diff --git a/README.md b/README.md
index 724dd5f..aa28a04 100644
--- a/README.md
+++ b/README.md
@@ -1,49 +1,47 @@
-Kanboard for Yunohost
-=====================
+# Kanboard for Yunohost
 
+[![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard)  
+[![Install Kanboard with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=kanboard)
+
+> *This package allow you to install Kanboard quickly and simply on a YunoHost server.  
+If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
+
+## Overview
 Kanboard is a simple visual task board web application.
-Official website: <http://kanboard.net>
 
-Requirements
-------------
+**Shipped version:** 1.2.8
 
-Functionnal instance of [Yunohost](https://yunohost.org/#/)
+## Screenshots
 
-Installation
-------------
+![](https://kanboard.org/assets/img/board.png)
 
-From yunohost admin panel:
+## Demo
 
-1. Use yunohost admin panel and enter the repository url
-![2015-02-19 16_58_52-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270409/1597e646-b85a-11e4-97af-b3b5b2a6b286.png)
-2. Configure the app
-![2015-02-19 16_59_28-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270411/19f9a54e-b85a-11e4-83da-eb813c0457f7.png)
-3. Click install
+* [YunoHost demo](https://demo.yunohost.org/dokuwiki/)
 
-From command line:
+## Configuration
 
-`sudo yunohost app install -l kanboard https://github.com/YunoHost-Apps/kanboard_ynh`
+## Documentation
 
+ * Official documentation: https://docs.kanboard.org/en/latest/
+ * YunoHost documentation: If specific documentation is needed, feel free to contribute.
 
-Upgrade
--------
-From command line:
+## YunoHost specific features
 
-`sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/kanboard_ynh kanboard`
+#### Multi-users support
 
-Infos
------
-Kanboard v1.2.0
+#### Supported architectures
 
-Yunohost forum thread:  <https://forum.yunohost.org/t/kanboard-package/78>
+* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/)
+* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/kanboard%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/kanboard/)
 
-Kanboard and SSOwat
--------------------
-Kanboard use SSOwat for user authentification (it means it use the user that the web server (nginx) sent him throught SSOwat), but can't list all user of the system.
-If you wish to add a user, just log in with that user into Kanboard so the software knows him and displays it.
+## Limitations
+
+## Additional information
+
+### How to connect as external (non-SSOwat) users
 
-How to connect as external (non-SSOwat) users
--------------------
 You have to edit this file `/var/www/kanboard/config.php`, find the line `define('REVERSE_PROXY_AUTH', true);` and change it from `true` to `false`.
 **Warning** this disables the possibility to connect with SSOwat users. You will *only* be able to connect with Kanboard users created inside of Kanboard.
 Then you can connect.
@@ -52,27 +50,23 @@ Then you can connect.
 
 This is due to a Kanboard limitation.
 
-Developer infos
+## Links
+
+ * Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues
+ * Kanboard website: http://kanboard.ne
+ * YunoHost website: https://yunohost.org/
+
+---
+
+Developers info
 ----------------
 
-Please do your pull request to the dev branch.
-
-Update package version in `scripts/_common.sh`
-
-Then do a manual diff between `conf/config.php` and `config.default.php` [from upstream Kanboard project](https://github.com/kanboard/kanboard/blob/master/config.default.php) to see if there are new config options
-
-Update readme with the new version
-
-Test it
-
-Test or upgrade to dev version:
+**Only if you want to use a testing branch for coding, instead of merging directly into master.**
+Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing).
 
