From ecb27521b411339d7cf9e9652d37b3e8174ed26c Mon Sep 17 00:00:00 2001
From: Stefano Badoino <16034687+SBado@users.noreply.github.com>
Date: Wed, 23 Feb 2022 11:32:39 +0100
Subject: [PATCH 01/13] PROXY Protocol support implementation

---
 backend/internal/nginx.js                     |  3 +-
 .../20220209144645_proxy_protocol.js          | 36 +++++++++++++++++++
 backend/schema/endpoints/proxy-hosts.json     | 28 +++++++++++++++
 backend/templates/_listen.conf                | 20 ++++++++---
 backend/templates/_proxy_protocol.conf        |  6 ++++
 backend/templates/proxy_host.conf             |  1 +
 frontend/js/app/nginx/proxy/form.ejs          | 17 ++++++++-
 frontend/js/app/nginx/proxy/form.js           | 14 +++++++-
 frontend/js/i18n/messages.json                |  4 ++-
 frontend/js/models/proxy-host.js              |  2 ++
 10 files changed, 122 insertions(+), 9 deletions(-)
 create mode 100644 backend/migrations/20220209144645_proxy_protocol.js
 create mode 100644 backend/templates/_proxy_protocol.conf

diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js
index 52bdd66dcc..0291dfda6d 100644
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@@ -157,7 +157,8 @@ const internalNginx = {
 				for (let i = 0; i < host.locations.length; i++) {
 					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, 
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
-						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
+						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol},
+						{load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
 			
diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
new file mode 100644
index 0000000000..8c80991288
--- /dev/null
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -0,0 +1,36 @@
+const migrate_name = 'proxy_protocol';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex, Promise) {
+	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+	return Promise.resolve(true);
+};
\ No newline at end of file
diff --git a/backend/schema/endpoints/proxy-hosts.json b/backend/schema/endpoints/proxy-hosts.json
index 9a3fff2fc7..27a8ec2ab0 100644
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@@ -58,6 +58,16 @@
       "example": true,
       "type": "boolean"
     },
+    "enable_proxy_protocol": {
+      "description": "Enable PROXY Protocol support",
+      "example": true,
+      "type": "boolean"
+    },
+    "load_balancer_ip": {
+      "type": "string",
+      "minLength": 0,
+      "maxLength": 255
+    },
     "access_list_id": {
       "$ref": "../definitions.json#/definitions/access_list_id"
     },
@@ -155,6 +165,12 @@
     "allow_websocket_upgrade": {
       "$ref": "#/definitions/allow_websocket_upgrade"
     },
+    "enable_proxy_protocol": {
+      "$ref": "#/definitions/enable_proxy_protocol"
+    },
+    "load_balancer_ip": {
+      "$ref": "#/definitions/load_balancer_ip"
+    },
     "access_list_id": {
       "$ref": "#/definitions/access_list_id"
     },
@@ -245,6 +261,12 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
+          "enable_proxy_protocol": {
+            "$ref": "#/definitions/enable_proxy_protocol"
+          },
+          "load_balancer_ip": {
+            "$ref": "#/definitions/load_balancer_ip"
+          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
@@ -318,6 +340,12 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
+          "enable_proxy_protocol": {
+            "$ref": "#/definitions/enable_proxy_protocol"
+          },
+          "load_balancer_ip": {
+            "$ref": "#/definitions/load_balancer_ip"
+          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index 730f3a7c4d..15f0c86592 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,15 +1,25 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 88 proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:88 proxy_protocol;
+{% endif %}  
+{% else -%}
   listen 80;
 {% if ipv6 -%}
   listen [::]:80;
-{% else -%}
-  #listen [::]:80;
+{% endif %}   
 {% endif %}
 {% if certificate -%}
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% endif %}
+{% else -%}
   listen 443 ssl{% if http2_support %} http2{% endif %};
 {% if ipv6 -%}
   listen [::]:443 ssl{% if http2_support %} http2{% endif %};
-{% else -%}
-  #listen [::]:443;
 {% endif %}
 {% endif %}
-  server_name {{ domain_names | join: " " }};
+{% endif %}
+  server_name {{ domain_names | join: " " }};
\ No newline at end of file
diff --git a/backend/templates/_proxy_protocol.conf b/backend/templates/_proxy_protocol.conf
new file mode 100644
index 0000000000..fa81494b72
--- /dev/null
+++ b/backend/templates/_proxy_protocol.conf
@@ -0,0 +1,6 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
+{% if load_balancer_ip != '' %}
+  set_real_ip_from {{ load_balancer_ip }};
+  real_ip_header proxy_protocol;
+{% endif %}
+{% endif %}
\ No newline at end of file
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
index ec30cca0da..d733c853a1 100644
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -12,6 +12,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
+{% include "_proxy_protocol.conf" %}
 
