // FIXME we only handle the first one currently

        superagent.del(DIGITALOCEAN_ENDPOINT + '/v2/domains/' + zoneName + '/records/' + tmp[0].id)
-          .set('Authorization', 'Bearer ' + dnsConfig.token)
-          .timeout(30 * 1000)
-          .end(function (error, result) {
-            if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 404) return callback(null);
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 204) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));
+            .set('Authorization', 'Bearer ' + dnsConfig.token)
+            .timeout(30 * 1000)
+            .end(function (error, result) {
+                if (error && !error.response) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (result.statusCode === 404) return callback(null);
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new SubdomainError(SubdomainError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 204) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, formatError(result)));

-            debug('del: done');
+                debug('del: done');

-            return callback(null);
-        });
+                return callback(null);
+            });
    });
 }

@@ -221,7 +221,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
            return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Domain nameservers are not set to Digital Ocean'));
        }

-        const name = constants.ADMIN_LOCATION + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));
+        const name = config.adminLocation() + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));

        upsert(credentials, zoneName, name, 'A', [ ip ], function (error, changeId) {
            if (error) return callback(error);
@@ -9,10 +9,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    GCDNS = require('@google-cloud/dns'),
-    constants = require('../constants.js'),
+    config = require('../config.js'),
    debug = require('debug')('box:dns/gcdns'),
    dns = require('dns'),
+    GCDNS = require('@google-cloud/dns'),
    SubdomainError = require('../subdomains.js').SubdomainError,
    util = require('util'),
    _ = require('underscore');
@@ -187,7 +187,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
                return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS'));
            }

-            const name = constants.ADMIN_LOCATION + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));
+            const name = config.adminLocation() + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));

            upsert(credentials, zoneName, name, 'A', [ ip ], function (error, changeId) {
                if (error) return callback(error);
@@ -10,7 +10,7 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    constants = require('../constants.js'),
+    config = require('../config.js'),
    debug = require('debug')('box:dns/manual'),
    dig = require('../dig.js'),
    dns = require('dns'),
@@ -58,7 +58,7 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, ip, callback) {
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var adminDomain = constants.ADMIN_LOCATION + '.' + domain;
+    var adminDomain = config.adminLocation() + '.' + domain;

    dns.resolveNs(zoneName, function (error, nameservers) {
        if (error || !nameservers) return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Unable to get nameservers'));
@@ -13,7 +13,7 @@ exports = module.exports = {

 var assert = require('assert'),
    AWS = require('aws-sdk'),
-    constants = require('../constants.js'),
+    config = require('../config.js'),
    debug = require('debug')('box:dns/route53'),
    dns = require('dns'),
    SubdomainError = require('../subdomains.js').SubdomainError,
@@ -247,7 +247,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
                return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
            }

-            const name = constants.ADMIN_LOCATION + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));
+            const name = config.adminLocation() + (fqdn === zoneName ? '' :  '.' + fqdn.slice(0, - zoneName.length - 1));

            upsert(credentials, zoneName, name, 'A', [ ip ], function (error, changeId) {
                if (error) return callback(error);
@@ -367,31 +367,21 @@ function getContainerIdByIp(ip, callback) {
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug('get container by ip %s', ip);
-
    var docker = exports.connection;

-    docker.listNetworks({}, function (error, result) {
+    docker.getNetwork('cloudron').inspect(function (error, bridge) {
+        if (error && error.statusCode === 404) return callback(new Error('Unable to find the cloudron network'));
        if (error) return callback(error);

-        var bridge;
-        result.forEach(function (n) {
-            if (n.Name === 'cloudron') bridge = n;
-        });
-
-        if (!bridge) return callback(new Error('Unable to find the cloudron network'));
-
        var containerId;
        for (var id in bridge.Containers) {
-            if (bridge.Containers[id].IPv4Address.indexOf(ip) === 0) {
+            if (bridge.Containers[id].IPv4Address.indexOf(ip + '/16') === 0) {
                containerId = id;
                break;
            }
        }
        if (!containerId) return callback(new Error('No container with that ip'));

-        debug('found container %s with ip %s', containerId, ip);
-
        callback(null, containerId);
    });
 }
@@ -132,7 +132,7 @@ function verifyRelay(relay, callback) {

 function checkDkim(callback) {
    var dkim = {
-        domain: constants.DKIM_SELECTOR + '._domainkey.' + config.fqdn(),
+        domain: config.dkimSelector() + '._domainkey.' + config.fqdn(),
        type: 'TXT',
        expected: null,
        value: null,
@@ -6,7 +6,7 @@ exports = module.exports = {
    add: add,
    get: get,
    getAllPaged: getAllPaged,
-    getByActionLastWeek: getByActionLastWeek,
+    getByCreationTime: getByCreationTime,
    cleanup: cleanup,

    // keep in sync with webadmin index.js filter and CLI tool
@@ -98,21 +98,21 @@ function getAllPaged(action, search, page, perPage, callback) {
    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    eventlogdb.getAllPaged(action, search, page, perPage, function (error, boxes) {
+    eventlogdb.getAllPaged(action, search, page, perPage, function (error, events) {
        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

-        callback(null, boxes);
+        callback(null, events);
    });
 }

-function getByActionLastWeek(action, callback) {
-    assert(typeof action === 'string' || action === null);
+function getByCreationTime(creationTime, callback) {
+    assert(util.isDate(creationTime));
    assert.strictEqual(typeof callback, 'function');

-    eventlogdb.getByActionLastWeek(action, function (error, boxes) {
+    eventlogdb.getByCreationTime(creationTime, function (error, events) {
        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

-        callback(null, boxes);
+        callback(null, events);
    });
 }

@@ -120,7 +120,7 @@ function cleanup(callback) {
    callback = callback || NOOP_CALLBACK;

    var d = new Date();
-    d.setDate(d.getDate() - 7); // 7 days ago
+    d.setDate(d.getDate() - 10); // 10 days ago

    // only cleanup high frequency events
    var actions = [
@@ -3,7 +3,7 @@
 exports = module.exports = {
    get: get,
    getAllPaged: getAllPaged,
-    getByActionLastWeek: getByActionLastWeek,
+    getByCreationTime: getByCreationTime,
    add: add,
    count: count,
    delByCreationTime: delByCreationTime,
@@ -73,12 +73,12 @@ function getAllPaged(action, search, page, perPage, callback) {
    });
 }

-function getByActionLastWeek(action, callback) {
-    assert(typeof action === 'string' || action === null);
+function getByCreationTime(creationTime, callback) {
+    assert(util.isDate(creationTime));
    assert.strictEqual(typeof callback, 'function');

-    var query = 'SELECT ' + EVENTLOGS_FIELDS + ' FROM eventlog WHERE action=? AND creationTime >= DATE_SUB(NOW(), INTERVAL 1 WEEK) ORDER BY creationTime DESC';
-    database.query(query, [ action ], function (error, results) {
+    var query = 'SELECT ' + EVENTLOGS_FIELDS + ' FROM eventlog WHERE creationTime >= ? ORDER BY creationTime DESC';
+    database.query(query, [ creationTime ], function (error, results) {
        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);
@@ -5,9 +5,9 @@
 // Do not require anything here!

 exports = module.exports = {
-    // a major version makes all apps restore from backup
+    // a major version makes all apps restore from backup. #451 must be fixed before we do this.
    // a minor version makes all apps re-configure themselves
-    'version': '48.6.0',
+    'version': '48.8.0',

    'baseImages': [ 'cloudron/base:0.10.0' ],

@@ -15,10 +15,10 @@ exports = module.exports = {
    // This is because we upgrade using dumps instead of mysql_upgrade, pg_upgrade etc
    'images': {
        'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:0.18.0' },
-        'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:0.17.0' },
+        'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:0.17.1' },
        'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:0.13.0' },
        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:0.11.0' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:0.37.1' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:0.39.1' },
        'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:0.12.0' }
    }
 };
@@ -61,12 +61,74 @@ function getUsersWithAccessToApp(req, callback) {
    });
 }

+// helper function to deal with pagination
+function finalSend(results, req, res, next) {
+    var min = 0;
+    var max = results.length;
+    var cookie = null;
+    var pageSize = 0;
+
+    // check if this is a paging request, if so get the cookie for session info
+    req.controls.forEach(function (control) {
+        if (control.type === ldap.PagedResultsControl.OID) {
+            pageSize = control.value.size;
+            cookie = control.value.cookie;
+        }
+    });
+
+    function sendPagedResults(start, end) {
+        start = (start < min) ? min : start;
+        end = (end > max || end < min) ? max : end;
+        var i;
+
+        for (i = start; i < end; i++) {
+            res.send(results[i]);
+        }
+
+        return i;
+    }
+
+    if (cookie && Buffer.isBuffer(cookie)) {
+        // we have pagination
+        var first = min;
+        if (cookie.length !== 0) {
+            first = parseInt(cookie.toString(), 10);
+        }
+        var last = sendPagedResults(first, first + pageSize);
+
+        var resultCookie;
+        if (last < max) {
+            resultCookie = new Buffer(last.toString());
+        } else {
+            resultCookie = new Buffer('');
+        }
+
+        res.controls.push(new ldap.PagedResultsControl({
+            value: {
+                size: pageSize, // correctness not required here
+                cookie: resultCookie
+            }
+        }));
+    } else {
+        // no pagination simply send all
+        results.forEach(function (result) {
+            res.send(result);
+        });
+    }
+
+    // all done
+    res.end();
+    next();
+}
+
 function userSearch(req, res, next) {
    debug('user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);

    getUsersWithAccessToApp(req, function (error, result) {
        if (error) return next(error);

+        var results = [];
+
        // send user objects
        result.forEach(function (entry) {
            // skip entries with empty username. Some apps like owncloud can't deal with this
@@ -109,11 +171,11 @@ function userSearch(req, res, next) {
            if (!lowerCaseFilter) return next(new ldap.OperationsError(safe.error.toString()));

            if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && lowerCaseFilter.matches(obj.attributes)) {
-                res.send(obj);
+                results.push(obj);
            }
        });

-        res.end();
+        finalSend(results, req, res, next);
    });
 }

@@ -123,6 +185,8 @@ function groupSearch(req, res, next) {
    getUsersWithAccessToApp(req, function (error, result) {
        if (error) return next(error);

+        var results = [];
+
        var groups = [{
            name: 'users',
            admin: false
@@ -149,11 +213,43 @@ function groupSearch(req, res, next) {
            if (!lowerCaseFilter) return next(new ldap.OperationsError(safe.error.toString()));

            if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && lowerCaseFilter.matches(obj.attributes)) {
-                res.send(obj);
+                results.push(obj);
            }
        });

-        res.end();
+        finalSend(results, req, res, next);
+    });
+}
+
+function groupUsersCompare(req, res, next) {
+    debug('group users compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
+
+    getUsersWithAccessToApp(req, function (error, result) {
+        if (error) return next(error);
+
+        // we only support memberuid here, if we add new group attributes later add them here
+        if (req.attribute === 'memberuid') {
+            var found = result.find(function (u) { return u.id === req.value; });
+            if (found) return res.end(true);
+        }
+
+        res.end(false);
+    });
+}
+
+function groupAdminsCompare(req, res, next) {
+    debug('group admins compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
+
+    getUsersWithAccessToApp(req, function (error, result) {
+        if (error) return next(error);
+
+        // we only support memberuid here, if we add new group attributes later add them here
+        if (req.attribute === 'memberuid') {
+            var found = result.find(function (u) { return u.id === req.value; });
+            if (found && found.admin) return res.end(true);
+        }
+
+        res.end(false);
    });
 }

@@ -161,6 +257,7 @@ function mailboxSearch(req, res, next) {
    debug('mailbox search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);

    if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+
    var name = req.dn.rdns[0].attrs.cn.value.toLowerCase();
    // allow login via email
    var parts = name.split('@');
@@ -188,9 +285,11 @@ function mailboxSearch(req, res, next) {
        var lowerCaseFilter = safe(function () { return ldap.parseFilter(req.filter.toString().toLowerCase()); }, null);
        if (!lowerCaseFilter) return next(new ldap.OperationsError(safe.error.toString()));

-        if (lowerCaseFilter.matches(obj.attributes)) res.send(obj);
-
-        res.end();
+        if (lowerCaseFilter.matches(obj.attributes)) {
+            finalSend([ obj ], req, res, next);
+        } else {
+            res.end();
+        }
    });
 }

@@ -198,6 +297,7 @@ function mailAliasSearch(req, res, next) {
    debug('mail alias get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);

    if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+
    mailboxdb.getAlias(req.dn.rdns[0].attrs.cn.value.toLowerCase(), function (error, alias) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.toString()));
@@ -218,9 +318,11 @@ function mailAliasSearch(req, res, next) {
        var lowerCaseFilter = safe(function () { return ldap.parseFilter(req.filter.toString().toLowerCase()); }, null);
        if (!lowerCaseFilter) return next(new ldap.OperationsError(safe.error.toString()));

-        if (lowerCaseFilter.matches(obj.attributes)) res.send(obj);
-
-        res.end();
+        if (lowerCaseFilter.matches(obj.attributes)) {
+            finalSend([ obj ], req, res, next);
+        } else {
+            res.end();
+        }
    });
 }

@@ -228,6 +330,7 @@ function mailingListSearch(req, res, next) {
    debug('mailing list get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);

    if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+
    mailboxdb.getGroup(req.dn.rdns[0].attrs.cn.value.toLowerCase(), function (error, group) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.toString()));
@@ -248,9 +351,11 @@ function mailingListSearch(req, res, next) {
        var lowerCaseFilter = safe(function () { return ldap.parseFilter(req.filter.toString().toLowerCase()); }, null);
        if (!lowerCaseFilter) return next(new ldap.OperationsError(safe.error.toString()));

-        if (lowerCaseFilter.matches(obj.attributes)) res.send(obj);
-
-        res.end();
+        if (lowerCaseFilter.matches(obj.attributes)) {
+            finalSend([ obj ], req, res, next);
+        } else {
+            res.end();
+        }
    });
 }

@@ -370,14 +475,17 @@ function start(callback) {
    gServer.bind('ou=recvmail,dc=cloudron', authenticateMailbox);
    gServer.bind('ou=sendmail,dc=cloudron', authenticateMailbox);

+    gServer.compare('cn=users,ou=groups,dc=cloudron', groupUsersCompare);
+    gServer.compare('cn=admins,ou=groups,dc=cloudron', groupAdminsCompare);
+
    // this is the bind for addons (after bind, they might search and authenticate)
-    gServer.bind('ou=addons,dc=cloudron', function(req, res, next) {
+    gServer.bind('ou=addons,dc=cloudron', function(req, res /*, next */) {
        debug('addons bind: %s', req.dn.toString()); // note: cn can be email or id
        res.end();
    });

    // this is the bind for apps (after bind, they might search and authenticate user)
-    gServer.bind('ou=apps,dc=cloudron', function(req, res, next) {
+    gServer.bind('ou=apps,dc=cloudron', function(req, res /*, next */) {
        // TODO: validate password
        debug('application bind: %s', req.dn.toString());
        res.end();
@@ -2,13 +2,14 @@

 Dear Cloudron Admin,

-a new version <%= updateInfo.manifest.version %> of the app '<%= app.manifest.title %>' installed at <%= app.fqdn %> is available!
-
-The app will update automatically tonight. Alternately, update immediately at <%= webadminUrl %>.
+A new version <%= updateInfo.manifest.version %> of the app '<%= app.manifest.title %>' installed at <%= app.fqdn %> is available!

 Changes:
 <%= updateInfo.manifest.changelog %>

+<% if (!hasSubscription) { -%>
+*Keep your Cloudron automatically up-to-date and secure by upgrading to a paid plan at* <%= webadminUrl %>/#/settings
+<% } -%>

 Powered by https://cloudron.io

@@ -16,4 +17,35 @@ Sent at: <%= new Date().toUTCString() %>

 <% } else { %>

+    <center>
+
+    <img src="<%= cloudronAvatarUrl %>" width="128px" height="128px"/>
+
+    <h3>Dear <%= cloudronName %> Admin,</h3>
+
+    <div style="width: 650px; text-align: left;">
+        <p>
+            A new version <%= updateInfo.manifest.version %> of the app '<%= app.manifest.title %>' installed at <%= app.fqdn %> is available!
+        </p>
+
+        <h5>Changelog:</h5>
+        <%- changelogHTML %>
+
+        <br/>
+
+        <% if (!hasSubscription) { %>
+        <p>Keep your Cloudron automatically up-to-date and secure by upgrading to a <a href="<%= webadminUrl %>/#/settings">paid plan</a>.</p>
+        <% } %>
+
+        <br/>
+    </div>
+
+    <div style="font-size: 10px; color: #333333; background: #ffffff;">
+        Powered by <a href="https://cloudron.io">Cloudron</a>.
+    </div>
+
+    </center>
+
+    <img src="https://analytics.cloudron.io/piwik.php?idsite=2&rec=1&e_c=CloudronEmail&e_a=update" style="border:0" alt="" />
+
 <% } %>
@@ -4,15 +4,18 @@ Dear <%= cloudronName %> Admin,

 Version <%= newBoxVersion %> for Cloudron <%= fqdn %> is now available!

-Your Cloudron will update automatically tonight. Alternately, update immediately at <%= webadminUrl %>.
-
 Changelog:
 <% for (var i = 0; i < changelog.length; i++) { %>
  * <%- changelog[i] %>
 <% } %>

-Thank you,
-your Cloudron
+<% if (!hasSubscription) { -%>
+*Keep your Cloudron automatically up-to-date and secure by upgrading to a paid plan at* <%= webadminUrl %>/#/settings
+<% } -%>
+
+Powered by https://cloudron.io
+
+Sent at: <%= new Date().toUTCString() %>

 <% } else { %>

@@ -27,11 +30,6 @@ your Cloudron
        Version <b><%= newBoxVersion %></b> for Cloudron <%= fqdn %> is now available!
    </p>

-    <p>
-        Your Cloudron will update automatically tonight.<br/>
-        Alternately, update immediately <a href="<%= webadminUrl %>">here</a>.
-    </p>
-
    <h5>Changelog:</h5>
    <ul>
    <% for (var i = 0; i < changelogHTML.length; i++) { %>
@@ -40,6 +38,11 @@ your Cloudron
    </ul>

    <br/>
+
+    <% if (!hasSubscription) { %>
+    <p>Keep your Cloudron automatically up-to-date and secure by upgrading to a <a href="<%= webadminUrl %>/#/settings">paid plan</a>.</p>
+    <% } %>
+
    <br/>
 </div>

@@ -2,7 +2,19 @@

 Dear <%= cloudronName %> Admin,

-This is the weekly summary of activities on your Cloudron <%= fqdn %>.
+This is a summary of the activities on your Cloudron <%= fqdn %>.
+<% if (info.usersAdded.length) { -%>
+
+The following users were added:
+<% for (var i = 0; i < info.usersAdded.length; i++) { -%>
+    * <%- info.usersAdded[i].email %>
+<% }} -%>
+<% if (info.certRenewals.length) { -%>
+
+The certificates of the following apps was renewed:
+<% for (var i = 0; i < info.certRenewals.length; i++) { -%>
+    * <%- info.certRenewals[i].domain %> - <%- info.certRenewals[i].errorMessage || 'Success' %>
+<% }} -%>
 <% if (info.pendingBoxUpdate) { -%>

 Cloudron v<%- info.pendingBoxUpdate.version %> is available:
@@ -33,6 +45,14 @@ The following apps were updated:
 <% for (var j = 0; j < info.finishedAppUpdates[i].toManifest.changelog.trim().split('\n').length; j++) { -%>
        <%= info.finishedAppUpdates[i].toManifest.changelog.trim().split('\n')[j] %>
 <% }}} -%>
+<% if (info.finishedBackups.length) { -%>
+
+Last successful backup: <%- info.finishedBackups[0].backupId || info.finishedBackups[0].filename %>
+<% } else { -%>
+
+This Cloudron did **not** backup successfully in the last week!
+<% } -%>
+
 <% if (!info.hasSubscription) { -%>

 *Keep your Cloudron automatically up-to-date and secure by upgrading to a paid plan at* <%= webadminUrl %>/#/settings
@@ -52,9 +72,25 @@ Sent at: <%= new Date().toUTCString() %>

        <br/>

-        <p>Weekly summary of activities on your Cloudron <a href="<%= webadminUrl %>"><%= cloudronName %></a>:</p>
+        <p>This is a summary of the activities on your Cloudron <a href="<%= webadminUrl %>"><%= cloudronName %></a> last week.</p>

-        <br/>
+    <% if (info.usersAdded.length) { -%>
+        <p><b>The following users were added:</b></p>
+        <ul>
+        <% for (var i = 0; i < info.usersAdded.length; i++) { %>
+            <li><%- info.usersAdded[i].email %></li>
+        <% } %>
+        </ul>
+    <% } %>
+
+    <% if (info.certRenewals.length) { -%>
+        <p><b>The certificates of the following apps were renewed:</b></p>
+        <ul>
+            <% for (var i = 0; i < info.certRenewals.length; i++) { %>
+                <li><%- info.certRenewals[i].domain %> - <%- info.certRenewals[i].errorMessage || 'Success' %></li>
+            <% } %>
+        </ul>
+    <% } %>

    <% if (info.pendingBoxUpdate) { -%>
        <p><b>Cloudron v<%- info.pendingBoxUpdate.version %> is available:</b></p>
@@ -113,6 +149,12 @@ Sent at: <%= new Date().toUTCString() %>
        </ul>
    <% } %>

+    <% if (info.finishedBackups.length) { %>
+        <p><b>Last successful backup : </b> <%= info.finishedBackups[0].backupId || info.finishedBackups[0].filename %> </p>
+    <% } else { %>
+        <p><b>This Cloudron did not backup successfully in the last week!</b></p>
+    <% } %>
+
        <br/>

    <% if (!info.hasSubscription) { %>
@@ -123,12 +165,12 @@ Sent at: <%= new Date().toUTCString() %>
        <br/>
        <br/>

-        <p style="text-align: right;">
+        <center>
            <small>
                Powered by <a href="https://cloudron.io">Cloudron</a><br/>
                Sent on <%= new Date().toUTCString() %>
            </small>
-        </p>
+        </center>
    </div>
 </center>

@@ -1,14 +0,0 @@
-<%if (format === 'text') { %>
-
-New <%= type %> from <%= fqdn %>.
-
-Sender:  <%= user.email %>
-Sent at: <%= new Date().toUTCString() %>
-
-Subject: <%= subject %>
-----------------------------------------------------------
-<%= description %>
-
-<% } else { %>
-
-<% } %>
@@ -134,7 +134,8 @@ function getGroup(name, callback) {
        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

-        database.query('SELECT users.username FROM groupMembers INNER JOIN users ON groupMembers.userId = users.id WHERE groupMembers.groupId = ?', [ results[0].ownerId ], function (error, memberList) {
+        // username can be null if the user has not signed up with the invite yet
+        database.query('SELECT users.username FROM groupMembers INNER JOIN users ON groupMembers.userId = users.id WHERE groupMembers.groupId = ? AND users.username IS NOT NULL', [ results[0].ownerId ], function (error, memberList) {
            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results[0].members = memberList.map(function (m) { return m.username; });
@@ -23,22 +23,13 @@ exports = module.exports = {

    certificateRenewalError: certificateRenewalError,

-    FEEDBACK_TYPE_FEEDBACK: 'feedback',
-    FEEDBACK_TYPE_TICKET: 'ticket',
-    FEEDBACK_TYPE_APP_MISSING: 'app_missing',
-    FEEDBACK_TYPE_APP_ERROR: 'app_error',
-    FEEDBACK_TYPE_UPGRADE_REQUEST: 'upgrade_request',
-    sendFeedback: sendFeedback,
-
    sendTestMail: sendTestMail,