+To try the testing branch, please proceed like that.
 ```
-su - admin
-git clone -b dev https://github.com/YunoHost-Apps/kanboard_ynh
-# to install
-sudo yunohost app install -l Kanboard /home/admin/kanboard_ynh
-# to upgrade
-sudo yunohost app upgrade -f /home/admin/kanboard_ynh kanboard
-
+sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug
+or
+sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug
 ```
diff --git a/check_process b/check_process
index 5e6b4fb..7527ae6 100644
--- a/check_process
+++ b/check_process
@@ -1,5 +1,4 @@
 ;; Test complet
-	auto_remove=1
 	; Manifest
 		domain="domain.tld"	(DOMAIN)
 		path="/path"	(PATH)
@@ -16,13 +15,9 @@
 		upgrade=1	from_commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e
 		backup_restore=1
 		multi_instance=1
-		wrong_user=1
-		wrong_path=1
 		incorrect_path=1
-		corrupt_source=0
-		fail_download_source=0
 		port_already_use=0
-		final_path_already_use=0
+		change_url=0
 ;;; Levels
 	Level 1=auto
 	Level 2=auto
diff --git a/conf/app.src b/conf/app.src
index 4649788..38883fd 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,4 +1,6 @@
-SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.3.tar.gz
-SOURCE_SUM=e0b013df560bf5f60a6f43bf5499e90ca6e793808e5e0fb48e86ef31a234d062
+SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz
+SOURCE_SUM=70fe5c2202f3ee98687ef6d898a88676dd1ce47b8234950901a9ac2b3d31a328
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
diff --git a/conf/config.php b/conf/config.php
index 5269a5a..6b8b1e2 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -34,7 +34,7 @@ define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
 define('MAIL_CONFIGURATION', true);
 
 // E-mail address for the "From" header (notifications)
-define('MAIL_FROM', 'yuno_email');
+define('MAIL_FROM', '__EMAIL__');
 
 // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
 define('MAIL_TRANSPORT', 'mail');
@@ -58,16 +58,16 @@ define('DB_RUN_MIGRATIONS', false);
 define('DB_DRIVER', 'mysql');
 
 // Mysql/Postgres username
-define('DB_USERNAME', 'yuno_dbuser');
+define('DB_USERNAME', '__DB_NAME__');
 
 // Mysql/Postgres password
-define('DB_PASSWORD', 'yuno_dbpdw');
+define('DB_PASSWORD', '__DB_PWD__');
 
 // Mysql/Postgres hostname
 define('DB_HOSTNAME', 'localhost');
 
 // Mysql/Postgres database name
-define('DB_NAME', 'yuno_dbuser');
+define('DB_NAME', '__DB_NAME__');
 
 // Mysql/Postgres custom port (null = default port)
 define('DB_PORT', null);
@@ -180,10 +180,10 @@ define('REVERSE_PROXY_AUTH', true);
 define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
 
 // Username of the admin, by default blank
-define('REVERSE_PROXY_DEFAULT_ADMIN', 'yuno_admin');
+define('REVERSE_PROXY_DEFAULT_ADMIN', '__USER__');
 
 // Default domain to use for setting the email address
-define('REVERSE_PROXY_DEFAULT_DOMAIN', 'yuno_domain');
+define('REVERSE_PROXY_DEFAULT_DOMAIN', '__DOMAIN__');
 
 // Enable/disable remember me authentication
 define('REMEMBER_ME_AUTH', false);
diff --git a/conf/nginx.conf b/conf/nginx.conf
index c11efaa..1048a82 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,9 +1,14 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
+
+	# Path to source
 	alias __FINALPATH__/;
+
+	# Force usage of https
 	if ($scheme = http) {
 		rewrite ^ https://$server_name$request_uri? permanent;
 	}
+
 	index index.php;
 	client_max_body_size 50M;
 	try_files $uri $uri/ /index.php?$args;
@@ -13,7 +18,7 @@ location __PATH__/ {
 
 	location ~ [^/]\.php(/|$) {
 		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-		fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
+		fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param REMOTE_USER $remote_user;
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
index 2a80b9b..3188f72 100644
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@@ -1,70 +1,433 @@
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
 [__NAMETOCHANGE__]
-; The address on which to accept FastCGI requests.
-listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
 
-; Set permissions for unix socket, if one is used.
-listen.owner = www-data
-listen.group = www-data
-listen.mode = 0600
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
 
-; Unix user/group of processes.
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+;       will be used.
 user = __USER__
 group = __USER__
 