 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;
diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs
index 56868f5528..9c30f13c49 100644
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,21 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('proxy-hosts', 'load-balancer-ip') %>  <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
+                                <input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js
index 1dfb5c1891..5ffd145a02 100644
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@@ -43,7 +43,9 @@ module.exports = Mn.View.extend({
         dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
         propagation_seconds:      'input[name="meta[propagation_seconds]"]',
         forward_scheme:           'select[name="forward_scheme"]',
-        letsencrypt:              '.letsencrypt'
+        letsencrypt:              '.letsencrypt',
+        enable_proxy_protocol:    'input[name="enable_proxy_protocol"]',
+        load_balancer_ip:         'input[name="load_balancer_ip"]'
     },
 
     regions: {
@@ -51,6 +53,14 @@ module.exports = Mn.View.extend({
     },
 
     events: {
+        'change @ui.enable_proxy_protocol': function () {
+            let checked = this.ui.enable_proxy_protocol.prop('checked');
+            this.ui.load_balancer_ip
+                .prop('disabled', !checked)
+                .parents('.form-group')
+                .css('opacity', checked ? 1 : 0.5);
+        },
+
         'change @ui.certificate_select': function () {
             let id = this.ui.certificate_select.val();
             if (id === 'new') {
@@ -163,6 +173,7 @@ module.exports = Mn.View.extend({
             data.block_exploits          = !!data.block_exploits;
             data.caching_enabled         = !!data.caching_enabled;
             data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
+            data.enable_proxy_protocol   = !!data.enable_proxy_protocol;
             data.http2_support           = !!data.http2_support;
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
@@ -264,6 +275,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
+        this.ui.enable_proxy_protocol.trigger('change');
         this.ui.ssl_forced.trigger('change');
         this.ui.hsts_enabled.trigger('change');
 
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
index 896a9633de..1aaa3ac7af 100644
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@@ -133,7 +133,9 @@
       "allow-websocket-upgrade": "Websockets Support",
       "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
       "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path",
-      "search": "Search Host…"
+      "search": "Search Host…",
+      "enable-proxy-protocol": "Enable PROXY Protocol",
+      "load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range "
     },
     "redirection-hosts": {
       "title": "Redirection Hosts",
diff --git a/frontend/js/models/proxy-host.js b/frontend/js/models/proxy-host.js
index b82d09fef3..b1a80f5411 100644
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@@ -19,6 +19,8 @@ const model = Backbone.Model.extend({
             hsts_subdomains:         false,
             caching_enabled:         false,
             allow_websocket_upgrade: false,
+            enable_proxy_protocol:   false,
+            load_balancer_ip:        '',
             block_exploits:          false,
             http2_support:           false,
             advanced_config:         '',

From 5e733614da09af39479eb30a711da22d748ebc8a Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Mon, 28 Apr 2025 23:52:48 -0400
Subject: [PATCH 02/13] bump build

---
 backend/migrations/20220209144645_proxy_protocol.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index 8c80991288..f8a1710ed3 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -16,10 +16,9 @@ exports.up = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
 		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
-	})
-		.then(() => {
-			logger.info('[' + migrate_name + '] proxy_host Table altered');
-		});
+	}).then(() => {
+		logger.info('[' + migrate_name + '] proxy_host Table altered');
+	});
 
 };
 
@@ -33,4 +32,4 @@ exports.up = function (knex/*, Promise*/) {
 exports.down = function (knex, Promise) {
 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
 	return Promise.resolve(true);
-};
\ No newline at end of file
+};

From cf4965c03e0146cfa26cc02c987046291ae9593f Mon Sep 17 00:00:00 2001
From: Vadim Isakov <43072246+Iaotle@users.noreply.github.com>
Date: Tue, 1 Jul 2025 09:13:51 +0200
Subject: [PATCH 03/13] Update proxy_host.js