    _getMailQueue: _getMailQueue,
    _clearMailQueue: _clearMailQueue
 };

-var appstore = require('./appstore.js'),
-    AppstoreError = appstore.AppstoreError,
-    assert = require('assert'),
+var assert = require('assert'),
    async = require('async'),
    config = require('./config.js'),
    debug = require('debug')('box:mailer'),
@@ -171,6 +162,7 @@ function getAdminEmails(callback) {
        if (admins.length === 0) return callback(new Error('No admins on this cloudron')); // box not activated yet

        var adminEmails = [ ];
+        if (admins[0].alternateEmail) adminEmails.push(admins[0].alternateEmail);
        admins.forEach(function (admin) { adminEmails.push(admin.email); });

        callback(null, adminEmails);
@@ -244,7 +236,7 @@ function userAdded(user, inviteSent) {
    debug('Sending mail for userAdded %s including invite link', inviteSent ? 'not' : '');

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        adminEmails = _.difference(adminEmails, [ user.email ]);

@@ -341,7 +333,7 @@ function appDied(app) {
    debug('Sending mail for app %s @ %s died', app.id, app.fqdn);

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        var mailOptions = {
            from: mailConfig().from,
@@ -354,12 +346,13 @@ function appDied(app) {
    });
 }

-function boxUpdateAvailable(newBoxVersion, changelog) {
+function boxUpdateAvailable(hasSubscription, newBoxVersion, changelog) {
+    assert.strictEqual(typeof hasSubscription, 'boolean');
    assert.strictEqual(typeof newBoxVersion, 'string');
    assert(util.isArray(changelog));

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        settings.getCloudronName(function (error, cloudronName) {
            if (error) {
@@ -373,6 +366,7 @@ function boxUpdateAvailable(newBoxVersion, changelog) {
                fqdn: config.fqdn(),
                webadminUrl: config.adminOrigin(),
                newBoxVersion: newBoxVersion,
+                hasSubscription: hasSubscription,
                changelog: changelog,
                changelogHTML: changelog.map(function (e) { return converter.makeHtml(e); }),
                cloudronName: cloudronName,
@@ -385,7 +379,7 @@ function boxUpdateAvailable(newBoxVersion, changelog) {
            var templateDataHTML = JSON.parse(JSON.stringify(templateData));
            templateDataHTML.format = 'html';

-             var mailOptions = {
+            var mailOptions = {
                from: mailConfig().from,
                to: adminEmails.join(', '),
                subject: util.format('%s has a new update available', config.fqdn()),
@@ -398,29 +392,13 @@ function boxUpdateAvailable(newBoxVersion, changelog) {
    });
 }

-function appUpdateAvailable(app, updateInfo) {
+function appUpdateAvailable(app, hasSubscription, info) {
    assert.strictEqual(typeof app, 'object');
-    assert.strictEqual(typeof updateInfo, 'object');
-
-    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
-
-         var mailOptions = {
-            from: mailConfig().from,
-            to: adminEmails.join(', '),
-            subject: util.format('[%s] Update available for %s', config.fqdn(), app.fqdn),
-            text: render('app_update_available.ejs', { fqdn: config.fqdn(), webadminUrl: config.adminOrigin(), app: app, updateInfo: updateInfo, format: 'text' })
-        };
-
-        enqueue(mailOptions);
-    });
-}
-
-function sendDigest(info) {
+    assert.strictEqual(typeof hasSubscription, 'boolean');
    assert.strictEqual(typeof info, 'object');

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        settings.getCloudronName(function (error, cloudronName) {
            if (error) {
@@ -428,34 +406,73 @@ function sendDigest(info) {
                cloudronName = 'Cloudron';
            }

-            appstore.getAccount(function (error, appstoreProfile) {
-                if (error && error.reason !== AppstoreError.BILLING_REQUIRED) console.error(error);
-                if (appstoreProfile) adminEmails.push(appstoreProfile.email);
+            var converter = new showdown.Converter();

-                var templateData = {
-                    fqdn: config.fqdn(),
-                    webadminUrl: config.adminOrigin(),
-                    cloudronName: cloudronName,
-                    cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar',
-                    info: info
-                };
+            var templateData = {
+                fqdn: config.fqdn(),
+                webadminUrl: config.adminOrigin(),
+                hasSubscription: hasSubscription,
+                app: app,
+                updateInfo: info,
+                changelogHTML: converter.makeHtml(info.manifest.changelog),
+                cloudronName: cloudronName,
+                cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
+            };

-                var templateDataText = JSON.parse(JSON.stringify(templateData));
-                templateDataText.format = 'text';
+            var templateDataText = JSON.parse(JSON.stringify(templateData));
+            templateDataText.format = 'text';

-                var templateDataHTML = JSON.parse(JSON.stringify(templateData));
-                templateDataHTML.format = 'html';
+            var templateDataHTML = JSON.parse(JSON.stringify(templateData));
+            templateDataHTML.format = 'html';

-                var mailOptions = {
-                    from: mailConfig().from,
-                    to: adminEmails.join(', '),
-                    subject: util.format('[%s] Cloudron - Weekly activity digest', config.fqdn()),
-                    text: render('digest.ejs', templateDataText),
-                    html: render('digest.ejs', templateDataHTML)
-                };
+            var mailOptions = {
+                from: mailConfig().from,
+                to: adminEmails.join(', '),
+                subject: util.format('App %s has a new update available', app.fqdn),
+                text: render('app_update_available.ejs', templateDataText),
+                html: render('app_update_available.ejs', templateDataHTML)
+            };

-                enqueue(mailOptions);
-            });
+            enqueue(mailOptions);
+        });
+    });
+}
+
+function sendDigest(info) {
+    assert.strictEqual(typeof info, 'object');
+
+    getAdminEmails(function (error, adminEmails) {
+        if (error) return debug('Error getting admins', error);
+
+        settings.getCloudronName(function (error, cloudronName) {
+            if (error) {
+                debug(error);
+                cloudronName = 'Cloudron';
+            }
+
+            var templateData = {
+                fqdn: config.fqdn(),
+                webadminUrl: config.adminOrigin(),
+                cloudronName: cloudronName,
+                cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar',
+                info: info
+            };
+
+            var templateDataText = JSON.parse(JSON.stringify(templateData));
+            templateDataText.format = 'text';
+
+            var templateDataHTML = JSON.parse(JSON.stringify(templateData));
+            templateDataHTML.format = 'html';
+
+            var mailOptions = {
+                from: mailConfig().from,
+                to: adminEmails.join(', '),
+                subject: util.format('[%s] Cloudron - Weekly activity digest', config.fqdn()),
+                text: render('digest.ejs', templateDataText),
+                html: render('digest.ejs', templateDataHTML)
+            };
+
+            enqueue(mailOptions);
        });
    });
 }
@@ -464,7 +481,7 @@ function outOfDiskSpace(message) {
    assert.strictEqual(typeof message, 'string');

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        var mailOptions = {
            from: mailConfig().from,
@@ -481,7 +498,7 @@ function backupFailed(error) {
    var message = splatchError(error);

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        var mailOptions = {
            from: mailConfig().from,
@@ -499,7 +516,7 @@ function certificateRenewalError(domain, message) {
    assert.strictEqual(typeof message, 'string');

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        var mailOptions = {
            from: mailConfig().from,
@@ -517,7 +534,7 @@ function oomEvent(program, context) {
    assert.strictEqual(typeof context, 'string');

    getAdminEmails(function (error, adminEmails) {
-        if (error) return console.log('Error getting admins', error);
+        if (error) return debug('Error getting admins', error);

        var mailOptions = {
            from: mailConfig().from,
@@ -549,28 +566,6 @@ function unexpectedExit(program, context, callback) {
    sendMails([ mailOptions ], callback);
 }

-function sendFeedback(user, type, subject, description) {
-    assert.strictEqual(typeof user, 'object');
-    assert.strictEqual(typeof type, 'string');
-    assert.strictEqual(typeof subject, 'string');
-    assert.strictEqual(typeof description, 'string');
-
-    assert(type === exports.FEEDBACK_TYPE_TICKET ||
-        type === exports.FEEDBACK_TYPE_FEEDBACK ||
-        type === exports.FEEDBACK_TYPE_APP_MISSING ||
-        type === exports.FEEDBACK_TYPE_UPGRADE_REQUEST ||
-        type === exports.FEEDBACK_TYPE_APP_ERROR);
-
-        var mailOptions = {
-            from: mailConfig().from,
-        to: 'support@cloudron.io',
-        subject: util.format('[%s] %s - %s', type, config.fqdn(), subject),
-        text: render('feedback.ejs', { fqdn: config.fqdn(), type: type, user: user, subject: subject, description: description, format: 'text'})
-    };
-
-    enqueue(mailOptions);
-}
-
 function sendTestMail(email) {
    assert.strictEqual(typeof email, 'string');

@@ -19,7 +19,6 @@ exports = module.exports = {
    ADDON_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/addons'),
    COLLECTD_APPCONFIG_DIR: path.join(config.baseDir(), 'platformdata/collectd/collectd.conf.d'),
    LOGROTATE_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/logrotate.d'),
-    IPV6_PROC_FILE: '/proc/net/if_inet6',
    NGINX_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/nginx'),
    NGINX_APPCONFIG_DIR: path.join(config.baseDir(), 'platformdata/nginx/applications'),
    NGINX_CERT_DIR: path.join(config.baseDir(), 'platformdata/nginx/cert'),
@@ -32,6 +31,5 @@ exports = module.exports = {
    ACME_ACCOUNT_KEY_FILE: path.join(config.baseDir(), 'boxdata/acme/acme.key'),
    APP_CERTS_DIR: path.join(config.baseDir(), 'boxdata/certs'),
    CLOUDRON_AVATAR_FILE: path.join(config.baseDir(), 'boxdata/avatar.png'),
-    FIRST_RUN_FILE: path.join(config.baseDir(), 'boxdata/first_run'),
    UPDATE_CHECKER_FILE: path.join(config.baseDir(), 'boxdata/updatechecker.json')
 };
@@ -254,7 +254,7 @@ function createMailConfig(callback) {
            var mailFromValidation = result[settings.MAIL_FROM_VALIDATION_KEY];

            if (!safe.fs.writeFileSync(paths.ADDON_CONFIG_DIR + '/mail/mail.ini',
-                `mail_domain=${fqdn}\nmail_server_name=${mailFqdn}\nalerts_from=${alertsFrom}\nalerts_to=${alertsTo}\ncatch_all=${catchAll}\nmail_from_validation=${mailFromValidation}\n`, 'utf8')) {
+                `mail_domain=${fqdn}\nmail_server_name=${mailFqdn}\nalerts_from=${alertsFrom}\nalerts_to=${alertsTo}\ncatch_all=${catchAll}\nmail_from_validation=${mailFromValidation}\ndkim_selector=${config.dkimSelector()}\n`, 'utf8')) {
                return callback(new Error('Could not create mail var file:' + safe.error.message));
            }

@@ -41,6 +41,8 @@ function setDetail(tag, detail) {
    assert.strictEqual(typeof tag, 'string');
    assert.strictEqual(typeof detail, 'string');

+    if (!progress[tag]) return debug('unable to set detail %s', detail);
+
    progress[tag].detail = detail;
 }

@@ -52,7 +52,6 @@ function removeInternalAppFields(app) {
        health: app.health,
        location: app.location,
        accessRestriction: app.accessRestriction,
-        lastBackupId: app.lastBackupId,
        manifest: app.manifest,
        portBindings: app.portBindings,
        iconUrl: app.iconUrl,
@@ -121,6 +120,7 @@ function installApp(req, res, next) {
    if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));

    if (data.backupId && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
+    if (data.backupFormat && typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string or null'));

    // falsy values in cert and key unset the cert
    if (data.key && typeof data.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
@@ -313,17 +313,15 @@ function updateApp(req, res, next) {
    if ('appStoreId' in data && typeof data.appStoreId !== 'string') return next(new HttpError(400, 'appStoreId must be a string'));
    if (!data.manifest && !data.appStoreId) return next(new HttpError(400, 'appStoreId or manifest is required'));

-    if ('portBindings' in data && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
    if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));
    if ('force' in data && typeof data.force !== 'boolean') return next(new HttpError(400, 'force must be a boolean'));

-    debug('Update app id:%s to manifest:%j with portBindings:%j', req.params.id, data.manifest, data.portBindings);
+    debug('Update app id:%s to manifest:%j', req.params.id, data.manifest);

    apps.update(req.params.id, req.body, auditSource(req), function (error) {
        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
        if (error && error.reason === AppsError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === AppsError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, { }));
@@ -19,7 +19,9 @@ exports = module.exports = {
    sendTestMail: sendTestMail
 };

-var assert = require('assert'),
+var appstore = require('../appstore.js'),
+    AppstoreError = require('../appstore.js').AppstoreError,
+    assert = require('assert'),
    async = require('async'),
    cloudron = require('../cloudron.js'),
    CloudronError = cloudron.CloudronError,
@@ -66,13 +68,13 @@ function activate(req, res, next) {
        superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/done').query({ setupToken: req.query.setupToken })
            .timeout(30 * 1000)
            .end(function (error, result) {
-            if (error && !error.response) return next(new HttpError(500, error));
-            if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
-            if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
-            if (result.statusCode !== 201) return next(new HttpError(500, result.text || 'Internal error'));
+                if (error && !error.response) return next(new HttpError(500, error));
+                if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
+                if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
+                if (result.statusCode !== 201) return next(new HttpError(500, result.text || 'Internal error'));

-            next(new HttpSuccess(201, info));
-        });
+                next(new HttpSuccess(201, info));
+            });
    });
 }

@@ -100,15 +102,15 @@ function setupTokenAuth(req, res, next) {
        if (typeof req.query.setupToken !== 'string' || !req.query.setupToken) return next(new HttpError(400, 'setupToken must be a non empty string'));

        superagent.get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/verify').query({ setupToken:req.query.setupToken })
-        .timeout(30 * 1000)
-        .end(function (error, result) {
-            if (error && !error.response) return next(new HttpError(500, error));
-            if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
-            if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
-            if (result.statusCode !== 200) return next(new HttpError(500, result.text || 'Internal error'));
+            .timeout(30 * 1000)
+            .end(function (error, result) {
+                if (error && !error.response) return next(new HttpError(500, error));
+                if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
+                if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
+                if (result.statusCode !== 200) return next(new HttpError(500, result.text || 'Internal error'));

-            next();
-        });
+                next();
+            });
    } else {
        next();
    }
@@ -224,17 +226,20 @@ function checkForUpdates(req, res, next) {
 function feedback(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

-    if (req.body.type !== mailer.FEEDBACK_TYPE_FEEDBACK &&
-        req.body.type !== mailer.FEEDBACK_TYPE_TICKET &&
-        req.body.type !== mailer.FEEDBACK_TYPE_APP_MISSING &&
-        req.body.type !== mailer.FEEDBACK_TYPE_UPGRADE_REQUEST &&
-        req.body.type !== mailer.FEEDBACK_TYPE_APP_ERROR) return next(new HttpError(400, 'type must be either "ticket", "feedback", "app_missing", "app_error" or "upgrade_request"'));
+    const VALID_TYPES = [ 'feedback', 'ticket', 'app_missing', 'app_error', 'upgrade_request' ];
+
+    if (typeof req.body.type !== 'string' || !req.body.type) return next(new HttpError(400, 'type must be string'));
+    if (VALID_TYPES.indexOf(req.body.type) === -1) return next(new HttpError(400, 'unknown type'));
    if (typeof req.body.subject !== 'string' || !req.body.subject) return next(new HttpError(400, 'subject must be string'));
    if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));

-    mailer.sendFeedback(req.user, req.body.type, req.body.subject, req.body.description);
+    appstore.sendFeedback(_.extend(req.body, { email: req.user.alternateEmail || req.user.email, displayName: req.user.displayName }), function (error) {
+        if (error && error.reason === AppstoreError.BILLING_REQUIRED) return next(new HttpError(402, 'Login to App Store to create support tickets. You can also email support@cloudron.io'));
+        if (error) return next(new HttpError(503, 'Error contacting cloudron.io. Please email support@cloudron.io'));
+
+        next(new HttpSuccess(201, {}));
+    });

-    next(new HttpSuccess(201, {}));
 }

 function getLogs(req, res, next) {
@@ -4,8 +4,7 @@ exports = module.exports = {
    enabled: enabled,
    setEnabled: setEnabled,
    status: status,
-    login: login,
-    apps: apps
+    login: login
 };

 var developer = require('../developer.js'),
@@ -52,9 +51,3 @@ function login(req, res, next) {
  })(req, res, next);
 }

-function apps(req, res, next) {
-    developer.getNonApprovedApps(function (error, result) {
-        if (error) return next(new HttpError(500, error));
-        next(new HttpSuccess(200, { apps: result }));
-    });
-}
@@ -275,6 +275,7 @@ function setBackupConfig(req, res, next) {
    if (typeof req.body.retentionSecs !== 'number') return next(new HttpError(400, 'retentionSecs is required'));
    if ('key' in req.body && typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string'));
    if (typeof req.body.format !== 'string') return next(new HttpError(400, 'format must be a string'));
+    if ('acceptSelfSignedCerts' in req.body && typeof req.body.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'format must be a boolean'));

    settings.setBackupConfig(req.body, function (error) {
        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
@@ -22,7 +22,7 @@ var appdb = require('../../appdb.js'),
    hock = require('hock'),
    http = require('http'),
    https = require('https'),
-    js2xml = require('js2xmlparser'),
+    js2xml = require('js2xmlparser').parse,
    ldap = require('../../ldap.js'),
    net = require('net'),
    nock = require('nock'),
@@ -344,10 +344,10 @@ describe('App API', function () {
    it('app install fails - reserved admin location', function (done) {
        superagent.post(SERVER_URL + '/api/v1/apps/install')
               .query({ access_token: token })
-               .send({ manifest: APP_MANIFEST, location: constants.ADMIN_LOCATION, accessRestriction: null })
+               .send({ manifest: APP_MANIFEST, location: 'my', accessRestriction: null })
               .end(function (err, res) {
            expect(res.statusCode).to.equal(400);
-            expect(res.body.message).to.eql(constants.ADMIN_LOCATION + ' is reserved');
+            expect(res.body.message).to.eql('my is reserved');
            done();
        });
    });
@@ -648,7 +648,7 @@ describe('App installation', function () {
                awsHockInstance
                    .get('/2013-04-01/hostedzone')
                    .max(Infinity)
-                    .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { arrayMap: { HostedZones: 'HostedZone'} }), { 'Content-Type': 'application/xml' })
+                    .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }), { 'Content-Type': 'application/xml' })
                    .filteringPathRegEx(/name=[^&]*/, 'name=location')
                    .get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=location&type=A')
                    .max(Infinity)
@@ -10,12 +10,10 @@ var appdb = require('../../appdb.js'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
-    http = require('http'),
    nock = require('nock'),
    superagent = require('superagent'),
    server = require('../../server.js'),
-    settings = require('../../settings.js'),
-    url = require('url');
+    settings = require('../../settings.js');

 var SERVER_URL = 'http://localhost:' + config.get('port');

@@ -189,8 +189,6 @@ describe('Cloudron', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    config._reset();
-
                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                        .query({ setupToken: 'somesetuptoken' })
                        .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
@@ -484,8 +482,6 @@ describe('Cloudron', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    config._reset();
-
                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                        .query({ setupToken: 'somesetuptoken' })
                        .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
@@ -544,26 +540,6 @@ describe('Cloudron', function () {
                });
        });

-        it('succeeds with ticket type', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/feedback')
-                .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
-                .query({ access_token: token })
-                .end(function (error, result) {
-                    expect(result.statusCode).to.equal(201);
-                    done();
-                });
-        });
-
-        it('succeeds with app type', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/feedback')
-                .send({ type: 'app_missing', subject: 'some subject', description: 'some description' })
-                .query({ access_token: token })
-                .end(function (error, result) {
-                    expect(result.statusCode).to.equal(201);
-                    done();
-                });
-        });
-
        it('fails without description', function (done) {
            superagent.post(SERVER_URL + '/api/v1/feedback')
                .send({ type: 'ticket', subject: 'some subject' })
@@ -594,16 +570,6 @@ describe('Cloudron', function () {
                });
        });

-        it('succeeds with feedback type', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/feedback')
-                .send({ type: 'feedback', subject: 'some subject', description: 'some description' })
-                .query({ access_token: token })
-                .end(function (error, result) {
-                    expect(result.statusCode).to.equal(201);
-                    done();
-                });
-        });
-
        it('fails without subject', function (done) {
            superagent.post(SERVER_URL + '/api/v1/feedback')
                .send({ type: 'ticket', description: 'some description' })
@@ -613,6 +579,42 @@ describe('Cloudron', function () {
                    done();
                });
        });
+
+        it('succeeds with ticket type', function (done) {
+            var scope1 = nock(config.apiServerOrigin()).post('/api/v1/exchangeBoxTokenWithUserToken?token=APPSTORE_TOKEN').reply(201, { userId: 'USER_ID', cloudronId: 'CLOUDRON_ID', token: 'ACCESS_TOKEN' });
+            var scope2 = nock(config.apiServerOrigin())
+                .filteringRequestBody(function (/* unusedBody */) { return ''; }) // strip out body
+                .post('/api/v1/users/USER_ID/cloudrons/CLOUDRON_ID/feedback?accessToken=ACCESS_TOKEN')
+                .reply(201, { });
+
+            superagent.post(SERVER_URL + '/api/v1/feedback')
+                .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
+                .query({ access_token: token })
+                .end(function (error, result) {
+                    expect(result.statusCode).to.equal(201);
+                    expect(scope1.isDone()).to.be.ok();
+                    expect(scope2.isDone()).to.be.ok();
+                    done();
+                });
+        });
+
+        it('succeeds with app type', function (done) {
+            var scope1 = nock(config.apiServerOrigin()).post('/api/v1/exchangeBoxTokenWithUserToken?token=APPSTORE_TOKEN').reply(201, { userId: 'USER_ID', cloudronId: 'CLOUDRON_ID', token: 'ACCESS_TOKEN' });
+            var scope2 = nock(config.apiServerOrigin())
+                .filteringRequestBody(function (/* unusedBody */) { return ''; }) // strip out body
+                .post('/api/v1/users/USER_ID/cloudrons/CLOUDRON_ID/feedback?accessToken=ACCESS_TOKEN')
+                .reply(201, { });
+
+            superagent.post(SERVER_URL + '/api/v1/feedback')
+                .send({ type: 'app_missing', subject: 'some subject', description: 'some description' })
+                .query({ access_token: token })
+                .end(function (error, result) {
+                    expect(result.statusCode).to.equal(201);
+                    expect(scope1.isDone()).to.be.ok();
+                    expect(scope2.isDone()).to.be.ok();
+                    done();
+                });
+        });
    });

    describe('logs', function () {
@@ -624,8 +626,6 @@ describe('Cloudron', function () {
                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});