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0660
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool processes will inherit the master process priority
+;         unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
 ; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+; Note: This value is mandatory.
 pm = dynamic
 
 ; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes to be created when pm is set to 'dynamic'.
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
 pm.max_children = 6
 
 ; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
 pm.start_servers = 3
 
 ; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
 pm.min_spare_servers = 3
 
 ; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
 pm.max_spare_servers = 5
 
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
 ; The number of requests each child process should execute before respawning.
-pm.max_requests = 500
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
 
 ; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page.
-pm.status_path = /fpm-status
+; recognized as a status page. It shows the following informations:
+;   pool                 - the name of the pool;
+;   process manager      - static, dynamic or ondemand;
+;   start time           - the date and time FPM has started;
+;   start since          - number of seconds since FPM has started;
+;   accepted conn        - the number of request accepted by the pool;
+;   listen queue         - the number of request in the queue of pending
+;                          connections (see backlog in listen(2));
+;   max listen queue     - the maximum number of requests in the queue
+;                          of pending connections since FPM has started;
+;   listen queue len     - the size of the socket queue of pending connections;
+;   idle processes       - the number of idle processes;
+;   active processes     - the number of active processes;
+;   total processes      - the number of idle + active processes;
+;   max active processes - the maximum number of active processes since FPM
+;                          has started;
+;   max children reached - number of times, the process limit has been reached,
+;                          when pm tries to start more children (works only for
+;                          pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+;   pool:                 www
+;   process manager:      static
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          62636
+;   accepted conn:        190460
+;   listen queue:         0
+;   max listen queue:     1
+;   listen queue len:     42
+;   idle processes:       4
+;   active processes:     11
+;   total processes:      15
+;   max active processes: 12
+;   max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+;   http://www.foo.bar/status
+;   http://www.foo.bar/status?json
+;   http://www.foo.bar/status?html
+;   http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+;   http://www.foo.bar/status?full
+;   http://www.foo.bar/status?json&full
+;   http://www.foo.bar/status?html&full
+;   http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+;   pid                  - the PID of the process;
+;   state                - the state of the process (Idle, Running, ...);
+;   start time           - the date and time the process has started;
+;   start since          - the number of seconds since the process has started;
+;   requests             - the number of requests the process has served;
+;   request duration     - the duration in µs of the requests;
+;   request method       - the request method (GET, POST, ...);
+;   request URI          - the request URI with the query string;
+;   content length       - the content length of the request (only with POST);
+;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
+;   script               - the main script called (or '-' if not set);
+;   last request cpu     - the %cpu the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because CPU calculation is done when the request
+;                          processing has terminated;
+;   last request memory  - the max amount of memory the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because memory calculation is done when the request
+;                          processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+;   ************************
+;   pid:                  31330
+;   state:                Running
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          63087
+;   requests:             12808
+;   request duration:     1250261
+;   request method:       GET
+;   request URI:          /test_mem.php?N=10000
+;   content length:       0
+;   user:                 -
+;   script:               /home/fat/web/docs/php/test_mem.php
+;   last request cpu:     0.00
+;   last request memory:  0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+;       It's available in: /usr/share/php/7.0/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
 
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page.
-ping.path = /ping
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
 
-; The timeout for serving a single request after which the worker process will
-; be killed.
-request_terminate_timeout = 1d
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+;  %%: the '%' character
+;  %C: %CPU used by the request
+;      it can accept the following format:
+;      - %{user}C for user CPU only
+;      - %{system}C for system CPU only
+;      - %{total}C  for user + system CPU (default)
+;  %d: time taken to serve the request
+;      it can accept the following format:
+;      - %{seconds}d (default)
+;      - %{miliseconds}d
+;      - %{mili}d
+;      - %{microseconds}d
+;      - %{micro}d
+;  %e: an environment variable (same as $_ENV or $_SERVER)
+;      it must be associated with embraces to specify the name of the env
+;      variable. Some exemples:
+;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+;  %f: script filename
+;  %l: content-length of the request (for POST request only)
+;  %m: request method
+;  %M: peak of memory allocated by PHP
+;      it can accept the following format:
+;      - %{bytes}M (default)
+;      - %{kilobytes}M
+;      - %{kilo}M
+;      - %{megabytes}M
+;      - %{mega}M
+;  %n: pool name
+;  %o: output header
+;      it must be associated with embraces to specify the name of the header:
+;      - %{Content-Type}o
+;      - %{X-Powered-By}o
+;      - %{Transfert-Encoding}o
+;      - ....
+;  %p: PID of the child that serviced the request
+;  %P: PID of the parent of the child that serviced the request
+;  %q: the query string
+;  %Q: the '?' character if query string exists
+;  %r: the request URI (without the query string, see %q and %Q)
+;  %R: remote IP address
+;  %s: status (response code)
+;  %t: server time the request was received
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %T: time the log has been written (the request has finished)
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
 
