From ecb27521b411339d7cf9e9652d37b3e8174ed26c Mon Sep 17 00:00:00 2001
From: Stefano Badoino <16034687+SBado@users.noreply.github.com>
Date: Wed, 23 Feb 2022 11:32:39 +0100
Subject: [PATCH 01/24] PROXY Protocol support implementation

---
 backend/internal/nginx.js                     |  3 +-
 .../20220209144645_proxy_protocol.js          | 36 +++++++++++++++++++
 backend/schema/endpoints/proxy-hosts.json     | 28 +++++++++++++++
 backend/templates/_listen.conf                | 20 ++++++++---
 backend/templates/_proxy_protocol.conf        |  6 ++++
 backend/templates/proxy_host.conf             |  1 +
 frontend/js/app/nginx/proxy/form.ejs          | 17 ++++++++-
 frontend/js/app/nginx/proxy/form.js           | 14 +++++++-
 frontend/js/i18n/messages.json                |  4 ++-
 frontend/js/models/proxy-host.js              |  2 ++
 10 files changed, 122 insertions(+), 9 deletions(-)
 create mode 100644 backend/migrations/20220209144645_proxy_protocol.js
 create mode 100644 backend/templates/_proxy_protocol.conf

diff --git a/backend/internal/nginx.js b/backend/internal/nginx.js
index 52bdd66dcc..0291dfda6d 100644
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@@ -157,7 +157,8 @@ const internalNginx = {
 				for (let i = 0; i < host.locations.length; i++) {
 					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, 
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
-						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
+						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol},
+						{load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
 			
diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
new file mode 100644
index 0000000000..8c80991288
--- /dev/null
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -0,0 +1,36 @@
+const migrate_name = 'proxy_protocol';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
+		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex, Promise) {
+	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+	return Promise.resolve(true);
+};
\ No newline at end of file
diff --git a/backend/schema/endpoints/proxy-hosts.json b/backend/schema/endpoints/proxy-hosts.json
index 9a3fff2fc7..27a8ec2ab0 100644
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@@ -58,6 +58,16 @@
       "example": true,
       "type": "boolean"
     },
+    "enable_proxy_protocol": {
+      "description": "Enable PROXY Protocol support",
+      "example": true,
+      "type": "boolean"
+    },
+    "load_balancer_ip": {
+      "type": "string",
+      "minLength": 0,
+      "maxLength": 255
+    },
     "access_list_id": {
       "$ref": "../definitions.json#/definitions/access_list_id"
     },
@@ -155,6 +165,12 @@
     "allow_websocket_upgrade": {
       "$ref": "#/definitions/allow_websocket_upgrade"
     },
+    "enable_proxy_protocol": {
+      "$ref": "#/definitions/enable_proxy_protocol"
+    },
+    "load_balancer_ip": {
+      "$ref": "#/definitions/load_balancer_ip"
+    },
     "access_list_id": {
       "$ref": "#/definitions/access_list_id"
     },
@@ -245,6 +261,12 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
+          "enable_proxy_protocol": {
+            "$ref": "#/definitions/enable_proxy_protocol"
+          },
+          "load_balancer_ip": {
+            "$ref": "#/definitions/load_balancer_ip"
+          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
@@ -318,6 +340,12 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
+          "enable_proxy_protocol": {
+            "$ref": "#/definitions/enable_proxy_protocol"
+          },
+          "load_balancer_ip": {
+            "$ref": "#/definitions/load_balancer_ip"
+          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index 730f3a7c4d..15f0c86592 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,15 +1,25 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 88 proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:88 proxy_protocol;
+{% endif %}  
+{% else -%}
   listen 80;
 {% if ipv6 -%}
   listen [::]:80;
-{% else -%}
-  #listen [::]:80;
+{% endif %}   
 {% endif %}
 {% if certificate -%}
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% endif %}
+{% else -%}
   listen 443 ssl{% if http2_support %} http2{% endif %};
 {% if ipv6 -%}
   listen [::]:443 ssl{% if http2_support %} http2{% endif %};
-{% else -%}
-  #listen [::]:443;
 {% endif %}
 {% endif %}
-  server_name {{ domain_names | join: " " }};
+{% endif %}
+  server_name {{ domain_names | join: " " }};
\ No newline at end of file
diff --git a/backend/templates/_proxy_protocol.conf b/backend/templates/_proxy_protocol.conf
new file mode 100644
index 0000000000..fa81494b72
--- /dev/null
+++ b/backend/templates/_proxy_protocol.conf
@@ -0,0 +1,6 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
+{% if load_balancer_ip != '' %}
+  set_real_ip_from {{ load_balancer_ip }};
+  real_ip_header proxy_protocol;
+{% endif %}
+{% endif %}
\ No newline at end of file
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
index ec30cca0da..d733c853a1 100644
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -12,6 +12,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
+{% include "_proxy_protocol.conf" %}
 
 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;
diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs
index 56868f5528..9c30f13c49 100644
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@@ -72,7 +72,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-12 col-md-12">
+                        <div class="col-sm-6 col-md-6">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -81,6 +81,21 @@
                                 </label>
                             </div>
                         </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="enable_proxy_protocol" value="1"<%- enable_proxy_protocol ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('proxy-hosts', 'load-balancer-ip') %>  <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
+                                <input type="text" name="load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- load_balancer_ip %>" autocomplete="off" maxlength="255" <%- enable_proxy_protocol ? '' : ' disabled' %>>
+                            </div>
+                        </div>
 
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js
index 1dfb5c1891..5ffd145a02 100644
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@@ -43,7 +43,9 @@ module.exports = Mn.View.extend({
         dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
         propagation_seconds:      'input[name="meta[propagation_seconds]"]',
         forward_scheme:           'select[name="forward_scheme"]',
-        letsencrypt:              '.letsencrypt'
+        letsencrypt:              '.letsencrypt',
+        enable_proxy_protocol:    'input[name="enable_proxy_protocol"]',
+        load_balancer_ip:         'input[name="load_balancer_ip"]'
     },
 
     regions: {
@@ -51,6 +53,14 @@ module.exports = Mn.View.extend({
     },
 
     events: {
+        'change @ui.enable_proxy_protocol': function () {
+            let checked = this.ui.enable_proxy_protocol.prop('checked');
+            this.ui.load_balancer_ip
+                .prop('disabled', !checked)
+                .parents('.form-group')
+                .css('opacity', checked ? 1 : 0.5);
+        },
+
         'change @ui.certificate_select': function () {
             let id = this.ui.certificate_select.val();
             if (id === 'new') {
@@ -163,6 +173,7 @@ module.exports = Mn.View.extend({
             data.block_exploits          = !!data.block_exploits;
             data.caching_enabled         = !!data.caching_enabled;
             data.allow_websocket_upgrade = !!data.allow_websocket_upgrade;
+            data.enable_proxy_protocol   = !!data.enable_proxy_protocol;
             data.http2_support           = !!data.http2_support;
             data.hsts_enabled            = !!data.hsts_enabled;
             data.hsts_subdomains         = !!data.hsts_subdomains;
@@ -264,6 +275,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
+        this.ui.enable_proxy_protocol.trigger('change');
         this.ui.ssl_forced.trigger('change');
         this.ui.hsts_enabled.trigger('change');
 