---
 backend/models/proxy_host.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/models/proxy_host.js b/backend/models/proxy_host.js
index 07aa5dd3c8..87ce178260 100644
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'enable_proxy_protocol'
 ];
 
 class ProxyHost extends Model {

From 1e080c2ac62cba0faa61e261a92ad3ff68043821 Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Fri, 25 Jul 2025 15:53:18 -0400
Subject: [PATCH 04/13] enable standard ports when proxy protocol is enabled

---
 backend/templates/_listen.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index 380f503f13..d75bb34def 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,25 +1,29 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
   listen 88 proxy_protocol;
+  listen 80;
 {% if ipv6 -%}
   listen [::]:88 proxy_protocol;
-{% endif %}  
+  listen [::]:80;
+{% endif %}
 {% else -%}
   listen 80;
 {% if ipv6 -%}
   listen [::]:80;
-{% endif %}   
+{% endif %}
 {% endif %}
 {% if certificate -%}
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
   listen 444 ssl proxy_protocol;
+  listen 443 ssl;
 {% if ipv6 -%}
   listen [::]:444 ssl proxy_protocol;
-{% endif %}  
+  listen [::]:443 ssl;
+{% endif %}
 {% else -%}
   listen 443 ssl;
 {% if ipv6 -%}
   listen [::]:443 ssl;
-{% endif %}   
+{% endif %}
 {% endif %}
 {% else %}
   #listen [::]:443;

From 5d14b744d6a83e474e909bb29cbc51c940aa162e Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Fri, 25 Jul 2025 15:56:50 -0400
Subject: [PATCH 05/13] always enable real ip proxy protocol if enabled

---
 backend/templates/_proxy_protocol.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/templates/_proxy_protocol.conf b/backend/templates/_proxy_protocol.conf
index fa81494b72..acba5e13b3 100644
--- a/backend/templates/_proxy_protocol.conf
+++ b/backend/templates/_proxy_protocol.conf
@@ -1,6 +1,6 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
 {% if load_balancer_ip != '' %}
   set_real_ip_from {{ load_balancer_ip }};
-  real_ip_header proxy_protocol;
 {% endif %}
-{% endif %}
\ No newline at end of file
+real_ip_header proxy_protocol;
+{% endif %}

From aa8ac9b88ddd939ef2076d7663c2a14c05a6ddb2 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:16:46 -0700
Subject: [PATCH 06/13] Fix migration script

---
 backend/migrations/20220209144645_proxy_protocol.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index f8a1710ed3..d27f9fe1d1 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -1,5 +1,5 @@
 const migrate_name = 'proxy_protocol';
-const logger       = require('../logger').migrate;
+import { migrate as logger } from "../logger.js";
 
 /**
  * Migrate
@@ -10,7 +10,7 @@ const logger       = require('../logger').migrate;
  * @param   {Promise} Promise
  * @returns {Promise}
  */
-exports.up = function (knex/*, Promise*/) {
+const up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 
 	return knex.schema.table('proxy_host', function (proxy_host) {
@@ -29,7 +29,9 @@ exports.up = function (knex/*, Promise*/) {
  * @param   {Promise} Promise
  * @returns {Promise}
  */
-exports.down = function (knex, Promise) {
+const down = function (knex, Promise) {
 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
 	return Promise.resolve(true);
 };
+
+export { up, down };

From c9c9b0beea8ebdfadbcdd856e36775a68809e9bc Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:17:18 -0700
Subject: [PATCH 07/13] Sorted lang files