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-request_slowlog_timeout = 5s
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
 
-; The log file for slow requests.
-slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+request_terminate_timeout = 1d
 
 ; Set open file descriptor rlimit.
-rlimit_files = 4096
+; Default Value: system defined value
+;rlimit_files = 1024
 
 ; Set max core size rlimit.
-rlimit_core = 0
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+;       possible. However, all PHP paths will be relative to the chroot
+;       (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
 
 ; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
 chdir = __FINALPATH__
 
-; Redirect worker stdout and stderr into main error log.
-catch_workers_output = yes
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
 
-; Do not clear environment in FPM workers.
-clear_env = no
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
 
-; Additional php.ini defines, specific to this pool of workers.
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+;                specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
+
+; Common values to change to increase file upload limit
+; php_admin_value[upload_max_filesize] = 50M
+; php_admin_value[post_max_size] = 50M
+; php_admin_flag[mail.add_x_header] = Off
+
+; Other common parameters
+; php_admin_value[max_execution_time] = 600
+; php_admin_value[max_input_time] = 300
+; php_admin_value[memory_limit] = 256M
+; php_admin_flag[short_open_tag] = On
 php_value[upload_max_filesize] = 10G
 php_value[post_max_size] = 10G
 php_value[default_charset] = UTF-8
diff --git a/manifest.json b/manifest.json
index 668a6d4..ff5072f 100644
--- a/manifest.json
+++ b/manifest.json
@@ -5,60 +5,64 @@
   "description": {
     "en": "Kanboard is a simple visual task board web application"
   },
-  "version": "1.2.3~ynh1",
+  "version": "1.2.8~ynh2",
   "url": "https://kanboard.net/",
   "license": "AGPL-3.0",
-  "requirements": {
-		"yunohost": ">= 2.7.0"
-  },
   "maintainer": {
-    "name": "jibec",
-    "email": "jean-baptiste@holcroft.fr"
+    "name": "YunoHost Contributors",
+    "email": "apps@yunohost.org"
+  },
+  "requirements": {
+    "yunohost": ">= 3.2.0"
   },
   "previous_maintainers": [{
     "name": "mbugeia",
     "email": "maxime@max.privy.place"
+  },
+  {
+    "name": "jibec",
+    "email": "jean-baptiste@holcroft.fr"
   }],
   "multi_instance": true,
   "services": [
     "nginx",
-    "php5-fpm",
+    "php7.0-fpm",
     "mysql"
   ],
   "arguments": {
     "install": [
       {
         "name": "domain",
+        "type": "domain",
         "ask": {
           "en": "Choose a domain for Kanboard"
         },
-        "example": "domain.org",
-        "type": "domain"
+        "example": "domain.org"
       },
       {
         "name": "path",
+        "type": "path",
         "ask": {
           "en": "Choose a path for Kanboard"
         },
-        "type": "path",
         "example": "/kanboard",
         "default": "/kanboard"
       },
       {
         "name": "admin",
+        "type": "user",
         "ask": {
           "en": "Choose the admin user for Kanboard"
         },
-        "type": "user",
         "example": "johndoe"
       },
       {
         "name": "is_public",
+        "type": "boolean",
         "ask": {
           "en": "Is it a public site ?"
         },
-        "type": "boolean",
-        "default": "0"
+        "default": false
       }
     ]
   }
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 4169852..fd87c47 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,10 +1,157 @@
 #!/bin/bash
-#
-# Common variables
-#
 