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
index 896a9633de..1aaa3ac7af 100644
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@@ -133,7 +133,9 @@
       "allow-websocket-upgrade": "Websockets Support",
       "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
       "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path",
-      "search": "Search Host…"
+      "search": "Search Host…",
+      "enable-proxy-protocol": "Enable PROXY Protocol",
+      "load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range "
     },
     "redirection-hosts": {
       "title": "Redirection Hosts",
diff --git a/frontend/js/models/proxy-host.js b/frontend/js/models/proxy-host.js
index b82d09fef3..b1a80f5411 100644
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@@ -19,6 +19,8 @@ const model = Backbone.Model.extend({
             hsts_subdomains:         false,
             caching_enabled:         false,
             allow_websocket_upgrade: false,
+            enable_proxy_protocol:   false,
+            load_balancer_ip:        '',
             block_exploits:          false,
             http2_support:           false,
             advanced_config:         '',

From 5e733614da09af39479eb30a711da22d748ebc8a Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Mon, 28 Apr 2025 23:52:48 -0400
Subject: [PATCH 02/24] bump build

---
 backend/migrations/20220209144645_proxy_protocol.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index 8c80991288..f8a1710ed3 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -16,10 +16,9 @@ exports.up = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
 		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
-	})
-		.then(() => {
-			logger.info('[' + migrate_name + '] proxy_host Table altered');
-		});
+	}).then(() => {
+		logger.info('[' + migrate_name + '] proxy_host Table altered');
+	});
 
 };
 
@@ -33,4 +32,4 @@ exports.up = function (knex/*, Promise*/) {
 exports.down = function (knex, Promise) {
 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
 	return Promise.resolve(true);
-};
\ No newline at end of file
+};

From cf4965c03e0146cfa26cc02c987046291ae9593f Mon Sep 17 00:00:00 2001
From: Vadim Isakov <43072246+Iaotle@users.noreply.github.com>
Date: Tue, 1 Jul 2025 09:13:51 +0200
Subject: [PATCH 03/24] Update proxy_host.js

---
 backend/models/proxy_host.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/models/proxy_host.js b/backend/models/proxy_host.js
index 07aa5dd3c8..87ce178260 100644
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'enable_proxy_protocol'
 ];
 
 class ProxyHost extends Model {

From 1e080c2ac62cba0faa61e261a92ad3ff68043821 Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Fri, 25 Jul 2025 15:53:18 -0400
Subject: [PATCH 04/24] enable standard ports when proxy protocol is enabled

---
 backend/templates/_listen.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index 380f503f13..d75bb34def 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,25 +1,29 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
   listen 88 proxy_protocol;
+  listen 80;
 {% if ipv6 -%}
   listen [::]:88 proxy_protocol;
-{% endif %}  
+  listen [::]:80;
+{% endif %}
 {% else -%}
   listen 80;
 {% if ipv6 -%}
   listen [::]:80;
-{% endif %}   
+{% endif %}
 {% endif %}
 {% if certificate -%}
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
   listen 444 ssl proxy_protocol;
+  listen 443 ssl;
 {% if ipv6 -%}
   listen [::]:444 ssl proxy_protocol;
-{% endif %}  
+  listen [::]:443 ssl;
+{% endif %}
 {% else -%}
   listen 443 ssl;
 {% if ipv6 -%}
   listen [::]:443 ssl;
-{% endif %}   
+{% endif %}
 {% endif %}
 {% else %}
   #listen [::]:443;

From 5d14b744d6a83e474e909bb29cbc51c940aa162e Mon Sep 17 00:00:00 2001
From: Austin Drummond <adrum0x7@gmail.com>
Date: Fri, 25 Jul 2025 15:56:50 -0400
Subject: [PATCH 05/24] always enable real ip proxy protocol if enabled

---
 backend/templates/_proxy_protocol.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/templates/_proxy_protocol.conf b/backend/templates/_proxy_protocol.conf
index fa81494b72..acba5e13b3 100644
--- a/backend/templates/_proxy_protocol.conf
+++ b/backend/templates/_proxy_protocol.conf
@@ -1,6 +1,6 @@
 {% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
 {% if load_balancer_ip != '' %}
   set_real_ip_from {{ load_balancer_ip }};
-  real_ip_header proxy_protocol;
 {% endif %}
-{% endif %}
\ No newline at end of file
+real_ip_header proxy_protocol;
+{% endif %}

From aa8ac9b88ddd939ef2076d7663c2a14c05a6ddb2 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:16:46 -0700
Subject: [PATCH 06/24] Fix migration script

---
 backend/migrations/20220209144645_proxy_protocol.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index f8a1710ed3..d27f9fe1d1 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -1,5 +1,5 @@
 const migrate_name = 'proxy_protocol';
-const logger       = require('../logger').migrate;
+import { migrate as logger } from "../logger.js";
 
 /**
  * Migrate
@@ -10,7 +10,7 @@ const logger       = require('../logger').migrate;
  * @param   {Promise} Promise
  * @returns {Promise}
  */
-exports.up = function (knex/*, Promise*/) {
+const up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 
 	return knex.schema.table('proxy_host', function (proxy_host) {
@@ -29,7 +29,9 @@ exports.up = function (knex/*, Promise*/) {
  * @param   {Promise} Promise
  * @returns {Promise}
  */
-exports.down = function (knex, Promise) {
+const down = function (knex, Promise) {
 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
 	return Promise.resolve(true);
 };
+
+export { up, down };

From c9c9b0beea8ebdfadbcdd856e36775a68809e9bc Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:17:18 -0700
Subject: [PATCH 07/24] Sorted lang files

