DO DNS API break means this value must atleast be 30

Fix mail auth with manifest v2
(cherry picked from commit 8cd5c15c2b)
2019-06-17 20:13:09 -07:00 · 2019-06-17 11:14:16 -07:00 · 2019-06-16 17:58:56 -07:00 · 2019-06-15 11:22:58 -07:00 · 2019-06-14 16:56:02 -07:00 · 2019-06-14 16:55:11 -07:00
203 changed files with 7596 additions and 10257 deletions
@@ -1631,127 +1631,3 @@
 [4.1.4]
 * Add CLOUDRON_ prefix to MySQL addon variables

-[4.1.5]
-* Make the terminal addon button inject variables based on manifest version
-* Preserve addon passwords correctly when using v2 manifest
-* Show error message instead of logging out user when invalid 2FA token is provided
-* Ensure redis vars are renamed with manifest v2
-* Add missing Scaleway Object Storage to restore UI
-* Fix Exoscale endpoints in restore UI
-* Reset the app icon when showing the configure UI
-
-[4.1.6]
-* Fix issue where CLOUDRON_APP_HOSTNAME was incorrectly set
-* Remove chat link from the footer of login screen
-* Add support for oplog tailing in mongodb
-* Fix LDAP not accessible via scheduler containers
-
-[4.1.7]
-* Fix issue where login looped when admin bit was removed
-
-[4.2.0]
-* Fix issue where tar backups with files > 8GB was corrupt
-* Add SparkPost as mail relay backend
-* Add Wasabi storage backend
-* TOTP tokens are now checked for with +- 60 seconds
-* IP based restore
-* Fix issue where task logs were not getting rotated correctly
-* Add notification for box update
-* User enable/disable flag
-* Check disk space before various operations like install, update, backup etc
-* Collect per app du information
-* Set Cloudron specific UA for healthchecks
-* Show message why an app task is 'pending'
-* Rework app task system so that we can now pass dynamic arguments
-* Add external LDAP server integration
-
-[4.2.1]
-* Rework the app configuration routes & UI
-* Fine grained eventlog for app configuration
-* Update Haraka to 2.8.24
-* Set sieve_max_redirects to 64
-* SRS support for mail forwarding
-* Fix issue where sieve responses were not sent via the relay
-* File based session store
-* Fix API token error reporting for namecheap backend
-
-[4.2.2]
-* Fix typos in migration
-
-[4.2.3]
-* Remove flicker of custom icon
-* Preserve PROVIDER setting from cloudron.conf
-* Add Skip backup option when updating an app
-* Fix bug where nginx was not reloaded on cert renewal
-
-[4.2.4]
-* Fix demo settings state regression
-
-[4.2.5]
-* Fix the demo settins fix
-
-[4.2.6]
-* Fix configuration of empty app location (subdomain)
-
-[4.2.7]
-* Fix issue where the icon for normal users was displayed incorrectly
-* Kill stuck backup processes after 12 hours and notify admins
-* Reconfigure email apps when mail domain is added/removed
-* Fix crash when only udp ports are defined
-
-[4.3.0]
-* Add timeout to kill long running tasks in case they get stuck
-* email: Auto-subscribe to Spam folder
-* Allow setting a custom CSP policy
-* ticket: when email is down, add a field to provide alternate contact email
-* Re-work app import flow
-* Add pagination and search to mailbox and mail alias listing
-* Add UI and workflow to add a private registry
-* Show external LDAP connector
-* Network view: Allow IP address detection to be configurable
-* Add support for custom docker registry
-* Resolve any lists and aliases in a mailing list
-* Rename Accounts view to Profile
-* Add search for groups and user association UI
-
-[4.3.1]
-* Make logout from all button logout from all sessions
-* List unstable apps by default
-* Fix crash when listing mailboxes
-
-[4.3.2]
-* Update manifestformat module
-
-[4.3.3]
-* Fix bug where stopped containers got started on server restart
-* Fix external LDAP UI and syncing
-* Fix timeout being too low in docker proxy
-* Make manifest.id optional for custom apps
-* Fix registry detection in private images
-* Make mailbox domain configurable for apps
-
-[4.3.4]
-* Do not error if fallback certs went missing
-* Add 'New Apps' section to Appstore view
-* Fix issue where graphs of some apps were not appearing
-
-[4.4.0]
-* Show swap in graphs
-* Make avatars customizable
-* Hide access tokens from logs
-* Add missing '@' sign for email address in app mailbox
-* Add app fqdn to backup progress message
-* import: add option to import app in-place
-* import: add option to import app from arbitrary backup config
-* Show download progress for rsync backups
-* Fix various repair workflows
-* acme2: Implement post-as-get
-
-[4.4.1]
-* ami: fix AWS provider validation
-
-[4.4.2]
-* Fix crash when reporting that DKIM is not setup correctly
-* Stopped apps cannot be updated or auto-updated
-* eventlog: track support ticket creation and remote support status
-
@@ -33,7 +33,6 @@ gpg_package=$([[ "${ubuntu_version}" == "16.04" ]] && echo "gnupg" || echo "gpg"
 apt-get -y install \
    acl \
    build-essential \
-    cifs-utils \
    cron \
    curl \
    debconf-utils \
@@ -41,7 +40,6 @@ apt-get -y install \
    $gpg_package \
    iptables \
    libpython2.7 \
-    linux-generic \
    logrotate \
    mysql-server-5.7 \
    nginx-full \
@@ -123,9 +121,6 @@ timedatectl set-ntp 1
 # mysql follows the system timezone
 timedatectl set-timezone UTC

-echo "==> Adding sshd configuration warning"
-sed -e '/Port 22/ i # NOTE: Cloudron only supports moving SSH to port 202. See https://cloudron.io/documentation/security/#securing-ssh-access' -i /etc/ssh/sshd_config
-
 # Disable bind for good measure (on online.net, kimsufi servers these are pre-installed and conflicts with unbound)
 systemctl stop bind9 || true
 systemctl disable bind9 || true
@@ -14,14 +14,25 @@
 require('supererror')({ splatchError: true });

 let async = require('async'),
-    constants = require('./src/constants.js'),
-    dockerProxy = require('./src/dockerproxy.js'),
+    config = require('./src/config.js'),
    ldap = require('./src/ldap.js'),
+    dockerProxy = require('./src/dockerproxy.js'),
    server = require('./src/server.js');

 console.log();
 console.log('==========================================');
-console.log(`           Cloudron ${constants.VERSION}  `);
+console.log(' Cloudron will use the following settings ');
+console.log('==========================================');
+console.log();
+console.log(' Environment:                    ', config.CLOUDRON ? 'CLOUDRON' : 'TEST');
+console.log(' Version:                        ', config.version());
+console.log(' Admin Origin:                   ', config.adminOrigin());
+console.log(' Appstore API server origin:     ', config.apiServerOrigin());
+console.log(' Appstore Web server origin:     ', config.webServerOrigin());
+console.log(' SysAdmin Port:                  ', config.get('sysadminPort'));
+console.log(' LDAP Server Port:               ', config.get('ldapPort'));
+console.log(' Docker Proxy Port:              ', config.get('dockerProxyPort'));
+console.log();
 console.log('==========================================');
 console.log();

@@ -1,6 +1,12 @@
 'use strict';

-var async = require('async');
+var async = require('async'),
+    crypto = require('crypto'),
+    fs = require('fs'),
+    os = require('os'),
+    path = require('path'),
+    safe = require('safetydance'),
+    tldjs = require('tldjs');

 exports.up = function(db, callback) {
    db.all('SELECT * FROM apps, subdomains WHERE apps.id=subdomains.appId AND type="primary"', function (error, apps) {
@@ -1,14 +0,0 @@
-'use strict';
-
-var async = require('async');
-
-exports.up = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE apps DROP FOREIGN KEY apps_owner_constraint'),
-        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN ownerId')
-    ], callback);
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,29 +0,0 @@
-'use strict';
-
-var async = require('async'),
-    fs = require('fs');
-
-exports.up = function(db, callback) {
-    if (!fs.existsSync('/etc/cloudron/cloudron.conf')) {
-        console.log('Unable to locate cloudron.conf');
-        return callback();
-    }
-
-    const config = JSON.parse(fs.readFileSync('/etc/cloudron/cloudron.conf', 'utf8'));
-
-    async.series([
-        fs.writeFile.bind(null, '/etc/cloudron/PROVIDER', config.provider, 'utf8'),
-        db.runSql.bind(db, 'START TRANSACTION;'),
-        // we use replace instead of insert because the cloudron-setup adds api/web_server_origin even for legacy setups
-        db.runSql.bind(db, 'REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'api_server_origin', config.apiServerOrigin ]),
-        db.runSql.bind(db, 'REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'web_server_origin', config.webServerOrigin ]),
-        db.runSql.bind(db, 'REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'admin_domain', config.adminDomain ]),
-        db.runSql.bind(db, 'REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'admin_fqdn', config.adminFqdn ]),
-        db.runSql.bind(db, 'REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'demo', config.isDemo ]),
-        db.runSql.bind(db, 'COMMIT')
-    ], callback);
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,17 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE users ADD COLUMN active BOOLEAN DEFAULT 1', function (error) {
-        if (error) return callback(error);
-
-        callback();
-    });
-};
-
-exports.down = function(db, callback) {
-    db.runSql('ALTER TABLE users DROP COLUMN active', function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
-
@@ -1,17 +0,0 @@
-'use strict';
-
-var async = require('async');
-
-exports.up = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE apps ADD COLUMN taskId INTEGER'),
-        db.runSql.bind(db, 'ALTER TABLE apps ADD CONSTRAINT apps_task_constraint FOREIGN KEY(taskId) REFERENCES tasks(id)')
-    ], callback);
-};
-
-exports.down = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE app DROP FOREIGN KEY apps_task_constraint'),
-        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN taskId'),
-    ], callback);
-};
@@ -1,12 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE apps DROP updateConfigJson, DROP restoreConfigJson, DROP oldConfigJson', function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,15 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE apps CHANGE installationProgress errorJson TEXT', [], function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
-
-exports.down = function(db, callback) {
-    db.runSql('ALTER TABLE apps CHANGE errorJson installationProgress TEXT', [], function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
@@ -1,17 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE users ADD COLUMN source VARCHAR(128) DEFAULT ""', function (error) {
-        if (error) return callback(error);
-
-        callback();
-    });
-};
-
-exports.down = function(db, callback) {
-    db.runSql('ALTER TABLE users DROP COLUMN source', function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
-
@@ -1,26 +0,0 @@
-'use strict';
-
-let async = require('async');
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE tasks CHANGE errorMessage errorJson TEXT', [], function (error) {
-        if (error) console.error(error);
-
-        // convert error messages into json
-        db.all('SELECT id, errorJson FROM apps', function (error, apps) {
-            async.eachSeries(apps, function (app, iteratorDone) {
-                if (app.errorJson === 'null') return iteratorDone();
-                if (app.errorJson === null) return iteratorDone();
-
-                db.runSql('UPDATE apps SET errorJson = ? WHERE id = ?', [ JSON.stringify({ message: app.errorJson }), app.id ], iteratorDone);
-            }, callback);
-        });
-    });
-};
-
-exports.down = function(db, callback) {
-    db.runSql('ALTER TABLE tasks CHANGE errorJson errorMessage TEXT', [], function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
@@ -1,21 +0,0 @@
-'use strict';
-
-var async = require('async');
-
-// imports mailbox entries for existing users
-exports.up = function(db, callback) {
-    db.all('SELECT * FROM mailboxes', function (error, mailboxes) {
-        async.eachSeries(mailboxes, function (mailbox, iteratorDone) {
-            if (!mailbox.membersJson) return iteratorDone();
-
-            let members = JSON.parse(mailbox.membersJson);
-            members = members.map((m) => m && m.indexOf('@') === -1 ? `${m}@${mailbox.domain}` : m); // only because we don't do things in a xction
-
-            db.runSql('UPDATE mailboxes SET membersJson=? WHERE name=? AND domain=?', [ JSON.stringify(members), mailbox.name, mailbox.domain ], iteratorDone);
-        }, callback);
-    });
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,19 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    db.runSql('UPDATE apps SET runState=? WHERE runState IS NULL', [ 'running' ], function (error) {
-        if (error) return callback(error);
-
-        db.runSql('ALTER TABLE apps MODIFY runState VARCHAR(512) NOT NULL', [], function (error) {
-            if (error) console.error(error);
-            callback(error);
-        });
-    });
-};
-
-exports.down = function(db, callback) {
-    db.runSql('ALTER TABLE app MODIFY runState VARCHAR(512)', [], function (error) {
-        if (error) console.error(error);
-        callback(error);
-    });
-};
@@ -1,10 +0,0 @@
-'use strict';
-
-exports.up = function(db, callback) {
-    // We clear all demo state in the Cloudron...the demo cloudron needs manual intervention afterwards
-    db.runSql('REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'demo', '' ], callback);
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,30 +0,0 @@
-'use strict';
-
-var async = require('async');
-
-exports.up = function(db, callback) {
-    db.runSql('ALTER TABLE apps ADD COLUMN reverseProxyConfigJson TEXT', function (error) {
-        if (error) return callback(error);
-
-        db.all('SELECT id, robotsTxt FROM apps', function (error, apps) {
-            if (error) return callback(error);
-
-            async.eachSeries(apps, function (app, iteratorDone) {
-                if (!app.robotsTxt) return iteratorDone();
-
-                db.runSql('UPDATE apps SET reverseProxyConfigJson=? WHERE id=?', [ JSON.stringify({ robotsTxt: JSON.stringify(app.robotsTxt) }), app.id ], iteratorDone);
-            }, function (error) {
-                if (error) return callback(error);
-
-                db.runSql('ALTER TABLE apps DROP COLUMN robotsTxt', callback);
-            });
-        });
-    });
-};
-
-exports.down = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN reverseProxyConfigJson'),
-    ], callback);
-};
-
@@ -1,13 +0,0 @@
-'use strict';
-
-var fs = require('fs');
-
-exports.up = function(db, callback) {
-    let sysinfoConfig = { provider: 'generic' };
-
-    db.runSql('REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'sysinfo_config', JSON.stringify(sysinfoConfig) ], callback);
-};
-
-exports.down = function(db, callback) {
-    callback();
-};
@@ -1,27 +0,0 @@
-'use strict';
-
-var async = require('async');
-
-exports.up = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE apps ADD COLUMN mailboxDomain VARCHAR(128)'),
-        function setDefaultMailboxDomain(done) {
-            db.all('SELECT * FROM apps, subdomains WHERE apps.id=subdomains.appId AND type="primary"', function (error, apps) {
-                if (error) return done(error);
-
-                async.eachSeries(apps, function (app, iteratorDone) {
-                    db.runSql('UPDATE apps SET mailboxDomain=? WHERE id=?', [ app.domain, app.id ], iteratorDone);
-                }, done);
-            });
-        },
-        db.runSql.bind(db, 'ALTER TABLE apps MODIFY COLUMN mailboxDomain VARCHAR(128) NOT NULL'),
-        db.runSql.bind(db, 'ALTER TABLE apps ADD CONSTRAINT apps_mailDomain_constraint FOREIGN KEY(mailboxDomain) REFERENCES domains(domain)'),
-    ], callback);
-};
-
-exports.down = function(db, callback) {
-    async.series([
-        db.runSql.bind(db, 'ALTER TABLE app DROP FOREIGN KEY apps_mailDomain_constraint'),
-        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN mailboxDomain'),
-    ], callback);
-};
@@ -27,7 +27,6 @@ CREATE TABLE IF NOT EXISTS users(
    twoFactorAuthenticationSecret VARCHAR(128) DEFAULT "",
    twoFactorAuthenticationEnabled BOOLEAN DEFAULT false,
    admin BOOLEAN DEFAULT false,
-    source VARCHAR(128) DEFAULT "",

    PRIMARY KEY(id));

@@ -63,9 +62,10 @@ CREATE TABLE IF NOT EXISTS clients(

 CREATE TABLE IF NOT EXISTS apps(
    id VARCHAR(128) NOT NULL UNIQUE,
-    appStoreId VARCHAR(128) NOT NULL, // empty for custom apps
-    installationState VARCHAR(512) NOT NULL, // the active task on the app
-    runState VARCHAR(512) NOT NULL,   // if the app is stopped
+    appStoreId VARCHAR(128) NOT NULL,
+    installationState VARCHAR(512) NOT NULL,
+    installationProgress TEXT,
+    runState VARCHAR(512),
    health VARCHAR(128),
    healthTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, // when the app last responded
    containerId VARCHAR(128),
@@ -81,19 +81,21 @@ CREATE TABLE IF NOT EXISTS apps(
    xFrameOptions VARCHAR(512),
    sso BOOLEAN DEFAULT 1, // whether user chose to enable SSO
    debugModeJson TEXT, // options for development mode
-    reverseProxyConfigJson TEXT, // { robotsTxt, csp }
+    robotsTxt TEXT,
    enableBackup BOOLEAN DEFAULT 1, // misnomer: controls automatic daily backups
    enableAutomaticUpdate BOOLEAN DEFAULT 1,
    mailboxName VARCHAR(128), // mailbox of this app. default allocated as '.app'
-    mailboxDomain VARCHAR(128) NOT NULL, // mailbox domain of this apps
    label VARCHAR(128),     // display name
    tagsJson VARCHAR(2048), // array of tags
-    dataDir VARCHAR(256) UNIQUE,
-    taskId INTEGER, // current task
-    errorJson TEXT,

-    FOREIGN KEY(mailboxDomain) REFERENCES domains(domain),
-    FOREIGN KEY(taskId) REFERENCES tasks(id),
+    // the following fields do not belong here, they can be removed when we use a queue for apptask
+    restoreConfigJson VARCHAR(256), // used to pass backupId to restore from to apptask
+    oldConfigJson TEXT, // used to pass old config to apptask (configure, restore)
+    updateConfigJson TEXT, // used to pass new config to apptask (update)
+
+    ownerId VARCHAR(128),
+
+    FOREIGN KEY(ownerId) REFERENCES users(id),
    PRIMARY KEY(id));

 CREATE TABLE IF NOT EXISTS appPortBindings(
@@ -191,7 +193,7 @@ CREATE TABLE IF NOT EXISTS mailboxes(
    type VARCHAR(16) NOT NULL, /* 'mailbox', 'alias', 'list' */
    ownerId VARCHAR(128) NOT NULL, /* user id */
    aliasTarget VARCHAR(128), /* the target name type is an alias */
-    membersJson TEXT, /* members of a group. fully qualified */
+    membersJson TEXT, /* members of a group */
    creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    domain VARCHAR(128),

@@ -202,7 +204,7 @@ CREATE TABLE IF NOT EXISTS subdomains(
    appId VARCHAR(128) NOT NULL,
    domain VARCHAR(128) NOT NULL,
    subdomain VARCHAR(128) NOT NULL,
-    type VARCHAR(128) NOT NULL, /* primary or redirect */
+    type VARCHAR(128) NOT NULL,

    FOREIGN KEY(domain) REFERENCES domains(domain),
    FOREIGN KEY(appId) REFERENCES apps(id),
@@ -213,8 +215,8 @@ CREATE TABLE IF NOT EXISTS tasks(
    type VARCHAR(32) NOT NULL,
    percent INTEGER DEFAULT 0,
    message TEXT,
-    errorJson TEXT,
-    resultJson TEXT,
+    errorMessage TEXT,
+    result TEXT,
    creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
    PRIMARY KEY (id));
@@ -14,40 +14,40 @@
    "node": ">=4.0.0 <=4.1.1"
  },
  "dependencies": {
-    "@google-cloud/dns": "^1.1.0",
+    "@google-cloud/dns": "^0.9.2",
    "@google-cloud/storage": "^2.5.0",
-    "@sindresorhus/df": "git+https://github.com/cloudron-io/df.git#type",
+    "@sindresorhus/df": "^3.1.0",
    "async": "^2.6.2",
-    "aws-sdk": "^2.476.0",
-    "body-parser": "^1.19.0",
-    "cloudron-manifestformat": "^4.0.0",
-    "connect": "^3.7.0",
+    "aws-sdk": "^2.441.0",
+    "body-parser": "^1.18.3",
+    "cloudron-manifestformat": "^2.15.0",
+    "connect": "^3.6.6",
    "connect-ensure-login": "^0.1.1",
-    "connect-lastmile": "^1.2.1",
+    "connect-lastmile": "^1.0.2",
    "connect-timeout": "^1.9.0",
    "cookie-parser": "^1.4.4",
    "cookie-session": "^1.3.3",
-    "cron": "^1.7.1",
-    "csurf": "^1.10.0",
-    "db-migrate": "^0.11.6",
+    "cron": "^1.7.0",
+    "csurf": "^1.9.0",
+    "db-migrate": "^0.11.5",
    "db-migrate-mysql": "^1.1.10",
    "debug": "^4.1.1",
    "dockerode": "^2.5.8",
    "ejs": "^2.6.1",
    "ejs-cli": "^2.0.1",
-    "express": "^4.17.1",
-    "express-session": "^1.16.2",
+    "express": "^4.16.4",
+    "express-session": "^1.16.1",
    "js-yaml": "^3.13.1",
    "json": "^9.0.6",
    "ldapjs": "^1.0.2",
    "lodash": "^4.17.11",
    "lodash.chunk": "^4.2.0",
-    "mime": "^2.4.4",
+    "mime": "^2.4.2",
    "moment-timezone": "^0.5.25",
    "morgan": "^1.9.1",
    "multiparty": "^4.2.1",
    "mysql": "^2.17.1",
-    "nodemailer": "^6.2.1",
+    "nodemailer": "^6.1.1",
    "nodemailer-smtp-transport": "^2.7.4",
    "oauth2orize": "^1.11.0",
    "once": "^1.4.0",
@@ -57,30 +57,28 @@
    "passport-http-bearer": "^1.0.1",
    "passport-local": "^1.0.0",
    "passport-oauth2-client-password": "^0.1.2",
-    "pretty-bytes": "^5.3.0",
    "progress-stream": "^2.0.0",
    "proxy-middleware": "^0.15.0",
    "qrcode": "^1.3.3",
-    "readdirp": "^3.0.2",
+    "readdirp": "^3.0.0",
    "request": "^2.88.0",
    "rimraf": "^2.6.3",
    "s3-block-read-stream": "^0.5.0",
    "safetydance": "^0.7.1",
-    "semver": "^6.1.1",
-    "session-file-store": "^1.3.1",
+    "semver": "^6.0.0",
    "showdown": "^1.9.0",
    "speakeasy": "^2.0.0",
    "split": "^1.0.1",
-    "superagent": "^5.0.9",
+    "superagent": "^5.0.2",
    "supererror": "^0.7.2",
    "tar-fs": "github:cloudron-io/tar-fs#ignore_stat_error",
-    "tar-stream": "^2.1.0",
+    "tar-stream": "^2.0.1",
    "tldjs": "^2.3.1",
    "underscore": "^1.9.1",
    "uuid": "^3.3.2",
    "valid-url": "^1.0.9",
-    "validator": "^11.0.0",
-    "ws": "^7.0.0",
+    "validator": "^10.11.0",
+    "ws": "^6.2.1",
    "xml2js": "^0.4.19"
  },
  "devDependencies": {
@@ -90,7 +88,7 @@
    "mocha": "^6.1.4",
    "mock-aws-s3": "git+https://github.com/cloudron-io/mock-aws-s3.git",
    "nock": "^10.0.6",
-    "node-sass": "^4.12.0",
+    "node-sass": "^4.11.0",
    "recursive-readdir": "^2.2.2"
  },
  "scripts": {
@@ -22,7 +22,7 @@ fi
 mkdir -p ${DATA_DIR}
 cd ${DATA_DIR}
 mkdir -p appsdata
-mkdir -p boxdata/profileicons boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com
+mkdir -p boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com
 mkdir -p platformdata/addons/mail platformdata/nginx/cert platformdata/nginx/applications platformdata/collectd/collectd.conf.d platformdata/addons platformdata/logrotate.d platformdata/backup platformdata/logs/tasks

 # put cert
@@ -92,14 +92,12 @@ fi
 echo "Running cloudron-setup with args : $@" > "${LOG_FILE}"

 # validate arguments in the absence of data
-readonly AVAILABLE_PROVIDERS="azure, caas, cloudscale, contabo, digitalocean, ec2, exoscale, galaxygate, gce, hetzner, interox, lightsail, linode, netcup, ovh, rosehosting, scaleway, skysilk, time4vps, upcloud, vultr or generic"
 if [[ -z "${provider}" ]]; then
-    echo "--provider is required ($AVAILABLE_PROVIDERS)"
+    echo "--provider is required (azure, contabo, digitalocean, ec2, exoscale, galaxygate, gce, hetzner, lightsail, linode, netcup, ovh, rosehosting, scaleway, upcloud, vultr or generic)"
    exit 1
 elif [[  \
            "${provider}" != "ami" && \
            "${provider}" != "azure" && \
-            "${provider}" != "azure-image" && \
            "${provider}" != "caas" && \
            "${provider}" != "cloudscale" && \
            "${provider}" != "contabo" && \
@@ -108,10 +106,9 @@ elif [[  \
            "${provider}" != "ec2" && \
            "${provider}" != "exoscale" && \
            "${provider}" != "galaxygate" && \
+            "${provider}" != "digitalocean" && \
            "${provider}" != "gce" && \
            "${provider}" != "hetzner" && \
-            "${provider}" != "interox" && \
-            "${provider}" != "interox-image" && \
            "${provider}" != "lightsail" && \
            "${provider}" != "linode" && \
            "${provider}" != "linode-stackscript" && \
@@ -120,16 +117,12 @@ elif [[  \
            "${provider}" != "ovh" && \
            "${provider}" != "rosehosting" && \
            "${provider}" != "scaleway" && \
-            "${provider}" != "skysilk" && \
-            "${provider}" != "skysilk-image" && \
-            "${provider}" != "time4vps" && \
-            "${provider}" != "time4vps-image" && \
            "${provider}" != "upcloud" && \
            "${provider}" != "upcloud-image" && \
            "${provider}" != "vultr" && \
            "${provider}" != "generic" \
        ]]; then
-    echo "--provider must be one of: $AVAILABLE_PROVIDERS"
+    echo "--provider must be one of: azure, cloudscale.ch, contabo, digitalocean, ec2, exoscale, galaxygate, gce, hetzner, lightsail, linode, netcup, ovh, rosehosting, scaleway, upcloud, vultr or generic"
    exit 1
 fi

@@ -163,7 +156,7 @@ if [[ "${initBaseImage}" == "true" ]]; then
        exit 1
    fi

-    if ! DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install curl python3 ubuntu-standard -y &>> "${LOG_FILE}"; then
+    if ! apt-get install curl python3 ubuntu-standard -y &>> "${LOG_FILE}"; then
        echo "Could not install setup dependencies (curl). See ${LOG_FILE}"
        exit 1
    fi
@@ -206,10 +199,6 @@ fi
 # NOTE: this install script only supports 3.x and above
 echo "=> Installing version ${version} (this takes some time) ..."
 mkdir -p /etc/cloudron
-# this file is used >= 4.2
-echo "${provider}" > /etc/cloudron/PROVIDER
-
-# this file is unused <= 4.2 and exists to make legacy installations work. the start script will remove this file anyway
 cat > "/etc/cloudron/cloudron.conf" <<CONF_END
 {
    "apiServerOrigin": "${apiServerOrigin}",
@@ -225,10 +214,6 @@ if ! /bin/bash "${box_src_tmp_dir}/scripts/installer.sh" &>> "${LOG_FILE}"; then
    exit 1
 fi

-# only needed for >= 4.2
-mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('api_server_origin', '${apiServerOrigin}');" 2>/dev/null
-mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('web_server_origin', '${webServerOrigin}');" 2>/dev/null
-
 echo -n "=> Waiting for cloudron to be ready (this takes some time) ..."
 while true; do
    echo -n "."
@@ -13,7 +13,6 @@ HELP_MESSAGE="
 This script collects diagnostic information to help debug server related issues

 Options:
-   --admin-login   Login as administrator
   --enable-ssh    Enable SSH access for the Cloudron support team
   --help          Show this message
 "
@@ -26,20 +25,13 @@ fi

 enableSSH="false"

-args=$(getopt -o "" -l "help,enable-ssh,admin-login" -n "$0" -- "$@")
+args=$(getopt -o "" -l "help,enable-ssh" -n "$0" -- "$@")
 eval set -- "${args}"

 while true; do
    case "$1" in
    --help) echo -e "${HELP_MESSAGE}"; exit 0;;
    --enable-ssh) enableSSH="true"; shift;;
-    --admin-login)
-        admin_username=$(mysql -NB -uroot -ppassword -e "SELECT username FROM box.users WHERE admin=1 LIMIT 1" 2>/dev/null)
-        admin_password=$(pwgen -1s 12)
-        printf '{"%s":"%s"}\n' "${admin_username}" "${admin_password}" > /tmp/cloudron_ghost.json
-        echo "Login as ${admin_username} / ${admin_password} . Remove /tmp/cloudron_ghost.json when done."
-        exit 0
-        ;;
    --) break;;
    *) echo "Unknown option $1"; exit 1;;
    esac
@@ -52,7 +44,7 @@ if [[ "`df --output="avail" / | sed -n 2p`" -lt "10240" ]]; then
    echo ""
    df -h
    echo ""
-    echo "To recover from a full disk, follow the guide at https://cloudron.io/documentation/troubleshooting/#recovery-after-disk-full"
+    echo "To recover from a full disk, follow the guide at https://cloudron.io/documentation/server/#recovery-after-disk-full"
    exit 1
 fi

@@ -68,8 +60,8 @@ echo -n "Generating Cloudron Support stats..."
 # clear file
 rm -rf $OUT

-echo -e $LINE"PROVIDER"$LINE >> $OUT
-cat /etc/cloudron/PROVIDER &>> $OUT || true
+echo -e $LINE"cloudron.conf"$LINE >> $OUT
+cat /etc/cloudron/cloudron.conf &>> $OUT

 echo -e $LINE"Docker container"$LINE >> $OUT
 if ! timeout --kill-after 10s 15s docker ps -a &>> $OUT 2>&1; then
@@ -107,7 +99,7 @@ if [[ "${enableSSH}" == "true" ]]; then
    permit_root_login=$(grep -q ^PermitRootLogin.*yes /etc/ssh/sshd_config && echo "yes" || echo "no")

    # support.js uses similar logic
-    if $(grep -q "ec2\|lightsail\|ami" /etc/cloudron/PROVIDER); then
+    if $(grep -q "ec2\|lightsail\|ami" /etc/cloudron/cloudron.conf); then
        ssh_user="ubuntu"
        keys_file="/home/ubuntu/.ssh/authorized_keys"
    else
@@ -51,7 +51,6 @@ mkdir -p "${PLATFORM_DATA_DIR}/logs/backup" \
 mkdir -p "${PLATFORM_DATA_DIR}/update"

 mkdir -p "${BOX_DATA_DIR}/appicons"
-mkdir -p "${BOX_DATA_DIR}/profileicons"
 mkdir -p "${BOX_DATA_DIR}/certs"
 mkdir -p "${BOX_DATA_DIR}/acme" # acme keys
 mkdir -p "${BOX_DATA_DIR}/mail/dkim"
@@ -84,7 +83,7 @@ echo "==> Setting up unbound"
 # We listen on 0.0.0.0 because there is no way control ordering of docker (which creates the 172.18.0.0/16) and unbound
 # If IP6 is not enabled, dns queries seem to fail on some hosts. -s returns false if file missing or 0 size
 ip6=$([[ -s /proc/net/if_inet6 ]] && echo "yes" || echo "no")
-cp -f "${script_dir}/start/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
+echo -e "server:\n\tinterface: 0.0.0.0\n\tdo-ip6: ${ip6}\n\taccess-control: 127.0.0.1 allow\n\taccess-control: 172.18.0.1/16 allow\n\tcache-max-negative-ttl: 30\n\tcache-max-ttl: 300\n\t#logfile: /var/log/unbound.log\n\t#verbosity: 10" > /etc/unbound/unbound.conf.d/cloudron-network.conf
 # update the root anchor after a out-of-disk-space situation (see #269)
 unbound-anchor -a /var/lib/unbound/root.key

@@ -109,6 +108,8 @@ systemctl restart unbound
 # ensure cloudron-syslog runs
 systemctl restart cloudron-syslog

+$json -f /etc/cloudron/cloudron.conf -I -e "delete this.edition" # can be removed after 4.0
+
 echo "==> Configuring sudoers"
 rm -f /etc/sudoers.d/${USER}
 cp "${script_dir}/start/sudoers" /etc/sudoers.d/${USER}
@@ -123,8 +124,8 @@ echo "==> Configuring logrotate"
 if ! grep -q "^include ${PLATFORM_DATA_DIR}/logrotate.d" /etc/logrotate.conf; then
    echo -e "\ninclude ${PLATFORM_DATA_DIR}/logrotate.d\n" >> /etc/logrotate.conf
 fi
-rm -f "${PLATFORM_DATA_DIR}/logrotate.d/"*
 cp "${script_dir}/start/logrotate/"* "${PLATFORM_DATA_DIR}/logrotate.d/"
+rm -f "${PLATFORM_DATA_DIR}/logrotate.d/box-logrotate" "${PLATFORM_DATA_DIR}/logrotate.d/app-logrotate" # remove pre 3.6 config files

 # logrotate files have to be owned by root, this is here to fixup existing installations where we were resetting the owner to yellowtent
 chown root:root "${PLATFORM_DATA_DIR}/logrotate.d/"
@@ -170,13 +171,7 @@ mysqladmin -u root -ppassword password password # reset default root password
 mysql -u root -p${mysql_root_password} -e 'CREATE DATABASE IF NOT EXISTS box'

 echo "==> Migrating data"
-cd "${BOX_SRC_DIR}"
-if ! BOX_ENV=cloudron DATABASE_URL=mysql://root:${mysql_root_password}@127.0.0.1/box "${BOX_SRC_DIR}/node_modules/.bin/db-migrate" up; then
-    echo "DB migration failed"
-    exit 1
-fi
-
-rm -f /etc/cloudron/cloudron.conf
+(cd "${BOX_SRC_DIR}" && BOX_ENV=cloudron DATABASE_URL=mysql://root:${mysql_root_password}@127.0.0.1/box "${BOX_SRC_DIR}/node_modules/.bin/db-migrate" up)

 if [[ ! -f "${BOX_DATA_DIR}/dhparams.pem" ]]; then
    echo "==> Generating dhparams (takes forever)"
@@ -240,23 +240,8 @@ LoadPlugin write_graphite
    Interactive false

    Import "df"
-
-    Import "du"
-    <Module du>
-        <Path>
-            Instance maildata
-            Dir "/home/yellowtent/boxdata/mail"
-        </Path>
-        <Path>
-            Instance boxdata
-            Dir "/home/yellowtent/boxdata"
-            Exclude "mail"
-        </Path>
-        <Path>
-            Instance platformdata
-            Dir "/home/yellowtent/platformdata"
-        </Path>
-    </Module>
+    # <Module df>
+    # </Module>
 </Plugin>

 <Plugin write_graphite>
@@ -21,7 +21,6 @@ def read():
        except:
            continue

-        # type comes from https://github.com/collectd/collectd/blob/master/src/types.db
        val = collectd.Values(type='df_complex', plugin='df', plugin_instance=instance)

        free = st.f_bavail * st.f_frsize # bavail is for non-root user. bfree is total
@@ -1,79 +0,0 @@
-import collectd,os,subprocess,sys,re,time
-
-# https://www.programcreek.com/python/example/106897/collectd.register_read
-
-PATHS = [] # { name, dir, exclude }
-INTERVAL = 60 * 60 * 12 # twice a day. change values in docker-graphite if you change this
-
-def du(pathinfo):
-    cmd = 'timeout 1800 du -Dsb "{}"'.format(pathinfo['dir'])
-    if pathinfo['exclude'] != '':
-        cmd += ' --exclude "{}"'.format(pathinfo['exclude'])
-
-    collectd.info('computing size with command: %s' % cmd);
-    try:
-        size = subprocess.check_output(cmd, shell=True).split()[0].decode('utf-8')
-        collectd.info('\tsize of %s is %s (time: %i)' % (pathinfo['dir'], size, int(time.time())))
-        return size
-    except Exception as e:
-        collectd.info('\terror getting the size of %s: %s' % (pathinfo['dir'], str(e)))
-        return 0
-
-def parseSize(size):
-    units = {"B": 1, "KB": 10**3, "MB": 10**6, "GB": 10**9, "TB": 10**12}
-    number, unit, _ = re.split('([a-zA-Z]+)', size.upper())
-    return int(float(number)*units[unit])
-
-def dockerSize():
-    # use --format '{{json .}}' to dump the string. '{{if eq .Type "Images"}}{{.Size}}{{end}}' still creates newlines
-    cmd = 'timeout 1800 docker system df --format "{{.Size}}" | head -n1'
-    try:
-        size = subprocess.check_output(cmd, shell=True).strip().decode('utf-8')
-        collectd.info('size of docker images is %s (%s) (time: %i)' % (size, parseSize(size), int(time.time())))
-        return parseSize(size)
-    except Exception as e:
-        collectd.info('error getting docker images size : %s' % str(e))
-        return 0
-
-# configure is called for each module block. this is called before init
-def configure(config):
-    global PATHS
-
-    for child in config.children:
-        if child.key != 'Path':
-            collectd.info('du plugin: Unknown config key "%s"' % key)
-            continue
-
-        pathinfo = { 'name': '', 'dir': '', 'exclude': '' }
-        for node in child.children:
-            if node.key == 'Instance':
-                pathinfo['name'] = node.values[0]
-            elif node.key == 'Dir':
-                pathinfo['dir'] = node.values[0]
-            elif node.key == 'Exclude':
-                pathinfo['exclude'] = node.values[0]
-
-        PATHS.append(pathinfo);
-        collectd.info('du plugin: monitoring %s' % pathinfo['dir']);
-
-def init():
-    global PATHS
-    collectd.info('custom du plugin initialized with %s %s' % (PATHS, sys.version))
-
-def read():
-    for pathinfo in PATHS:
-        size = du(pathinfo)
-
-        # type comes from https://github.com/collectd/collectd/blob/master/src/types.db
-        val = collectd.Values(type='capacity', plugin='du', plugin_instance=pathinfo['name'])
-        val.dispatch(values=[size], type_instance='usage')
-
-    size = dockerSize()
-    val = collectd.Values(type='capacity', plugin='du', plugin_instance='docker')
-    val.dispatch(values=[size], type_instance='usage')
-
-
-
-collectd.register_init(init)
-collectd.register_config(configure)
-collectd.register_read(read, INTERVAL)
@@ -0,0 +1,18 @@
+# logrotate config for app, crash, addon and task logs
+
+# man 7 glob
+/home/yellowtent/platformdata/logs/[!t][!a][!s][!k][!s]/*.log {
+    # only keep one rotated file, we currently do not send that over the api
+    rotate 1
+    size 10M
+    # we never compress so we can simply tail the files
+    nocompress
+    copytruncate
+}
+
+/home/yellowtent/platformdata/logs/tasks/*.log {
+    monthly
+    rotate 0
+    missingok
+}
+
@@ -1,8 +1,7 @@
 # logrotate config for box logs

-# keep upto 5 logs of size 10M each
 /home/yellowtent/platformdata/logs/box.log {
-    rotate 5
+    rotate 10
    size 10M
    # we never compress so we can simply tail the files
    nocompress
@@ -1,31 +0,0 @@
-# logrotate config for app, crash, addon and task logs
-
-# man 7 glob
-/home/yellowtent/platformdata/logs/graphite/*.log
-/home/yellowtent/platformdata/logs/mail/*.log
-/home/yellowtent/platformdata/logs/mysql/*.log
-/home/yellowtent/platformdata/logs/mongodb/*.log
-/home/yellowtent/platformdata/logs/postgresql/*.log
-/home/yellowtent/platformdata/logs/sftp/*.log
-/home/yellowtent/platformdata/logs/redis-*/*.log
-/home/yellowtent/platformdata/logs/crash/*.log
-/home/yellowtent/platformdata/logs/updater/*.log {
-    # only keep one rotated file, we currently do not send that over the api
-    rotate 1
-    size 10M
-    missingok
-    # we never compress so we can simply tail the files
-    nocompress
-    copytruncate
-}
-
-# keep task logs for a week. the 'nocreate' option ensures empty log files are not
-# created post rotation
-/home/yellowtent/platformdata/logs/tasks/*.log {
-    minage 7
-    daily
-    rotate 0
-    missingok
-    nocreate
-}
-
@@ -1,11 +0,0 @@
-server:
-        interface: 0.0.0.0
-        do-ip6: no
-        access-control: 127.0.0.1 allow
-        access-control: 172.18.0.1/16 allow
-        cache-max-negative-ttl: 30
-        cache-max-ttl: 300
-        # enable below for logging to journalctl -u unbound
-        # verbosity: 5
-        # log-queries: yes
-
@@ -27,10 +27,12 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
+    config = require('./config.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:accesscontrol'),
    tokendb = require('./tokendb.js'),
    users = require('./users.js'),
+    UsersError = users.UsersError,
    _ = require('underscore');

 // returns scopes that does not have wildcards and is sorted
@@ -77,12 +79,13 @@ function intersectScopes(allowedScopes, wantedScopes) {
 function validateScopeString(scope) {
    assert.strictEqual(typeof scope, 'string');

-    if (scope === '') return new BoxError(BoxError.BAD_FIELD, 'Empty scope not allowed', { field: 'scope' });
+    if (scope === '') return new Error('Empty scope not allowed');

    // NOTE: this function intentionally does not allow '*'. This is only allowed in the db to allow
    // us not write a migration script every time we add a new scope
    var allValid = scope.split(',').every(function (s) { return exports.VALID_SCOPES.indexOf(s.split(':')[0]) !== -1; });
-    if (!allValid) return new BoxError(BoxError.BAD_FIELD, 'Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '), { field: 'scope' });
+    if (!allValid) return new Error('Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '));
+
    return null;
 }

@@ -99,7 +102,7 @@ function hasScopes(authorizedScopes, requiredScopes) {
        // this allows apps:write if the token has a higher apps scope
        if (authorizedScopes.indexOf(requiredScopes[i]) === -1 && authorizedScopes.indexOf(scopeParts[0]) === -1) {
            debug('scope: missing scope "%s".', requiredScopes[i]);
-            return new BoxError(BoxError.NOT_FOUND, 'Missing required scope "' + requiredScopes[i] + '"');
+            return new Error('Missing required scope "' + requiredScopes[i] + '"');
        }
    }

@@ -120,20 +123,21 @@ function validateToken(accessToken, callback) {
    assert.strictEqual(typeof callback, 'function');

    tokendb.getByAccessToken(accessToken, function (error, token) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
        if (error) return callback(error); // this triggers 'internal error' in passport

        users.get(token.identifier, function (error, user) {
-            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+            if (error && error.reason === UsersError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
            if (error) return callback(error);

-            if (!user.active) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
-
            scopesForUser(user, function (error, userScopes) {
                if (error) return callback(error);

-                const authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
-                callback(null, user, { authorizedScopes }); // ends up in req.authInfo
+                var authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
+                const skipPasswordVerification = token.clientId === 'cid-sdk' || token.clientId === 'cid-cli'; // these clients do not require password checks unlike UI
+                var info = { authorizedScopes: authorizedScopes, skipPasswordVerification: skipPasswordVerification }; // ends up in req.authInfo
+
+                callback(null, user, info);
            });
        });
    });
@@ -1,6 +1,8 @@
 'use strict';

 exports = module.exports = {
+    AddonsError: AddonsError,
+
    getServices: getServices,
    getService: getService,
    configureService: configureService,
@@ -34,14 +36,16 @@ var accesscontrol = require('./accesscontrol.js'),
    apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
    clients = require('./clients.js'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
+    ClientsError = clients.ClientsError,
    crypto = require('crypto'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:addons'),
    docker = require('./docker.js'),
+    dockerConnection = docker.connection,
+    DockerError = docker.DockerError,
    fs = require('fs'),
-    graphs = require('./graphs.js'),
    hat = require('./hat.js'),
    infra = require('./infra_version.js'),
    mail = require('./mail.js'),
@@ -53,13 +57,37 @@ var accesscontrol = require('./accesscontrol.js'),
    safe = require('safetydance'),
    semver = require('semver'),
    settings = require('./settings.js'),
-    sftp = require('./sftp.js'),
    shell = require('./shell.js'),
    spawn = require('child_process').spawn,
    split = require('split'),
    request = require('request'),
    util = require('util');

+// http://dustinsenos.com/articles/customErrorsInNode
+// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
+function AddonsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(AddonsError, Error);
+AddonsError.INTERNAL_ERROR = 'Internal Error';
+AddonsError.NOT_FOUND = 'Not Found';
+AddonsError.NOT_ACTIVE = 'Not Active';
+
 const NOOP = function (app, options, callback) { return callback(); };
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 const RMADDONDIR_CMD = path.join(__dirname, 'scripts/rmaddondir.sh');
@@ -231,36 +259,19 @@ function dumpPath(addon, appId) {
    }
 }

-function rebuildService(serviceName, callback) {
-    assert.strictEqual(typeof serviceName, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    // this attempts to recreate the service docker container if they don't exist but platform infra version is unchanged
-    // passing an infra version of 'none' will not attempt to purge existing data, not sure if this is good or bad
-    if (serviceName === 'mongodb') return startMongodb({ version: 'none' }, callback);
-    if (serviceName === 'postgresql') return startPostgresql({ version: 'none' }, callback);
-    if (serviceName === 'mysql') return startMysql({ version: 'none' }, callback);
-    if (serviceName === 'sftp') return sftp.startSftp({ version: 'none' }, callback);
-    if (serviceName === 'graphite') return graphs.startGraphite({ version: 'none' }, callback);
-
-    // nothing to rebuild for now
-    callback();
-}
-
 function restartContainer(serviceName, callback) {
    assert.strictEqual(typeof serviceName, 'string');
    assert.strictEqual(typeof callback, 'function');

+    assert(KNOWN_SERVICES[serviceName], `Unknown service ${serviceName}`);
+
    docker.stopContainer(serviceName, function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

        docker.startContainer(serviceName, function (error) {
-            if (error && error.reason === BoxError.NOT_FOUND) {
-                callback(null); // callback early since rebuilding takes long
-                return rebuildService(serviceName, function (error) { if (error) console.error(`Unable to rebuild service ${serviceName}`, error); });
-            }
+            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