-                    config._reset();
-
                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                        .query({ setupToken: 'somesetuptoken' })
                        .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
@@ -70,7 +70,7 @@ describe('REST API', function () {
            .send("some invalid non-strict json")
           .end(function (error, result) {
            expect(result.statusCode).to.equal(400);
-            expect(result.body.message).to.be('Bad JSON');
+            expect(result.body.message).to.be('Failed to parse body');
            done();
        });
    });
@@ -59,26 +59,26 @@ function initializeExpressSync() {
    router.del = router.delete; // amend router.del for readability further on

    app
-       .use(middleware.timeout(REQUEST_TIMEOUT))
-       .use(json)
-       .use(urlencoded)
-       .use(middleware.cookieParser())
-       .use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
-       .use(middleware.session({
-           secret: hat(128), // we only use the session during oauth, and already have an in-memory session store, so we can safely change that during restarts
-           resave: true,
-           saveUninitialized: true,
-           cookie: {
-               path: '/',
-               httpOnly: true,
-               secure: process.env.BOX_ENV !== 'test',
-               maxAge: 600000
-           }
-       }))
-       .use(passport.initialize())
-       .use(passport.session())
-       .use(router)
-       .use(middleware.lastMile());
+        .use(middleware.timeout(REQUEST_TIMEOUT))
+        .use(json)
+        .use(urlencoded)
+        .use(middleware.cookieParser())
+        .use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
+        .use(middleware.session({
+            secret: hat(128), // we only use the session during oauth, and already have an in-memory session store, so we can safely change that during restarts
+            resave: true,
+            saveUninitialized: true,
+            cookie: {
+                path: '/',
+                httpOnly: true,
+                secure: process.env.BOX_ENV !== 'test',
+                maxAge: 600000
+            }
+        }))
+        .use(passport.initialize())
+        .use(passport.session())
+        .use(router)
+        .use(middleware.lastMile());

    // NOTE: these limits have to be in sync with nginx limits
    var FILE_SIZE_LIMIT = '256mb', // max file size that can be uploaded (see also client_max_body_size in nginx)
@@ -108,7 +108,6 @@ function initializeExpressSync() {
    router.post('/api/v1/developer', developerScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.developer.setEnabled);
    router.get ('/api/v1/developer', developerScope, routes.developer.enabled, routes.developer.status);
    router.post('/api/v1/developer/login', routes.developer.enabled, routes.developer.login);
-    router.get ('/api/v1/developer/apps', developerScope, routes.developer.enabled, routes.developer.apps);

    // cloudron routes
    router.get ('/api/v1/cloudron/config', cloudronScope, routes.cloudron.getConfig);
@@ -284,11 +283,11 @@ function initializeSysadminExpressSync() {
    router.del = router.delete; // amend router.del for readability further on

    app
-       .use(middleware.timeout(REQUEST_TIMEOUT))
-       .use(json)
-       .use(urlencoded)
-       .use(router)
-       .use(middleware.lastMile());
+        .use(middleware.timeout(REQUEST_TIMEOUT))
+        .use(json)
+        .use(urlencoded)
+        .use(router)
+        .use(middleware.lastMile());

    // Sysadmin routes
    router.post('/api/v1/backup', routes.sysadmin.backup);
@@ -33,9 +33,6 @@ exports = module.exports = {
    getTlsConfig: getTlsConfig,
    setTlsConfig: setTlsConfig,

-    getUpdateConfig: getUpdateConfig,
-    setUpdateConfig: setUpdateConfig,
-
    getAppstoreConfig: getAppstoreConfig,
    setAppstoreConfig: setAppstoreConfig,

@@ -429,30 +426,6 @@ function setBackupConfig(backupConfig, callback) {
    });
 }

-function getUpdateConfig(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    settingsdb.get(exports.UPDATE_CONFIG_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.UPDATE_CONFIG_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        callback(null, JSON.parse(value)); // { prerelease }
-    });
-}
-
-function setUpdateConfig(updateConfig, callback) {
-    assert.strictEqual(typeof updateConfig, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    settingsdb.set(exports.UPDATE_CONFIG_KEY, JSON.stringify(updateConfig), function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        exports.events.emit(exports.UPDATE_CONFIG_KEY, updateConfig);
-
-        callback(null);
-    });
-}
-
 function getMailConfig(callback) {
    assert.strictEqual(typeof callback, 'function');

@@ -42,10 +42,9 @@ function exec(tag, file, args, options, callback) {
    debug(tag + ' execFile: %s', file); // do not dump args as it might have sensitive info

    var cp = child_process.spawn(file, args, options);
-    if (options.logFile) {
-        var logFile = fs.createWriteStream(options.logFile);
-        cp.stdout.pipe(logFile);
-        cp.stderr.pipe(logFile);
+    if (options.logStream) {
+        cp.stdout.pipe(options.logStream);
+        cp.stderr.pipe(options.logStream);
    } else {
        cp.stdout.on('data', function (data) {
            debug(tag + ' (stdout): %s', data.toString('utf8'));
@@ -76,19 +76,22 @@ function download(apiConfig, sourceFilePath, callback) {
    callback(null, fileStream);
 }

-function downloadDir(apiConfig, backupFilePath, destDir, callback) {
+function downloadDir(apiConfig, backupFilePath, destDir) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupFilePath, 'string');
    assert.strictEqual(typeof destDir, 'string');
-    assert.strictEqual(typeof callback, 'function');

-    debug('downloadDir: %s -> %s', backupFilePath, destDir);
+    var events = new EventEmitter();
+
+    events.emit('progress', `downloadDir: ${backupFilePath} to ${destDir}`);

    shell.exec('downloadDir', '/bin/cp', [ '-r', backupFilePath + '/.', destDir ], { }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

-        callback(null);
+        events.emit('done', null);
    });
+
+    return events;
 }

 function copy(apiConfig, oldFilePath, newFilePath) {
@@ -104,7 +107,8 @@ function copy(apiConfig, oldFilePath, newFilePath) {
        if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

        // this will hardlink backups saving space
-        shell.exec('copy', '/bin/cp', [ '-al', oldFilePath, newFilePath ], { }, function (error) {
+        var cpOptions = apiConfig.noHardlinks ? '-a' : '-al';
+        shell.exec('copy', '/bin/cp', [ cpOptions, oldFilePath, newFilePath ], { }, function (error) {
            if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

            events.emit('done', null);
@@ -131,16 +135,21 @@ function remove(apiConfig, filename, callback) {
    callback(null);
 }

-function removeDir(apiConfig, pathPrefix, callback) {
+function removeDir(apiConfig, pathPrefix) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof pathPrefix, 'string');
-    assert.strictEqual(typeof callback, 'function');
+
+    var events = new EventEmitter();
+
+    events.emit('progress', `downloadDir: ${pathPrefix}`);

    shell.exec('removeDir', '/bin/rm', [ '-rf', pathPrefix ], { }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

-        callback(null);
+        events.emit('done', null);
    });
+
+    return events;
 }

 function testConfig(apiConfig, callback) {
@@ -151,15 +160,18 @@ function testConfig(apiConfig, callback) {

    if (!apiConfig.backupFolder) return callback(new BackupsError(BackupsError.BAD_FIELD, 'backupFolder is required'));

-    fs.stat(apiConfig.backupFolder, function (error, result) {
-        if (error) {
-            debug('testConfig: %s', apiConfig.backupFolder, error);
-            return callback(new BackupsError(BackupsError.BAD_FIELD, 'Directory does not exist or cannot be accessed'));
-        }
+    if ('noHardlinks' in apiConfig && typeof apiConfig.noHardlinks !== 'boolean') return callback(new BackupsError(BackupsError.BAD_FIELD, 'noHardlinks must be boolean'));

+    fs.stat(apiConfig.backupFolder, function (error, result) {
+        if (error) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Directory does not exist or cannot be accessed: ' + error.message));
        if (!result.isDirectory()) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Backup location is not a directory'));

-        callback(null);
+        mkdirp(path.join(apiConfig.backupFolder, 'snapshot'), function (error) {
+            if (error && error.code === 'EACCES') return callback(new BackupsError(BackupsError.BAD_FIELD, `Access denied. Run "chown yellowtent:yellowtent ${apiConfig.backupFolder}" on the server`));
+            if (error) return callback(new BackupsError(BackupsError.BAD_FIELD, error.message));
+
+            callback(null);
+        });
    });
 }

@@ -43,13 +43,14 @@ function download(apiConfig, backupFilePath, callback) {
    callback(new Error('not implemented'));
 }

-function downloadDir(apiConfig, backupFilePath, destDir, callback) {
+function downloadDir(apiConfig, backupFilePath, destDir) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupFilePath, 'string');
    assert.strictEqual(typeof destDir, 'string');
-    assert.strictEqual(typeof callback, 'function');

-    callback(new Error('not implemented'));
+    var events = new EventEmitter();
+    process.nextTick(function () { events.emit('done', null); });
+    return events;
 }

 function copy(apiConfig, oldFilePath, newFilePath) {
@@ -72,14 +73,14 @@ function remove(apiConfig, filename, callback) {
    callback(new Error('not implemented'));
 }

-function removeDir(apiConfig, pathPrefix, callback) {
+function removeDir(apiConfig, pathPrefix) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof pathPrefix, 'string');
-    assert.strictEqual(typeof callback, 'function');

    // Result: none
-
-    callback(new Error('not implemented'));
+    var events = new EventEmitter();
+    process.nextTick(function () { events.emit('done', new Error('not implemented')); });
+    return events;
 }

 function testConfig(apiConfig, callback) {
@@ -39,15 +39,18 @@ function download(apiConfig, backupFilePath, callback) {
    callback(new Error('Cannot download from noop backend'));
 }

-function downloadDir(apiConfig, backupFilePath, destDir, callback) {
+function downloadDir(apiConfig, backupFilePath, destDir) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupFilePath, 'string');
    assert.strictEqual(typeof destDir, 'string');
-    assert.strictEqual(typeof callback, 'function');

-    debug('downloadDir: %s -> %s', backupFilePath, destDir);
+    var events = new EventEmitter();
+    process.nextTick(function () {
+        debug('downloadDir: %s -> %s', backupFilePath, destDir);

-    callback(new Error('Cannot download from noop backend'));
+        events.emit('done', new Error('Cannot download from noop backend'));
+    });
+    return events;
 }

 function copy(apiConfig, oldFilePath, newFilePath) {
@@ -72,14 +75,15 @@ function remove(apiConfig, filename, callback) {
    callback(null);
 }

-function removeDir(apiConfig, pathPrefix, callback) {
+function removeDir(apiConfig, pathPrefix) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof pathPrefix, 'string');
-    assert.strictEqual(typeof callback, 'function');

    debug('removeDir: %s', pathPrefix);

-    callback(null);
+    var events = new EventEmitter();
+    process.nextTick(function () { events.emit('done', null); });
+    return events;
 }

 function testConfig(apiConfig, callback) {
@@ -22,15 +22,17 @@ var assert = require('assert'),
    async = require('async'),
    AWS = require('aws-sdk'),
    BackupsError = require('../backups.js').BackupsError,
+    chunk = require('lodash.chunk'),
    config = require('../config.js'),
    debug = require('debug')('box:storage/s3'),
    EventEmitter = require('events'),
    fs = require('fs'),
-    chunk = require('lodash.chunk'),
+    https = require('https'),
    mkdirp = require('mkdirp'),
    PassThrough = require('stream').PassThrough,
    path = require('path'),
    S3BlockReadStream = require('s3-block-read-stream'),
+    safe = require('safetydance'),
    superagent = require('superagent');

 // test only
@@ -46,7 +48,7 @@ function mockRestore() {

 var gCachedCaasCredentials = { issueDate: null, credentials: null };

-function getCaasCredentials(apiConfig, callback) {
+function getCaasConfig(apiConfig, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof callback, 'function');
    assert(apiConfig.token);
@@ -68,7 +70,11 @@ function getCaasCredentials(apiConfig, callback) {
            accessKeyId: result.body.credentials.AccessKeyId,
            secretAccessKey: result.body.credentials.SecretAccessKey,
            sessionToken: result.body.credentials.SessionToken,
-            region: apiConfig.region || 'us-east-1'
+            region: apiConfig.region || 'us-east-1',
+            maxRetries: 5,
+            retryDelayOptions: {
+                base: 20000         // 2^5 * 20 seconds
+            }
        };

        if (apiConfig.endpoint) credentials.endpoint = new AWS.Endpoint(apiConfig.endpoint);
@@ -82,22 +88,31 @@ function getCaasCredentials(apiConfig, callback) {
    });
 }

-function getBackupCredentials(apiConfig, callback) {
+function getS3Config(apiConfig, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof callback, 'function');

-    if (apiConfig.provider === 'caas') return getCaasCredentials(apiConfig, callback);
+    if (apiConfig.provider === 'caas') return getCaasConfig(apiConfig, callback);

    var credentials = {
        signatureVersion: apiConfig.signatureVersion || 'v4',
-        s3ForcePathStyle: true,
+        s3ForcePathStyle: true, // Force use path-style url (http://endpoint/bucket/path) instead of host-style (http://bucket.endpoint/path)
        accessKeyId: apiConfig.accessKeyId,
        secretAccessKey: apiConfig.secretAccessKey,
-        region: apiConfig.region || 'us-east-1'
+        region: apiConfig.region || 'us-east-1',
+        maxRetries: 5,
+        retryDelayOptions: {
+            base: 20000         // 2^5 * 20 seconds
+        }
    };

    if (apiConfig.endpoint) credentials.endpoint = apiConfig.endpoint;

+    if (apiConfig.acceptSelfSignedCerts === true && credentials.endpoint && credentials.endpoint.startsWith('https://')) {
+        credentials.httpOptions.agent = {
+            agent: new https.Agent({ rejectUnauthorized: false })
+        };
+    }
    callback(null, credentials);
 }

@@ -108,7 +123,16 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
    assert.strictEqual(typeof sourceStream, 'object');
    assert.strictEqual(typeof callback, 'function');

-    getBackupCredentials(apiConfig, function (error, credentials) {
+    function done(error) {
+        if (error) {
+            debug('[%s] upload: s3 upload error.', backupFilePath, error);
+            return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}. Message: ${error.message} HTTP Code: ${error.code}`));
+        }
+
+        callback(null);
+    }
+
+    getS3Config(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var params = {
@@ -118,15 +142,18 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
        };

        var s3 = new AWS.S3(credentials);
-        // s3.upload automatically does a multi-part upload. we set queueSize to 1 to reduce memory usage
-        s3.upload(params, { partSize: 10 * 1024 * 1024, queueSize: 1 }, function (error) {
-            if (error) {
-                debug('[%s] upload: s3 upload error.', backupFilePath, error);
-                return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}: ${error.message}`));
-            }

-            callback(null);
-        });
+        // exoscale does not like multi-part uploads. so avoid them for filesystem streams < 5GB
+        if (apiConfig.provider === 'exoscale-sos' && typeof sourceStream.path === 'string') {
+            var stat = safe.fs.statSync(sourceStream.path);
+            if (!stat) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error detecting size ${sourceStream.path}. Message: ${safe.error.message}`));
+
+            if (stat.size <= 5 * 1024 * 1024 * 1024) return s3.putObject(params, done);
+        }
+
+        // s3.upload automatically does a multi-part upload. we set queueSize to 1 to reduce memory usage
+        // uploader will buffer at most queueSize * partSize bytes into memory at any given time.
+        return s3.upload(params, { partSize: 10 * 1024 * 1024, queueSize: 1 }, done);
    });
 }

@@ -135,7 +162,7 @@ function download(apiConfig, backupFilePath, callback) {
    assert.strictEqual(typeof backupFilePath, 'string');
    assert.strictEqual(typeof callback, 'function');

-    getBackupCredentials(apiConfig, function (error, credentials) {
+    getS3Config(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var params = {
@@ -163,8 +190,8 @@ function download(apiConfig, backupFilePath, callback) {
    });
 }

-function listDir(apiConfig, backupFilePath, options, iteratorCallback, callback) {
-    getBackupCredentials(apiConfig, function (error, credentials) {
+function listDir(apiConfig, backupFilePath, iteratorCallback, callback) {
+    getS3Config(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var s3 = new AWS.S3(credentials);
@@ -173,27 +200,21 @@ function listDir(apiConfig, backupFilePath, options, iteratorCallback, callback)
            Prefix: backupFilePath
        };

-        var total = 0;
-
        async.forever(function listAndDownload(foreverCallback) {
-            s3.listObjectsV2(listParams, function (error, listData) {
+            s3.listObjects(listParams, function (error, listData) {
                if (error) {
                    debug('remove: Failed to list %s. Not fatal.', error);
                    return foreverCallback(error);
                }

-                debug('listDir: processing %s files (processed %s so far)', listData.Contents.length, total);
+                if (listData.Contents.length === 0) return foreverCallback(new Error('Done'));

-                var arr = options.batchSize === 1 ? listData.Contents : chunk(listData.Contents, options.batchSize);
-
-                async.eachLimit(arr, 10, iteratorCallback.bind(null, s3), function iteratorDone(error) {
+                iteratorCallback(s3, listData.Contents, function (error) {
                    if (error) return foreverCallback(error);

-                    total += listData.KeyCount;
-
                    if (!listData.IsTruncated) return foreverCallback(new Error('Done'));

-                    listParams.StartAfter = listData.Contents[listData.Contents.length - 1].Key; // NextMarker is returned only with delimiter
+                    listParams.Marker = listData.Contents[listData.Contents.length - 1].Key; // NextMarker is returned only with delimiter

                    foreverCallback();
                });
@@ -206,15 +227,19 @@ function listDir(apiConfig, backupFilePath, options, iteratorCallback, callback)
    });
 }

-function downloadDir(apiConfig, backupFilePath, destDir, callback) {
+function downloadDir(apiConfig, backupFilePath, destDir) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupFilePath, 'string');
    assert.strictEqual(typeof destDir, 'string');
-    assert.strictEqual(typeof callback, 'function');

-    listDir(apiConfig, backupFilePath, { batchSize: 1 }, function downloadFile(s3, content, iteratorCallback) {
+    var events = new EventEmitter();
+    var total = 0;
+
+    function downloadFile(s3, content, iteratorCallback) {
        var relativePath = path.relative(backupFilePath, content.Key);

+        events.emit('progress', `Downloading ${relativePath}`);
+
        mkdirp(path.dirname(path.join(destDir, relativePath)), function (error) {
            if (error) return iteratorCallback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

@@ -234,7 +259,20 @@ function downloadDir(apiConfig, backupFilePath, destDir, callback) {
                destStream.on('finish', iteratorCallback);
            });
        });
-    }, callback);
+    }
+
+    const concurrency = 10;
+
+    listDir(apiConfig, backupFilePath, function (s3, objects, done) {
+        total += objects.length;
+        async.eachLimit(objects, concurrency, downloadFile.bind(null, s3), done);
+    }, function (error) {
+        events.emit('progress', `Downloaded ${total} files`);
+
+        events.emit('done', error);
+    });
+
+    return events;
 }

 function copy(apiConfig, oldFilePath, newFilePath) {
@@ -242,16 +280,16 @@ function copy(apiConfig, oldFilePath, newFilePath) {
    assert.strictEqual(typeof oldFilePath, 'string');
    assert.strictEqual(typeof newFilePath, 'string');

-    var events = new EventEmitter();
+    var events = new EventEmitter(), retryCount = 0;

-    listDir(apiConfig, oldFilePath, { batchSize: 1 }, function copyFile(s3, content, iteratorCallback) {
+    function copyFile(s3, content, iteratorCallback) {
        var relativePath = path.relative(oldFilePath, content.Key);

        function done(error) {
            if (error && error.code === 'NoSuchKey') return iteratorCallback(new BackupsError(BackupsError.NOT_FOUND, `Old backup not found: ${content.Key}`));
            if (error) {
-                debug('copy: s3 copy error.', error);
-                return iteratorCallback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error copying ${content.Key} : ${error.message}`));
+                debug('copy: s3 copy error when copying %s %s', content.Key, error);
+                return iteratorCallback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error copying ${content.Key} : ${error.message} ${error.code}`));
            }

            iteratorCallback(null);
@@ -263,14 +301,20 @@ function copy(apiConfig, oldFilePath, newFilePath) {
        };

        // S3 copyObject has a file size limit of 5GB so if we have larger files, we do a multipart copy
-        if (content.Size < 5 * 1024 * 1024 * 1024) {
-            events.emit('progress', 'Copying ' + content.Key.slice(oldFilePath.length+1));
+        if (content.Size < 5 * 1024 * 1024 * 1024 || apiConfig.provider === 'digitalocean-spaces') { // DO has not implemented this yet
+            events.emit('progress', `Copying ${relativePath}`);

-            copyParams.CopySource = encodeURIComponent(path.join(apiConfig.bucket, content.Key)); // See aws-sdk-js/issues/1302
-            return s3.copyObject(copyParams, done);
+            // for exoscale, '/' should not be encoded
+            copyParams.CopySource = path.join(apiConfig.bucket, encodeURIComponent(content.Key)); // See aws-sdk-js/issues/1302
+            s3.copyObject(copyParams, done).on('retry', function (response) {
+                ++retryCount;
+                events.emit('progress', `Retrying (${response.retryCount+1}) copy of ${relativePath}. Status code: ${response.httpResponse.statusCode}`);
+            });
+
+            return;
        }

-        events.emit('progress', 'Copying (multipart) ' + content.Key.slice(oldFilePath.length+1));
+        events.emit('progress', `Copying (multipart) ${relativePath}`);

        s3.createMultipartUpload(copyParams, function (error, result) {
            if (error) return done(error);
@@ -290,7 +334,7 @@ function copy(apiConfig, oldFilePath, newFilePath) {
                var params = {
                    Bucket: apiConfig.bucket,
                    Key: path.join(newFilePath, relativePath),
-                    CopySource: encodeURIComponent(path.join(apiConfig.bucket, content.Key)),
+                    CopySource: path.join(apiConfig.bucket, encodeURIComponent(content.Key)), // See aws-sdk-js/issues/1302
                    CopySourceRange: 'bytes=' + startBytes + '-' + endBytes,
                    PartNumber: partNumber,
                    UploadId: uploadId
@@ -315,12 +359,29 @@ function copy(apiConfig, oldFilePath, newFilePath) {
                    };

                    s3.completeMultipartUpload(params, done);
+                }).on('retry', function (response) {
+                    ++retryCount;
+                    events.emit('progress', `Retrying (${response.retryCount+1}) multipart copy of ${relativePath}. Status code: ${response.httpResponse.statusCode}`);
                });
            }

            copyNextChunk();
        });
+    }
+
+    var total = 0, concurrency = 4;
+
+    listDir(apiConfig, oldFilePath, function (s3, objects, done) {
+        total += objects.length;
+
+        if (retryCount === 0) concurrency = Math.min(concurrency + 1, 10); else concurrency = Math.max(concurrency - 1, 5);
+        events.emit('progress', `${retryCount} errors. concurrency set to ${concurrency}`);
+        retryCount = 0;
+
+        async.eachLimit(objects, concurrency, copyFile.bind(null, s3), done);
    }, function (error) {
+        events.emit('progress', `Copied ${total} files`);
+
        events.emit('done', error);
    });