---
 frontend/src/locale/src/bg.json | 12 ++++++------
 frontend/src/locale/src/cs.json | 12 ++++++------
 frontend/src/locale/src/de.json | 12 ++++++------
 frontend/src/locale/src/en.json | 12 ++++++------
 frontend/src/locale/src/es.json | 12 ++++++------
 frontend/src/locale/src/et.json | 12 ++++++------
 frontend/src/locale/src/fr.json | 12 ++++++------
 frontend/src/locale/src/ga.json | 12 ++++++------
 frontend/src/locale/src/hu.json | 12 ++++++------
 frontend/src/locale/src/id.json | 12 ++++++------
 frontend/src/locale/src/it.json | 12 ++++++------
 frontend/src/locale/src/ja.json | 12 ++++++------
 frontend/src/locale/src/ko.json | 12 ++++++------
 frontend/src/locale/src/nl.json | 12 ++++++------
 frontend/src/locale/src/no.json | 12 ++++++------
 frontend/src/locale/src/pl.json | 12 ++++++------
 frontend/src/locale/src/pt.json | 12 ++++++------
 frontend/src/locale/src/ru.json | 12 ++++++------
 frontend/src/locale/src/sk.json | 12 ++++++------
 frontend/src/locale/src/tr.json | 12 ++++++------
 frontend/src/locale/src/vi.json | 12 ++++++------
 frontend/src/locale/src/zh.json | 12 ++++++------
 22 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/frontend/src/locale/src/bg.json b/frontend/src/locale/src/bg.json
index 466bca77a0..8e03e0e926 100644
--- a/frontend/src/locale/src/bg.json
+++ b/frontend/src/locale/src/bg.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Кеширане на ресурси"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Запазване на пътя"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Поддръжка на WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Порт"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Схема"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Хостове"
 	},
diff --git a/frontend/src/locale/src/cs.json b/frontend/src/locale/src/cs.json
index 4fbbb76fc5..f935fbb58a 100644
--- a/frontend/src/locale/src/cs.json
+++ b/frontend/src/locale/src/cs.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Uložit zdroje do mezipaměti"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachovat cestu"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Podpora WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port přesměrování"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hostitelé"
 	},
diff --git a/frontend/src/locale/src/de.json b/frontend/src/locale/src/de.json
index 5ced3be500..0905c8dc9f 100644
--- a/frontend/src/locale/src/de.json
+++ b/frontend/src/locale/src/de.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pfad beibehalten"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/en.json b/frontend/src/locale/src/en.json
index 742f97bb00..cb3a642d6c 100644
--- a/frontend/src/locale/src/en.json
+++ b/frontend/src/locale/src/en.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserve Path"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/es.json b/frontend/src/locale/src/es.json
index 7463d76102..04b62cc2a4 100644
--- a/frontend/src/locale/src/es.json
+++ b/frontend/src/locale/src/es.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cachear Recursos"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preservar Ruta"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Soporte de Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Puerto"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Esquema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/et.json b/frontend/src/locale/src/et.json
index 742f97bb00..cb3a642d6c 100644
--- a/frontend/src/locale/src/et.json
+++ b/frontend/src/locale/src/et.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserve Path"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Support"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Forward Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/fr.json b/frontend/src/locale/src/fr.json
index 5e6d34e48e..a35d30cba0 100644
--- a/frontend/src/locale/src/fr.json
+++ b/frontend/src/locale/src/fr.json
@@ -338,6 +338,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Ressources du cache"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Préserver le chemin"
 	},
@@ -347,18 +350,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Prise en charge de Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port de redirection"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hôtes"
 	},
diff --git a/frontend/src/locale/src/ga.json b/frontend/src/locale/src/ga.json
index 858c82ddc5..700b3877ea 100644
--- a/frontend/src/locale/src/ga.json
+++ b/frontend/src/locale/src/ga.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Sócmhainní Taisce"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Cosán a Chaomhnú"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Tacaíocht Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port Ar Aghaidh"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scéim"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Óstaigh"
 	},
diff --git a/frontend/src/locale/src/hu.json b/frontend/src/locale/src/hu.json
index 57511f8086..a53d5e89f9 100644
--- a/frontend/src/locale/src/hu.json
+++ b/frontend/src/locale/src/hu.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Erőforrások gyorsítótárazása"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Útvonal megőrzése"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets támogatás"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Továbbító port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Séma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Kiszolgálók"
 	},
diff --git a/frontend/src/locale/src/id.json b/frontend/src/locale/src/id.json
index 814246e80a..7e39faaab9 100644
--- a/frontend/src/locale/src/id.json
+++ b/frontend/src/locale/src/id.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Aset"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pertahankan Path"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Dukungan Websocket"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port Terusan"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Skema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host"
 	},
diff --git a/frontend/src/locale/src/it.json b/frontend/src/locale/src/it.json
index 9e8bbd5b5a..bffdb5a3e3 100644
--- a/frontend/src/locale/src/it.json
+++ b/frontend/src/locale/src/it.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache degli Asset"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preserva Percorso"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Supporto WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Porta di Destinazione"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host"
 	},
diff --git a/frontend/src/locale/src/ja.json b/frontend/src/locale/src/ja.json
index 6191c4b474..18ff154936 100644
--- a/frontend/src/locale/src/ja.json
+++ b/frontend/src/locale/src/ja.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "アセットをキャッシュする"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "パスワードは一致する必要があります"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websocketsサポート"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "転送ポート"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "スキーム"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "ホスト"
 	},
diff --git a/frontend/src/locale/src/ko.json b/frontend/src/locale/src/ko.json
index 52ae4af196..811614a728 100644
--- a/frontend/src/locale/src/ko.json
+++ b/frontend/src/locale/src/ko.json
@@ -365,6 +365,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "정적 에셋 캐싱"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "요청 경로 유지"
 	},
@@ -374,18 +377,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "웹소켓 지원"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "전달할 포트"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "프로토콜"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "호스트 목록"
 	},
diff --git a/frontend/src/locale/src/nl.json b/frontend/src/locale/src/nl.json
index 467c3673a2..a90e88ce4a 100644
--- a/frontend/src/locale/src/nl.json
+++ b/frontend/src/locale/src/nl.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache Assets"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Pad Behouden"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Ondersteuning"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Poort Doorsturen"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/no.json b/frontend/src/locale/src/no.json
index ac2c505ec2..c819db8760 100644
--- a/frontend/src/locale/src/no.json
+++ b/frontend/src/locale/src/no.json
@@ -428,6 +428,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Mellomlagre ressurser"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Behold sti"
 	},
@@ -437,18 +440,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets-støtte"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Viderekoble Port"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Skjema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Vertsnavn"
 	},
diff --git a/frontend/src/locale/src/pl.json b/frontend/src/locale/src/pl.json
index 364586c2e9..71e6bd95b7 100644
--- a/frontend/src/locale/src/pl.json
+++ b/frontend/src/locale/src/pl.json
@@ -356,6 +356,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Buforuj zasoby statyczne (ang. cache)"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachowaj ścieżkę"
 	},
@@ -365,18 +368,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Obsługa WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port docelowy"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schemat"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosty"
 	},
diff --git a/frontend/src/locale/src/pt.json b/frontend/src/locale/src/pt.json
index c91b3cb70d..d607633861 100644
--- a/frontend/src/locale/src/pt.json
+++ b/frontend/src/locale/src/pt.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache de Conteúdos Estáticos"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Preservar Caminho"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Suporte para WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Porta de Encaminhamento"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Esquema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hosts"
 	},
diff --git a/frontend/src/locale/src/ru.json b/frontend/src/locale/src/ru.json
index 06487e64d1..97582ec955 100644
--- a/frontend/src/locale/src/ru.json
+++ b/frontend/src/locale/src/ru.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Кэшировать ресурсы"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Сохранять путь"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Поддержка WebSocket"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Порт перенаправления"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Схема"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Хосты"
 	},
diff --git a/frontend/src/locale/src/sk.json b/frontend/src/locale/src/sk.json
index 929e485374..5d91bec89c 100644
--- a/frontend/src/locale/src/sk.json
+++ b/frontend/src/locale/src/sk.json
@@ -422,6 +422,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Uložiť zdroje do vyrovnávacej pamäte"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Zachovať cestu"
 	},
@@ -431,18 +434,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Podpora WebSockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Port presmerovania"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Schéma"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Hostitelia"
 	},
diff --git a/frontend/src/locale/src/tr.json b/frontend/src/locale/src/tr.json
index 9d0394f87f..b7dc4890e0 100644
--- a/frontend/src/locale/src/tr.json
+++ b/frontend/src/locale/src/tr.json
@@ -353,6 +353,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Varlıkları Önbelleğe Al"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Yolu Koru"
 	},
@@ -362,18 +365,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets Desteği"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "İletme Portu"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Şema"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Host'lar"
 	},
diff --git a/frontend/src/locale/src/vi.json b/frontend/src/locale/src/vi.json
index b0b06270c6..2e498f7c69 100644
--- a/frontend/src/locale/src/vi.json
+++ b/frontend/src/locale/src/vi.json
@@ -350,6 +350,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "Cache tài nguyên"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "Bảo toàn đường dẫn"
 	},
@@ -359,18 +362,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Hỗ trợ Websockets"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "Chuyển tiếp cổng"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "Scheme"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "Máy chủ"
 	},
diff --git a/frontend/src/locale/src/zh.json b/frontend/src/locale/src/zh.json
index 13bd14c85b..7431a9f89a 100644
--- a/frontend/src/locale/src/zh.json
+++ b/frontend/src/locale/src/zh.json
@@ -356,6 +356,9 @@
 	"host.flags.cache-assets": {
 		"defaultMessage": "缓存资源"
 	},
+	"host.flags.enable-proxy-protocol": {
+		"defaultMessage": "Enable PROXY Protocol"
+	},
 	"host.flags.preserve-path": {
 		"defaultMessage": "保留路径"
 	},
@@ -365,18 +368,15 @@
 	"host.flags.websockets-upgrade": {
 		"defaultMessage": "Websockets 支持"
 	},
-	"host.flags.enable-proxy-protocol": {
-		"defaultMessage": "Enable PROXY Protocol"
-	},
-	"host.load-balancer-ip": {
-		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
-	},
 	"host.forward-port": {
 		"defaultMessage": "转发端口"
 	},
 	"host.forward-scheme": {
 		"defaultMessage": "协议"
 	},
+	"host.load-balancer-ip": {
+		"defaultMessage": "Load balancer or TCP proxy IP / CIDR range"
+	},
 	"hosts": {
 		"defaultMessage": "主机列表"
 	},

