silent(): use return instead of exit to allow || true error handling

Previously, silent() called exit on failure, making all 86+ instances
of '$STD cmd || true' across the codebase silently broken - the || true
never had a chance to execute.

Now silent() returns the exit code, letting callers handle errors:
- $STD cmd || true  -> works correctly (continues on failure)
- $STD cmd          -> set -e + ERR trap catches it -> error_handler()

error_handler() picks up metadata (_SILENT_FAILED_*) from silent() to
show the actual command, line number, and log tail.

CHANGELOG.md

@@ -429,6 +429,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-04-04
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - komodo: set `PERIPHERY_CORE_PUBLIC_KEYS` to default value if absent [@4ndv](https://github.com/4ndv) ([#13519](https://github.com/community-scripts/ProxmoxVE/pull/13519))
+
 ## 2026-04-03
 
 ### 🆕 New Scripts
@@ -437,10 +445,32 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ### 🚀 Updated Scripts
 
+  - #### 🐞 Bug Fixes
+
+    - OpenWRT-VM: use poweroff instead of halt to properly stop VM [@MickLesk](https://github.com/MickLesk) ([#13504](https://github.com/community-scripts/ProxmoxVE/pull/13504))
+    - NginxProxyManager: fix openresty restart by setting user root before reload [@MickLesk](https://github.com/MickLesk) ([#13500](https://github.com/community-scripts/ProxmoxVE/pull/13500))
+
   - #### ✨ New Features
 
+    - Crafty Controller: add Java 25 for Minecraft 1.26.1+ [@MickLesk](https://github.com/MickLesk) ([#13502](https://github.com/community-scripts/ProxmoxVE/pull/13502))
     - Wealthfolio: update to v3.2.1 and Node.js 24 [@afadil](https://github.com/afadil) ([#13486](https://github.com/community-scripts/ProxmoxVE/pull/13486))
 
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core.func: prevent profile.d scripts from aborting on non-zero exit [@MickLesk](https://github.com/MickLesk) ([#13503](https://github.com/community-scripts/ProxmoxVE/pull/13503))
+
+  - #### ✨ New Features
+
+    - APT Proxy: Support full URLs (http/https with custom ports) [@MickLesk](https://github.com/MickLesk) ([#13474](https://github.com/community-scripts/ProxmoxVE/pull/13474))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - PVE LXC-Updater: pipe apt list through cat to prevent pager hang [@MickLesk](https://github.com/MickLesk) ([#13501](https://github.com/community-scripts/ProxmoxVE/pull/13501))
+
 ## 2026-04-02
 
 ### 🚀 Updated Scripts

ct/nginxproxymanager.sh

@@ -92,6 +92,7 @@ ExecStart=/usr/local/openresty/nginx/sbin/nginx -g 'daemon off;'
 [Install]
 WantedBy=multi-user.target
 EOF
+    sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/nginx.conf
     systemctl daemon-reload
     systemctl unmask openresty 2>/dev/null || true
     systemctl restart openresty

install/crafty-controller-install.sh

@@ -15,8 +15,8 @@ update_os
 
 msg_info "Setting up TemurinJDK"
 setup_java
-$STD apt install -y temurin-{8,11,17,21}-jre
-sudo update-alternatives --set java /usr/lib/jvm/temurin-21-jre-amd64/bin/java
+$STD apt install -y temurin-{8,11,17,21,25}-jre
+sudo update-alternatives --set java /usr/lib/jvm/temurin-25-jre-amd64/bin/java
 msg_ok "Installed TemurinJDK"
 
 msg_info "Setup Python3"
@@ -59,7 +59,7 @@ After=network.target
 Type=simple
 User=crafty
 WorkingDirectory=/opt/crafty-controller/crafty/crafty-4
-Environment=PATH=/usr/lib/jvm/temurin-21-jre-amd64/bin:/opt/crafty-controller/crafty/.venv/bin:$PATH
+Environment=PATH=/usr/lib/jvm/temurin-25-jre-amd64/bin:/opt/crafty-controller/crafty/.venv/bin:$PATH
 ExecStart=/opt/crafty-controller/crafty/.venv/bin/python3 main.py -d
 Restart=on-failure
 

