Update CHANGELOG.md (#10937)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -10,24 +10,40 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2026-01-19
+
 ## 2026-01-18
 
 ### 🆕 New Scripts
 
-  - ThingsBoard ([#10904](https://github.com/community-scripts/ProxmoxVE/pull/10904))
+  - Termix ([#10887](https://github.com/community-scripts/ProxmoxVE/pull/10887))
+- ThingsBoard ([#10904](https://github.com/community-scripts/ProxmoxVE/pull/10904))
 
 ### 🚀 Updated Scripts
 
   - #### 🐞 Bug Fixes
 
+    - Fix Patchmon install script (escaping) [@christiaangoossens](https://github.com/christiaangoossens) ([#10920](https://github.com/community-scripts/ProxmoxVE/pull/10920))
     - refactor: peanut entrypoint [@CrazyWolf13](https://github.com/CrazyWolf13) ([#10902](https://github.com/community-scripts/ProxmoxVE/pull/10902))
 
   - #### 💥 Breaking Changes
 
     - Update Patchmon default Nginx config (IPv6 and correct scheme) [@christiaangoossens](https://github.com/christiaangoossens) ([#10917](https://github.com/community-scripts/ProxmoxVE/pull/10917))
 
+  - #### 🔧 Refactor
+
+    - Refactor: FluidCalendar [@tremor021](https://github.com/tremor021) ([#10928](https://github.com/community-scripts/ProxmoxVE/pull/10928))
+
+### 🗑️ Deleted Scripts
+
+  - Remove iVentoy script [@tremor021](https://github.com/tremor021) ([#10924](https://github.com/community-scripts/ProxmoxVE/pull/10924))
+
 ### 💾 Core
 
+  - #### ✨ New Features
+
+    - core: improve password handling and validation logic [@MickLesk](https://github.com/MickLesk) ([#10925](https://github.com/community-scripts/ProxmoxVE/pull/10925))
+
   - #### 🔧 Refactor
 
     - hwaccel: improve NVIDIA version matching and GPU selection UI [@MickLesk](https://github.com/MickLesk) ([#10901](https://github.com/community-scripts/ProxmoxVE/pull/10901))

ct/fluid-calendar.sh

@@ -34,11 +34,10 @@ function update_script() {
     msg_info "Stopped Service"
 
     cp /opt/fluid-calendar/.env /opt/fluid.env
-    rm -rf /opt/fluid-calendar
-    fetch_and_deploy_gh_release "fluid-calendar" "dotnetfactory/fluid-calendar" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "fluid-calendar" "dotnetfactory/fluid-calendar" "tarball"
+    mv /opt/fluid.env /opt/fluid-calendar/.env
 
     msg_info "Updating Fluid Calendar"
-    mv /opt/fluid.env /opt/fluid-calendar/.env
     cd /opt/fluid-calendar
     export NEXT_TELEMETRY_DISABLED=1
     $STD npm install --legacy-peer-deps

ct/headers/iventoy

@@ -1,6 +0,0 @@
-    _ _    __           __             
-   (_) |  / /__  ____  / /_____  __  __
-  / /| | / / _ \/ __ \/ __/ __ \/ / / /
- / / | |/ /  __/ / / / /_/ /_/ / /_/ / 
-/_/  |___/\___/_/ /_/\__/\____/\__, /  
-                              /____/   

ct/headers/termix

@@ -0,0 +1,6 @@
+  ______                    _     
+ /_  __/__  _________ ___  (_)  __
+  / / / _ \/ ___/ __ `__ \/ / |/_/
+ / / /  __/ /  / / / / / / />  <  
+/_/  \___/_/  /_/ /_/ /_/_/_/|_|  
+                                  

ct/iventoy.sh

@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.iventoy.com/en/index.html
-
-APP="iVentoy"
-var_tags="${var_tags:-pxe-tool}"
-var_disk="${var_disk:-2}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-0}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /opt/iventoy ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  msg_error "Currently we don't provide an update function for this ${APP}."
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:26000${CL}"