-            callback(error);
+            callback(null);
        });
    });
 }
@@ -271,18 +282,19 @@ function getServiceDetails(containerName, tokenEnvName, callback) {
    assert.strictEqual(typeof callback, 'function');

    docker.inspect(containerName, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DockerError.NOT_FOUND) return callback(new AddonsError(AddonsError.NOT_ACTIVE, error));
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

        const ip = safe.query(result, 'NetworkSettings.Networks.cloudron.IPAddress', null);
-        if (!ip) return callback(new BoxError(BoxError.INACTIVE, `Error getting IP of ${containerName} service`));
+        if (!ip) return callback(new AddonsError(AddonsError.NOT_ACTIVE, `Error getting ${containerName} container ip`));

        // extract the cloudron token for auth
        const env = safe.query(result, 'Config.Env', null);
-        if (!env) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error inspecting environment of ${containerName} service`));
+        if (!env) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} env`));
        const tmp = env.find(function (e) { return e.indexOf(tokenEnvName) === 0; });
-        if (!tmp) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting token of ${containerName} service`));
+        if (!tmp) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token env var`));
        const token = tmp.slice(tokenEnvName.length + 1); // +1 for the = sign
-        if (!token)  return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting token of ${containerName} service`));
+        if (!token)  return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token`));

        callback(null, { ip: ip, token: token, state: result.State });
    });
@@ -294,7 +306,7 @@ function containerStatus(addonName, addonTokenName, callback) {
    assert.strictEqual(typeof callback, 'function');

    getServiceDetails(addonName, addonTokenName, function (error, addonDetails) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
+        if (error && error.reason === AddonsError.NOT_ACTIVE) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
        if (error) return callback(error);

        request.get(`https://${addonDetails.ip}:3000/healthcheck?access_token=${addonDetails.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
@@ -302,7 +314,7 @@ function containerStatus(addonName, addonTokenName, callback) {
            if (response.statusCode !== 200 || !response.body.status) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for ${addonName}. Status code: ${response.statusCode} message: ${response.body.message}` });

            docker.memoryUsage(addonName, function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

                var tmp = {
                    status: addonDetails.state.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -328,14 +340,11 @@ function getService(serviceName, callback) {
    assert.strictEqual(typeof serviceName, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));

    var tmp = {
        name: serviceName,
        status: null,
-        memoryUsed: 0,
-        memoryPercent: 0,
-        error: null,
        config: {
            // If a property is not set then we cannot change it through the api, see below
            // memory: 0,
@@ -344,7 +353,7 @@ function getService(serviceName, callback) {
    };

    settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(error);
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

        if (platformConfig[serviceName] && platformConfig[serviceName].memory && platformConfig[serviceName].memorySwap) {
            tmp.config.memory = platformConfig[serviceName].memory;
@@ -355,7 +364,7 @@ function getService(serviceName, callback) {
        }

        KNOWN_SERVICES[serviceName].status(function (error, result) {
-            if (error) return callback(error);
+            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

            tmp.status = result.status;
            tmp.memoryUsed = result.memoryUsed;
@@ -372,10 +381,10 @@ function configureService(serviceName, data, callback) {
    assert.strictEqual(typeof data, 'object');
    assert.strictEqual(typeof callback, 'function');

-    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));

    settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(error);
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

        if (!platformConfig[serviceName]) platformConfig[serviceName] = {};

@@ -388,7 +397,7 @@ function configureService(serviceName, data, callback) {
        }

        settings.setPlatformConfig(platformConfig, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -404,7 +413,7 @@ function getServiceLogs(serviceName, options, callback) {
    assert.strictEqual(typeof options.format, 'string');
    assert.strictEqual(typeof options.follow, 'boolean');

-    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));

    debug(`Getting logs for ${serviceName}`);

@@ -463,7 +472,7 @@ function restartService(serviceName, callback) {
    assert.strictEqual(typeof serviceName, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));

    KNOWN_SERVICES[serviceName].restart(callback);
 }
@@ -480,8 +489,8 @@ function waitForService(containerName, tokenEnvName, callback) {

        async.retry({ times: 10, interval: 15000 }, function (retryCallback) {
            request.get(`https://${result.ip}:3000/healthcheck?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-                if (error) return retryCallback(new BoxError(BoxError.ADDONS_ERROR, `Network error waiting for ${containerName}: ${error.message}`));
-                if (response.statusCode !== 200 || !response.body.status) return retryCallback(new BoxError(BoxError.ADDONS_ERROR, `Error waiting for ${containerName}. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return retryCallback(new Error(`Error waiting for ${containerName}: ${error.message}`));
+                if (response.statusCode !== 200 || !response.body.status) return retryCallback(new Error(`Error waiting for ${containerName}. Status code: ${response.statusCode} message: ${response.body.message}`));

                retryCallback(null);
            });
@@ -499,7 +508,7 @@ function setupAddons(app, addons, callback) {
    debugApp(app, 'setupAddons: Setting up %j', Object.keys(addons));

    async.eachSeries(Object.keys(addons), function iterator(addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));

        debugApp(app, 'Setting up addon %s with options %j', addon, addons[addon]);

@@ -517,7 +526,7 @@ function teardownAddons(app, addons, callback) {
    debugApp(app, 'teardownAddons: Tearing down %j', Object.keys(addons));

    async.eachSeries(Object.keys(addons), function iterator(addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));

        debugApp(app, 'Tearing down addon %s with options %j', addon, addons[addon]);

@@ -537,7 +546,7 @@ function backupAddons(app, addons, callback) {
    debugApp(app, 'backupAddons: Backing up %j', Object.keys(addons));

    async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));

        KNOWN_ADDONS[addon].backup(app, addons[addon], iteratorCallback);
    }, callback);
@@ -555,7 +564,7 @@ function clearAddons(app, addons, callback) {
    debugApp(app, 'clearAddons: clearing %j', Object.keys(addons));

    async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));

        KNOWN_ADDONS[addon].clear(app, addons[addon], iteratorCallback);
    }, callback);
@@ -573,7 +582,7 @@ function restoreAddons(app, addons, callback) {
    debugApp(app, 'restoreAddons: restoring %j', Object.keys(addons));

    async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));

        KNOWN_ADDONS[addon].restore(app, addons[addon], iteratorCallback);
    }, callback);
@@ -584,7 +593,7 @@ function importAppDatabase(app, addon, callback) {
    assert.strictEqual(typeof addon, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (!(addon in KNOWN_ADDONS)) return callback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
+    if (!(addon in KNOWN_ADDONS)) return callback(new Error(`No such addon: ${addon}`));

    async.series([
        KNOWN_ADDONS[addon].setup.bind(null, app, app.manifest.addons[addon]),
@@ -611,9 +620,7 @@ function importDatabase(addon, callback) {
                if (!error) return iteratorCallback();

                debug(`importDatabase: Error importing ${addon} of app ${app.id}. Marking as errored`, error);
-                // FIXME: there is no way to 'repair' if we are here. we need to make a separate apptask that re-imports db
-                // not clear, if repair workflow should be part of addon or per-app
-                appdb.update(app.id, { installationState: apps.ISTATE_ERROR, error: { message: error.message } }, iteratorCallback);
+                appdb.update(app.id, { installationState: appdb.ISTATE_ERROR, installationProgress: error.message }, iteratorCallback);
            });
        }, callback);
    });
@@ -678,7 +685,7 @@ function getEnvironment(app, callback) {
    appdb.getAddonConfigByAppId(app.id, function (error, result) {
        if (error) return callback(error);

-        if (app.manifest.addons['docker']) result.push({ name: 'DOCKER_HOST', value: `tcp://172.18.0.1:${constants.DOCKER_PROXY_PORT}` });
+        if (app.manifest.addons['docker']) result.push({ name: 'DOCKER_HOST', value: `tcp://172.18.0.1:${config.get('dockerProxyPort')}` });

        return callback(null, result.map(function (e) { return e.name + '=' + e.value; }));
    });
@@ -783,7 +790,7 @@ function setupOauth(app, options, callback) {
    var scope = accesscontrol.SCOPE_PROFILE;

    clients.delByAppIdAndType(appId, clients.TYPE_OAUTH, function (error) { // remove existing creds
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== ClientsError.NOT_FOUND) return callback(error);

        clients.add(appId, clients.TYPE_OAUTH, redirectURI, scope, function (error, result) {
            if (error) return callback(error);
@@ -793,7 +800,7 @@ function setupOauth(app, options, callback) {
            var env = [
                { name: `${envPrefix}OAUTH_CLIENT_ID`, value: result.id },
                { name: `${envPrefix}OAUTH_CLIENT_SECRET`, value: result.clientSecret },
-                { name: `${envPrefix}OAUTH_ORIGIN`, value: settings.adminOrigin() }
+                { name: `${envPrefix}OAUTH_ORIGIN`, value: config.adminOrigin() }
            ];

            debugApp(app, 'Setting oauth addon config to %j', env);
@@ -811,7 +818,7 @@ function teardownOauth(app, options, callback) {
    debugApp(app, 'teardownOauth');

    clients.delByAppIdAndType(app.id, clients.TYPE_OAUTH, function (error) {
-        if (error && error.reason !== BoxError.NOT_FOUND) debug(error);
+        if (error && error.reason !== ClientsError.NOT_FOUND) debug(error);

        appdb.unsetAddonConfig(app.id, 'oauth', callback);
    });
@@ -869,8 +876,8 @@ function setupLdap(app, options, callback) {

    var env = [
        { name: `${envPrefix}LDAP_SERVER`, value: '172.18.0.1' },
-        { name: `${envPrefix}LDAP_PORT`, value: '' + constants.LDAP_PORT },
-        { name: `${envPrefix}LDAP_URL`, value: 'ldap://172.18.0.1:' + constants.LDAP_PORT },
+        { name: `${envPrefix}LDAP_PORT`, value: '' + config.get('ldapPort') },
+        { name: `${envPrefix}LDAP_URL`, value: 'ldap://172.18.0.1:' + config.get('ldapPort') },
        { name: `${envPrefix}LDAP_USERS_BASE_DN`, value: 'ou=users,dc=cloudron' },
        { name: `${envPrefix}LDAP_GROUPS_BASE_DN`, value: 'ou=groups,dc=cloudron' },
        { name: `${envPrefix}LDAP_BIND_DN`, value: 'cn='+ app.id + ',ou=apps,dc=cloudron' },
@@ -899,8 +906,8 @@ function setupSendMail(app, options, callback) {

    debugApp(app, 'Setting up SendMail');

-    appdb.getAddonConfigByName(app.id, 'sendmail', '%MAIL_SMTP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+    appdb.getAddonConfigByName(app.id, 'sendmail', 'MAIL_SMTP_PASSWORD', function (error, existingPassword) {
+        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

        var password = error ? hat(4 * 48) : existingPassword; // see box#565 for password length

@@ -910,10 +917,10 @@ function setupSendMail(app, options, callback) {
            { name: `${envPrefix}MAIL_SMTP_SERVER`, value: 'mail' },
            { name: `${envPrefix}MAIL_SMTP_PORT`, value: '2525' },
            { name: `${envPrefix}MAIL_SMTPS_PORT`, value: '2465' },
-            { name: `${envPrefix}MAIL_SMTP_USERNAME`, value: app.mailboxName + '@' + app.mailboxDomain },
+            { name: `${envPrefix}MAIL_SMTP_USERNAME`, value: app.mailboxName + '@' + app.domain },
            { name: `${envPrefix}MAIL_SMTP_PASSWORD`, value: password },
-            { name: `${envPrefix}MAIL_FROM`, value: app.mailboxName + '@' + app.mailboxDomain },
-            { name: `${envPrefix}MAIL_DOMAIN`, value: app.mailboxDomain }
+            { name: `${envPrefix}MAIL_FROM`, value: app.mailboxName + '@' + app.domain },
+            { name: `${envPrefix}MAIL_DOMAIN`, value: app.domain }
        ];
        debugApp(app, 'Setting sendmail addon config to %j', env);
        appdb.setAddonConfig(app.id, 'sendmail', env, callback);
@@ -937,8 +944,8 @@ function setupRecvMail(app, options, callback) {

    debugApp(app, 'Setting up recvmail');

-    appdb.getAddonConfigByName(app.id, 'recvmail', '%MAIL_IMAP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+    appdb.getAddonConfigByName(app.id, 'recvmail', 'MAIL_IMAP_PASSWORD', function (error, existingPassword) {
+        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

        var password = error ? hat(4 * 48) : existingPassword;  // see box#565 for password length

@@ -947,10 +954,10 @@ function setupRecvMail(app, options, callback) {
        var env = [
            { name: `${envPrefix}MAIL_IMAP_SERVER`, value: 'mail' },
            { name: `${envPrefix}MAIL_IMAP_PORT`, value: '9993' },
-            { name: `${envPrefix}MAIL_IMAP_USERNAME`, value: app.mailboxName + '@' + app.mailboxDomain },
+            { name: `${envPrefix}MAIL_IMAP_USERNAME`, value: app.mailboxName + '@' + app.domain },
            { name: `${envPrefix}MAIL_IMAP_PASSWORD`, value: password },
-            { name: `${envPrefix}MAIL_TO`, value: app.mailboxName + '@' + app.mailboxDomain },
-            { name: `${envPrefix}MAIL_DOMAIN`, value: app.mailboxDomain }
+            { name: `${envPrefix}MAIL_TO`, value: app.mailboxName + '@' + app.domain },
+            { name: `${envPrefix}MAIL_DOMAIN`, value: app.domain }
        ];

        debugApp(app, 'Setting sendmail addon config to %j', env);
@@ -1033,8 +1040,8 @@ function setupMySql(app, options, callback) {

    debugApp(app, 'Setting up mysql');

-    appdb.getAddonConfigByName(app.id, 'mysql', '%MYSQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+    appdb.getAddonConfigByName(app.id, 'mysql', 'MYSQL_PASSWORD', function (error, existingPassword) {
+        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

        const tmp = mysqlDatabaseName(app.id);

@@ -1049,8 +1056,8 @@ function setupMySql(app, options, callback) {
            if (error) return callback(error);

            request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up mysql: ${error.message}`));
-                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return callback(new Error('Error setting up mysql: ' + error));
+                if (response.statusCode !== 201) return callback(new Error(`Error setting up mysql. Status code: ${response.statusCode} message: ${response.body.message}`));

                const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';

@@ -1087,10 +1094,9 @@ function clearMySql(app, options, callback) {
    getServiceDetails('mysql', 'CLOUDRON_MYSQL_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing mysql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
-
+        request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error clearing mysql: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
            callback();
        });
    });
@@ -1107,9 +1113,9 @@ function teardownMySql(app, options, callback) {
    getServiceDetails('mysql', 'CLOUDRON_MYSQL_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.delete(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mysql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error clearing mysql: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));

            appdb.unsetAddonConfig(app.id, 'mysql', callback);
        });
@@ -1128,15 +1134,14 @@ function pipeRequestToFile(url, filename, callback) {
        callback(error);
    });

-    writeStream.on('error', (error) => done(new BoxError(BoxError.FS_ERROR, `Error writing to ${filename}: ${error.message}`)));
-
+    writeStream.on('error', done);
    writeStream.on('open', function () {
        // note: do not attach to post callback handler because this will buffer the entire reponse!
        // see https://github.com/request/request/issues/2270
        const req = request.post(url, { rejectUnauthorized: false });
-        req.on('error', (error) => done(new BoxError(BoxError.NETWORK_ERROR, `Request error writing to ${filename}: ${error.message}`))); // network error, dns error, request errored in middle etc
+        req.on('error', done); // network error, dns error, request errored in middle etc
        req.on('response', function (response) {
-            if (response.statusCode !== 200) return done(new BoxError(BoxError.ADDONS_ERROR, `Unexpected response code when piping ${url}: ${response.statusCode} message: ${response.statusMessage} filename: ${filename}`));
+            if (response.statusCode !== 200) return done(new Error(`Unexpected response code: ${response.statusCode} message: ${response.statusMessage} filename: ${filename}`));

            response.pipe(writeStream).on('finish', done); // this is hit after data written to disk
        });
@@ -1175,11 +1180,11 @@ function restoreMySql(app, options, callback) {
        if (error) return callback(error);

        var input = fs.createReadStream(dumpPath('mysql', app.id));
-        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring mysql: ${error.message}`)));
+        input.on('error', callback);

-        const restoreReq = request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mysql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(error);
+            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from mysql addon ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1251,8 +1256,8 @@ function setupPostgreSql(app, options, callback) {

    const { database, username } = postgreSqlNames(app.id);

-    appdb.getAddonConfigByName(app.id, 'postgresql', '%POSTGRESQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+    appdb.getAddonConfigByName(app.id, 'postgresql', 'POSTGRESQL_PASSWORD', function (error, existingPassword) {
+        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

        const data = {
            database: database,
@@ -1264,8 +1269,8 @@ function setupPostgreSql(app, options, callback) {
            if (error) return callback(error);

            request.post(`https://${result.ip}:3000/databases?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up postgresql: ${error.message}`));
-                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return callback(new Error('Error setting up postgresql: ' + error));
+                if (response.statusCode !== 201) return callback(new Error(`Error setting up postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));

                const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';

@@ -1297,9 +1302,9 @@ function clearPostgreSql(app, options, callback) {
    getServiceDetails('postgresql', 'CLOUDRON_POSTGRESQL_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.post(`https://${result.ip}:3000/databases/${database}/clear?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing postgresql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/databases/${database}/clear?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error clearing postgresql: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error clearing postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1316,9 +1321,9 @@ function teardownPostgreSql(app, options, callback) {
    getServiceDetails('postgresql', 'CLOUDRON_POSTGRESQL_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.delete(`https://${result.ip}:3000/databases/${database}?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error tearing down postgresql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/databases/${database}?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error tearing down postgresql: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error tearing down postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));

            appdb.unsetAddonConfig(app.id, 'postgresql', callback);
        });
@@ -1357,11 +1362,11 @@ function restorePostgreSql(app, options, callback) {
        if (error) return callback(error);

        var input = fs.createReadStream(dumpPath('postgresql', app.id));
-        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring postgresql: ${error.message}`)));
+        input.on('error', callback);

-        const restoreReq = request.post(`https://${result.ip}:3000/databases/${database}/restore?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring postgresql: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/databases/${database}/restore?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(error);
+            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from postgresql addon ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1426,27 +1431,26 @@ function setupMongoDb(app, options, callback) {

    debugApp(app, 'Setting up mongodb');

-    appdb.getAddonConfigByName(app.id, 'mongodb', '%MONGODB_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+    appdb.getAddonConfigByName(app.id, 'mongodb', 'MONGODB_PASSWORD', function (error, existingPassword) {
+        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

        const data = {
            database: app.id,
            username: app.id,
-            password: error ? hat(4 * 128) : existingPassword,
-            oplog: !!options.oplog
+            password: error ? hat(4 * 128) : existingPassword
        };

        getServiceDetails('mongodb', 'CLOUDRON_MONGODB_TOKEN', function (error, result) {
            if (error) return callback(error);

            request.post(`https://${result.ip}:3000/databases?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up mongodb: ${error.message}`));
-                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return callback(new Error('Error setting up mongodb: ' + error));
+                if (response.statusCode !== 201) return callback(new Error(`Error setting up mongodb. Status code: ${response.statusCode}`));

                const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';

                var env = [
-                    { name: `${envPrefix}MONGODB_URL`, value : `mongodb://${data.username}:${data.password}@mongodb:27017/${data.database}` },
+                    { name: `${envPrefix}MONGODB_URL`, value : `mongodb://${data.username}:${data.password}@mongodb/${data.database}` },
                    { name: `${envPrefix}MONGODB_USERNAME`, value : data.username },
                    { name: `${envPrefix}MONGODB_PASSWORD`, value: data.password },
                    { name: `${envPrefix}MONGODB_HOST`, value : 'mongodb' },
@@ -1454,10 +1458,6 @@ function setupMongoDb(app, options, callback) {
                    { name: `${envPrefix}MONGODB_DATABASE`, value : data.database }
                ];

-                if (options.oplog) {
-                    env.push({ name: `${envPrefix}MONGODB_OPLOG_URL`, value : `mongodb://${data.username}:${data.password}@mongodb:27017/local?authSource=${data.database}` });
-                }
-
                debugApp(app, 'Setting mongodb addon config to %j', env);
                appdb.setAddonConfig(app.id, 'mongodb', env, callback);
            });
@@ -1475,9 +1475,9 @@ function clearMongodb(app, options, callback) {
    getServiceDetails('mongodb', 'CLOUDRON_MONGODB_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.post(`https://${result.ip}:3000/databases/${app.id}/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing mongodb: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/databases/${app.id}/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error clearing mongodb: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error clearing mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));

            callback();
        });
@@ -1494,9 +1494,9 @@ function teardownMongoDb(app, options, callback) {
    getServiceDetails('mongodb', 'CLOUDRON_MONGODB_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.delete(`https://${result.ip}:3000/databases/${app.id}?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mongodb: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/databases/${app.id}?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error tearing down mongodb: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error tearing down mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));

            appdb.unsetAddonConfig(app.id, 'mongodb', callback);
        });
@@ -1531,11 +1531,11 @@ function restoreMongoDb(app, options, callback) {
        if (error) return callback(error);

        const readStream = fs.createReadStream(dumpPath('mongodb', app.id));
-        readStream.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring mongodb: ${error.message}`)));
+        readStream.on('error', callback);

-        const restoreReq = request.post(`https://${result.ip}:3000/databases/${app.id}/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mongodb: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/databases/${app.id}/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(error);
+            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from mongodb addon ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1551,21 +1551,9 @@ function startRedis(existingInfra, callback) {
    const tag = infra.images.redis.tag;
    const upgrading = existingInfra.version !== 'none' && requiresUpgrade(existingInfra.images.redis.tag, tag);

-    appdb.getAll(function (error, apps) {
-        if (error) return callback(error);
+    if (!upgrading) return callback();

-        async.eachSeries(apps, function iterator (app, iteratorCallback) {
-            if (!('redis' in app.manifest.addons)) return iteratorCallback(); // app doesn't use the addon
-
-            setupRedis(app, app.manifest.addons.redis, iteratorCallback);
-        }, function (error) {
-            if (error) return callback(error);
-
-            if (!upgrading) return callback();
-
-            importDatabase('redis', callback); // setupRedis currently starts the app container
-        });
-    });
+    importDatabase('redis', callback); // setupRedis currently starts the app container
 }

 // Ensures that app's addon redis container is running. Can be called when named container already exists/running
@@ -1576,69 +1564,68 @@ function setupRedis(app, options, callback) {

    const redisName = 'redis-' + app.id;

-    appdb.getAddonConfigByName(app.id, 'redis', '%REDIS_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
-
-        const redisPassword = options.noPassword ? '' : (error ? hat(4 * 48) : existingPassword); // see box#362 for password length
-        const redisServiceToken = hat(4 * 48);
-
-        // Compute redis memory limit based on app's memory limit (this is arbitrary)
-        var memoryLimit = app.memoryLimit || app.manifest.memoryLimit || 0;
-
-        if (memoryLimit === -1) { // unrestricted (debug mode)
-            memoryLimit = 0;
-        } else if (memoryLimit === 0 || memoryLimit <= (2 * 1024 * 1024 * 1024)) { // less than 2G (ram+swap)
-            memoryLimit = 150 * 1024 * 1024; // 150m
-        } else {
-            memoryLimit = 600 * 1024 * 1024; // 600m
+    docker.inspect(redisName, function (error, result) {
+        if (!error) {
+            debug(`Re-using existing redis container with state: ${result.State}`);
+            return callback();
        }

-        const tag = infra.images.redis.tag;
-        const label = app.fqdn;
-        // note that we do not add appId label because this interferes with the stop/start app logic
-        const cmd = `docker run --restart=always -d --name=${redisName} \
-                    --hostname ${redisName} \
-                    --label=location=${label} \
-                    --net cloudron \
-                    --net-alias ${redisName} \
-                    --log-driver syslog \
-                    --log-opt syslog-address=udp://127.0.0.1:2514 \
-                    --log-opt syslog-format=rfc5424 \
-                    --log-opt tag="${redisName}" \
-                    -m ${memoryLimit/2} \
-                    --memory-swap ${memoryLimit} \
-                    --dns 172.18.0.1 \
-                    --dns-search=. \
-                    -e CLOUDRON_REDIS_PASSWORD="${redisPassword}" \
-                    -e CLOUDRON_REDIS_TOKEN="${redisServiceToken}" \
-                    -v "${paths.PLATFORM_DATA_DIR}/redis/${app.id}:/var/lib/redis" \
-                    --label isCloudronManaged=true \
-                    --read-only -v /tmp -v /run ${tag}`;
+        appdb.getAddonConfigByName(app.id, 'redis', 'REDIS_PASSWORD', function (error, existingPassword) {
+            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);

-        const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';
+            const redisPassword = error ? hat(4 * 48) : existingPassword; // see box#362 for password length
+            const redisServiceToken = hat(4 * 48);

-        var env = [
-            { name: `${envPrefix}REDIS_URL`, value: 'redis://redisuser:' + redisPassword + '@redis-' + app.id },
-            { name: `${envPrefix}REDIS_PASSWORD`, value: redisPassword },
-            { name: `${envPrefix}REDIS_HOST`, value: redisName },
-            { name: `${envPrefix}REDIS_PORT`, value: '6379' }
-        ];
+            // Compute redis memory limit based on app's memory limit (this is arbitrary)
+            var memoryLimit = app.memoryLimit || app.manifest.memoryLimit || 0;

-        async.series([
-            (next) => {
-                docker.inspect(redisName, function (inspectError, result) { // fast-path
-                    if (!inspectError) {
-                        debug(`Re-using existing redis container with state: ${JSON.stringify(result.State)}`);
-                        return next();
-                    }
-                    shell.exec('startRedis', cmd, next);
-                });
-            },
-            appdb.setAddonConfig.bind(null, app.id, 'redis', env),
-            waitForService.bind(null, 'redis-' + app.id, 'CLOUDRON_REDIS_TOKEN')
-        ], function (error) {
-            if (error) debug('Error setting up redis: ', error);
-            callback(error);
+            if (memoryLimit === -1) { // unrestricted (debug mode)
+                memoryLimit = 0;
+            } else if (memoryLimit === 0 || memoryLimit <= (2 * 1024 * 1024 * 1024)) { // less than 2G (ram+swap)
+                memoryLimit = 150 * 1024 * 1024; // 150m
+            } else {
+                memoryLimit = 600 * 1024 * 1024; // 600m
+            }
+
+            const tag = infra.images.redis.tag;
+            const label = app.fqdn;
+            // note that we do not add appId label because this interferes with the stop/start app logic
+            const cmd = `docker run --restart=always -d --name=${redisName} \
+                        --hostname ${redisName} \
+                        --label=location=${label} \
+                        --net cloudron \
+                        --net-alias ${redisName} \
+                        --log-driver syslog \
+                        --log-opt syslog-address=udp://127.0.0.1:2514 \
+                        --log-opt syslog-format=rfc5424 \
+                        --log-opt tag="${redisName}" \
+                        -m ${memoryLimit/2} \
+                        --memory-swap ${memoryLimit} \
+                        --dns 172.18.0.1 \
+                        --dns-search=. \
+                        -e CLOUDRON_REDIS_PASSWORD="${redisPassword}" \
+                        -e CLOUDRON_REDIS_TOKEN="${redisServiceToken}" \
+                        -v "${paths.PLATFORM_DATA_DIR}/redis/${app.id}:/var/lib/redis" \
+                        --label isCloudronManaged=true \
+                        --read-only -v /tmp -v /run ${tag}`;
+
+            const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';
+
+            var env = [
+                { name: `${envPrefix}REDIS_URL`, value: 'redis://redisuser:' + redisPassword + '@redis-' + app.id },
+                { name: `${envPrefix}REDIS_PASSWORD`, value: redisPassword },
+                { name: `${envPrefix}REDIS_HOST`, value: redisName },
+                { name: `${envPrefix}REDIS_PORT`, value: '6379' }
+            ];
+
+            async.series([
+                shell.exec.bind(null, 'startRedis', cmd),
+                appdb.setAddonConfig.bind(null, app.id, 'redis', env),
+                waitForService.bind(null, 'redis-' + app.id, 'CLOUDRON_REDIS_TOKEN')
+            ], function (error) {
+                if (error) debug('Error setting up redis: ', error);
+                callback(error);
+            });
        });
    });
 }
@@ -1653,9 +1640,9 @@ function clearRedis(app, options, callback) {
    getServiceDetails('redis-' + app.id, 'CLOUDRON_REDIS_TOKEN', function (error, result) {
        if (error) return callback(error);

-        request.post(`https://${result.ip}:3000/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing redis: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing redis. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new Error('Error clearing redis: ' + error));
+            if (response.statusCode !== 200) return callback(new Error(`Error clearing redis. Status code: ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1667,11 +1654,18 @@ function teardownRedis(app, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    docker.deleteContainer(`redis-${app.id}`, function (error) {
-        if (error) return callback(error);
+    var container = dockerConnection.getContainer('redis-' + app.id);
+
+    var removeOptions = {
+        force: true, // kill container if it's running
+        v: true // removes volumes associated with the container
+    };
+
+    container.remove(removeOptions, function (error) {
+        if (error && error.statusCode !== 404) return callback(new Error('Error removing container:' + error));

        shell.sudo('removeVolume', [ RMADDONDIR_CMD, 'redis', app.id ], {}, function (error) {
-            if (error) return callback(new BoxError(BoxError.FS_ERROR, `Error removing redis data: ${error.message}`));
+            if (error) return callback(new Error('Error removing redis data:' + error));

            rimraf(path.join(paths.LOG_DIR, `redis-${app.id}`), function (error) {
                if (error) debugApp(app, 'cannot cleanup logs: %s', error);
@@ -1704,8 +1698,6 @@ function restoreRedis(app, options, callback) {

    debugApp(app, 'Restoring redis');

-    callback = once(callback); // protect from multiple returns with streams
-
    getServiceDetails('redis-' + app.id, 'CLOUDRON_REDIS_TOKEN', function (error, result) {
        if (error) return callback(error);

@@ -1716,11 +1708,11 @@ function restoreRedis(app, options, callback) {
        } else { // old location of dumps
            input = fs.createReadStream(path.join(paths.APPS_DATA_DIR, app.id, 'redis/dump.rdb'));
        }
-        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring redis: ${error.message}`)));
+        input.on('error', callback);

-        const restoreReq = request.post(`https://${result.ip}:3000/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring redis: ${error.message}`));
-            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring redis. Status code: ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(error);
+            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from redis addon: ${response.statusCode} message: ${response.body.message}`));

            callback(null);
        });
@@ -1781,11 +1773,11 @@ function statusSftp(callback) {
    assert.strictEqual(typeof callback, 'function');

    docker.inspect('sftp', function (error, container) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(error);
+        if (error && error.reason === DockerError.NOT_FOUND) return callback(new AddonsError(AddonsError.NOT_ACTIVE, error));
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

        docker.memoryUsage('sftp', function (error, result) {
-            if (error) return callback(error);
+            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

            var tmp = {
                status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -1802,15 +1794,15 @@ function statusGraphite(callback) {
    assert.strictEqual(typeof callback, 'function');

    docker.inspect('graphite', function (error, container) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(error);
+        if (error && error.reason === DockerError.NOT_FOUND) return callback(new AddonsError(AddonsError.NOT_ACTIVE, error));
+        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

-        request.get('http://127.0.0.1:8417/graphite-web/dashboard', { json: true, timeout: 3000 }, function (error, response) {
+        request.get('http://127.0.0.1:8417', { timeout: 3000 }, function (error, response) {
            if (error) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite: ${error.message}` });
            if (response.statusCode !== 200) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite. Status code: ${response.statusCode} message: ${response.body.message}` });

            docker.memoryUsage('graphite', function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));

                var tmp = {
                    status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -96,15 +96,7 @@ server {

 <% if ( endpoint === 'admin' ) { -%>
    # CSP headers for the admin/dashboard resources
-    add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
-<% } else { %>
-    <% if (cspQuoted) { %>
-    add_header Content-Security-Policy <%- cspQuoted %>;
-    <% } %>
-
-    <% for (var i = 0; i < hideHeaders.length; i++) { -%>
-    proxy_hide_header <%- hideHeaders[i] %>;
-    <% } %>
+    add_header Content-Security-Policy "default-src 'none'; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
 <% } -%>

    proxy_http_version 1.1;
@@ -171,9 +163,9 @@ server {
            client_max_body_size 0;
        }

-        # graphite paths (uncomment block below and visit /graphite-web/dashboard)
+        # graphite paths (uncomment block below and visit /graphite/index.html)
        # remember to comment out the CSP policy as well to access the graphite dashboard
-        # location ~ ^/graphite-web/ {
+        # location ~ ^/(graphite|content|metrics|dashboard|render|browser|composer)/ {
        #     proxy_pass   http://127.0.0.1:8417;
        #     client_max_body_size 1m;
        # }
@@ -21,9 +21,36 @@ exports = module.exports = {
    getAppIdByAddonConfigValue: getAppIdByAddonConfigValue,

    setHealth: setHealth,
-    setTask: setTask,
+    setInstallationCommand: setInstallationCommand,
+    setRunCommand: setRunCommand,
    getAppStoreIds: getAppStoreIds,

+    setOwner: setOwner,
+    transferOwnership: transferOwnership,
+
+    // installation codes (keep in sync in UI)
+    ISTATE_PENDING_INSTALL: 'pending_install', // installs and fresh reinstalls
+    ISTATE_PENDING_CLONE: 'pending_clone', // clone
+    ISTATE_PENDING_CONFIGURE: 'pending_configure', // config (location, port) changes and on infra update
+    ISTATE_PENDING_UNINSTALL: 'pending_uninstall', // uninstallation
+    ISTATE_PENDING_RESTORE: 'pending_restore', // restore to previous backup or on upgrade
+    ISTATE_PENDING_UPDATE: 'pending_update', // update from installed state preserving data
+    ISTATE_PENDING_FORCE_UPDATE: 'pending_force_update', // update from any state preserving data
+    ISTATE_PENDING_BACKUP: 'pending_backup', // backup the app
+    ISTATE_ERROR: 'error', // error executing last pending_* command
+    ISTATE_INSTALLED: 'installed', // app is installed
+
+    RSTATE_RUNNING: 'running',
+    RSTATE_PENDING_START: 'pending_start',
+    RSTATE_PENDING_STOP: 'pending_stop',
+    RSTATE_STOPPED: 'stopped', // app stopped by us
+
+    // run codes (keep in sync in UI)
+    HEALTH_HEALTHY: 'healthy',
+    HEALTH_UNHEALTHY: 'unhealthy',
+    HEALTH_ERROR: 'error',
+    HEALTH_DEAD: 'dead',
+
    // subdomain table types
    SUBDOMAIN_TYPE_PRIMARY: 'primary',
    SUBDOMAIN_TYPE_REDIRECT: 'redirect',
@@ -33,17 +60,17 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror'),
    safe = require('safetydance'),
    util = require('util');

-var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.errorJson', 'apps.runState',
+var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.installationProgress', 'apps.runState',
    'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.httpPort', 'subdomains.subdomain AS location', 'subdomains.domain',
-    'apps.accessRestrictionJson', 'apps.memoryLimit',
-    'apps.label', 'apps.tagsJson', 'apps.taskId', 'apps.reverseProxyConfigJson',
-    'apps.sso', 'apps.debugModeJson', 'apps.enableBackup',
-    'apps.creationTime', 'apps.updateTime', 'apps.mailboxName', 'apps.mailboxDomain', 'apps.enableAutomaticUpdate',
+    'apps.accessRestrictionJson', 'apps.restoreConfigJson', 'apps.oldConfigJson', 'apps.updateConfigJson', 'apps.memoryLimit',
+    'apps.label', 'apps.tagsJson',
+    'apps.sso', 'apps.debugModeJson', 'apps.robotsTxt', 'apps.enableBackup',
+    'apps.creationTime', 'apps.updateTime', 'apps.ownerId', 'apps.mailboxName', 'apps.enableAutomaticUpdate',
    'apps.dataDir', 'apps.ts', 'apps.healthTime' ].join(',');

 var PORT_BINDINGS_FIELDS = [ 'hostPort', 'type', 'environmentVariable', 'appId' ].join(',');
@@ -57,14 +84,22 @@ function postProcess(result) {
    result.manifest = safe.JSON.parse(result.manifestJson);
    delete result.manifestJson;

+    assert(result.oldConfigJson === null || typeof result.oldConfigJson === 'string');
+    result.oldConfig = safe.JSON.parse(result.oldConfigJson);
+    delete result.oldConfigJson;
+
+    assert(result.updateConfigJson === null || typeof result.updateConfigJson === 'string');
+    result.updateConfig = safe.JSON.parse(result.updateConfigJson);
+    delete result.updateConfigJson;
+
+    assert(result.restoreConfigJson === null || typeof result.restoreConfigJson === 'string');
+    result.restoreConfig = safe.JSON.parse(result.restoreConfigJson);
+    delete result.restoreConfigJson;
+
    assert(result.tagsJson === null || typeof result.tagsJson === 'string');
    result.tags = safe.JSON.parse(result.tagsJson) || [];
    delete result.tagsJson;

-    assert(result.reverseProxyConfigJson === null || typeof result.reverseProxyConfigJson === 'string');
-    result.reverseProxyConfig = safe.JSON.parse(result.reverseProxyConfigJson) || {};
-    delete result.reverseProxyConfigJson;
-
    assert(result.hostPorts === null || typeof result.hostPorts === 'string');
    assert(result.environmentVariables === null || typeof result.environmentVariables === 'string');

@@ -108,10 +143,8 @@ function postProcess(result) {
        if (envNames[i]) result.env[envNames[i]] = envValues[i];
    }

-    result.error = safe.JSON.parse(result.errorJson);
-    delete result.errorJson;
-
-    result.taskId = result.taskId ? String(result.taskId) : null;
+    // in the db, we store dataDir as unique/nullable
+    result.dataDir = result.dataDir || '';
 }

 function get(id, callback) {
@@ -126,11 +159,11 @@ function get(id, callback) {
        + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
        + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
        + ' WHERE apps.id = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            result[0].alternateDomains = alternateDomains;

@@ -153,11 +186,11 @@ function getByHttpPort(httpPort, callback) {
        + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
        + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
        + ' WHERE httpPort = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, httpPort ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            result[0].alternateDomains = alternateDomains;
            postProcess(result[0]);
@@ -179,11 +212,11 @@ function getByContainerId(containerId, callback) {
        + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
        + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
        + ' WHERE containerId = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, containerId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            result[0].alternateDomains = alternateDomains;
            postProcess(result[0]);
@@ -204,10 +237,10 @@ function getAll(callback) {
        + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
        + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
        + ' GROUP BY apps.id ORDER BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE type = ?', [ exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            alternateDomains.forEach(function (d) {
                var domain = results.find(function (a) { return d.appId === a.id; });
@@ -224,13 +257,14 @@ function getAll(callback) {
    });
 }

-function add(id, appStoreId, manifest, location, domain, portBindings, data, callback) {
+function add(id, appStoreId, manifest, location, domain, ownerId, portBindings, data, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof appStoreId, 'string');
    assert(manifest && typeof manifest === 'object');
    assert.strictEqual(typeof manifest.version, 'string');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof ownerId, 'string');
    assert.strictEqual(typeof portBindings, 'object');
    assert(data && typeof data === 'object');
    assert.strictEqual(typeof callback, 'function');
@@ -242,25 +276,24 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
    const accessRestriction = data.accessRestriction || null;
    const accessRestrictionJson = JSON.stringify(accessRestriction);
    const memoryLimit = data.memoryLimit || 0;
-    const installationState = data.installationState;
-    const runState = data.runState;
+    const installationState = data.installationState || exports.ISTATE_PENDING_INSTALL;
+    const restoreConfigJson = data.restoreConfig ? JSON.stringify(data.restoreConfig) : null; // used when cloning
    const sso = 'sso' in data ? data.sso : null;
+    const robotsTxt = 'robotsTxt' in data ? data.robotsTxt : null;
    const debugModeJson = data.debugMode ? JSON.stringify(data.debugMode) : null;
    const env = data.env || {};
    const label = data.label || null;
    const tagsJson = data.tags ? JSON.stringify(data.tags) : null;
    const mailboxName = data.mailboxName || null;
-    const mailboxDomain = data.mailboxDomain || null;
-    const reverseProxyConfigJson = data.reverseProxyConfig ? JSON.stringify(data.reverseProxyConfig) : null;

    var queries = [];

    queries.push({
-        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit, '
-            + 'sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson) '
+        query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, accessRestrictionJson, memoryLimit, '
+            + 'restoreConfigJson, sso, debugModeJson, robotsTxt, ownerId, mailboxName, label, tagsJson) '
            + ' VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
-        args: [ id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit,
-            sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson ]
+        args: [ id, appStoreId, manifestJson, installationState, accessRestrictionJson, memoryLimit, restoreConfigJson,
+            sso, debugModeJson, robotsTxt, ownerId, mailboxName, label, tagsJson ]
    });

    queries.push({
@@ -292,9 +325,9 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
    }

    database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such domain'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such domain'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -305,7 +338,7 @@ function exists(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT 1 FROM apps WHERE id=?', [ id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        return callback(null, result.length !== 0);
    });
@@ -316,7 +349,7 @@ function getPortBindings(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + PORT_BINDINGS_FIELDS + ' FROM appPortBindings WHERE appId = ?', [ id ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        var portBindings = { };
        for (var i = 0; i < results.length; i++) {
@@ -333,8 +366,8 @@ function delPortBinding(hostPort, type, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM appPortBindings WHERE hostPort=? AND type=?', [ hostPort, type ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -352,8 +385,8 @@ function del(id, callback) {
    ];

    database.transaction(queries, function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results[3].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results[3].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -369,7 +402,7 @@ function clear(callback) {
        database.query.bind(null, 'DELETE FROM appEnvVars'),
        database.query.bind(null, 'DELETE FROM apps')
    ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        return callback(null);
    });
 }
@@ -425,7 +458,7 @@ function updateWithConstraints(id, app, constraints, callback) {

    var fields = [ ], values = [ ];
    for (var p in app) {
-        if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error' || p === 'reverseProxyConfig') {
+        if (p === 'manifest' || p === 'oldConfig' || p === 'updateConfig' || p === 'restoreConfig' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode') {
            fields.push(`${p}Json = ?`);
            values.push(JSON.stringify(app[p]));
        } else if (p !== 'portBindings' && p !== 'location' && p !== 'domain' && p !== 'alternateDomains' && p !== 'env') {
@@ -440,14 +473,15 @@ function updateWithConstraints(id, app, constraints, callback) {
    }

    database.transaction(queries, function (error, results) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results[results.length - 1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results[results.length - 1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        return callback(null);
    });
 }

+// not sure if health should influence runState
 function setHealth(appId, health, healthTime, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof health, 'string');
@@ -456,29 +490,60 @@ function setHealth(appId, health, healthTime, callback) {

    var values = { health, healthTime };

-    updateWithConstraints(appId, values, '', callback);
+    var constraints = 'AND runState NOT LIKE "pending_%" AND installationState = "installed"';
+
+    updateWithConstraints(appId, values, constraints, callback);
 }

-function setTask(appId, values, options, callback) {
+function setInstallationCommand(appId, installationState, values, callback) {
    assert.strictEqual(typeof appId, 'string');
-    assert.strictEqual(typeof values, 'object');
-    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof installationState, 'string');
+
+    if (typeof values === 'function') {
+        callback = values;
+        values = { };
+    } else {
+        assert.strictEqual(typeof values, 'object');
+        assert.strictEqual(typeof callback, 'function');
+    }
+
+    values.installationState = installationState;
+    values.installationProgress = '';
+
+    // Rules are:
+    // uninstall is allowed in any state
+    // force update is allowed in any state including pending_uninstall! (for better or worse)
+    // restore is allowed from installed or error state or currently restoring
+    // configure is allowed in installed state or currently configuring or in error state
+    // update and backup are allowed only in installed state
+
+    if (installationState === exports.ISTATE_PENDING_UNINSTALL || installationState === exports.ISTATE_PENDING_FORCE_UPDATE) {
+        updateWithConstraints(appId, values, '', callback);
+    } else if (installationState === exports.ISTATE_PENDING_RESTORE) {
+        updateWithConstraints(appId, values, 'AND (installationState = "installed" OR installationState = "error" OR installationState = "pending_restore")', callback);
+    } else if (installationState === exports.ISTATE_PENDING_UPDATE || installationState === exports.ISTATE_PENDING_BACKUP) {
+        updateWithConstraints(appId, values, 'AND installationState = "installed"', callback);
+    } else if (installationState === exports.ISTATE_PENDING_CONFIGURE) {
+        updateWithConstraints(appId, values, 'AND (installationState = "installed" OR installationState = "pending_configure" OR installationState = "error")', callback);
+    } else {
+        callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, 'invalid installationState'));
+    }
+}
+
+function setRunCommand(appId, runState, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof runState, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (!options.requireNullTaskId)  return updateWithConstraints(appId, values, '', callback);
-
-    if (options.requiredState === null) {
-        updateWithConstraints(appId, values, 'AND taskId IS NULL', callback);
-    } else {
-        updateWithConstraints(appId, values, `AND taskId IS NULL AND installationState = "${options.requiredState}"`, callback);
-    }
+    var values = { runState: runState };
+    updateWithConstraints(appId, values, 'AND runState NOT LIKE "pending_%" AND installationState = "installed"', callback);
 }

 function getAppStoreIds(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT id, appStoreId FROM apps', function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -503,7 +568,7 @@ function setAddonConfig(appId, addonId, env, callback) {
        }

        database.query(query + queryArgs.join(','), args, function (error) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            return callback(null);
        });
@@ -516,7 +581,7 @@ function unsetAddonConfig(appId, addonId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -527,7 +592,7 @@ function unsetAddonConfigByAppId(appId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -539,7 +604,7 @@ function getAddonConfig(appId, addonId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -550,7 +615,7 @@ function getAddonConfigByAppId(appId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -563,23 +628,51 @@ function getAppIdByAddonConfigValue(addonId, namePattern, value, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT appId FROM appAddonConfigs WHERE addonId = ? AND name LIKE ? AND value = ?', [ addonId, namePattern, value ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, results[0].appId);
    });
 }