---
 frontend/src/locale/src/bg.json | 12 ++++++------
 frontend/src/locale/src/cs.json | 12 ++++++------
 frontend/src/locale/src/de.json | 12 ++++++------
 frontend/src/locale/src/en.json | 12 ++++++------
 frontend/src/locale/src/es.json | 12 ++++++------
 frontend/src/locale/src/et.json | 12 ++++++------
 frontend/src/locale/src/fr.json | 12 ++++++------
 frontend/src/locale/src/ga.json | 12 ++++++------
 frontend/src/locale/src/hu.json | 12 ++++++------
 frontend/src/locale/src/id.json | 12 ++++++------
 frontend/src/locale/src/it.json | 12 ++++++------
 frontend/src/locale/src/ja.json | 12 ++++++------
 frontend/src/locale/src/ko.json | 12 ++++++------
 frontend/src/locale/src/nl.json | 12 ++++++------
 frontend/src/locale/src/no.json | 12 ++++++------
 frontend/src/locale/src/pl.json | 12 ++++++------
 frontend/src/locale/src/pt.json | 12 ++++++------
 frontend/src/locale/src/ru.json | 12 ++++++------
 frontend/src/locale/src/sk.json | 12 ++++++------
 frontend/src/locale/src/tr.json | 12 ++++++------
 frontend/src/locale/src/vi.json | 12 ++++++------
 frontend/src/locale/src/zh.json | 12 ++++++------
 22 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/frontend/src/locale/src/bg.json b/frontend/src/locale/src/bg.json
index 466bca77a0..8e03e0e926 100644
--- a/frontend/src/locale/src/bg.json
+++ b/frontend/src/locale/src/bg.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Кеширане на ресурси"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Запазване на пътя"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Поддръжка на WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Порт"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Схема"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Хостове"
 	},
diff --git a/frontend/src/locale/src/cs.json b/frontend/src/locale/src/cs.json
index 4fbbb76fc5..f935fbb58a 100644
--- a/frontend/src/locale/src/cs.json
+++ b/frontend/src/locale/src/cs.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Uložit zdroje do mezipaměti"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachovat cestu"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Podpora WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port přesměrování"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hostitelé"
 	},
diff --git a/frontend/src/locale/src/de.json b/frontend/src/locale/src/de.json
index 5ced3be500..0905c8dc9f 100644
--- a/frontend/src/locale/src/de.json
+++ b/frontend/src/locale/src/de.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pfad beibehalten"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/en.json b/frontend/src/locale/src/en.json
index 742f97bb00..cb3a642d6c 100644
--- a/frontend/src/locale/src/en.json
+++ b/frontend/src/locale/src/en.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserve Path"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/es.json b/frontend/src/locale/src/es.json
index 7463d76102..04b62cc2a4 100644
--- a/frontend/src/locale/src/es.json
+++ b/frontend/src/locale/src/es.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cachear Recursos"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preservar Ruta"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Soporte de Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Puerto"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Esquema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/et.json b/frontend/src/locale/src/et.json
index 742f97bb00..cb3a642d6c 100644
--- a/frontend/src/locale/src/et.json
+++ b/frontend/src/locale/src/et.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserve Path"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/fr.json b/frontend/src/locale/src/fr.json
index 5e6d34e48e..a35d30cba0 100644
--- a/frontend/src/locale/src/fr.json
+++ b/frontend/src/locale/src/fr.json
@@ -338,6 +338,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Ressources du cache"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Préserver le chemin"
 	},
@@ -347,18 +350,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Prise en charge de Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port de redirection"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hôtes"
 	},
diff --git a/frontend/src/locale/src/ga.json b/frontend/src/locale/src/ga.json
index 858c82ddc5..700b3877ea 100644
--- a/frontend/src/locale/src/ga.json
+++ b/frontend/src/locale/src/ga.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Sócmhainní Taisce"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Cosán a Chaomhnú"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Tacaíocht Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port Ar Aghaidh"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scéim"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Óstaigh"
 	},
diff --git a/frontend/src/locale/src/hu.json b/frontend/src/locale/src/hu.json
index 57511f8086..a53d5e89f9 100644
--- a/frontend/src/locale/src/hu.json
+++ b/frontend/src/locale/src/hu.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Erőforrások gyorsítótárazása"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Útvonal megőrzése"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets támogatás"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Továbbító port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Séma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Kiszolgálók"
 	},
diff --git a/frontend/src/locale/src/id.json b/frontend/src/locale/src/id.json
index 814246e80a..7e39faaab9 100644
--- a/frontend/src/locale/src/id.json
+++ b/frontend/src/locale/src/id.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Aset"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pertahankan Path"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Dukungan Websocket"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port Terusan"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Skema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host"
 	},
diff --git a/frontend/src/locale/src/it.json b/frontend/src/locale/src/it.json
index 9e8bbd5b5a..bffdb5a3e3 100644
--- a/frontend/src/locale/src/it.json
+++ b/frontend/src/locale/src/it.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache degli Asset"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserva Percorso"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Supporto WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Porta di Destinazione"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host"