misc/build.func

@@ -986,13 +986,23 @@ base_settings() {
 
   # Runtime check: Verify APT cacher is reachable if configured
   if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then
-    if ! curl -s --connect-timeout 2 "http://${APT_CACHER_IP}:3142" >/dev/null 2>&1; then
-      msg_warn "APT Cacher configured but not reachable at ${APT_CACHER_IP}:3142"
+    local _check_host _check_port _check_url
+    _check_host=$(echo "$APT_CACHER_IP" | sed -e 's|https\?://||' -e 's|/.*||' | cut -d: -f1)
+    _check_port=$(echo "$APT_CACHER_IP" | sed -e 's|https\?://||' -e 's|/.*||' | cut -s -d: -f2)
+    if [[ "$APT_CACHER_IP" =~ ^https?:// ]]; then
+      _check_url="$APT_CACHER_IP"
+      _check_port="${_check_port:-80}"
+    else
+      _check_port="${_check_port:-3142}"
+      _check_url="http://${APT_CACHER_IP}:${_check_port}"
+    fi
+    if ! curl -s --connect-timeout 2 "${_check_url}" >/dev/null 2>&1; then
+      msg_warn "APT Cacher configured but not reachable at ${_check_url}"
       msg_custom "⚠️" "${YW}" "Disabling APT Cacher for this installation"
       APT_CACHER=""
       APT_CACHER_IP=""
     else
-      msg_ok "APT Cacher verified at ${APT_CACHER_IP}:3142"
+      msg_ok "APT Cacher verified at ${_check_url}"
     fi
   fi
 
@@ -1199,6 +1209,13 @@ load_vars_file() {
             continue
           fi
           ;;
+        var_apt_cacher_ip)
+          # Allow: plain IP/hostname, http://host, https://host:port
+          if [[ -n "$var_val" ]] && ! [[ "$var_val" =~ ^(https?://)?[a-zA-Z0-9._-]+(:[0-9]+)?(/.*)?$ ]]; then
+            msg_warn "Invalid APT Cacher address '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
         var_container_storage | var_template_storage)
           # Validate that the storage exists and is active on the current node
           local _storage_status
@@ -1311,9 +1328,11 @@ var_ipv6_method=none
 var_ssh=no
 # var_ssh_authorized_key=
 
-# APT cacher (optional - with example)
+# APT cacher (optional - IP or URL)
 # var_apt_cacher=yes
 # var_apt_cacher_ip=192.168.1.10
+# var_apt_cacher_ip=http://proxy.local
+# var_apt_cacher_ip=https://proxy.local:443
 
 # Features/Tags/verbosity
 var_fuse=no
@@ -2526,7 +2545,7 @@ advanced_settings() {
         # Ask for IP if enabled
         if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
           --title "APT CACHER IP" \
-          --inputbox "\nEnter APT Cacher-NG server IP address:" 10 58 "$_apt_cacher_ip" \
+          --inputbox "\nEnter APT Cacher-NG IP or URL:\n(e.g. 192.168.1.10, http://host, https://host:443)" 12 62 "$_apt_cacher_ip" \
           3>&1 1>&2 2>&3); then
           _apt_cacher_ip="$result"
         fi

misc/core.func

@@ -143,7 +143,7 @@ ensure_profile_loaded() {
   # Source all profile.d scripts to ensure PATH is complete
   if [[ -d /etc/profile.d ]]; then
     for script in /etc/profile.d/*.sh; do
-      [[ -r "$script" ]] && source "$script"
+      [[ -r "$script" ]] && source "$script" || true
     done
   fi
 
@@ -527,29 +527,23 @@ silent() {
   fi
 
   if [[ $rc -ne 0 ]]; then
-    # Source explain_exit_code if needed
-    if ! declare -f explain_exit_code >/dev/null 2>&1; then
-      if ! source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func); then
-        explain_exit_code() { echo "unknown (error_handler.func download failed)"; }
-      fi
-    fi
+    # Return instead of exit so that callers can use `$STD cmd || true`
+    # or `if $STD cmd; then ...` to handle errors gracefully.
+    # When no || / if is used, set -e + ERR trap will still catch it
+    # and error_handler() will display the error and exit.
+    #
+    # Set flag so error_handler knows to show log tail from silent's logfile
+    export _SILENT_FAILED_RC="$rc"
+    export _SILENT_FAILED_CMD="$cmd"
+    export _SILENT_FAILED_LINE="$caller_line"
+    export _SILENT_FAILED_LOG="$logfile"
 