From 24bdb5de4e9f117fdae14eba784e0e73457ee6f0 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:17:29 -0700
Subject: [PATCH 08/24] Fix comments

---
 frontend/src/modals/ProxyHostModal.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/modals/ProxyHostModal.tsx b/frontend/src/modals/ProxyHostModal.tsx
index 1c2a74c6e8..2c77dad1f1 100644
--- a/frontend/src/modals/ProxyHostModal.tsx
+++ b/frontend/src/modals/ProxyHostModal.tsx
@@ -351,7 +351,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																		)}
 																	</Field>
 																</span>
-																<!-- <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span> -->
+																{/* <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span> */}
 															</label>
 														</div>
 														<div>
@@ -360,7 +360,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																	<div className="mb-3">
 																		<label className="form-label" htmlFor="loadBalancerIp">
 																			<T id="host.load-balancer-ip" />
-																			<!-- <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a> -->
+																			{/* <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a> */}
 																		</label>
 																		<input
 																			id="loadBalancerIp"

From 5ec08cf632fdbac67f013153997b4412317dba21 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:34:00 -0700
Subject: [PATCH 09/24] Fill out missing schema

---
 backend/schema/components/proxy-host-object.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/schema/components/proxy-host-object.json b/backend/schema/components/proxy-host-object.json
index 2b281e20fa..61e943a4f6 100644
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -92,9 +92,11 @@
 			"type": "boolean"
 		},
 		"load_balancer_ip": {
+			"description": "Load balancer or TCP proxy IP / CIDR range",
 			"type": "string",
 			"minLength": 0,
-			"maxLength": 255
+			"maxLength": 255,
+			"example": "10.0.9.3"
 		},
 		"http2_support": {
 			"$ref": "../common.json#/properties/http2_support"

From 49bb74366cf8658b982288f518da6cc8c8136f2e Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 04:34:10 -0700
Subject: [PATCH 10/24] Add PROXY protocol ports

---
 docker/docker-compose.dev.yml |  2 ++
 scripts/start-dev             | 11 ++++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 4d519f8acd..8c316ac513 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -9,7 +9,9 @@ services:
     ports:
       - 3080:80
       - 3081:81
+      - 3088:88
       - 3443:443
+      - 3444:444
     networks:
       nginx_proxy_manager:
         aliases:
diff --git a/scripts/start-dev b/scripts/start-dev
index c561ac9adf..0652bddc1f 100755
--- a/scripts/start-dev
+++ b/scripts/start-dev
@@ -45,9 +45,14 @@ if hash docker 2>/dev/null; then
 	bash "$DIR/wait-healthy" "$(docker compose ps --all -q fullstack)" 120
 
 	echo ""
-	echo -e "${CYAN}Admin UI:     http://127.0.0.1:3081${RESET}"
-	echo -e "${CYAN}Nginx:        http://127.0.0.1:3080${RESET}"
-	echo -e "${CYAN}Swagger Doc:  http://127.0.0.1:3001${RESET}"
+	echo -e "${CYAN}Admin UI:      http://127.0.0.1:3081${RESET}"
+	echo -e "${CYAN}Nginx (HTTP):  http://127.0.0.1:3080${RESET}"
+	echo -e "${CYAN}Nginx (HTTPS): http://127.0.0.1:3443${RESET}"
+	echo -e "${CYAN}Swagger Doc:   http://127.0.0.1:3001${RESET}"
+	echo -e
+	echo -e "${CYAN}PROXY protocol:${RESET}"
+	echo -e "${CYAN}Nginx (HTTP):  http://127.0.0.1:3088${RESET}"
+	echo -e "${CYAN}Nginx (HTTPS): http://127.0.0.1:3444${RESET}"
 	echo ""
 
 	if [ "$1" == "-f" ]; then

From d9990df2ae3d637f9a4850bbedb25a552ab424a2 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 05:06:14 -0700
Subject: [PATCH 11/24] conditionally require and disable the load balancer ip