ct/termix.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Termix-SSH/Termix
+
+APP="Termix"
+var_tags="${var_tags:-ssh;terminal;management}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-10}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/termix ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "termix" "Termix-SSH/Termix"; then
+    msg_info "Stopping Service"
+    systemctl stop termix
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp -r /opt/termix/data /opt/termix_data_backup
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix"
+
+    msg_info "Building Frontend"
+    cd /opt/termix
+    export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+    find public/fonts -name "*.ttf" ! -name "*Regular.ttf" ! -name "*Bold.ttf" ! -name "*Italic.ttf" -delete 2>/dev/null || true
+    $STD npm install --ignore-scripts --force
+    $STD npm run build
+    msg_ok "Built Frontend"
+
+    msg_info "Building Backend"
+    $STD npm rebuild better-sqlite3 --force
+    $STD npm run build:backend
+    msg_ok "Built Backend"
+
+    msg_info "Setting up Production Dependencies"
+    $STD npm ci --only=production --ignore-scripts --force
+    $STD npm rebuild better-sqlite3 bcryptjs --force
+    $STD npm cache clean --force
+    msg_ok "Set up Production Dependencies"
+
+    msg_info "Restoring Data"
+    mkdir -p /opt/termix/data
+    cp -r /opt/termix_data_backup/. /opt/termix/data
+    rm -rf /opt/termix_data_backup
+    msg_ok "Restored Data"
+
+    msg_info "Updating Frontend Files"
+    rm -rf /opt/termix/html/*
+    cp -r /opt/termix/dist/* /opt/termix/html/ 2>/dev/null || true
+    cp -r /opt/termix/src/locales /opt/termix/html/locales 2>/dev/null || true
+    cp -r /opt/termix/public/fonts /opt/termix/html/fonts 2>/dev/null || true
+    msg_ok "Updated Frontend Files"
+
+    msg_info "Starting Service"
+    systemctl start termix
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

frontend/public/json/iventoy.json

@@ -1,40 +0,0 @@
-{
-  "name": "iVentoy",
-  "slug": "iventoy",
-  "categories": [
-    2
-  ],
-  "date_created": "2024-05-16",
-  "type": "ct",
-  "updateable": false,
-  "privileged": false,
-  "interface_port": 26000,
-  "documentation": "https://www.iventoy.com/en/doc_news.html",
-  "website": "https://www.iventoy.com/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/iventoy.webp",
-  "config_path": "",
-  "description": "iVentoy is an upgraded PXE server that allows simultaneous OS booting and installation on multiple machines via network. It is user-friendly, requiring only the placement of ISO files in a designated folder and selecting PXE boot on the client machine. iVentoy supports x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, and ARM64 UEFI modes. It is compatible with over 110 OS types, including Windows, WinPE, Linux, and VMware.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/iventoy.sh",
-      "resources": {
-        "cpu": 1,
-        "ram": 512,
-        "hdd": 2,
-        "os": "debian",
-        "version": "13"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "Container must be privileged.",
-      "type": "warning"
-    }
-  ]
-}

frontend/public/json/termix.json

@@ -0,0 +1,35 @@
+{
+  "name": "Termix",
+  "slug": "termix",
+  "categories": [
+    6
+  ],
+  "date_created": "2026-01-18",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 80,
+  "documentation": "https://docs.termix.site/",
+  "website": "https://termix.site/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/termix.webp",
+  "config_path": "",
+  "description": "Termix is an open-source, self-hosted server management platform with SSH terminal access, SSH tunneling, remote file management, Docker management, and multi-platform support.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/termix.sh",
+      "resources": {
+        "cpu": 4,
+        "ram": 4096,
+        "hdd": 10,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": []
+}