-    local explanation
-    explanation="$(explain_exit_code "$rc")"
-
-    printf "\e[?25h"
-    msg_error "in line ${caller_line}: exit code ${rc} (${explanation})"
-    msg_custom "→" "${YWB}" "${cmd}"
-
-    if [[ -s "$logfile" ]]; then
-      echo -e "\n${TAB}--- Last 20 lines of log ---"
-      tail -n 20 "$logfile"
-      echo -e "${TAB}-----------------------------------"
-      echo -e "${TAB}📋 Full log: ${logfile}\n"
-    fi
-
-    exit "$rc"
+    return "$rc"
   fi
+
+  # Clear stale flags on success (prevents false positives if a previous
+  # $STD cmd || true failed and a later non-silent command triggers error_handler)
+  unset _SILENT_FAILED_RC _SILENT_FAILED_CMD _SILENT_FAILED_LINE _SILENT_FAILED_LOG 2>/dev/null || true
 }
 
 # ------------------------------------------------------------------------------

misc/error_handler.func

@@ -236,6 +236,16 @@ error_handler() {
 
   command="${command//\$STD/}"
 
+  # If error originated from silent(), use its captured metadata
+  # This provides the actual command and line number instead of "silent ..."
+  if [[ -n "${_SILENT_FAILED_RC:-}" ]]; then
+    exit_code="$_SILENT_FAILED_RC"
+    command="$_SILENT_FAILED_CMD"
+    line_number="$_SILENT_FAILED_LINE"
+    # Clear flags to prevent stale data on subsequent errors
+    unset _SILENT_FAILED_RC _SILENT_FAILED_CMD _SILENT_FAILED_LINE
+  fi
+
   if [[ "$exit_code" -eq 0 ]]; then
     return 0
   fi
@@ -279,8 +289,12 @@ error_handler() {
   fi
 
   # Get active log file (BUILD_LOG or INSTALL_LOG)
+  # Prefer silent()'s logfile when available (contains the actual command output)
   local active_log=""
-  if declare -f get_active_logfile >/dev/null 2>&1; then
+  if [[ -n "${_SILENT_FAILED_LOG:-}" && -s "${_SILENT_FAILED_LOG}" ]]; then
+    active_log="$_SILENT_FAILED_LOG"
+    unset _SILENT_FAILED_LOG
+  elif declare -f get_active_logfile >/dev/null 2>&1; then
     active_log="$(get_active_logfile)"
   elif [[ -n "${SILENT_LOGFILE:-}" ]]; then
     active_log="$SILENT_LOGFILE"

misc/install.func

@@ -390,10 +390,24 @@ update_os() {
   msg_info "Updating Container OS"
   if [[ "$CACHER" == "yes" ]]; then
     echo 'Acquire::http::Proxy-Auto-Detect "/usr/local/bin/apt-proxy-detect.sh";' >/etc/apt/apt.conf.d/00aptproxy
+    local _proxy_raw="${CACHER_IP}"
+    local _proxy_host _proxy_port _proxy_url
+    # Parse host and port from URL or plain IP/hostname
+    _proxy_host=$(echo "$_proxy_raw" | sed -e 's|https\?://||' -e 's|/.*||' | cut -d: -f1)
+    _proxy_port=$(echo "$_proxy_raw" | sed -e 's|https\?://||' -e 's|/.*||' | cut -s -d: -f2)
+    if [[ "$_proxy_raw" =~ ^https?:// ]]; then
+      # Full URL provided — use as-is for proxy output, extract port for nc check
+      _proxy_url="$_proxy_raw"
+      _proxy_port="${_proxy_port:-80}"
+    else
+      # Legacy: plain IP or hostname — default to http + port 3142
+      _proxy_port="${_proxy_port:-3142}"
+      _proxy_url="http://${_proxy_raw}:${_proxy_port}"
+    fi
     cat <<EOF >/usr/local/bin/apt-proxy-detect.sh
 #!/bin/bash
-if nc -w1 -z "${CACHER_IP}" 3142; then
-  echo -n "http://${CACHER_IP}:3142"
+if nc -w1 -z "${_proxy_host}" ${_proxy_port}; then
+  echo -n "${_proxy_url}"
 else
   echo -n "DIRECT"
 fi