---
 frontend/src/modals/ProxyHostModal.tsx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/frontend/src/modals/ProxyHostModal.tsx b/frontend/src/modals/ProxyHostModal.tsx
index 2c77dad1f1..f110c737e5 100644
--- a/frontend/src/modals/ProxyHostModal.tsx
+++ b/frontend/src/modals/ProxyHostModal.tsx
@@ -355,7 +355,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 															</label>
 														</div>
 														<div>
-															<Field name="loadBalancerIp" validate={validateString(1, 255)}>
+															<Field name="loadBalancerIp">
 																{({ field, form }: any) => (
 																	<div className="mb-3">
 																		<label className="form-label" htmlFor="loadBalancerIp">
@@ -365,9 +365,10 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																		<input
 																			id="loadBalancerIp"
 																			type="text"
-																			className={`form-control ${form.errors.loadBalancerIp && form.touched.loadBalancerIp ? "is-invalid" : ""}`}
-																			required
+																			className={`form-control ${form.errors.loadBalancerIp && form.touched.loadBalancerIp ? "is-invalid" : ""} ${form.values.enableProxyProtocol ? "" : "disabled"}`}
+																			required={form.values.enableProxyProtocol}
 																			placeholder="example.com"
+																			disabled={!form.values.enableProxyProtocol}
 																			{...field}
 																		/>
 																		{form.errors.loadBalancerIp ? (

From 6618f15558cfd3d1798be12c527a63e3f6cd24ba Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Fri, 24 Apr 2026 06:51:51 -0700
Subject: [PATCH 12/24] Fix lint errors

---
 .../migrations/20220209144645_proxy_protocol.js    | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index d27f9fe1d1..1f30054e09 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -7,17 +7,16 @@ import { migrate as logger } from "../logger.js";
  * @see http://knexjs.org/#Schema
  *
  * @param   {Object}  knex
- * @param   {Promise} Promise
  * @returns {Promise}
  */
-const up = function (knex/*, Promise*/) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
+const up = (knex) => {
+	logger.info(`[${migrate_name}] Migrating Up...`);
 
-	return knex.schema.table('proxy_host', function (proxy_host) {
+	return knex.schema.table('proxy_host', (proxy_host) => {
 		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
 		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
 	}).then(() => {
-		logger.info('[' + migrate_name + '] proxy_host Table altered');
+		logger.info(`[${migrate_name}] proxy_host Table altered`);
 	});
 
 };
@@ -26,11 +25,10 @@ const up = function (knex/*, Promise*/) {
  * Undo Migrate
  *
  * @param   {Object}  knex
- * @param   {Promise} Promise
  * @returns {Promise}
  */
-const down = function (knex, Promise) {
-	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+const down = (_knex) => {
+	logger.warn(`[${migrate_name}] You can't migrate down this one.`);
 	return Promise.resolve(true);
 };
 

From 857a35ea64a8ed295f809376fe3f8fe901394e30 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 01:49:42 -0700
Subject: [PATCH 13/24] Implement down migration and standardize on double
 quotes

Make the variable name a little more generic
---
 .../20220209144645_proxy_protocol.js          | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/backend/migrations/20220209144645_proxy_protocol.js b/backend/migrations/20220209144645_proxy_protocol.js
index 1f30054e09..8113c4eb95 100644
--- a/backend/migrations/20220209144645_proxy_protocol.js
+++ b/backend/migrations/20220209144645_proxy_protocol.js
@@ -1,4 +1,4 @@
-const migrate_name = 'proxy_protocol';
+const migrate_name = "proxy_protocol";
 import { migrate as logger } from "../logger.js";
 
 /**
@@ -12,13 +12,12 @@ import { migrate as logger } from "../logger.js";
 const up = (knex) => {
 	logger.info(`[${migrate_name}] Migrating Up...`);
 
-	return knex.schema.table('proxy_host', (proxy_host) => {
-		proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
-		proxy_host.string('load_balancer_ip').notNull().defaultTo('');
+	return knex.schema.table("proxy_host", (table) => {
+		table.integer("enable_proxy_protocol").notNull().unsigned().defaultTo(0);
+		table.string("load_balancer_ip").notNull().defaultTo("");
 	}).then(() => {
 		logger.info(`[${migrate_name}] proxy_host Table altered`);
 	});
-
 };
 
 /**
@@ -28,8 +27,15 @@ const up = (knex) => {
  * @returns {Promise}
  */
 const down = (_knex) => {
-	logger.warn(`[${migrate_name}] You can't migrate down this one.`);
-	return Promise.resolve(true);
+	logger.info(`[${migrateName}] Migrating Down...`);
+
+	return knex.schema.table("proxy_host", (table) => {
+		table.dropColumn("enable_proxy_protocol");
+		table.dropColumn("load_balancer_ip");
+	})
+	.then(() => {
+		logger.info(`[${migrateName}] proxy_host Table altered`);
+	});
 };
 
 export { up, down };

From 5965a6c461ab1a5d1234b014473d10286e00f4d2 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 03:15:26 -0700
Subject: [PATCH 14/24] Add support for PROXY protocol for Streams