@@ -332,7 +393,7 @@ function remove(apiConfig, filename, callback) {
    assert.strictEqual(typeof filename, 'string');
    assert.strictEqual(typeof callback, 'function');

-    getBackupCredentials(apiConfig, function (error, credentials) {
+    getS3Config(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var s3 = new AWS.S3(credentials);
@@ -352,12 +413,14 @@ function remove(apiConfig, filename, callback) {
    });
 }

-function removeDir(apiConfig, pathPrefix, callback) {
+function removeDir(apiConfig, pathPrefix) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof pathPrefix, 'string');
-    assert.strictEqual(typeof callback, 'function');

-    listDir(apiConfig, pathPrefix, { batchSize: 1000 }, function deleteFiles(s3, contents, iteratorCallback) {
+    var events = new EventEmitter();
+    var total = 0;
+
+    function deleteFiles(s3, contents, iteratorCallback) {
        var deleteParams = {
            Bucket: apiConfig.bucket,
            Delete: {
@@ -365,16 +428,32 @@ function removeDir(apiConfig, pathPrefix, callback) {
            }
        };

+        events.emit('progress', `Removing ${contents.length} files from ${contents[0].Key} to ${contents[contents.length-1].Key}`);
+
        s3.deleteObjects(deleteParams, function (error /*, deleteData */) {
            if (error) {
-                debug('removeDir: Unable to remove %s. Not fatal.', deleteParams.Key, error);
+                events.emit('progress', `Unable to remove ${deleteParams.Key} ${error.message}`);
                return iteratorCallback(error);
            }
-            // debug('removeDir: Deleted: %j Errors: %j', deleteData.Deleted, deleteData.Errors);

            iteratorCallback();
        });
-    }, callback);
+    }
+
+    listDir(apiConfig, pathPrefix, function (s3, objects, done) {
+        total += objects.length;
+
+        const batchSize = apiConfig.provider !== 'digitalocean-spaces' ? 1000 : 100; // throttle objects in each request
+        var chunks = batchSize === 1 ? objects : chunk(objects, batchSize);
+
+        async.eachSeries(chunks, deleteFiles.bind(null, s3), done);
+    }, function (error) {
+        events.emit('progress', `Removed ${total} files`);
+
+        events.emit('done', error);
+    });
+
+    return events;
 }

 function testConfig(apiConfig, callback) {
@@ -394,7 +473,7 @@ function testConfig(apiConfig, callback) {
    if ('endpoint' in apiConfig && typeof apiConfig.endpoint !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'endpoint must be a string'));

    // attempt to upload and delete a file with new credentials
-    getBackupCredentials(apiConfig, function (error, credentials) {
+    getS3Config(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var params = {
@@ -49,11 +49,16 @@ function sync(dir, taskProcessor, concurrency, callback) {
    var cacheFile = path.join(paths.BACKUP_INFO_DIR, path.basename(dir) + '.sync.cache'),
        newCacheFile = path.join(paths.BACKUP_INFO_DIR, path.basename(dir) + '.sync.cache.new');

-    if (!safe.fs.existsSync(cacheFile)) { // if cache is missing, start out empty. TODO: do a remote listDir and rebuild
-        delQueue.push({ operation: 'removedir', path: '', reason: 'nocache' });
-    }
+    var cache = [ ];

-    var cache = readCache(cacheFile);
+    // if cache is missing or if we crashed/errored in previous run, start out empty. TODO: do a remote listDir and rebuild
+    if (!safe.fs.existsSync(cacheFile)) {
+        delQueue.push({ operation: 'removedir', path: '', reason: 'nocache' });
+    } else if (safe.fs.existsSync(newCacheFile)) {
+        delQueue.push({ operation: 'removedir', path: '', reason: 'crash' });
+    } else {
+        cache = readCache(cacheFile);
+    }

    var newCacheFd = safe.fs.openSync(newCacheFile, 'w'); // truncates any existing file
    if (newCacheFd === -1) return callback(new Error('Error opening new cache file: ' + safe.error.message));
@@ -135,7 +135,7 @@ describe('Apps', function () {

    describe('validateHostname', function () {
        it('does not allow admin subdomain', function () {
-            expect(apps._validateHostname(constants.ADMIN_LOCATION, 'cloudron.us')).to.be.an(Error);
+            expect(apps._validateHostname('my', 'cloudron.us')).to.be.an(Error);
        });

        it('cannot have >63 length subdomains', function () {
@@ -325,11 +325,13 @@ describe('Apps', function () {
            });
        });

-        it('succeeds with admin not being special', function (done) {
+        it('returns all apps for admin', function (done) {
            apps.getAllByUser(ADMIN_0, function (error, result) {
                expect(error).to.equal(null);
-                expect(result.length).to.equal(1);
+                expect(result.length).to.equal(3);
                expect(result[0].id).to.equal(APP_0.id);
+                expect(result[1].id).to.equal(APP_1.id);
+                expect(result[2].id).to.equal(APP_2.id);
                done();
            });
        });
@@ -13,7 +13,7 @@ var addons = require('../addons.js'),
    database = require('../database.js'),
    expect = require('expect.js'),
    fs = require('fs'),
-    js2xml = require('js2xmlparser'),
+    js2xml = require('js2xmlparser').parse,
    net = require('net'),
    nock = require('nock'),
    paths = require('../paths.js'),
@@ -181,7 +181,7 @@ describe('apptask', function () {
        var badApp = _.extend({ }, APP);
        badApp.manifest = { };

-        apptask._verifyManifest(badApp, function (error) {
+        apptask._verifyManifest(badApp.manifest, function (error) {
            expect(error).to.be.ok();
            done();
        });
@@ -192,7 +192,7 @@ describe('apptask', function () {
        badApp.manifest = _.extend({ }, APP.manifest);
        delete badApp.manifest.id;

-        apptask._verifyManifest(badApp, function (error) {
+        apptask._verifyManifest(badApp.manifest, function (error) {
            expect(error).to.be.ok();
            done();
        });
@@ -203,7 +203,7 @@ describe('apptask', function () {
        badApp.manifest = _.extend({ }, APP.manifest);
        badApp.manifest.maxBoxVersion = '0.0.0'; // max box version is too small

-        apptask._verifyManifest(badApp, function (error) {
+        apptask._verifyManifest(badApp.manifest, function (error) {
            expect(error).to.be.ok();
            done();
        });
@@ -212,7 +212,7 @@ describe('apptask', function () {
    it('verifies manifest', function (done) {
        var goodApp = _.extend({ }, APP);

-        apptask._verifyManifest(goodApp, function (error) {
+        apptask._verifyManifest(goodApp.manifest, function (error) {
            expect(error).to.be(null);
            done();
        });
@@ -224,7 +224,7 @@ describe('apptask', function () {
        var awsScope = nock('http://localhost:5353')
            .get('/2013-04-01/hostedzone')
            .times(2)
-            .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { arrayMap: { HostedZones: 'HostedZone'} }))
+            .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
            .get('/2013-04-01/hostedzone/ZONEID/rrset?maxitems=1&name=applocation.' + config.fqdn() + '.&type=A')
            .reply(200, js2xml('ListResourceRecordSetsResponse', { ResourceRecordSets: [ ] }, { 'Content-Type': 'application/xml' }))
            .post('/2013-04-01/hostedzone/ZONEID/rrset/')
@@ -242,7 +242,7 @@ describe('apptask', function () {

        var awsScope = nock('http://localhost:5353')
            .get('/2013-04-01/hostedzone')
-            .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { arrayMap: { HostedZones: 'HostedZone'} }))
+            .reply(200, js2xml('ListHostedZonesResponse', awsHostedZones, { wrapHandlers: { HostedZones: () => 'HostedZone'} }))
            .post('/2013-04-01/hostedzone/ZONEID/rrset/')
            .reply(200, js2xml('ChangeResourceRecordSetsResponse', { ChangeInfo: { Id: 'RRID', Status: 'INSYNC' } }));

@@ -92,14 +92,17 @@ function createBackup(callback) {

 describe('backups', function () {
    before(function (done) {
+        const BACKUP_DIR = path.join(os.tmpdir(), 'cloudron-backup-test');
+
        async.series([
+            mkdirp.bind(null, BACKUP_DIR),
            database.initialize,
            database._clear,
            settings.initialize,
            settings.setBackupConfig.bind(null, {
                provider: 'filesystem',
                key: 'enckey',
-                backupFolder: '/var/backups',
+                backupFolder: BACKUP_DIR,
                retentionSecs: 1,
                format: 'tgz'
            })
@@ -121,7 +124,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_BOX,
            dependsOn: [ 'backup-app-00', 'backup-app-01' ],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -130,7 +133,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_APP,
            dependsOn: [],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -139,7 +142,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_APP,
            dependsOn: [],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -148,7 +151,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_BOX,
            dependsOn: [ 'backup-app-10', 'backup-app-11' ],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -157,7 +160,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_APP,
            dependsOn: [],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -166,7 +169,7 @@ describe('backups', function () {
            version: '1.0.0',
            type: backupdb.BACKUP_TYPE_APP,
            dependsOn: [],
-            restoreConfig: null,
+            manifest: null,
            format: 'tgz'
        };

@@ -244,7 +247,7 @@ describe('backups', function () {
        });
    });

-    describe('empty dirs', function () {
+    describe('fs meta data', function () {
        var tmpdir;
        before(function () {
            tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'backups-test'));
@@ -253,28 +256,34 @@ describe('backups', function () {
            rimraf.sync(tmpdir);
        });

-        it('saves empty dirs file', function (done) {
+        it('saves special files', function (done) {
            createTree(tmpdir, { 'data': { 'subdir': { 'emptydir': { } } }, 'dir2': { 'file': 'stuff' } });
+            fs.chmodSync(path.join(tmpdir, 'dir2/file'), parseInt('0755', 8));

-            backups._saveEmptyDirs(tmpdir, function (error) {
+            backups._saveFsMetadata(tmpdir, function (error) {
                expect(error).to.not.be.ok();

-                var emptyDirs = fs.readFileSync(path.join(tmpdir, 'emptydirs.txt'), 'utf8').trim().split('\n');
+                var emptyDirs = JSON.parse(fs.readFileSync(path.join(tmpdir, 'fsmetadata.json'), 'utf8')).emptyDirs;
                expect(emptyDirs).to.eql(['./data/subdir/emptydir']);

+                var execFiles = JSON.parse(fs.readFileSync(path.join(tmpdir, 'fsmetadata.json'), 'utf8')).execFiles;
+                expect(execFiles).to.eql(['./dir2/file']);
+
                done();
            });
        });

-        it('creates empty dirs file', function (done) {
+        it('restores special files', function (done) {
            rimraf.sync(path.join(tmpdir, 'data'));

            expect(fs.existsSync(path.join(tmpdir, 'data/subdir/emptydir'))).to.be(false); // just make sure rimraf worked

-            backups._createEmptyDirs(tmpdir, function (error) {
+            backups._restoreFsMetadata(tmpdir, function (error) {
                expect(error).to.not.be.ok();

                expect(fs.existsSync(path.join(tmpdir, 'data/subdir/emptydir'))).to.be(true);
+                var mode = fs.statSync(path.join(tmpdir, 'dir2/file')).mode;
+                expect(mode & ~fs.constants.S_IFREG).to.be(parseInt('0755', 8));

                done();
            });
@@ -6,7 +6,6 @@
 'use strict';

 var config = require('../config.js'),
-    constants = require('../constants.js'),
    expect = require('expect.js'),
    fs = require('fs'),
    path = require('path');
@@ -25,11 +24,6 @@ describe('config', function () {
        done();
    });

-    it('cloudron.conf generated automatically', function (done) {
-        expect(fs.existsSync(path.join(config.baseDir(), 'configs/cloudron.conf'))).to.be.ok();
-        done();
-    });
-
    it('can get and set version', function (done) {
        config.setVersion('1.2.3');
        expect(config.version()).to.be('1.2.3');
@@ -38,15 +32,20 @@ describe('config', function () {

    it('did set default values', function () {
        expect(config.isCustomDomain()).to.equal(true);
-        expect(config.fqdn()).to.equal('localhost');
-        expect(config.adminOrigin()).to.equal('https://' + constants.ADMIN_LOCATION + '.localhost');
-        expect(config.appFqdn('app')).to.equal('app.localhost');
+        expect(config.fqdn()).to.equal('');
        expect(config.zoneName()).to.equal('');
+        expect(config.adminLocation()).to.equal('my');
    });

    it('set saves value in file', function (done) {
+        config.set('fqdn', 'example.com');
+        expect(JSON.parse(fs.readFileSync(path.join(config.baseDir(), 'configs/cloudron.conf'))).fqdn).to.eql('example.com');
+        done();
+    });
+
+    it('set does not save custom values in file', function (done) {
        config.set('foobar', 'somevalue');
-        expect(JSON.parse(fs.readFileSync(path.join(config.baseDir(), 'configs/cloudron.conf'))).foobar).to.eql('somevalue');
+        expect(JSON.parse(fs.readFileSync(path.join(config.baseDir(), 'configs/cloudron.conf'))).foobar).to.not.be.ok();
        done();
    });

@@ -68,7 +67,7 @@ describe('config', function () {

        expect(config.isCustomDomain()).to.equal(true);
        expect(config.fqdn()).to.equal('example.com');
-        expect(config.adminOrigin()).to.equal('https://' + constants.ADMIN_LOCATION + '.example.com');
+        expect(config.adminOrigin()).to.equal('https://my.example.com');
        expect(config.appFqdn('app')).to.equal('app.example.com');
        expect(config.zoneName()).to.equal('example.com');
    });
@@ -79,7 +78,7 @@ describe('config', function () {

        expect(config.isCustomDomain()).to.equal(false);
        expect(config.fqdn()).to.equal('test.example.com');
-        expect(config.adminOrigin()).to.equal('https://' + constants.ADMIN_LOCATION + '-test.example.com');
+        expect(config.adminOrigin()).to.equal('https://my-test.example.com');
        expect(config.appFqdn('app')).to.equal('app-test.example.com');
        expect(config.zoneName()).to.equal('example.com');
    });
@@ -536,8 +536,9 @@ describe('database', function () {
            portBindings: { port: 5678 },
            health: null,
            accessRestriction: null,
-            lastBackupId: null,
+            restoreConfig: null,
            oldConfig: null,
+            updateConfig: null,
            memoryLimit: 4294967296,
            altDomain: null,
            xFrameOptions: 'DENY',
@@ -560,8 +561,9 @@ describe('database', function () {
            portBindings: { },
            health: null,
            accessRestriction: { users: [ 'foobar' ] },
-            lastBackupId: null,
+            restoreConfig: null,
            oldConfig: null,
+            updateConfig: null,
            memoryLimit: 0,
            altDomain: null,
            xFrameOptions: 'SAMEORIGIN',
@@ -1025,7 +1027,7 @@ describe('database', function () {
                version: '1.0.0',
                type: backupdb.BACKUP_TYPE_BOX,
                dependsOn: [ 'dep1' ],
-                restoreConfig: null,
+                manifest: null,
                format: 'tgz'
            };

@@ -1042,7 +1044,7 @@ describe('database', function () {
                expect(result.type).to.be(backupdb.BACKUP_TYPE_BOX);
                expect(result.creationTime).to.be.a(Date);
                expect(result.dependsOn).to.eql(['dep1']);
-                expect(result.restoreConfig).to.eql(null);
+                expect(result.manifest).to.eql(null);
                done();
            });
        });
@@ -1065,7 +1067,7 @@ describe('database', function () {
                expect(results[0].id).to.be('backup-box');
                expect(results[0].version).to.be('1.0.0');
                expect(results[0].dependsOn).to.eql(['dep1']);
-                expect(results[0].restoreConfig).to.eql(null);
+                expect(results[0].manifest).to.eql(null);

                done();
            });
@@ -1091,7 +1093,7 @@ describe('database', function () {
                version: '1.0.0',
                type: backupdb.BACKUP_TYPE_APP,
                dependsOn: [ ],
-                restoreConfig: { manifest: { foo: 'bar' } },
+                manifest: { foo: 'bar' },
                format: 'tgz'
            };

@@ -1108,7 +1110,7 @@ describe('database', function () {
                expect(result.type).to.be(backupdb.BACKUP_TYPE_APP);
                expect(result.creationTime).to.be.a(Date);
                expect(result.dependsOn).to.eql([]);
-                expect(result.restoreConfig).to.eql({ manifest: { foo: 'bar' } });
+                expect(result.manifest).to.eql({ foo: 'bar' });
                done();
            });
        });
@@ -1122,7 +1124,7 @@ describe('database', function () {
                expect(results[0].id).to.be('app_appid_123');
                expect(results[0].version).to.be('1.0.0');
                expect(results[0].dependsOn).to.eql([]);
-                expect(results[0].restoreConfig).to.eql({ manifest: { foo: 'bar' } });
+                expect(results[0].manifest).to.eql({ foo: 'bar' });

                done();
            });
@@ -12,10 +12,10 @@ var async = require('async'),
    eventlog = require('../eventlog.js'),
    expect = require('expect.js'),
    mailer = require('../mailer.js'),
-    nock = require('nock'),
    paths = require('../paths.js'),
    safe = require('safetydance'),
    settings = require('../settings.js'),
+    settingsdb = require('../settingsdb.js'),
    updatechecker = require('../updatechecker.js'),
    user = require('../user.js');

@@ -36,8 +36,8 @@ function checkMails(number, email, done) {
    setTimeout(function () {
        expect(mailer._getMailQueue().length).to.equal(number);

-        if (number && email) {
-            expect(mailer._getMailQueue()[0].to.indexOf(email)).to.not.equal(-1);
+        if (number) {
+            expect(mailer._getMailQueue()[0].to).to.equal(email);
        }

        mailer._clearMailQueue();
@@ -58,6 +58,7 @@ describe('digest', function () {

    before(function (done) {
        config._reset();
+        config.set('fqdn', 'domain.com');
        config.set('version', '1.0.0');
        config.set('apiServerOrigin', 'http://localhost:4444');
        config.set('provider', 'notcaas');
@@ -69,6 +70,7 @@ describe('digest', function () {
            settings.initialize,
            user.createOwner.bind(null, USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, AUDIT_SOURCE),
            eventlog.add.bind(null, eventlog.ACTION_UPDATE, AUDIT_SOURCE, { boxUpdateInfo: { sourceTarballUrl: 'xx', version: '1.2.3', changelog: [ 'good stuff' ] } }),
+            settingsdb.set.bind(null, settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true })),
            mailer.start,
            mailer._clearMailQueue
        ], done);
@@ -84,7 +86,7 @@ describe('digest', function () {
        it('does not send mail with digest disabled', function (done) {
            digest.maybeSend(function (error) {
                if (error) return done(error);
-                checkMails(0, '', done);
+                checkMails(0, null, done);
            });
        });

@@ -99,7 +101,7 @@ describe('digest', function () {
            digest.maybeSend(function (error) {
                if (error) return done(error);

-                checkMails(1, '', done);
+                checkMails(1, `${USER_0.email}, ${USER_0.username}@${config.fqdn()}`, done);
            });
        });

@@ -109,39 +111,20 @@ describe('digest', function () {
            digest.maybeSend(function (error) {
                if (error) return done(error);

-                checkMails(1, '', done);
+                checkMails(1, `${USER_0.email}, ${USER_0.username}@${config.fqdn()}`, done);
            });
        });

-        it('sends mail for pending update to appstore account email (caas)', function (done) {
-            var subscription = {
-                id: 'caas',
-                created: 0,
-                canceled_at: 0,
-                status: 'active',
-                plan: { id: 'caas' }
-            };
-
+        it('sends mail for pending update to owner account email', function (done) {
            updatechecker._setUpdateInfo({ box: null, apps: { 'appid': { manifest: { version: '1.2.5', changelog: 'noop\nreally' } } } });
-            var fake1 = nock(config.apiServerOrigin()).post(function (uri) { return uri.indexOf('/api/v1/users/test-user/cloudrons') >= 0; }).reply(201, { cloudron: { id: 'test-cloudron' }});
-            var fake2 = nock(config.apiServerOrigin()).get(function (uri) { return uri.indexOf('/api/v1/users/test-user/cloudrons/test-cloudron/subscription') >= 0; }).reply(200, { subscription: subscription });
-            var fake3 = nock(config.apiServerOrigin()).get('/api/v1/users/test-user?accessToken=test-token').reply(200, { profile: { id: 'test-user', email: 'test@email.com' } });

-            settings.setAppstoreConfig({ userId: 'test-user', token: 'test-token', cloudronId: 'test-cloudron' }, function (error) {
+            settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
                if (error) return done(error);

                digest.maybeSend(function (error) {
                    if (error) return done(error);

-                    checkMails(1, 'test@email.com', function (error) {
-                        if (error) return done(error);
-
-                        expect(fake1.isDone()).to.be.ok();
-                        expect(fake2.isDone()).to.be.ok();
-                        expect(fake3.isDone()).to.be.ok();
-
-                        done();
-                    });
+                    checkMails(1, `${USER_0.email}, ${USER_0.username}@${config.fqdn()}`, done);
                });
            });
        });
@@ -36,6 +36,19 @@ var USER_0 = {
    displayName: ''
 };

+var USER_1 = { // this user has not signed up yet
+    id: 'uuid222',
+    username: null,
+    password: '',
+    email: 'safe2@me.com',
+    admin: false,
+    salt: 'morton',
+    createdAt: 'sometime back',
+    modifiedAt: 'now',
+    resetToken: hat(256),
+    displayName: ''
+};
+
 function setup(done) {
    // ensure data/config/mount paths
    database.initialize(function (error) {
@@ -167,7 +180,8 @@ describe('Group membership', function () {
                    next();
                });
            },
-            userdb.add.bind(null, USER_0.id, USER_0)
+            userdb.add.bind(null, USER_0.id, USER_0),
+            userdb.add.bind(null, USER_1.id, USER_1)
        ], done);
    });
    after(cleanup);
@@ -201,6 +215,13 @@ describe('Group membership', function () {
        });
    });

+    it('can add member without username', function (done) {
+        groups.addMember(group0Object.id, USER_1.id, function (error) {
+            expect(error).to.be(null);
+            done();
+        });
+    });
+
    it('isMember returns true', function (done) {
        groups.isMember(group0Object.id, USER_0.id, function (error, member) {
            expect(error).to.be(null);
@@ -212,8 +233,9 @@ describe('Group membership', function () {
    it('can get members', function (done) {
        groups.getMembers(group0Object.id, function (error, result) {
            expect(error).to.be(null);
-            expect(result.length).to.be(1);
+            expect(result.length).to.be(2);
            expect(result[0]).to.be(USER_0.id);
+            expect(result[1]).to.be(USER_1.id);
            done();
        });
    });
@@ -224,7 +246,7 @@ describe('Group membership', function () {
            expect(result.name).to.be(GROUP0_NAME.toLowerCase());
            expect(result.ownerType).to.be(mailboxdb.TYPE_GROUP);
            expect(result.ownerId).to.be(group0Object.id);
-            expect(result.members).to.eql([ USER_0.username ]);
+            expect(result.members).to.eql([ USER_0.username ]); // filters out users that have not signed up yet
            done();
        });
    });
@@ -66,7 +66,7 @@ var APP_0 = {
    portBindings: { port: 5678 },
    health: null,
    accessRestriction: null,
-    lastBackupId: null,
+    restoreConfig: null,
    oldConfig: null,
    memoryLimit: 4294967296
 };
@@ -141,35 +141,33 @@ function setup(done) {
            var answer = {};
            var status = 500;