-function getAddonConfigByName(appId, addonId, namePattern, callback) {
+function getAddonConfigByName(appId, addonId, name, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof addonId, 'string');
-    assert.strictEqual(typeof namePattern, 'string');
+    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof callback, 'function');

-    database.query('SELECT value FROM appAddonConfigs WHERE appId = ? AND addonId = ? AND name LIKE ?', [ appId, addonId, namePattern ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
+    database.query('SELECT value FROM appAddonConfigs WHERE appId = ? AND addonId = ? AND name = ?', [ appId, addonId, name ], function (error, results) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, results[0].value);
    });
 }
+
+function setOwner(appId, ownerId, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof ownerId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('UPDATE apps SET ownerId=? WHERE appId=?', [ ownerId, appId ], function (error, results) {
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'No such user'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'No such app'));
+
+        callback(null);
+    });
+}
+
+function transferOwnership(oldOwnerId, newOwnerId, callback) {
+    assert.strictEqual(typeof oldOwnerId, 'string');
+    assert.strictEqual(typeof newOwnerId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('UPDATE apps SET ownerId=? WHERE ownerId=?', [ newOwnerId, oldOwnerId ], function (error) {
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'No such user'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+
+        callback(null);
+    });
+}
@@ -5,7 +5,7 @@ var appdb = require('./appdb.js'),
    assert = require('assert'),
    async = require('async'),
    auditSource = require('./auditsource.js'),
-    BoxError = require('./boxerror.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:apphealthmonitor'),
    docker = require('./docker.js'),
    eventlog = require('./eventlog.js'),
@@ -26,7 +26,7 @@ let gLastOomMailTime = Date.now() - (5 * 60 * 1000); // pretend we sent email 5
 function debugApp(app) {
    assert(typeof app === 'object');

-    debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)) + ' - ' + app.id);
+    debug(app.fqdn + ' ' + app.manifest.id + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)) + ' - ' + app.id);
 }

 function setHealth(app, health, callback) {
@@ -36,16 +36,16 @@ function setHealth(app, health, callback) {

    let now = new Date(), healthTime = app.healthTime, curHealth = app.health;

-    if (health === apps.HEALTH_HEALTHY) {
+    if (health === appdb.HEALTH_HEALTHY) {
        healthTime = now;
-        if (curHealth && curHealth !== apps.HEALTH_HEALTHY) { // app starts out with null health
+        if (curHealth && curHealth !== appdb.HEALTH_HEALTHY) { // app starts out with null health
            debugApp(app, 'app switched from %s to healthy', curHealth);

            // do not send mails for dev apps
            if (!app.debugMode) eventlog.add(eventlog.ACTION_APP_UP, auditSource.HEALTH_MONITOR, { app: app });
        }
    } else if (Math.abs(now - healthTime) > UNHEALTHY_THRESHOLD) {
-        if (curHealth === apps.HEALTH_HEALTHY) {
+        if (curHealth === appdb.HEALTH_HEALTHY) {
            debugApp(app, 'marking as unhealthy since not seen for more than %s minutes', UNHEALTHY_THRESHOLD/(60 * 1000));

            // do not send mails for dev apps
@@ -57,7 +57,7 @@ function setHealth(app, health, callback) {
    }

    appdb.setHealth(app.id, health, healthTime, function (error) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null); // app uninstalled?
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null); // app uninstalled?
        if (error) return callback(error);

        app.health = health;
@@ -72,7 +72,7 @@ function checkAppHealth(app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-    if (app.installationState !== apps.ISTATE_INSTALLED || app.runState !== apps.RSTATE_RUNNING) {
+    if (app.installationState !== appdb.ISTATE_INSTALLED || app.runState !== appdb.RSTATE_RUNNING) {
        debugApp(app, 'skipped. istate:%s rstate:%s', app.installationState, app.runState);
        return callback(null);
    }
@@ -82,34 +82,34 @@ function checkAppHealth(app, callback) {
    docker.inspect(app.containerId, function (error, data) {
        if (error || !data || !data.State) {
            debugApp(app, 'Error inspecting container');
-            return setHealth(app, apps.HEALTH_ERROR, callback);
+            return setHealth(app, appdb.HEALTH_ERROR, callback);
        }

        if (data.State.Running !== true) {
            debugApp(app, 'exited');
-            return setHealth(app, apps.HEALTH_DEAD, callback);
+            return setHealth(app, appdb.HEALTH_DEAD, callback);
        }

        // non-appstore apps may not have healthCheckPath
-        if (!manifest.healthCheckPath) return setHealth(app, apps.HEALTH_HEALTHY, callback);
+        if (!manifest.healthCheckPath) return setHealth(app, appdb.HEALTH_HEALTHY, callback);

        // poll through docker network instead of nginx to bypass any potential oauth proxy
        var healthCheckUrl = 'http://127.0.0.1:' + app.httpPort + manifest.healthCheckPath;
        superagent
            .get(healthCheckUrl)
            .set('Host', app.fqdn) // required for some apache configs with rewrite rules
-            .set('User-Agent', 'Mozilla (CloudronHealth)') // required for some apps (e.g. minio)
+            .set('User-Agent', 'Mozilla') // required for some apps (e.g. minio)
            .redirects(0)
            .timeout(HEALTHCHECK_INTERVAL)
            .end(function (error, res) {
                if (error && !error.response) {
                    debugApp(app, 'not alive (network error): %s', error.message);
-                    setHealth(app, apps.HEALTH_UNHEALTHY, callback);
+                    setHealth(app, appdb.HEALTH_UNHEALTHY, callback);
                } else if (res.statusCode >= 400) { // 2xx and 3xx are ok
                    debugApp(app, 'not alive : %s', error || res.status);
-                    setHealth(app, apps.HEALTH_UNHEALTHY, callback);
+                    setHealth(app, appdb.HEALTH_UNHEALTHY, callback);
                } else {
-                    setHealth(app, apps.HEALTH_HEALTHY, callback);
+                    setHealth(app, appdb.HEALTH_HEALTHY, callback);
                }
            });
    });
@@ -187,8 +187,8 @@ function processApp(callback) {
            if (error) console.error(error);

            var alive = result
-                .filter(function (a) { return a.installationState === apps.ISTATE_INSTALLED && a.runState === apps.RSTATE_RUNNING && a.health === apps.HEALTH_HEALTHY; })
-                .map(function (a) { return (a.location || 'naked_domain') + '|' + (a.manifest.id || 'customapp'); }).join(', ');
+                .filter(function (a) { return a.installationState === appdb.ISTATE_INSTALLED && a.runState === appdb.RSTATE_RUNNING && a.health === appdb.HEALTH_HEALTHY; })
+                .map(function (a) { return (a.location || 'naked_domain') + '|' + a.manifest.id; }).join(', ');

            debug('apps alive: [%s]', alive);

@@ -5,9 +5,6 @@ exports = module.exports = {
    getApp: getApp,
    getAppVersion: getAppVersion,

-    trackBeginSetup: trackBeginSetup,
-    trackFinishedSetup: trackFinishedSetup,
-
    registerWithLoginCredentials: registerWithLoginCredentials,
    registerWithLicense: registerWithLicense,

@@ -22,36 +19,65 @@ exports = module.exports = {
    getAppUpdate: getAppUpdate,
    getBoxUpdate: getBoxUpdate,

-    createTicket: createTicket
+    createTicket: createTicket,
+
+    AppstoreError: AppstoreError
 };

 var apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
    custom = require('./custom.js'),
    debug = require('debug')('box:appstore'),
    domains = require('./domains.js'),
    eventlog = require('./eventlog.js'),
-    groups = require('./groups.js'),
    mail = require('./mail.js'),
    os = require('os'),
    safe = require('safetydance'),
    semver = require('semver'),
    settings = require('./settings.js'),
    superagent = require('superagent'),
-    users = require('./users.js'),
    util = require('util');

-const NOOP_CALLBACK = function (error) { if (error) debug(error); };
+function AppstoreError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(AppstoreError, Error);
+AppstoreError.INTERNAL_ERROR = 'Internal Error';
+AppstoreError.EXTERNAL_ERROR = 'External Error';
+AppstoreError.ALREADY_EXISTS = 'Already Exists';
+AppstoreError.ACCESS_DENIED = 'Access Denied';
+AppstoreError.NOT_FOUND = 'Not Found';
+AppstoreError.PLAN_LIMIT = 'Plan limit reached'; // upstream 402 (subsciption_expired and subscription_required)
+AppstoreError.LICENSE_ERROR = 'License Error'; // upstream 422 (no license, invalid license)
+AppstoreError.INVALID_TOKEN = 'Invalid token'; // upstream 401 (invalid token)
+AppstoreError.NOT_REGISTERED = 'Not registered'; // upstream 412 (no token, not set yet)
+AppstoreError.ALREADY_REGISTERED = 'Already registered';
+
+var NOOP_CALLBACK = function (error) { if (error) debug(error); };

 function getCloudronToken(callback) {
    assert.strictEqual(typeof callback, 'function');

    settings.getCloudronToken(function (error, token) {
-        if (error) return callback(error);
-        if (!token) return callback(new BoxError(BoxError.LICENSE_ERROR, 'Missing token'));
+        if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+        if (!token) return callback(new AppstoreError(AppstoreError.NOT_REGISTERED));

        callback(null, token);
    });
@@ -69,11 +95,11 @@ function login(email, password, totpToken, callback) {
        totpToken: totpToken
    };

-    const url = settings.apiServerOrigin() + '/api/v1/login';
+    const url = config.apiServerOrigin() + '/api/v1/login';
    superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-        if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+        if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.ACCESS_DENIED));
+        if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));

        callback(null, result.body); // { userId, accessToken }
    });
@@ -89,11 +115,11 @@ function registerUser(email, password, callback) {
        password: password,
    };

-    const url = settings.apiServerOrigin() + '/api/v1/register_user';
+    const url = config.apiServerOrigin() + '/api/v1/register_user';
    superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-        if (result.statusCode === 409) return callback(new BoxError(BoxError.ALREADY_EXISTS));
-        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+        if (result.statusCode === 409) return callback(new AppstoreError(AppstoreError.ALREADY_EXISTS));
+        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));

        callback(null);
    });
@@ -105,13 +131,13 @@ function getSubscription(callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        const url = settings.apiServerOrigin() + '/api/v1/subscription';
+        const url = config.apiServerOrigin() + '/api/v1/subscription';
        superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR));
-            if (result.statusCode === 502) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR));
+            if (result.statusCode === 502) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
+            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));

            callback(null, result.body); // { email, subscription }
        });
@@ -132,16 +158,16 @@ function purchaseApp(data, callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps`;
+        const url = `${config.apiServerOrigin()}/api/v1/cloudronapps`;

        superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND)); // appstoreId does not exist
-            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 402) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND)); // appstoreId does not exist
+            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.PLAN_LIMIT, result.body.message));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
            // 200 if already purchased, 201 is newly purchased
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));

            callback(null);
        });
@@ -157,19 +183,19 @@ function unpurchaseApp(appId, data, callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps/${appId}`;
+        const url = `${config.apiServerOrigin()}/api/v1/cloudronapps/${appId}`;

        superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
            if (result.statusCode === 404) return callback(null);   // was never purchased
-            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));

            superagent.del(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
-                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
+                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+                if (result.statusCode !== 204) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));

                callback(null);
            });
@@ -180,50 +206,36 @@ function unpurchaseApp(appId, data, callback) {
 function sendAliveStatus(callback) {
    callback = callback || NOOP_CALLBACK;

-    let allSettings, allDomains, mailDomains, loginEvents, userCount, groupCount;
+    var allSettings, allDomains, mailDomains, loginEvents;

    async.series([
        function (callback) {
            settings.getAll(function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
                allSettings = result;
                callback();
            });
        },
        function (callback) {
            domains.getAll(function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
                allDomains = result;
                callback();
            });
        },
        function (callback) {
            mail.getDomains(function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
                mailDomains = result;
                callback();
            });
        },
        function (callback) {
            eventlog.getAllPaged([ eventlog.ACTION_USER_LOGIN ], null, 1, 1, function (error, result) {
-                if (error) return callback(error);
+                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
                loginEvents = result;
                callback();
            });
-        },
-        function (callback) {
-            users.count(function (error, result) {
-                if (error) return callback(error);
-                userCount = result;
-                callback();
-            });
-        },
-        function (callback) {
-            groups.count(function (error, result) {
-                if (error) return callback(error);
-                groupCount = result;
-                callback();
-            });
        }
    ], function (error) {
        if (error) return callback(error);
@@ -243,18 +255,15 @@ function sendAliveStatus(callback) {
                catchAllCount: mailDomains.filter(function (d) { return d.catchAll.length !== 0; }).length,
                relayProviders: Array.from(new Set(mailDomains.map(function (d) { return d.relay.provider; })))
            },
-            userCount: userCount,
-            groupCount: groupCount,
            appAutoupdatePattern: allSettings[settings.APP_AUTOUPDATE_PATTERN_KEY],
            boxAutoupdatePattern: allSettings[settings.BOX_AUTOUPDATE_PATTERN_KEY],
            timeZone: allSettings[settings.TIME_ZONE_KEY],
-            sysinfoProvider: allSettings[settings.SYSINFO_CONFIG_KEY].provider
        };

        var data = {
-            version: constants.VERSION,
-            adminFqdn: settings.adminFqdn(),
-            provider: settings.provider(),
+            version: config.version(),
+            adminFqdn: config.adminFqdn(),
+            provider: config.provider(),
            backendSettings: backendSettings,
            machine: {
                cpus: os.cpus(),
@@ -268,13 +277,13 @@ function sendAliveStatus(callback) {
        getCloudronToken(function (error, token) {
            if (error) return callback(error);

-            const url = `${settings.apiServerOrigin()}/api/v1/alive`;
+            const url = `${config.apiServerOrigin()}/api/v1/alive`;
            superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
-                if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
+                if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
+                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));

                callback(null);
            });
@@ -288,28 +297,28 @@ function getBoxUpdate(callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        const url = `${settings.apiServerOrigin()}/api/v1/boxupdate`;
+        const url = `${config.apiServerOrigin()}/api/v1/boxupdate`;

-        superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+        superagent.get(url).query({ accessToken: token, boxVersion: config.version() }).timeout(10 * 1000).end(function (error, result) {
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
            if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));

            var updateInfo = result.body;

-            if (!semver.valid(updateInfo.version) || semver.gt(constants.VERSION, updateInfo.version)) {
-                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
+            if (!semver.valid(updateInfo.version) || semver.gt(config.version(), updateInfo.version)) {
+                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
            }

            // updateInfo: { version, changelog, sourceTarballUrl, sourceTarballSigUrl, boxVersionsUrl, boxVersionsSigUrl }
-            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));

            callback(null, updateInfo);
        });
@@ -323,14 +332,14 @@ function getAppUpdate(app, callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        const url = `${settings.apiServerOrigin()}/api/v1/appupdate`;
+        const url = `${config.apiServerOrigin()}/api/v1/appupdate`;

-        superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, appId: app.appStoreId, appVersion: app.manifest.version }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
-            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+        superagent.get(url).query({ accessToken: token, boxVersion: config.version(), appId: app.appStoreId, appVersion: app.manifest.version }).timeout(10 * 1000).end(function (error, result) {
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
+            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
            if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));

            const updateInfo = result.body;

@@ -340,7 +349,7 @@ function getAppUpdate(app, callback) {
            // do some sanity checks
            if (!safe.query(updateInfo, 'manifest.version') || semver.gt(curAppVersion, safe.query(updateInfo, 'manifest.version'))) {
                debug('Skipping malformed update of app %s version: %s. got %j', app.id, curAppVersion, updateInfo);
-                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
+                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
            }

            // { id, creationDate, manifest }
@@ -353,23 +362,23 @@ function registerCloudron(data, callback) {
    assert.strictEqual(typeof data, 'object');
    assert.strictEqual(typeof callback, 'function');

-    const url = `${settings.apiServerOrigin()}/api/v1/register_cloudron`;
+    const url = `${config.apiServerOrigin()}/api/v1/register_cloudron`;

    superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));
+        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));

        // cloudronId, token, licenseKey
-        if (!result.body.cloudronId) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
-        if (!result.body.cloudronToken) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no token'));
-        if (!result.body.licenseKey) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no license'));
+        if (!result.body.cloudronId) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
+        if (!result.body.cloudronToken) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no token'));
+        if (!result.body.licenseKey) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no license'));

        async.series([
            settings.setCloudronId.bind(null, result.body.cloudronId),
            settings.setCloudronToken.bind(null, result.body.cloudronToken),
            settings.setLicenseKey.bind(null, result.body.licenseKey),
        ], function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));

            debug(`registerCloudron: Cloudron registered with id ${result.body.cloudronId}`);

@@ -378,47 +387,15 @@ function registerCloudron(data, callback) {
    });
 }

-// This works without a Cloudron token as this Cloudron was not yet registered
-let gBeginSetupAlreadyTracked = false;
-function trackBeginSetup(provider) {
-    assert.strictEqual(typeof provider, 'string');
-
-    // avoid browser reload double tracking, not perfect since box might restart, but covers most cases and is simple
-    if (gBeginSetupAlreadyTracked) return;
-    gBeginSetupAlreadyTracked = true;
-
-    const url = `${settings.apiServerOrigin()}/api/v1/helper/setup_begin`;
-
-    superagent.post(url).send({ provider }).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return console.error(error.message);
-        if (result.statusCode !== 200) return console.error(error.message);
-    });
-}
-
-// This works without a Cloudron token as this Cloudron was not yet registered
-function trackFinishedSetup(domain) {
-    assert.strictEqual(typeof domain, 'string');
-
-    const url = `${settings.apiServerOrigin()}/api/v1/helper/setup_finished`;
-
-    superagent.post(url).send({ domain }).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return console.error(error.message);
-        if (result.statusCode !== 200) return console.error(error.message);
-    });
-}
-
 function registerWithLicense(license, domain, callback) {
    assert.strictEqual(typeof license, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

    getCloudronToken(function (error, token) {
-        if (token) return callback(new BoxError(BoxError.CONFLICT));
+        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));

-        const provider = settings.provider();
-        const version = constants.VERSION;
-
-        registerCloudron({ license, domain, provider, version }, callback);
+        registerCloudron({ license, domain }, callback);
    });
 }

@@ -433,7 +410,7 @@ function registerWithLoginCredentials(options, callback) {
    }

    getCloudronToken(function (error, token) {
-        if (token) return callback(new BoxError(BoxError.CONFLICT));
+        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));

        maybeSignup(function (error) {
            if (error) return callback(error);
@@ -441,20 +418,19 @@ function registerWithLoginCredentials(options, callback) {
            login(options.email, options.password, options.totpToken || '', function (error, result) {
                if (error) return callback(error);

-                registerCloudron({ domain: settings.adminDomain(), accessToken: result.accessToken, provider: settings.provider(), version: constants.VERSION }, callback);
+                registerCloudron({ domain: config.adminDomain(), accessToken: result.accessToken }, callback);
            });
        });
    });
 }

-function createTicket(info, auditSource, callback) {
+function createTicket(info, callback) {
    assert.strictEqual(typeof info, 'object');
    assert.strictEqual(typeof info.email, 'string');
    assert.strictEqual(typeof info.displayName, 'string');
    assert.strictEqual(typeof info.type, 'string');
    assert.strictEqual(typeof info.subject, 'string');
    assert.strictEqual(typeof info.description, 'string');
-    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof callback, 'function');

    function collectAppInfoIfNeeded(callback) {
@@ -469,17 +445,15 @@ function createTicket(info, auditSource, callback) {
            if (error) console.error('Unable to get app info', error);
            if (result) info.app = result;

-            let url = settings.apiServerOrigin() + '/api/v1/ticket';
+            let url = config.apiServerOrigin() + '/api/v1/ticket';

            info.supportEmail = custom.spec().support.email; // destination address for tickets

            superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
-
-                eventlog.add(eventlog.ACTION_SUPPORT_TICKET, auditSource, info);
+                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));

                callback(null);
            });
@@ -494,15 +468,14 @@ function getApps(callback) {
        if (error) return callback(error);

        settings.getUnstableAppsConfig(function (error, unstable) {
-            if (error) return callback(error);
-
-            const url = `${settings.apiServerOrigin()}/api/v1/apps`;
-            superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, unstable: unstable }).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
-                if (!result.body.apps) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+            const url = `${config.apiServerOrigin()}/api/v1/apps`;
+            superagent.get(url).query({ accessToken: token, boxVersion: config.version(), unstable: unstable }).timeout(10 * 1000).end(function (error, result) {
+                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
+                if (!result.body.apps) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));

                callback(null, result.body.apps);
            });
@@ -518,15 +491,15 @@ function getAppVersion(appId, version, callback) {
    getCloudronToken(function (error, token) {
        if (error) return callback(error);

-        let url = `${settings.apiServerOrigin()}/api/v1/apps/${appId}`;
+        let url = `${config.apiServerOrigin()}/api/v1/apps/${appId}`;
        if (version !== 'latest') url += `/versions/${version}`;

        superagent.get(url).query({ accessToken: token }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
+            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
+            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));

            callback(null, result.body);
        });
@@ -1,87 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    scheduleTask: scheduleTask
-};
-
-let assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    debug = require('debug')('box:apptaskmanager'),
-    fs = require('fs'),
-    locker = require('./locker.js'),
-    safe = require('safetydance'),
-    path = require('path'),
-    paths = require('./paths.js'),
-    tasks = require('./tasks.js');
-
-let gActiveTasks = { }; // indexed by app id
-let gPendingTasks = [ ];
-let gInitialized = false;
-
-const TASK_CONCURRENCY = 3;
-const NOOP_CALLBACK = function (error) { if (error) debug(error); };
-
-function waitText(lockOperation) {
-    if (lockOperation === locker.OP_BOX_UPDATE) return 'Waiting for Cloudron to finish updating. See the Settings view';
-    if (lockOperation === locker.OP_PLATFORM_START) return 'Waiting for Cloudron to initialize';
-    if (lockOperation === locker.OP_FULL_BACKUP) return 'Wait for Cloudron to finish backup. See the Backups view';
-
-    return ''; // cannot happen
-}
-
-function initializeSync() {
-    gInitialized = true;
-    locker.on('unlocked', startNextTask);
-}
-
-// callback is called when task is finished
-function scheduleTask(appId, taskId, callback) {
-    assert.strictEqual(typeof appId, 'string');
-    assert.strictEqual(typeof taskId, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    if (!gInitialized) initializeSync();
-
-    if (appId in gActiveTasks) {
-        return callback(new BoxError(BoxError.CONFLICT, `Task for %s is already active: ${appId}`));
-    }
-
-    if (Object.keys(gActiveTasks).length >= TASK_CONCURRENCY) {
-        debug(`Reached concurrency limit, queueing task id ${taskId}`);
-        tasks.update(taskId, { percent: 1, message: 'Waiting for other app tasks to complete' }, NOOP_CALLBACK);
-        gPendingTasks.push({ appId, taskId, callback });
-        return;
-    }
-
-    var lockError = locker.recursiveLock(locker.OP_APPTASK);
-
-    if (lockError) {
-        debug(`Could not get lock. ${lockError.message}, queueing task id ${taskId}`);
-        tasks.update(taskId, { percent: 1, message: waitText(lockError.operation) }, NOOP_CALLBACK);
-        gPendingTasks.push({ appId, taskId, callback });
-        return;
-    }
-
-    gActiveTasks[appId] = {};
-
-    const logFile = path.join(paths.LOG_DIR, appId, 'apptask.log');
-
-    if (!fs.existsSync(path.dirname(logFile))) safe.fs.mkdirSync(path.dirname(logFile)); // ensure directory
-
-    tasks.startTask(taskId, { logFile, timeout: 20 * 60 * 60 * 1000 /* 20 hours */ }, function (error, result) {
-        callback(error, result);
-
-        delete gActiveTasks[appId];
-        locker.unlock(locker.OP_APPTASK); // unlock event will trigger next task
-    });
-}
-
-function startNextTask() {
-    if (gPendingTasks.length === 0) return;
-
-    assert(Object.keys(gActiveTasks).length < TASK_CONCURRENCY);
-
-    const t = gPendingTasks.shift();
-    scheduleTask(t.appId, t.taskId, t.callback);
-}
-
@@ -3,9 +3,9 @@
 exports = module.exports = {
    CRON:  { userId: null, username: 'cron' },
    HEALTH_MONITOR: { userId: null, username: 'healthmonitor' },
+    SYSADMIN: { userId: null, username: 'sysadmin' },
+    TASK_MANAGER: { userId: null, username: 'taskmanager' },
    APP_TASK: { userId: null, username: 'apptask' },
-    EXTERNAL_LDAP_TASK: { userId: null, username: 'externalldap' },
-    EXTERNAL_LDAP_AUTO_CREATE: { userId: null, username: 'externalldap' },

    fromRequest: fromRequest
 };
@@ -12,8 +12,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    database = require('./database.js');
+    database = require('./database.js'),
+    DatabaseError = require('./databaseerror');

 var AUTHCODES_FIELDS = [ 'authCode', 'userId', 'clientId', 'expiresAt' ].join(',');

@@ -22,8 +22,8 @@ function get(authCode, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + AUTHCODES_FIELDS + ' FROM authcodes WHERE authCode = ? AND expiresAt > ?', [ authCode, Date.now() ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, result[0]);
    });
@@ -37,12 +37,12 @@ function add(authCode, clientId, userId, expiresAt, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO authcodes (authCode, clientId, userId, expiresAt) VALUES (?, ?, ?, ?)',
-        [ authCode, clientId, userId, expiresAt ], function (error, result) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
-            if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            [ authCode, clientId, userId, expiresAt ], function (error, result) {
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
+        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

-            callback(null);
-        });
+        callback(null);
+    });
 }

 function del(authCode, callback) {
@@ -50,8 +50,8 @@ function del(authCode, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM authcodes WHERE authCode = ?', [ authCode ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -61,7 +61,7 @@ function delExpired(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM authcodes WHERE expiresAt <= ?', [ Date.now() ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        return callback(null, result.affectedRows);
    });
 }
@@ -70,7 +70,7 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM authcodes', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -1,8 +1,8 @@
 'use strict';

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js'),
    safe = require('safetydance'),
    util = require('util');

@@ -47,7 +47,7 @@ function getByTypeAndStatePaged(type, state, page, perPage, callback) {

    database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? ORDER BY creationTime DESC LIMIT ?,?',
        [ type, state, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -63,7 +63,7 @@ function getByTypePaged(type, page, perPage, callback) {

    database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? ORDER BY creationTime DESC LIMIT ?,?',
        [ type, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -80,7 +80,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
    // box versions (0.93.x and below) used to use appbackup_ prefix
    database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? AND id LIKE ? ORDER BY creationTime DESC LIMIT ?,?',
        [ exports.BACKUP_TYPE_APP, exports.BACKUP_STATE_NORMAL, '%app%\\_' + appId + '\\_%', (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -94,8 +94,8 @@ function get(id, callback) {

    database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE id = ? ORDER BY creationTime DESC',
        [ id ], function (error, result) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

            postProcess(result[0]);

@@ -119,8 +119,8 @@ function add(id, data, callback) {
    database.query('INSERT INTO backups (id, version, type, creationTime, state, dependsOn, manifestJson, format) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
        [ id, data.version, data.type, creationTime, exports.BACKUP_STATE_NORMAL, data.dependsOn.join(','), manifestJson, data.format ],
        function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -139,8 +139,8 @@ function update(id, backup, callback) {
    values.push(id);

    database.query('UPDATE backups SET ' + fields.join(', ') + ' WHERE id = ?', values, function (error) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -150,7 +150,7 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('TRUNCATE TABLE backups', [], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        callback(null);
    });
 }
@@ -160,7 +160,7 @@ function del(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM backups WHERE id=?', [ id ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        callback(null);
    });
 }
@@ -1,8 +1,9 @@
 'use strict';

 exports = module.exports = {
+    BackupsError: BackupsError,
+
    testConfig: testConfig,
-    testProviderConfig: testProviderConfig,

    getByStatePaged: getByStatePaged,
    getByAppIdPaged: getByAppIdPaged,
@@ -15,7 +16,7 @@ exports = module.exports = {
    restore: restore,

    backupApp: backupApp,
-    downloadApp: downloadApp,
+    restoreApp: restoreApp,

    backupBoxAndApps: backupBoxAndApps,

@@ -39,17 +40,18 @@ exports = module.exports = {
 };

 var addons = require('./addons.js'),
+    appdb = require('./appdb.js'),
    apps = require('./apps.js'),
+    AppsError = require('./apps.js').AppsError,
    async = require('async'),
    assert = require('assert'),
    backupdb = require('./backupdb.js'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
    crypto = require('crypto'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js'),
    DataLayout = require('./datalayout.js'),
    debug = require('debug')('box:backups'),
-    df = require('@sindresorhus/df'),
    eventlog = require('./eventlog.js'),
    fs = require('fs'),
    locker = require('./locker.js'),
@@ -58,7 +60,6 @@ var addons = require('./addons.js'),
    path = require('path'),
    paths = require('./paths.js'),
    progressStream = require('progress-stream'),
-    prettyBytes = require('pretty-bytes'),
    safe = require('safetydance'),
    shell = require('./shell.js'),
    settings = require('./settings.js'),
@@ -76,6 +77,31 @@ function debugApp(app) {
    debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }

+function BackupsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(BackupsError, Error);
+BackupsError.EXTERNAL_ERROR = 'external error';
+BackupsError.INTERNAL_ERROR = 'internal error';
+BackupsError.BAD_STATE = 'bad state';
+BackupsError.BAD_FIELD = 'bad field';
+BackupsError.NOT_FOUND = 'not found';
+
 // choose which storage backend we use for test purpose we use s3
 function api(provider) {
    switch (provider) {
@@ -86,7 +112,6 @@ function api(provider) {
    case 's3-v4-compat': return require('./storage/s3.js');
    case 'digitalocean-spaces': return require('./storage/s3.js');
    case 'exoscale-sos': return require('./storage/s3.js');
-    case 'wasabi': return require('./storage/s3.js');
    case 'scaleway-objectstorage': return require('./storage/s3.js');
    case 'noop': return require('./storage/noop.js');
    default: return null;
@@ -109,23 +134,12 @@ function testConfig(backupConfig, callback) {
    assert.strictEqual(typeof callback, 'function');

    var func = api(backupConfig.provider);
-    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
+    if (!func) return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown storage provider'));

-    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BoxError(BoxError.BAD_FIELD, 'unknown format', { field: 'format' }));
+    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown format'));

    // remember to adjust the cron ensureBackup task interval accordingly
-    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BoxError(BoxError.BAD_FIELD, 'Interval must be atleast 6 hours', { field: 'interval' }));
-
-    api(backupConfig.provider).testConfig(backupConfig, callback);
-}
-
-
-function testProviderConfig(backupConfig, callback) {
-    assert.strictEqual(typeof backupConfig, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    var func = api(backupConfig.provider);
-    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
+    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Interval must be atleast 6 hours'));

    api(backupConfig.provider).testConfig(backupConfig, callback);
 }
@@ -137,7 +151,7 @@ function getByStatePaged(state, page, perPage, callback) {
    assert.strictEqual(typeof callback, 'function');

    backupdb.getByTypeAndStatePaged(backupdb.BACKUP_TYPE_BOX, state, page, perPage, function (error, results) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -150,7 +164,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
    assert.strictEqual(typeof callback, 'function');

    backupdb.getByAppIdPaged(page, perPage, appId, function (error, results) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -161,7 +175,8 @@ function get(backupId, callback) {
    assert.strictEqual(typeof callback, 'function');

    backupdb.get(backupId, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND));
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -229,14 +244,14 @@ function createReadStream(sourceFile, key) {

    stream.on('error', function (error) {
        debug('createReadStream: read stream error.', error);
-        ps.emit('error', new BoxError(BoxError.FS_ERROR, error.message));
+        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    if (key !== null) {
        var encrypt = crypto.createCipher('aes-256-cbc', key);
        encrypt.on('error', function (error) {
            debug('createReadStream: encrypt stream error.', error);
-            ps.emit('error', new BoxError(BoxError.CRYPTO_ERROR, error.message));
+            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
        });
        return stream.pipe(encrypt).pipe(ps);
    } else {
@@ -249,25 +264,17 @@ function createWriteStream(destFile, key) {
    assert(key === null || typeof key === 'string');

    var stream = fs.createWriteStream(destFile);
-    var ps = progressStream({ time: 10000 }); // display a progress every 10 seconds
-
-    stream.on('error', function (error) {
-        debug('createWriteStream: write stream error.', error);
-        ps.emit('error', new BoxError(BoxError.FS_ERROR, error.message));
-    });

    if (key !== null) {
        var decrypt = crypto.createDecipher('aes-256-cbc', key);
        decrypt.on('error', function (error) {
            debug('createWriteStream: decrypt stream error.', error);
-            ps.emit('error', new BoxError(BoxError.CRYPTO_ERROR, error.message));
        });
-        ps.pipe(decrypt).pipe(stream);
+        decrypt.pipe(stream);
+        return decrypt;
    } else {
-        ps.pipe(stream);
+        return stream;
    }
-
-    return ps;
 }

 function tarPack(dataLayout, key, callback) {
@@ -284,9 +291,6 @@ function tarPack(dataLayout, key, callback) {
        },
        map: function(header) {
            header.name = dataLayout.toRemotePath(header.name);
-            // the tar pax format allows us to encode filenames > 100 and size > 8GB (see #640)
-            // https://www.systutorials.com/docs/linux/man/5-star/
-            if (header.size > 8589934590 || header.name > 99) header.pax = { size: header.size };
            return header;
        },
        strict: false // do not error for unknown types (skip fifo, char/block devices)
@@ -297,19 +301,19 @@ function tarPack(dataLayout, key, callback) {

    pack.on('error', function (error) {
        debug('tarPack: tar stream error.', error);
-        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    gzip.on('error', function (error) {
        debug('tarPack: gzip stream error.', error);
-        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    if (key !== null) {
        var encrypt = crypto.createCipher('aes-256-cbc', key);
        encrypt.on('error', function (error) {
            debug('tarPack: encrypt stream error.', error);
-            ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
        });
        pack.pipe(gzip).pipe(encrypt).pipe(ps);
    } else {
@@ -358,7 +362,7 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
                    debug(`read stream error for ${task.path}: ${error.message}`);
                    retryCallback();
                }); // ignore error if file disappears
-                stream.on('progress', function (progress) {
+                stream.on('progress', function(progress) {
                    const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
                    if (!transferred && !speed) return progressCallback({ message: `Uploading ${task.path}` }); // 0M@0Mbps looks wrong
                    progressCallback({ message: `Uploading ${task.path}: ${transferred}M@${speed}Mbps` }); // 0M@0Mbps looks wrong
@@ -370,7 +374,7 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
            }
        }, iteratorCallback);
    }, concurrency, function (error) {
-        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

        callback();
    });
@@ -404,34 +408,6 @@ function saveFsMetadata(dataLayout, metadataFile, callback) {
    callback();
 }

-// the du call in the function below requires root
-function checkFreeDiskSpace(backupConfig, dataLayout, callback) {
-    assert.strictEqual(typeof backupConfig, 'object');
-    assert(dataLayout instanceof DataLayout, 'dataLayout must be a DataLayout');
-    assert.strictEqual(typeof callback, 'function');
-
-    if (backupConfig.provider !== 'filesystem') return callback();
-
-    let used = 0;
-    for (let localPath of dataLayout.localPaths()) {
-        debug(`checkFreeDiskSpace: getting disk usage of ${localPath}`);
-        let result = safe.child_process.execSync(`du -Dsb ${localPath}`, { encoding: 'utf8' });
-        if (!result) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
-        used += parseInt(result, 10);
-    }
-
-    debug(`checkFreeDiskSpace: ${used} bytes`);
-
-    df.file(backupConfig.backupFolder).then(function (diskUsage) {
-        const needed = used + (1024 * 1024 * 1024); // check if there is atleast 1GB left afterwards
-        if (diskUsage.available <= needed) return callback(new BoxError(BoxError.FS_ERROR, `Not enough disk space for backup. Needed: ${prettyBytes(needed)} Available: ${prettyBytes(diskUsage.available)}`));
-
-        callback(null);
-    }).catch(function (error) {
-        callback(new BoxError(BoxError.FS_ERROR, error));
-    });
-}
-
 // this function is called via backupupload (since it needs root to traverse app's directory)
 function upload(backupId, format, dataLayoutString, progressCallback, callback) {
    assert.strictEqual(typeof backupId, 'string');
@@ -445,35 +421,31 @@ function upload(backupId, format, dataLayoutString, progressCallback, callback)
    const dataLayout = DataLayout.fromString(dataLayoutString);

    settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-        checkFreeDiskSpace(backupConfig, dataLayout, function (error) {
-            if (error) return callback(error);
+        if (format === 'tgz') {
+            async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
+                retryCallback = once(retryCallback); // protect again upload() erroring much later after tar stream error

-            if (format === 'tgz') {
-                async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
-                    retryCallback = once(retryCallback); // protect again upload() erroring much later after tar stream error
+                tarPack(dataLayout, backupConfig.key || null, function (error, tarStream) {
+                    if (error) return retryCallback(error);

-                    tarPack(dataLayout, backupConfig.key || null, function (error, tarStream) {
-                        if (error) return retryCallback(error);
-
-                        tarStream.on('progress', function (progress) {
-                            const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
-                            if (!transferred && !speed) return progressCallback({ message: 'Uploading backup' }); // 0M@0Mbps looks wrong
-                            progressCallback({ message: `Uploading backup ${transferred}M@${speed}Mbps` });
-                        });
-                        tarStream.on('error', retryCallback); // already returns BoxError
-
-                        api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, retryCallback);
+                    tarStream.on('progress', function(progress) {
+                        const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
+                        if (!transferred && !speed) return progressCallback({ message: 'Uploading backup' }); // 0M@0Mbps looks wrong
+                        progressCallback({ message: `Uploading backup ${transferred}M@${speed}Mbps` });
                    });
-                }, callback);
-            } else {
-                async.series([
-                    saveFsMetadata.bind(null, dataLayout, `${dataLayout.localRoot()}/fsmetadata.json`),
-                    sync.bind(null, backupConfig, backupId, dataLayout, progressCallback)
-                ], callback);
-            }
-        });
+                    tarStream.on('error', retryCallback); // already returns BackupsError
+
+                    api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, retryCallback);
+                });
+            }, callback);
+        } else {
+            async.series([
+                saveFsMetadata.bind(null, dataLayout, `${dataLayout.localRoot()}/fsmetadata.json`),
+                sync.bind(null, backupConfig, backupId, dataLayout, progressCallback)
+            ], callback);
+        }
    });
 }

@@ -496,17 +468,17 @@ function tarExtract(inStream, dataLayout, key, callback) {

    inStream.on('error', function (error) {
        debug('tarExtract: input stream error.', error);
-        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    gunzip.on('error', function (error) {
        debug('tarExtract: gunzip stream error.', error);
-        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    extract.on('error', function (error) {
        debug('tarExtract: extract stream error.', error);
-        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
    });

    extract.on('finish', function () {
@@ -519,7 +491,7 @@ function tarExtract(inStream, dataLayout, key, callback) {
        var decrypt = crypto.createDecipher('aes-256-cbc', key);
        decrypt.on('error', function (error) {
            debug('tarExtract: decrypt stream error.', error);
-            emitError(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
+            emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
        });
        inStream.pipe(ps).pipe(decrypt).pipe(gunzip).pipe(extract);
    } else {
@@ -537,19 +509,19 @@ function restoreFsMetadata(dataLayout, metadataFile, callback) {
    debug(`Recreating empty directories in ${dataLayout.toString()}`);

    var metadataJson = safe.fs.readFileSync(metadataFile, 'utf8');
-    if (metadataJson === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
+    if (metadataJson === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
    var metadata = safe.JSON.parse(metadataJson);
-    if (metadata === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));
+    if (metadata === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));

    async.eachSeries(metadata.emptyDirs, function createPath(emptyDir, iteratorDone) {
        mkdirp(dataLayout.toLocalPath(emptyDir), iteratorDone);
    }, function (error) {
-        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
+        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));

        async.eachSeries(metadata.execFiles, function createPath(execFile, iteratorDone) {
            fs.chmod(dataLayout.toLocalPath(execFile), parseInt('0755', 8), iteratorDone);
        }, function (error) {
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
+            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));

            callback();
        });
@@ -565,30 +537,24 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback,

    debug(`downloadDir: ${backupFilePath} to ${dataLayout.toString()}`);

-    function downloadFile(entry, done) {
+    function downloadFile(entry, callback) {
        let relativePath = path.relative(backupFilePath, entry.fullPath);
        if (backupConfig.key) {
            relativePath = decryptFilePath(relativePath, backupConfig.key);
-            if (!relativePath) return done(new BoxError(BoxError.BAD_STATE, 'Unable to decrypt file'));
+            if (!relativePath) return callback(new BackupsError(BackupsError.BAD_STATE, 'Unable to decrypt file'));
        }
        const destFilePath = dataLayout.toLocalPath('./' + relativePath);

        mkdirp(path.dirname(destFilePath), function (error) {
-            if (error) return done(new BoxError(BoxError.FS_ERROR, error.message));
+            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

            async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
                let destStream = createWriteStream(destFilePath, backupConfig.key || null);

-                destStream.on('progress', function (progress) {
-                    const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
-                    if (!transferred && !speed) return progressCallback({ message: `Downloading ${entry.fullPath}` }); // 0M@0Mbps looks wrong
-                    progressCallback({ message: `Downloading ${entry.fullPath}: ${transferred}M@${speed}Mbps` });
-                });
-
                // protect against multiple errors. must destroy the write stream so that a previous retry does not write
                let closeAndRetry = once((error) => {
-                    if (error) progressCallback({ message: `Download ${entry.fullPath} to ${destFilePath} errored: ${error.message}` });
-                    else progressCallback({ message: `Download ${entry.fullPath} to ${destFilePath} finished` });
+                    if (error) progressCallback({ message: `Download ${entry.fullPath} errored: ${error.message}` });
+                    else progressCallback({ message: `Download ${entry.fullPath} finished` });
                    destStream.destroy();
                    retryCallback(error);
                });
@@ -597,21 +563,21 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback,
                    if (error) return closeAndRetry(error);

                    sourceStream.on('error', closeAndRetry);
-                    destStream.on('error', closeAndRetry); // already emits BoxError
+                    destStream.on('error', closeAndRetry);

                    progressCallback({ message: `Downloading ${entry.fullPath} to ${destFilePath}` });

                    sourceStream.pipe(destStream, { end: true }).on('finish', closeAndRetry);
                });
-            }, done);
+            }, callback);
        });
    }

-    api(backupConfig.provider).listDir(backupConfig, backupFilePath, 1000, function (entries, iteratorDone) {
+    api(backupConfig.provider).listDir(backupConfig, backupFilePath, 1000, function (entries, done) {
        // https://www.digitalocean.com/community/questions/rate-limiting-on-spaces?answer=40441
        const concurrency = backupConfig.downloadConcurrency || (backupConfig.provider === 's3' ? 30 : 10);

-        async.eachLimit(entries, concurrency, downloadFile, iteratorDone);
+        async.eachLimit(entries, concurrency, downloadFile, done);
    }, callback);
 }

@@ -623,7 +589,7 @@ function download(backupConfig, backupId, format, dataLayout, progressCallback,
    assert.strictEqual(typeof progressCallback, 'function');
    assert.strictEqual(typeof callback, 'function');

-    debug(`download: Downloading ${backupId} of format ${format} to ${dataLayout.toString()}`);
+    debug(`download - Downloading ${backupId} of format ${format} to ${dataLayout.toString()}`);

    const backupFilePath = getBackupFilePath(backupConfig, backupId, format);

@@ -637,7 +603,7 @@ function download(backupConfig, backupId, format, dataLayout, progressCallback,

                    ps.on('progress', function (progress) {
                        const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
-                        if (!transferred && !speed) return progressCallback({ message: 'Downloading backup' }); // 0M@0Mbps looks wrong
+                        if (!transferred && !speed) return progressCallback({ message: 'Downloading' }); // 0M@0Mbps looks wrong
                        progressCallback({ message: `Downloading ${transferred}M@${speed}Mbps` });
                    });
                    ps.on('error', retryCallback);
@@ -668,17 +634,18 @@ function restore(backupConfig, backupId, progressCallback, callback) {
        debug('restore: download completed, importing database');

        database.importFromFile(`${dataLayout.localRoot()}/box.mysqldump`, function (error) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

            debug('restore: database imported');

-            settings.initCache(callback);
+            callback();
        });
    });
 }

-function downloadApp(app, restoreConfig, progressCallback, callback) {
+function restoreApp(app, addonsToRestore, restoreConfig, progressCallback, callback) {
    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof addonsToRestore, 'object');
    assert.strictEqual(typeof restoreConfig, 'object');
    assert.strictEqual(typeof progressCallback, 'function');
    assert.strictEqual(typeof callback, 'function');
@@ -687,45 +654,43 @@ function downloadApp(app, restoreConfig, progressCallback, callback) {
    if (!appDataDir) return callback(safe.error);
    const dataLayout = new DataLayout(appDataDir, app.dataDir ? [{ localDir: app.dataDir, remoteDir: 'data' }] : []);

-    const startTime = new Date();
-    const getBackupConfigFunc = restoreConfig.backupConfig ? (next) => next(null, restoreConfig.backupConfig) : settings.getBackupConfig;
+    var startTime = new Date();

-    getBackupConfigFunc(function (error, backupConfig) {
-        if (error) return callback(error);
+    settings.getBackupConfig(function (error, backupConfig) {
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

-        download(backupConfig, restoreConfig.backupId, restoreConfig.backupFormat, dataLayout, progressCallback, function (error) {
-            debug('downloadApp: time: %s', (new Date() - startTime)/1000);
+        async.series([
+            download.bind(null, backupConfig, restoreConfig.backupId, restoreConfig.backupFormat, dataLayout, progressCallback),
+            addons.restoreAddons.bind(null, app, addonsToRestore)
+        ], function (error) {
+            debug('restoreApp: time: %s', (new Date() - startTime)/1000);

            callback(error);
        });
    });
 }

-function runBackupUpload(uploadConfig, progressCallback, callback) {
-    assert.strictEqual(typeof uploadConfig, 'object');
+function runBackupUpload(backupId, format, dataLayout, progressCallback, callback) {
+    assert.strictEqual(typeof backupId, 'string');
+    assert.strictEqual(typeof format, 'string');
+    assert(dataLayout instanceof DataLayout, 'dataLayout must be a DataLayout');
    assert.strictEqual(typeof progressCallback, 'function');
    assert.strictEqual(typeof callback, 'function');