---
 .../20260425014442_proxy_protocol_stream.js   | 40 +++++++++++++++++++
 backend/schema/components/stream-object.json  |  8 +++-
 backend/schema/paths/nginx/streams/get.json   |  1 +
 backend/schema/paths/nginx/streams/post.json  |  5 +++
 .../paths/nginx/streams/streamID/get.json     |  1 +
 .../paths/nginx/streams/streamID/put.json     |  4 ++
 backend/templates/stream.conf                 |  5 ++-
 frontend/src/api/backend/models.ts            |  1 +
 frontend/src/hooks/useStream.ts               |  1 +
 frontend/src/modals/StreamModal.tsx           | 30 ++++++++++++++
 10 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 backend/migrations/20260425014442_proxy_protocol_stream.js

diff --git a/backend/migrations/20260425014442_proxy_protocol_stream.js b/backend/migrations/20260425014442_proxy_protocol_stream.js
new file mode 100644
index 0000000000..5099211bba
--- /dev/null
+++ b/backend/migrations/20260425014442_proxy_protocol_stream.js
@@ -0,0 +1,40 @@
+const migrate_name = "proxy_protocol_stream";
+import { migrate as logger } from "../logger.js";
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @returns {Promise}
+ */
+const up = (knex) => {
+    logger.info(`[${migrate_name}] Migrating Up...`);
+
+    return knex.schema.table("stream", (table) => {
+        table.integer("enable_proxy_protocol").notNull().unsigned().defaultTo(0);
+    }).then(() => {
+        logger.info(`[${migrate_name}] stream Table altered`);
+    });
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @returns {Promise}
+ */
+const down = (_knex) => {
+    logger.info(`[${migrateName}] Migrating Down...`);
+
+    return knex.schema.table("stream", (table) => {
+        table.dropColumn("enable_proxy_protocol");
+    })
+    .then(() => {
+        logger.info(`[${migrateName}] stream Table altered`);
+    });
+};
+
+export { up, down };
diff --git a/backend/schema/components/stream-object.json b/backend/schema/components/stream-object.json
index 602073ceca..42a2633933 100644
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@@ -12,7 +12,8 @@
 		"tcp_forwarding",
 		"udp_forwarding",
 		"enabled",
-		"meta"
+		"meta",
+		"enable_proxy_protocol"
 	],
 	"additionalProperties": false,
 	"properties": {
@@ -70,6 +71,11 @@
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
+		"enable_proxy_protocol": {
+			"description": "Enable PROXY Protocol support",
+			"type": "boolean",
+			"example": false
+		},
 		"certificate_id": {
 			"$ref": "../common.json#/properties/certificate_id"
 		},
diff --git a/backend/schema/paths/nginx/streams/get.json b/backend/schema/paths/nginx/streams/get.json
index 6dda8e346b..8243f9a918 100644
--- a/backend/schema/paths/nginx/streams/get.json
+++ b/backend/schema/paths/nginx/streams/get.json
@@ -41,6 +41,7 @@
 										"nginx_err": null
 									},
 									"enabled": true,
+									"enable_proxy_protocol": false,
 									"certificate_id": 0
 								}
 							]
diff --git a/backend/schema/paths/nginx/streams/post.json b/backend/schema/paths/nginx/streams/post.json
index 0c986de8fa..06d5ad6924 100644
--- a/backend/schema/paths/nginx/streams/post.json
+++ b/backend/schema/paths/nginx/streams/post.json
@@ -41,6 +41,9 @@
 						"certificate_id": {
 							"$ref": "../../../components/stream-object.json#/properties/certificate_id"
 						},
+						"enable_proxy_protocol": {
+							"$ref": "../../../components/stream-object.json#/properties/enable_proxy_protocol",
+						},
 						"meta": {
 							"$ref": "../../../components/stream-object.json#/properties/meta"
 						},
@@ -56,6 +59,7 @@
 					"tcp_forwarding": true,
 					"udp_forwarding": false,
 					"certificate_id": 0,
+					"enable_proxy_protocol": false,
 					"meta": {}
 				}
 			}
@@ -83,6 +87,7 @@
 									"nginx_err": null
 								},
 								"enabled": true,
+								"enable_proxy_protocol": false,
 								"owner": {
 									"id": 1,
 									"created_on": "2024-10-09T02:33:16.000Z",
diff --git a/backend/schema/paths/nginx/streams/streamID/get.json b/backend/schema/paths/nginx/streams/streamID/get.json
index 22fae8872b..c2094f98a3 100644
--- a/backend/schema/paths/nginx/streams/streamID/get.json
+++ b/backend/schema/paths/nginx/streams/streamID/get.json
@@ -42,6 +42,7 @@
 									"nginx_err": null
 								},
 								"enabled": true,
+								"enableProxyProtocol": false,
 								"certificate_id": 0
 							}
 						}
diff --git a/backend/schema/paths/nginx/streams/streamID/put.json b/backend/schema/paths/nginx/streams/streamID/put.json
index 21ae71ef7a..cc52fe10d3 100644
--- a/backend/schema/paths/nginx/streams/streamID/put.json
+++ b/backend/schema/paths/nginx/streams/streamID/put.json
@@ -48,6 +48,9 @@
 						"certificate_id": {
 							"$ref": "../../../../components/stream-object.json#/properties/certificate_id"
 						},
+						"enable_proxy_protocol": {
+							"$ref": "../../../../components/stream-object.json#/properties/enable_proxy_protocol",
+						},
 						"meta": {
 							"$ref": "../../../../components/stream-object.json#/properties/meta"
 						}
@@ -78,6 +81,7 @@
 									"nginx_err": null
 								},
 								"enabled": true,
+								"enable_proxy_protocol": false,
 								"owner": {
 									"id": 1,
 									"created_on": "2024-10-09T02:33:16.000Z",
diff --git a/backend/templates/stream.conf b/backend/templates/stream.conf
index 3a10387b27..d8af054e23 100644
--- a/backend/templates/stream.conf
+++ b/backend/templates/stream.conf
@@ -5,8 +5,9 @@
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %};
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %};
+  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %} {%- if enable_proxy_protocol == 1 %} proxy_protocol {%- endif %};
+  # {{ enable_proxy_protocol }}
+  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %} {%- if enable_proxy_protocol == 1 %} proxy_protocol {%- endif %};
 