frontend/public/json/versions.json

@@ -1,9 +1,59 @@
 [
+  {
+    "name": "Kareadita/Kavita",
+    "version": "v0.8.9.1",
+    "date": "2026-01-18T23:04:08Z"
+  },
+  {
+    "name": "pelican-dev/panel",
+    "version": "v1.0.0-beta31",
+    "date": "2026-01-18T22:43:24Z"
+  },
+  {
+    "name": "pelican-dev/wings",
+    "version": "v1.0.0-beta22",
+    "date": "2026-01-18T22:38:36Z"
+  },
+  {
+    "name": "Part-DB/Part-DB-server",
+    "version": "v2.5.0",
+    "date": "2026-01-18T22:16:38Z"
+  },
+  {
+    "name": "seerr-team/seerr",
+    "version": "preview-remonitor-sonarr-episodes",
+    "date": "2026-01-18T20:33:38Z"
+  },
   {
     "name": "laurent22/joplin",
     "version": "server-v3.5.2",
     "date": "2025-12-19T21:28:55Z"
   },
+  {
+    "name": "fccview/jotty",
+    "version": "1.18.0",
+    "date": "2026-01-18T19:00:48Z"
+  },
+  {
+    "name": "Brandawg93/PeaNUT",
+    "version": "v5.21.2",
+    "date": "2026-01-18T17:32:08Z"
+  },
+  {
+    "name": "pocketbase/pocketbase",
+    "version": "v0.36.1",
+    "date": "2026-01-18T17:09:58Z"
+  },
+  {
+    "name": "pommee/goaway",
+    "version": "v0.63.5",
+    "date": "2026-01-18T13:34:16Z"
+  },
+  {
+    "name": "wger-project/wger",
+    "version": "2.4",
+    "date": "2026-01-18T12:12:02Z"
+  },
   {
     "name": "firefly-iii/firefly-iii",
     "version": "v6.4.16",
@@ -104,11 +154,6 @@
     "version": "v4.108.1",
     "date": "2026-01-17T04:09:09Z"
   },
-  {
-    "name": "seerr-team/seerr",
-    "version": "preview-axios-config",
-    "date": "2026-01-17T02:07:56Z"
-  },
   {
     "name": "ollama/ollama",
     "version": "v0.14.2",
@@ -154,11 +199,6 @@
     "version": "v1.6.7",
     "date": "2026-01-12T09:54:36Z"
   },
-  {
-    "name": "Brandawg93/PeaNUT",
-    "version": "v5.21.1",
-    "date": "2026-01-16T16:20:21Z"
-  },
   {
     "name": "TuroYT/snowshare",
     "version": "v1.2.10",
@@ -189,11 +229,6 @@
     "version": "v1.11.1",
     "date": "2026-01-16T08:27:09Z"
   },
-  {
-    "name": "pocketbase/pocketbase",
-    "version": "v0.36.0",
-    "date": "2026-01-16T04:51:49Z"
-  },
   {
     "name": "goauthentik/authentik",
     "version": "version/2025.12.1",
@@ -299,16 +334,6 @@
     "version": "v0.24.0",
     "date": "2026-01-14T21:28:09Z"
   },
-  {
-    "name": "Kareadita/Kavita",
-    "version": "v0.8.9",
-    "date": "2026-01-14T21:26:43Z"
-  },
-  {
-    "name": "fccview/jotty",
-    "version": "1.17.2",
-    "date": "2026-01-14T19:06:52Z"
-  },
   {
     "name": "NodeBB/NodeBB",
     "version": "v4.8.0",
@@ -739,11 +764,6 @@
     "version": "v5.2.0",
     "date": "2026-01-05T05:56:57Z"
   },
-  {
-    "name": "Part-DB/Part-DB-server",
-    "version": "v2.4.0",
-    "date": "2026-01-04T21:10:51Z"
-  },
   {
     "name": "actualbudget/actual",
     "version": "v26.1.0",
@@ -784,11 +804,6 @@
     "version": "2.2.2",
     "date": "2025-12-31T16:53:34Z"
   },
-  {
-    "name": "pommee/goaway",
-    "version": "v0.63.4",
-    "date": "2025-12-31T12:40:07Z"
-  },
   {
     "name": "BookStackApp/BookStack",
     "version": "v25.12.1",
@@ -929,16 +944,6 @@
     "version": "v14.3.0",
     "date": "2025-12-20T13:16:37Z"
   },
-  {
-    "name": "pelican-dev/panel",
-    "version": "v1.0.0-beta30",
-    "date": "2025-12-19T23:37:07Z"
-  },
-  {
-    "name": "pelican-dev/wings",
-    "version": "v1.0.0-beta21",
-    "date": "2025-12-19T23:04:27Z"
-  },
   {
     "name": "qdrant/qdrant",
     "version": "v1.16.3",
@@ -1629,11 +1634,6 @@
     "version": "v0.2.11",
     "date": "2025-04-12T21:13:08Z"
   },
-  {
-    "name": "wger-project/wger",
-    "version": "2.3",
-    "date": "2025-04-05T18:05:36Z"
-  },
   {
     "name": "louislam/dockge",
     "version": "1.5.0",