-    const { backupId, format, dataLayout, progressTag } = uploadConfig;
-    assert.strictEqual(typeof backupId, 'string');
-    assert.strictEqual(typeof format, 'string');
-    assert.strictEqual(typeof progressTag, 'string');
-    assert(dataLayout instanceof DataLayout, 'dataLayout must be a DataLayout');
-
-    let result = ''; // the script communicates error result as a string
+    let result = '';

    shell.sudo(`backup-${backupId}`, [ BACKUP_UPLOAD_CMD, backupId, format, dataLayout.toString() ], { preserveEnv: true, ipc: true }, function (error) {
        if (error && (error.code === null /* signal */ || (error.code !== 0 && error.code !== 50))) { // backuptask crashed
-            return callback(new BoxError(BoxError.INTERNAL_ERROR, 'Backuptask crashed'));
+            return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Backuptask crashed'));
        } else if (error && error.code === 50) { // exited with error
-            return callback(new BoxError(BoxError.EXTERNAL_ERROR, result));
+            return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, result));
        }

        callback();
-    }).on('message', function (progress) { // script sends either 'message' or 'result' property
-        if (!progress.result) return progressCallback({ message: `${progress.message} (${progressTag})` });
-        debug(`runBackupUpload: result - ${JSON.stringify(progress)}`);
-        result = progress.result;
+    }).on('message', function (message) {
+        if (!message.result) return progressCallback(message);
+        debug(`runBackupUpload: result - ${message}`);
+        result = message.result;
    });
 }

@@ -746,9 +711,7 @@ function setSnapshotInfo(id, info, callback) {
    var contents = safe.fs.readFileSync(paths.SNAPSHOT_INFO_FILE, 'utf8');
    var data = safe.JSON.parse(contents) || { };
    if (info) data[id] = info; else delete data[id];
-    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) {
-        return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
-    }
+    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, safe.error.message));

    callback();
 }
@@ -760,7 +723,7 @@ function snapshotBox(progressCallback, callback) {
    progressCallback({ message: 'Snapshotting box' });

    database.exportToFile(`${paths.BOX_DATA_DIR}/box.mysqldump`, function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        return callback();
    });
@@ -779,14 +742,8 @@ function uploadBoxSnapshot(backupConfig, progressCallback, callback) {
        const boxDataDir = safe.fs.realpathSync(paths.BOX_DATA_DIR);
        if (!boxDataDir) return callback(safe.error);

-        const uploadConfig = {
-            backupId: 'snapshot/box',
-            format: backupConfig.format,
-            dataLayout: new DataLayout(boxDataDir, []),
-            progressTag: 'box'
-        };
-
-        runBackupUpload(uploadConfig, progressCallback, function (error) {
+        const dataLayout = new DataLayout(boxDataDir, []);
+        runBackupUpload('snapshot/box', backupConfig.format, dataLayout, progressCallback, function (error) {
            if (error) return callback(error);

            debug('uploadBoxSnapshot: time: %s secs', (new Date() - startTime)/1000);
@@ -804,24 +761,25 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
    assert.strictEqual(typeof callback, 'function');

    var snapshotInfo = getSnapshotInfo('box');
+    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));

    const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this to filename to make it unique, so it's easy to download them
-    const backupId = util.format('%s/box_%s_v%s', tag, snapshotTime, constants.VERSION);
+    const backupId = util.format('%s/box_%s_v%s', tag, snapshotTime, config.version());
    const format = backupConfig.format;

    debug(`Rotating box backup to id ${backupId}`);

-    backupdb.add(backupId, { version: constants.VERSION, type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, manifest: null, format: format }, function (error) {
-        if (error) return callback(error);
+    backupdb.add(backupId, { version: config.version(), type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, manifest: null, format: format }, function (error) {
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, 'snapshot/box', format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', (message) => progressCallback({ message: `box: ${message}` }));
+        copy.on('progress', (message) => progressCallback({ message }));
        copy.on('done', function (copyBackupError) {
            const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;

            backupdb.update(backupId, { state: state }, function (error) {
                if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(error);
+                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

                debug(`Rotated box backup successfully as id ${backupId}`);

@@ -838,7 +796,7 @@ function backupBoxWithAppBackupIds(appBackupIds, tag, progressCallback, callback
    assert.strictEqual(typeof callback, 'function');

    settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        uploadBoxSnapshot(backupConfig, progressCallback, function (error) {
            if (error) return callback(error);
@@ -851,10 +809,10 @@ function backupBoxWithAppBackupIds(appBackupIds, tag, progressCallback, callback
 function canBackupApp(app) {
    // only backup apps that are installed or pending configure or called from apptask. Rest of them are in some
    // state not good for consistent backup (i.e addons may not have been setup completely)
-    return (app.installationState === apps.ISTATE_INSTALLED && app.health === apps.HEALTH_HEALTHY) ||
-            app.installationState === apps.ISTATE_PENDING_CONFIGURE ||
-            app.installationState === apps.ISTATE_PENDING_BACKUP ||  // called from apptask
-            app.installationState === apps.ISTATE_PENDING_UPDATE; // called from apptask
+    return (app.installationState === appdb.ISTATE_INSTALLED && app.health === appdb.HEALTH_HEALTHY) ||
+            app.installationState === appdb.ISTATE_PENDING_CONFIGURE ||
+            app.installationState === appdb.ISTATE_PENDING_BACKUP ||  // called from apptask
+            app.installationState === appdb.ISTATE_PENDING_UPDATE; // called from apptask
 }

 function snapshotApp(app, progressCallback, callback) {
@@ -864,12 +822,12 @@ function snapshotApp(app, progressCallback, callback) {

    progressCallback({ message: `Snapshotting app ${app.fqdn}` });

-    if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(app))) {
-        return callback(new BoxError(BoxError.FS_ERROR, 'Error creating config.json: ' + safe.error.message));
+    if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(apps.getAppConfig(app)))) {
+        return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error creating config.json: ' + safe.error.message));
    }

    addons.backupAddons(app, app.manifest.addons, function (error) {
-        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));

        return callback(null);
    });
@@ -884,6 +842,7 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
    assert.strictEqual(typeof callback, 'function');

    var snapshotInfo = getSnapshotInfo(app.id);
+    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));

    var manifest = snapshotInfo.restoreConfig ? snapshotInfo.restoreConfig.manifest : snapshotInfo.manifest; // compat
    const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this for unique filename which helps when downloading them
@@ -893,16 +852,16 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
    debug(`Rotating app backup of ${app.id} to id ${backupId}`);

    backupdb.add(backupId, { version: manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ], manifest: manifest, format: format }, function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${app.id}`, format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', (message) => progressCallback({ message: `${message} (${app.fqdn})` }));
+        copy.on('progress', (message) => progressCallback({ message }));
        copy.on('done', function (copyBackupError) {
            const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;

            backupdb.update(backupId, { preserveSecs: options.preserveSecs || 0, state: state }, function (error) {
                if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(error);
+                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

                debug(`Rotated app backup of ${app.id} successfully to id ${backupId}`);

@@ -931,14 +890,7 @@ function uploadAppSnapshot(backupConfig, app, progressCallback, callback) {

        const dataLayout = new DataLayout(appDataDir, app.dataDir ? [{ localDir: app.dataDir, remoteDir: 'data' }] : []);

-        const uploadConfig = {
-            backupId,
-            format: backupConfig.format,
-            dataLayout,
-            progressTag: app.fqdn
-        };
-
-        runBackupUpload(uploadConfig, progressCallback, function (error) {
+        runBackupUpload(backupId, backupConfig.format, dataLayout, progressCallback, function (error) {
            if (error) return callback(error);

            debugApp(app, 'uploadAppSnapshot: %s done time: %s secs', backupId, (new Date() - startTime)/1000);
@@ -958,7 +910,7 @@ function backupAppWithTag(app, tag, options, progressCallback, callback) {
    if (!canBackupApp(app)) return callback(); // nothing to do

    settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        uploadAppSnapshot(backupConfig, app, progressCallback, function (error) {
            if (error) return callback(error);
@@ -989,7 +941,7 @@ function backupBoxAndApps(progressCallback, callback) {
    const tag = (new Date()).toISOString().replace(/[T.]/g, '-').replace(/[:Z]/g,'');

    apps.getAll(function (error, allApps) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        let percent = 1;
        let step = 100/(allApps.length+2);
@@ -1004,7 +956,7 @@ function backupBoxAndApps(progressCallback, callback) {
            }

            backupAppWithTag(app, tag, { /* options */ }, (progress) => progressCallback({ percent: percent, message: progress.message }), function (error, backupId) {
-                if (error && error.reason !== BoxError.BAD_STATE) {
+                if (error && error.reason !== BackupsError.BAD_STATE) {
                    debugApp(app, 'Unable to backup', error);
                    return iteratorCallback(error);
                }
@@ -1028,24 +980,21 @@ function backupBoxAndApps(progressCallback, callback) {

 function startBackupTask(auditSource, callback) {
    let error = locker.lock(locker.OP_FULL_BACKUP);
-    if (error) return callback(new BoxError(BoxError.BAD_STATE, `Cannot backup now: ${error.message}`));
-
-    tasks.add(tasks.TASK_BACKUP, [ ], function (error, taskId) {
-        if (error) return callback(error);
+    if (error) return callback(new BackupsError(BackupsError.BAD_STATE, `Cannot backup now: ${error.message}`));

+    let task = tasks.startTask(tasks.TASK_BACKUP, []);
+    task.on('error', (error) => callback(new BackupsError(BackupsError.INTERNAL_ERROR, error)));
+    task.on('start', (taskId) => {
        eventlog.add(eventlog.ACTION_BACKUP_START, auditSource, { taskId });
-
-        tasks.startTask(taskId, { timeout: 12 * 60 * 60 * 1000 /* 12 hours */ }, function (error, backupId) {
-            locker.unlock(locker.OP_FULL_BACKUP);
-
-            const errorMessage = error ? error.message : '';
-            const timedOut = error ? error.code === tasks.ETIMEOUT : false;
-
-            eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId, errorMessage, timedOut, backupId });
-        });
-
        callback(null, taskId);
    });
+    task.on('finish', (error, result) => {
+        locker.unlock(locker.OP_FULL_BACKUP);
+
+        const errorMessage = error ? error.message : '';
+
+        eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId: task.id, errorMessage: errorMessage, backupId: result });
+    });
 }

 function ensureBackup(auditSource, callback) {
@@ -1117,7 +1066,7 @@ function cleanupAppBackups(backupConfig, referencedAppBackups, callback) {

    // we clean app backups of any state because the ones to keep are determined by the box cleanup code
    backupdb.getByTypePaged(backupdb.BACKUP_TYPE_APP, 1, 1000, function (error, appBackups) {
-        if (error) return callback(error);
+        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));

        async.eachSeries(appBackups, function iterator(appBackup, iteratorDone) {
            if (referencedAppBackups.indexOf(appBackup.id) !== -1) return iteratorDone();
@@ -1205,7 +1154,7 @@ function cleanupSnapshots(backupConfig, callback) {
    delete info.box;
    async.eachSeries(Object.keys(info), function (appId, iteratorDone) {
        apps.get(appId, function (error /*, app */) {
-            if (!error || error.reason !== BoxError.NOT_FOUND) return iteratorDone();
+            if (!error || error.reason !== AppsError.NOT_FOUND) return iteratorDone();

            function done(/* ignoredError */) {
                safe.fs.unlinkSync(path.join(paths.BACKUP_INFO_DIR, `${appId}.sync.cache`));
@@ -1269,21 +1218,19 @@ function cleanup(auditSource, progressCallback, callback) {
 }

 function startCleanupTask(auditSource, callback) {
-
-    tasks.add(tasks.TASK_CLEAN_BACKUPS, [ auditSource ], function (error, taskId) {
-        if (error) return callback(error);
-
-        tasks.startTask(taskId, {}, (error, result) => { // result is { removedBoxBackups, removedAppBackups }
-            eventlog.add(eventlog.ACTION_BACKUP_CLEANUP_FINISH, auditSource, {
-                taskId,
-                errorMessage: error ? error.message : null,
-                removedBoxBackups: result ? result.removedBoxBackups : [],
-                removedAppBackups: result ? result.removedAppBackups : []
-            });
-        });
-
+    let task = tasks.startTask(tasks.TASK_CLEAN_BACKUPS, [ auditSource ]);
+    task.on('error', (error) => callback(new BackupsError(BackupsError.INTERNAL_ERROR, error)));
+    task.on('start', (taskId) => {
+        eventlog.add(eventlog.ACTION_BACKUP_CLEANUP_START, auditSource, { taskId });
        callback(null, taskId);
    });
+    task.on('finish', (error, result) => { // result is { removedBoxBackups, removedAppBackups }
+        eventlog.add(eventlog.ACTION_BACKUP_CLEANUP_FINISH, auditSource, {
+            errorMessage: error ? error.message : null,
+            removedBoxBackups: result ? result.removedBoxBackups : [],
+            removedAppBackups: result ? result.removedAppBackups : []
+        });
+    });
 }

 function checkConfiguration(callback) {
@@ -1,98 +0,0 @@
-/* jslint node:true */
-
-'use strict';
-
-const assert = require('assert'),
-    HttpError = require('connect-lastmile').HttpError,
-    util = require('util'),
-    _ = require('underscore');
-
-exports = module.exports = BoxError;
-
-function BoxError(reason, errorOrMessage, details) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-    assert(typeof details === 'object' || typeof details === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    this.details = details || {};
-
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else { // error object
-        this.message = errorOrMessage.message;
-        this.nestedError = errorOrMessage;
-        _.extend(this.details, errorOrMessage); // copy enumerable properies
-    }
-}
-util.inherits(BoxError, Error);
-BoxError.ACCESS_DENIED = 'Access Denied';
-BoxError.ADDONS_ERROR = 'Addons Error';
-BoxError.ALREADY_EXISTS = 'Already Exists';
-BoxError.BAD_FIELD = 'Bad Field';
-BoxError.BAD_STATE = 'Bad State';
-BoxError.BUSY = 'Busy';
-BoxError.COLLECTD_ERROR = 'Collectd Error';
-BoxError.CONFLICT = 'Conflict';
-BoxError.CRYPTO_ERROR = 'Crypto Error';
-BoxError.DATABASE_ERROR = 'Database Error';
-BoxError.DNS_ERROR = 'DNS Error';
-BoxError.DOCKER_ERROR = 'Docker Error';
-BoxError.EXTERNAL_ERROR = 'External Error'; // use this for external API errors
-BoxError.FS_ERROR = 'FileSystem Error';
-BoxError.INACTIVE = 'Inactive';
-BoxError.INTERNAL_ERROR = 'Internal Error';
-BoxError.INVALID_CREDENTIALS = 'Invalid Credentials';
-BoxError.LICENSE_ERROR = 'License Error';
-BoxError.LOGROTATE_ERROR = 'Logrotate Error';
-BoxError.MAIL_ERROR = 'Mail Error';
-BoxError.NETWORK_ERROR = 'Network Error';
-BoxError.NGINX_ERROR = 'Nginx Error';
-BoxError.NOT_FOUND = 'Not found';
-BoxError.NOT_IMPLEMENTED = 'Not implemented';
-BoxError.NOT_SIGNED = 'Not Signed';
-BoxError.OPENSSL_ERROR = 'OpenSSL Error';
-BoxError.PLAN_LIMIT = 'Plan Limit';
-BoxError.SPAWN_ERROR = 'Spawn Error';
-BoxError.TASK_ERROR = 'Task Error';
-BoxError.TIMEOUT = 'Timeout';
-BoxError.TRY_AGAIN = 'Try Again';
-
-BoxError.prototype.toPlainObject = function () {
-    return _.extend({}, { message: this.message, reason: this.reason }, this.details);
-};
-
-// this is a class method for now in case error is not a BoxError
-BoxError.toHttpError = function (error) {
-    switch (error.reason) {
-    case BoxError.BAD_FIELD:
-        return new HttpError(400, error);
-    case BoxError.LICENSE_ERROR:
-        return new HttpError(402, error);
-    case BoxError.NOT_FOUND:
-        return new HttpError(404, error);
-    case BoxError.ALREADY_EXISTS:
-    case BoxError.BAD_STATE:
-    case BoxError.CONFLICT:
-        return new HttpError(409, error);
-    case BoxError.INVALID_CREDENTIALS:
-        return new HttpError(412, error);
-    case BoxError.EXTERNAL_ERROR:
-    case BoxError.NETWORK_ERROR:
-    case BoxError.FS_ERROR:
-    case BoxError.MAIL_ERROR:
-    case BoxError.DOCKER_ERROR:
-    case BoxError.ADDONS_ERROR:
-        return new HttpError(424, error);
-    case BoxError.DATABASE_ERROR:
-    case BoxError.INTERNAL_ERROR:
-    default:
-        return new HttpError(500, error);
-    }
-};
@@ -2,15 +2,14 @@

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('../boxerror.js'),
    crypto = require('crypto'),
    debug = require('debug')('box:cert/acme2'),
    domains = require('../domains.js'),
    fs = require('fs'),
    path = require('path'),
    paths = require('../paths.js'),
-    request = require('request'),
    safe = require('safetydance'),
+    superagent = require('superagent'),
    util = require('util'),
    _ = require('underscore');

@@ -25,6 +24,31 @@ exports = module.exports = {
    _getChallengeSubdomain: getChallengeSubdomain
 };

+function Acme2Error(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(Acme2Error, Error);
+Acme2Error.INTERNAL_ERROR = 'Internal Error';
+Acme2Error.EXTERNAL_ERROR = 'External Error';
+Acme2Error.ALREADY_EXISTS = 'Already Exists';
+Acme2Error.NOT_COMPLETED = 'Not Completed';
+Acme2Error.FORBIDDEN = 'Forbidden';
+
 // http://jose.readthedocs.org/en/latest/
 // https://www.ietf.org/proceedings/92/slides/slides-92-acme-1.pdf
 // https://community.letsencrypt.org/t/list-of-client-implementations/2103
@@ -41,6 +65,15 @@ function Acme2(options) {
    this.wildcard = !!options.wildcard;
 }

+Acme2.prototype.getNonce = function (callback) {
+    superagent.get(this.directory.newNonce).timeout(30 * 1000).end(function (error, response) {
+        if (error && !error.response) return callback(error);
+        if (response.statusCode !== 204) return callback(new Error('Invalid response code when fetching nonce : ' + response.statusCode));
+
+        return callback(null, response.headers['Replay-Nonce'.toLowerCase()]);
+    });
+};
+
 // urlsafe base64 encoding (jose)
 function urlBase64Encode(string) {
    return string.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
@@ -87,12 +120,8 @@ Acme2.prototype.sendSignedRequest = function (url, payload, callback) {

    var payload64 = b64(payload);

-    request.get(this.directory.newNonce, { json: true, timeout: 30000 }, function (error, response) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error sending signed request: ${error.message}`));
-        if (response.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code when fetching nonce : ' + response.statusCode));
-
-        const nonce = response.headers['Replay-Nonce'.toLowerCase()];
-        if (!nonce) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'No nonce in response'));
+    this.getNonce(function (error, nonce) {
+        if (error) return callback(error);

        debug('sendSignedRequest: using nonce %s for url %s', nonce, url);

@@ -108,23 +137,14 @@ Acme2.prototype.sendSignedRequest = function (url, payload, callback) {
            signature: signature64
        };

-        request.post(url, { headers: { 'Content-Type': 'application/jose+json', 'User-Agent': 'acme-cloudron' }, body: JSON.stringify(data), timeout: 30000 }, function (error, response) {
-            if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error sending signed request: ${error.message}`)); // network error
+        superagent.post(url).set('Content-Type', 'application/jose+json').set('User-Agent', 'acme-cloudron').send(JSON.stringify(data)).timeout(30 * 1000).end(function (error, res) {
+            if (error && !error.response) return callback(error); // network errors

-            // we don't set json: true in request because it ends up mangling the content-type
-            // we don't set json: true in request because it ends up mangling the content-type
-            if (response.headers['content-type'] === 'application/json') response.body = safe.JSON.parse(response.body);
-
-            callback(null, response);
+            callback(null, res);
        });
    });
 };

-// https://tools.ietf.org/html/rfc8555#section-6.3
-Acme2.prototype.postAsGet = function (url, callback) {
-    this.sendSignedRequest(url, '', callback);
-};
-
 Acme2.prototype.updateContact = function (registrationUri, callback) {
    assert.strictEqual(typeof registrationUri, 'string');
    assert.strictEqual(typeof callback, 'function');
@@ -138,8 +158,8 @@ Acme2.prototype.updateContact = function (registrationUri, callback) {

    const that = this;
    this.sendSignedRequest(registrationUri, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(error);
-        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to update contact. Expecting 200, got %s %s', result.statusCode, result.text)));
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when registering user: ' + error.message));
+        if (result.statusCode !== 200) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to update contact. Expecting 200, got %s %s', result.statusCode, result.text)));

        debug(`updateContact: contact of user updated to ${that.email}`);

@@ -158,9 +178,9 @@ Acme2.prototype.registerUser = function (callback) {

    var that = this;
    this.sendSignedRequest(this.directory.newAccount, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when registering new account: ' + error.message));
        // 200 if already exists. 201 for new accounts
-        if (result.statusCode !== 200 && result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to register new account. Expecting 200 or 201, got %s %s', result.statusCode, result.text)));
+        if (result.statusCode !== 200 && result.statusCode !== 201) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to register new account. Expecting 200 or 201, got %s %s', result.statusCode, result.text)));

        debug(`registerUser: user registered keyid: ${result.headers.location}`);

@@ -184,17 +204,17 @@ Acme2.prototype.newOrder = function (domain, callback) {
    debug('newOrder: %s', domain);

    this.sendSignedRequest(this.directory.newOrder, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(error);
-        if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, `Forbidden sending signed request: ${result.body.detail}`));
-        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when registering domain: ' + error.message));
+        if (result.statusCode === 403) return callback(new Acme2Error(Acme2Error.FORBIDDEN, result.body.detail));
+        if (result.statusCode !== 201) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));

        debug('newOrder: created order %s %j', domain, result.body);

        const order = result.body, orderUrl = result.headers.location;

-        if (!Array.isArray(order.authorizations)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'invalid authorizations in order'));
-        if (typeof order.finalize !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'invalid finalize in order'));
-        if (typeof orderUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'invalid order location in order header'));
+        if (!Array.isArray(order.authorizations)) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'invalid authorizations in order'));
+        if (typeof order.finalize !== 'string') return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'invalid finalize in order'));
+        if (typeof orderUrl !== 'string') return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'invalid order location in order header'));

        callback(null, order, orderUrl);
    });
@@ -205,26 +225,25 @@ Acme2.prototype.waitForOrder = function (orderUrl, callback) {
    assert.strictEqual(typeof callback, 'function');

    debug(`waitForOrder: ${orderUrl}`);
-    const that = this;

    async.retry({ times: 15, interval: 20000 }, function (retryCallback) {
        debug('waitForOrder: getting status');

-        that.postAsGet(orderUrl, function (error, result) {
-            if (error) {
+        superagent.get(orderUrl).timeout(30 * 1000).end(function (error, result) {
+            if (error && !error.response) {
                debug('waitForOrder: network error getting uri %s', orderUrl);
-                return retryCallback(error);
+                return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, error.message)); // network error
            }
            if (result.statusCode !== 200) {
                debug('waitForOrder: invalid response code getting uri %s', result.statusCode);
-                return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, 'Bad response code:' + result.statusCode));
+                return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Bad response code:' + result.statusCode));
            }

            debug('waitForOrder: status is "%s %j', result.body.status, result.body);

-            if (result.body.status === 'pending' || result.body.status === 'processing') return retryCallback(new BoxError(BoxError.TRY_AGAIN, `Request is in ${result.body.status} state`));
+            if (result.body.status === 'pending' || result.body.status === 'processing') return retryCallback(new Acme2Error(Acme2Error.NOT_COMPLETED));
            else if (result.body.status === 'valid' && result.body.certificate) return retryCallback(null, result.body.certificate);
-            else return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unexpected status or invalid response: ' + result.body));
+            else return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Unexpected status or invalid response: ' + result.body));
        });
    }, callback);
 };
@@ -258,8 +277,8 @@ Acme2.prototype.notifyChallengeReady = function (challenge, callback) {
    };

    this.sendSignedRequest(challenge.url, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(error);
-        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to notify challenge. Expecting 200, got %s %s', result.statusCode, result.text)));
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when notifying challenge: ' + error.message));
+        if (result.statusCode !== 200) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to notify challenge. Expecting 200, got %s %s', result.statusCode, result.text)));

        callback();
    });
@@ -270,26 +289,25 @@ Acme2.prototype.waitForChallenge = function (challenge, callback) {
    assert.strictEqual(typeof callback, 'function');

    debug('waitingForChallenge: %j', challenge);
-    const that = this;

    async.retry({ times: 15, interval: 20000 }, function (retryCallback) {
        debug('waitingForChallenge: getting status');

-        that.postAsGet(challenge.url, function (error, result) {
-            if (error) {
+        superagent.get(challenge.url).timeout(30 * 1000).end(function (error, result) {
+            if (error && !error.response) {
                debug('waitForChallenge: network error getting uri %s', challenge.url);
-                return retryCallback(error);
+                return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, error.message)); // network error
            }
            if (result.statusCode !== 200) {
                debug('waitForChallenge: invalid response code getting uri %s', result.statusCode);
-                return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, 'Bad response code:' + result.statusCode));
+                return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Bad response code:' + result.statusCode));
            }

            debug('waitForChallenge: status is "%s %j', result.body.status, result.body);

-            if (result.body.status === 'pending') return retryCallback(new BoxError(BoxError.TRY_AGAIN));
+            if (result.body.status === 'pending') return retryCallback(new Acme2Error(Acme2Error.NOT_COMPLETED));
            else if (result.body.status === 'valid') return retryCallback();
-            else return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unexpected status: ' + result.body.status));
+            else return retryCallback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Unexpected status: ' + result.body.status));
        });
    }, function retryFinished(error) {
        // async.retry will pass 'undefined' as second arg making it unusable with async.waterfall()
@@ -311,9 +329,9 @@ Acme2.prototype.signCertificate = function (domain, finalizationUrl, csrDer, cal
    debug('signCertificate: sending sign request');

    this.sendSignedRequest(finalizationUrl, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when signing certificate: ' + error.message));
        // 429 means we reached the cert limit for this domain
-        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to sign certificate. Expecting 200, got %s %s', result.statusCode, result.text)));
+        if (result.statusCode !== 200) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to sign certificate. Expecting 200, got %s %s', result.statusCode, result.text)));

        return callback(null);
    });
@@ -333,15 +351,15 @@ Acme2.prototype.createKeyAndCsr = function (hostname, callback) {
        debug('createKeyAndCsr: reuse the key for renewal at %s', privateKeyFile);
    } else {
        var key = safe.child_process.execSync('openssl genrsa 4096');
-        if (!key) return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
-        if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
+        if (!key) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error));
+        if (!safe.fs.writeFileSync(privateKeyFile, key)) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error));

        debug('createKeyAndCsr: key file saved at %s', privateKeyFile);
    }

    var csrDer = safe.child_process.execSync(`openssl req -new -key ${privateKeyFile} -outform DER -subj /CN=${hostname}`);
-    if (!csrDer) return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
-    if (!safe.fs.writeFileSync(csrFile, csrDer)) return callback(new BoxError(BoxError.FS_ERROR, safe.error)); // bookkeeping
+    if (!csrDer) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error));
+    if (!safe.fs.writeFileSync(csrFile, csrDer)) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error)); // bookkeeping

    debug('createKeyAndCsr: csr file (DER) saved at %s', csrFile);

@@ -354,27 +372,26 @@ Acme2.prototype.downloadCertificate = function (hostname, certUrl, callback) {
    assert.strictEqual(typeof callback, 'function');

    var outdir = paths.APP_CERTS_DIR;
-    const that = this;

-    async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
-        debug('downloadCertificate: downloading certificate');
+    superagent.get(certUrl).buffer().parse(function (res, done) {
+        var data = [ ];
+        res.on('data', function(chunk) { data.push(chunk); });
+        res.on('end', function () { res.text = Buffer.concat(data); done(); });
+    }).timeout(30 * 1000).end(function (error, result) {
+        if (error && !error.response) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'Network error when downloading certificate'));
+        if (result.statusCode === 202) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, 'Retry not implemented yet'));
+        if (result.statusCode !== 200) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, util.format('Failed to get cert. Expecting 200, got %s %s', result.statusCode, result.text)));

-        that.postAsGet(certUrl, function (error, result) {
-            if (error) return retryCallback(new BoxError(BoxError.NETWORK_ERROR, `Network error when downloading certificate: ${error.message}`));
-            if (result.statusCode === 202) return retryCallback(new BoxError(BoxError.TRY_AGAIN, 'Retry downloading certificate'));
-            if (result.statusCode !== 200) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to get cert. Expecting 200, got %s %s', result.statusCode, result.text)));
+        const fullChainPem = result.text;

-            const fullChainPem = result.body; // buffer
+        const certName = hostname.replace('*.', '_.');
+        var certificateFile = path.join(outdir, `${certName}.cert`);
+        if (!safe.fs.writeFileSync(certificateFile, fullChainPem)) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error));

-            const certName = hostname.replace('*.', '_.');
-            var certificateFile = path.join(outdir, `${certName}.cert`);
-            if (!safe.fs.writeFileSync(certificateFile, fullChainPem)) return retryCallback(new BoxError(BoxError.FS_ERROR, safe.error));
+        debug('downloadCertificate: cert file for %s saved at %s', hostname, certificateFile);

-            debug('downloadCertificate: cert file for %s saved at %s', hostname, certificateFile);
-
-            retryCallback(null);
-        });
-    }, callback);
+        callback();
+    });
 };

 Acme2.prototype.prepareHttpChallenge = function (hostname, domain, authorization, callback) {
@@ -385,7 +402,7 @@ Acme2.prototype.prepareHttpChallenge = function (hostname, domain, authorization

    debug('acmeFlow: challenges: %j', authorization);
    let httpChallenges = authorization.challenges.filter(function(x) { return x.type === 'http-01'; });
-    if (httpChallenges.length === 0) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'no http challenges'));
+    if (httpChallenges.length === 0) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'no http challenges'));
    let challenge = httpChallenges[0];

    debug('prepareHttpChallenge: preparing for challenge %j', challenge);
@@ -395,7 +412,7 @@ Acme2.prototype.prepareHttpChallenge = function (hostname, domain, authorization
    debug('prepareHttpChallenge: writing %s to %s', keyAuthorization, path.join(paths.ACME_CHALLENGES_DIR, challenge.token));

    fs.writeFile(path.join(paths.ACME_CHALLENGES_DIR, challenge.token), keyAuthorization, function (error) {
-        if (error) return callback(new BoxError(BoxError.FS_ERROR, error));
+        if (error) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, error));

        callback(null, challenge);
    });
@@ -437,7 +454,7 @@ Acme2.prototype.prepareDnsChallenge = function (hostname, domain, authorization,

    debug('acmeFlow: challenges: %j', authorization);
    let dnsChallenges = authorization.challenges.filter(function(x) { return x.type === 'dns-01'; });
-    if (dnsChallenges.length === 0) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'no dns challenges'));
+    if (dnsChallenges.length === 0) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, 'no dns challenges'));
    let challenge = dnsChallenges[0];

    const keyAuthorization = this.getKeyAuthorization(challenge.token);
@@ -450,10 +467,10 @@ Acme2.prototype.prepareDnsChallenge = function (hostname, domain, authorization,
    debug(`prepareDnsChallenge: update ${challengeSubdomain} with ${txtValue}`);

    domains.upsertDnsRecords(challengeSubdomain, domain, 'TXT', [ `"${txtValue}"` ], function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, error.message));

        domains.waitForDnsRecord(challengeSubdomain, domain, 'TXT', txtValue, { interval: 5000, times: 200 }, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, error.message));

            callback(null, challenge);
        });
@@ -476,7 +493,7 @@ Acme2.prototype.cleanupDnsChallenge = function (hostname, domain, challenge, cal
    debug(`cleanupDnsChallenge: remove ${challengeSubdomain} with ${txtValue}`);

    domains.removeDnsRecords(challengeSubdomain, domain, 'TXT', [ `"${txtValue}"` ], function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new Acme2Error(Acme2Error.EXTERNAL_ERROR, error));

        callback(null);
    });
@@ -488,12 +505,10 @@ Acme2.prototype.prepareChallenge = function (hostname, domain, authorizationUrl,
    assert.strictEqual(typeof authorizationUrl, 'string');
    assert.strictEqual(typeof callback, 'function');

-    debug(`prepareChallenge: http: ${this.performHttpAuthorization}`);
-
    const that = this;
-    this.postAsGet(authorizationUrl, function (error, response) {
-        if (error) return callback(error);
-        if (response.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code getting authorization : ' + response.statusCode));
+    superagent.get(authorizationUrl).timeout(30 * 1000).end(function (error, response) {
+        if (error && !error.response) return callback(error);
+        if (response.statusCode !== 200) return callback(new Error('Invalid response code getting authorization : ' + response.statusCode));

        const authorization = response.body;

@@ -511,8 +526,6 @@ Acme2.prototype.cleanupChallenge = function (hostname, domain, challenge, callba
    assert.strictEqual(typeof challenge, 'object');
    assert.strictEqual(typeof callback, 'function');

-    debug(`cleanupChallenge: http: ${this.performHttpAuthorization}`);
-
    if (this.performHttpAuthorization) {
        this.cleanupHttpChallenge(hostname, domain, challenge, callback);
    } else {
@@ -528,7 +541,7 @@ Acme2.prototype.acmeFlow = function (hostname, domain, callback) {
    if (!fs.existsSync(paths.ACME_ACCOUNT_KEY_FILE)) {
        debug('getCertificate: generating acme account key on first run');
        this.accountKeyPem = safe.child_process.execSync('openssl genrsa 4096');
-        if (!this.accountKeyPem) return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
+        if (!this.accountKeyPem) return callback(new Acme2Error(Acme2Error.INTERNAL_ERROR, safe.error));

        safe.fs.writeFileSync(paths.ACME_ACCOUNT_KEY_FILE, this.accountKeyPem);
    } else {
@@ -572,13 +585,13 @@ Acme2.prototype.acmeFlow = function (hostname, domain, callback) {
 Acme2.prototype.getDirectory = function (callback) {
    const that = this;

-    request.get(this.caDirectory, { json: true, timeout: 30000 }, function (error, response) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error getting directory: ${error.message}`));
-        if (response.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code when fetching directory : ' + response.statusCode));
+    superagent.get(this.caDirectory).timeout(30 * 1000).end(function (error, response) {
+        if (error && !error.response) return callback(error);
+        if (response.statusCode !== 200) return callback(new Error('Invalid response code when fetching directory : ' + response.statusCode));

        if (typeof response.body.newNonce !== 'string' ||
            typeof response.body.newOrder !== 'string' ||
-            typeof response.body.newAccount !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Invalid response body : ${response.body}`));
+            typeof response.body.newAccount !== 'string') return callback(new Error(`Invalid response body : ${response.body}`));

        that.directory = response.body;

@@ -618,11 +631,6 @@ function getCertificate(hostname, domain, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    let attempt = 1;
-    async.retry({ times: 3, interval: 0 }, function (retryCallback) {
-        debug(`getCertificate: attempt ${attempt++}`);
-
-        let acme = new Acme2(options || { });
-        acme.getCertificate(hostname, domain, retryCallback);
-    }, callback);
+    var acme = new Acme2(options || { });
+    acme.getCertificate(hostname, domain, callback);
 }
@@ -10,8 +10,7 @@ exports = module.exports = {
    getCertificate: getCertificate
 };

-var assert = require('assert'),
-    BoxError = require('../boxerror.js');
+var assert = require('assert');

 function getCertificate(hostname, domain, options, callback) {
    assert.strictEqual(typeof hostname, 'string');
@@ -19,6 +18,6 @@ function getCertificate(hostname, domain, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    return callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'getCertificate is not implemented'));
+    return callback(new Error('Not implemented'));
 }

@@ -1,38 +0,0 @@
-'use strict';
-
-let assert = require('assert'),
-    fs = require('fs'),
-    path = require('path');
-
-exports = module.exports = {
-    getChanges: getChanges
-};
-
-function getChanges(version) {
-    assert.strictEqual(typeof version, 'string');
-
-    let changelog = [ ];
-    const lines = fs.readFileSync(path.join(__dirname, '../CHANGES'), 'utf8').split('\n');
-
-    version = version.replace(/[+-].*/, ''); // strip prerelease
-
-    let i;
-    for (i = 0; i < lines.length; i++) {
-        if (lines[i] === '[' + version + ']') break;
-    }
-
-    for (i = i + 1; i < lines.length; i++) {
-        if (lines[i] === '') continue;
-        if (lines[i][0] === '[') break;
-
-        lines[i] = lines[i].trim();
-
-        // detect and remove list style - and * in changelog lines
-        if (lines[i].indexOf('-') === 0) lines[i] = lines[i].slice(1).trim();
-        if (lines[i].indexOf('*') === 0) lines[i] = lines[i].slice(1).trim();
-
-        changelog.push(lines[i]);
-    }
-
-    return changelog;
-}
@@ -15,12 +15,14 @@ exports = module.exports = {
    delByAppId: delByAppId,
    delByAppIdAndType: delByAppIdAndType,

-    _clear: clear
+    _clear: clear,
+    _addDefaultClients: addDefaultClients
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    database = require('./database.js');
+    async = require('async'),
+    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js');

 var CLIENTS_FIELDS = [ 'id', 'appId', 'type', 'clientSecret', 'redirectURI', 'scope' ].join(',');
 var CLIENTS_FIELDS_PREFIXED = [ 'clients.id', 'clients.appId', 'clients.type', 'clients.clientSecret', 'clients.redirectURI', 'clients.scope' ].join(',');
@@ -30,8 +32,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, result[0]);
    });
@@ -41,7 +43,7 @@ function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients ORDER BY appId', function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -51,7 +53,7 @@ function getAllWithTokenCount(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId GROUP BY clients.id', [], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -62,7 +64,7 @@ function getAllWithTokenCountByIdentifier(identifier, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId WHERE tokens.identifier=? GROUP BY clients.id', [ identifier ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -73,8 +75,8 @@ function getByAppId(appId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? LIMIT 1', [ appId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, result[0]);
    });
@@ -86,8 +88,8 @@ function getByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? AND type = ? LIMIT 1', [ appId, type ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, result[0]);
    });
@@ -105,8 +107,8 @@ function add(id, appId, type, clientSecret, redirectURI, scope, callback) {
    var data = [ id, appId, type, clientSecret, redirectURI, scope ];

    database.query('INSERT INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -124,8 +126,8 @@ function upsert(id, appId, type, clientSecret, redirectURI, scope, callback) {
    var data = [ id, appId, type, clientSecret, redirectURI, scope ];

    database.query('REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -136,8 +138,8 @@ function del(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -148,8 +150,8 @@ function delByAppId(appId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM clients WHERE appId=?', [ appId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -161,8 +163,8 @@ function delByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM clients WHERE appId=? AND type=?', [ appId, type ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -171,9 +173,17 @@ function delByAppIdAndType(appId, type, callback) {
 function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

-    database.query('DELETE FROM clients', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+    database.query('DELETE FROM clients WHERE id!="cid-webadmin" AND id!="cid-sdk" AND id!="cid-cli"', function (error) {
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
 }
+
+function addDefaultClients(callback) {
+    async.series([
+        add.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', 'https://admin-localhost', '*'),
+        add.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', 'https://admin-localhost', '*'),
+        add.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', 'https://admin-localhost', '*')
+    ], callback);
+}
@@ -1,6 +1,8 @@
 'use strict';

 exports = module.exports = {
+    ClientsError: ClientsError,
+
    add: add,
    get: get,
    del: del,
@@ -18,11 +20,6 @@ exports = module.exports = {

    removeTokenPrivateFields: removeTokenPrivateFields,

-    // client ids. we categorize them so we can have different restrictions based on the client
-    ID_WEBADMIN: 'cid-webadmin',    // dashboard oauth
-    ID_SDK: 'cid-sdk',              // created by user via dashboard
-    ID_CLI: 'cid-cli',              // created via cli tool
-
    // client type enums
    TYPE_EXTERNAL: 'external',
    TYPE_BUILT_IN: 'built-in',
@@ -33,25 +30,54 @@ exports = module.exports = {
 var apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
    clientdb = require('./clientdb.js'),
    constants = require('./constants.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:clients'),
    eventlog = require('./eventlog.js'),
    hat = require('./hat.js'),
    accesscontrol = require('./accesscontrol.js'),
    tokendb = require('./tokendb.js'),
    users = require('./users.js'),
+    UsersError = users.UsersError,
+    util = require('util'),
    uuid = require('uuid'),
    _ = require('underscore');

+function ClientsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(ClientsError, Error);
+ClientsError.INVALID_SCOPE = 'Invalid scope';
+ClientsError.INVALID_CLIENT = 'Invalid client';
+ClientsError.INVALID_TOKEN = 'Invalid token';
+ClientsError.BAD_FIELD = 'Bad field';
+ClientsError.NOT_FOUND = 'Not found';
+ClientsError.INTERNAL_ERROR = 'Internal Error';
+ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
+
 function validateClientName(name) {
    assert.strictEqual(typeof name, 'string');

-    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 character', { field: 'name' });
-    if (name.length > 128) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
+    if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
+    if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');

-    if (/[^a-zA-Z0-9-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals and dash', { field: 'name' });
+    if (/[^a-zA-Z0-9-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');

    return null;
 }
@@ -59,7 +85,7 @@ function validateClientName(name) {
 function validateTokenName(name) {
    assert.strictEqual(typeof name, 'string');

-    if (name.length > 64) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
+    if (name.length > 64) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');

    return null;
 }
@@ -72,7 +98,7 @@ function add(appId, type, redirectURI, scope, callback) {
    assert.strictEqual(typeof callback, 'function');

    var error = accesscontrol.validateScopeString(scope);
-    if (error) return callback(error);
+    if (error) return callback(new ClientsError(ClientsError.INVALID_SCOPE, error.message));

    error = validateClientName(appId);
    if (error) return callback(error);
@@ -101,8 +127,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    clientdb.get(id, function (error, result) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
-
        callback(null, result);
    });
 }
@@ -112,8 +138,8 @@ function del(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    clientdb.del(id, function (error, result) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
-
        callback(null, result);
    });
 }
@@ -122,7 +148,7 @@ function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    clientdb.getAll(function (error, results) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, []);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
        if (error) return callback(error);

        var tmp = [];
@@ -164,8 +190,8 @@ function getByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof callback, 'function');

    clientdb.getByAppIdAndType(appId, type, function (error, result) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
-
        callback(null, result);
    });
 }
@@ -176,7 +202,7 @@ function getTokensByUserId(clientId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {
-        if (error && error.reason === BoxError.NOT_FOUND) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) {
            // this can mean either that there are no tokens or the clientId is actually unknown
            get(clientId, function (error/*, result*/) {
                if (error) return callback(error);
@@ -195,7 +221,7 @@ function delTokensByUserId(clientId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {
-        if (error && error.reason === BoxError.NOT_FOUND) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) {
            // this can mean either that there are no tokens or the clientId is actually unknown
            get(clientId, function (error/*, result*/) {
                if (error) return callback(error);
@@ -217,9 +243,10 @@ function delByAppIdAndType(appId, type, callback) {
        if (error) return callback(error);

        tokendb.delByClientId(result.id, function (error) {
-            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            clientdb.delByAppIdAndType(appId, type, function (error) {
+                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
                if (error) return callback(error);

                callback(null);
@@ -243,10 +270,11 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
        if (error) return callback(error);

        users.get(userId, function (error, user) {
-            if (error) return callback(error);
+            if (error && error.reason === UsersError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such user'));
+            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            accesscontrol.scopesForUser(user, function (error, userScopes) {
-                if (error) return callback(error);
+                if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

                const scope = accesscontrol.canonicalScopeString(result.scope);
                const authorizedScopes = accesscontrol.intersectScopes(userScopes, scope.split(','));
@@ -262,7 +290,7 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
                };

                tokendb.add(token, function (error) {
-                    if (error) return callback(error);
+                    if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

                    callback(null, {
                        accessToken: token.accessToken,
@@ -277,14 +305,15 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
    });
 }

+// this issues a cid-cli token that does not require a password in various routes
 function issueDeveloperToken(userObject, auditSource, callback) {
    assert.strictEqual(typeof userObject, 'object');
    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof callback, 'function');

-    const expiresAt = Date.now() + (30 * 24 * 60 * 60 * 1000); // cli tokens are valid for a month
+    const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;

-    addTokenByUserId(exports.ID_CLI, userObject.id, expiresAt, {}, function (error, result) {
+    addTokenByUserId('cid-cli', userObject.id, expiresAt, {}, function (error, result) {
        if (error) return callback(error);

        eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: userObject.id, user: users.removePrivateFields(userObject) });
@@ -302,7 +331,8 @@ function delToken(clientId, tokenId, callback) {
        if (error) return callback(error);

        tokendb.del(tokenId, function (error) {
-            if (error) return callback(error);
+            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));
+            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -318,9 +348,9 @@ function addDefaultClients(origin, callback) {
    // The domain might have changed, therefor we have to update the record
    // id, appId, type, clientSecret, redirectURI, scope
    async.series([
-        clientdb.upsert.bind(null, exports.ID_WEBADMIN, 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
-        clientdb.upsert.bind(null, exports.ID_SDK, 'SDK', 'built-in', 'secret-sdk', origin, '*'),
-        clientdb.upsert.bind(null, exports.ID_CLI, 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
+        clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
+        clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', origin, '*'),
+        clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
    ], callback);
 }

@@ -1,9 +1,12 @@
 'use strict';

 exports = module.exports = {
+    CloudronError: CloudronError,
+
    initialize: initialize,
    uninitialize: uninitialize,
    getConfig: getConfig,
+    getDisks: getDisks,
    getLogs: getLogs,

    reboot: reboot,
@@ -16,22 +19,24 @@ exports = module.exports = {
    setDashboardAndMailDomain: setDashboardAndMailDomain,
    renewCerts: renewCerts,