   {%- include "_certificates_stream.conf" %}
 
diff --git a/frontend/src/api/backend/models.ts b/frontend/src/api/backend/models.ts
index d102b75557..832b7d45c7 100644
--- a/frontend/src/api/backend/models.ts
+++ b/frontend/src/api/backend/models.ts
@@ -191,6 +191,7 @@ export interface Stream {
 	udpForwarding: boolean;
 	meta: Record<string, any>;
 	enabled: boolean;
+	enableProxyProtocol: boolean;
 	certificateId: number;
 	// Expansions:
 	owner?: User;
diff --git a/frontend/src/hooks/useStream.ts b/frontend/src/hooks/useStream.ts
index dfdddc1a08..ca8b0d5730 100644
--- a/frontend/src/hooks/useStream.ts
+++ b/frontend/src/hooks/useStream.ts
@@ -12,6 +12,7 @@ const fetchStream = (id: number | "new") => {
 			udpForwarding: false,
 			meta: {},
 			enabled: true,
+			enableProxyProtocol: false,
 			certificateId: 0,
 		} as Stream);
 	}
diff --git a/frontend/src/modals/StreamModal.tsx b/frontend/src/modals/StreamModal.tsx
index 6d55348896..29cd1e21a4 100644
--- a/frontend/src/modals/StreamModal.tsx
+++ b/frontend/src/modals/StreamModal.tsx
@@ -63,6 +63,7 @@ const StreamModal = EasyModal.create(({ id, visible, remove }: Props) => {
 							tcpForwarding: data?.tcpForwarding,
 							udpForwarding: data?.udpForwarding,
 							certificateId: data?.certificateId,
+							enableProxyProtocol: data?.enableProxyProtocol,
 							meta: data?.meta || {},
 						} as any
 					}
@@ -278,6 +279,35 @@ const StreamModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																</span>
 															</label>
 														</div>
+														<div>
+															<label className="row" htmlFor="enableProxyProtocol">
+																<span className="col">
+																	<T id="host.flags.enable-proxy-protocol" />
+																</span>
+																<span className="col-auto">
+																	<Field name="enableProxyProtocol" type="checkbox">
+																		{({ field }: any) => (
+																			<label className="form-check form-check-single form-switch">
+																				<input
+																					id="enableProxyProtocol"
+																					className="form-check-input"
+																					type="checkbox"
+																					name={field.name}
+																					checked={field.value}
+																					onChange={(e: any) => {
+																						setFieldValue(
+																							field.name,
+																							e.target.checked,
+																						);
+																					}}
+																				/>
+																			</label>
+																		)}
+																	</Field>
+																</span>
+																{/* <span class="custom-switch-description"><%- i18n('proxy-hosts', 'enable-proxy-protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span> */}
+															</label>
+														</div>
 													</div>
 												</div>
 											</div>

From 57c2fa376aa6861e61c59c563b16135f18129521 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 18:23:10 -0700
Subject: [PATCH 15/24] Fix streams tests

---
 test/cypress/e2e/api/Streams.cy.js | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/test/cypress/e2e/api/Streams.cy.js b/test/cypress/e2e/api/Streams.cy.js
index 10809f8948..1cdac94942 100644
--- a/test/cypress/e2e/api/Streams.cy.js
+++ b/test/cypress/e2e/api/Streams.cy.js
@@ -45,7 +45,8 @@ describe('Streams', () => {
 				certificate_id: 0,
 				meta: {},
 				tcp_forwarding: true,
-				udp_forwarding: false
+				udp_forwarding: false,
+				enable_proxy_protocol: false
 			}
 		}).then((data) => {
 			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
@@ -54,6 +55,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', false);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -73,7 +75,8 @@ describe('Streams', () => {
 				certificate_id: 0,
 				meta: {},
 				tcp_forwarding: false,
-				udp_forwarding: true
+				udp_forwarding: true,
+				enable_proxy_protocol: false
 			}
 		}).then((data) => {
 			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
@@ -82,6 +85,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', false);
 			expect(data).to.have.property('udp_forwarding', true);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 		});
 	});
 
@@ -96,7 +100,8 @@ describe('Streams', () => {
 				certificate_id: 0,
 				meta: {},
 				tcp_forwarding: true,
-				udp_forwarding: true
+				udp_forwarding: true,
+				enable_proxy_protocol: false
 			}
 		}).then((data) => {
 			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
@@ -105,6 +110,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', true);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -153,7 +159,8 @@ describe('Streams', () => {
 						certificate_id: certID,
 						meta: {},
 						tcp_forwarding: true,
-						udp_forwarding: false
+						udp_forwarding: false,
+						enable_proxy_protocol: false
 					}
 				}).then((data) => {
 					cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
@@ -163,6 +170,7 @@ describe('Streams', () => {
 					expect(data).to.have.property('tcp_forwarding', true);
 					expect(data).to.have.property('udp_forwarding', false);
 					expect(data).to.have.property('certificate_id', certID);
+					expect(data).to.have.property('enable_proxy_protocol', false);
 
 					// Check the ssl termination
 					cy.task('log', '[testssl.sh] Running ...');

From b81951b94b31ad73111574ba4c52f9c697e6ed52 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 18:49:14 -0700
Subject: [PATCH 16/24] Remove the expects....?

---
 test/cypress/e2e/api/Streams.cy.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/cypress/e2e/api/Streams.cy.js b/test/cypress/e2e/api/Streams.cy.js
index 1cdac94942..ce536ecc86 100644
--- a/test/cypress/e2e/api/Streams.cy.js
+++ b/test/cypress/e2e/api/Streams.cy.js
@@ -55,7 +55,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', false);
-			expect(data).to.have.property('enable_proxy_protocol', false);
+			// expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -85,7 +85,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', false);
 			expect(data).to.have.property('udp_forwarding', true);
-			expect(data).to.have.property('enable_proxy_protocol', false);
+			// expect(data).to.have.property('enable_proxy_protocol', false);
 		});
 	});
 
@@ -110,7 +110,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', true);
-			expect(data).to.have.property('enable_proxy_protocol', false);
+			// expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -170,7 +170,7 @@ describe('Streams', () => {
 					expect(data).to.have.property('tcp_forwarding', true);
 					expect(data).to.have.property('udp_forwarding', false);
 					expect(data).to.have.property('certificate_id', certID);
-					expect(data).to.have.property('enable_proxy_protocol', false);
+					// expect(data).to.have.property('enable_proxy_protocol', false);
 
 					// Check the ssl termination
 					cy.task('log', '[testssl.sh] Running ...');

From cb9d5cfaa24f281485103122aae86bd7fa4fda92 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Sat, 25 Apr 2026 19:25:12 -0700
Subject: [PATCH 17/24] Add missing parameter to tests, not sure why ProxyHosts
 test is working but Streams isn't...

---
 test/cypress/e2e/api/ProxyHosts.cy.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/cypress/e2e/api/ProxyHosts.cy.js b/test/cypress/e2e/api/ProxyHosts.cy.js
index 5f437cf950..f86fd42ed8 100644
--- a/test/cypress/e2e/api/ProxyHosts.cy.js
+++ b/test/cypress/e2e/api/ProxyHosts.cy.js
@@ -29,6 +29,7 @@ describe('Proxy Hosts endpoints', () => {
 				block_exploits:          false,
 				caching_enabled:         false,
 				allow_websocket_upgrade: false,
+				enable_proxy_protocol:   false,
 				http2_support:           false,
 				hsts_enabled:            false,
 				hsts_subdomains:         false,
@@ -39,7 +40,7 @@ describe('Proxy Hosts endpoints', () => {
 			expect(data).to.have.property('id');
 			expect(data.id).to.be.greaterThan(0);
 			expect(data).to.have.property('enabled');
-			expect(data).to.have.property("enabled", true);
+			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('meta');
 			expect(typeof data.meta.nginx_online).to.be.equal('undefined');
 		});