install/fluid-calendar-install.sh

@@ -18,31 +18,15 @@ $STD apt-get install -y zip
 msg_ok "Installed Dependencies"
 
 PG_VERSION="17" setup_postgresql
+PG_DB_NAME="fluiddb" PG_DB_USER="fluiduser" setup_postgresql_db
 NODE_VERSION="20" setup_nodejs
-
-msg_info "Setting up Postgresql Database"
-DB_NAME="fluiddb"
-DB_USER="fluiduser"
-DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)"
-NEXTAUTH_SECRET="$(openssl rand -base64 44 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
-$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
-$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
-{
-  echo "${APPLICATION} Credentials"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-  echo "Database Name: $DB_NAME"
-  echo "NextAuth Secret: $NEXTAUTH_SECRET"
-} >>~/$APPLICATION.creds
-msg_ok "Set up Postgresql Database"
-
 fetch_and_deploy_gh_release "fluid-calendar" "dotnetfactory/fluid-calendar" "tarball"
 
-msg_info "Configuring ${APPLICATION}"
+msg_info "Configuring fluid-calendar"
+NEXTAUTH_SECRET="$(openssl rand -base64 44 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
+echo "NextAuth Secret: $NEXTAUTH_SECRET" >>~/$APPLICATION.creds
 cat <<EOF >/opt/fluid-calendar/.env
-DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}"
+DATABASE_URL="postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}"
 
 # Change the URL below to your external URL
 NEXTAUTH_URL="http://localhost:3000"
@@ -61,7 +45,7 @@ $STD npm install --legacy-peer-deps
 $STD npm run prisma:generate
 $STD npx prisma migrate deploy
 $STD npm run build:os
-msg_ok "Configuring ${APPLICATION}"
+msg_ok "Configured fluid-calendar"
 
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/fluid-calendar.service
@@ -72,6 +56,7 @@ After=network.target postgresql.service
 [Service]
 Restart=always
 WorkingDirectory=/opt/fluid-calendar
+EnvironmentFile=/opt/fluid-calendar/.env
 ExecStart=/usr/bin/npm run start
 
 [Install]

install/iventoy-install.sh

@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.iventoy.com/en/index.html
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-RELEASE=$(curl -fsSL https://api.github.com/repos/ventoy/pxe/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-msg_info "Installing iVentoy v${RELEASE}"
-mkdir -p /opt/iventoy/{data,iso}
-curl -fsSL "https://github.com/ventoy/PXE/releases/download/v${RELEASE}/iventoy-${RELEASE}-linux-free.tar.gz" -o "iventoy-${RELEASE}-linux-free.tar.gz"
-tar -C /tmp -xzf iventoy*.tar.gz
-mv /tmp/iventoy*/* /opt/iventoy/
-rm -rf iventoy*.tar.gz
-msg_ok "Installed iVentoy"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/iventoy.service
-[Unit]
-Description=iVentoy PXE Booter
-Documentation=https://www.iventoy.com
-Wants=network-online.target
-[Service]
-Type=forking
-Environment=IVENTOY_API_ALL=1
-Environment=IVENTOY_AUTO_RUN=1
-Environment=LIBRARY_PATH=/opt/iventoy/lib/lin64
-Environment=LD_LIBRARY_PATH=/opt/iventoy/lib/lin64
-ExecStart=sh ./iventoy.sh -R start
-WorkingDirectory=/opt/iventoy
-Restart=on-failure
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now iventoy
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/patchmon-install.sh