-    setupDashboard: setupDashboard,
-
    runSystemChecks: runSystemChecks,
+
+    // exposed for testing
+    _checkDiskSpace: checkDiskSpace
 };

 var apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
-    auditSource = require('./auditsource.js'),
    backups = require('./backups.js'),
-    BoxError = require('./boxerror.js'),
    clients = require('./clients.js'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
    cron = require('./cron.js'),
    debug = require('debug')('box:cloudron'),
    domains = require('./domains.js'),
+    DomainsError = require('./domains.js').DomainsError,
+    df = require('@sindresorhus/df'),
    eventlog = require('./eventlog.js'),
    custom = require('./custom.js'),
    fs = require('fs'),
@@ -42,24 +47,49 @@ var apps = require('./apps.js'),
    paths = require('./paths.js'),
    platform = require('./platform.js'),
    reverseProxy = require('./reverseproxy.js'),
-    safe = require('safetydance'),
    settings = require('./settings.js'),
    shell = require('./shell.js'),
    spawn = require('child_process').spawn,
    split = require('split'),
    tasks = require('./tasks.js'),
-    users = require('./users.js');
+    users = require('./users.js'),
+    util = require('util');

 var REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh');

-const NOOP_CALLBACK = function (error) { if (error) debug(error); };
+var NOOP_CALLBACK = function (error) { if (error) debug(error); };
+
+function CloudronError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(CloudronError, Error);
+CloudronError.BAD_FIELD = 'Field error';
+CloudronError.INTERNAL_ERROR = 'Internal Error';
+CloudronError.EXTERNAL_ERROR = 'External Error';
+CloudronError.BAD_STATE = 'Bad state';
+CloudronError.ALREADY_UPTODATE = 'No Update Available';

 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

    runStartupTasks();

-    notifyUpdate(callback);
+    callback();
 }

 function uninitialize(callback) {
@@ -83,32 +113,13 @@ function onActivated(callback) {
    ], callback);
 }

-function notifyUpdate(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    const version = safe.fs.readFileSync(paths.VERSION_FILE, 'utf8');
-    if (version === constants.VERSION) return callback();
-
-    eventlog.add(eventlog.ACTION_UPDATE_FINISH, auditSource.CRON, { errorMessage: '', oldVersion: version || 'dev', newVersion: constants.VERSION }, function (error) {
-        if (error) return callback(error);
-
-        tasks.setCompletedByType(tasks.TASK_UPDATE, { error: null }, function (error) {
-            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error); // when hotfixing, task may not exist
-
-            safe.fs.writeFileSync(paths.VERSION_FILE, constants.VERSION, 'utf8');
-
-            callback();
-        });
-    });
-}
-
 // each of these tasks can fail. we will add some routes to fix/re-run them
 function runStartupTasks() {
    // configure nginx to be reachable by IP
-    reverseProxy.writeDefaultConfig(NOOP_CALLBACK);
+    reverseProxy.configureDefaultServer(NOOP_CALLBACK);

    // always generate webadmin config since we have no versioning mechanism for the ejs
-    if (settings.adminDomain()) reverseProxy.writeAdminConfig(settings.adminDomain(), NOOP_CALLBACK);
+    if (config.adminDomain()) reverseProxy.writeAdminConfig(config.adminDomain(), NOOP_CALLBACK);

    // check activation state and start the platform
    users.isActivated(function (error, activated) {
@@ -119,22 +130,49 @@ function runStartupTasks() {
    });
 }

+function getDisks(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    var disks = {
+        boxDataDisk: null,
+        platformDataDisk: null,
+        appsDataDisk: null
+    };
+
+    df.file(paths.BOX_DATA_DIR).then(function (result) {
+        disks.boxDataDisk = result.filesystem;
+
+        return df.file(paths.PLATFORM_DATA_DIR);
+    }).then(function (result) {
+        disks.platformDataDisk = result.filesystem;
+
+        return df.file(paths.APPS_DATA_DIR);
+    }).then(function (result) {
+        disks.appsDataDisk = result.filesystem;
+
+        callback(null, disks);
+    }).catch(function (error) {
+        callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+    });
+}
+
 function getConfig(callback) {
    assert.strictEqual(typeof callback, 'function');

    settings.getAll(function (error, allSettings) {
-        if (error) return callback(error);
+        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

        // be picky about what we send out here since this is sent for 'normal' users as well
        callback(null, {
-            apiServerOrigin: settings.apiServerOrigin(),
-            webServerOrigin: settings.webServerOrigin(),
-            adminDomain: settings.adminDomain(),
-            adminFqdn: settings.adminFqdn(),
-            mailFqdn: settings.mailFqdn(),
-            version: constants.VERSION,
-            isDemo: settings.isDemo(),
-            provider: settings.provider(),
+            apiServerOrigin: config.apiServerOrigin(),
+            webServerOrigin: config.webServerOrigin(),
+            adminDomain: config.adminDomain(),
+            adminFqdn: config.adminFqdn(),
+            mailFqdn: config.mailFqdn(),
+            version: config.version(),
+            isDemo: config.isDemo(),
+            memory: os.totalmem(),
+            provider: config.provider(),
            cloudronName: allSettings[settings.CLOUDRON_NAME_KEY],
            uiSpec: custom.uiSpec()
        });
@@ -153,20 +191,21 @@ function isRebootRequired(callback) {
 }

 // called from cron.js
-function runSystemChecks(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
+function runSystemChecks() {
    async.parallel([
        checkBackupConfiguration,
+        checkDiskSpace,
        checkMailStatus,
        checkRebootRequired
-    ], callback);
+    ], function (error) {
+        debug('runSystemChecks: done', error);
+    });
 }

 function checkBackupConfiguration(callback) {
    assert.strictEqual(typeof callback, 'function');

-    debug('checking backup configuration');
+    debug('Checking backup configuration');

    backups.checkConfiguration(function (error, message) {
        if (error) return callback(error);
@@ -175,6 +214,45 @@ function checkBackupConfiguration(callback) {
    });
 }

+function checkDiskSpace(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Checking disk space');
+
+    getDisks(function (error, disks) {
+        if (error) {
+            debug('df error %s', error.message);
+            return callback();
+        }
+
+        df().then(function (entries) {
+            /*
+                [{
+                filesystem: '/dev/disk1',
+                size: 499046809600,
+                used: 443222245376,
+                available: 55562420224,
+                capacity: 0.89,
+                mountpoint: '/'
+            }, ...]
+            */
+            var oos = entries.some(function (entry) {
+                // ignore other filesystems but where box, app and platform data is
+                if (entry.filesystem !== disks.boxDataDisk && entry.filesystem !== disks.platformDataDisk && entry.filesystem !== disks.appsDataDisk) return false;
+
+                return (entry.available <= (1.25 * 1024 * 1024 * 1024)); // 1.5G
+            });
+
+            debug('Disk space checked. ok: %s', !oos);
+
+            notifications.alert(notifications.ALERT_DISK_SPACE, 'Server is running out of disk space', oos ? JSON.stringify(entries, null, 4) : '', callback);
+        }).catch(function (error) {
+            if (error) console.error(error);
+            callback();
+        });
+    });
+}
+
 function checkMailStatus(callback) {
    assert.strictEqual(typeof callback, 'function');

@@ -220,7 +298,7 @@ function getLogs(unit, options, callback) {
    // need to handle box.log without subdir
    if (unit === 'box') args.push(path.join(paths.LOG_DIR, 'box.log'));
    else if (unit.startsWith('crash-')) args.push(path.join(paths.CRASH_LOG_DIR, unit.slice(6) + '.log'));
-    else return callback(new BoxError(BoxError.BAD_FIELD, 'No such unit', { field: 'unit' }));
+    else return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such unit'));

    var cp = spawn('/usr/bin/tail', args);

@@ -253,23 +331,20 @@ function prepareDashboardDomain(domain, auditSource, callback) {
    debug(`prepareDashboardDomain: ${domain}`);

    domains.get(domain, function (error, domainObject) {
-        if (error) return callback(error);
+        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
+        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

        const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);

        apps.getAll(function (error, result) {
-            if (error) return callback(error);
+            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

            const conflict = result.filter(app => app.fqdn === fqdn);
-            if (conflict.length) return callback(new BoxError(BoxError.BAD_STATE, 'Dashboard location conflicts with an existing app'));
+            if (conflict.length) return callback(new CloudronError(CloudronError.BAD_STATE, 'Dashboard location conflicts with an existing app'));

-            tasks.add(tasks.TASK_PREPARE_DASHBOARD_DOMAIN, [ domain, auditSource ], function (error, taskId) {
-                if (error) return callback(error);
-
-                tasks.startTask(taskId, {}, NOOP_CALLBACK);
-
-                callback(null, taskId);
-            });
+            let task = tasks.startTask(tasks.TASK_PREPARE_DASHBOARD_DOMAIN, [ domain, auditSource ]);
+            task.on('error', (error) => callback(new CloudronError(CloudronError.INTERNAL_ERROR, error)));
+            task.on('start', (taskId) => callback(null, taskId));
        });
    });
 }
@@ -283,18 +358,19 @@ function setDashboardDomain(domain, auditSource, callback) {
    debug(`setDashboardDomain: ${domain}`);

    domains.get(domain, function (error, domainObject) {
-        if (error) return callback(error);
+        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
+        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

        reverseProxy.writeAdminConfig(domain, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

            const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);

-            async.series([
-                (done) => settings.setAdmin(domain, fqdn, done),
-                (done) => clients.addDefaultClients(settings.adminOrigin(), done)
-            ], function (error) {
-                if (error) return callback(error);
+            config.setAdminDomain(domain);
+            config.setAdminFqdn(fqdn);
+
+            clients.addDefaultClients(config.adminOrigin(), function (error) {
+                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

                eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { domain: domain, fqdn: fqdn });

@@ -321,27 +397,12 @@ function setDashboardAndMailDomain(domain, auditSource, callback) {
    });
 }

-function setupDashboard(auditSource, progressCallback, callback) {
-    assert.strictEqual(typeof auditSource, 'object');
-    assert.strictEqual(typeof progressCallback, 'function');
-    assert.strictEqual(typeof callback, 'function');
-
-    async.series([
-        domains.prepareDashboardDomain.bind(null, settings.adminDomain(), auditSource, progressCallback),
-        setDashboardDomain.bind(null, settings.adminDomain(), auditSource)
-    ], callback);
-}
-
 function renewCerts(options, auditSource, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof callback, 'function');

-    tasks.add(tasks.TASK_RENEW_CERTS, [ options, auditSource ], function (error, taskId) {
-        if (error) return callback(error);
-
-        tasks.startTask(taskId, {}, NOOP_CALLBACK);
-
-        callback(null, taskId);
-    });
+    let task = tasks.startTask(tasks.TASK_RENEW_CERTS, [ options, auditSource ]);
+    task.on('error', (error) => callback(new CloudronError(CloudronError.INTERNAL_ERROR, error)));
+    task.on('start', (taskId) => callback(null, taskId));
 }
@@ -30,13 +30,3 @@ LoadPlugin "table"
    </Result>
  </Table>
 </Plugin>
-
-<Plugin python>
-  <Module du>
-    <Path>
-        Instance "<%= appId %>"
-        Dir "<%= appDataDir %>"
-    </Path>
-  </Module>
-</Plugin>
-
@@ -0,0 +1,203 @@
+'use strict';
+
+exports = module.exports = {
+    baseDir: baseDir,
+
+    // values set here will be lost after a upgrade/update. use the sqlite database
+    // for persistent values that need to be backed up
+    get: get,
+    set: set,
+
+    // ifdefs to check environment
+    CLOUDRON: process.env.BOX_ENV === 'cloudron',
+    TEST: process.env.BOX_ENV === 'test',
+
+    // convenience getters
+    provider: provider,
+    apiServerOrigin: apiServerOrigin,
+    webServerOrigin: webServerOrigin,
+    adminDomain: adminDomain,
+    setFqdn: setAdminDomain,
+    setAdminDomain: setAdminDomain,
+    setAdminFqdn: setAdminFqdn,
+    version: version,
+    database: database,
+
+    // these values are derived
+    adminOrigin: adminOrigin,
+    internalAdminOrigin: internalAdminOrigin,
+    sysadminOrigin: sysadminOrigin, // localhost routes
+    adminFqdn: adminFqdn,
+    mailFqdn: mailFqdn,
+    hasIPv6: hasIPv6,
+
+    isDemo: isDemo,
+
+    // for testing resets to defaults
+    _reset: _reset
+};
+
+var assert = require('assert'),
+    fs = require('fs'),
+    path = require('path'),
+    safe = require('safetydance'),
+    _ = require('underscore');
+
+
+// assert on unknown environment can't proceed
+assert(exports.CLOUDRON || exports.TEST, 'Unknown environment. This should not happen!');
+
+var data = { };
+
+function baseDir() {
+    const homeDir = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
+    if (exports.CLOUDRON) return homeDir;
+    if (exports.TEST) return path.join(homeDir, '.cloudron_test');
+    // cannot reach
+}
+
+const cloudronConfigFileName = exports.CLOUDRON ? '/etc/cloudron/cloudron.conf' : path.join(baseDir(), 'cloudron.conf');
+
+function saveSync() {
+    // only save values we want to have in the cloudron.conf, see start.sh
+    var conf = {
+        apiServerOrigin: data.apiServerOrigin,
+        webServerOrigin: data.webServerOrigin,
+        adminDomain: data.adminDomain,
+        adminFqdn: data.adminFqdn,
+        provider: data.provider,
+        isDemo: data.isDemo
+    };
+
+    fs.writeFileSync(cloudronConfigFileName, JSON.stringify(conf, null, 4)); // functions are ignored by JSON.stringify
+}
+
+function _reset(callback) {
+    safe.fs.unlinkSync(cloudronConfigFileName);
+
+    initConfig();
+
+    if (callback) callback();
+}
+
+function initConfig() {
+    // setup defaults
+    data.adminFqdn = '';
+    data.adminDomain = '';
+    data.port = 3000;
+    data.apiServerOrigin = null;
+    data.webServerOrigin = null;
+    data.provider = 'generic';
+    data.smtpPort = 2525; // this value comes from mail container
+    data.sysadminPort = 3001;
+    data.ldapPort = 3002;
+    data.dockerProxyPort = 3003;
+
+    // keep in sync with start.sh
+    data.database = {
+        hostname: '127.0.0.1',
+        username: 'root',
+        password: 'password',
+        port: 3306,
+        name: 'box'
+    };
+
+    // overrides for local testings
+    if (exports.TEST) {
+        data.port = 5454;
+        data.apiServerOrigin = 'http://localhost:6060'; // hock doesn't support https
+
+        // see setupTest script how the mysql-server is run
+        data.database.hostname = require('child_process').execSync('docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" mysql-server').toString().trim();
+    }
+
+    // overwrite defaults with saved config
+    var existingData = safe.JSON.parse(safe.fs.readFileSync(cloudronConfigFileName, 'utf8'));
+    _.extend(data, existingData);
+}
+
+initConfig();
+
+// set(obj) or set(key, value)
+function set(key, value) {
+    if (typeof key === 'object') {
+        var obj = key;
+        for (var k in obj) {
+            assert(k in data, 'config.js is missing key "' + k + '"');
+            data[k] = obj[k];
+        }
+    } else {
+        data = safe.set(data, key, value);
+    }
+
+    saveSync();
+}
+
+function get(key) {
+    assert.strictEqual(typeof key, 'string');
+
+    return safe.query(data, key);
+}
+
+function apiServerOrigin() {
+    return get('apiServerOrigin');
+}
+
+function webServerOrigin() {
+    return get('webServerOrigin');
+}
+
+function setAdminDomain(domain) {
+    set('adminDomain', domain);
+}
+
+function adminDomain() {
+    return get('adminDomain');
+}
+
+function setAdminFqdn(adminFqdn) {
+    set('adminFqdn', adminFqdn);
+}
+
+function adminFqdn() {
+    return get('adminFqdn');
+}
+
+function mailFqdn() {
+    return adminFqdn();
+}
+
+function adminOrigin() {
+    return 'https://' + adminFqdn();
+}
+
+function internalAdminOrigin() {
+    return 'http://127.0.0.1:' + get('port');
+}
+
+function sysadminOrigin() {
+    return 'http://127.0.0.1:' + get('sysadminPort');
+}
+
+function version() {
+    if (exports.TEST) return '3.0.0-test';
+    return fs.readFileSync(path.join(__dirname, '../VERSION'), 'utf8').trim();
+}
+
+function database() {
+    return get('database');
+}
+
+function isDemo() {
+    return get('isDemo') === true;
+}
+
+function provider() {
+    return get('provider');
+}
+
+function hasIPv6() {
+    const IPV6_PROC_FILE = '/proc/net/if_inet6';
+    // on contabo, /proc/net/if_inet6 is an empty file. so just exists is not enough
+    return fs.existsSync(IPV6_PROC_FILE) && fs.readFileSync(IPV6_PROC_FILE, 'utf8').trim().length !== 0;
+}
@@ -1,11 +1,5 @@
 'use strict';

-let fs = require('fs'),
-    path = require('path');
-
-const CLOUDRON = process.env.BOX_ENV === 'cloudron',
-    TEST = process.env.BOX_ENV === 'test';
-
 exports = module.exports = {
    SMTP_LOCATION: 'smtp',
    IMAP_LOCATION: 'imap',
@@ -24,12 +18,6 @@ exports = module.exports = {

    ADMIN_LOCATION: 'my',

-    PORT: CLOUDRON ? 3000 : 5454,
-    INTERNAL_SMTP_PORT: 2525, // this value comes from the mail container
-    SYSADMIN_PORT: 3001, // unused
-    LDAP_PORT: 3002,
-    DOCKER_PROXY_PORT: 3003,
-
    NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',

    GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
@@ -42,11 +30,6 @@ exports = module.exports = {

    AUTOUPDATE_PATTERN_NEVER: 'never',

-    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8),
-
-    CLOUDRON: CLOUDRON,
-    TEST: TEST,
-
-    VERSION: process.env.BOX_ENV === 'cloudron' ? fs.readFileSync(path.join(__dirname, '../VERSION'), 'utf8').trim() : '4.2.0-test'
+    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8)
 };

@@ -15,6 +15,7 @@ var appHealthMonitor = require('./apphealthmonitor.js'),
    auditSource = require('./auditsource.js'),
    backups = require('./backups.js'),
    cloudron = require('./cloudron.js'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
    CronJob = require('cron').CronJob,
    debug = require('debug')('box:cron'),
@@ -23,7 +24,6 @@ var appHealthMonitor = require('./apphealthmonitor.js'),
    janitor = require('./janitor.js'),
    scheduler = require('./scheduler.js'),
    settings = require('./settings.js'),
-    system = require('./system.js'),
    updater = require('./updater.js'),
    updateChecker = require('./updatechecker.js');

@@ -35,7 +35,6 @@ var gJobs = {
    backup: null,
    boxUpdateChecker: null,
    systemChecks: null,
-    diskSpaceChecker: null,
    certificateRenew: null,
    cleanupBackups: null,
    cleanupEventlog: null,
@@ -107,16 +106,9 @@ function recreateJobs(tz) {
    if (gJobs.systemChecks) gJobs.systemChecks.stop();
    gJobs.systemChecks = new CronJob({
        cronTime: '00 30 * * * *', // every 30 minutes. if you change this interval, change the notification messages with correct duration
-        onTick: () => cloudron.runSystemChecks(NOOP_CALLBACK),
-        start: true,
-        timeZone: tz
-    });
-
-    if (gJobs.diskSpaceChecker) gJobs.diskSpaceChecker.stop();
-    gJobs.diskSpaceChecker = new CronJob({
-        cronTime: '00 30 * * * *', // every 30 minutes. if you change this interval, change the notification messages with correct duration
-        onTick: () => system.checkDiskSpace(NOOP_CALLBACK),
+        onTick: cloudron.runSystemChecks,
        start: true,
+        runOnInit: true, // run system check immediately
        timeZone: tz
    });

@@ -173,7 +165,7 @@ function recreateJobs(tz) {

    if (gJobs.schedulerSync) gJobs.schedulerSync.stop();
    gJobs.schedulerSync = new CronJob({
-        cronTime: constants.TEST ? '*/10 * * * * *' : '00 */1 * * * *', // every minute
+        cronTime: config.TEST ? '*/10 * * * * *' : '00 */1 * * * *', // every minute
        onTick: scheduler.sync,
        start: true,
        timeZone: tz
@@ -256,7 +248,7 @@ function dynamicDnsChanged(enabled) {

    if (enabled) {
        gJobs.dynamicDns = new CronJob({
-            cronTime: '5 * * * * *',    // we only update the records if the ip has changed.
+            cronTime: '00 */10 * * * *',
            onTick: dyndns.sync.bind(null, auditSource.CRON, NOOP_CALLBACK),
            start: true,
            timeZone: gJobs.boxUpdateCheckerJob.cronTime.zone // hack
@@ -1,6 +1,7 @@
 'use strict';

-let debug = require('debug')('box:custom'),
+let config = require('./config.js'),
+    debug = require('debug')('box:features'),
    lodash = require('lodash'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
@@ -31,14 +32,14 @@ const DEFAULT_SPEC = {
        remoteSupport: true,
        ticketFormBody:
            'Use this form to open support tickets. You can also write directly to [support@cloudron.io](mailto:support@cloudron.io).\n\n'
-            + '* [Knowledge Base & App Docs](https://cloudron.io/documentation/apps/?support_view)\n'
-            + '* [Custom App Packaging & API](https://cloudron.io/developer/packaging/?support_view)\n'
+            + `* [Knowledge Base & App Docs](${config.webServerOrigin()}/documentation/apps/?support_view)\n`
+            + `* [Custom App Packaging & API](${config.webServerOrigin()}/developer/packaging/?support_view)\n`
            + '* [Forum](https://forum.cloudron.io/)\n\n',
        submitTickets: true
    },
    alerts: {
        email: '',
-        notifyCloudronAdmins: true
+        notifyCloudronAdmins: false
    },
    footer: {
        body: '&copy; 2019 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'
@@ -14,9 +14,8 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
    child_process = require('child_process'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
    mysql = require('mysql'),
    once = require('once'),
    util = require('util');
@@ -24,38 +23,25 @@ var assert = require('assert'),
 var gConnectionPool = null,
    gDefaultConnection = null;

-const gDatabase = {
-    hostname: '127.0.0.1',
-    username: 'root',
-    password: 'password',
-    port: 3306,
-    name: 'box'
-};
-
 function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

    if (gConnectionPool !== null) return callback(null);

-    if (constants.TEST) {
-        // see setupTest script how the mysql-server is run
-        gDatabase.hostname = require('child_process').execSync('docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" mysql-server').toString().trim();
-    }
-
    gConnectionPool  = mysql.createPool({
        connectionLimit: 5, // this has to be > 1 since we store one connection as 'default'. the rest for transactions
-        host: gDatabase.hostname,
-        user: gDatabase.username,
-        password: gDatabase.password,
-        port: gDatabase.port,
-        database: gDatabase.name,
+        host: config.database().hostname,
+        user: config.database().username,
+        password: config.database().password,
+        port: config.database().port,
+        database: config.database().name,
        multipleStatements: false,
        ssl: false,
        timezone: 'Z' // mysql follows the SYSTEM timezone. on Cloudron, this is UTC
    });

    gConnectionPool.on('connection', function (connection) {
-        connection.query('USE ' + gDatabase.name);
+        connection.query('USE ' + config.database().name);
        connection.query('SET SESSION sql_mode = \'strict_all_tables\'');
    });

@@ -101,19 +87,19 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    var cmd = util.format('mysql --host="%s" --user="%s" --password="%s" -Nse "SHOW TABLES" %s | grep -v "^migrations$" | while read table; do mysql --host="%s" --user="%s" --password="%s" -e "SET FOREIGN_KEY_CHECKS = 0; TRUNCATE TABLE $table" %s; done',
-        gDatabase.hostname, gDatabase.username, gDatabase.password, gDatabase.name,
-        gDatabase.hostname, gDatabase.username, gDatabase.password, gDatabase.name);
+        config.database().hostname, config.database().username, config.database().password, config.database().name,
+        config.database().hostname, config.database().username, config.database().password, config.database().name);

    async.series([
        child_process.exec.bind(null, cmd),
-        require('./clients.js').addDefaultClients.bind(null, 'https://admin-localhost')
+        require('./clientdb.js')._addDefaultClients
    ], callback);
 }

 function beginTransaction(callback) {
    assert.strictEqual(typeof callback, 'function');

-    if (gConnectionPool === null) return callback(new BoxError(BoxError.DATABASE_ERROR, 'No database connection pool.'));
+    if (gConnectionPool === null) return callback(new Error('No database connection pool.'));

    gConnectionPool.getConnection(function (error, connection) {
        if (error) {
@@ -157,7 +143,7 @@ function query() {
    var callback = args[args.length - 1];
    assert.strictEqual(typeof callback, 'function');

-    if (gDefaultConnection === null) return callback(new BoxError(BoxError.DATABASE_ERROR, 'No connection to database'));
+    if (gDefaultConnection === null) return callback(new Error('No connection to database'));

    args[args.length -1 ] = function (error, result) {
        if (error && error.fatal) {
@@ -192,7 +178,7 @@ function importFromFile(file, callback) {
    assert.strictEqual(typeof file, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var cmd = `/usr/bin/mysql -h "${gDatabase.hostname}" -u ${gDatabase.username} -p${gDatabase.password} ${gDatabase.name} < ${file}`;
+    var cmd = `/usr/bin/mysql -h "${config.database().hostname}" -u ${config.database().username} -p${config.database().password} ${config.database().name} < ${file}`;

    async.series([
        query.bind(null, 'CREATE DATABASE IF NOT EXISTS box'),
@@ -204,7 +190,7 @@ function exportToFile(file, callback) {
    assert.strictEqual(typeof file, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var cmd = `/usr/bin/mysqldump -h "${gDatabase.hostname}" -u root -p${gDatabase.password} --single-transaction --routines --triggers ${gDatabase.name} > "${file}"`;
+    var cmd = `/usr/bin/mysqldump -h "${config.database().hostname}" -u root -p${config.database().password} --single-transaction --routines --triggers ${config.database().name} > "${file}"`;

    child_process.exec(cmd, callback);
 }
@@ -0,0 +1,34 @@
+/* jslint node:true */
+
+'use strict';
+
+exports = module.exports = DatabaseError;
+
+var assert = require('assert'),
+    util = require('util');
+
+function DatabaseError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(DatabaseError, Error);
+
+DatabaseError.INTERNAL_ERROR = 'Internal error';
+DatabaseError.ALREADY_EXISTS = 'Entry already exist';
+DatabaseError.NOT_FOUND = 'Record not found';
+DatabaseError.BAD_FIELD = 'Invalid field';
+DatabaseError.IN_USE = 'In Use';
@@ -11,18 +11,14 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
+    config = require('../config.js'),
    debug = require('debug')('box:dns/caas'),
    domains = require('../domains.js'),
-    settings = require('../settings.js'),
+    DomainsError = require('../domains.js').DomainsError,
    superagent = require('superagent'),
    util = require('util'),
    waitForDns = require('./waitfordns.js');

-function formatError(response) {
-    return util.format('Caas DNS error [%s] %j', response.statusCode, response.body);
-}
-
 function getFqdn(location, domain) {
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof domain, 'string');
@@ -62,15 +58,15 @@ function upsert(domainObject, location, type, values, callback) {
    };

    superagent
-        .post(settings.apiServerOrigin() + '/api/v1/caas/domains/' + fqdn)
+        .post(config.apiServerOrigin() + '/api/v1/caas/domains/' + fqdn)
        .query({ token: dnsConfig.token })
        .send(data)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
-            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
+            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null);
        });
@@ -88,12 +84,12 @@ function get(domainObject, location, type, callback) {
    debug('get: zoneName: %s subdomain: %s type: %s fqdn: %s', domainObject.domain, location, type, fqdn);

    superagent
-        .get(settings.apiServerOrigin() + '/api/v1/caas/domains/' + fqdn)
+        .get(config.apiServerOrigin() + '/api/v1/caas/domains/' + fqdn)
        .query({ token: dnsConfig.token, type: type })
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null, result.body.values);
        });
@@ -115,16 +111,16 @@ function del(domainObject, location, type, values, callback) {
    };

    superagent
-        .del(settings.apiServerOrigin() + '/api/v1/caas/domains/' + getFqdn(location, domainObject.domain))
+        .del(config.apiServerOrigin() + '/api/v1/caas/domains/' + getFqdn(location, domainObject.domain))
        .query({ token: dnsConfig.token })
        .send(data)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
-            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
+            if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND));
+            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));

            return callback(null);
        });
@@ -149,7 +145,7 @@ function verifyDnsConfig(domainObject, callback) {

    const dnsConfig = domainObject.config;

-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));

    const ip = '127.0.0.1';

@@ -12,10 +12,10 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/cloudflare'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    superagent = require('superagent'),
    util = require('util'),
    waitForDns = require('./waitfordns.js'),
@@ -37,15 +37,15 @@ function translateRequestError(result, callback) {
    assert.strictEqual(typeof result, 'object');
    assert.strictEqual(typeof callback, 'function');

-    if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
-    if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+    if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
+    if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
    if ((result.statusCode === 400 || result.statusCode === 401 || result.statusCode === 403) && result.body.errors.length > 0) {
        let error = result.body.errors[0];
        let message = `message: ${error.message} statusCode: ${result.statusCode} code:${error.code}`;
-        return callback(new BoxError(BoxError.ACCESS_DENIED, message));
+        return callback(new DomainsError(DomainsError.ACCESS_DENIED, message));
    }

-    callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+    callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
 }

 function getZoneByName(dnsConfig, zoneName, callback) {
@@ -60,7 +60,7 @@ function getZoneByName(dnsConfig, zoneName, callback) {
        .end(function (error, result) {
            if (error && !error.response) return callback(error);
            if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, callback);
-            if (!result.body.result.length) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));
+            if (!result.body.result.length) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));

            callback(null, result.body.result[0]);
        });
@@ -259,7 +259,7 @@ function wait(domainObject, location, type, value, options, callback) {

        getDnsRecords(dnsConfig, zoneId, fqdn, type, function (error, dnsRecords) {
            if (error) return callback(error);
-            if (dnsRecords.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
+            if (dnsRecords.length === 0) return callback(new DomainsError(DomainsError.NOT_FOUND, 'Domain not found'));

            if (!dnsRecords[0].proxied) return waitForDns(fqdn, domainObject.zoneName, type, value, options, callback);

@@ -277,8 +277,8 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
-    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'email must be a non-empty string', { field: 'email' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'email must be a non-empty string'));

    const ip = '127.0.0.1';

@@ -290,15 +290,15 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        getZoneByName(dnsConfig, zoneName, function(error, zone) {
            if (error) return callback(error);

            if (!_.isEqual(zone.name_servers.sort(), nameservers.sort())) {
                debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.name_servers);
-                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare', { field: 'nameservers' }));
+                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare'));
            }

            const location = 'cloudrontestdns';
@@ -12,10 +12,10 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/digitalocean'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    safe = require('safetydance'),
    superagent = require('superagent'),
    util = require('util'),
@@ -55,10 +55,10 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
            .timeout(30 * 1000)
            .retry(5)
            .end(function (error, result) {
-                if (error && !error.response) return iteratorDone(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                if (result.statusCode === 404) return iteratorDone(new BoxError(BoxError.NOT_FOUND, formatError(result)));
-                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return iteratorDone(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (result.statusCode === 404) return iteratorDone(new DomainsError(DomainsError.NOT_FOUND, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                matchingRecords = matchingRecords.concat(result.body.domain_records.filter(function (record) {
                    return (record.type === type && record.name === name);
@@ -66,10 +66,12 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {

                nextPage = (result.body.links && result.body.links.pages) ? result.body.links.pages.next : null;

+                debug(`getInternal: next page - ${nextPage}`);
+
                iteratorDone();
            });
    }, function () { return !!nextPage; }, function (error) {
-        debug('getInternal:', error, JSON.stringify(matchingRecords));
+        debug('getInternal:', error, matchingRecords);

        if (error) return callback(error);

@@ -119,10 +121,10 @@ function upsert(domainObject, location, type, values, callback) {
                    .timeout(30 * 1000)
                    .retry(5)
                    .end(function (error, result) {
-                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 201) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 201) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                        recordIds.push(safe.query(result.body, 'domain_record.id'));

@@ -138,10 +140,10 @@ function upsert(domainObject, location, type, values, callback) {
                    // increment, as we have consumed the record
                        ++i;

-                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 200) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 200) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                        recordIds.push(safe.query(result.body, 'domain_record.id'));

@@ -209,10 +211,10 @@ function del(domainObject, location, type, values, callback) {
            .timeout(30 * 1000)
            .retry(5)
            .end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
                if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                debug('del: done');

@@ -241,7 +243,7 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));

    const ip = '127.0.0.1';

@@ -252,12 +254,12 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        if (nameservers.map(function (n) { return n.toLowerCase(); }).indexOf('ns1.digitalocean.com') === -1) {
            debug('verifyDnsConfig: %j does not contains DO NS', nameservers);
-            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean', { field: 'nameservers' }));
+            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean'));
        }

        const location = 'cloudrontestdns';
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/gandi'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    superagent = require('superagent'),
    util = require('util'),
    waitForDns = require('./waitfordns.js');
@@ -57,10 +57,10 @@ function upsert(domainObject, location, type, values, callback) {
        .timeout(30 * 1000)
        .send(data)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result)));
-            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result)));
+            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            return callback(null);
        });
@@ -82,10 +82,10 @@ function get(domainObject, location, type, callback) {
        .set('X-Api-Key', dnsConfig.token)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
            if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            debug('get: %j', result.body);

@@ -110,10 +110,10 @@ function del(domainObject, location, type, values, callback) {
        .set('X-Api-Key', dnsConfig.token)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
            if (result.statusCode === 404) return callback(null);
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            debug('del: done');

@@ -141,7 +141,7 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));

    var credentials = {
        token: dnsConfig.token
@@ -152,12 +152,12 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.gandi.net') !== -1; })) {
            debug('verifyDnsConfig: %j does not contain Gandi NS', nameservers);
-            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Gandi', { field: 'nameservers' }));
+            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Gandi'));
        }

        const location = 'cloudrontestdns';
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/gcdns'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    GCDNS = require('@google-cloud/dns').DNS,
    util = require('util'),
    waitForDns = require('./waitfordns.js'),
@@ -49,20 +49,20 @@ function getZoneByName(dnsConfig, zoneName, callback) {
    var gcdns = new GCDNS(getDnsCredentials(dnsConfig));

    gcdns.getZones(function (error, zones) {
-        if (error && error.message === 'invalid_grant') return callback(new BoxError(BoxError.ACCESS_DENIED, 'The key was probably revoked'));
-        if (error && error.reason === 'No such domain') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
-        if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-        if (error && error.code === 404) return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+        if (error && error.message === 'invalid_grant') return callback(new DomainsError(DomainsError.ACCESS_DENIED, 'The key was probably revoked'));
+        if (error && error.reason === 'No such domain') return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+        if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+        if (error && error.code === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
        if (error) {
            debug('gcdns.getZones', error);
-            return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+            return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
        }

        var zone = zones.filter(function (zone) {
            return zone.metadata.dnsName.slice(0, -1) === zoneName;     // the zone name contains a '.' at the end
        })[0];

-        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));

        callback(null, zone); //zone.metadata ~= {name="", dnsName="", nameServers:[]}
    });
@@ -85,10 +85,10 @@ function upsert(domainObject, location, type, values, callback) {
        if (error) return callback(error);

        zone.getRecords({ type: type, name: fqdn + '.' }, function (error, oldRecords) {
-            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error) {
                debug('upsert->zone.getRecords', error);
-                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            }

            var newRecord = zone.record(type, {
@@ -98,11 +98,11 @@ function upsert(domainObject, location, type, values, callback) {
            });

            zone.createChange({ delete: oldRecords, add: newRecord }, function(error /*, change */) {
-                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
+                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
                if (error) {
                    debug('upsert->zone.createChange', error);
-                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
                }

                callback(null);
@@ -130,8 +130,8 @@ function get(domainObject, location, type, callback) {
        };

        zone.getRecords(params, function (error, records) {
-            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
            if (records.length === 0) return callback(null, [ ]);

            return callback(null, records[0].data);
@@ -154,18 +154,18 @@ function del(domainObject, location, type, values, callback) {
        if (error) return callback(error);

        zone.getRecords({ type: type, name: fqdn + '.' }, function(error, oldRecords) {
-            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error) {
                debug('del->zone.getRecords', error);
-                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            }

            zone.deleteRecords(oldRecords, function (error, change) {
-                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
+                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
                if (error) {
                    debug('del->zone.createChange', error);
-                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
                }

                callback(null, change.id);
@@ -194,10 +194,10 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (typeof dnsConfig.projectId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'projectId must be a string', { field: 'projectId' }));
-    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials must be an object', { field: 'credentials' }));
-    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.client_email must be a string', { field: 'client_email' }));
-    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.private_key must be a string', { field: 'private_key' }));
+    if (typeof dnsConfig.projectId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'projectId must be a string'));
+    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials must be an object'));
+    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.client_email must be a string'));
+    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.private_key must be a string'));

    var credentials = getDnsCredentials(dnsConfig);

@@ -206,8 +206,8 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        getZoneByName(credentials, zoneName, function (error, zone) {
            if (error) return callback(error);
@@ -215,7 +215,7 @@ function verifyDnsConfig(domainObject, callback) {
            var definedNS = zone.metadata.nameServers.sort().map(function(r) { return r.replace(/\.$/, ''); });
            if (!_.isEqual(definedNS, nameservers.sort())) {
                debug('verifyDnsConfig: %j and %j do not match', nameservers, definedNS);
-                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS', { field: 'nameservers' }));
+                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS'));
            }

            const location = 'cloudrontestdns';
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/godaddy'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    superagent = require('superagent'),
    util = require('util'),
    waitForDns = require('./waitfordns.js');
@@ -72,11 +72,11 @@ function upsert(domainObject, location, type, values, callback) {
        .timeout(30 * 1000)
        .send(records)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // no such zone
-            if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // conflict
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // no such zone
+            if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // conflict
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            return callback(null);
        });
@@ -98,10 +98,10 @@ function get(domainObject, location, type, callback) {
        .set('Authorization', `sso-key ${dnsConfig.apiKey}:${dnsConfig.apiSecret}`)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
            if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            debug('get: %j', result.body);

@@ -126,7 +126,7 @@ function del(domainObject, location, type, values, callback) {

    debug(`get: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);

-    if (type !== 'A' && type !== 'TXT') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Record deletion is not supported by GoDaddy API'));
+    if (type !== 'A' && type !== 'TXT') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, new Error('Record deletion is not supported by GoDaddy API')));

    // check if the record exists at all so that we don't insert the "Dead" record for no reason
    get(domainObject, location, type, function (error, values) {
@@ -144,10 +144,10 @@ function del(domainObject, location, type, values, callback) {
            .send(records)
            .timeout(30 * 1000)
            .end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
                if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                debug('del: done');

@@ -176,8 +176,8 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiKey must be a non-empty string', { field: 'apiKey' }));
-    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiSecret must be a non-empty string', { field: 'apiSecret' }));
+    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiKey must be a non-empty string'));
+    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiSecret must be a non-empty string'));

    const ip = '127.0.0.1';

@@ -189,12 +189,12 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.domaincontrol.com') !== -1; })) {
            debug('verifyDnsConfig: %j does not contain GoDaddy NS', nameservers);
-            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy', { field: 'nameservers' }));
+            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy'));
        }

        const location = 'cloudrontestdns';
@@ -17,7 +17,6 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    util = require('util');

 function removePrivateFields(domainObject) {
@@ -25,7 +24,6 @@ function removePrivateFields(domainObject) {
    return domainObject;
 }

-// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
    // in-place injection of tokens and api keys which came in with domains.SECRET_PLACEHOLDER
 }
@@ -39,7 +37,7 @@ function upsert(domainObject, location, type, values, callback) {

    // Result: none

-    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'upsert is not implemented'));
+    callback(new Error('not implemented'));
 }

 function get(domainObject, location, type, callback) {
@@ -50,7 +48,7 @@ function get(domainObject, location, type, callback) {

    // Result: Array of matching DNS records in string format

-    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'get is not implemented'));
+    callback(new Error('not implemented'));
 }

 function del(domainObject, location, type, values, callback) {
@@ -62,7 +60,7 @@ function del(domainObject, location, type, values, callback) {

    // Result: none

-    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'del is not implemented'));
+    callback(new Error('not implemented'));
 }

 function wait(domainObject, location, type, value, options, callback) {
@@ -82,5 +80,5 @@ function verifyDnsConfig(domainObject, callback) {

    // Result: dnsConfig object

-    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'verifyDnsConfig is not implemented'));
+    callback(new Error('not implemented'));
 }
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/manual'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    util = require('util'),
    waitForDns = require('./waitfordns.js');

@@ -22,7 +22,6 @@ function removePrivateFields(domainObject) {
    return domainObject;
 }

-// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {

 }
@@ -79,8 +78,8 @@ function verifyDnsConfig(domainObject, callback) {

    // Very basic check if the nameservers can be fetched
    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        callback(null, {});
    });
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/namecheap'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    safe = require('safetydance'),
    superagent = require('superagent'),
    sysinfo = require('../sysinfo.js'),
@@ -37,8 +37,8 @@ function getQuery(dnsConfig, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof callback, 'function');

-    sysinfo.getServerIp(function (error, ip) {
-        if (error) return callback(error);
+    sysinfo.getPublicIp(function (error, ip) {
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        callback(null, {
            ApiUser: dnsConfig.username,
@@ -64,21 +64,16 @@ function getInternal(dnsConfig, zoneName, subdomain, type, callback) {
        query.TLD = zoneName.split('.')[1];

        superagent.get(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));

            var parser = new xml2js.Parser();
            parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));

                var tmp = result.ApiResponse;
-                if (tmp['$'].Status !== 'OK') {
-                    var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
-
-                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
-                }
-                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (tmp['$'].Status !== 'OK') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response')));
+                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));

                var hosts = result.ApiResponse.CommandResponse[0].DomainDNSGetHostsResult[0].host.map(function (h) {
                    return h['$'];
@@ -118,22 +113,17 @@ function setInternal(dnsConfig, zoneName, hosts, callback) {
        });

        superagent.post(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));

            var parser = new xml2js.Parser();
            parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));

                var tmp = result.ApiResponse;
-                if (tmp['$'].Status !== 'OK') {
-                    var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
-
-                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
-                }
-                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
-                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (tmp['$'].Status !== 'OK') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response')));
+                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));

                callback(null);
            });
@@ -281,8 +271,8 @@ function verifyDnsConfig(domainObject, callback) {
    const zoneName = domainObject.zoneName;
    const ip = '127.0.0.1';

-    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a non-empty string', { field: 'username' }));
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));

    let credentials = {
        username: dnsConfig.username,
@@ -292,12 +282,12 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        if (nameservers.some(function (n) { return n.toLowerCase().indexOf('.registrar-servers.com') === -1; })) {
            debug('verifyDnsConfig: %j does not contains NC NS', nameservers);
-            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to NameCheap', { field: 'nameservers' }));
+            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to NameCheap'));
        }

        const testSubdomain = 'cloudrontestdns';
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/namecom'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    safe = require('safetydance'),
    superagent = require('superagent'),
    util = require('util'),
@@ -63,9 +63,9 @@ function addRecord(dnsConfig, zoneName, name, type, values, callback) {
        .timeout(30 * 1000)
        .send(data)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
+            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            return callback(null, 'unused-id');
        });
@@ -100,9 +100,9 @@ function updateRecord(dnsConfig, zoneName, recordId, name, type, values, callbac
        .timeout(30 * 1000)
        .send(data)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
+            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            return callback(null);
        });
@@ -121,9 +121,9 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
        .auth(dnsConfig.username, dnsConfig.token)
        .timeout(30 * 1000)
        .end(function (error, result) {
-            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
+            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

            // name.com does not return the correct content-type
            result.body = safe.JSON.parse(result.text);
@@ -209,9 +209,9 @@ function del(domainObject, location, type, values, callback) {
            .auth(dnsConfig.username, dnsConfig.token)
            .timeout(30 * 1000)
            .end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
+                if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));

                return callback(null);
            });
@@ -238,8 +238,8 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a string', { field: 'username' }));
-    if (typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a string', { field: 'token' }));
+    if (typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a string'));
+    if (typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a string'));

    var credentials = {
        username: dnsConfig.username,
@@ -251,12 +251,12 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.name.com') !== -1; })) {
            debug('verifyDnsConfig: %j does not contain Name.com NS', nameservers);
-            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to name.com', { field: 'nameservers' }));
+            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Name.com'));
        }

        const location = 'cloudrontestdns';
@@ -18,7 +18,6 @@ function removePrivateFields(domainObject) {
    return domainObject;
 }

-// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }

@@ -12,10 +12,10 @@ exports = module.exports = {

 var assert = require('assert'),
    AWS = require('aws-sdk'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/route53'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    util = require('util'),
    waitForDns = require('./waitfordns.js'),
    _ = require('underscore');
@@ -59,15 +59,15 @@ function getZoneByName(dnsConfig, zoneName, callback) {
    }

    listHostedZones(function (error, result) {
-        if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-        if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+        if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+        if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+        if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

        var zone = result.HostedZones.filter(function (zone) {
            return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
        })[0];

-        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));

        callback(null, zone);
    });
@@ -83,9 +83,9 @@ function getHostedZone(dnsConfig, zoneName, callback) {

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.getHostedZone({ Id: zone.Id }, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

            callback(null, result);
        });
@@ -127,11 +127,11 @@ function upsert(domainObject, location, type, values, callback) {

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'PriorRequestNotComplete') return callback(new BoxError(BoxError.BUSY, error.message));
-            if (error && error.code === 'InvalidChangeBatch') return callback(new BoxError(BoxError.BAD_FIELD, error.message));
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+            if (error && error.code === 'InvalidChangeBatch') return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

            callback(null);
        });
@@ -160,9 +160,9 @@ function get(domainObject, location, type, callback) {

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.listResourceRecordSets(params, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);
            if (result.ResourceRecordSets[0].Name !== params.StartRecordName || result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);

@@ -208,23 +208,23 @@ function del(domainObject, location, type, values, callback) {