 	},
diff --git a/frontend/src/locale/src/ja.json b/frontend/src/locale/src/ja.json
index 6191c4b474..18ff154936 100644
--- a/frontend/src/locale/src/ja.json
+++ b/frontend/src/locale/src/ja.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "アセットをキャッシュする"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "パスワードは一致する必要があります"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websocketsサポート"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "転送ポート"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "スキーム"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "ホスト"
 	},
diff --git a/frontend/src/locale/src/ko.json b/frontend/src/locale/src/ko.json
index 52ae4af196..811614a728 100644
--- a/frontend/src/locale/src/ko.json
+++ b/frontend/src/locale/src/ko.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "정적 에셋 캐싱"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "요청 경로 유지"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "웹소켓 지원"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "전달할 포트"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "프로토콜"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "호스트 목록"
 	},
diff --git a/frontend/src/locale/src/nl.json b/frontend/src/locale/src/nl.json
index 467c3673a2..a90e88ce4a 100644
--- a/frontend/src/locale/src/nl.json
+++ b/frontend/src/locale/src/nl.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pad Behouden"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Ondersteuning"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Poort Doorsturen"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/no.json b/frontend/src/locale/src/no.json
index ac2c505ec2..c819db8760 100644
--- a/frontend/src/locale/src/no.json
+++ b/frontend/src/locale/src/no.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Mellomlagre ressurser"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Behold sti"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets-støtte"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Viderekoble Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Skjema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Vertsnavn"
 	},
diff --git a/frontend/src/locale/src/pl.json b/frontend/src/locale/src/pl.json
index 364586c2e9..71e6bd95b7 100644
--- a/frontend/src/locale/src/pl.json
+++ b/frontend/src/locale/src/pl.json
@@ -356,6 +356,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Buforuj zasoby statyczne (ang. cache)"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachowaj ścieżkę"
 	},
@@ -365,18 +368,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Obsługa WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port docelowy"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schemat"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosty"
 	},
diff --git a/frontend/src/locale/src/pt.json b/frontend/src/locale/src/pt.json
index c91b3cb70d..d607633861 100644
--- a/frontend/src/locale/src/pt.json
+++ b/frontend/src/locale/src/pt.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache de Conteúdos Estáticos"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preservar Caminho"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Suporte para WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Porta de Encaminhamento"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Esquema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/ru.json b/frontend/src/locale/src/ru.json
index 06487e64d1..97582ec955 100644
--- a/frontend/src/locale/src/ru.json
+++ b/frontend/src/locale/src/ru.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Кэшировать ресурсы"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Сохранять путь"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Поддержка WebSocket"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Порт перенаправления"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Схема"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Хосты"
 	},
diff --git a/frontend/src/locale/src/sk.json b/frontend/src/locale/src/sk.json
index 929e485374..5d91bec89c 100644
--- a/frontend/src/locale/src/sk.json
+++ b/frontend/src/locale/src/sk.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Uložiť zdroje do vyrovnávacej pamäte"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachovať cestu"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Podpora WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port presmerovania"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hostitelia"
 	},
diff --git a/frontend/src/locale/src/tr.json b/frontend/src/locale/src/tr.json
index 9d0394f87f..b7dc4890e0 100644
--- a/frontend/src/locale/src/tr.json
+++ b/frontend/src/locale/src/tr.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Varlıkları Önbelleğe Al"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Yolu Koru"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Desteği"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "İletme Portu"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Şema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host'lar"
 	},
diff --git a/frontend/src/locale/src/vi.json b/frontend/src/locale/src/vi.json
index b0b06270c6..2e498f7c69 100644
--- a/frontend/src/locale/src/vi.json
+++ b/frontend/src/locale/src/vi.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache tài nguyên"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Bảo toàn đường dẫn"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Hỗ trợ Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Chuyển tiếp cổng"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Máy chủ"
 	},
diff --git a/frontend/src/locale/src/zh.json b/frontend/src/locale/src/zh.json
index 13bd14c85b..7431a9f89a 100644
--- a/frontend/src/locale/src/zh.json
+++ b/frontend/src/locale/src/zh.json
@@ -356,6 +356,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "缓存资源"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "保留路径"
 	},
@@ -365,18 +368,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets 支持"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "转发端口"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "协议"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "主机列表"
 	},