@@ -98,8 +98,8 @@ msg_ok "Configured PatchMon"
 
 msg_info "Configuring Nginx"
 cat <<EOF >/etc/nginx/sites-available/patchmon.conf
-map $http_x_forwarded_proto $proxy_corrected_scheme {
-    default    $scheme; # Fallback to Nginx's actual connection scheme if no X-Forwarded-Proto header was set
+map \$http_x_forwarded_proto \$proxy_corrected_scheme {
+    default    \$scheme; # Fallback to Nginx's actual connection scheme if no X-Forwarded-Proto header was set
     https      https;   # If X-Forwarded-Proto is 'https', use 'https'
     http       http;    # If X-Forwarded-Proto is 'http', use 'http'
 }

install/termix-install.sh

@@ -0,0 +1,258 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Termix-SSH/Termix
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  python3 \
+  nginx \
+  openssl \
+  gettext-base
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="22" setup_nodejs
+fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix"
+
+msg_info "Building Frontend"
+cd /opt/termix
+export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+find public/fonts -name "*.ttf" ! -name "*Regular.ttf" ! -name "*Bold.ttf" ! -name "*Italic.ttf" -delete 2>/dev/null || true
+$STD npm install --ignore-scripts --force
+$STD npm cache clean --force
+$STD npm run build
+msg_ok "Built Frontend"
+
+msg_info "Building Backend"
+$STD npm rebuild better-sqlite3 --force
+$STD npm run build:backend
+msg_ok "Built Backend"
+
+msg_info "Setting up Node Dependencies"
+cd /opt/termix
+$STD npm ci --only=production --ignore-scripts --force
+$STD npm rebuild better-sqlite3 bcryptjs --force
+$STD npm cache clean --force
+msg_ok "Set up Node Dependencies"
+
+msg_info "Setting up Directories"
+mkdir -p /opt/termix/data \
+  /opt/termix/uploads \
+  /opt/termix/html \
+  /opt/termix/nginx \
+  /opt/termix/nginx/logs \
+  /opt/termix/nginx/cache \
+  /opt/termix/nginx/client_body
+
+cp -r /opt/termix/dist/* /opt/termix/html/ 2>/dev/null || true
+cp -r /opt/termix/src/locales /opt/termix/html/locales 2>/dev/null || true
+cp -r /opt/termix/public/fonts /opt/termix/html/fonts 2>/dev/null || true
+msg_ok "Set up Directories"
+
+msg_info "Configuring Nginx"
+cat <<'EOF' >/etc/nginx/sites-available/termix.conf
+error_log /opt/termix/nginx/logs/error.log warn;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    access_log /opt/termix/nginx/logs/access.log;
+
+    client_body_temp_path /opt/termix/nginx/client_body;
+    proxy_temp_path /opt/termix/nginx/proxy_temp;
+
+    sendfile on;
+    keepalive_timeout 65;
+    client_header_timeout 300s;
+
+    server {
+        listen 80;
+        server_name _;
+
+        add_header X-Content-Type-Options nosniff always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+            root /opt/termix/html;
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+            try_files $uri =404;
+        }
+
+        location / {
+            root /opt/termix/html;
+            index index.html;
+            try_files $uri $uri/ /index.html;
+        }
+
+        location ~ ^/users(/.*)?$ {
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        location ~ ^/(version|releases|alerts|rbac|credentials|snippets|terminal|encryption)(/.*)?$ {
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        location ~ ^/(database|db)(/.*)?$ {
+            client_max_body_size 5G;
+            client_body_timeout 300s;
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 300s;
+            proxy_read_timeout 300s;
+            proxy_request_buffering off;
+            proxy_buffering off;
+        }
+
+        location /ssh/ {
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location /ssh/websocket/ {
+            proxy_pass http://127.0.0.1:30002/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_read_timeout 86400s;
+            proxy_send_timeout 86400s;
+            proxy_buffering off;
+            proxy_request_buffering off;
+        }
+
+        location /ssh/tunnel/ {
+            proxy_pass http://127.0.0.1:30003;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location /ssh/file_manager/ssh/ {
+            client_max_body_size 5G;
+            client_body_timeout 300s;
+            proxy_pass http://127.0.0.1:30004;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 300s;
+            proxy_read_timeout 300s;
+            proxy_request_buffering off;
+            proxy_buffering off;
+        }
+
+        location ~ ^/ssh/file_manager/(recent|pinned|shortcuts)$ {
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location /health {
+            proxy_pass http://127.0.0.1:30001;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+        }
+
+        location ~ ^/(status|metrics)(/.*)?$ {
+            proxy_pass http://127.0.0.1:30005;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location ~ ^/(uptime|activity)(/.*)?$ {
+            proxy_pass http://127.0.0.1:30006;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location ^~ /docker/console/ {
+            proxy_pass http://127.0.0.1:30008/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_read_timeout 86400s;
+            proxy_send_timeout 86400s;
+            proxy_buffering off;
+            proxy_request_buffering off;
+        }
+
+        location ~ ^/docker(/.*)?$ {
+            proxy_pass http://127.0.0.1:30007;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 300s;
+            proxy_read_timeout 300s;
+        }
+    }
+}
+EOF
+rm -f /etc/nginx/sites-enabled/default
+rm -f /etc/nginx/nginx.conf
+ln -sf /etc/nginx/sites-available/termix.conf /etc/nginx/nginx.conf
+systemctl reload nginx
+msg_ok "Configured Nginx"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/termix.service
+[Unit]
+Description=Termix Backend
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/termix
+Environment=NODE_ENV=production
+Environment=DATA_DIR=/opt/termix/data
+ExecStart=/usr/bin/node /opt/termix/dist/backend/backend/starter.js
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now termix
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