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.message && error.message.indexOf('it was not found') !== -1) {
                debug('del: resource record set not found.', error);
-                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error && error.code === 'NoSuchHostedZone') {
                debug('del: hosted zone not found.', error);
-                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error && error.code === 'PriorRequestNotComplete') {
                debug('del: resource is still busy', error);
-                return callback(new BoxError(BoxError.BUSY, error.message));
+                return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
            } else if (error && error.code === 'InvalidChangeBatch') {
                debug('del: invalid change batch. No such record to be deleted.');
-                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error) {
                debug('del: error', error);
-                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
+                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            }

            callback(null);
@@ -252,8 +252,8 @@ function verifyDnsConfig(domainObject, callback) {
    const dnsConfig = domainObject.config,
        zoneName = domainObject.zoneName;

-    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a non-empty string', { field: 'accessKeyId' }));
-    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a non-empty string', { field: 'secretAccessKey' }));
+    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));
+    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));

    var credentials = {
        accessKeyId: dnsConfig.accessKeyId,
@@ -268,15 +268,15 @@ function verifyDnsConfig(domainObject, callback) {
    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        getHostedZone(credentials, zoneName, function (error, zone) {
            if (error) return callback(error);

            if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
                debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);
-                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Route53', { field: 'nameservers' }));
+                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
            }

            const location = 'cloudrontestdns';
@@ -4,9 +4,9 @@ exports = module.exports = waitForDns;

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/waitfordns'),
-    dns = require('../native-dns.js');
+    dns = require('../native-dns.js'),
+    DomainsError = require('../domains.js').DomainsError;

 function resolveIp(hostname, options, callback) {
    assert.strictEqual(typeof hostname, 'string');
@@ -92,12 +92,12 @@ function waitForDns(hostname, zoneName, type, value, options, callback) {
        debug(`waitForDns (try ${attempt}): ${hostname} to be ${value} in zone ${zoneName}`);

        dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-            if (error || !nameservers) return retryCallback(error || new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to get nameservers'));
+            if (error || !nameservers) return retryCallback(error || new DomainsError(DomainsError.EXTERNAL_ERROR, 'Unable to get nameservers'));

            async.every(nameservers, isChangeSynced.bind(null, hostname, type, value), function (error, synced) {
                debug('waitForDns: %s %s ns: %j', hostname, synced ? 'done' : 'not done', nameservers);

-                retryCallback(synced ? null : new BoxError(BoxError.EXTERNAL_ERROR, 'ETRYAGAIN'));
+                retryCallback(synced ? null : new DomainsError(DomainsError.EXTERNAL_ERROR, 'ETRYAGAIN'));
            });
        });
    }, function retryDone(error) {
@@ -11,10 +11,10 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('../boxerror.js'),
    debug = require('debug')('box:dns/manual'),
    dns = require('../native-dns.js'),
    domains = require('../domains.js'),
+    DomainsError = require('../domains.js').DomainsError,
    sysinfo = require('../sysinfo.js'),
    util = require('util'),
    waitForDns = require('./waitfordns.js');
@@ -23,7 +23,6 @@ function removePrivateFields(domainObject) {
    return domainObject;
 }

-// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }

@@ -79,20 +78,20 @@ function verifyDnsConfig(domainObject, callback) {

    // Very basic check if the nameservers can be fetched
    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
-        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
+        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
+        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        const location = 'cloudrontestdns';
        const fqdn = domains.fqdn(location, domainObject);

        dns.resolve(fqdn, 'A', { server: '127.0.0.1', timeout: 5000 }, function (error, result) {
-            if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
-            if (error || !result) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
+            if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, `Unable to resolve ${fqdn}`));
+            if (error || !result) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`));

-            sysinfo.getServerIp(function (error, ip) {
-                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));
+            sysinfo.getPublicIp(function (error, ip) {
+                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));

-                if (result.length !== 1 || ip !== result[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));
+                if (result.length !== 1 || ip !== result[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));

                callback(null, {});
            });
@@ -1,16 +1,13 @@
 'use strict';

 exports = module.exports = {
-    testRegistryConfig: testRegistryConfig,
-    setRegistryConfig: setRegistryConfig,
-    injectPrivateFields: injectPrivateFields,
-    removePrivateFields: removePrivateFields,
+    DockerError: DockerError,

-    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8),
+    connection: connectionInstance(),
+    setRegistryConfig: setRegistryConfig,

    ping: ping,

-    info: info,
    downloadImage: downloadImage,
    createContainer: createContainer,
    startContainer: startContainer,
@@ -25,64 +22,78 @@ exports = module.exports = {
    getContainerIdByIp: getContainerIdByIp,
    inspect: inspect,
    inspectByName: inspect,
-    execContainer: execContainer,
    getEvents: getEvents,
    memoryUsage: memoryUsage,
+    execContainer: execContainer,
    createVolume: createVolume,
    removeVolume: removeVolume,
    clearVolume: clearVolume
 };

+// timeout is optional
+function connectionInstance(timeout) {
+    var Docker = require('dockerode');
+    var docker;
+
+    if (process.env.BOX_ENV === 'test') {
+        // test code runs a docker proxy on this port
+        docker = new Docker({ host: 'http://localhost', port: 5687, timeout: timeout });
+
+        // proxy code uses this to route to the real docker
+        docker.options = { socketPath: '/var/run/docker.sock' };
+    } else {
+        docker = new Docker({ socketPath: '/var/run/docker.sock', timeout: timeout });
+    }
+
+    return docker;
+}
+
 var addons = require('./addons.js'),
    async = require('async'),
    assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    child_process = require('child_process'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
-    debug = require('debug')('box:docker'),
-    Docker = require('dockerode'),
+    debug = require('debug')('box:docker.js'),
+    once = require('once'),
    path = require('path'),
-    settings = require('./settings.js'),
    shell = require('./shell.js'),
-    safe = require('safetydance'),
+    spawn = child_process.spawn,
    util = require('util'),
    _ = require('underscore');

 const CLEARVOLUME_CMD = path.join(__dirname, 'scripts/clearvolume.sh'),
    MKDIRVOLUME_CMD = path.join(__dirname, 'scripts/mkdirvolume.sh');

-const DOCKER_SOCKET_PATH = '/var/run/docker.sock';
-const gConnection = new Docker({ socketPath: DOCKER_SOCKET_PATH });
+function DockerError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');

-function debugApp(app) {
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(DockerError, Error);
+DockerError.INTERNAL_ERROR = 'Internal Error';
+DockerError.NOT_FOUND = 'Not found';
+DockerError.BAD_FIELD = 'Bad field';
+
+function debugApp(app, args) {
    assert(typeof app === 'object');

    debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }

-function testRegistryConfig(auth, callback) {
-    assert.strictEqual(typeof auth, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    gConnection.checkAuth(auth, function (error /*, data */) { // this returns a 500 even for auth errors
-        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error, { field: 'serverAddress' }));
-
-        callback();
-    });
-}
-
-function injectPrivateFields(newConfig, currentConfig) {
-    if (newConfig.password === exports.SECRET_PLACEHOLDER) newConfig.password = currentConfig.password;
-}
-
-function removePrivateFields(registryConfig) {
-    assert.strictEqual(typeof registryConfig, 'object');
-
-    if (registryConfig.password) registryConfig.password = exports.SECRET_PLACEHOLDER;
-
-    return registryConfig;
-}
-
 function setRegistryConfig(auth, callback) {
    assert.strictEqual(typeof auth, 'object');
    assert.strictEqual(typeof callback, 'function');
@@ -90,10 +101,10 @@ function setRegistryConfig(auth, callback) {
    const isLogin = !!auth.password;

    // currently, auth info is not stashed in the db but maybe it should for restore to work?
-    const cmd = isLogin ? `docker login ${auth.serverAddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serverAddress}`;
+    const cmd = isLogin ? `docker login ${auth.serveraddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serveraddress}`;

-    child_process.exec(cmd, { }, function (error /*, stdout, stderr */) {
-        if (error) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+    child_process.exec(cmd, { }, function (error, stdout, stderr) {
+        if (error) return callback(new DockerError(DockerError.BAD_FIELD, stderr));

        callback();
    });
@@ -103,69 +114,37 @@ function ping(callback) {
    assert.strictEqual(typeof callback, 'function');

    // do not let the request linger
-    const connection = new Docker({ socketPath: DOCKER_SOCKET_PATH, timeout: 1000 });
+    var docker = connectionInstance(1000);

-    connection.ping(function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-        if (result !== 'OK') return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to ping the docker daemon'));
+    docker.ping(function (error, result) {
+        if (error) return callback(new DockerError(DockerError.INTERNAL_ERROR, error));
+        if (result !== 'OK') return callback(new DockerError(DockerError.INTERNAL_ERROR, 'Unable to ping the docker daemon'));

        callback(null);
    });
 }

-function getRegistryConfig(image, callback) {
-    // https://github.com/docker/distribution/blob/release/2.7/reference/normalize.go#L62
-    const parts = image.split('/');
-    if (parts.length === 1 || (parts[0].match(/[.:]/) === null)) return callback(null, null); // public docker registry
-
-    settings.getRegistryConfig(function (error, registryConfig) {
-        if (error) return callback(error);
-
-        // https://github.com/apocas/dockerode#pull-from-private-repos
-        const auth = {
-            username: registryConfig.username,
-            password: registryConfig.password,
-            auth: registryConfig.auth || '', // the auth token at login time
-            email: registryConfig.email || '',
-            serveraddress: registryConfig.serverAddress
-        };
-
-        callback(null, auth);
-    });
-}
-
 function pullImage(manifest, callback) {
-    getRegistryConfig(manifest.dockerImage, function (error, authConfig) {
-        if (error) return callback(error);
+    var docker = exports.connection;

-        debug(`pullImage: will pull ${manifest.dockerImage}. auth: ${authConfig ? 'yes' : 'no'}`);
+    // Use docker CLI here to support downloading of private repos. for dockerode, we have to use
+    // https://github.com/apocas/dockerode#pull-from-private-repos
+    shell.spawn('pullImage', '/usr/bin/docker', [ 'pull', manifest.dockerImage ], {}, function (error) {
+        if (error) {
+            debug(`pullImage: Error pulling image ${manifest.dockerImage} of ${manifest.id}: ${error.message}`);
+            return callback(new Error('Failed to pull image'));
+        }

-        gConnection.pull(manifest.dockerImage, { authconfig: authConfig }, function (error, stream) {
-            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to pull image. Please check the network or if the image needs authentication. statusCode: ' + error.statusCode));
+        var image = docker.getImage(manifest.dockerImage);

-            // https://github.com/dotcloud/docker/issues/1074 says each status message
-            // is emitted as a chunk
-            stream.on('data', function (chunk) {
-                var data = safe.JSON.parse(chunk) || { };
-                debug('pullImage: %j', data);
+        image.inspect(function (err, data) {
+            if (err) return callback(new Error('Error inspecting image:' + err.message));
+            if (!data || !data.Config) return callback(new Error('Missing Config in image:' + JSON.stringify(data, null, 4)));
+            if (!data.Config.Entrypoint && !data.Config.Cmd) return callback(new Error('Only images with entry point are allowed'));

-                // The data.status here is useless because this is per layer as opposed to per image
-                if (!data.status && data.error) {
-                    debug('pullImage error %s: %s', manifest.dockerImage, data.errorDetail.message);
-                }
-            });
+            if (data.Config.ExposedPorts) debug('This image of %s exposes ports: %j', manifest.id, data.Config.ExposedPorts);

-            stream.on('end', function () {
-                debug('downloaded image %s', manifest.dockerImage);
-
-                callback(null);
-            });
-
-            stream.on('error', function (error) {
-                debug('error pulling image %s: %j', manifest.dockerImage, error);
-
-                callback(new BoxError(BoxError.DOCKER_ERROR, error.message));
-            });
+            callback(null);
        });
    });
 }
@@ -174,12 +153,12 @@ function downloadImage(manifest, callback) {
    assert.strictEqual(typeof manifest, 'object');
    assert.strictEqual(typeof callback, 'function');

-    debug('downloadImage %s', manifest.dockerImage);
+    debug('downloadImage %s %s', manifest.id, manifest.dockerImage);

    var attempt = 1;

    async.retry({ times: 10, interval: 15000 }, function (retryCallback) {
-        debug('Downloading image %s. attempt: %s', manifest.dockerImage, attempt++);
+        debug('Downloading image %s %s. attempt: %s', manifest.id, manifest.dockerImage, attempt++);

        pullImage(manifest, function (error) {
            if (error) console.error(error);
@@ -196,21 +175,21 @@ function createSubcontainer(app, name, cmd, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    let isAppContainer = !cmd; // non app-containers are like scheduler and exec (terminal) containers
+    var docker = exports.connection,
+        isAppContainer = !cmd; // non app-containers are like scheduler containers

    var manifest = app.manifest;
    var exposedPorts = {}, dockerPortBindings = { };
    var domain = app.fqdn;
-    const hostname = isAppContainer ? app.id : name;

    const envPrefix = manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';

    let stdEnv = [
        'CLOUDRON=1',
        'CLOUDRON_PROXY_IP=172.18.0.1',
-        `CLOUDRON_APP_HOSTNAME=${app.id}`,
-        `${envPrefix}WEBADMIN_ORIGIN=${settings.adminOrigin()}`,
-        `${envPrefix}API_ORIGIN=${settings.adminOrigin()}`,
+        `CLOUDRON_APP_HOSTNAME=${name}`,
+        `${envPrefix}WEBADMIN_ORIGIN=${config.adminOrigin()}`,
+        `${envPrefix}API_ORIGIN=${config.adminOrigin()}`,
        `${envPrefix}APP_ORIGIN=https://${domain}`,
        `${envPrefix}APP_DOMAIN=${domain}`
    ];
@@ -223,7 +202,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
    var portEnv = [];
    for (let portName in app.portBindings) {
        const hostPort = app.portBindings[portName];
-        const portType = (manifest.tcpPorts && portName in manifest.tcpPorts) ? 'tcp' : 'udp';
+        const portType = portName in manifest.tcpPorts ? 'tcp' : 'udp';
        const ports = portType == 'tcp' ? manifest.tcpPorts : manifest.udpPorts;

        var containerPort = ports[portName].containerPort || hostPort;
@@ -251,7 +230,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
    if (!isAppContainer) memoryLimit *= 2;

    addons.getEnvironment(app, function (error, addonEnv) {
-        if (error) return callback(error);
+        if (error) return callback(new Error('Error getting addon environment : ' + error));

        // do no set hostname of containers to location as it might conflict with addons names. for example, an app installed in mail
        // location may not reach mail container anymore by DNS. We cannot set hostname to fqdn either as that sets up the dns
@@ -261,7 +240,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
        var containerOptions = {
            name: name, // for referencing containers
            Tty: isAppContainer,
-            Hostname: hostname,
+            Hostname: name,
            Image: app.manifest.dockerImage,
            Cmd: (isAppContainer && app.debugMode && app.debugMode.cmd) ? app.debugMode.cmd : cmd,
            Env: stdEnv.concat(addonEnv).concat(portEnv).concat(appEnv),
@@ -292,7 +271,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
                PublishAllPorts: false,
                ReadonlyRootfs: app.debugMode ? !!app.debugMode.readonlyRootfs : true,
                RestartPolicy: {
-                    'Name': isAppContainer ? 'unless-stopped' : 'no',
+                    'Name': isAppContainer ? 'always' : 'no',
                    'MaximumRetryCount': 0
                },
                CpuShares: 512, // relative to 1024 for system processes
@@ -322,11 +301,7 @@ function createSubcontainer(app, name, cmd, options, callback) {

        debugApp(app, 'Creating container for %s', app.manifest.dockerImage);

-        gConnection.createContainer(containerOptions, function (error, container) {
-            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-
-            callback(null, container);
-        });
+        docker.createContainer(containerOptions, callback);
    });
 }

@@ -338,13 +313,13 @@ function startContainer(containerId, callback) {
    assert.strictEqual(typeof containerId, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var container = gConnection.getContainer(containerId);
+    var docker = exports.connection;
+
+    var container = docker.getContainer(containerId);
    debug('Starting container %s', containerId);

    container.start(function (error) {
-        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-        if (error && error.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, error)); // e.g start.sh is not executable
-        if (error && error.statusCode !== 304) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        if (error && error.statusCode !== 304) return callback(new Error('Error starting container :' + error));

        return callback(null);
    });
@@ -359,7 +334,8 @@ function stopContainer(containerId, callback) {
        return callback();
    }

-    var container = gConnection.getContainer(containerId);
+    var docker = exports.connection;
+    var container = docker.getContainer(containerId);
    debug('Stopping container %s', containerId);

    var options = {
@@ -367,12 +343,12 @@ function stopContainer(containerId, callback) {
    };

    container.stop(options, function (error) {
-        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error stopping container:' + error.message));
+        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error stopping container:' + error));

        debug('Waiting for container ' + containerId);

        container.wait(function (error, data) {
-            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error waiting on container:' + error.message));
+            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error waiting on container:' + error));

            debug('Container %s stopped with status code [%s]', containerId, data ? String(data.StatusCode) : '');

@@ -389,7 +365,8 @@ function deleteContainer(containerId, callback) {

    if (containerId === null) return callback(null);

-    var container = gConnection.getContainer(containerId);
+    var docker = exports.connection;
+    var container = docker.getContainer(containerId);

    var removeOptions = {
        force: true, // kill container if it's running
@@ -399,12 +376,9 @@ function deleteContainer(containerId, callback) {
    container.remove(removeOptions, function (error) {
        if (error && error.statusCode === 404) return callback(null);

-        if (error) {
-            debug('Error removing container %s : %j', containerId, error);
-            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-        }
+        if (error) debug('Error removing container %s : %j', containerId, error);

-        callback(null);
+        callback(error);
    });
 }

@@ -413,13 +387,15 @@ function deleteContainers(appId, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

+    var docker = exports.connection;
+
    debug('deleting containers of %s', appId);

    let labels = [ 'appId=' + appId ];
    if (options.managedOnly) labels.push('isCloudronManaged=true');

-    gConnection.listContainers({ all: 1, filters: JSON.stringify({ label: labels }) }, function (error, containers) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+    docker.listContainers({ all: 1, filters: JSON.stringify({ label: labels }) }, function (error, containers) {
+        if (error) return callback(error);

        async.eachSeries(containers, function (container, iteratorDone) {
            deleteContainer(container.Id, iteratorDone);
@@ -431,10 +407,12 @@ function stopContainers(appId, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof callback, 'function');

+    var docker = exports.connection;
+
    debug('stopping containers of %s', appId);

-    gConnection.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+    docker.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
+        if (error) return callback(error);

        async.eachSeries(containers, function (container, iteratorDone) {
            stopContainer(container.Id, iteratorDone);
@@ -449,6 +427,8 @@ function deleteImage(manifest, callback) {
    var dockerImage = manifest ? manifest.dockerImage : null;
    if (!dockerImage) return callback(null);

+    var docker = exports.connection;
+
    var removeOptions = {
        force: false, // might be shared with another instance of this app
        noprune: false // delete untagged parents
@@ -457,17 +437,14 @@ function deleteImage(manifest, callback) {
    // registry v1 used to pull down all *tags*. this meant that deleting image by tag was not enough (since that
    // just removes the tag). we used to remove the image by id. this is not required anymore because aliases are
    // not created anymore after https://github.com/docker/docker/pull/10571
-    gConnection.getImage(dockerImage).remove(removeOptions, function (error) {
+    docker.getImage(dockerImage).remove(removeOptions, function (error) {
        if (error && error.statusCode === 400) return callback(null); // invalid image format. this can happen if user installed with a bad --docker-image
        if (error && error.statusCode === 404) return callback(null); // not found
        if (error && error.statusCode === 409) return callback(null); // another container using the image

-        if (error) {
-            debug('Error removing image %s : %j', dockerImage, error);
-            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-        }
+        if (error) debug('Error removing image %s : %j', dockerImage, error);

-        callback(null);
+        callback(error);
    });
 }

@@ -475,9 +452,11 @@ function getContainerIdByIp(ip, callback) {
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');

-    gConnection.getNetwork('cloudron').inspect(function (error, bridge) {
-        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to find the cloudron network'));
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+    var docker = exports.connection;
+
+    docker.getNetwork('cloudron').inspect(function (error, bridge) {
+        if (error && error.statusCode === 404) return callback(new Error('Unable to find the cloudron network'));
+        if (error) return callback(error);

        var containerId;
        for (var id in bridge.Containers) {
@@ -486,7 +465,7 @@ function getContainerIdByIp(ip, callback) {
                break;
            }
        }
-        if (!containerId) return callback(new BoxError(BoxError.DOCKER_ERROR, 'No container with that ip'));
+        if (!containerId) return callback(new Error('No container with that ip'));

        callback(null, containerId);
    });
@@ -496,49 +475,24 @@ function inspect(containerId, callback) {
    assert.strictEqual(typeof containerId, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var container = gConnection.getContainer(containerId);
+    var container = exports.connection.getContainer(containerId);

    container.inspect(function (error, result) {
-        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        if (error && error.statusCode === 404) return callback(new DockerError(DockerError.NOT_FOUND));
+        if (error) return callback(new DockerError(DockerError.INTERNAL_ERROR, error));

        callback(null, result);
    });
 }

-function execContainer(containerId, options, callback) {
-    assert.strictEqual(typeof containerId, 'string');
-    assert.strictEqual(typeof options, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    var container = gConnection.getContainer(containerId);
-
-    container.exec(options.execOptions, function (error, exec) {
-        if (error && error.statusCode === 409) return callback(new BoxError(BoxError.BAD_STATE, error.message)); // container restarting/not running
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-
-        exec.start(options.startOptions, function(error, stream /* in hijacked mode, this is a net.socket */) {
-            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
-
-            if (options.rows && options.columns) {
-                // there is a race where resizing too early results in a 404 "no such exec"
-                // https://git.cloudron.io/cloudron/box/issues/549
-                setTimeout(function () {
-                    exec.resize({ h: options.rows, w: options.columns }, function (error) { if (error) debug('Error resizing console', error); });
-                }, 2000);
-            }
-
-            callback(null, stream);
-        });
-    });
-}
-
 function getEvents(options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    gConnection.getEvents(options, function (error, stream) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+    let docker = exports.connection;
+
+    docker.getEvents(options, function (error, stream) {
+        if (error) return callback(new DockerError(DockerError.INTERNAL_ERROR, error));

        callback(null, stream);
    });
@@ -548,22 +502,55 @@ function memoryUsage(containerId, callback) {
    assert.strictEqual(typeof containerId, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var container = gConnection.getContainer(containerId);
+    var container = exports.connection.getContainer(containerId);

    container.stats({ stream: false }, function (error, result) {
-        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        if (error && error.statusCode === 404) return callback(new DockerError(DockerError.NOT_FOUND));
+        if (error) return callback(new DockerError(DockerError.INTERNAL_ERROR, error));

        callback(null, result);
    });
 }

+function execContainer(containerId, cmd, options, callback) {
+    assert.strictEqual(typeof containerId, 'string');
+    assert(util.isArray(cmd));
+    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    callback = once(callback); // ChildProcess exit may or may not be called after error
+
+    var cp = spawn('/usr/bin/docker', [ 'exec', '-i', containerId  ].concat(cmd));
+
+    var chunks = [ ];
+
+    if (options.stdout) {
+        cp.stdout.pipe(options.stdout);
+    } else if (options.bufferStdout) {
+        cp.stdout.on('data', function (chunk) { chunks.push(chunk); });
+    } else {
+        cp.stdout.pipe(process.stdout);
+    }
+
+    cp.on('error', callback);
+    cp.on('exit', function (code, signal) {
+        debug('execContainer code: %s signal: %s', code, signal);
+        if (!callback.called) callback(code ? 'Failed with status ' + code : null, Buffer.concat(chunks));
+    });
+
+    cp.stderr.pipe(options.stderr || process.stderr);
+
+    if (options.stdin) options.stdin.pipe(cp.stdin).on('error', callback);
+}
+
 function createVolume(app, name, volumeDataDir, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof volumeDataDir, 'string');
    assert.strictEqual(typeof callback, 'function');

+    let docker = exports.connection;
+
    const volumeOptions = {
        Name: name,
        Driver: 'local',
@@ -580,10 +567,10 @@ function createVolume(app, name, volumeDataDir, callback) {

    // requires sudo because the path can be outside appsdata
    shell.sudo('createVolume', [ MKDIRVOLUME_CMD, volumeDataDir ], {}, function (error) {
-        if (error) return callback(new BoxError(BoxError.FS_ERROR, `Error creating app data dir: ${error.message}`));
+        if (error) return callback(new Error(`Error creating app data dir: ${error.message}`));

-        gConnection.createVolume(volumeOptions, function (error) {
-            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        docker.createVolume(volumeOptions, function (error) {
+            if (error) return callback(error);

            callback();
        });
@@ -596,17 +583,14 @@ function clearVolume(app, name, options, callback) {
    assert.strictEqual(typeof options, 'object');
    assert.strictEqual(typeof callback, 'function');

-    let volume = gConnection.getVolume(name);
+    let docker = exports.connection;
+    let volume = docker.getVolume(name);
    volume.inspect(function (error, v) {
        if (error && error.statusCode === 404) return callback();
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        if (error) return callback(error);

        const volumeDataDir = v.Options.device;
-        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, function (error) {
-            if (error) return callback(new BoxError(BoxError.FS_ERROR, error));
-
-            callback();
-        });
+        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, callback);
    });
 }

@@ -616,20 +600,12 @@ function removeVolume(app, name, callback) {
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof callback, 'function');

-    let volume = gConnection.getVolume(name);
+    let docker = exports.connection;
+
+    let volume = docker.getVolume(name);
    volume.remove(function (error) {
-        if (error && error.statusCode !== 404) return callback(new BoxError(BoxError.DOCKER_ERROR, `removeVolume: Error removing volume of ${app.id} ${error.message}`));
+        if (error && error.statusCode !== 404) return callback(new Error(`removeVolume: Error removing volume of ${app.id} ${error.message}`));

        callback();
    });
 }
-
-function info(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    gConnection.info(function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error connecting to docker'));
-
-        callback(null, result);
-    });
-}
@@ -6,9 +6,9 @@ exports = module.exports = {
 };

 var apps = require('./apps.js'),
+    AppsError = apps.AppsError,
    assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
    express = require('express'),
    debug = require('debug')('box:dockerproxy'),
    http = require('http'),
@@ -29,13 +29,13 @@ function authorizeApp(req, res, next) {
    // - only allow managing and inspection of containers belonging to the app

    // make the tests pass for now
-    if (constants.TEST) {
+    if (config.TEST) {
        req.app = { id: 'testappid' };
        return next();
    }

    apps.getByIpAddress(req.connection.remoteAddress, function (error, app) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
+        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
        if (error) return next(new HttpError(500, error));

        if (!('docker' in app.manifest.addons)) return next(new HttpError(401, 'Unauthorized'));
@@ -67,7 +67,6 @@ function attachDockerRequest(req, res, next) {
    next();
 }

-// eslint-disable-next-line no-unused-vars
 function containersCreate(req, res, next) {
    safe.set(req.body, 'HostConfig.NetworkMode', 'cloudron'); // overwrite the network the container lives in
    safe.set(req.body, 'NetworkingConfig', {}); // drop any custom network configs
@@ -98,7 +97,6 @@ function containersCreate(req, res, next) {
    req.dockerRequest.end(plainBody);
 }

-// eslint-disable-next-line no-unused-vars
 function process(req, res, next) {
    // we have to rebuild the body since we consumed in in the parser
    if (Object.keys(req.body).length !== 0) {
@@ -122,7 +120,7 @@ function start(callback) {

    let proxyServer = express();

-    if (constants.TEST) {
+    if (config.TEST) {
        proxyServer.use(function (req, res, next) {
            debug('proxying: ' + req.method, req.url);
            next();
@@ -137,14 +135,10 @@ function start(callback) {
        .use(middleware.lastMile());

    gHttpServer = http.createServer(proxyServer);
-    gHttpServer.listen(constants.DOCKER_PROXY_PORT, '0.0.0.0', callback);
+    gHttpServer.listen(config.get('dockerProxyPort'), '0.0.0.0', callback);

-    // Overwrite the default 2min request timeout. This is required for large builds for example
-    gHttpServer.setTimeout(60 * 60 * 1000);
+    debug(`startDockerProxy: started proxy on port ${config.get('dockerProxyPort')}`);

-    debug(`startDockerProxy: started proxy on port ${constants.DOCKER_PROXY_PORT}`);
-
-    // eslint-disable-next-line no-unused-vars
    gHttpServer.on('upgrade', function (req, client, head) {
        // Create a new tcp connection to the TCP server
        var remote = net.connect('/var/run/docker.sock', function () {
@@ -156,7 +150,7 @@ function start(callback) {
            if (req.headers['content-type'] === 'application/json') {
                // TODO we have to parse the immediate upgrade request body, but I don't know how
                let plainBody = '{"Detach":false,"Tty":false}\r\n';
-                upgradeMessage += 'Content-Type: application/json\r\n';
+                upgradeMessage += `Content-Type: application/json\r\n`;
                upgradeMessage += `Content-Length: ${Buffer.byteLength(plainBody)}\r\n`;
                upgradeMessage += '\r\n';
                upgradeMessage += plainBody;
@@ -12,8 +12,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror'),
    safe = require('safetydance');

 var DOMAINS_FIELDS = [ 'domain', 'zoneName', 'provider', 'configJson', 'tlsConfigJson', 'locked' ].join(',');
@@ -34,8 +34,8 @@ function get(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query(`SELECT ${DOMAINS_FIELDS} FROM domains WHERE domain=?`, [ domain ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        postProcess(result[0]);

@@ -45,7 +45,7 @@ function get(domain, callback) {

 function getAll(callback) {
    database.query(`SELECT ${DOMAINS_FIELDS} FROM domains ORDER BY domain`, function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);

@@ -63,8 +63,8 @@ function add(name, domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO domains (domain, zoneName, provider, configJson, tlsConfigJson) VALUES (?, ?, ?, ?, ?)', [ name, domain.zoneName, domain.provider, JSON.stringify(domain.config), JSON.stringify(domain.tlsConfig) ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -91,8 +91,8 @@ function update(name, domain, callback) {
    args.push(name);

    database.query('UPDATE domains SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -103,9 +103,9 @@ function del(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM domains WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -113,7 +113,7 @@ function del(domain, callback) {

 function clear(callback) {
    database.query('DELETE FROM domains', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(error);
    });
@@ -26,28 +26,59 @@ module.exports = exports = {

    parentDomain: parentDomain,

-    checkDnsRecords: checkDnsRecords,
-
    prepareDashboardDomain: prepareDashboardDomain,

+    DomainsError: DomainsError,
+
    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8)
 };

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:domains'),
    domaindb = require('./domaindb.js'),
    eventlog = require('./eventlog.js'),
    reverseProxy = require('./reverseproxy.js'),
+    ReverseProxyError = reverseProxy.ReverseProxyError,
    safe = require('safetydance'),
-    settings = require('./settings.js'),
    sysinfo = require('./sysinfo.js'),
    tld = require('tldjs'),
    util = require('util'),
    _ = require('underscore');

+function DomainsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(DomainsError, Error);
+
+DomainsError.NOT_FOUND = 'No such domain';
+DomainsError.ALREADY_EXISTS = 'Domain already exists';
+DomainsError.EXTERNAL_ERROR = 'External error';
+DomainsError.BAD_FIELD = 'Bad Field';
+DomainsError.STILL_BUSY = 'Still busy';
+DomainsError.IN_USE = 'In Use';
+DomainsError.INTERNAL_ERROR = 'Internal error';
+DomainsError.ACCESS_DENIED = 'Access denied';
+DomainsError.INVALID_PROVIDER = 'provider must be route53, gcdns, digitalocean, gandi, cloudflare, namecom, noop, wildcard, manual or caas';
+
 // choose which subdomain backend we use for test purpose we use route53
 function api(provider) {
    assert.strictEqual(typeof provider, 'string');
@@ -82,14 +113,16 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, provider, callback) {
    assert.strictEqual(typeof callback, 'function');

    var backend = api(provider);
-    if (!backend) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid provider', { field: 'provider' }));
+    if (!backend) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid provider'));

    const domainObject = { config: dnsConfig, domain: domain, zoneName: zoneName };
    api(provider).verifyDnsConfig(domainObject, function (error, result) {
-        if (error && error.reason === BoxError.ACCESS_DENIED) return callback(new BoxError(BoxError.BAD_FIELD, 'Incorrect configuration. Access denied'));
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.BAD_FIELD, 'Zone not found'));
-        if (error && error.reason === BoxError.EXTERNAL_ERROR) return callback(new BoxError(BoxError.BAD_FIELD, 'Configuration error: ' + error.message));
-        if (error) return callback(error);
+        if (error && error.reason === DomainsError.ACCESS_DENIED) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Incorrect configuration. Access denied'));
+        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Zone not found'));
+        if (error && error.reason === DomainsError.EXTERNAL_ERROR) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Configuration error: ' + error.message));
+        if (error && error.reason === DomainsError.BAD_FIELD) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+        if (error && error.reason === DomainsError.INVALID_PROVIDER) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        result.hyphenatedSubdomains = !!dnsConfig.hyphenatedSubdomains;

@@ -115,25 +148,25 @@ function validateHostname(location, domainObject) {
        constants.SMTP_LOCATION,
        constants.IMAP_LOCATION
    ];
-    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
+    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');

-    if (hostname === settings.adminFqdn()) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
+    if (hostname === config.adminFqdn()) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');

    // workaround https://github.com/oncletom/tld.js/issues/73
    var tmp = hostname.replace('_', '-');
-    if (!tld.isValid(tmp)) return new BoxError(BoxError.BAD_FIELD, 'Hostname is not a valid domain name', { field: 'location' });
+    if (!tld.isValid(tmp)) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname is not a valid domain name');

-    if (hostname.length > 253) return new BoxError(BoxError.BAD_FIELD, 'Hostname length exceeds 253 characters', { field: 'location' });
+    if (hostname.length > 253) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname length exceeds 253 characters');

    if (location) {
        // label validation
-        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new BoxError(BoxError.BAD_FIELD, 'Invalid subdomain length', { field: 'location' });
-        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new BoxError(BoxError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot', { field: 'location' });
-        if (/^[-.]/.test(location)) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot', { field: 'location' });
+        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new DomainsError(DomainsError.BAD_FIELD, 'Invalid subdomain length');
+        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot');
+        if (/^[-.]/.test(location)) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot');
    }

    if (domainObject.config.hyphenatedSubdomains) {
-        if (location.indexOf('.') !== -1) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot contain a dot', { field: 'location' });
+        if (location.indexOf('.') !== -1) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot contain a dot');
    }

    return null;
@@ -150,12 +183,12 @@ function validateTlsConfig(tlsConfig, dnsProvider) {
    case 'caas':
        break;
    default:
-        return new BoxError(BoxError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging', { field: 'tlsProvider' });
+        return new DomainsError(DomainsError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging');
    }

    if (tlsConfig.wildcard) {
-        if (!tlsConfig.provider.startsWith('letsencrypt')) return new BoxError(BoxError.BAD_FIELD, 'wildcard can only be set with letsencrypt', { field: 'wildcard' });
-        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new BoxError(BoxError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend', { field: 'tlsProvider' });
+        if (!tlsConfig.provider.startsWith('letsencrypt')) return new DomainsError(DomainsError.BAD_FIELD, 'wildcard can only be set with letsencrypt');
+        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new DomainsError(DomainsError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend');
    }

    return null;
@@ -172,22 +205,22 @@ function add(domain, data, auditSource, callback) {

    let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;

-    if (!tld.isValid(domain)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
-    if (domain.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
+    if (!tld.isValid(domain)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));
+    if (domain.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));

    if (zoneName) {
-        if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
-        if (zoneName.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
+        if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
+        if (zoneName.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
    } else {
        zoneName = tld.getDomain(domain) || domain;
    }

    if (fallbackCertificate) {
        let error = reverseProxy.validateCertificate('test', { domain, config }, fallbackCertificate);
-        if (error) return callback(error);
+        if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
    } else {
        fallbackCertificate = reverseProxy.generateFallbackCertificateSync({ domain, config });
-        if (fallbackCertificate.error) return callback(error);
+        if (fallbackCertificate.error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, fallbackCertificate.error));
    }

    let error = validateTlsConfig(tlsConfig, provider);
@@ -197,10 +230,11 @@ function add(domain, data, auditSource, callback) {
        if (error) return callback(error);

        domaindb.add(domain, { zoneName: zoneName, provider: provider, config: sanitizedConfig, tlsConfig: tlsConfig }, function (error) {
-            if (error) return callback(error);
+            if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new DomainsError(DomainsError.ALREADY_EXISTS));
+            if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

            reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                if (error) return callback(error);
+                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

                eventlog.add(eventlog.ACTION_DOMAIN_ADD, auditSource, { domain, zoneName, provider });

@@ -215,14 +249,17 @@ function get(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    domaindb.get(domain, function (error, result) {
-        if (error) return callback(error);
+        // TODO try to find subdomain entries maybe based on zoneNames or so
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+
+        reverseProxy.getFallbackCertificate(domain, function (error, bundle) {
+            if (error && error.reason !== ReverseProxyError.NOT_FOUND) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

-        reverseProxy.getFallbackCertificate(domain, function (_, bundle) { // never returns an error
            var cert = safe.fs.readFileSync(bundle.certFilePath, 'utf-8');
            var key = safe.fs.readFileSync(bundle.keyFilePath, 'utf-8');

-            // do not error here. otherwise, there is no way to fix things up from the UI
-            if (!cert || !key) debug(`Unable to read fallback certificates of ${domain} from disk`);
+            if (!cert || !key) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, 'unable to read certificates from disk'));

            result.fallbackCertificate = { cert: cert, key: key };

@@ -235,7 +272,7 @@ function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    domaindb.getAll(function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -254,17 +291,18 @@ function update(domain, data, auditSource, callback) {
    let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;

    domaindb.get(domain, function (error, domainObject) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        if (zoneName) {
-            if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
+            if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
        } else {
            zoneName = domainObject.zoneName;
        }

        if (fallbackCertificate) {
            let error = reverseProxy.validateCertificate('test', domainObject, fallbackCertificate);
-            if (error) return callback(error);
+            if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
        }

        error = validateTlsConfig(tlsConfig, provider);
@@ -283,12 +321,13 @@ function update(domain, data, auditSource, callback) {
            };

            domaindb.update(domain, newData, function (error) {
-                if (error) return callback(error);
+                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
+                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

                if (!fallbackCertificate) return callback();

                reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                    if (error) return callback(error);
+                    if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

                    eventlog.add(eventlog.ACTION_DOMAIN_UPDATE, auditSource, { domain, zoneName, provider });

@@ -304,10 +343,12 @@ function del(domain, auditSource, callback) {
    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof callback, 'function');

-    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT, 'Cannot remove admin domain'));
+    if (domain === config.adminDomain()) return callback(new DomainsError(DomainsError.IN_USE));

    domaindb.del(domain, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
+        if (error && error.reason === DatabaseError.IN_USE) return callback(new DomainsError(DomainsError.IN_USE));
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        eventlog.add(eventlog.ACTION_DOMAIN_REMOVE, auditSource, { domain });

@@ -319,7 +360,7 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    domaindb.clear(function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        return callback(null);
    });
@@ -353,7 +394,7 @@ function getDnsRecords(location, domain, type, callback) {
    assert.strictEqual(typeof callback, 'function');

    get(domain, function (error, domainObject) {
-        if (error) return callback(error);
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        api(domainObject.provider).get(domainObject, location, type, function (error, values) {
            if (error) return callback(error);
@@ -363,25 +404,6 @@ function getDnsRecords(location, domain, type, callback) {
    });
 }

-function checkDnsRecords(location, domain, callback) {
-    assert.strictEqual(typeof location, 'string');
-    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    getDnsRecords(location, domain, 'A', function (error, values) {
-        if (error) return callback(error);
-
-        sysinfo.getServerIp(function (error, ip) {
-            if (error) return callback(error);
-
-            if (values.length === 0) return callback(null, { needsOverwrite: false }); // does not exist
-            if (values[0] === ip) return callback(null, { needsOverwrite: false }); // exists but in sync
-
-            callback(null, { needsOverwrite: true });
-        });
-    });
-}
-
 // note: for TXT records the values must be quoted
 function upsertDnsRecords(location, domain, type, values, callback) {
    assert.strictEqual(typeof location, 'string');
@@ -393,7 +415,7 @@ function upsertDnsRecords(location, domain, type, values, callback) {
    debug('upsertDNSRecord: %s on %s type %s values', location, domain, type, values);

    get(domain, function (error, domainObject) {
-        if (error) return callback(error);
+        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));

        api(domainObject.provider).upsert(domainObject, location, type, values, function (error) {
            if (error) return callback(error);
@@ -416,7 +438,7 @@ function removeDnsRecords(location, domain, type, values, callback) {
        if (error) return callback(error);

        api(domainObject.provider).del(domainObject, location, type, values, function (error) {
-            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+            if (error && error.reason !== DomainsError.NOT_FOUND) return callback(error);

            callback(null);
        });
@@ -471,17 +493,15 @@ function prepareDashboardDomain(domain, auditSource, progressCallback, callback)
    get(domain, function (error, domainObject) {
        if (error) return callback(error);

-        const adminFqdn = fqdn(constants.ADMIN_LOCATION, domainObject);
-
-        sysinfo.getServerIp(function (error, ip) {
-            if (error) return callback(error);
+        sysinfo.getPublicIp(function (error, ip) {
+            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

            async.series([
-                (done) => { progressCallback({ percent: 10, message: `Updating DNS of ${adminFqdn}` }); done(); },
+                (done) => { progressCallback({ percent: 10, message: 'Updating DNS' }); done(); },
                upsertDnsRecords.bind(null, constants.ADMIN_LOCATION, domain, 'A', [ ip ]),
-                (done) => { progressCallback({ percent: 40, message: `Waiting for DNS of ${adminFqdn}` }); done(); },
+                (done) => { progressCallback({ percent: 40, message: 'Waiting for DNS' }); done(); },
                waitForDnsRecord.bind(null, constants.ADMIN_LOCATION, domain, 'A', ip, { interval: 30000, times: 50000 }),
-                (done) => { progressCallback({ percent: 70, message: `Getting certificate of ${adminFqdn}` }); done(); },
+                (done) => { progressCallback({ percent: 70, message: 'Getting certificate' }); done(); },
                reverseProxy.ensureCertificate.bind(null, fqdn(constants.ADMIN_LOCATION, domainObject), domain, auditSource)
            ], function (error) {
                if (error) return callback(error);
@@ -4,16 +4,17 @@ exports = module.exports = {
    sync: sync
 };

-let apps = require('./apps.js'),
+var appdb = require('./appdb.js'),
+    apps = require('./apps.js'),
    assert = require('assert'),
    async = require('async'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
    debug = require('debug')('box:dyndns'),
    domains = require('./domains.js'),
    eventlog = require('./eventlog.js'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
-    settings = require('./settings.js'),
    sysinfo = require('./sysinfo.js');

 // called for dynamic dns setups where we have to update the IP
@@ -21,7 +22,7 @@ function sync(auditSource, callback) {
    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof callback, 'function');

-    sysinfo.getServerIp(function (error, ip) {
+    sysinfo.getPublicIp(function (error, ip) {
        if (error) return callback(error);

        let info = safe.JSON.parse(safe.fs.readFileSync(paths.DYNDNS_INFO_FILE, 'utf8')) || { ip: null };
@@ -32,7 +33,7 @@ function sync(auditSource, callback) {

        debug(`refreshDNS: updating ip from ${info.ip} to ${ip}`);

-        domains.upsertDnsRecords(constants.ADMIN_LOCATION, settings.adminDomain(), 'A', [ ip ], function (error) {
+        domains.upsertDnsRecords(constants.ADMIN_LOCATION, config.adminDomain(), 'A', [ ip ], function (error) {
            if (error) return callback(error);

            debug('refreshDNS: updated admin location');
@@ -42,7 +43,7 @@ function sync(auditSource, callback) {

                async.each(result, function (app, callback) {
                    // do not change state of installing apps since apptask will error if dns record already exists
-                    if (app.installationState !== apps.ISTATE_INSTALLED) return callback();
+                    if (app.installationState !== appdb.ISTATE_INSTALLED) return callback();

                    domains.upsertDnsRecords(app.location, app.domain, 'A', [ ip ], callback);
                }, function (error) {
@@ -1,6 +1,8 @@
 'use strict';

 exports = module.exports = {
+    EventLogError: EventLogError,
+
    add: add,
    get: get,
    getAllPaged: getAllPaged,
@@ -11,7 +13,6 @@ exports = module.exports = {
    ACTION_ACTIVATE: 'cloudron.activate',
    ACTION_APP_CLONE: 'app.clone',
    ACTION_APP_CONFIGURE: 'app.configure',
-    ACTION_APP_REPAIR: 'app.repair',
    ACTION_APP_INSTALL: 'app.install',
    ACTION_APP_RESTORE: 'app.restore',
    ACTION_APP_UNINSTALL: 'app.uninstall',
@@ -21,10 +22,13 @@ exports = module.exports = {
    ACTION_APP_OOM: 'app.oom',
    ACTION_APP_UP: 'app.up',
    ACTION_APP_DOWN: 'app.down',
+    ACTION_APP_TASK_START: 'app.task.start',
+    ACTION_APP_TASK_CRASH: 'app.task.crash',
+    ACTION_APP_TASK_SUCCESS: 'app.task.success',

    ACTION_BACKUP_FINISH: 'backup.finish',
    ACTION_BACKUP_START: 'backup.start',
-    ACTION_BACKUP_CLEANUP_START: 'backup.cleanup.start', // obsolete
+    ACTION_BACKUP_CLEANUP_START: 'backup.cleanup.start',
    ACTION_BACKUP_CLEANUP_FINISH: 'backup.cleanup.finish',

    ACTION_CERTIFICATE_NEW: 'certificate.new',
@@ -47,7 +51,6 @@ exports = module.exports = {
    ACTION_RESTORE: 'cloudron.restore', // unused
    ACTION_START: 'cloudron.start',
    ACTION_UPDATE: 'cloudron.update',
-    ACTION_UPDATE_FINISH: 'cloudron.update.finish',

    ACTION_USER_ADD: 'user.add',
    ACTION_USER_LOGIN: 'user.login',
@@ -57,13 +60,11 @@ exports = module.exports = {