misc/vm-core.func

@@ -188,32 +188,18 @@ silent() {
   trap 'error_handler' ERR
 
   if [[ $rc -ne 0 ]]; then
-    # Source explain_exit_code if needed
-    if ! declare -f explain_exit_code >/dev/null 2>&1; then
-      source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVE/raw/branch/main/misc/error_handler.func) 2>/dev/null || true
-    fi
+    # Return instead of exit so that callers can use `$STD cmd || true`
+    # When no || is used, set -e + ERR trap catches it via error_handler()
+    export _SILENT_FAILED_RC="$rc"
+    export _SILENT_FAILED_CMD="$cmd"
+    export _SILENT_FAILED_LINE="$caller_line"
+    export _SILENT_FAILED_LOG="$logfile"
 
-    local explanation=""
-    if declare -f explain_exit_code >/dev/null 2>&1; then
-      explanation="$(explain_exit_code "$rc")"
-    fi
-
-    printf "\e[?25h"
-    if [[ -n "$explanation" ]]; then
-      msg_error "in line ${caller_line}: exit code ${rc} (${explanation})"
-    else
-      msg_error "in line ${caller_line}: exit code ${rc}"
-    fi
-    msg_custom "→" "${YWB}" "${cmd}"
-
-    if [[ -s "$logfile" ]]; then
-      echo -e "\n${TAB}--- Last 20 lines of log ---"
-      tail -n 20 "$logfile"
-      echo -e "${TAB}----------------------------\n"
-    fi
-
-    exit "$rc"
+    return "$rc"
   fi
+
+  # Clear stale flags on success
+  unset _SILENT_FAILED_RC _SILENT_FAILED_CMD _SILENT_FAILED_LINE _SILENT_FAILED_LOG 2>/dev/null || true
 }
 
 # ------------------------------------------------------------------------------

tools/addon/komodo.sh

@@ -111,6 +111,12 @@ function update() {
     sed -i '/^KOMODO_PASSKEY=/d' "$COMPOSE_ENV"
   fi
 
+  # === v2 migration: ensure PERIPHERY_CORE_PUBLIC_KEYS is set ===
+  if ! grep -q 'PERIPHERY_CORE_PUBLIC_KEYS' "$COMPOSE_ENV"; then
+    echo '## Use the public key generated by Core.' >> "$COMPOSE_ENV"
+    echo 'PERIPHERY_CORE_PUBLIC_KEYS=file:/config/keys/core.pub' >> "$COMPOSE_ENV"
+  fi
+
   # === ensure backups path is set ===
   if ! grep -q 'COMPOSE_KOMODO_BACKUPS_PATH=' "$COMPOSE_ENV"; then
     echo 'COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups' >>"$COMPOSE_ENV"

tools/pve/update-lxcs.sh

@@ -78,7 +78,7 @@ function update_container() {
   alpine) pct exec "$container" -- ash -c "apk -U upgrade" ;;
   archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;;
   fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;;
-  ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update 2>/dev/null | grep 'packages.*upgraded'; apt list --upgradable && apt-get -yq dist-upgrade 2>&1; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED || true" ;;
+  ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update 2>/dev/null | grep 'packages.*upgraded'; apt list --upgradable 2>/dev/null | cat && apt-get -yq dist-upgrade 2>&1; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED || true" ;;
   opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;;
   esac
 }

vm/openwrt-vm.sh

@@ -663,7 +663,7 @@ if qm status "$VMID" | grep -q "running"; then
   send_line_to_vm "uci set network.lan.ipaddr=${LAN_IP_ADDR}"
   send_line_to_vm "uci set network.lan.netmask=${LAN_NETMASK}"
   send_line_to_vm "uci commit"
-  send_line_to_vm "halt"
+  send_line_to_vm "poweroff"
   msg_ok "Network interfaces configured in OpenWrt"
 else
   msg_error "VM is not running"