-            if (req.method === 'GET' && req.url === '/networks') {
-                answer = [{
-                    Name: "irrelevant"
-                }, {
-                    Name: "cloudron",
-                    Id: "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
-                    Scope: "local",
-                    Driver: "bridge",
+            if (req.method === 'GET' && req.url === '/networks/cloudron') {
+                answer = {
+                    Name: 'cloudron',
+                    Id: 'f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566',
+                    Scope: 'local',
+                    Driver: 'bridge',
                    IPAM: {
-                        Driver: "default",
+                        Driver: 'default',
                        Config: [{
-                            Subnet: "172.18.0.0/16"
+                            Subnet: '172.18.0.0/16'
                        }]
                    },
-                    "Containers": {
+                    'Containers': {
                        someOtherContainerId: {
-                            "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
-                            "MacAddress": "02:42:ac:11:00:02",
-                            "IPv4Address": "127.0.0.2/16",
-                            "IPv6Address": ""
+                            'EndpointID': 'ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda',
+                            'MacAddress': '02:42:ac:11:00:02',
+                            'IPv4Address': '127.0.0.2/16',
+                            'IPv6Address': ''
                        },
                        someContainerId: {
-                            "EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
-                            "MacAddress": "02:42:ac:11:00:02",
-                            "IPv4Address": "127.0.0.1/16",
-                            "IPv6Address": ""
+                            'EndpointID': 'ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda',
+                            'MacAddress': '02:42:ac:11:00:02',
+                            'IPv4Address': '127.0.0.1/16',
+                            'IPv6Address': ''
                        }
                    }
-                }];
+                };
                status = 200;
            }

@@ -268,10 +266,10 @@ describe('Ldap', function () {
        it('fails with accessRestriction denied', function (done) {
            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });

-            appdb.update(APP_0.id, { accessRestriction: { users: [ USER_1.id ], groups: [] }}, function (error) {
+            appdb.update(APP_0.id, { accessRestriction: { users: [ USER_0.id ], groups: [] }}, function (error) {
                expect(error).to.eql(null);

-                client.bind('cn=' + USER_0.id + ',ou=users,dc=cloudron', USER_0.password, function (error) {
+                client.bind('cn=' + USER_1.id + ',ou=users,dc=cloudron', USER_1.password, function (error) {
                    expect(error).to.be.a(ldap.NoSuchObjectError);
                    done();
                });
@@ -342,6 +340,35 @@ describe('Ldap', function () {
            });
        });

+        it ('succeeds with pagination', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: 'objectcategory=person',
+                paged: true
+            };
+
+            client.search('ou=users,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+                    entries.sort(function (a, b) { return a.username > b.username; });
+                    expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
+                    expect(entries[0].mail).to.equal(USER_0.email.toLowerCase());
+                    expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
+                    expect(entries[1].mail).to.equal(USER_1.email.toLowerCase());
+                    done();
+                });
+            });
+        });
+
        it ('succeeds with basic filter and email enabled', function (done) {
            // user settingsdb instead of settings, to not trigger further events
            settingsdb.set(settings.MAIL_CONFIG_KEY, JSON.stringify({ enabled: true }), function (error) {
@@ -430,7 +457,7 @@ describe('Ldap', function () {
            });
        });

-        it ('does not list users who have no access', function (done) {
+        it ('always lists admins', function (done) {
            appdb.update(APP_0.id, { accessRestriction: { users: [], groups: [] } }, function (error) {
                expect(error).to.be(null);

@@ -450,7 +477,9 @@ describe('Ldap', function () {
                    result.on('error', done);
                    result.on('end', function (result) {
                        expect(result.status).to.equal(0);
-                        expect(entries.length).to.equal(0);
+                        expect(entries.length).to.equal(1);
+                        expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
+                        expect(entries[0].memberof.length).to.equal(2);

                        appdb.update(APP_0.id, { accessRestriction: null }, done);
                    });
@@ -617,13 +646,50 @@ describe('Ldap', function () {
                });
            });
        });
+
+        it ('succeeds with pagination', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: 'objectclass=group',
+                paged: true
+            };
+
+            client.search('ou=groups,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+
+                    // ensure order for testability
+                    entries.sort(function (a, b) { return a.username < b.username; });
+
+                    expect(entries[0].cn).to.equal('users');
+                    expect(entries[0].memberuid.length).to.equal(3);
+                    expect(entries[0].memberuid[0]).to.equal(USER_0.id);
+                    expect(entries[0].memberuid[1]).to.equal(USER_1.id);
+                    expect(entries[0].memberuid[2]).to.equal(USER_2.id);
+                    expect(entries[1].cn).to.equal('admins');
+                    // if only one entry, the array becomes a string :-/
+                    expect(entries[1].memberuid).to.equal(USER_0.id);
+                    done();
+                });
+            });
+        });
    });

    function ldapSearch(dn, filter, callback) {
        var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });

        var opts = {
-            filter: filter
+            filter: filter,
+            paged: true
        };

        client.search(dn, opts, function (error, result) {
@@ -661,7 +727,7 @@ describe('Ldap', function () {
        });

        it('cannot get alias as a mailbox', function (done) {
-            ldapSearch('cn=' + USER_0_ALIAS + ',ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error, entries) {
+            ldapSearch('cn=' + USER_0_ALIAS + ',ou=mailboxes,dc=cloudron', 'objectclass=mailbox', function (error) {
                expect(error).to.be.a(ldap.NoSuchObjectError);
                done();
            });
@@ -687,7 +753,7 @@ describe('Ldap', function () {
        });

        it('cannot get mailbox as alias', function (done) {
-            ldapSearch('cn=' + USER_0.username + ',ou=mailaliases,dc=cloudron', 'objectclass=nismailalias', function (error, entries) {
+            ldapSearch('cn=' + USER_0.username + ',ou=mailaliases,dc=cloudron', 'objectclass=nismailalias', function (error) {
                expect(error).to.be.a(ldap.NoSuchObjectError);
                done();
            });
@@ -162,29 +162,6 @@ describe('Settings', function () {
            });
        });

-        it('can get default update config config', function (done) {
-            settings.getUpdateConfig(function (error, updateConfig) {
-                expect(error).to.be(null);
-                expect(updateConfig.prerelease).to.be(false);
-                done();
-            });
-        });
-
-        it('can set update config', function (done) {
-            settings.setUpdateConfig({ prerelease: true }, function (error) {
-                expect(error).to.be(null);
-                done();
-            });
-        });
-
-        it('can get update config', function (done) {
-            settings.getUpdateConfig(function (error, updateConfig) {
-                expect(error).to.be(null);
-                expect(updateConfig.prerelease).to.be(true);
-                done();
-            });
-        });
-
        it('can set mail config', function (done) {
            settings.setMailConfig({ enabled: true }, function (error) {
                expect(error).to.be(null);
@@ -101,7 +101,8 @@ describe('Storage', function () {
        it('download dir copies contents of source dir', function (done) {
            var sourceDir = path.join(__dirname, 'storage');

-            filesystem.downloadDir(gBackupConfig, sourceDir, gTmpFolder, function (error) {
+            var events = filesystem.downloadDir(gBackupConfig, sourceDir, gTmpFolder);
+            events.on('done', function (error) {
                expect(error).to.be(null);
                expect(fs.statSync(path.join(gTmpFolder, 'data/empty')).size).to.be(0);
                done();
@@ -163,7 +164,8 @@ describe('Storage', function () {
        });

        it('download dir copies contents of source dir', function (done) {
-            noop.downloadDir(gBackupConfig, 'sourceDir', 'destDir', function (error) {
+            var events = noop.downloadDir(gBackupConfig, 'sourceDir', 'destDir');
+            events.on('done', function (error) {
                expect(error).to.be.an(Error);
                done();
            });
@@ -246,7 +248,8 @@ describe('Storage', function () {
            var sourceKey = '';
            var destDir = path.join(os.tmpdir(), 's3-destdir');

-            s3.downloadDir(gBackupConfig, sourceKey, destDir, function (error) {
+            var events = s3.downloadDir(gBackupConfig, sourceKey, destDir);
+            events.on('done', function (error) {
                expect(error).to.be(null);
                expect(fs.statSync(path.join(destDir, 'uploadtest/test.txt')).size).to.be(fs.statSync(sourceFile).size);
                done();
@@ -66,7 +66,8 @@ describe('updatechecker - box - manual (email)', function () {
            user.createOwner.bind(null, USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, AUDIT_SOURCE),
            settings.setAutoupdatePattern.bind(null, constants.AUTOUPDATE_PATTERN_NEVER),
            settingsdb.set.bind(null, settings.APPSTORE_CONFIG_KEY, JSON.stringify({ userId: 'uid', cloudronId: 'cid', token: 'token' })),
-            mailer._clearMailQueue
+            mailer._clearMailQueue,
+            mailer.start
        ], done);
    });

@@ -113,7 +114,7 @@ describe('updatechecker - box - manual (email)', function () {
        });
    });

-    it('does not offer prerelease', function (done) {
+    it('offers prerelease', function (done) {
        nock.cleanAll();

        var scope = nock('http://localhost:4444')
@@ -121,39 +122,18 @@ describe('updatechecker - box - manual (email)', function () {
            .query({ boxVersion: config.version(), accessToken: 'token' })
            .reply(200, { version: '2.0.0-pre.0', changelog: [''], sourceTarballUrl: '2.0.0-pre.0.tar.gz' } );

+        var scope2 = nock('http://localhost:4444')
+            .get('/api/v1/users/uid/cloudrons/cid/subscription')
+            .query({ accessToken: 'token' })
+            .reply(200, { subscription: { plan: { id: 'pro' } } } );
+
        updatechecker.checkBoxUpdates(function (error) {
            expect(!error).to.be.ok();
-            expect(updatechecker.getUpdateInfo().box).to.be(null);
+            expect(updatechecker.getUpdateInfo().box.version).to.be('2.0.0-pre.0');
            expect(scope.isDone()).to.be.ok();
+            expect(scope2.isDone()).to.be.ok();

-            checkMails(0, done);
-        });
-    });
-
-    it('offers prerelease', function (done) {
-        nock.cleanAll();
-
-        settings.setUpdateConfig({ prerelease: true }, function (error) {
-            if (error) return done(error);
-
-            var scope = nock('http://localhost:4444')
-                .get('/api/v1/users/uid/cloudrons/cid/boxupdate')
-                .query({ boxVersion: config.version(), accessToken: 'token' })
-                .reply(200, { version: '2.0.0-pre.0', changelog: [''], sourceTarballUrl: '2.0.0-pre.0.tar.gz' } );
-
-            var scope2 = nock('http://localhost:4444')
-                .get('/api/v1/users/uid/cloudrons/cid/subscription')
-                .query({ accessToken: 'token' })
-                .reply(200, { subscription: { plan: { id: 'pro' } } } );
-
-            updatechecker.checkBoxUpdates(function (error) {
-                expect(!error).to.be.ok();
-                expect(updatechecker.getUpdateInfo().box.version).to.be('2.0.0-pre.0');
-                expect(scope.isDone()).to.be.ok();
-                expect(scope2.isDone()).to.be.ok();
-
-                checkMails(1, done);
-            });
+            checkMails(1, done);
        });
    });

@@ -184,6 +164,7 @@ describe('updatechecker - box - automatic (no email)', function () {
            database.initialize,
            settings.initialize,
            mailer._clearMailQueue,
+            mailer.start,
            user.createOwner.bind(null, USER_0.username, USER_0.password, USER_0.email, USER_0.displayName, AUDIT_SOURCE),
            settingsdb.set.bind(null, settings.APPSTORE_CONFIG_KEY, JSON.stringify({ userId: 'uid', cloudronId: 'cid', token: 'token' }))
        ], done);
@@ -19,7 +19,6 @@ var apps = require('./apps.js'),
    mailer = require('./mailer.js'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
-    semver = require('semver'),
    settings = require('./settings.js');

 var gAppUpdateInfo = { }, // id -> update info { creationDate, manifest }
@@ -114,7 +113,7 @@ function checkAppUpdates(callback) {
                    // always send notifications if user is on the free plan
                    if (result.plan.id === 'free' || result.plan.id === 'undecided') {
                        debug('Notifying user of app update for %s from %s to %s', app.id, app.manifest.version, updateInfo.manifest.version);
-                        mailer.appUpdateAvailable(app, updateInfo);
+                        mailer.appUpdateAvailable(app, false /* subscription */, updateInfo);
                        return iteratorDone();
                    }

@@ -124,7 +123,7 @@ function checkAppUpdates(callback) {
                            debug(error);
                        } else if (result === constants.AUTOUPDATE_PATTERN_NEVER) {
                            debug('Notifying user of app update for %s from %s to %s', app.id, app.manifest.version, updateInfo.manifest.version);
-                            mailer.appUpdateAvailable(app, updateInfo);
+                            mailer.appUpdateAvailable(app, true /* hasSubscription */, updateInfo);
                        }

                        iteratorDone();
@@ -149,48 +148,37 @@ function checkBoxUpdates(callback) {
    appstore.getBoxUpdate(function (error, updateInfo) {
        if (error || !updateInfo) return callback(error);

-        settings.getUpdateConfig(function (error, updateConfig) {
+        gBoxUpdateInfo = updateInfo;
+
+        // decide whether to send email
+        var state = loadState();
+
+        if (state.box === gBoxUpdateInfo.version) {
+            debug('Skipping notification of box update as user was already notified');
+            return callback();
+        }
+
+        appstore.getSubscription(function (error, result) {
            if (error) return callback(error);

-            var isPrerelease = semver.parse(updateInfo.version).prerelease.length !== 0;
-
-            if (isPrerelease && !updateConfig.prerelease) {
-                debug('Skipping update %s since this box does not want prereleases', updateInfo.version);
-                return callback();
+            function done() {
+                state.box = updateInfo.version;
+                saveState(state);
+                callback();
            }

-            gBoxUpdateInfo = updateInfo;
-
-            // decide whether to send email
-            var state = loadState();
-
-            if (state.box === gBoxUpdateInfo.version) {
-                debug('Skipping notification of box update as user was already notified');
-                return callback();
+            // always send notifications if user is on the free plan
+            if (result.plan.id === 'free' || result.plan.id === 'undecided') {
+                mailer.boxUpdateAvailable(false /* hasSubscription */, updateInfo.version, updateInfo.changelog);
+                return done();
            }

-            appstore.getSubscription(function (error, result) {
-                if (error) return callback(error);
+            // only send notifications if update pattern is 'never'
+            settings.getAutoupdatePattern(function (error, result) {
+                if (error) debug(error);
+                else if (result === constants.AUTOUPDATE_PATTERN_NEVER) mailer.boxUpdateAvailable(true /* hasSubscription */, updateInfo.version, updateInfo.changelog);

-                function done() {
-                    state.box = updateInfo.version;
-                    saveState(state);
-                    callback();
-                }
-
-                // always send notifications if user is on the free plan
-                if (result.plan.id === 'free' || result.plan.id === 'undecided') {
-                    mailer.boxUpdateAvailable(updateInfo.version, updateInfo.changelog);
-                    return done();
-                }
-
-                // only send notifications if update pattern is 'never'
-                settings.getAutoupdatePattern(function (error, result) {
-                    if (error) debug(error);
-                    else if (result === constants.AUTOUPDATE_PATTERN_NEVER) mailer.boxUpdateAvailable(updateInfo.version, updateInfo.changelog);
-
-                    done();
-                });
+                done();
            });
        });
    });
@@ -71,14 +71,14 @@ function getByEmail(email, callback) {
 function getOwner(callback) {
    assert.strictEqual(typeof callback, 'function');

-    // the first created user it the admin
+    // the first created user it the 'owner'
    database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY createdAt LIMIT 1',
-            [ constants.ADMIN_GROUP_ID ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        [ constants.ADMIN_GROUP_ID ], function (error, result) {
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

-        callback(null, postProcess(result[0]));
-    });
+            callback(null, postProcess(result[0]));
+        });
 }

 function getByResetToken(resetToken, callback) {
@@ -116,7 +116,8 @@ function getAllWithGroupIds(callback) {
 function getAllAdmins(callback) {
    assert.strictEqual(typeof callback, 'function');

-    database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY username', [ constants.ADMIN_GROUP_ID ], function (error, results) {
+    // the mailer code relies on the first object being the 'owner' (thus the ORDER)
+    database.query('SELECT ' + USERS_FIELDS + ' FROM users, groupMembers WHERE groupMembers.groupId = ? AND users.id = groupMembers.userId ORDER BY createdAt', [ constants.ADMIN_GROUP_ID ], function (error, results) {
        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);
@@ -366,10 +366,9 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

-    Client.prototype.updateApp = function (id, manifest, portBindings, callback) {
+    Client.prototype.updateApp = function (id, manifest, callback) {
        var data =  {
-            appStoreId: manifest.id + '@' + manifest.version,
-            portBindings: portBindings
+            appStoreId: manifest.id + '@' + manifest.version
        };

        post('/api/v1/apps/' + id + '/update', data).success(function (data, status) {
@@ -698,13 +697,6 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

-    Client.prototype.getNonApprovedApps = function (callback) {
-        get('/api/v1/developer/apps').success(function (data, status) {
-            if (status !== 200 || typeof data !== 'object') return callback(new ClientError(status, data));
-            callback(null, data.apps || []);
-        }).error(defaultErrorHandler(callback));
-    };
-
    Client.prototype.getApp = function (appId, callback) {
        var appFound = null;
        this._installedApps.some(function (app) {
@@ -158,7 +158,7 @@ app.filter('installationStateLabel', function() {
    }

    return function(app) {
-        var waiting = app.progress === 0 ? ' (Waiting)' : '';
+        var waiting = app.progress === 0 ? ' (Pending)' : '';

        switch (app.installationState) {
        case ISTATES.PENDING_INSTALL:
@@ -288,6 +288,30 @@ h1, h2, h3 {
    overflow-y: auto;
 }

+.app-info-title {
+    display: inline-block;
+    margin: 5px 10px;
+}
+
+.app-info-meta {
+    margin-left: 10px;
+    color: $text-muted;
+}
+
+.app-info-icon {
+    float: left;
+    min-height: 64px;
+    max-height: 64px;
+    min-width: 64px;
+    max-width: 100%;
+}
+
+multiselect.stretch {
+    button {
+        min-width: 120px;
+    }
+}
+
 // ----------------------------
 // Appstore view
 // ----------------------------
@@ -690,7 +714,6 @@ h1, h2, h3 {
    color: $brand-danger;

    a {
-        text-decoration: underline;
        color: $brand-danger;
    }
 }
@@ -1166,4 +1189,4 @@ footer {
    left: 0;
    width: 100%;
    height: 100%;
-}
+}
@@ -3,8 +3,8 @@
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header">
-                <h4 class="modal-title" ng-show="(appConfigure.app | installError)">Repair</h4>
-                <h4 class="modal-title" ng-hide="(appConfigure.app | installError)">Configure</h4>
+                <h4 class="modal-title" ng-show="(appConfigure.app | installError)">Repair {{ appConfigure.app.fqdn }}</h4>
+                <h4 class="modal-title" ng-hide="(appConfigure.app | installError)">Configure {{ appConfigure.app.fqdn }}</h4>
            </div>
            <div class="modal-body">
                <fieldset>
@@ -88,18 +88,26 @@
                            </div>
                            <div class="radio">
                                <label>
-                                    <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="groups" ng-disabled="groups.length <= 1">
-                                    Only allow the following user groups <span class="label label-danger" ng-show="appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()">Select at least one group</span>
+                                    <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="groups">
+                                    Only allow the following users and groups <span class="label label-danger" ng-show="appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()">Select at least one user or group</span>
                                </label>
                            </div>
-                            <div ng-show="groups.length <= 1" style="margin-left: 20px;">No groups available. <a href="#/users">Create groups</a></div>
                            <div>
                                <div style="margin-left: 20px;">
-                                    <span ng-repeat="group in groups | ignoreAdminGroup">
-                                        <button class="btn btn-default" type="button" ng-disabled="appConfigure.accessRestrictionOption !== 'groups'" ng-click="appConfigureToggleGroup(group);" ng-class="{ 'btn-primary': (appConfigure.accessRestriction.groups && appConfigure.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button>
-                                    </span>
+                                    <div class="col-md-5">
+                                        Users:
+                                        <multiselect class="input-sm stretch" ng-model="appConfigure.accessRestriction.users" ng-disabled="appConfigure.accessRestrictionOption !== 'groups'" options="user.username for user in users" data-multiple="true"></multiselect>
+                                    </div>
+
+                                    <div class="col-md-5">
+                                        Groups:
+                                        <multiselect class="input-sm stretch" ng-model="appConfigure.accessRestriction.groups" ng-disabled="appConfigure.accessRestrictionOption !== 'groups'" options="group.name for group in (groups | ignoreAdminGroup)" data-multiple="true"></multiselect>
+                                    </div>
                                </div>
                            </div>
+
+                            <br/>
+                            <br/>
                        </div>

                        <p ng-show="!mailConfig.enabled && appConfigure.app.manifest.addons.email" class="text-danger">
@@ -109,23 +117,19 @@
                        <a href="" ng-click="appConfigure.advancedVisible = true" ng-hide="appConfigure.advancedVisible">Advanced settings...</a>
                        <div  uib-collapse="!appConfigure.advancedVisible">
                            <div class="form-group">
-                                <label class="control-label" for="memoryLimit">Maximum Memory Limit: <b>{{ appConfigure.memoryLimit ? appConfigure.memoryLimit / 1024 / 1024 + 'MB' : 'Default (256 MB)' }}</b></label>
+                                <label class="control-label" for="memoryLimit">Memory Limit <sup><a ng-href="{{ config.webServerOrigin }}/documentation/apps/#increasing-the-memory-limit-of-an-app" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup> : <b>{{ appConfigure.memoryLimit ? appConfigure.memoryLimit / 1024 / 1024 + 'MB' : 'Default (256 MB)' }}</b></label>
                                <br/>
                                <div style="padding: 0 10px;">
                                    <slider id="memoryLimit" ng-model="appConfigure.memoryLimit" step="134217728" tooltip="hide" ticks="appConfigure.memoryTicks" ticks-snap-bounds="67108864"></slider>
                                </div>
                            </div>

-                            <br/>
-
                            <div class="form-group" ng-class="{ 'has-error': !appConfigureForm.xFrameOptions.$dirty && appConfigure.error.xFrameOptions }">
                                <label class="control-label">Allow embedding from the following site</label>
                                <div class="control-label" ng-show="appConfigure.error.xFrameOptions"><small>Must be empty of a valid URL</small></div>
                                <input type="text" class="form-control" id="appConfigureXFrameOptionsInput" name="xFrameOptions" placeholder="https://example.com" ng-model="appConfigure.xFrameOptions" uib-tooltip="Leave blank to not allow embedding">
                            </div>

-                            <br/>
-
                            <div class="form-group">
                                <label class="control-label">Specify robots.txt file content</label>
                                <textarea ng-model="appConfigure.robotsTxt" placeholder="Leave empty to allow all bots to index this app." class="form-control" rows="3"></textarea>
@@ -133,7 +137,7 @@