    ACTION_DYNDNS_UPDATE: 'dyndns.update',

-    ACTION_SUPPORT_TICKET: 'support.ticket',
-    ACTION_SUPPORT_SSH: 'support.ssh',
-
    ACTION_PROCESS_CRASH: 'system.crash'
 };

 var assert = require('assert'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:eventlog'),
    eventlogdb = require('./eventlogdb.js'),
    notifications = require('./notifications.js'),
@@ -72,6 +73,28 @@ var assert = require('assert'),

 var NOOP_CALLBACK = function (error) { if (error) debug(error); };

+function EventLogError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(EventLogError, Error);
+EventLogError.INTERNAL_ERROR = 'Internal error';
+EventLogError.NOT_FOUND = 'Not Found';
+
 function add(action, source, data, callback) {
    assert.strictEqual(typeof action, 'string');
    assert.strictEqual(typeof source, 'object');
@@ -83,10 +106,10 @@ function add(action, source, data, callback) {
    // we do only daily upserts for login actions, so they don't spam the db
    var api = action === exports.ACTION_USER_LOGIN ? eventlogdb.upsert : eventlogdb.add;
    api(uuid.v4(), action, source, data, function (error, id) {
-        if (error) return callback(error);
+        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

        notifications.onEvent(id, action, source, data, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

            callback(null, { id: id });
        });
@@ -98,7 +121,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    eventlogdb.get(id, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new EventLogError(EventLogError.NOT_FOUND, 'No such event'));
+        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -112,7 +136,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
    assert.strictEqual(typeof callback, 'function');

    eventlogdb.getAllPaged(actions, search, page, perPage, function (error, events) {
-        if (error) return callback(error);
+        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

        callback(null, events);
    });
@@ -123,7 +147,7 @@ function getByCreationTime(creationTime, callback) {
    assert.strictEqual(typeof callback, 'function');

    eventlogdb.getByCreationTime(creationTime, function (error, events) {
-        if (error) return callback(error);
+        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

        callback(null, events);
    });
@@ -136,7 +160,7 @@ function cleanup(callback) {
    d.setDate(d.getDate() - 10); // 10 days ago

    eventlogdb.delByCreationTime(d, function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -14,8 +14,8 @@ exports = module.exports = {

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror'),
    mysql = require('mysql'),
    safe = require('safetydance'),
    util = require('util');
@@ -35,8 +35,8 @@ function get(eventId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE id = ?', [ eventId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Eventlog not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, postProcess(result[0]));
    });
@@ -68,7 +68,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
    data.push(perPage);

    database.query(query, data, function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);

@@ -82,7 +82,7 @@ function getByCreationTime(creationTime, callback) {

    var query = 'SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE creationTime >= ? ORDER BY creationTime DESC';
    database.query(query, [ creationTime ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);

@@ -98,8 +98,8 @@ function add(id, action, source, data, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO eventlog (id, action, source, data) VALUES (?, ?, ?, ?)', [ id, action, JSON.stringify(source), JSON.stringify(data) ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, id);
    });
@@ -123,7 +123,7 @@ function upsert(id, action, source, data, callback) {
    }];

    database.transaction(queries, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        if (result[0].affectedRows >= 1) return callback(null, result[1][0].id);

        // no existing eventlog found, create one
@@ -135,7 +135,7 @@ function count(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT COUNT(*) AS total FROM eventlog', function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        return callback(null, result[0].total);
    });
@@ -143,7 +143,7 @@ function count(callback) {

 function clear(callback) {
    database.query('DELETE FROM eventlog', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -155,7 +155,7 @@ function delByCreationTime(creationTime, callback) {

    // remove notifications that reference the events as well
    database.query('SELECT * FROM eventlog WHERE creationTime <= ?', [ creationTime ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        async.eachSeries(result, function (item, iteratorCallback) {
            async.series([
@@ -163,7 +163,7 @@ function delByCreationTime(creationTime, callback) {
                database.query.bind(null, 'DELETE FROM eventlog WHERE id=?', [ item.id ])
            ], iteratorCallback);
        }, function (error) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -1,322 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    search: search,
-    verifyPassword: verifyPassword,
-    createAndVerifyUserIfNotExist: createAndVerifyUserIfNotExist,
-
-    testConfig: testConfig,
-    startSyncer: startSyncer,
-
-    injectPrivateFields: injectPrivateFields,
-    removePrivateFields: removePrivateFields,
-
-    sync: sync
-};
-
-var assert = require('assert'),
-    async = require('async'),
-    auditSource = require('./auditsource.js'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
-    debug = require('debug')('box:externalldap'),
-    ldap = require('ldapjs'),
-    settings = require('./settings.js'),
-    tasks = require('./tasks.js'),
-    users = require('./users.js');
-
-function injectPrivateFields(newConfig, currentConfig) {
-    if (newConfig.bindPassword === constants.SECRET_PLACEHOLDER) newConfig.bindPassword = currentConfig.bindPassword;
-}
-
-function removePrivateFields(ldapConfig) {
-    assert.strictEqual(typeof ldapConfig, 'object');
-    if (ldapConfig.bindPassword) ldapConfig.bindPassword = constants.SECRET_PLACEHOLDER;
-    return ldapConfig;
-}
-
-function translateUser(ldapConfig, ldapUser) {
-    assert.strictEqual(typeof ldapConfig, 'object');
-
-    return {
-        username: ldapUser[ldapConfig.usernameField],
-        email: ldapUser.mail,
-        displayName: ldapUser.cn // user.giveName + ' ' + user.sn
-    };
-}
-
-function validUserRequirements(user) {
-    if (!user.username || !user.email || !user.displayName) {
-        debug(`[LDAP user empty username/email/displayName] username=${user.username} email=${user.email} displayName=${user.displayName}`);
-        return false;
-    } else {
-        return true;
-    }
-}
-
-// performs service bind if required
-function getClient(externalLdapConfig, callback) {
-    assert.strictEqual(typeof externalLdapConfig, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    // basic validation to not crash
-    try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
-    try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
-
-    var client;
-    try {
-        client = ldap.createClient({ url: externalLdapConfig.url });
-    } catch (e) {
-        if (e instanceof ldap.ProtocolError) return callback(new BoxError(BoxError.BAD_FIELD, 'url protocol is invalid'));
-        return callback(new BoxError(BoxError.INTERNAL_ERROR, e));
-    }
-
-    if (!externalLdapConfig.bindDn) return callback(null, client);
-
-    client.bind(externalLdapConfig.bindDn, externalLdapConfig.bindPassword, function (error) {
-        if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
-
-        callback(null, client, externalLdapConfig);
-    });
-}
-
-
-// TODO support search by email
-function ldapSearch(externalLdapConfig, options, callback) {
-    assert.strictEqual(typeof externalLdapConfig, 'object');
-    assert.strictEqual(typeof options, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    getClient(externalLdapConfig, function (error, client) {
-        if (error) return callback(error);
-
-        let searchOptions = {
-            paged: true,
-            filter: ldap.parseFilter(externalLdapConfig.filter),
-            scope: 'sub'    // We may have to make this configurable
-        };
-
-        if (options.filter) { // https://github.com/ldapjs/node-ldapjs/blob/master/docs/filters.md
-            let extraFilter = ldap.parseFilter(options.filter);
-            searchOptions.filter = new ldap.AndFilter({ filters: [ extraFilter, searchOptions.filter ] });
-        }
-
-        debug(`Listing users at ${externalLdapConfig.baseDn} with filter ${searchOptions.filter.toString()}`);
-
-        client.search(externalLdapConfig.baseDn, searchOptions, function (error, result) {
-            if (error instanceof ldap.NoSuchObjectError) return callback(new BoxError(BoxError.NOT_FOUND));
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
-
-            let ldapUsers = [];
-
-            result.on('searchEntry', entry => ldapUsers.push(entry.object));
-            result.on('error', error => callback(new BoxError(BoxError.EXTERNAL_ERROR, error)));
-
-            result.on('end', function (result) {
-                client.unbind();
-
-                if (result.status !== 0) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Server returned status ' + result.status));
-
-                callback(null, ldapUsers);
-            });
-        });
-    });
-}
-
-function testConfig(config, callback) {
-    assert.strictEqual(typeof config, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    if (config.provider === 'noop') return callback();
-
-    if (!config.url) return callback(new BoxError(BoxError.BAD_FIELD, 'url must not be empty'));
-    if (!config.url.startsWith('ldap://') && !config.url.startsWith('ldaps://')) return callback(new BoxError(BoxError.BAD_FIELD, 'url is missing ldap:// or ldaps:// prefix'));
-    if (!config.usernameField) config.usernameField = 'uid';
-
-    // bindDn may not be a dn!
-    if (!config.baseDn) return callback(new BoxError(BoxError.BAD_FIELD, 'basedn must not be empty'));
-    try { ldap.parseDN(config.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
-
-    if (!config.filter) return callback(new BoxError(BoxError.BAD_FIELD, 'filter must not be empty'));
-    try { ldap.parseFilter(config.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
-
-    getClient(config, function (error, client) {
-        if (error) return callback(error);
-
-        var opts = {
-            filter: config.filter,
-            scope: 'sub'
-        };
-
-        client.search(config.baseDn, opts, function (error, result) {
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
-
-            result.on('searchEntry', function (/* entry */) {});
-            result.on('error', function (error) { client.unbind(); callback(new BoxError(BoxError.BAD_FIELD, `Unable to search directory: ${error.message}`)); });
-            result.on('end', function (/* result */) { client.unbind(); callback(); });
-        });
-    });
-}
-
-function search(identifier, callback) {
-    assert.strictEqual(typeof identifier, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(error);
-        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
-
-        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${identifier}` }, function (error, ldapUsers) {
-            if (error) return callback(error);
-
-            // translate ldap properties to ours
-            let users = ldapUsers.map(function (u) { return translateUser(externalLdapConfig, u); });
-
-            callback(null, users);
-        });
-    });
-}
-
-function createAndVerifyUserIfNotExist(identifier, password, callback) {
-    assert.strictEqual(typeof identifier, 'string');
-    assert.strictEqual(typeof password, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(error);
-        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
-        if (!externalLdapConfig.autoCreate) return callback(new BoxError(BoxError.BAD_STATE, 'auto create not enabled'));
-
-        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${identifier}` }, function (error, ldapUsers) {
-            if (error) return callback(error);
-            if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
-            if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
-
-            let user = translateUser(externalLdapConfig, ldapUsers[0]);
-            if (!validUserRequirements(user)) return callback(new BoxError(BoxError.BAD_FIELD));
-
-            users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_AUTO_CREATE, function (error, user) {
-                if (error) {
-                    console.error('Failed to auto create user', user.username, error);
-                    return callback(new BoxError(BoxError.INTERNAL_ERROR));
-                }
-
-                verifyPassword(user, password, function (error) {
-                    if (error) return callback(error);
-                    callback(null, user);
-                });
-            });
-        });
-    });
-}
-
-function verifyPassword(user, password, callback) {
-    assert.strictEqual(typeof user, 'object');
-    assert.strictEqual(typeof password, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(error);
-        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
-
-        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${user.username}` }, function (error, ldapUsers) {
-            if (error) return callback(error);
-            if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
-            if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
-
-            let client = ldap.createClient({ url: externalLdapConfig.url });
-            client.bind(ldapUsers[0].dn, password, function (error) {
-                if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
-
-                callback(null, translateUser(externalLdapConfig, ldapUsers[0]));
-            });
-        });
-    });
-}
-
-function startSyncer(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(error);
-        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
-
-        tasks.add(tasks.TASK_SYNC_EXTERNAL_LDAP, [], function (error, taskId) {
-            if (error) return callback(error);
-
-            tasks.startTask(taskId, {}, function (error, result) {
-                debug('sync: done', error, result);
-            });
-
-            callback(null, taskId);
-        });
-    });
-}
-
-function sync(progressCallback, callback) {
-    assert.strictEqual(typeof progressCallback, 'function');
-    assert.strictEqual(typeof callback, 'function');
-
-    progressCallback({ percent: 10, message: 'Starting ldap user sync' });
-
-    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(error);
-        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
-
-        ldapSearch(externalLdapConfig, {}, function (error, ldapUsers) {
-            if (error) return callback(error);
-
-            debug(`Found ${ldapUsers.length} users`);
-            let percent = 10;
-            let step = 90/(ldapUsers.length+1); // ensure no divide by 0
-
-            // we ignore all errors here and just log them for now
-            async.eachSeries(ldapUsers, function (user, iteratorCallback) {
-                user = translateUser(externalLdapConfig, user);
-
-                if (!validUserRequirements(user)) return iteratorCallback();
-
-                percent += step;
-                progressCallback({ percent, message: `Syncing... ${user.username}` });
-
-                users.getByUsername(user.username, function (error, result) {
-                    if (error && error.reason !== BoxError.NOT_FOUND) {
-                        debug(`Could not find user with username ${user.username}: ${error.message}`);
-                        return iteratorCallback();
-                    }
-
-                    if (error) {
-                        debug(`[adding user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
-
-                        users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
-                            if (error) console.error('Failed to create user', user, error);
-                            iteratorCallback();
-                        });
-                    } else if (result.source !== 'ldap') {
-                        debug(`[conflicting user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
-
-                        iteratorCallback();
-                    } else if (result.email !== user.email || result.displayName !== user.displayName) {
-                        debug(`[updating user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
-
-                        users.update(result.id, { email: user.email, fallbackEmail: user.email, displayName: user.displayName }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
-                            if (error) debug('Failed to update user', user, error);
-
-                            iteratorCallback();
-                        });
-                    } else {
-                        // user known and up-to-date
-                        debug(`[up-to-date user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
-
-                        iteratorCallback();
-                    }
-                });
-            }, function (error) {
-                debug('sync: ldap sync is done', error);
-                callback(error);
-            });
-        });
-    });
-}
@@ -25,8 +25,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    database = require('./database.js');
+    database = require('./database.js'),
+    DatabaseError = require('./databaseerror');

 var GROUPS_FIELDS = [ 'id', 'name' ].join(',');

@@ -35,8 +35,8 @@ function get(groupId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups WHERE id = ? ORDER BY name', [ groupId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, result[0]);
    });
@@ -50,8 +50,8 @@ function getWithMembers(groupId, callback) {
                    ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                    ' WHERE userGroups.id = ? ' +
                    ' GROUP BY userGroups.id', [ groupId ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        var result = results[0];
        result.userIds = result.userIds ? result.userIds.split(',') : [ ];
@@ -64,7 +64,7 @@ function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups', function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -74,8 +74,8 @@ function getAllWithMembers(callback) {
    database.query('SELECT ' + GROUPS_FIELDS + ',GROUP_CONCAT(groupMembers.userId) AS userIds ' +
                    ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                    ' GROUP BY userGroups.id', function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        results.forEach(function (result) { result.userIds = result.userIds ? result.userIds.split(',') : [ ]; });

@@ -89,8 +89,8 @@ function add(id, name, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO userGroups (id, name) VALUES (?, ?)', [ id, name ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -113,9 +113,9 @@ function update(id, data, callback) {
    args.push(id);

    database.query('UPDATE userGroups SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'name already exists'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'name already exists'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        return callback(null);
    });
@@ -131,8 +131,8 @@ function del(id, callback) {
    queries.push({ query: 'DELETE FROM userGroups WHERE id = ?', args: [ id ] });

    database.transaction(queries, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result[1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result[1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(error);
    });
@@ -142,7 +142,7 @@ function count(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT COUNT(*) AS total FROM userGroups', function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        return callback(null, result[0].total);
    });
@@ -150,10 +150,10 @@ function count(callback) {

 function clear(callback) {
    database.query('DELETE FROM groupMembers', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        database.query('DELETE FROM userGroups', function (error) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            callback(error);
        });
@@ -165,8 +165,8 @@ function getMembers(groupId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT userId FROM groupMembers WHERE groupId=?', [ groupId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId

        callback(error, result.map(function (r) { return r.userId; }));
    });
@@ -184,8 +184,8 @@ function setMembers(groupId, userIds, callback) {
    }

    database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(error);
    });
@@ -196,8 +196,8 @@ function getMembership(userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT groupId FROM groupMembers WHERE userId=? ORDER BY groupId', [ userId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId

        callback(error, result.map(function (r) { return r.groupId; }));
    });
@@ -215,8 +215,8 @@ function setMembership(userId, groupIds, callback) {
    });

    database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, error.message));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -228,9 +228,9 @@ function addMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO groupMembers (groupId, userId) VALUES (?, ?)', [ groupId, userId ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
-        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -242,8 +242,8 @@ function removeMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM groupMembers WHERE groupId = ? AND userId = ?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -255,7 +255,7 @@ function isMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT 1 FROM groupMembers WHERE groupId=? AND userId=?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, result.length !== 0);
    });
@@ -267,7 +267,7 @@ function getGroups(userId, callback) {

    database.query('SELECT ' + GROUPS_FIELDS + ' ' +
        ' FROM userGroups INNER JOIN groupMembers ON userGroups.id = groupMembers.groupId AND groupMembers.userId = ?', [ userId ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, results);
    });
@@ -1,6 +1,8 @@
 'use strict';

 exports = module.exports = {
+    GroupsError: GroupsError,
+
    create: create,
    remove: remove,
    get: get,
@@ -18,29 +20,56 @@ exports = module.exports = {
    getGroups: getGroups,

    setMembership: setMembership,
-    getMembership: getMembership,
-
-    count: count
+    getMembership: getMembership
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    constants = require('./constants.js'),
+    DatabaseError = require('./databaseerror.js'),
    groupdb = require('./groupdb.js'),
+    util = require('util'),
    uuid = require('uuid'),
    _ = require('underscore');

+// http://dustinsenos.com/articles/customErrorsInNode
+// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
+function GroupsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(GroupsError, Error);
+GroupsError.INTERNAL_ERROR = 'Internal Error';
+GroupsError.ALREADY_EXISTS = 'Already Exists';
+GroupsError.NOT_FOUND = 'Not Found';
+GroupsError.BAD_FIELD = 'Field error';
+GroupsError.NOT_EMPTY = 'Not Empty';
+GroupsError.NOT_ALLOWED = 'Not Allowed';
+
 // keep this in sync with validateUsername
 function validateGroupname(name) {
    assert.strictEqual(typeof name, 'string');

-    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 char', { field: 'name' });
-    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
+    if (name.length < 1) return new GroupsError(GroupsError.BAD_FIELD, 'name must be atleast 1 char');
+    if (name.length >= 200) return new GroupsError(GroupsError.BAD_FIELD, 'name too long');

-    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new BoxError(BoxError.BAD_FIELD, 'name is reserved', { field: name });
+    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupsError(GroupsError.BAD_FIELD, 'name is reserved');

    // need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot', { field: 'name' });
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new GroupsError(GroupsError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot');

    return null;
 }
@@ -57,7 +86,8 @@ function create(name, callback) {

    var id = 'gid-' + uuid.v4();
    groupdb.add(id, name, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new GroupsError(GroupsError.ALREADY_EXISTS));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        callback(null, { id: id, name: name });
    });
@@ -68,7 +98,8 @@ function remove(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.del(id, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -79,7 +110,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.get(id, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -90,7 +122,8 @@ function getWithMembers(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getWithMembers(id, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -100,7 +133,7 @@ function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getAll(function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -110,7 +143,7 @@ function getAllWithMembers(callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getAllWithMembers(function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -121,7 +154,8 @@ function getMembers(groupId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getMembers(groupId, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -132,7 +166,8 @@ function getMembership(userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getMembership(userId, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -144,7 +179,8 @@ function setMembership(userId, groupIds, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.setMembership(userId, groupIds, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null);
    });
@@ -156,7 +192,8 @@ function addMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.addMember(groupId, userId, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null);
    });
@@ -168,7 +205,8 @@ function setMembers(groupId, userIds, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.setMembers(groupId, userIds, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND, 'Invalid group or user id'));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null);
    });
@@ -180,7 +218,8 @@ function removeMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.removeMember(groupId, userId, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null);
    });
@@ -192,7 +231,8 @@ function isMember(groupId, userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.isMember(groupId, userId, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -211,7 +251,8 @@ function update(groupId, data, callback) {
    }

    groupdb.update(groupId, _.pick(data, 'name'), function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -222,18 +263,8 @@ function getGroups(userId, callback) {
    assert.strictEqual(typeof callback, 'function');

    groupdb.getGroups(userId, function (error, results) {
-        if (error) return callback(error);
+        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));

        callback(null, results);
    });
 }
-
-function count(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    groupdb.count(function (error, count) {
-        if (error) return callback(error);
-
-        callback(null, count);
-    });
-}
@@ -6,7 +6,7 @@

 exports = module.exports = {
    // a version change recreates all containers with latest docker config
-    'version': '48.17.0',
+    'version': '48.15.0',

    'baseImages': [
        { repo: 'cloudron/base', tag: 'cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617' }
@@ -17,10 +17,10 @@ exports = module.exports = {
    'images': {
        'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:2.0.2@sha256:a28320f313785816be60e3f865e09065504170a3d20ed37de675c719b32b01eb' },
        'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:2.0.2@sha256:6dcee0731dfb9b013ed94d56205eee219040ee806c7e251db3b3886eaa4947ff' },
-        'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:2.1.0@sha256:6d1bf221cfe6124957e2c58b57c0a47214353496009296acb16adf56df1da9d5' },
-        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.1.0@sha256:f2cda21bd15c21bbf44432df412525369ef831a2d53860b5c5b1675e6f384de2' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.5.0@sha256:086ae1c9433d90a820326aa43914a2afe94ad707074ef2bc05a7ef4798e83655' },
-        'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:2.2.0@sha256:fc9ca69d16e6ebdbd98ed53143d4a0d2212eef60cb638dc71219234e6f427a2c' },
+        'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:2.0.2@sha256:95e006390ddce7db637e1672eb6f3c257d3c2652747424f529b1dee3cbe6728c' },
+        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.0.0@sha256:8a88dd334b62b578530a014ca1a2425a54cb9df1e475f5d3a36806e5cfa22121' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.3.1@sha256:9693e3ae42a12a7ac8cf5df94d828d46f5b22b4e2e1c7d1bc614d6ee2a22c365' },
+        'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:2.0.2@sha256:454f035d60b768153d4f31210380271b5ba1c09367c9d95c7fa37f9e39d2f59c' },
        'sftp': { repo: 'cloudron/sftp', tag: 'cloudron/sftp:0.1.0@sha256:e177c5bf5f38c84ce1dea35649c22a1b05f96eec67a54a812c5a35e585670f0f' }
    }
 };
@@ -3,9 +3,8 @@
 var assert = require('assert'),
    async = require('async'),
    authcodedb = require('./authcodedb.js'),
-    BoxError = require('./boxerror.js'),
    debug = require('debug')('box:janitor'),
-    Docker = require('dockerode'),
+    docker = require('./docker.js').connection,
    tokendb = require('./tokendb.js');

 exports = module.exports = {
@@ -13,9 +12,7 @@ exports = module.exports = {
    cleanupDockerVolumes: cleanupDockerVolumes
 };

-const NOOP_CALLBACK = function () { };
-
-const gConnection = new Docker({ socketPath: '/var/run/docker.sock' });
+var NOOP_CALLBACK = function () { };

 function ignoreError(func) {
    return function (callback) {
@@ -66,20 +63,20 @@ function cleanupTmpVolume(containerInfo, callback) {
    assert.strictEqual(typeof containerInfo, 'object');
    assert.strictEqual(typeof callback, 'function');

-    var cmd = 'find /tmp -type f -mtime +10 -exec rm -rf {} +'.split(' '); // 10 day old files
+    var cmd = 'find /tmp -mtime +10 -exec rm -rf {} +'.split(' '); // 10 days old

    debug('cleanupTmpVolume %j', containerInfo.Names);

-    gConnection.getContainer(containerInfo.Id).exec({ Cmd: cmd, AttachStdout: true, AttachStderr: true, Tty: false }, function (error, execContainer) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Failed to exec container: ${error.message}`));
+    docker.getContainer(containerInfo.Id).exec({ Cmd: cmd, AttachStdout: true, AttachStderr: true, Tty: false }, function (error, execContainer) {
+        if (error) return callback(new Error('Failed to exec container : ' + error.message));

        execContainer.start({ hijack: true }, function (error, stream) {
-            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Failed to start exec container: ${error.message}`));
+            if (error) return callback(new Error('Failed to start exec container : ' + error.message));

            stream.on('error', callback);
            stream.on('end', callback);

-            gConnection.modem.demuxStream(stream, process.stdout, process.stderr);
+            docker.modem.demuxStream(stream, process.stdout, process.stderr);
        });
    });
 }
@@ -91,7 +88,7 @@ function cleanupDockerVolumes(callback) {

    debug('Cleaning up docker volumes');

-    gConnection.listContainers({ all: 0 }, function (error, containers) {
+    docker.listContainers({ all: 0 }, function (error, containers) {
        if (error) return callback(error);

        async.eachSeries(containers, function (container, iteratorDone) {
@@ -9,16 +9,18 @@ var assert = require('assert'),
    appdb = require('./appdb.js'),
    apps = require('./apps.js'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:ldap'),
    eventlog = require('./eventlog.js'),
    ldap = require('ldapjs'),
    mail = require('./mail.js'),
+    MailError = mail.MailError,
    mailboxdb = require('./mailboxdb.js'),
    path = require('path'),
    safe = require('safetydance'),
-    users = require('./users.js');
+    users = require('./users.js'),
+    UsersError = users.UsersError;

 var gServer = null;

@@ -133,7 +135,7 @@ function userSearch(req, res, next) {
            var dn = ldap.parseDN('cn=' + entry.id + ',ou=users,dc=cloudron');

            var groups = [ GROUP_USERS_DN ];
-            if (entry.admin) groups.push(GROUP_ADMINS_DN);
+            if (entry.admin || req.app.ownerId === entry.id) groups.push(GROUP_ADMINS_DN);

            var displayName = entry.displayName || entry.username || ''; // displayName can be empty and username can be null
            var nameParts = displayName.split(' ');
@@ -153,7 +155,7 @@ function userSearch(req, res, next) {
                    givenName: firstName,
                    username: entry.username,
                    samaccountname: entry.username,      // to support ActiveDirectory clients
-                    isadmin: entry.admin,
+                    isadmin: (entry.admin || req.app.ownerId === entry.id) ? 1 : 0,
                    memberof: groups
                }
            };
@@ -193,7 +195,7 @@ function groupSearch(req, res, next) {

        groups.forEach(function (group) {
            var dn = ldap.parseDN('cn=' + group.name + ',ou=groups,dc=cloudron');
-            var members = group.admin ? result.filter(function (entry) { return entry.admin; }) : result;
+            var members = group.admin ? result.filter(function (entry) { return entry.admin || req.app.ownerId === entry.id; }) : result;

            var obj = {
                dn: dn.toString(),
@@ -242,7 +244,7 @@ function groupAdminsCompare(req, res, next) {
        // we only support memberuid here, if we add new group attributes later add them here
        if (req.attribute === 'memberuid') {
            var found = result.find(function (u) { return u.id === req.value; });
-            if (found && found.admin) return res.end(true);
+            if (found && (found.admin || req.app.ownerId == found.id)) return res.end(true);
        }

        res.end(false);
@@ -259,7 +261,7 @@ function mailboxSearch(req, res, next) {
        if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));

        mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
            if (error) return next(new ldap.OperationsError(error.toString()));

            var obj = {
@@ -286,7 +288,7 @@ function mailboxSearch(req, res, next) {
    } else if (req.dn.rdns[0].attrs.domain) {
        var domain = req.dn.rdns[0].attrs.domain.value.toLowerCase();

-        mailboxdb.listMailboxes(domain, 1, 1000, function (error, result) {
+        mailboxdb.listMailboxes(domain, function (error, result) {
            if (error) return next(new ldap.OperationsError(error.toString()));

            var results = [];
@@ -332,7 +334,7 @@ function mailAliasSearch(req, res, next) {
    if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));

    mailboxdb.getAlias(parts[0], parts[1], function (error, alias) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.toString()));

        // https://wiki.debian.org/LDAP/MigrationTools/Examples
@@ -365,13 +367,12 @@ function mailingListSearch(req, res, next) {

    if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));

-    let email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
-    let parts = email.split('@');
+    var email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+    var parts = email.split('@');
    if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-    const name = parts[0], domain = parts[1];

-    mail.resolveList(parts[0], parts[1], function (error, resolvedMembers) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+    mailboxdb.getGroup(parts[0], parts[1], function (error, group) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.toString()));

        // http://ldapwiki.willeke.com/wiki/Original%20Mailgroup%20Schema%20From%20Netscape
@@ -381,9 +382,9 @@ function mailingListSearch(req, res, next) {
            attributes: {
                objectclass: ['mailGroup'],
                objectcategory: 'mailGroup',
-                cn: `${name}@${domain}`, // fully qualified
-                mail: `${name}@${domain}`,
-                mgrpRFC822MailMember: resolvedMembers // fully qualified
+                cn: `${group.name}@${group.domain}`, // fully qualified
+                mail: `${group.name}@${group.domain}`,
+                mgrpRFC822MailMember: group.members.map(function (m) { return `${m}@${group.domain}`; })
            }
        };

@@ -420,8 +421,8 @@ function authenticateUser(req, res, next) {
    }

    api(commonName, req.credentials || '', function (error, user) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+        if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.message));

        req.user = user;
@@ -456,18 +457,18 @@ function authenticateUserMailbox(req, res, next) {
    if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));

    mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.message));

        if (!domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));

        mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
            if (error) return next(new ldap.OperationsError(error.message));

            users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                if (error) return next(new ldap.OperationsError(error.message));

                eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });
@@ -554,7 +555,7 @@ function authenticateMailAddon(req, res, next) {
    const addonId = req.dn.rdns[1].attrs.ou.value.toLowerCase(); // 'sendmail' or 'recvmail'

    mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
        if (error) return next(new ldap.OperationsError(error.message));

        if (addonId === 'recvmail' && !domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
@@ -566,19 +567,19 @@ function authenticateMailAddon(req, res, next) {

        // note: with sendmail addon, apps can send mail without a mailbox (unlike users)
        appdb.getAppIdByAddonConfigValue(addonId, namePattern, req.credentials || '', function (error, appId) {
-            if (error && error.reason !== BoxError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
+            if (error && error.reason !== DatabaseError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
            if (appId) { // matched app password
                eventlog.add(eventlog.ACTION_APP_LOGIN, { authType: 'ldap', mailboxId: email }, { appId: appId, addonId: addonId });
                return res.end();
            }

            mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
                if (error) return next(new ldap.OperationsError(error.message));

                users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                    if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                    if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                    if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                    if (error) return next(new ldap.OperationsError(error.message));

                    eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });
@@ -639,7 +640,7 @@ function start(callback) {
        res.end();
    });

-    gServer.listen(constants.LDAP_PORT, '0.0.0.0', callback);
+    gServer.listen(config.get('ldapPort'), '0.0.0.0', callback);
 }

 function stop(callback) {
@@ -1,7 +1,6 @@
 'use strict';

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    debug = require('debug')('box:locker'),
    EventEmitter = require('events').EventEmitter,
    util = require('util');
@@ -23,11 +22,7 @@ Locker.prototype.OP_APPTASK = 'apptask';
 Locker.prototype.lock = function (operation) {
    assert.strictEqual(typeof operation, 'string');

-    if (this._operation !== null) {
-        let error = new BoxError(BoxError.CONFLICT, `Locked for ${this._operation}`);
-        error.operation = this._operation;
-        return error;
-    }
+    if (this._operation !== null) return new Error('Already locked for ' + this._operation);

    this._operation = operation;
    ++this._lockDepth;
@@ -55,7 +50,7 @@ Locker.prototype.recursiveLock = function (operation) {
 Locker.prototype.unlock = function (operation) {
    assert.strictEqual(typeof operation, 'string');

-    if (this._operation !== operation) throw BoxError(BoxError.BAD_STATE, 'Mismatched unlock. Current lock is for ' + this._operation); // throw because this is a programming error
+    if (this._operation !== operation) throw new Error('Mismatched unlock. Current lock is for ' + this._operation); // throw because this is a programming error

    if (--this._lockDepth === 0) {
        debug('Released : %s', this._operation);
@@ -1,23 +1,11 @@
-# Generated by apptask
+# Generated by apptask for the /run mount

-# keep upto 7 rotated logs. rotation triggered daily or ahead of time if size is > 1M
 <%= volumePath %>/*.log <%= volumePath %>/*/*.log <%= volumePath %>/*/*/*.log {
-    rotate 7
-    daily
-    compress
-    maxsize 1M
-    missingok
-    delaycompress
-    copytruncate
+  rotate 7
+  daily
+  compress
+  maxsize=1M
+  missingok
+  delaycompress
+  copytruncate
 }
-
-/home/yellowtent/platformdata/logs/<%= appId %>/*.log {
-    # only keep one rotated file, we currently do not send that over the api
-    rotate 1
-    size 10M
-    missingok
-    # we never compress so we can simply tail the files
-    nocompress
-    copytruncate
-}
-
@@ -26,7 +26,6 @@ exports = module.exports = {
    startMail: restartMail,
    restartMail: restartMail,
    handleCertChanged: handleCertChanged,
-    getMailAuth: getMailAuth,

    sendTestMail: sendTestMail,

@@ -46,18 +45,19 @@ exports = module.exports = {
    addList: addList,
    updateList: updateList,
    removeList: removeList,
-    resolveList: resolveList,

-    _readDkimPublicKeySync: readDkimPublicKeySync
+    _readDkimPublicKeySync: readDkimPublicKeySync,
+
+    MailError: MailError
 };

 var assert = require('assert'),
    async = require('async'),
-    BoxError = require('./boxerror.js'),
+    config = require('./config.js'),
    constants = require('./constants.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:mail'),
    dns = require('./native-dns.js'),
-    docker = require('./docker.js'),
    domains = require('./domains.js'),
    eventlog = require('./eventlog.js'),
    hat = require('./hat.js'),
@@ -71,25 +71,50 @@ var assert = require('assert'),
    paths = require('./paths.js'),
    reverseProxy = require('./reverseproxy.js'),
    safe = require('safetydance'),
-    settings = require('./settings.js'),
    shell = require('./shell.js'),
    smtpTransport = require('nodemailer-smtp-transport'),
    sysinfo = require('./sysinfo.js'),
    users = require('./users.js'),
-    validator = require('validator'),
+    util = require('util'),
    _ = require('underscore');

 const DNS_OPTIONS = { timeout: 5000 };
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };

+function MailError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(MailError, Error);
+MailError.INTERNAL_ERROR = 'Internal Error';
+MailError.EXTERNAL_ERROR = 'External Error';
+MailError.BAD_FIELD = 'Bad Field';
+MailError.ALREADY_EXISTS = 'Already Exists';
+MailError.NOT_FOUND = 'Not Found';
+MailError.IN_USE = 'In Use';
+
 function validateName(name) {
    assert.strictEqual(typeof name, 'string');

-    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'mailbox name must be atleast 1 char');
-    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'mailbox name too long');
+    if (name.length < 1) return new MailError(MailError.BAD_FIELD, 'mailbox name must be atleast 1 char');
+    if (name.length >= 200) return new MailError(MailError.BAD_FIELD, 'mailbox name too long');

    // also need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new MailError(MailError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');

    return null;
 }
@@ -101,6 +126,7 @@ function checkOutboundPort25(callback) {
        'smtp.gmail.com',
        'smtp.live.com',
        'smtp.mail.yahoo.com',
+        'smtp.o2.ie',
        'smtp.comcast.net',
        'smtp.1und1.de',
    ]);
@@ -123,13 +149,13 @@ function checkOutboundPort25(callback) {
        relay.status = false;
        relay.value = `Connect to ${smtpServer} timed out. Check if port 25 (outbound) is blocked`;
        client.destroy();
-        callback(new BoxError(BoxError.TIMEOUT, `Connect to ${smtpServer} timed out.`), relay);
+        callback(new Error('Timeout'), relay);
    });
    client.on('error', function (error) {
        relay.status = false;
        relay.value = `Connect to ${smtpServer} failed: ${error.message}. Check if port 25 (outbound) is blocked`;
        client.destroy();
-        callback(new BoxError(BoxError.NETWORK_ERROR, `Connect to ${smtpServer} failed.`), relay);
+        callback(error, relay);
    });
 }

@@ -178,7 +204,7 @@ function verifyRelay(relay, callback) {
    if (relay.provider === 'cloudron-smtp' || relay.provider === 'noop') return callback();

    checkSmtpRelay(relay, function (error) {
-        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message));
+        if (error) return callback(new MailError(MailError.BAD_FIELD, error.message));

        callback();
    });
@@ -199,7 +225,7 @@ function checkDkim(mailDomain, callback) {
    };

    var dkimKey = readDkimPublicKeySync(domain);
-    if (!dkimKey) return callback(new BoxError(BoxError.FS_ERROR, `Failed to read dkim public key of ${domain}`), dkim);
+    if (!dkimKey) return callback(new Error('Failed to read dkim public key'), dkim);

    dkim.expected = 'v=DKIM1; t=s; p=' + dkimKey;

@@ -237,14 +263,14 @@ function checkSpf(domain, mailFqdn, callback) {
            let txtRecord = txtRecords[i].join(''); // https://agari.zendesk.com/hc/en-us/articles/202952749-How-long-can-my-SPF-record-be-
            if (txtRecord.indexOf('v=spf1 ') !== 0) continue; // not SPF
            spf.value = txtRecord;
-            spf.status = spf.value.indexOf(' a:' + settings.adminFqdn()) !== -1;
+            spf.status = spf.value.indexOf(' a:' + config.adminFqdn()) !== -1;
            break;
        }

        if (spf.status) {
            spf.expected = spf.value;
        } else if (i !== txtRecords.length) {
-            spf.expected = 'v=spf1 a:' + settings.adminFqdn() + ' ' + spf.value.slice('v=spf1 '.length);
+            spf.expected = 'v=spf1 a:' + config.adminFqdn() + ' ' + spf.value.slice('v=spf1 '.length);
        }

        callback(null, spf);
@@ -278,7 +304,7 @@ function checkMx(domain, mailFqdn, callback) {
        dns.resolve(mxRecords[0].exchange, 'A', DNS_OPTIONS, function (error, mxIps) {
            if (error || mxIps.length !== 1) return callback(null, mx);

-            sysinfo.getServerIp(function (error, ip) {
+            sysinfo.getPublicIp(function (error, ip) {
                if (error) return callback(null, mx);

                mx.status = mxIps[0] === ip;
@@ -328,18 +354,16 @@ function checkPtr(mailFqdn, callback) {

    var ptr = {
        domain: null,
-        name: null,
        type: 'PTR',
        value: null,
        expected: mailFqdn, // any trailing '.' is added by client software (https://lists.gt.net/spf/devel/7918)
        status: false
    };

-    sysinfo.getServerIp(function (error, ip) {
+    sysinfo.getPublicIp(function (error, ip) {
        if (error) return callback(error, ptr);

        ptr.domain = ip.split('.').reverse().join('.') + '.in-addr.arpa';
-        ptr.name = ip;

        dns.resolve(ptr.domain, 'PTR', DNS_OPTIONS, function (error, ptrRecords) {
            if (error) return callback(error, ptr);
@@ -418,7 +442,7 @@ const RBL_LIST = [
 function checkRblStatus(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

-    sysinfo.getServerIp(function (error, ip) {
+    sysinfo.getPublicIp(function (error, ip) {
        if (error) return callback(error, ip);

        var flippedIp = ip.split('.').reverse().join('.');
@@ -456,7 +480,7 @@ function getStatus(domain, callback) {

    // ensure we always have a valid toplevel properties for the api
    var results = {
-        dns: {}, // { mx/dmarc/dkim/spf/ptr: { expected, value, name, domain, type } }
+        dns: {}, // { mx: { expected, value }, dmarc: { expected, value }, dkim: { expected, value }, spf: { expected, value }, ptr: { expected, value } }
        rbl: {}, // { status, ip, servers: [{name,site,dns}]} optional. only for cloudron-smtp
        relay: {} // { status, value } always checked
    };
@@ -466,14 +490,14 @@ function getStatus(domain, callback) {
            func(function (error, result) {
                if (error) debug('Ignored error - ' + what + ':', error);

-                safe.set(results, what, result || {});
+                safe.set(results, what, result);

                callback();
            });
        };
    }

-    const mailFqdn = settings.mailFqdn();
+    const mailFqdn = config.mailFqdn();

    getDomain(domain, function (error, mailDomain) {
        if (error) return callback(error);
@@ -521,7 +545,7 @@ function checkConfiguration(callback) {

                Object.keys(result.dns).forEach((type) => {
                    const record = result.dns[type];
-                    if (!record.status) message.push(`${type.toUpperCase()} DNS record (${record.type}) did not match.\n    * Hostname: \`${record.name}\`\n    * Expected: \`${record.expected}\`\n    * Actual: \`${record.value}\``);
+                    if (!record.status) message.push(`${type.toUpperCase()} DNS record did not match. Expected: \`${record.expected}\`. Actual: \`${record.value}\``);
                });
                if (result.relay && result.relay.status === false) message.push(`Relay error: ${result.relay.value}`);
                if (result.rbl && result.rbl.status === false) { // rbl field contents is optional
@@ -544,16 +568,15 @@ function checkConfiguration(callback) {
                markdownMessage += '\n\n';
            });

-            if (markdownMessage) markdownMessage += 'Email Status is checked every 30 minutes.\n See the [troubleshooting docs](https://cloudron.io/documentation/troubleshooting/#mail-dns) for more information.\n';
+            if (markdownMessage) markdownMessage += 'Email Status is checked every 30 minutes\n See the [troubleshooting docs](https://cloudron.io/documentation/troubleshooting/#mail-dns) for more information.\n';

            callback(null, markdownMessage); // empty message means all status checks succeeded
        });
    });
 }

-function createMailConfig(mailFqdn, mailDomain, callback) {
+function createMailConfig(mailFqdn, callback) {
    assert.strictEqual(typeof mailFqdn, 'string');
-    assert.strictEqual(typeof mailDomain, 'string');
    assert.strictEqual(typeof callback, 'function');

    debug('createMailConfig: generating mail config');
@@ -564,15 +587,14 @@ function createMailConfig(mailFqdn, mailDomain, callback) {
        const mailOutDomains = mailDomains.filter(d => d.relay.provider !== 'noop').map(d => d.domain).join(',');
        const mailInDomains = mailDomains.filter(function (d) { return d.enabled; }).map(function (d) { return d.domain; }).join(',');

-        // mail_domain is used for SRS
        if (!safe.fs.writeFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/mail.ini'),
-            `mail_in_domains=${mailInDomains}\nmail_out_domains=${mailOutDomains}\nmail_server_name=${mailFqdn}\nmail_domain=${mailDomain}\n\n`, 'utf8')) {
-            return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
+            `mail_in_domains=${mailInDomains}\nmail_out_domains=${mailOutDomains}\nmail_server_name=${mailFqdn}\n\n`, 'utf8')) {
+            return callback(new Error('Could not create mail var file:' + safe.error.message));
        }

        // enable_outbound makes plugin forward email for relayed mail. non-relayed mail always hits LMTP plugin first
        if (!safe.fs.writeFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/smtp_forward.ini'), 'enable_outbound=false\ndomain_selector=mail_from\n', 'utf8')) {
-            return callback(new BoxError(BoxError.FS_ERROR, 'Could not create smtp forward file:' + safe.error.message));
+            return callback(new Error('Could not create smtp forward file:' + safe.error.message));
        }

        // create sections for per-domain configuration
@@ -582,7 +604,7 @@ function createMailConfig(mailFqdn, mailDomain, callback) {

            if (!safe.fs.appendFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/mail.ini'),
                `[${domain.domain}]\ncatch_all=${catchAll}\nmail_from_validation=${mailFromValidation}\n\n`, 'utf8')) {
-                return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
+                return callback(new Error('Could not create mail var file:' + safe.error.message));
            }

            const relay = domain.relay;
@@ -598,7 +620,7 @@ function createMailConfig(mailFqdn, mailDomain, callback) {

            if (!safe.fs.appendFileSync(paths.ADDON_CONFIG_DIR + '/mail/smtp_forward.ini',
                `[${domain.domain}]\nenable_outbound=true\nhost=${host}\nport=${port}\nenable_tls=true\nauth_type=${authType}\nauth_user=${username}\nauth_pass=${password}\n\n`, 'utf8')) {
-                return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
+                return callback(new Error('Could not create mail var file:' + safe.error.message));
            }
        });

@@ -627,13 +649,13 @@ function configureMail(mailFqdn, mailDomain, callback) {
        const mailCertFilePath = path.join(paths.ADDON_CONFIG_DIR, 'mail/tls_cert.pem');
        const mailKeyFilePath = path.join(paths.ADDON_CONFIG_DIR, 'mail/tls_key.pem');

-        if (!safe.child_process.execSync(`cp ${bundle.certFilePath} ${mailCertFilePath}`)) return callback(new BoxError(BoxError.FS_ERROR, 'Could not create cert file:' + safe.error.message));
-        if (!safe.child_process.execSync(`cp ${bundle.keyFilePath} ${mailKeyFilePath}`)) return callback(new BoxError(BoxError.FS_ERROR, 'Could not create key file:' + safe.error.message));
+        if (!safe.child_process.execSync(`cp ${bundle.certFilePath} ${mailCertFilePath}`)) return callback(new Error('Could not create cert file:' + safe.error.message));
+        if (!safe.child_process.execSync(`cp ${bundle.keyFilePath} ${mailKeyFilePath}`)) return callback(new Error('Could not create key file:' + safe.error.message));

        shell.exec('startMail', 'docker rm -f mail || true', function (error) {
            if (error) return callback(error);

-            createMailConfig(mailFqdn, mailDomain, function (error, allowInbound) {
+            createMailConfig(mailFqdn, function (error, allowInbound) {
                if (error) return callback(error);

                var ports = allowInbound ? '-p 587:2525 -p 993:9993 -p 4190:4190 -p 25:2525' : '';
@@ -664,46 +686,20 @@ function configureMail(mailFqdn, mailDomain, callback) {
    });
 }