From 24bdb5de4e9f117fdae14eba784e0e73457ee6f0 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:17:29 -0700
Subject: [PATCH 08/13] Fix comments

---
 frontend/src/modals/ProxyHostModal.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/modals/ProxyHostModal.tsx b/frontend/src/modals/ProxyHostModal.tsx
index 1c2a74c6e8..2c77dad1f1 100644
--- a/frontend/src/modals/ProxyHostModal.tsx
+++ b/frontend/src/modals/ProxyHostModal.tsx
@@ -351,7 +351,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																		)}
 																	</Field>
 																</span>
-																<!-- <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span> -->
+																{/* <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span> */}
 															</label>
 														</div>
 														<div>
@@ -360,7 +360,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																	<div className="mb-3">
 																		<label className="form-label" htmlFor="loadBalancerIp">
 																			<T id="host.load-balancer-ip" />
-																			<!-- <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a> -->
+																			{/* <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a> */}
 																		</label>
 																		<input
 																			id="loadBalancerIp"

From 5ec08cf632fdbac67f013153997b4412317dba21 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:34:00 -0700
Subject: [PATCH 09/13] Fill out missing schema

---
 backend/schema/components/proxy-host-object.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/schema/components/proxy-host-object.json b/backend/schema/components/proxy-host-object.json
index 2b281e20fa..61e943a4f6 100644
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -92,9 +92,11 @@
 			"type": "boolean"
 		},
 		"load_balancer_ip": {
+			"description": "Load balancer or TCP proxy IP / CIDR range",
 			"type": "string",
 			"minLength": 0,
-			"maxLength": 255
+			"maxLength": 255,
+			"example": "10.0.9.3"
 		},
 		"http2_support": {
 			"$ref": "../common.json#/properties/http2_support"

From 49bb74366cf8658b982288f518da6cc8c8136f2e Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:34:10 -0700
Subject: [PATCH 10/13] Add PROXY protocol ports

---
 docker/docker-compose.dev.yml |  2 ++
 scripts/start-dev             | 11 ++++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 4d519f8acd..8c316ac513 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -9,7 +9,9 @@ services:
     ports:
       - 3080:80
       - 3081:81
+      - 3088:88
       - 3443:443
+      - 3444:444
     networks:
       nginx_proxy_manager:
         aliases:
diff --git a/scripts/start-dev b/scripts/start-dev
index c561ac9adf..0652bddc1f 100755
--- a/scripts/start-dev
+++ b/scripts/start-dev
@@ -45,9 +45,14 @@ if hash docker 2>/dev/null; then
 	bash "$DIR/wait-healthy" "$(docker compose ps --all -q fullstack)" 120
 
 	echo ""
-	echo -e "${CYAN}Admin UI:     http://127.0.0.1:3081${RESET}"
-	echo -e "${CYAN}Nginx:        http://127.0.0.1:3080${RESET}"
-	echo -e "${CYAN}Swagger Doc:  http://127.0.0.1:3001${RESET}"
+	echo -e "${CYAN}Admin UI:      http://127.0.0.1:3081${RESET}"
+	echo -e "${CYAN}Nginx (HTTP):  http://127.0.0.1:3080${RESET}"
+	echo -e "${CYAN}Nginx (HTTPS): http://127.0.0.1:3443${RESET}"
+	echo -e "${CYAN}Swagger Doc:   http://127.0.0.1:3001${RESET}"
+	echo -e
+	echo -e "${CYAN}PROXY protocol:${RESET}"
+	echo -e "${CYAN}Nginx (HTTP):  http://127.0.0.1:3088${RESET}"
+	echo -e "${CYAN}Nginx (HTTPS): http://127.0.0.1:3444${RESET}"
 	echo ""
 
 	if [ "$1" == "-f" ]; then

From d9990df2ae3d637f9a4850bbedb25a552ab424a2 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 05:06:14 -0700
Subject: [PATCH 11/13] conditionally require and disable the load balancer ip