                            <div class="form-group">
                                <input type="checkbox" id="appConfigureEnableBackup" ng-model="appConfigure.enableBackup">
-                                <label class="control-label" for="appConfigureEnableBackup">Enable backups</label>
+                                <label class="control-label" for="appConfigureEnableBackup">Enable automatic daily backups</label>
                            </div>

                            <div class="hide">
@@ -179,8 +183,11 @@
            <div class="modal-header">
                <h4 class="modal-title">Restore {{ appRestore.app.fqdn }}</h4>
            </div>
-            <div class="modal-body" ng-show="appRestore.backups.length === 0">
-                <p class="text-danger">This app has no backups.</p>
+            <div class="modal-body" ng-show="appRestore.busyFetching">
+                <h4 class="text-center"><i class="fa fa-circle-o-notch fa-spin"></i> Fetching backups</h4>
+            </div>
+            <div class="modal-body" ng-show="appRestore.backups.length === 0 && !appRestore.busyFetching">
+                <h4 class="text-danger">This app has no backups.</h4>
            </div>
            <div class="modal-body" ng-show="appRestore.backups.length !== 0">
                <p>Restoring the app will lose all content generated since the backup.</p>
@@ -195,7 +202,7 @@
                </div>
                <br/>
                <fieldset>
-                    <form role="form" name="appRestoreForm" ng-submit="doRestore()" autocomplete="off">
+                    <form role="form" name="appRestoreForm" ng-submit="appRestore.submit()" autocomplete="off">
                        <div class="form-group" ng-class="{ 'has-error': (appRestoreForm.password.$dirty && appRestoreForm.password.$invalid) || (!appRestoreForm.password.$dirty && appRestore.error.password) }">
                            <label class="control-label" for="appRestorePasswordInput">Provide your password to confirm this action</label>
                            <div class="control-label" ng-show="(appRestoreForm.password.$dirty && appRestoreForm.password.$invalid) || (!appRestoreForm.password.$dirty && appRestore.error.password)">
@@ -211,22 +218,30 @@
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-                <button type="button" class="btn btn-success" ng-click="doRestore()" ng-disabled="appRestoreForm.$invalid || appRestore.busy || !appRestore.selectedBackup"><i class="fa fa-circle-o-notch fa-spin" ng-show="appRestore.busy"></i> Restore</button>
+                <button type="button" class="btn btn-success" ng-click="appRestore.submit()" ng-show="appRestore.backups.length !== 0" ng-disabled="appRestoreForm.$invalid || appRestore.busy || !appRestore.selectedBackup"><i class="fa fa-circle-o-notch fa-spin" ng-show="appRestore.busy"></i> Restore</button>
            </div>
        </div>
    </div>
 </div>

-<!-- Modal post install message app -->
-<div class="modal fade" id="appPostInstallModal" tabindex="-1" role="dialog">
+<!-- Modal information of app -->
+<div class="modal fade" id="appInfoModal" tabindex="-1" role="dialog">
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header">
-                <h4 class="modal-title">Installation notes for {{ appPostInstall.app.manifest.title }}</h4>
+                <img ng-src="{{appInfo.app.iconUrl}}" onerror="this.onerror=null;this.src='img/appicon_fallback.png'" class="app-info-icon"/>
+                <h5 class="app-info-title">{{ appInfo.app.manifest.title }}</h5>
+                <br/>
+                <span class="app-info-meta">Package version <a ng-href="/#/appstore/{{appInfo.app.manifest.id}}?version={{appInfo.app.manifest.version}}">{{ appInfo.app.manifest.version }}</a> </span>
+                <br/>
+                <span class="app-info-meta" ng-show="appInfo.app.manifest.documentationUrl"><a target="_blank" ng-href="{{appInfo.app.manifest.documentationUrl}}">Documentation</a> </span>
            </div>
            <div class="modal-body">
-                <div class="app-postinstall-message">
-                    <div ng-bind-html="appPostInstall.message | postInstallMessage:appPostInstall.app | markdown2html"></div>
+                <div class="app-postinstall-message" ng-hide="appInfo.app.manifest && appInfo.app.manifest.postInstallMessage">
+                    This package has no special usage information.
+                </div>
+                <div class="app-postinstall-message" ng-show="appInfo.app.manifest && appInfo.app.manifest.postInstallMessage">
+                    <div ng-bind-html="appInfo.message | postInstallMessage:appInfo.app | markdown2html"></div>
                </div>
            </div>
            <div class="modal-footer">
@@ -295,34 +310,11 @@
            </div>
            <div class="modal-body">
                <p>Recent Changes for new version <b>{{ appUpdate.manifest.version}}</b>:</p>
-                <pre>{{ appUpdate.manifest.changelog }}</pre>
-                <br/>
-                <fieldset>
-                    <form role="form" name="appUpdateForm" ng-submit="doUpdate(appUpdateForm)" autocomplete="off">
-                        <div ng-repeat="(env, info) in appUpdate.portBindingsInfo" ng-class="{ 'newPort': info.isNew }">
-                            <ng-form name="portInfo_form">
-                                <div class="form-group" ng-class="{ 'has-error': portInfo_form.itemName{{$index}}.$dirty && portInfo_form.itemName{{$index}}.$invalid }">
-                                    <label class="control-label" for="inputPortInfo{{env}}"><input type="checkbox" ng-model="appUpdate.portBindingsEnabled[env]"> <span ng-show="info.isNew">New - </span> {{ info.description }} ({{ HOST_PORT_MIN }} - {{ HOST_PORT_MAX }})</label>
-                                    <input type="number" class="form-control" ng-model="appUpdate.portBindings[env]" ng-disabled="!appUpdate.portBindingsEnabled[env]" id="inputPortInfo{{env}}" later-name="itemName{{$index}}" min="{{HOST_PORT_MIN}}" max="{{HOST_PORT_MAX}}" required>
-                                </div>
-                            </ng-form>
-                        </div>
-                        <div ng-repeat="(env, port) in appUpdate.obsoletePortBindings" class="obsoletePort">
-                            <ng-form name="obsoletePortInfo_form">
-                                <div class="form-group">
-                                    Obsolete -
-                                    <label class="control-label">{{ env }}</label>
-                                    <input type="number" class="form-control" ng-model="port" disabled>
-                                </div>
-                            </ng-form>
-                        </div>
-                        <input class="ng-hide" type="submit" ng-disabled="appUpdateForm.$invalid || busy"/>
-                    </form>
-                </fieldset>
+                <div ng-bind-html="appUpdate.manifest.changelog | markdown2html"></div>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-                <button type="button" class="btn btn-danger" ng-click="doUpdate(appUpdateForm)" ng-disabled="appUpdateForm.$invalid || appUpdate.busy"><i class="fa fa-circle-o-notch fa-spin" ng-show="appUpdate.busy"></i> Update</button>
+                <button type="button" class="btn btn-danger" ng-click="doUpdate()" ng-disabled="appUpdate.busy"><i class="fa fa-circle-o-notch fa-spin" ng-show="appUpdate.busy"></i> Update</button>
            </div>
        </div>
    </div>
@@ -401,7 +393,7 @@
                    <div class="grid-item-bottom-mobile" ng-show="user.admin">
                        <div class="row">
                            <div class="col-xs-4 text-left">
-                                <a href="" ng-click="showRestore(app)" ng-show="backupConfig.provider !== 'noop'">
+                                <a href="" ng-click="appRestore.show(app)" ng-show="backupConfig.provider !== 'noop'">
                                    <i class="fa fa-undo scale"></i>
                                </a>

@@ -424,7 +416,7 @@
                        </div>

                        <div>
-                            <a href="" ng-click="showRestore(app)" ng-show="backupConfig.provider !== 'noop'" title="Restore App"><i class="fa fa-undo scale"></i></a>
+                            <a href="" ng-click="appRestore.show(app)" ng-show="backupConfig.provider !== 'noop'" title="Restore App"><i class="fa fa-undo scale"></i></a>
                        </div>

                        <div ng-show="(app.installationState === 'installed' || app.installationState === 'pending_configure') && !(app | installError)">
@@ -435,8 +427,8 @@
                            <a href="" ng-click="showConfigure(app)" title="Repair App"><i class="fa fa-wrench scale"></i></a>
                        </div>

-                        <div ng-show="hasPostInstallMessage(app)">
-                            <a href="" ng-click="showPostInstall(app)" title="Information"><i class="fa fa-info-circle scale"></i></a>
+                        <div>
+                            <a href="" ng-click="showInformation(app)" title="Information"><i class="fa fa-info-circle scale"></i></a>
                        </div>
                    </div>

@@ -63,6 +63,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location

    $scope.appRestore = {
        busy: false,
+        busyFetching: false,
        error: {},
        app: {},
        password: '',
@@ -71,10 +72,51 @@ angular.module('Application').controller('AppsController', ['$scope', '$location

        selectBackup: function (backup) {
            $scope.appRestore.selectedBackup = backup;
+        },
+
+        show: function (app) {
+            $scope.reset();
+
+            $scope.appRestore.app = app;
+            $scope.appRestore.busyFetching = true;
+
+            $('#appRestoreModal').modal('show');
+
+            Client.getAppBackups(app.id, function (error, backups) {
+                if (error) {
+                    Client.error(error);
+                } else {
+                    $scope.appRestore.backups = backups;
+                    if (backups.length) $scope.appRestore.selectedBackup = backups[0]; // pre-select first backup
+                    $scope.appRestore.busyFetching = false;
+                }
+            });
+
+            return false; // prevent propagation and default
+        },
+
+        submit: function () {
+            $scope.appRestore.busy = true;
+            $scope.appRestore.error.password = null;
+
+            Client.restoreApp($scope.appRestore.app.id, $scope.appRestore.selectedBackup.id, $scope.appRestore.password, function (error) {
+                if (error && error.statusCode === 403) {
+                    $scope.appRestore.password = '';
+                    $scope.appRestore.error.password = true;
+                    $scope.appRestoreForm.password.$setPristine();
+                    $('#appRestorePasswordInput').focus();
+                } else if (error) {
+                    Client.error(error);
+                } else {
+                    $('#appRestoreModal').modal('hide');
+                }
+
+                $scope.appRestore.busy = false;
+            });
        }
    };

-    $scope.appPostInstall = {
+    $scope.appInfo = {
        app: {},
        message: ''
    };
@@ -97,7 +139,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $('#appConfigureModal').modal('hide');
        $('#appRestoreModal').modal('hide');
        $('#appUpdateModal').modal('hide');
-        $('#appPostInstallModal').modal('hide');
+        $('#appInfoModal').modal('hide');
        $('#appUninstallModal').modal('hide');

        // reset configure dialog
@@ -136,10 +178,6 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $scope.appUpdate.error = {};
        $scope.appUpdate.app = {};
        $scope.appUpdate.manifest = {};
-        $scope.appUpdate.portBindings = {};
-
-        $scope.appUpdateForm.$setPristine();
-        $scope.appUpdateForm.$setUntouched();

        // reset restore dialog
        $scope.appRestore.error = {};
@@ -180,14 +218,6 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        });
    };

-    $scope.appConfigureToggleGroup = function (group) {
-        var groups = $scope.appConfigure.accessRestriction.groups;
-        var pos = groups.indexOf(group.id);
-
-        if (pos === -1) groups.push(group.id);
-        else groups.splice(pos, 1);
-    };
-
    $scope.useAltDomain = function (use) {
        $scope.appConfigure.usingAltDomain = use;

@@ -206,27 +236,36 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $scope.appConfigure.location = app.altDomain || app.location;
        $scope.appConfigure.usingAltDomain = !!app.altDomain;
        $scope.appConfigure.portBindingsInfo = app.manifest.tcpPorts || {}; // Portbinding map only for information
-        $scope.appConfigure.accessRestrictionOption = app.accessRestriction ? 'groups' : 'any';
-        $scope.appConfigure.accessRestriction = app.accessRestriction || { users: [], groups: [] };
+        $scope. Option = app.accessRestriction ? 'groups' : 'any';
        $scope.appConfigure.memoryLimit = app.memoryLimit || app.manifest.memoryLimit || (256 * 1024 * 1024);
        $scope.appConfigure.xFrameOptions = app.xFrameOptions.indexOf('ALLOW-FROM') === 0 ? app.xFrameOptions.split(' ')[1] : '';
        $scope.appConfigure.customAuth = !(app.manifest.addons['ldap'] || app.manifest.addons['oauth']);
        $scope.appConfigure.robotsTxt = app.robotsTxt;
        $scope.appConfigure.enableBackup = app.enableBackup;

-        // create ticks starting from manifest memory limit
-        $scope.appConfigure.memoryTicks = [
-             256 * 1024 * 1024,
-             512 * 1024 * 1024,
-             1024 * 1024 * 1024,
-             2048 * 1024 * 1024,
-             4096 * 1024 * 1024
-        ].filter(function (t) { return t >= (app.manifest.memoryLimit || 0); });
+        // create ticks starting from manifest memory limit. the memory limit here is currently split into ram+swap (and thus *2 below)
+        // TODO: the *2 will overallocate since 4GB is max swap that cloudron itself allocates
+        $scope.appConfigure.memoryTicks = [ ];
+        var npow2 = Math.pow(2, Math.ceil(Math.log($scope.config.memory)/Math.log(2)));
+        for (var i = 256; i <= (npow2*2/1024/1024); i *= 2) {
+            if (i >= (app.manifest.memoryLimit/1024/1024 || 0)) $scope.appConfigure.memoryTicks.push(i * 1024 * 1024);
+        }
        if (app.manifest.memoryLimit && $scope.appConfigure.memoryTicks[0] !== app.manifest.memoryLimit) {
            $scope.appConfigure.memoryTicks.unshift(app.manifest.memoryLimit);
        }

        $scope.appConfigure.accessRestrictionOption = app.accessRestriction ? 'groups' : 'any';
+        $scope.appConfigure.accessRestriction = { users: [], groups: [] };
+
+        if (app.accessRestriction) {
+            var userSet = { };
+            app.accessRestriction.users.forEach(function (uid) { userSet[uid] = true; });
+            $scope.users.forEach(function (u) { if (userSet[u.id] === true) $scope.appConfigure.accessRestriction.users.push(u); });
+
+            var groupSet = { };
+            app.accessRestriction.groups.forEach(function (gid) { groupSet[gid] = true; });
+            $scope.groups.forEach(function (g) { if (groupSet[g.id] === true) $scope.appConfigure.accessRestriction.groups.push(g); });
+        }

        // fill the portBinding structures. There might be holes in the app.portBindings, which signalizes a disabled port
        for (var env in $scope.appConfigure.portBindingsInfo) {
@@ -256,11 +295,18 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
            }
        }

+        var finalAccessRestriction = null;
+        if ($scope.appConfigure.accessRestrictionOption === 'groups') {
+            finalAccessRestriction = { users: [], groups: [] };
+            finalAccessRestriction.users = $scope.appConfigure.accessRestriction.users.map(function (u) { return u.id; });
+            finalAccessRestriction.groups = $scope.appConfigure.accessRestriction.groups.map(function (g) { return g.id; });
+        }
+
        var data = {
            location:  $scope.appConfigure.usingAltDomain ? $scope.appConfigure.app.location : $scope.appConfigure.location,
            altDomain: $scope.appConfigure.usingAltDomain ? $scope.appConfigure.location : null,
            portBindings: finalPortBindings,
-            accessRestriction: $scope.appConfigure.accessRestrictionOption === 'groups' ? $scope.appConfigure.accessRestriction : null,
+            accessRestriction: finalAccessRestriction,
            cert: $scope.appConfigure.certificateFile,
            key: $scope.appConfigure.keyFile,
            xFrameOptions: $scope.appConfigure.xFrameOptions ? ('ALLOW-FROM ' + $scope.appConfigure.xFrameOptions) : 'SAMEORIGIN',
@@ -303,13 +349,13 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        });
    };

-    $scope.showPostInstall = function (app) {
+    $scope.showInformation = function (app) {
        $scope.reset();

-        $scope.appPostInstall.app = app;
-        $scope.appPostInstall.message = app.manifest.postInstallMessage;
+        $scope.appInfo.app = app;
+        $scope.appInfo.message = app.manifest.postInstallMessage;

-        $('#appPostInstallModal').modal('show');
+        $('#appInfoModal').modal('show');

        return false; // prevent propagation and default
    };
@@ -324,48 +370,6 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        return false; // prevent propagation and default
    };

-    $scope.showRestore = function (app) {
-        $scope.reset();
-
-        $scope.appRestore.app = app;
-        $scope.appRestore.busy = true;
-
-        $('#appRestoreModal').modal('show');
-
-        Client.getAppBackups(app.id, function (error, backups) {
-            if (error) {
-                Client.error(error);
-            } else {
-                $scope.appRestore.backups = backups;
-                if (backups.length) $scope.appRestore.selectedBackup = backups[0]; // pre-select first backup
-                $scope.appRestore.busy = false;
-            }
-        });
-
-        return false; // prevent propagation and default
-    };
-
-    $scope.doRestore = function () {
-        $scope.appRestore.busy = true;
-        $scope.appRestore.error.password = null;
-
-        Client.restoreApp($scope.appRestore.app.id, $scope.appRestore.selectedBackup.id, $scope.appRestore.password, function (error) {
-            if (error && error.statusCode === 403) {
-                $scope.appRestore.password = '';
-                $scope.appRestore.error.password = true;
-                $scope.appRestoreForm.password.$setPristine();
-                $('#appRestorePasswordInput').focus();
-            } else if (error) {
-                Client.error(error);
-            } else {
-                $('#appRestoreModal').modal('hide');
-                $scope.reset();
-            }
-
-            $scope.appRestore.busy = false;
-        });
-    };
-
    $scope.showUninstall = function (app) {
        $scope.reset();

@@ -408,90 +412,17 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        $scope.appUpdate.app = app;
        $scope.appUpdate.manifest = angular.copy(updateManifest);

-        // ensure we always operate on objects here
-        app.portBindings = app.portBindings || {};
-        app.manifest.tcpPorts = app.manifest.tcpPorts || {};
-        updateManifest.tcpPorts = updateManifest.tcpPorts || {};
-
-        // Activate below two lines for testing the UI
-        // updateManifest.tcpPorts['TEST_HTTP'] = { defaultValue: 1337, description: 'HTTP server'};
-        // app.manifest.tcpPorts['TEST_FOOBAR'] = { defaultValue: 1338, description: 'FOOBAR server'};
-        // app.portBindings['TEST_SSH'] = 1339;
-
-        var portBindingsInfo = {};                  // Portbinding map only for information
-        var portBindings = {};                      // This is the actual model holding the env:port pair
-        var portBindingsEnabled = {};               // This is the actual model holding the enabled/disabled flag
-        var obsoletePortBindings = {};              // Info map for obsolete port bindings, this is for display use only and thus not in the model
-        var portsChanged = false;
-        var env;
-
-        // detect new portbindings and copy all from manifest.tcpPorts
-        for (env in updateManifest.tcpPorts) {
-            portBindingsInfo[env] = updateManifest.tcpPorts[env];
-            if (!app.manifest.tcpPorts[env]) {
-                portBindingsInfo[env].isNew = true;
-                portBindingsEnabled[env] = true;
-
-                // use default integer port value in model
-                portBindings[env] = updateManifest.tcpPorts[env].defaultValue || 0;
-
-                portsChanged = true;
-            } else {
-                // detect if the port binding was enabled
-                if (app.portBindings[env]) {
-                    portBindings[env] = app.portBindings[env];
-                    portBindingsEnabled[env] = true;
-                } else {
-                    portBindings[env] = updateManifest.tcpPorts[env].defaultValue || 0;
-                    portBindingsEnabled[env] = false;
-                }
-            }
-        }
-
-        // detect obsolete portbindings (mappings in app.portBindings, but not anymore in updateManifest.tcpPorts)
-        for (env in app.manifest.tcpPorts) {
-            // only list the port if it is not in the new manifest and was enabled previously
-            if (!updateManifest.tcpPorts[env] && app.portBindings[env]) {
-                obsoletePortBindings[env] = app.portBindings[env];
-                portsChanged = true;
-            }
-        }
-
-        // now inject the maps into the $scope, we only show those if ports have changed
-        $scope.appUpdate.portBindings = portBindings;                 // always inject the model, so it gets used in the actual update call
-        $scope.appUpdate.portBindingsEnabled = portBindingsEnabled;   // always inject the model, so it gets used in the actual update call
-
-        if (portsChanged) {
-            $scope.appUpdate.portBindingsInfo = portBindingsInfo;
-            $scope.appUpdate.obsoletePortBindings = obsoletePortBindings;
-        } else {
-            $scope.appUpdate.portBindingsInfo = {};
-            $scope.appUpdate.obsoletePortBindings = {};
-        }
-
        $('#appUpdateModal').modal('show');
    };

-    $scope.doUpdate = function (form) {
+    $scope.doUpdate = function () {
        $scope.appUpdate.busy = true;

-        // only use enabled ports from portBindings
-        var finalPortBindings = {};
-        for (var env in $scope.appUpdate.portBindings) {
-            if ($scope.appUpdate.portBindingsEnabled[env]) {
-                finalPortBindings[env] = $scope.appUpdate.portBindings[env];
-            }
-        }
-
-        Client.updateApp($scope.appUpdate.app.id, $scope.appUpdate.manifest, finalPortBindings, function (error) {
+        Client.updateApp($scope.appUpdate.app.id, $scope.appUpdate.manifest, function (error) {
            if (error) {
                Client.error(error);
            } else {
                $scope.appUpdate.app = {};
-
-                form.$setPristine();
-                form.$setUntouched();
-
                $('#appUpdateModal').modal('hide');
            }

@@ -512,10 +443,6 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        window.history.back();
    };

-    $scope.hasPostInstallMessage = function (app) {
-        return app.manifest && app.manifest.postInstallMessage;
-    };
-
    function fetchUsers() {
        Client.getUsers(function (error, users) {
            if (error) {
@@ -72,18 +72,26 @@
                            </div>
                            <div class="radio">
                                <label>
-                                    <input type="radio" ng-model="appInstall.accessRestrictionOption" value="groups" ng-disabled="groups.length <= 1">
-                                    Only allow the following user groups <span class="label label-danger" ng-show="appInstall.accessRestrictionOption === 'groups' && !appInstall.isAccessRestrictionValid()">Select at least one group</span>
+                                    <input type="radio" ng-model="appInstall.accessRestrictionOption" value="groups">
+                                    Only allow the following users and groups <span class="label label-danger" ng-show="appInstall.accessRestrictionOption === 'groups' && !appInstall.isAccessRestrictionValid()">Select at least one user or group</span>
                                </label>
                            </div>
-                            <div ng-show="groups.length <= 1" style="margin-left: 20px;">No groups available. <a href="" ng-click="showView('/users')">Create groups</a></div>
                            <div>
                                <div style="margin-left: 20px;">
-                                    <span ng-repeat="group in groups | ignoreAdminGroup">
-                                        <button class="btn btn-default" type="button" ng-disabled="appInstall.accessRestrictionOption !== 'groups'" ng-click="appInstall.toggleGroup(group);" ng-class="{ 'btn-primary': (appInstall.accessRestriction.groups && appInstall.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button>
-                                    </span>
+                                    <div class="col-md-5">
+                                        Users: &nbsp;
+                                        <multiselect ng-model="appInstall.accessRestriction.users" ng-disabled="appInstall.accessRestrictionOption !== 'groups'" options="user.username for user in users" data-multiple="true"></multiselect>
+                                    </div>
+
+                                    <div class="col-md-5">
+                                        Groups: &nbsp;
+                                        <multiselect ng-model="appInstall.accessRestriction.groups" ng-disabled="appInstall.accessRestrictionOption !== 'groups'" options="group.name for group in (groups | ignoreAdminGroup)" data-multiple="true"></multiselect>
+                                    </div>
                                </div>
                            </div>
+
+                            <br/>
+                            <br/>
                        </div>