-function getMailAuth(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    docker.inspect('mail', function (error, data) {
-        if (error) return callback(error);
-
-        const ip = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
-        if (!ip) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error querying mail server IP'));
-
-        // extract the relay token for auth
-        const env = safe.query(data, 'Config.Env', null);
-        if (!env) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting mail env'));
-        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
-        if (!tmp) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting CLOUDRON_RELAY_TOKEN env var'));
-        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
-        if (!relayToken)  return callback(new BoxError(BoxError.MAIL_ERROR, 'Error parsing CLOUDRON_RELAY_TOKEN'));
-
-        callback(null, {
-            ip,
-            port: constants.INTERNAL_SMTP_PORT,
-            relayToken
-        });
-    });
-}
-
 function restartMail(callback) {
    assert.strictEqual(typeof callback, 'function');

    if (process.env.BOX_ENV === 'test' && !process.env.TEST_CREATE_INFRA) return callback();

-    debug(`restartMail: restarting mail container with ${settings.mailFqdn()} ${settings.adminDomain()}`);
-    configureMail(settings.mailFqdn(), settings.adminDomain(), callback);
+    debug(`restartMail: restarting mail container with ${config.mailFqdn()} ${config.adminDomain()}`);
+    configureMail(config.mailFqdn(), config.adminDomain(), callback);
 }

 function restartMailIfActivated(callback) {
    assert.strictEqual(typeof callback, 'function');

    users.isActivated(function (error, activated) {
-        if (error) return callback(error);
-
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
        if (!activated) {
            debug('restartMailIfActivated: skipping restart of mail container since Cloudron is not activated yet');
            return callback(); // not provisioned yet, do not restart container after dns setup
@@ -725,7 +721,8 @@ function getDomain(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.get(domain, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        return callback(null, result);
    });
@@ -735,7 +732,7 @@ function getDomains(callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.list(function (error, results) {
-        if (error) return callback(error);
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        return callback(null, results);
    });
@@ -748,7 +745,7 @@ function txtRecordsWithSpf(domain, mailFqdn, callback) {
    assert.strictEqual(typeof callback, 'function');

    domains.getDnsRecords('', domain, 'TXT', function (error, txtRecords) {
-        if (error) return error;
+        if (error) return new MailError(MailError.EXTERNAL_ERROR, error.message);

        debug('txtRecordsWithSpf: current txt records - %j', txtRecords);

@@ -797,16 +794,16 @@ function ensureDkimKeySync(mailDomain) {

    if (!safe.fs.mkdirSync(dkimPath) && safe.error.code !== 'EEXIST') {
        debug('Error creating dkim.', safe.error);
-        return new BoxError(BoxError.FS_ERROR, safe.error);
+        return new MailError(MailError.INTERNAL_ERROR, safe.error);
    }

-    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
-    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new MailError(MailError.INTERNAL_ERROR, safe.error);

-    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new BoxError(BoxError.FS_ERROR, safe.error);
+    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new MailError(MailError.INTERNAL_ERROR, safe.error);

    // if the 'yellowtent' user of OS and the 'cloudron' user of mail container don't match, the keys become inaccessible by mail code
-    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new BoxError(BoxError.FS_ERROR, safe.error);
+    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new MailError(MailError.INTERNAL_ERROR, safe.error);

    return null;
 }
@@ -838,7 +835,8 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
    debug(`upsertDnsRecords: updating mail dns records of domain ${domain} and mail fqdn ${mailFqdn}`);

    maildb.get(domain, function (error, mailDomain) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        error = ensureDkimKeySync(mailDomain);
        if (error) return callback(error);
@@ -846,7 +844,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
        if (process.env.BOX_ENV === 'test') return callback();

        var dkimKey = readDkimPublicKeySync(domain);
-        if (!dkimKey) return callback(new BoxError(BoxError.FS_ERROR, 'Failed to read dkim public key'));
+        if (!dkimKey) return callback(new MailError(MailError.INTERNAL_ERROR, new Error('Failed to read dkim public key')));

        // t=s limits the domainkey to this domain and not it's subdomains
        var dkimRecord = { subdomain: `${mailDomain.dkimSelector}._domainkey`, domain: domain, type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
@@ -870,7 +868,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
            }, function (error, changeIds) {
                if (error) {
                    debug(`upsertDnsRecords: failed to update: ${error}`);
-                    return callback(error);
+                    return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
                }

                debug('upsertDnsRecords: records %j added with changeIds %j', records, changeIds);
@@ -885,22 +883,22 @@ function setDnsRecords(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

-    upsertDnsRecords(domain, settings.mailFqdn(), callback);
+    upsertDnsRecords(domain, config.mailFqdn(), callback);
 }

 function onMailFqdnChanged(callback) {
    assert.strictEqual(typeof callback, 'function');

-    const mailFqdn = settings.mailFqdn(),
-        mailDomain = settings.adminDomain();
+    const mailFqdn = config.mailFqdn(),
+        mailDomain = config.adminDomain();

    domains.getAll(function (error, allDomains) {
-        if (error) return callback(error);
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        async.eachOfSeries(allDomains, function (domainObject, idx, iteratorDone) {
            upsertDnsRecords(domainObject.domain, mailFqdn, iteratorDone);
        }, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));

            configureMail(mailFqdn, mailDomain, callback);
        });
@@ -911,13 +909,15 @@ function addDomain(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

-    const dkimSelector = domain === settings.adminDomain() ? 'cloudron' : ('cloudron-' + settings.adminDomain().replace(/\./g, ''));
+    const dkimSelector = domain === config.adminDomain() ? 'cloudron' : ('cloudron-' + config.adminDomain().replace(/\./g, ''));

    maildb.add(domain, { dkimSelector }, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'Domain already exists'));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'No such domain'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        async.series([
-            upsertDnsRecords.bind(null, domain, settings.mailFqdn()), // do this first to ensure DKIM keys
+            upsertDnsRecords.bind(null, domain, config.mailFqdn()), // do this first to ensure DKIM keys
            restartMailIfActivated
        ], NOOP_CALLBACK); // do these asynchronously

@@ -929,10 +929,12 @@ function removeDomain(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT));
+    if (domain === config.adminDomain()) return callback(new MailError(MailError.IN_USE));

    maildb.del(domain, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.IN_USE) return callback(new MailError(MailError.IN_USE));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        restartMail(NOOP_CALLBACK);

@@ -944,7 +946,7 @@ function clearDomains(callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.clear(function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback();
    });
@@ -966,7 +968,8 @@ function setMailFromValidation(domain, enabled, callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.update(domain, { mailFromValidation: enabled }, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)

@@ -980,7 +983,8 @@ function setCatchAllAddress(domain, addresses, callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.update(domain, { catchAll: addresses }, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)

@@ -1006,7 +1010,8 @@ function setMailRelay(domain, relay, callback) {
            if (error) return callback(error);

            maildb.update(domain, { relay: relay }, function (error) {
-                if (error) return callback(error);
+                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+                if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

                restartMail(NOOP_CALLBACK);

@@ -1023,7 +1028,8 @@ function setMailEnabled(domain, enabled, auditSource, callback) {
    assert.strictEqual(typeof callback, 'function');

    maildb.update(domain, { enabled: enabled }, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        restartMail(NOOP_CALLBACK);

@@ -1042,21 +1048,19 @@ function sendTestMail(domain, to, callback) {
        if (error) return callback(error);

        mailer.sendTestMail(result.domain, to, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));

            callback();
        });
    });
 }

-function listMailboxes(domain, page, perPage, callback) {
+function listMailboxes(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof page, 'number');
-    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    mailboxdb.listMailboxes(domain, page, perPage, function (error, result) {
-        if (error) return callback(error);
+    mailboxdb.listMailboxes(domain, function (error, result) {
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -1067,7 +1071,7 @@ function removeMailboxes(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    mailboxdb.delByDomain(domain, function (error) {
-        if (error) return callback(error);
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback();
    });
@@ -1079,7 +1083,8 @@ function getMailbox(name, domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    mailboxdb.getMailbox(name, domain, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -1098,7 +1103,8 @@ function addMailbox(name, domain, userId, auditSource, callback) {
    if (error) return callback(error);

    mailboxdb.addMailbox(name, domain, userId, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, `mailbox ${name} already exists`));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        eventlog.add(eventlog.ACTION_MAIL_MAILBOX_ADD, auditSource, { name, domain, userId });

@@ -1115,7 +1121,8 @@ function updateMailboxOwner(name, domain, userId, callback) {
    name = name.toLowerCase();

    mailboxdb.updateMailboxOwner(name, domain, userId, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -1128,7 +1135,8 @@ function removeMailbox(name, domain, auditSource, callback) {
    assert.strictEqual(typeof callback, 'function');

    mailboxdb.del(name, domain, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        eventlog.add(eventlog.ACTION_MAIL_MAILBOX_REMOVE, auditSource, { name, domain });

@@ -1136,14 +1144,13 @@ function removeMailbox(name, domain, auditSource, callback) {
    });
 }

-function listAliases(domain, page, perPage, callback) {
+function listAliases(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof page, 'number');
-    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    mailboxdb.listAliases(domain, page, perPage, function (error, result) {
-        if (error) return callback(error);
+    mailboxdb.listAliases(domain, function (error, result) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -1158,7 +1165,8 @@ function getAliases(name, domain, callback) {
        if (error) return callback(error);

        mailboxdb.getAliasesForName(name, domain, function (error, aliases) {
-            if (error) return callback(error);
+            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+            if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

            callback(null, aliases);
        });
@@ -1179,7 +1187,14 @@ function setAliases(name, domain, aliases, callback) {
    }

    mailboxdb.setAliasesForName(name, domain, aliases, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
+            var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
+            if (!aliasMatch) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
+            return callback(new MailError(MailError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
+        }
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -1189,8 +1204,8 @@ function getLists(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

-    mailboxdb.getLists(domain, function (error, result) {
-        if (error) return callback(error);
+    mailboxdb.listGroups(domain, function (error, result) {
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -1201,8 +1216,9 @@ function getList(domain, listName, callback) {
    assert.strictEqual(typeof listName, 'string');
    assert.strictEqual(typeof callback, 'function');

-    mailboxdb.getList(listName, domain, function (error, result) {
-        if (error) return callback(error);
+    mailboxdb.getGroup(listName, domain, function (error, result) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -1221,11 +1237,15 @@ function addList(name, domain, members, auditSource, callback) {
    if (error) return callback(error);

    for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid mail member: ' + members[i]));
+        members[i] = members[i].toLowerCase();
+
+        error = validateName(members[i]);
+        if (error) return callback(error);
    }

-    mailboxdb.addList(name, domain, members, function (error) {
-        if (error) return callback(error);
+    mailboxdb.addGroup(name, domain, members, function (error) {
+        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'list already exits'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });

@@ -1245,11 +1265,15 @@ function updateList(name, domain, members, callback) {
    if (error) return callback(error);

    for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid email: ' + members[i]));
+        members[i] = members[i].toLowerCase();
+
+        error = validateName(members[i]);
+        if (error) return callback(error);
    }

    mailboxdb.updateList(name, domain, members, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -1262,57 +1286,11 @@ function removeList(name, domain, auditSource, callback) {
    assert.strictEqual(typeof callback, 'function');

    mailboxdb.del(name, domain, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
+        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));

-        eventlog.add(eventlog.ACTION_MAIL_LIST_REMOVE, auditSource, { name, domain });
+        eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });

        callback();
    });
 }
-
-function resolveList(listName, listDomain, callback) {
-    assert.strictEqual(typeof listName, 'string');
-    assert.strictEqual(typeof listDomain, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    getDomains(function (error, mailDomains) {
-        if (error) return callback(error);
-
-        const mailInDomains = mailDomains.filter(function (d) { return d.enabled; }).map(function (d) { return d.domain; }).join(',');
-
-        mailboxdb.getList(listName, listDomain, function (error, list) {
-            if (error) return callback(error);
-
-            let result = [], toResolve = list.members.slice(), visited = []; // slice creates a copy of array
-
-            async.whilst(() => toResolve.length != 0, function (iteratorCallback) {
-                const toProcess = toResolve.shift();
-                const parts = toProcess.split('@');
-                const memberName = parts[0].split('+')[0], memberDomain = parts[1];
-
-                if (!mailInDomains.includes(memberDomain)) { result.push(toProcess); return iteratorCallback(); } // external domain
-
-                const member =`${memberName}@${memberDomain}`; // cleaned up without any '+' subaddress
-                if (visited.includes(member)) {
-                    debug(`resolveList: list ${listName}@${listDomain} has a recursion at member ${member}`);
-                    return iteratorCallback();
-                }
-                visited.push(member);
-
-                mailboxdb.get(memberName, memberDomain, function (error, entry) {
-                    if (error && error.reason == BoxError.NOT_FOUND) { result.push(member); return iteratorCallback(); }
-                    if (error) return iteratorCallback(error);
-
-                    if (entry.type === mailboxdb.TYPE_MAILBOX) { result.push(member); return iteratorCallback(); }
-                    // no need to resolve alias because we only allow one level and within same domain
-                    if (entry.type === mailboxdb.TYPE_ALIAS) { result.push(`${entry.aliasTarget}@${entry.domain}`); return iteratorCallback(); }
-
-                    toResolve = toResolve.concat(entry.members);
-                    iteratorCallback();
-                });
-            }, function (error) {
-                callback(error, result);
-            });
-        });
-    });
-}
@@ -1,20 +0,0 @@
-<%if (format === 'text') { %>
-
-Dear Cloudron Admin,
-
-Cloudron update failed because of the following reason:
-
-------------------------------------
-
-<%- message %>
-
-------------------------------------
-
-
-Powered by https://cloudron.io
-
-Sent at: <%= new Date().toUTCString() %>
-
-<% } else { %>
-
-<% } %>
@@ -2,7 +2,7 @@

 exports = module.exports = {
    addMailbox: addMailbox,
-    addList: addList,
+    addGroup: addGroup,

    updateMailboxOwner: updateMailboxOwner,
    updateList: updateList,
@@ -10,11 +10,10 @@ exports = module.exports = {

    listAliases: listAliases,
    listMailboxes: listMailboxes,
-    getLists: getLists,
+    listGroups: listGroups,

-    get: get,
    getMailbox: getMailbox,
-    getList: getList,
+    getGroup: getGroup,
    getAlias: getAlias,

    getAliasesForName: getAliasesForName,
@@ -34,8 +33,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js'),
    safe = require('safetydance'),
    util = require('util');

@@ -55,8 +54,8 @@ function addMailbox(name, domain, ownerId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO mailboxes (name, type, domain, ownerId) VALUES (?, ?, ?, ?)', [ name, exports.TYPE_MAILBOX, domain, ownerId ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -69,14 +68,14 @@ function updateMailboxOwner(name, domain, ownerId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('UPDATE mailboxes SET ownerId = ? WHERE name = ? AND domain = ?', [ ownerId, name, domain ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
 }

-function addList(name, domain, members, callback) {
+function addGroup(name, domain, members, callback) {
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert(Array.isArray(members));
@@ -84,8 +83,8 @@ function addList(name, domain, members, callback) {

    database.query('INSERT INTO mailboxes (name, type, domain, ownerId, membersJson) VALUES (?, ?, ?, ?, ?)',
        [ name, exports.TYPE_LIST, domain, 'admin', JSON.stringify(members) ], function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -99,8 +98,8 @@ function updateList(name, domain, members, callback) {

    database.query('UPDATE mailboxes SET membersJson = ? WHERE name = ? AND domain = ?',
        [ JSON.stringify(members), name, domain ], function (error, result) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

            callback(null);
        });
@@ -110,7 +109,7 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('TRUNCATE TABLE mailboxes', [], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        callback(null);
    });
 }
@@ -122,8 +121,8 @@ function del(name, domain, callback) {

    // deletes aliases as well
    database.query('DELETE FROM mailboxes WHERE (name=? OR aliasTarget = ?) AND domain = ?', [ name, name, domain ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -134,7 +133,7 @@ function delByDomain(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM mailboxes WHERE domain = ?', [ domain ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -145,7 +144,7 @@ function delByOwnerId(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM mailboxes WHERE ownerId=?', [ id ], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -162,28 +161,14 @@ function updateName(oldName, oldDomain, newName, newDomain, callback) {
    if (oldName === newName && oldDomain === newDomain) return callback(null);

    database.query('UPDATE mailboxes SET name=?, domain=? WHERE name=? AND domain = ?', [ newName, newDomain, oldName, oldDomain ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
 }

-function get(name, domain, callback) {
-    assert.strictEqual(typeof name, 'string');
-    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?',
-        [ name, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
-
-            callback(null, postProcess(results[0]));
-        });
-}
-
 function getMailbox(name, domain, callback) {
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof domain, 'string');
@@ -191,22 +176,20 @@ function getMailbox(name, domain, callback) {

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
        [ name, exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

            callback(null, postProcess(results[0]));
        });
 }

-function listMailboxes(domain, page, perPage, callback) {
+function listMailboxes(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof page, 'number');
-    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
+    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name',
        [ exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -214,13 +197,13 @@ function listMailboxes(domain, page, perPage, callback) {
        });
 }

-function getLists(domain, callback) {
+function listGroups(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ?',
        [ exports.TYPE_LIST, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -228,15 +211,15 @@ function getLists(domain, callback) {
        });
 }

-function getList(name, domain, callback) {
+function getGroup(name, domain, callback) {
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND name = ? AND domain = ?',
        [ exports.TYPE_LIST, name, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

            callback(null, postProcess(results[0]));
        });
@@ -247,8 +230,8 @@ function getByOwnerId(ownerId, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE ownerId = ? ORDER BY name', [ ownerId ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        results.forEach(function (result) { postProcess(result); });

@@ -263,8 +246,8 @@ function setAliasesForName(name, domain, aliases, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?', [ name, domain ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        var queries = [];
        // clear existing aliases
@@ -275,14 +258,8 @@ function setAliasesForName(name, domain, aliases, callback) {
        });

        database.transaction(queries, function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY' && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
-                var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
-                if (!aliasMatch) return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
-
-                return callback(new BoxError(BoxError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
-            }
-
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            callback(null);
        });
@@ -296,22 +273,20 @@ function getAliasesForName(name, domain, callback) {

    database.query('SELECT name FROM mailboxes WHERE type = ? AND aliasTarget = ? AND domain = ? ORDER BY name',
        [ exports.TYPE_ALIAS, name, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results = results.map(function (r) { return r.name; });
            callback(null, results);
        });
 }

-function listAliases(domain, page, perPage, callback) {
+function listAliases(domain, callback) {
    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof page, 'number');
-    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

-    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
+    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name',
        [ domain, exports.TYPE_ALIAS ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

            results.forEach(function (result) { postProcess(result); });

@@ -326,8 +301,8 @@ function getAlias(name, domain, callback) {

    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
        [ name, exports.TYPE_ALIAS, domain ], function (error, results) {
-            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

            results.forEach(function (result) { postProcess(result); });

@@ -15,8 +15,8 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
+    DatabaseError = require('./databaseerror.js'),
    safe = require('safetydance');

 var MAILDB_FIELDS = [ 'domain', 'enabled', 'mailFromValidation', 'catchAllJson', 'relayJson', 'dkimSelector' ].join(',');
@@ -40,9 +40,9 @@ function add(domain, data, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('INSERT INTO mail (domain, dkimSelector) VALUES (?, ?)', [ domain, data.dkimSelector || 'cloudron' ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mail domain already exists'));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND), 'no such domain');
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mail domain already exists'));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND), 'no such domain');
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -53,7 +53,7 @@ function clear(callback) {

    // using TRUNCATE makes it fail foreign key check
    database.query('DELETE FROM mail', [], function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
        callback(null);
    });
 }
@@ -64,9 +64,9 @@ function del(domain, callback) {

    // deletes aliases as well
    database.query('DELETE FROM mail WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -77,8 +77,8 @@ function get(domain, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail WHERE domain = ?', [ domain ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null, postProcess(results[0]));
    });
@@ -88,7 +88,7 @@ function list(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail ORDER BY domain', function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(function (result) { postProcess(result); });

@@ -118,8 +118,8 @@ function update(domain, data, callback) {
    args.push(domain);

    database.query('UPDATE mail SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -17,7 +17,6 @@ exports = module.exports = {
    backupFailed: backupFailed,

    certificateRenewalError: certificateRenewalError,
-    boxUpdateError: boxUpdateError,

    sendTestMail: sendTestMail,

@@ -25,11 +24,11 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    BoxError = require('./boxerror.js'),
+    config = require('./config.js'),
    custom = require('./custom.js'),
    debug = require('debug')('box:mailer'),
+    docker = require('./docker.js').connection,
    ejs = require('ejs'),
-    mail = require('./mail.js'),
    nodemailer = require('nodemailer'),
    path = require('path'),
    safe = require('safetydance'),
@@ -55,7 +54,7 @@ function getMailConfig(callback) {

        callback(null, {
            cloudronName: cloudronName,
-            notificationFrom: `"${cloudronName}" <no-reply@${settings.adminDomain()}>`
+            notificationFrom: `"${cloudronName}" <no-reply@${config.adminDomain()}>`
        });
    });
 }
@@ -69,20 +68,31 @@ function sendMail(mailOptions, callback) {
        return callback();
    }

-    mail.getMailAuth(function (error, data) {
+    docker.getContainer('mail').inspect(function (error, data) {
        if (error) return callback(error);

+        var mailServerIp = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
+        if (!mailServerIp) return callback('Error querying mail server IP');
+
+        // extract the relay token for auth
+        const env = safe.query(data, 'Config.Env', null);
+        if (!env) return callback(new Error('Error getting mail env'));
+        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
+        if (!tmp) return callback(new Error('Error getting CLOUDRON_RELAY_TOKEN env var'));
+        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
+        if (!relayToken)  return callback(new Error('Error parsing CLOUDRON_RELAY_TOKEN'));
+
        var transport = nodemailer.createTransport(smtpTransport({
-            host: data.ip,
-            port: data.port,
+            host: mailServerIp,
+            port: config.get('smtpPort'),
            auth: {
-                user: mailOptions.authUser || `no-reply@${settings.adminDomain()}`,
-                pass: data.relayToken
+                user: mailOptions.authUser || `no-reply@${config.adminDomain()}`,
+                pass: relayToken
            }
        }));

        transport.sendMail(mailOptions, function (error) {
-            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+            if (error) return callback(error);

            debug(`Email "${mailOptions.subject}" sent to ${mailOptions.to}`);

@@ -136,11 +146,11 @@ function sendInvite(user, invitor) {

        var templateData = {
            user: user,
-            webadminUrl: settings.adminOrigin(),
-            setupLink: `${settings.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`,
+            webadminUrl: config.adminOrigin(),
+            setupLink: `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`,
            invitor: invitor,
            cloudronName: mailConfig.cloudronName,
-            cloudronAvatarUrl: settings.adminOrigin() + '/api/v1/cloudron/avatar'
+            cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
        };

        var templateDataText = JSON.parse(JSON.stringify(templateData));
@@ -173,7 +183,7 @@ function userAdded(mailTo, user) {
        var templateData = {
            user: user,
            cloudronName: mailConfig.cloudronName,
-            cloudronAvatarUrl: settings.adminOrigin() + '/api/v1/cloudron/avatar'
+            cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
        };

        var templateDataText = JSON.parse(JSON.stringify(templateData));
@@ -223,9 +233,9 @@ function passwordReset(user) {

        var templateData = {
            user: user,
-            resetLink: `${settings.adminOrigin()}/api/v1/session/password/reset.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`,
+            resetLink: `${config.adminOrigin()}/api/v1/session/password/reset.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`,
            cloudronName: mailConfig.cloudronName,
-            cloudronAvatarUrl: settings.adminOrigin() + '/api/v1/cloudron/avatar'
+            cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
        };

        var templateDataText = JSON.parse(JSON.stringify(templateData));
@@ -304,7 +314,7 @@ function appUpdated(mailTo, app, callback) {
            changelog: app.manifest.changelog,
            changelogHTML: converter.makeHtml(app.manifest.changelog),
            cloudronName: mailConfig.cloudronName,
-            cloudronAvatarUrl: settings.adminOrigin() + '/api/v1/cloudron/avatar'
+            cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
        };

        var templateDataText = JSON.parse(JSON.stringify(templateData));
@@ -340,11 +350,11 @@ function appUpdatesAvailable(mailTo, apps, hasSubscription, callback) {
        });

        var templateData = {
-            webadminUrl: settings.adminOrigin(),
+            webadminUrl: config.adminOrigin(),
            hasSubscription: hasSubscription,
            apps: apps,
            cloudronName: mailConfig.cloudronName,
-            cloudronAvatarUrl: settings.adminOrigin() + '/api/v1/cloudron/avatar'
+            cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
        };

        var templateDataText = JSON.parse(JSON.stringify(templateData));
@@ -401,24 +411,6 @@ function certificateRenewalError(mailTo, domain, message) {
    });
 }

-function boxUpdateError(mailTo, message) {
-    assert.strictEqual(typeof mailTo, 'string');
-    assert.strictEqual(typeof message, 'string');
-
-    getMailConfig(function (error, mailConfig) {
-        if (error) return debug('Error getting mail details:', error);
-
-        var mailOptions = {
-            from: mailConfig.notificationFrom,
-            to: mailTo,
-            subject: util.format('[%s] Cloudron update error', mailConfig.cloudronName),
-            text: render('box_update_error.ejs', { message: message, format: 'text' })
-        };
-
-        sendMail(mailOptions);
-    });
-}
-
 function oomEvent(mailTo, program, event) {
    assert.strictEqual(typeof mailTo, 'string');
    assert.strictEqual(typeof program, 'string');
@@ -5,7 +5,7 @@ exports = module.exports = {
 };

 var assert = require('assert'),
-    constants = require('./constants.js'),
+    config = require('./config.js'),
    dns = require('dns'),
    _ = require('underscore');

@@ -24,7 +24,7 @@ function resolve(hostname, rrtype, options, callback) {
    options = _.extend({ }, DEFAULT_OPTIONS, options);

    // Only use unbound on a Cloudron
-    if (constants.CLOUDRON) resolver.setServers([ options.server ]);
+    if (config.CLOUDRON) resolver.setServers([ options.server ]);

    // should callback with ECANCELLED but looks like we might hit https://github.com/nodejs/node/issues/14814
    const timerId = setTimeout(resolver.cancel.bind(resolver), options.timeout || 5000);
@@ -13,8 +13,8 @@ exports = module.exports = {
 };

 let assert = require('assert'),
-    BoxError = require('./boxerror.js'),
-    database = require('./database.js');
+    database = require('./database.js'),
+    DatabaseError = require('./databaseerror');

 const NOTIFICATION_FIELDS = [ 'id', 'userId', 'eventId', 'title', 'message', 'creationTime', 'acknowledged' ];

@@ -34,8 +34,8 @@ function add(notification, callback) {
    const args = [ notification.userId, notification.eventId, notification.title, notification.message, notification.acknowledged ];

    database.query(query, args, function (error, result) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such eventlog entry'));
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such eventlog entry'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null, String(result.insertId));
    });
@@ -47,8 +47,8 @@ function getByUserIdAndTitle(userId, title, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + NOTIFICATION_FIELDS + ' from notifications WHERE userId = ? AND title = ? ORDER BY creationTime LIMIT 1', [ userId, title ], function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        postProcess(results[0]);

@@ -70,8 +70,8 @@ function update(id, data, callback) {
    args.push(id);

    database.query('UPDATE notifications SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -82,8 +82,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + NOTIFICATION_FIELDS + ' FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        postProcess(result[0]);

@@ -96,8 +96,8 @@ function del(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));

        callback(null);
    });
@@ -118,7 +118,7 @@ function listByUserIdPaged(userId, page, perPage, callback) {
    data.push(perPage);

    database.query(query, data, function (error, results) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        results.forEach(postProcess);

@@ -130,7 +130,7 @@ function clear(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('DELETE FROM notifications', function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -1,6 +1,8 @@
 'use strict';

 exports = module.exports = {
+    NotificationsError: NotificationsError,
+
    get: get,
    ack: ack,
    getAllPaged: getAllPaged,
@@ -22,16 +24,37 @@ exports = module.exports = {

 let assert = require('assert'),
    async = require('async'),
-    auditSource = require('./auditsource.js'),
-    BoxError = require('./boxerror.js'),
-    changelog = require('./changelog.js'),
+    config = require('./config.js'),
    custom = require('./custom.js'),
+    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:notifications'),
    eventlog = require('./eventlog.js'),
    mailer = require('./mailer.js'),
    notificationdb = require('./notificationdb.js'),
-    settings = require('./settings.js'),
-    users = require('./users.js');
+    users = require('./users.js'),
+    util = require('util');
+
+function NotificationsError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(NotificationsError, Error);
+NotificationsError.INTERNAL_ERROR = 'Internal Error';
+NotificationsError.NOT_FOUND = 'Not Found';

 function add(userId, eventId, title, message, callback) {
    assert.strictEqual(typeof userId, 'string');
@@ -49,7 +72,8 @@ function add(userId, eventId, title, message, callback) {
        message: message,
        acknowledged: false
    }, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
+        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

        callback(null, { id: result });
    });
@@ -60,7 +84,8 @@ function get(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    notificationdb.get(id, function (error, result) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
+        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

        callback(null, result);
    });
@@ -71,7 +96,8 @@ function ack(id, callback) {
    assert.strictEqual(typeof callback, 'function');

    notificationdb.update(id, { acknowledged: true }, function (error) {
-        if (error) return callback(error);
+        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
+        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

        callback(null);
    });
@@ -86,7 +112,7 @@ function getAllPaged(userId, acknowledged, page, perPage, callback) {
    assert.strictEqual(typeof callback, 'function');

    notificationdb.listByUserIdPaged(userId, page, perPage, function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

        if (acknowledged === null) return callback(null, result);

@@ -101,7 +127,7 @@ function actionForAllAdmins(skippingUserIds, iterator, callback) {
    assert.strictEqual(typeof callback, 'function');

    users.getAllAdmins(function (error, result) {
-        if (error) return callback(error);
+        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

        // filter out users we want to skip (like the user who did the action or the user the action was performed on)
        result = result.filter(function (r) { return skippingUserIds.indexOf(r.id) === -1; });
@@ -118,7 +144,7 @@ function userAdded(performedBy, eventId, user, callback) {

    actionForAllAdmins([ performedBy, user.id ], function (admin, done) {
        mailer.userAdded(admin.email, user);
-        add(admin.id, eventId, `User '${user.displayName}' added`, `User '${user.username || user.email || user.fallbackEmail}' was added.`, done);
+        add(admin.id, eventId, 'User added', `User ${user.fallbackEmail} was added`, done);
    }, callback);
 }

@@ -130,7 +156,7 @@ function userRemoved(performedBy, eventId, user, callback) {

    actionForAllAdmins([ performedBy, user.id ], function (admin, done) {
        mailer.userRemoved(admin.email, user);
-        add(admin.id, eventId, `User '${user.displayName}' removed`, `User '${user.username || user.email || user.fallbackEmail}' was removed.`, done);
+        add(admin.id, eventId, 'User removed', `User ${user.username || user.email || user.fallbackEmail} was removed`, done);
    }, callback);
 }

@@ -141,7 +167,7 @@ function adminChanged(performedBy, eventId, user, callback) {

    actionForAllAdmins([ performedBy, user.id ], function (admin, done) {
        mailer.adminChanged(admin.email, user, user.admin);
-        add(admin.id, eventId, `User '${user.displayName} ' ${user.admin ? 'is now an admin' : 'is no more an admin'}`, `User '${user.username || user.email || user.fallbackEmail}' ${user.admin ? 'is now an admin' : 'is no more an admin'}.`, done);
+        add(admin.id, eventId, 'Admin status change', `User ${user.username || user.email || user.fallbackEmail} ${user.admin ? 'is now an admin' : 'is no more an admin'}`, done);
    }, callback);
 }

@@ -210,13 +236,8 @@ function appUpdated(eventId, app, callback) {
    assert.strictEqual(typeof app, 'object');
    assert.strictEqual(typeof callback, 'function');

-    const tmp = app.manifest.description.match(/<upstream>(.*)<\/upstream>/i);
-    const upstreamVersion = (tmp && tmp[1]) ? tmp[1] : '';
-    const title = upstreamVersion ? `${app.manifest.title} at ${app.fqdn} updated to ${upstreamVersion} (package version ${app.manifest.version})`
-        : `${app.manifest.title} at ${app.fqdn} updated to package version ${app.manifest.version}`;
-
    actionForAllAdmins([], function (admin, done) {
-        add(admin.id, eventId, title, `The application ${app.manifest.title} installed at https://${app.fqdn} was updated.\n\nChangelog:\n${app.manifest.changelog}\n`, function (error) {
+        add(admin.id, eventId, `App ${app.fqdn} updated`, `The application ${app.manifest.title} installed at https://${app.fqdn} was updated to package version ${app.manifest.version}.`, function (error) {
            if (error) return callback(error);

            mailer.appUpdated(admin.email, app, function (error) {
@@ -227,34 +248,6 @@ function appUpdated(eventId, app, callback) {
    }, callback);
 }

-function boxUpdated(eventId, oldVersion, newVersion, callback) {
-    assert.strictEqual(typeof eventId, 'string');
-    assert.strictEqual(typeof oldVersion, 'string');
-    assert.strictEqual(typeof newVersion, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    const changes = changelog.getChanges(newVersion);
-    const changelogMarkdown = changes.map((m) => `* ${m}\n`).join('');
-
-    actionForAllAdmins([], function (admin, done) {
-        add(admin.id, eventId, `Cloudron updated to v${newVersion}`, `Cloudron was updated from v${oldVersion} to v${newVersion}.\n\nChangelog:\n${changelogMarkdown}\n`, done);
-    }, callback);
-}
-
-function boxUpdateError(eventId, errorMessage, callback) {
-    assert.strictEqual(typeof eventId, 'string');
-    assert.strictEqual(typeof errorMessage, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    if (custom.spec().alerts.email) mailer.boxUpdateError(custom.spec().alerts.email, errorMessage);
-    if (!custom.spec().alerts.notifyCloudronAdmins) return callback();
-
-    actionForAllAdmins([], function (admin, done) {
-        mailer.boxUpdateError(admin.email, errorMessage);
-        add(admin.id, eventId, 'Cloudron update failed', `Failed to update Cloudron: ${errorMessage}. Update will be retried in 4 hours`, done);
-    }, callback);
-}
-
 function certificateRenewalError(eventId, vhost, errorMessage, callback) {
    assert.strictEqual(typeof eventId, 'string');
    assert.strictEqual(typeof vhost, 'string');
@@ -276,12 +269,12 @@ function backupFailed(eventId, taskId, errorMessage, callback) {
    assert.strictEqual(typeof errorMessage, 'string');
    assert.strictEqual(typeof callback, 'function');

-    if (custom.spec().alerts.email) mailer.backupFailed(custom.spec().alerts.email, errorMessage, `${settings.adminOrigin()}/logs.html?taskId=${taskId}`);
+    if (custom.spec().alerts.email) mailer.backupFailed(custom.spec().alerts.email, errorMessage, `${config.adminOrigin()}/logs.html?taskId=${taskId}`);
    if (!custom.spec().alerts.notifyCloudronAdmins) return callback();

    actionForAllAdmins([], function (admin, callback) {
-        mailer.backupFailed(admin.email, errorMessage, `${settings.adminOrigin()}/logs.html?taskId=${taskId}`);
-        add(admin.id, eventId, 'Backup failed', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
+        mailer.backupFailed(admin.email, errorMessage, `${config.adminOrigin()}/logs.html?taskId=${taskId}`);
+        add(admin.id, eventId, 'Failed to backup', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
    }, callback);
 }

@@ -306,14 +299,15 @@ function alert(id, title, message, callback) {
        };

        notificationdb.getByUserIdAndTitle(admin.id, title, function (error, result) {
-            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
+            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

            if (!result && acknowledged) return callback(); // do not add acked alerts

            let updateFunc = !result ? notificationdb.add.bind(null, data) : notificationdb.update.bind(null, result.id, data);

            updateFunc(function (error) {
-                if (error) return callback(error);
+                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
+                if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));

                callback(null);
            });
@@ -332,9 +326,6 @@ function onEvent(id, action, source, data, callback) {
    assert.strictEqual(typeof data, 'object');
    assert.strictEqual(typeof callback, 'function');

-    // external ldap syncer does not generate notifications - FIXME username might be an issue here
-    if (source.username === auditSource.EXTERNAL_LDAP_TASK.username) return callback();
-
    switch (action) {
    case eventlog.ACTION_USER_ADD:
        return userAdded(source.userId, id, data.user, callback);
@@ -356,7 +347,6 @@ function onEvent(id, action, source, data, callback) {
        return appUp(id, data.app, callback);

    case eventlog.ACTION_APP_UPDATE_FINISH:
-        if (!data.app.appStoreId) return callback(); // skip notification of dev apps
        return appUpdated(id, data.app, callback);

    case eventlog.ACTION_CERTIFICATE_RENEWAL:
@@ -365,15 +355,8 @@ function onEvent(id, action, source, data, callback) {
        return certificateRenewalError(id, data.domain, data.errorMessage, callback);

    case eventlog.ACTION_BACKUP_FINISH:
-        if (!data.errorMessage) return callback();
-        if (source.username !== auditSource.CRON.username && !data.timedOut) return callback(); // manual stop by user
-
-        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups or timedout
-
-    case eventlog.ACTION_UPDATE_FINISH:
-        if (!data.errorMessage) return boxUpdated(id, data.oldVersion, data.newVersion, callback);
-        if (data.timedOut) return boxUpdateError(id, data.errorMessage, callback);
-        return callback();
+        if (!data.errorMessage || source.username !== 'cron') return callback();
+        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups

    default:
        return callback();
@@ -61,7 +61,7 @@ app.controller('Controller', ['$scope', function ($scope) {
            <div class="control-label" ng-show="setupForm.password.$dirty && setupForm.password.$invalid">
              <small ng-show="setupForm.password.$dirty && setupForm.password.$invalid">Password must be atleast 8 characters</small>
            </div>
-            <input type="password" class="form-control" ng-model="password" name="password" ng-pattern="/^.{8,}$/" required>
+            <input type="password" class="form-control" ng-model="password" name="password" ng-pattern="/^.{8,30}$/" required>
          </div>

          <div class="form-group" ng-class="{ 'has-error': (setupForm.passwordRepeat.$dirty && (password !== passwordRepeat)) }">
@@ -1,6 +1,8 @@

    <footer class="text-center">
      <span class="text-muted">&copy; 2016-19 <a href="https://cloudron.io" target="_blank">Cloudron</a></span>
+      <span class="text-muted"><a href="https://twitter.com/cloudron_io" target="_blank">Twitter <i class="fa fa-twitter"></i></a></span>
+      <span class="text-muted"><a href="https://chat.cloudron.io" target="_blank">Chat <i class="fa fa-comments"></i></a></span>
    </footer>

 	</div>
@@ -13,7 +13,7 @@
    <link href="<%= adminOrigin %>/theme.css" rel="stylesheet">

    <!-- Custom Fonts -->
-    <link href="<%= adminOrigin %>/3rdparty/fontawesome/css/all.min.css" rel="stylesheet" rel="stylesheet" type="text/css">
+    <link href="<%= adminOrigin %>/3rdparty/css/font-awesome.min.css" rel="stylesheet" rel="stylesheet" type="text/css">

    <!-- jQuery-->
    <script src="<%= adminOrigin %>/3rdparty/js/jquery.min.js"></script>
@@ -1,61 +1,45 @@
 'use strict';

-var constants = require('./constants.js'),
+var config = require('./config.js'),
    path = require('path');

-function baseDir() {
-    const homeDir = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
-    if (constants.CLOUDRON) return homeDir;
-    if (constants.TEST) return path.join(homeDir, '.cloudron_test');
-    // cannot reach
-}
-
 // keep these values in sync with start.sh
 exports = module.exports = {
-    baseDir: baseDir,
-
    CLOUDRON_DEFAULT_AVATAR_FILE: path.join(__dirname + '/../assets/avatar.png'),
-    INFRA_VERSION_FILE: path.join(baseDir(), 'platformdata/INFRA_VERSION'),
+    INFRA_VERSION_FILE: path.join(config.baseDir(), 'platformdata/INFRA_VERSION'),

    LICENSE_FILE: '/etc/cloudron/LICENSE',
-    PROVIDER_FILE: '/etc/cloudron/PROVIDER',
+    CUSTOM_FILE: '/etc/cloudron/custom.yml',

-    PLATFORM_DATA_DIR: path.join(baseDir(), 'platformdata'),
-    APPS_DATA_DIR: path.join(baseDir(), 'appsdata'),
-    BOX_DATA_DIR: path.join(baseDir(), 'boxdata'),
+    PLATFORM_DATA_DIR: path.join(config.baseDir(), 'platformdata'),
+    APPS_DATA_DIR: path.join(config.baseDir(), 'appsdata'),
+    BOX_DATA_DIR: path.join(config.baseDir(), 'boxdata'),

-    CUSTOM_FILE: path.join(baseDir(), 'boxdata/custom.yml'),
-
-    ACME_CHALLENGES_DIR: path.join(baseDir(), 'platformdata/acme'),
-    ADDON_CONFIG_DIR: path.join(baseDir(), 'platformdata/addons'),
-    COLLECTD_APPCONFIG_DIR: path.join(baseDir(), 'platformdata/collectd/collectd.conf.d'),
-    LOGROTATE_CONFIG_DIR: path.join(baseDir(), 'platformdata/logrotate.d'),
-    NGINX_CONFIG_DIR: path.join(baseDir(), 'platformdata/nginx'),
-    NGINX_APPCONFIG_DIR: path.join(baseDir(), 'platformdata/nginx/applications'),
-    NGINX_CERT_DIR: path.join(baseDir(), 'platformdata/nginx/cert'),
-    BACKUP_INFO_DIR: path.join(baseDir(), 'platformdata/backup'),
-    UPDATE_DIR: path.join(baseDir(), 'platformdata/update'),
-    SNAPSHOT_INFO_FILE: path.join(baseDir(), 'platformdata/backup/snapshot-info.json'),
-    DYNDNS_INFO_FILE: path.join(baseDir(), 'platformdata/dyndns-info.json'),
-    VERSION_FILE: path.join(baseDir(), 'platformdata/VERSION'),
-
-    SESSION_SECRET_FILE: path.join(baseDir(), 'boxdata/session.secret'),
-    SESSION_DIR: path.join(baseDir(), 'platformdata/sessions'),
+    ACME_CHALLENGES_DIR: path.join(config.baseDir(), 'platformdata/acme'),
+    ADDON_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/addons'),
+    COLLECTD_APPCONFIG_DIR: path.join(config.baseDir(), 'platformdata/collectd/collectd.conf.d'),
+    LOGROTATE_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/logrotate.d'),
+    NGINX_CONFIG_DIR: path.join(config.baseDir(), 'platformdata/nginx'),
+    NGINX_APPCONFIG_DIR: path.join(config.baseDir(), 'platformdata/nginx/applications'),
+    NGINX_CERT_DIR: path.join(config.baseDir(), 'platformdata/nginx/cert'),
+    BACKUP_INFO_DIR: path.join(config.baseDir(), 'platformdata/backup'),
+    UPDATE_DIR: path.join(config.baseDir(), 'platformdata/update'),
+    SNAPSHOT_INFO_FILE: path.join(config.baseDir(), 'platformdata/backup/snapshot-info.json'),
+    DYNDNS_INFO_FILE: path.join(config.baseDir(), 'platformdata/dyndns-info.json'),

    // this is not part of appdata because an icon may be set before install
-    APP_ICONS_DIR: path.join(baseDir(), 'boxdata/appicons'),
-    PROFILE_ICONS_DIR: path.join(baseDir(), 'boxdata/profileicons'),
-    MAIL_DATA_DIR: path.join(baseDir(), 'boxdata/mail'),
-    ACME_ACCOUNT_KEY_FILE: path.join(baseDir(), 'boxdata/acme/acme.key'),
-    APP_CERTS_DIR: path.join(baseDir(), 'boxdata/certs'),
-    CLOUDRON_AVATAR_FILE: path.join(baseDir(), 'boxdata/avatar.png'),
-    UPDATE_CHECKER_FILE: path.join(baseDir(), 'boxdata/updatechecker.json'),
+    APP_ICONS_DIR: path.join(config.baseDir(), 'boxdata/appicons'),
+    MAIL_DATA_DIR: path.join(config.baseDir(), 'boxdata/mail'),
+    ACME_ACCOUNT_KEY_FILE: path.join(config.baseDir(), 'boxdata/acme/acme.key'),
+    APP_CERTS_DIR: path.join(config.baseDir(), 'boxdata/certs'),
+    CLOUDRON_AVATAR_FILE: path.join(config.baseDir(), 'boxdata/avatar.png'),
+    UPDATE_CHECKER_FILE: path.join(config.baseDir(), 'boxdata/updatechecker.json'),

-    LOG_DIR: path.join(baseDir(), 'platformdata/logs'),
-    TASKS_LOG_DIR: path.join(baseDir(), 'platformdata/logs/tasks'),
-    CRASH_LOG_DIR: path.join(baseDir(), 'platformdata/logs/crash'),
+    LOG_DIR: path.join(config.baseDir(), 'platformdata/logs'),
+    TASKS_LOG_DIR: path.join(config.baseDir(), 'platformdata/logs/tasks'),
+    CRASH_LOG_DIR: path.join(config.baseDir(), 'platformdata/logs/crash'),

    // this pattern is for the cloudron logs API route to work
-    BACKUP_LOG_FILE: path.join(baseDir(), 'platformdata/logs/backup/app.log'),
-    UPDATER_LOG_FILE: path.join(baseDir(), 'platformdata/logs/updater/app.log')
+    BACKUP_LOG_FILE: path.join(config.baseDir(), 'platformdata/logs/backup/app.log'),
+    UPDATER_LOG_FILE: path.join(config.baseDir(), 'platformdata/logs/updater/app.log')
 };
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Girish Ramakrishnan	c0c5561aac	DO DNS API break means this value must atleast be 30	2019-06-17 20:13:09 -07:00
Girish Ramakrishnan	23bfc1a3b8	Fix mail auth with manifest v2 (cherry picked from commit `8cd5c15c2b`)	2019-06-17 11:14:16 -07:00
Girish Ramakrishnan	73a44d1fb2	4.1.4 changes	2019-06-16 17:58:56 -07:00
Girish Ramakrishnan	a1970f3b65	Prefix mysql url/database variables (cherry picked from commit `c5f6e6b028`)	2019-06-15 11:22:58 -07:00
Girish Ramakrishnan	c69f4e4a48	Add 4.1.3 changes	2019-06-14 16:56:02 -07:00
Girish Ramakrishnan	417a8de823	Update manifestformat (for v2)	2019-06-14 16:55:11 -07:00