---
 frontend/src/modals/ProxyHostModal.tsx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/frontend/src/modals/ProxyHostModal.tsx b/frontend/src/modals/ProxyHostModal.tsx
index 2c77dad1f1..f110c737e5 100644
--- a/frontend/src/modals/ProxyHostModal.tsx
+++ b/frontend/src/modals/ProxyHostModal.tsx
@@ -355,7 +355,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 															</label>
 														</div>
 														<div>
-															<Field name="loadBalancerIp" validate={validateString(1, 255)}>
+															<Field name="loadBalancerIp">
 																{({ field, form }: any) => (
 																	<div className="mb-3">
 																		<label className="form-label" htmlFor="loadBalancerIp">
@@ -365,9 +365,10 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																		<input
 																			id="loadBalancerIp"
 																			type="text"
-																			className={`form-control ${form.errors.loadBalancerIp && form.touched.loadBalancerIp ? "is-invalid" : ""}`}
-																			required
+																			className={`form-control ${form.errors.loadBalancerIp && form.touched.loadBalancerIp ? "is-invalid" : ""} ${form.values.enableProxyProtocol ? "" : "disabled"}`}
+																			required={form.values.enableProxyProtocol}
 																			placeholder="example.com"
+																			disabled={!form.values.enableProxyProtocol}
 																			{...field}
 																		/>
 																		{form.errors.loadBalancerIp ? (

From 6618f15558cfd3d1798be12c527a63e3f6cd24ba Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 06:51:51 -0700
Subject: [PATCH 12/13] Fix lint errors

---
 .../migrations/20220209144645_proxy_protocol.js    | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index d27f9fe1d1..1f30054e09 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -7,17 +7,16 @@ import { migrate as logger } from "../logger.js";
  * @see http://knexjs.org/#Schema
  *
  * @param   {Object}  knex
- * @param   {Promise} Promise
  * @returns {Promise}
  */
-const up = function (knex/*, Promise*/) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
+const up = (knex) => {
+	logger.info(`[${migrate_name}] Migrating Up...`);
 
-	return knex.schema.table('proxy_host', function (proxy_host) {
+	return knex.schema.table('proxy_host', (proxy_host) => {
 		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
 		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
 	}).then(() => {
-		logger.info('[' + migrate_name + '] proxy_host Table altered');
+		logger.info(`[${migrate_name}] proxy_host Table altered`);
 	});
 
 };
@@ -26,11 +25,10 @@ const up = function (knex/*, Promise*/) {
  * Undo Migrate
  *
  * @param   {Object}  knex
- * @param   {Promise} Promise
  * @returns {Promise}
  */
-const down = function (knex, Promise) {
-	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+const down = (_knex) => {
+	logger.warn(`[${migrate_name}] You can't migrate down this one.`);
 	return Promise.resolve(true);
 };
 

From 857a35ea64a8ed295f809376fe3f8fe901394e30 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 01:49:42 -0700
Subject: [PATCH 13/13] Implement down migration and standardize on double
 quotes

Make the variable name a little more generic
---
 .../20220209144645_proxy_protocol.js          | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index 1f30054e09..8113c4eb95 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -1,4 +1,4 @@
-const migrate_name = 'proxy_protocol';
+const migrate_name = "proxy_protocol";
 import { migrate as logger } from "../logger.js";
 
 /**
@@ -12,13 +12,12 @@ import { migrate as logger } from "../logger.js";
 const up = (knex) => {
 	logger.info(`[${migrate_name}] Migrating Up...`);
 
-	return knex.schema.table('proxy_host', (proxy_host) => {
-		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
-		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	return knex.schema.table("proxy_host", (table) => {
+		table.integer("enable_proxy_protocol").notNull().unsigned().defaultTo(0);
+		table.string("load_balancer_ip").notNull().defaultTo("");
 	}).then(() => {
 		logger.info(`[${migrate_name}] proxy_host Table altered`);
 	});
-
 };
 
 /**
@@ -28,8 +27,15 @@ const up = (knex) => {
  * @returns {Promise}
  */
 const down = (_knex) => {
-	logger.warn(`[${migrate_name}] You can't migrate down this one.`);
-	return Promise.resolve(true);
+	logger.info(`[${migrateName}] Migrating Down...`);
+
+	return knex.schema.table("proxy_host", (table) => {
+		table.dropColumn("enable_proxy_protocol");
+		table.dropColumn("load_balancer_ip");
+	})
+	.then(() => {
+		logger.info(`[${migrateName}] proxy_host Table altered`);
+	});
 };
 
 export { up, down };