                        <p ng-show="!mailConfig.enabled && appInstall.app.manifest.addons.email" class="text-danger">
@@ -53,14 +53,6 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
            return !!(tmp.users.length || tmp.groups.length);
        },

-        toggleGroup: function (group) {
-            var groups = $scope.appInstall.accessRestriction.groups;
-            var pos = groups.indexOf(group.id);
-
-            if (pos === -1) groups.push(group.id);
-            else groups.splice(pos, 1);
-        },
-
        reset: function () {
            $scope.appInstall.app = {};
            $scope.appInstall.error = {};
@@ -144,13 +136,17 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
                }
            }

-            // translate to accessRestriction object
-            var accessRestriction = $scope.appInstall.accessRestrictionOption === 'groups' ? $scope.appInstall.accessRestriction : null;
+            var finalAccessRestriction = null;
+            if ($scope.appInstall.accessRestrictionOption === 'groups') {
+                finalAccessRestriction = { users: [], groups: [] };
+                finalAccessRestriction.users = $scope.appInstall.accessRestriction.users.map(function (u) { return u.id; });
+                finalAccessRestriction.groups = $scope.appInstall.accessRestriction.groups.map(function (g) { return g.id; });
+            }

            var data = {
                location: $scope.appInstall.location || '',
                portBindings: finalPortBindings,
-                accessRestriction: accessRestriction,
+                accessRestriction: finalAccessRestriction,
                cert: $scope.appInstall.certificateFile,
                key: $scope.appInstall.keyFile,
                sso: !$scope.appInstall.optionalSso ? undefined : ($scope.appInstall.accessRestrictionOption !== 'nosso')
@@ -353,18 +349,6 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
            });

            return callback(null, apps);
-
-            // Client.getNonApprovedApps(function (error, result) {
-            //     if (error) return callback(error);
-
-            //     // add testing tag to the manifest for UI and search reasons
-            //     result.forEach(function (app) {
-            //         if (!app.manifest.tags) app.manifest.tags = [];
-            //         app.manifest.tags.push('testing');
-            //     });
-
-            //     callback(null, apps.concat(result));
-            // });
        });
    }

@@ -33,7 +33,7 @@
                        <div class="form-group" ng-class="{ 'has-error': false }" ng-show="dnsCredentials.provider === 'gcdns'">
                            <div class="input-group">
                                <input type="file" id="gcdnsKeyFileInput" style="display:none"/>
-                                <input type="text" class="form-control" placeholder="Service Account Key" ng-model="dnsCredentials.gcdnsKey.keyFileName" id="gcdnsKeyInput" name="cert" onclick="getElementById('gcdnsKeyFileInput').click();" style="cursor: pointer;" ng-disabled="dnsCredentials.busy" required>
+                                <input type="text" class="form-control" placeholder="Service Account Key" ng-model="dnsCredentials.gcdnsKey.keyFileName" id="gcdnsKeyInput" name="cert" onclick="getElementById('gcdnsKeyFileInput').click();" style="cursor: pointer;" ng-disabled="dnsCredentials.busy" ng-required="dnsCredentials.provider === 'gcdns'">
                                <span class="input-group-addon">
                                  <i class="fa fa-upload" onclick="getElementById('gcdnsKeyFileInput').click();"></i>
                              </span>
@@ -90,7 +90,7 @@
                </p>

                <p ng-show="dnsCredentials.provider === 'manual'">
-                    Setup an <i>A</i> record for <b>my.{{ dnsCredentials.customDomain || 'example.com' }}</b> to this server's IP. All DNS records have to be setup manually <i>before</i> each app installation.
+                    Setup an <i>A</i> record for <b>{{ config.adminLocation }}.{{ dnsCredentials.customDomain || 'example.com' }}</b> to this server's IP. All DNS records have to be setup manually <i>before</i> each app installation.
                </p>
            </div>
            <div class="modal-footer ">
@@ -68,8 +68,8 @@
 <div class="logs-controls">
  <div class="col-md-10 col-md-offset-1">
    <uib-tabset active="active">
-      <uib-tab index="1" heading="Terminal" select="showTerminal()"></uib-tab>
      <uib-tab index="0" heading="Logs" select="showLogs()"></uib-tab>
+      <uib-tab index="1" heading="Terminal" select="showTerminal()"></uib-tab>
    </uib-tabset>
    <select class="form-control pull-right inline" ng-options="log.name for log in logs track by log.value" ng-model="selected"></select>

@@ -27,18 +27,32 @@
 </div>

 <!-- Test email sent -->
-<div class="modal fade" id="testEmailSent" tabindex="-1" role="dialog">
+<div class="modal fade" id="testEmailModal" tabindex="-1" role="dialog">
  <div class="modal-dialog">
    <div class="modal-content">
      <div class="modal-header">
-        <h4 class="modal-title">Test Email Sent</h4>
+        <h4 class="modal-title">Send test email</h4>
      </div>
      <div class="modal-body">
-        A test email was sent to {{ user.email }}. Please check the inbox of this account and verify the email was delivered.
-      </div>
-      <div class="modal-footer">
-        <button type="button" class="btn btn-default" data-dismiss="modal">Ok</button>
+          <form name="testEmailForm" role="form" novalidate ng-submit="testEmail.submit()" autocomplete="off">
+              <fieldset>
+                  <p class="has-error text-center" ng-show="testEmail.error">{{ testEmail.error.generic }}</p>
+
+                  <div class="form-group" ng-class="{ 'has-error': testEmail.error.key }">
+                      <label class="control-label" for="inputTestEmailKey">Email to</label>
+                      <input type="text" class="form-control" ng-model="testEmail.mailTo" id="inputTestMailTo" name="mailTo" ng-disabled="testEmail.busy" placeholder="Email address" autofocus>
+                  </div>
+
+                  <input class="ng-hide" type="submit" ng-disabled="testEmailForm.$invalid"/>
+              </fieldset>
+          </form>
      </div>
+      <div class="modal-footer ">
+        <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+        <button type="submit" class="btn btn-outline btn-success pull-right" ng-click="testEmail.submit()" ng-disabled="testEmail.$invalid || testEmail.busy">
+            <i class="fa fa-circle-o-notch fa-spin" ng-show="testEmail.busy"></i><span>Send</span>
+        </button>
+    </div>
    </div>
  </div>
 </div>
@@ -65,9 +79,9 @@
       <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#mail_settings">Mail server settings for email clients</a>
       <div id="mail_settings" class="panel-collapse collapse">
         <br/>
-         <p><b>Incoming Mail (IMAP)</b><br/>Server: <span ng-click-select>my.{{config.fqdn}}</span><br/>Port: 993 (TLS)</p>
-         <p><b>Outgoing Mail (SMTP)</b><br/>Server: <span ng-click-select>my.{{config.fqdn}}</span><br/>Port: 587 (STARTTLS)</p>
-         <p><b>ManageSieve</b><br/>Server: <span ng-click-select>my.{{config.fqdn}}</span><br/>Port: 4190 (TLS)</p>
+         <p><b>Incoming Mail (IMAP)</b><br/>Server: <span ng-click-select>{{config.mailFqdn}}</span><br/>Port: 993 (TLS)</p>
+         <p><b>Outgoing Mail (SMTP)</b><br/>Server: <span ng-click-select>{{config.mailFqdn}}</span><br/>Port: 587 (STARTTLS)</p>
+         <p><b>ManageSieve</b><br/>Server: <span ng-click-select>{{config.mailFqdn}}</span><br/>Port: 4190 (TLS)</p>
         <p>All the servers require your Cloudron credentials for authentication.</p>
        </div>
      </div>
@@ -181,12 +195,13 @@
    </div>
  </div>

-  <div class="text-left" ng-show="dnsConfig.provider && dnsConfig.provider !== 'caas'">
+  <div class="text-left" ng-show="dnsConfig.provider && dnsConfig.provider !== 'caas' && currentRelay.provider === 'cloudron-smtp'">
    <h3>DNS Records</h3>
  </div>

-  <div class="card" style="margin-bottom: 15px;" ng-show="dnsConfig.provider && dnsConfig.provider !== 'caas'">
+  <div class="card" style="margin-bottom: 15px;" ng-show="dnsConfig.provider && dnsConfig.provider !== 'caas' && currentRelay.provider === 'cloudron-smtp'">
    <div class="row">
+
      <div class="col-md-12">
        Set the following DNS records to guarantee email delivery:

@@ -196,7 +211,7 @@
          <div class="row" ng-if="expectedDnsRecords[record.value] && (mailConfig.enabled || (record.name !== 'DMARC' && record.name !== 'MX'))">
            <div class="col-xs-12">
              <p class="text-muted">
-                <i ng-class="expectedDnsRecords[record.value].status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
+                <i ng-hide="email.refreshBusy" ng-class="expectedDnsRecords[record.value].status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
                <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#collapse_dns_{{ record.value }}">{{ record.name }} record</a>
                <button class="btn btn-xs btn-default" ng-click="email.refresh()" ng-disabled="email.refreshBusy" ng-show="!expectedDnsRecords[record.value].status"><i class="fa fa-refresh" ng-class="{ 'fa-pulse': email.refreshBusy }"></i></button>
              </p>
@@ -211,8 +226,10 @@
            </div>
          </div>
        </div>
+
      </div>
    </div>
+
  </div>

  <div class="text-left" ng-show="dnsConfig.provider && dnsConfig.provider !== 'caas'">
@@ -226,13 +243,13 @@
        <div class="row">
          <div class="col-xs-12">
            <p class="text-muted">
-              <i ng-class="relay.status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
-              <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#collapse_dns_port">
+              <i ng-hide="email.refreshBusy" ng-class="relay.status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
+              <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#collapse_outbound_smtp">
                Outbound SMTP
              </a>
              <button class="btn btn-xs btn-default" ng-click="email.refresh()" ng-disabled="email.refreshBusy" ng-show="!relay.status"><i class="fa fa-refresh" ng-class="{ 'fa-pulse': email.refreshBusy }"></i></button>
            </p>
-            <div id="collapse_dns_port" class="panel-collapse collapse">
+            <div id="collapse_outbound_smtp" class="panel-collapse collapse">
              <div class="panel-body">
                <p><b> {{ relay.value }} </b> </p>
              </div>
@@ -240,10 +257,10 @@
          </div>
        </div>

-        <div class="row" ng-show="rbl">
+        <div class="row" ng-show="currentRelay.provider === 'cloudron-smtp'">
          <div class="col-xs-12">
            <p class="text-muted">
-              <i ng-class="rbl.status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
+              <i ng-hide="email.refreshBusy" ng-class="rbl.status ? 'fa fa-check-circle text-success' : 'fa fa-exclamation-triangle text-danger'"></i> &nbsp;
              <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#collapse_rbl">
                  IP Address Blacklist Check
              </a>
@@ -262,7 +279,7 @@

        <div class="row">
          <div class="col-xs-12">
-            <button class="btn btn-primary pull-left" ng-click="sendTestEmail()">Send Test Email</button>
+            <button class="btn btn-primary pull-left" ng-click="testEmail.show()">Send Test Email</button>
          </div>
        </div>
      </div>
@@ -7,9 +7,16 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
    $scope.user = Client.getUserInfo();
    $scope.config = Client.getConfig();
    $scope.dnsConfig = {};
+    $scope.currentRelay = {};
    $scope.relay = {};
    $scope.rbl = null;
-    $scope.expectedDnsRecords = {};
+    $scope.expectedDnsRecords = {
+        mx: { },
+        dkim: { },
+        spf: { },
+        dmarc: { },
+        ptr: { }
+    };
    $scope.expectedDnsRecordsTypes = [
        { name: 'MX', value: 'mx' },
        { name: 'DKIM', value: 'dkim' },
@@ -81,6 +88,8 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
        refresh: function () {
            $scope.email.refreshBusy = true;

+            collapseDnsRecords();
+
            showExpectedDnsRecords(function (error) {
                if (error) console.error(error);

@@ -150,20 +159,56 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
            }

            Client.setMailRelay(data, function (error) {
-                if (error) $scope.mailRelay.error = error.message;
-                else $scope.mailRelay.success = true;
-
                $scope.mailRelay.busy = false;
+
+                if (error) {
+                    $scope.mailRelay.error = error.message;
+                    return;
+                }
+
+                $scope.currentRelay = data;
+                $scope.mailRelay.success = true;
+                $scope.email.refresh();
            });
        }
    };

-    $scope.sendTestEmail = function () {
-        Client.sentTestMail($scope.user.email, function (error) {
-            if (error) return console.error(error);
+    $scope.testEmail = {
+        busy: false,
+        error: {},

-            $('#testEmailSent').modal('show');
-        });
+        mailTo: '',
+
+        clearForm: function () {
+            $scope.testEmail.mailTo = '';
+        },
+
+        show: function () {
+            $scope.testEmail.error = {};
+            $scope.testEmail.busy = false;
+
+            $scope.testEmail.mailTo = $scope.user.email;
+
+            $('#testEmailModal').modal('show');
+        },
+
+        submit: function () {
+            $scope.testEmail.error = {};
+            $scope.testEmail.busy = true;
+
+            Client.sentTestMail($scope.testEmail.mailTo, function (error) {
+                $scope.testEmail.busy = false;
+
+                if (error) {
+                    $scope.testEmail.error.generic = error.message;
+                    console.error(error);
+                    $('#inputTestMailTo').focus();
+                    return;
+                }
+
+                $('#testEmailModal').modal('hide');
+            });
+        }
    };

    function getMailConfig() {
@@ -185,6 +230,8 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
            $scope.mailRelay.relay.password = '';
            $scope.mailRelay.relay.serverApiToken = '';

+            $scope.currentRelay = relay;
+
            if (relay.provider === 'postmark-smtp') {
                $scope.mailRelay.relay.serverApiToken = relay.username;
            } else if (relay.provider === 'sendgrid-smtp') {
@@ -211,25 +258,41 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
        });
    }

+    function collapseDnsRecords() {
+        $scope.expectedDnsRecordsTypes.forEach(function (record) {
+            var type = record.value;
+            $('#collapse_dns_' + type).collapse('hide');
+        });
+
+        $('#collapse_outbound_smtp').collapse('hide');
+        $('#collapse_rbl').collapse('hide');
+    }
+
    function showExpectedDnsRecords(callback) {
        callback = callback || function (error) { if (error) console.error(error); };

        Client.getEmailStatus(function (error, result) {
            if (error) return callback(error);

-            $scope.expectedDnsRecords = result.dns;
            $scope.relay = result.relay;
            $scope.rbl = result.rbl;

            // open the record details if they are not correct
-            for (var type in $scope.expectedDnsRecords) {
+            $scope.expectedDnsRecordsTypes.forEach(function (record) {
+                var type = record.value;
+                $scope.expectedDnsRecords[type] = result.dns[type] || {};
+
                if (!$scope.expectedDnsRecords[type].status) {
                    $('#collapse_dns_' + type).collapse('show');
                }
-            }
+            });

            if (!$scope.relay.status) {
-                $('#collapse_dns_port').collapse('show');
+                $('#collapse_outbound_smtp').collapse('show');
+            }
+
+            if (!$scope.rbl.status) {
+                $('#collapse_rbl').collapse('show');
            }

            callback(null);
@@ -285,5 +348,12 @@ angular.module('Application').controller('EmailController', ['$scope', '$locatio
        $scope.email.refresh();
    });

+    // setup all the dialog focus handling
+    ['testEmailModal'].forEach(function (id) {
+        $('#' + id).on('shown.bs.modal', function () {
+            $(this).find("[autofocus]:first").focus();
+        });
+    });
+
    $('.modal-backdrop').remove();
 }]);
@@ -93,10 +93,19 @@ angular.module('Application').controller('GraphsController', ['$scope', '$locati
            var ctx = $('#memoryAppChart').get(0).getContext('2d');
            var chart = new Chart(ctx);

+            var scaleStepWidth;
+            if ($scope.activeApp === 'system') {
+                console.log(Client.getConfig().memory);
+                scaleStepWidth = Math.round(Client.getConfig().memory / (1024 * 1024) / 10); // scaleSteps is 10
+            } else {
+                var memoryLimit = $scope.activeApp.memoryLimit || $scope.activeApp.manifest.memoryLimit || (256 * 1024 * 1024);
+                scaleStepWidth = Math.round(memoryLimit / (1024 * 1024) / 10); // scaleSteps is 10
+            }
+
            var options = {
                scaleOverride: true,
                scaleSteps: 10,
-                scaleStepWidth: $scope.activeApp === 'system' ? 200 : ($scope.activeApp.manifest.memoryLimit ? parseInt($scope.activeApp.manifest.memoryLimit/10000000,10) : 20),
+                scaleStepWidth: scaleStepWidth,
                scaleStartValue: 0
            };

@@ -142,16 +142,32 @@
                            <input type="text" class="form-control" ng-model="configureBackup.backupFolder" id="inputConfigureBackupFolder" name="backupFolder" ng-disabled="configureBackup.busy" placeholder="Directory for backups" ng-required="configureBackup.provider === 'filesystem'">

                            <p class="has-error" ng-show="configureBackup.provider === 'filesystem'">
-                                Please ensure that the backup directory is an external disk
+                                Please ensure that the backup directory is an external ext4 disk
                            </p>
                        </div>

+                        <div class="checkbox" ng-show="configureBackup.provider === 'filesystem'">
+                            <label>
+                                <input type="checkbox" ng-model="configureBackup.useHardlinks" id="inputConfigureUseHardlinks">
+                                    Use hardlinks
+                                </input>
+                            </label>
+                        </div>
+
                        <!-- S3/Minio/SOS -->
                        <div class="form-group" ng-class="{ 'has-error': configureBackup.error.endpoint }" ng-show="configureBackup.provider === 'minio' || configureBackup.provider === 's3-v4-compat'">
                            <label class="control-label" for="inputConfigureBackupEndpoint">Endpoint</label>
                            <input type="text" class="form-control" ng-model="configureBackup.endpoint" id="inputConfigureBackupEndpoint" name="endpoint" ng-disabled="configureBackup.busy" placeholder="URL of Minio/S3 Compatible" ng-required="configureBackup.provider === 'minio' || configureBackup.provider === 's3-v4-compat'">
                        </div>

+                        <div class="checkbox" ng-show="configureBackup.provider === 'minio' || configureBackup.provider === 's3-v4-compat'" >
+                            <label>
+                                <input type="checkbox" ng-model="configureBackup.acceptSelfSignedCerts" id="inputConfigureBackupSelfSigned">
+                                    Accept Self-signed certificate
+                                </input>
+                            </label>
+                        </div>
+
                        <div class="form-group" ng-class="{ 'has-error': configureBackup.error.bucket }" ng-show="s3like(configureBackup.provider)">
                            <label class="control-label" for="inputConfigureBackupBucket">Bucket name</label>
                            <input type="text" class="form-control" ng-model="configureBackup.bucket" id="inputConfigureBackupBucket" name="bucket" ng-disabled="configureBackup.busy" ng-required="s3like(configureBackup.provider)">
@@ -346,6 +362,15 @@
          </div>
      </div>

+      <div class="row" ng-show="backupConfig.provider !== 'caas'">
+          <div class="col-xs-6">
+              <span class="text-muted">Storage Format</span>
+          </div>
+          <div class="col-xs-6 text-right">
+              <span>{{ backupConfig.format }}</span>
+          </div>
+      </div>
+
      <br/>

      <div class="row">
@@ -42,7 +42,7 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca

    $scope.storageProvider = [
        { name: 'Amazon S3', value: 's3' },
-        { name: 'DigitalOcean Spaces', value: 'digitalocean-spaces' },
+        { name: 'DigitalOcean Spaces NYC3', value: 'digitalocean-spaces' },
        { name: 'Exoscale SOS', value: 'exoscale-sos' },
        { name: 'Filesystem', value: 'filesystem' },
        { name: 'Minio', value: 'minio' },
@@ -52,7 +52,7 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca

    $scope.retentionTimes = [
        { name: '2 days', value: 2 * 24 * 60 * 60 },
-        { name: '1 week', value:  7 * 24 * 60 * 60},
+        { name: '1 week', value:  7 * 24 * 60 * 60}, // the default
        { name: '1 month', value: 30 * 24 * 60 * 60},
        { name: 'Forever', value: -1 }
    ];
@@ -325,7 +325,9 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
        region: '',
        endpoint: '',
        backupFolder: '',
-        retentionSecs: -1,
+        retentionSecs:  7 * 24 * 60 * 60,
+        acceptSelfSignedCerts: false,
+        useHardlinks: true,
        format: 'tgz',

        clearForm: function () {
@@ -336,8 +338,10 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
            $scope.configureBackup.endpoint = '';
            $scope.configureBackup.region = '';
            $scope.configureBackup.backupFolder = '';
-            $scope.configureBackup.retentionSecs = -1;
+            $scope.configureBackup.retentionSecs = 7 * 24 * 60 * 60;
            $scope.configureBackup.format = 'tgz';
+            $scope.configureBackup.acceptSelfSignedCerts = false;
+            $scope.configureBackup.useHardlinks = true;
        },

        show: function () {
@@ -355,6 +359,8 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
            $scope.configureBackup.backupFolder = $scope.backupConfig.backupFolder;
            $scope.configureBackup.retentionSecs = $scope.backupConfig.retentionSecs;
            $scope.configureBackup.format = $scope.backupConfig.format;
+            $scope.configureBackup.acceptSelfSignedCerts = !!$scope.backupConfig.acceptSelfSignedCerts;
+            $scope.configureBackup.useHardlinks = !$scope.backupConfig.noHardlinks;

            $('#configureBackupModal').modal('show');
        },
@@ -383,6 +389,7 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
                    if ($scope.configureBackup.region) backupConfig.region = $scope.configureBackup.region;
                } else if (backupConfig.provider === 'minio' || backupConfig.provider === 's3-v4-compat') {
                    backupConfig.region = 'us-east-1';
+                    backupConfig.acceptSelfSignedCerts = $scope.configureBackup.acceptSelfSignedCerts;
                } else if (backupConfig.provider === 'exoscale-sos') {
                    backupConfig.endpoint = 'https://sos.exo.io';
                    backupConfig.region = 'us-east-1';
@@ -393,6 +400,7 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
                }
            } else if (backupConfig.provider === 'filesystem') {
                backupConfig.backupFolder = $scope.configureBackup.backupFolder;
+                backupConfig.noHardlinks = !$scope.configureBackup.useHardlinks;
            }

            Client.setBackupConfig(backupConfig, function (error) {
@@ -446,9 +454,6 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca
                // $scope.configureBackup.reset();
                $('#configureBackupModal').modal('hide');

-                // TODO: be smarter and create new backup only when required
-                $scope.createBackup.doCreateBackup();
-
                // now refresh the ui
                Client.refreshConfig();
                getBackupConfig();
@@ -510,8 +515,8 @@ angular.module('Application').controller('SettingsController', ['$scope', '$loca