From 7317102d7dd041bb330adc7ca0ef107623033a84 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Tue, 28 Apr 2026 22:03:32 -0700
Subject: [PATCH 18/24] This is a regex, it should be a pattern

---
 backend/schema/components/stream-object.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/schema/components/stream-object.json b/backend/schema/components/stream-object.json
index 42a2633933..d494c1d6bf 100644
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@@ -45,7 +45,7 @@
 				},
 				{
 					"type": "string",
-					"format": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$"
+					"pattern": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$"
 				},
 				{
 					"type": "string",

From 548f3bd45f278a03593fb16696190860fd0bf53a Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Tue, 28 Apr 2026 23:35:48 -0700
Subject: [PATCH 19/24] Perhaps the problem is the onChange

---
 frontend/src/modals/StreamModal.tsx | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/frontend/src/modals/StreamModal.tsx b/frontend/src/modals/StreamModal.tsx
index 29cd1e21a4..aea2a8e80c 100644
--- a/frontend/src/modals/StreamModal.tsx
+++ b/frontend/src/modals/StreamModal.tsx
@@ -294,12 +294,6 @@ const StreamModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																					type="checkbox"
 																					name={field.name}
 																					checked={field.value}
-																					onChange={(e: any) => {
-																						setFieldValue(
-																							field.name,
-																							e.target.checked,
-																						);
-																					}}
 																				/>
 																			</label>
 																		)}

From e72796199b5abb7085f5b3a7745604abd33b39f5 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Wed, 29 Apr 2026 00:32:29 -0700
Subject: [PATCH 20/24] Revert "Perhaps the problem is the onChange"

This reverts commit 548f3bd45f278a03593fb16696190860fd0bf53a.
---
 frontend/src/modals/StreamModal.tsx | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/frontend/src/modals/StreamModal.tsx b/frontend/src/modals/StreamModal.tsx
index aea2a8e80c..29cd1e21a4 100644
--- a/frontend/src/modals/StreamModal.tsx
+++ b/frontend/src/modals/StreamModal.tsx
@@ -294,6 +294,12 @@ const StreamModal = EasyModal.create(({ id, visible, remove }: Props) => {
 																					type="checkbox"
 																					name={field.name}
 																					checked={field.value}
+																					onChange={(e: any) => {
+																						setFieldValue(
+																							field.name,
+																							e.target.checked,
+																						);
+																					}}
 																				/>
 																			</label>
 																		)}

From 1a5f39a221a6161e8a421ca1e317fd192a3e068f Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Wed, 29 Apr 2026 00:32:37 -0700
Subject: [PATCH 21/24] Put back the expects

---
 test/cypress/e2e/api/Streams.cy.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/cypress/e2e/api/Streams.cy.js b/test/cypress/e2e/api/Streams.cy.js
index ce536ecc86..1cdac94942 100644
--- a/test/cypress/e2e/api/Streams.cy.js
+++ b/test/cypress/e2e/api/Streams.cy.js
@@ -55,7 +55,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', false);
-			// expect(data).to.have.property('enable_proxy_protocol', false);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -85,7 +85,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', false);
 			expect(data).to.have.property('udp_forwarding', true);
-			// expect(data).to.have.property('enable_proxy_protocol', false);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 		});
 	});
 
@@ -110,7 +110,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('enabled', true);
 			expect(data).to.have.property('tcp_forwarding', true);
 			expect(data).to.have.property('udp_forwarding', true);
-			// expect(data).to.have.property('enable_proxy_protocol', false);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
 				expect(result.exitCode).to.eq(0);
@@ -170,7 +170,7 @@ describe('Streams', () => {
 					expect(data).to.have.property('tcp_forwarding', true);
 					expect(data).to.have.property('udp_forwarding', false);
 					expect(data).to.have.property('certificate_id', certID);
-					// expect(data).to.have.property('enable_proxy_protocol', false);
+					expect(data).to.have.property('enable_proxy_protocol', false);
 
 					// Check the ssl termination
 					cy.task('log', '[testssl.sh] Running ...');

From efca9a8d80337139668422d2cf284f57fefb4f2c Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Wed, 29 Apr 2026 00:47:55 -0700
Subject: [PATCH 22/24] Let's also add a check to ProxyHosts tests to see if it
 passes

---
 test/cypress/e2e/api/ProxyHosts.cy.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/cypress/e2e/api/ProxyHosts.cy.js b/test/cypress/e2e/api/ProxyHosts.cy.js
index f86fd42ed8..03778b5fb2 100644
--- a/test/cypress/e2e/api/ProxyHosts.cy.js
+++ b/test/cypress/e2e/api/ProxyHosts.cy.js
@@ -41,6 +41,7 @@ describe('Proxy Hosts endpoints', () => {
 			expect(data.id).to.be.greaterThan(0);
 			expect(data).to.have.property('enabled');
 			expect(data).to.have.property('enabled', true);
+			expect(data).to.have.property('enable_proxy_protocol', false);
 			expect(data).to.have.property('meta');
 			expect(typeof data.meta.nginx_online).to.be.equal('undefined');
 		});

From a9e57299f705f930ca558e46ea4eac619ed9f038 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Wed, 29 Apr 2026 00:54:47 -0700
Subject: [PATCH 23/24] Aha! The magic boolean list didn't have
 enable_proxy_protocol

---
 backend/models/stream.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/backend/models/stream.js b/backend/models/stream.js
index 20a23a26f8..2df7ded047 100644
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@@ -7,7 +7,13 @@ import User from "./user.js";
 
 Model.knex(db());
 
-const boolFields = ["is_deleted", "enabled", "tcp_forwarding", "udp_forwarding"];
+const boolFields = [
+	"is_deleted",
+	"enabled",
+	"tcp_forwarding",
+	"udp_forwarding",
+	"enable_proxy_protocol"
+];
 
 class Stream extends Model {
 	$beforeInsert() {

From 4b58ca6d2c8ba4058ac82caccc914d1b888ab1c9 Mon Sep 17 00:00:00 2001
From: Julia V Rose <papercrane@reversefold.com>
Date: Wed, 29 Apr 2026 01:12:05 -0700
Subject: [PATCH 24/24] Fix the name of the property here

---
 backend/schema/paths/nginx/streams/streamID/get.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/schema/paths/nginx/streams/streamID/get.json b/backend/schema/paths/nginx/streams/streamID/get.json
index c2094f98a3..3732df44b3 100644
--- a/backend/schema/paths/nginx/streams/streamID/get.json
+++ b/backend/schema/paths/nginx/streams/streamID/get.json
@@ -42,7 +42,7 @@
 									"nginx_err": null
 								},
 								"enabled": true,
-								"enableProxyProtocol": false,
+								"enable_proxy_protocol": false,
 								"certificate_id": 0
 							}
 						}