misc/build.func

@@ -582,7 +582,22 @@ base_settings() {
   CORE_COUNT="${final_cpu}"
   RAM_SIZE="${final_ram}"
   VERBOSE=${var_verbose:-"${1:-no}"}
-  PW=${var_pw:-""}
+  PW=""
+  if [[ -n "${var_pw:-}" ]]; then
+    local _pw_raw="${var_pw}"
+    case "$_pw_raw" in
+    --password\ *) _pw_raw="${_pw_raw#--password }" ;;
+    -password\ *) _pw_raw="${_pw_raw#-password }" ;;
+    esac
+    while [[ "$_pw_raw" == -* ]]; do
+      _pw_raw="${_pw_raw#-}"
+    done
+    if [[ -z "$_pw_raw" ]]; then
+      msg_warn "Password was only dashes after cleanup; leaving empty."
+    else
+      PW="--password $_pw_raw"
+    fi
+  fi
 
   # Validate and set Container ID
   local requested_id="${var_ctid:-$NEXTID}"
@@ -1392,17 +1407,30 @@ advanced_settings() {
           ((STEP++))
         elif [[ "$PW1" == *" "* ]]; then
           whiptail --msgbox "Password cannot contain spaces." 8 58
-        elif ((${#PW1} < 5)); then
-          whiptail --msgbox "Password must be at least 5 characters." 8 58
         else
+          local _pw1_clean="$PW1"
+          while [[ "$_pw1_clean" == -* ]]; do
+            _pw1_clean="${_pw1_clean#-}"
+          done
+          if [[ -z "$_pw1_clean" ]]; then
+            whiptail --msgbox "Password cannot be only '-' characters." 8 58
+            continue
+          elif ((${#_pw1_clean} < 5)); then
+            whiptail --msgbox "Password must be at least 5 characters (after removing leading '-')." 8 70
+            continue
+          fi
           # Verify password
           if PW2=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
             --title "PASSWORD VERIFICATION" \
             --ok-button "Confirm" --cancel-button "Back" \
             --passwordbox "\nVerify Root Password" 10 58 \
             3>&1 1>&2 2>&3); then
-            if [[ "$PW1" == "$PW2" ]]; then
-              _pw="-password $PW1"
+            local _pw2_clean="$PW2"
+            while [[ "$_pw2_clean" == -* ]]; do
+              _pw2_clean="${_pw2_clean#-}"
+            done
+            if [[ "$_pw1_clean" == "$_pw2_clean" ]]; then
+              _pw="--password $_pw1_clean"
               _pw_display="********"
               ((STEP++))
             else