            $scope.backupConfig = backupConfig;

-            // Check if a proper storage backend is configured
-            if (backupConfig.provider === 'filesystem') {
+            // Check if a proper storage backend is configured. TODO: this check fails if /var/backups is actually external
+            if (backupConfig.provider === 'filesystem' && backupConfig.backupFolder === '/var/backups') {
                var actionScope = $scope.$new(true);
                actionScope.action = '/#/settings';

@@ -31,7 +31,7 @@ angular.module('Application').controller('SupportController', ['$scope', '$locat

        Client.feedback($scope.feedback.type, $scope.feedback.subject, $scope.feedback.description, function (error) {
            if (error) {
-                $scope.feedback.error = error;
+                $scope.feedback.error = error.message;
            } else {
                $scope.feedback.success = true;
                resetFeedback();
Author	SHA1	Message	Date
Girish Ramakrishnan	cceccc417e	Add 1.8.5 changes	2017-12-26 05:48:51 -08:00
Girish Ramakrishnan	551680ddf8	Waiting -> Pending	2017-12-26 05:43:08 -08:00
Girish Ramakrishnan	d7ec5ae379	Use updateConfig addons instead of manifest addons to setup Even though app.manifest variable is updated by updatedApp, the setupAddons is called with the _old_ value because it is a bind()	2017-12-26 05:42:46 -08:00
Girish Ramakrishnan	ca60d4c8b8	1.8.4 changes	2017-12-07 20:17:35 +05:30
Girish Ramakrishnan	2ce00ca0d7	Fix display of DNS records when not using cloudron-smtp Fixes #492	2017-12-07 20:13:28 +05:30
Girish Ramakrishnan	a57db15b63	Bump mail container for internal email relay fix	2017-12-07 20:12:34 +05:30
Johannes Zellner	f14a8b0ab0	add 1.8.3 changes	2017-11-23 02:48:16 +01:00
Girish Ramakrishnan	5f207716e5	1.8.2 changes	2017-11-23 02:48:16 +01:00
Johannes Zellner	010d48035b	Setup domain record in settingsdb during dns setup	2017-11-23 02:48:12 +01:00
Girish Ramakrishnan	7e6a83df84	Fix migration callback	2017-11-18 02:11:00 -08:00
Girish Ramakrishnan	ec4910a45e	Fix restore	2017-11-17 22:35:56 -08:00
Girish Ramakrishnan	6558c78094	change the json blobs to text	2017-11-17 15:52:40 -08:00
Girish Ramakrishnan	5df92d1903	remove dead code	2017-11-17 15:18:06 -08:00
Girish Ramakrishnan	05affa7d26	remove dead code	2017-11-17 15:17:50 -08:00
Girish Ramakrishnan	46c6c5a5a8	remove double .js	2017-11-17 14:50:53 -08:00
Girish Ramakrishnan	75da751c72	1.8.1 changes	2017-11-17 14:50:53 -08:00
Johannes Zellner	b84f60671e	Also fix the restoreConfigJson migration down script	2017-11-17 23:45:22 +01:00
Johannes Zellner	8dcb06cb02	Fix db migration down step for newConfigJson change	2017-11-17 23:41:22 +01:00
Girish Ramakrishnan	83bf739081	Update the license	2017-11-17 10:46:12 -08:00
Girish Ramakrishnan	48a52fae2e	LE agreement URL has changed	2017-11-17 10:35:58 -08:00
Girish Ramakrishnan	0ddbda6068	Fix crash	2017-11-16 15:11:12 -08:00
Girish Ramakrishnan	360fa058ea	store format information for restoring fixes #483	2017-11-16 15:01:27 -08:00
Johannes Zellner	489d2022e6	Do not underline errored links	2017-11-16 23:18:50 +01:00
Girish Ramakrishnan	f762d0c0a1	newConfig -> updateConfig	2017-11-16 12:36:07 -08:00
Girish Ramakrishnan	98cad0678d	Handle json parse errors with new body-parser module	2017-11-16 11:47:17 -08:00
Girish Ramakrishnan	92acb2954f	Rename restoreConfig to manifest in backup table Only the manifest needs to be preserved in the backup table	2017-11-16 11:25:40 -08:00
Girish Ramakrishnan	00a6e4c982	Show doc url in info dialog Fixes #486	2017-11-16 10:05:49 -08:00
Girish Ramakrishnan	bf9eb4bd87	Switch the default to logs to show some useful information	2017-11-16 10:05:49 -08:00
Girish Ramakrishnan	2f4940acbd	update modules	2017-11-16 09:34:00 -08:00
Girish Ramakrishnan	9f7ca552a6	handle various appstore errors	2017-11-16 00:23:34 -08:00
Girish Ramakrishnan	4272d5be8a	Send feedback via API Fixes #484	2017-11-15 23:31:13 -08:00
Girish Ramakrishnan	1babfb6e87	Allow admins to access all apps Fixes #420	2017-11-15 19:24:11 -08:00
Girish Ramakrishnan	5663cf45f8	remove redundant reset	2017-11-15 19:08:38 -08:00
Girish Ramakrishnan	d8cb2d1d25	test: reset is already part of setup	2017-11-15 18:56:27 -08:00
Girish Ramakrishnan	174a60bb07	fix linter warnings	2017-11-15 18:56:27 -08:00
Girish Ramakrishnan	3d7094bf28	Handle error in uploadFile	2017-11-15 18:45:23 -08:00
Girish Ramakrishnan	4d6616930a	Fix failing test	2017-11-15 18:41:37 -08:00
Girish Ramakrishnan	24875ba292	Handle all errors and set focus correctly Fixes #485	2017-11-14 18:26:42 -08:00
Johannes Zellner	c58b2677b6	Fixup config tests and do not allow saving random values to the config file Those will eventually be overwritten by start.sh anyways, we cannot rely on those	2017-11-15 02:41:40 +01:00
Johannes Zellner	25146e1134	Allow tests to work without a cloudron.conf on disk	2017-11-15 02:40:50 +01:00
Johannes Zellner	c0c35964fe	Fix backups tests	2017-11-15 02:29:58 +01:00
Johannes Zellner	0bf9ab0a2b	No need to put static database config in cloudron.conf	2017-11-15 02:29:36 +01:00
Johannes Zellner	6d86f4cbda	Ensure we only save relevant config values	2017-11-15 02:29:07 +01:00
Girish Ramakrishnan	d2741bbeb9	Allow mailTo to be configurable Part of #485	2017-11-14 16:24:34 -08:00
Girish Ramakrishnan	690d02a353	Always show the DNS records in the UI	2017-11-14 15:13:56 -08:00
Johannes Zellner	c629db9597	Remove preinstall app bundle support	2017-11-14 23:09:17 +01:00
Girish Ramakrishnan	67fcf85abb	Allow restore if already restoring	2017-11-13 18:43:36 -08:00
Girish Ramakrishnan	527eace8f8	Fix j2xml usage	2017-11-13 11:10:42 -08:00
Girish Ramakrishnan	e65230b833	update many dev modules	2017-11-13 10:57:36 -08:00
Girish Ramakrishnan	3e8334040b	Update many node modules also, use rimraf instead of del	2017-11-13 10:57:32 -08:00
Girish Ramakrishnan	2bcd3a8e4d	Add a hack to stretch the multi-select box a bit	2017-11-12 02:50:28 -08:00
Girish Ramakrishnan	e75b85fc3a	Bump postgresql container to workaround shm issues reconfiguring the postgresql configuring seems to fix some shm issues on docker upgrade	2017-11-11 20:52:34 -08:00
Girish Ramakrishnan	c4362d3339	Fix failing ldap test	2017-11-11 17:33:27 -08:00
Girish Ramakrishnan	85e492a632	Fix detection of container id from IP https://docs.docker.com/engine/api/v1.32/#tag/Network "Note that it uses a different, smaller representation of a network than inspecting a single network. For example, the list of containers attached to the network is not propagated in API versions 1.28 and up." Verified using: curl --unix-socket /var/run/docker.sock http::/networks/cloudron	2017-11-11 16:55:43 -08:00
Girish Ramakrishnan	b8d4b67043	update aws-sdk and dockerode	2017-11-11 16:38:40 -08:00
Girish Ramakrishnan	ffacd31259	bump the node version	2017-11-11 16:25:42 -08:00
Johannes Zellner	19f6da88da	Do not disable access control elements if no group was created There are still users to be selected	2017-11-12 00:09:05 +01:00
Girish Ramakrishnan	c0faae4e27	Add more changes for 1.8.0	2017-11-11 11:14:42 -08:00
Girish Ramakrishnan	a19c566eea	Always show info box that displays app version Fixes #478	2017-11-11 11:09:59 -08:00
Girish Ramakrishnan	3ec806452c	Update node to 6.11.5	2017-11-10 19:25:08 -08:00
Girish Ramakrishnan	0c73cd5219	Update docker to 17.09	2017-11-10 18:49:28 -08:00
Girish Ramakrishnan	9b6bf719ff	1.7.8 changes	2017-11-09 09:40:26 -08:00
Girish Ramakrishnan	25431d3cc4	Fix the spacing	2017-11-09 09:29:42 -08:00
Girish Ramakrishnan	e0805df3b1	Only show backup warning if using default location	2017-11-09 09:09:39 -08:00
Girish Ramakrishnan	8392fec570	Remove the bold	2017-11-08 20:57:40 -08:00
Girish Ramakrishnan	1c173ca83f	Add UI to select users for access restriction	2017-11-08 20:54:38 -08:00
Girish Ramakrishnan	05a67db761	backup must be stored in ext4 Other file systems like FAT/CIFS can error with cryptic error messages when saving filenames with special characters such as ':'	2017-11-08 12:26:25 -08:00
Girish Ramakrishnan	bb24d5cf9e	Order eventlog entries by time	2017-11-08 09:14:55 -08:00
Girish Ramakrishnan	8d2fbe931f	Bump max limit to two times ram part of #466	2017-11-07 10:07:05 -08:00
Girish Ramakrishnan	0a8adaac9f	filter out empty usernames from groups Fixes #472	2017-11-06 11:09:40 -08:00
Girish Ramakrishnan	fa6d151325	Fix update mail templates	2017-11-02 21:34:03 -07:00
Girish Ramakrishnan	a7296a0339	Rename filename to backupId in backup eventlog	2017-11-02 18:17:08 -07:00
Girish Ramakrishnan	a6aee53ec2	Filter out failed backups	2017-11-02 18:13:51 -07:00
Girish Ramakrishnan	963ab2e791	More 1.7.7 changes	2017-11-02 16:30:13 -07:00
Girish Ramakrishnan	ca724b8b03	Add cert renewal and user add/remove in weekly digest	2017-11-02 16:30:10 -07:00
Girish Ramakrishnan	88a929c85e	Instead of appstore account, include owner alternate email	2017-11-02 15:10:05 -07:00
Girish Ramakrishnan	2bc0270880	1.7.7 changes	2017-11-02 12:18:51 -07:00
Girish Ramakrishnan	014b77b7aa	Fix LE cert renewal failures LE contacts the server by hostname and not by IP. This means that when installing and reconfiguring the app it hits the default_server route since nginx configs for the app are not generated at. When doing in the daily cert renew, the nginx configs exist and we are unable to renew the certs.	2017-11-02 11:43:43 -07:00
Girish Ramakrishnan	06f8aa8f29	Remove dead code getNonApprovedCode code flow is ununsed (and broken by design on the appstore side).	2017-11-02 10:36:30 -07:00
Girish Ramakrishnan	a8c64bf9f7	Clarify heartbeat code heartbeats are not sent for self-hosted cloudrons (only managed ones)	2017-11-02 10:26:21 -07:00
Girish Ramakrishnan	41ef16fbec	link to memory limit docs	2017-11-01 09:25:05 -07:00
Girish Ramakrishnan	2a848a481b	Add newline	2017-11-01 09:25:05 -07:00
Johannes Zellner	3963d76a80	The update dialog does not contain a form anymore Fixes #467	2017-11-01 11:55:06 +01:00
Girish Ramakrishnan	8ede37a43d	Make the dkim selector dynamic it has to change with the adminLocation so that multiple cloudrons can send out emails at the same time.	2017-10-31 12:18:40 -07:00
Girish Ramakrishnan	36534f6bb2	Fix indent	2017-10-31 12:12:02 -07:00
Girish Ramakrishnan	7eddcaf708	Allow setting app memory till memory limit Fixes #466	2017-10-31 12:12:02 -07:00
Girish Ramakrishnan	d8d2572aa1	Keep restarting mysql until it succeeds MySQL restarts randomly fail on our CI systems. This is easily reproducible: root@smartserver:~# cp /tmp/mysql.cnf . && systemctl restart mysql && echo "Yes" Yes root@smartserver:~# cp /tmp/mysql.cnf . && systemctl restart mysql && echo "Yes" Yes root@smartserver:~# cp /tmp/mysql.cnf . && systemctl restart mysql && echo "Yes" Job for mysql.service failed. See "systemctl status mysql.service" and "journalctl -xe" for details. There also seems some apparmor issue: [ 7389.111704] audit: type=1400 audit(1509404778.110:829): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=15618 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=112 ouid=0 The apparmor issue is reported in https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1610765, https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1658233 and https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1658239	2017-10-30 16:14:20 -07:00
Girish Ramakrishnan	96a98a74ac	Move the mysql block The e2e is failing sporadically with: ==> Changing ownership ==> Adding automated configs mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) Maybe the dhparam creation is doing something causing mysql to not respond.	2017-10-30 08:03:47 -07:00
Girish Ramakrishnan	d0a244e392	stash adminLocation also	2017-10-29 19:09:03 -07:00
Girish Ramakrishnan	f09c89e33f	Remove confusing batchSize logic from listDir This also fixes a bug in removeDir in DO spaces thanks to @syn for reporting	2017-10-29 19:04:10 -07:00
Johannes Zellner	d53f0679e5	Also stash the zoneName to settings	2017-10-29 22:40:15 +01:00
Girish Ramakrishnan	527093ebcb	Stash the fqdn in the db for the next multi-domain release	2017-10-29 12:08:27 -07:00
Girish Ramakrishnan	bd5835b866	send adminFqdn as well	2017-10-29 09:36:51 -07:00
Girish Ramakrishnan	6dd70c0ef2	acme challenges must be answered by default_server The challenge must be answered even before app nginx config is available.	2017-10-28 23:39:03 -07:00
Girish Ramakrishnan	acc90e16d7	1.7.6 changes	2017-10-28 21:07:44 -07:00
Girish Ramakrishnan	4b3aca7413	Bump mail container for sogo disconnect fix	2017-10-28 20:58:26 -07:00
Johannes Zellner	8daee764d2	Only require gcdns form input to be valid if that provider is selected	2017-10-28 22:37:56 +02:00
Girish Ramakrishnan	3dedda32d4	Configure http server to only listen on known vhosts/IP For the rest it returns 404 Fixes #446	2017-10-27 00:10:50 -07:00
Girish Ramakrishnan	d127b25f0f	Only set the custom https agent for HTTPS minio Otherwise, we get a Cannot set property ‘agent’ of undefined error	2017-10-26 18:38:45 -07:00
Johannes Zellner	6a2b0eedb3	Add ldap pagination support	2017-10-27 01:25:07 +02:00
Girish Ramakrishnan	8c81a97a4b	Check that the backup location has perms to create a directory The backup itself runs as root and this works fine. But when rotating the backup, the copy fails because it is unable to create a directory.	2017-10-26 11:41:34 -07:00
Girish Ramakrishnan	d9ab1a78d5	Make the my location customizable Fixes #22	2017-10-25 23:00:43 -07:00
Girish Ramakrishnan	593df8ed49	Do not use ADMIN_LOCATION in tests	2017-10-25 21:38:11 -07:00
Girish Ramakrishnan	b30def3620	move prerelease check to appstore	2017-10-25 21:34:56 -07:00
Johannes Zellner	9c02785d49	Support ldap group compare Fixes #463	2017-10-24 02:00:00 +02:00
Johannes Zellner	f747343159	Cleanup unused port bindings after an update	2017-10-23 22:11:33 +02:00
Johannes Zellner	2971910ccf	Do not accept port bindings on update route	2017-10-23 22:06:28 +02:00
Johannes Zellner	56534b9647	Add appdb.delPortBinding()	2017-10-23 22:05:43 +02:00
Johannes Zellner	a8d26067ee	Allow autoupdates if new ports are added Those will simply be disabled after update and the user has to enable them through the app configuration	2017-10-20 22:27:48 +02:00
Johannes Zellner	4212e4bb00	Do not show any port binding update ui	2017-10-20 22:27:48 +02:00
Johannes Zellner	7b27ace7bf	Update cloudron-setup help url	2017-10-20 22:13:54 +02:00
Girish Ramakrishnan	d8944da68d	1.7.5 changes	2017-10-19 12:19:10 -07:00
Girish Ramakrishnan	433d797cb7	Add SMTPS port for apps that require TLS connections for mail relay	2017-10-19 12:15:28 -07:00
Girish Ramakrishnan	0b1d940128	cloudscale -> cloudscale.ch	2017-10-19 07:28:07 -07:00
Johannes Zellner	6016024026	Move restore functions into appropriate scope object	2017-10-18 00:40:02 +02:00
Johannes Zellner	e199293229	Further reduce ui flickering on restore	2017-10-18 00:40:02 +02:00
Girish Ramakrishnan	2ebe92fec3	Do not chown mail directory	2017-10-16 23:18:37 -07:00
Girish Ramakrishnan	628cf1e3de	bump mail container for superfluous sa-update supervisor file	2017-10-16 21:16:58 -07:00
Girish Ramakrishnan	9e9aaf68f0	No need to migrate mail data anymore	2017-10-16 21:13:57 -07:00
Girish Ramakrishnan	b595ca422c	1.7.4 changes	2017-10-16 15:28:36 -07:00
Girish Ramakrishnan	9273a6c726	Add option to disable hardlinks We can probably remove this later based on the use	2017-10-16 15:22:40 -07:00
Johannes Zellner	76d00d4e65	Render changelog markdown as html in app update dialog	2017-10-17 00:07:58 +02:00
Johannes Zellner	668c03a11b	Give visual feedback in the restore dialog when fetching backups	2017-10-16 22:31:49 +02:00
Girish Ramakrishnan	1e72d2d651	remove debugs (too noisy)	2017-10-16 12:34:09 -07:00
Girish Ramakrishnan	89fc8efc67	Save as empty array if find output is empty	2017-10-16 10:54:48 -07:00
Girish Ramakrishnan	241dbf160e	Remove Unused required	2017-10-15 14:07:03 -07:00
Girish Ramakrishnan	e46bdc2caa	Force the copy just like tar --overwrite	2017-10-13 23:23:36 -07:00
Girish Ramakrishnan	e1cb91ca76	bump mail container	2017-10-13 22:36:54 -07:00
Girish Ramakrishnan	709c742c46	Fix tests	2017-10-12 21:14:13 -07:00
Girish Ramakrishnan	ecad9c499c	Port binding conflict can never happen in update route	2017-10-12 21:04:38 -07:00
Girish Ramakrishnan	ed0879ffcd	Stop the app only after the backup completed App backup can take a long time or possibly not work at all. For such cases, do not stop the app or leave it in some errored state. newConfigJson is the new config to be updated to. This ensures that the db has correct app info during the update.	2017-10-12 18:10:41 -07:00
Girish Ramakrishnan	61e2878b08	save/restore exec bit in files this covers the case where user might stash some executable files that are used by plugins.	2017-10-12 16:18:11 -07:00
Girish Ramakrishnan	d97034bfb2	Follow backup format for box backups as well	2017-10-12 11:02:52 -07:00
Girish Ramakrishnan	21942552d6	Clarify the per-app backup flag	2017-10-12 11:02:52 -07:00
Girish Ramakrishnan	dd68c8f91f	Various backup fixes	2017-10-12 11:02:48 -07:00
Girish Ramakrishnan	28ce5f41e3	handle errors in log stream	2017-10-11 12:55:56 -07:00
Girish Ramakrishnan	5694e676bd	Set default rentention to a week	2017-10-11 12:55:55 -07:00
Girish Ramakrishnan	db8c5a116f	Typo	2017-10-11 10:30:03 -07:00
Girish Ramakrishnan	fa39f0fbf3	Add 1.7.3 changes	2017-10-11 00:50:41 -07:00
Girish Ramakrishnan	1444bb038f	only upload needs to be retried copy/delete are already retried in the sdk code	2017-10-11 00:08:41 -07:00
Girish Ramakrishnan	ac9e421ecf	improved backup progress and logging	2017-10-10 22:49:38 -07:00
Girish Ramakrishnan	b60cbe5a55	move constant	2017-10-10 19:47:21 -07:00
Girish Ramakrishnan	56d794745b	Sprinkle retries in syncer logic	2017-10-10 14:25:03 -07:00
Girish Ramakrishnan	fd3b73bea2	typo in format name	2017-10-10 13:54:54 -07:00
Girish Ramakrishnan	78807782df	Various hacks for exoscale-sos SOS does not like multipart uploads. They just fail randomly. As a fix, we try to detect filesystem files and skip multipart uploads for files < 5GB. For > 5GB, we do multipart upload anyways (mostly fails). The box backup is switched to flat-file for exoscale for the reason above.	2017-10-10 11:03:20 -07:00
Girish Ramakrishnan	754b29b263	Start out empty if the previous run errored	2017-10-09 20:12:21 -07:00
Girish Ramakrishnan	9f97f48634	Add note on s3ForcePathStyle	2017-10-09 18:46:14 -07:00
Girish Ramakrishnan	815e5d9d9a	graphs: Compute width of system graph from total memory Fixes #452	2017-10-09 14:58:32 -07:00
Girish Ramakrishnan	91ec2eaaf5	sos: "/" must separate bucket and key name	2017-10-09 11:50:22 -07:00
Girish Ramakrishnan	f8d3a7cadd	Bump mail container (fixes spam crash)	2017-10-06 16:45:21 -07:00
Girish Ramakrishnan	d04a09b015	Add note on bumping major infra version	2017-10-06 15:52:04 -07:00
Girish Ramakrishnan	5d997bcc89	Just mark DO Spaces as experimental instead	2017-10-06 14:45:14 -07:00
Girish Ramakrishnan	f0dd90a1f5	listObjectsV2 does not work on some S3 providers specifically, cloudscale does not support it	2017-10-05 12:07:14 -07:00
Girish Ramakrishnan	ee8ee8e786	KeyCount is not set on some S3 providers	2017-10-05 11:36:54 -07:00
Girish Ramakrishnan	ee1a4411f8	Do not crash if prefix is empty string ('' \|\| undefined) will return undefined ...	2017-10-05 11:08:01 -07:00
Girish Ramakrishnan	df6e6cb071	Allow s3 backend to accept self-signed certs Fixes #316	2017-10-05 10:14:55 -07:00
Girish Ramakrishnan	ba5645a20e	Disable DO spaces since it is not yet production ready	2017-10-05 09:21:26 -07:00
Girish Ramakrishnan	ca502a2d55	Display error code	2017-10-04 22:34:44 -07:00
Girish Ramakrishnan	ecd53b48db	Display the backup format	2017-10-04 22:11:11 -07:00