-if [ "$(lsb_release --codename --short)" == "jessie" ]; then
-	pkg_dependencies="php5-gd"
-else
-	pkg_dependencies="php-gd php-zip php-dom php-mbstring"
-fi
+#=================================================
+# COMMON VARIABLES
+#=================================================
+
+pkg_dependencies="php-gd php-zip php-dom php-mbstring"
+
+#=================================================
+# FUTURE OFFICIAL HELPERS
+#=================================================
+
+# Create a dedicated fail2ban config (jail and filter conf files)
+#
+# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
+# | arg: -l, --logpath=   - Log file to be checked by fail2ban
+# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
+# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
+# | arg: -p, --ports=     - Ports blocked for a banned IP address - default: http,https
+#
+# -----------------------------------------------------------------------------
+#
+# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
+# | arg: -t, --use_template - Use this helper in template mode
+# | arg: -v, --others_var=  - List of others variables to replace separeted by a space
+# |                           for example : 'var_1 var_2 ...'
+#
+# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
+#   __APP__      by  $app
+#
+#  You can dynamically replace others variables by example :
+#   __VAR_1__    by $var_1
+#   __VAR_2__    by $var_2
+#
+# Generally your template will look like that by example (for synapse):
+#
+# f2b_jail.conf:
+#     [__APP__]
+#     enabled = true
+#     port = http,https
+#     filter = __APP__
+#     logpath = /var/log/__APP__/logfile.log
+#     maxretry = 3
+#
+# f2b_filter.conf:
+#     [INCLUDES]
+#     before = common.conf
+#     [Definition]
+#
+#     # Part of regex definition (just used to make more easy to make the global regex)
+#     __synapse_start_line = .? \- synapse\..+ \-
+#
+#    # Regex definition.
+#    failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
+#
+#     ignoreregex =
+#
+# -----------------------------------------------------------------------------
+#
+# Note about the "failregex" option:
+#          regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+#
+#          You can find some more explainations about how to make a regex here :
+#          https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
+#
+# Note that the logfile need to exist before to call this helper !!
+#
+# To validate your regex you can test with this command:
+# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
+#
+ynh_add_fail2ban_config () {
+  # Declare an array to define the options of this helper.
+  declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
+  local logpath
+  local failregex
+  local max_retry
+  local ports
+  local others_var
+  local use_template
+  # Manage arguments with getopts
+  ynh_handle_getopts_args "$@"
+  use_template="${use_template:-0}"
+  max_retry=${max_retry:-3}
+  ports=${ports:-http,https}
+
+  finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
+  finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
+  ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
+  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
+
+  if [ $use_template -eq 1 ]
+  then
+    # Usage 2, templates
+    cp ../conf/f2b_jail.conf $finalfail2banjailconf
+    cp ../conf/f2b_filter.conf $finalfail2banfilterconf
+
+    if [ -n "${app:-}" ]
+    then
+      ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
+      ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
+    fi
+
+    # Replace all other variable given as arguments
+    for var_to_replace in ${others_var:-}; do
+      # ${var_to_replace^^} make the content of the variable on upper-cases
+      # ${!var_to_replace} get the content of the variable named $var_to_replace
+      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
+      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
+    done
+
+  else
+    # Usage 1, no template. Build a config file from scratch.
+    test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
+    test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
+
+    tee $finalfail2banjailconf <<EOF
+[$app]
+enabled = true
+port = $ports
+filter = $app
+logpath = $logpath
+maxretry = $max_retry
+EOF
+
+    tee $finalfail2banfilterconf <<EOF
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = $failregex
+ignoreregex =
+EOF
+  fi
+
+  # Common to usage 1 and 2.
+  ynh_store_file_checksum "$finalfail2banjailconf"
+  ynh_store_file_checksum "$finalfail2banfilterconf"
+
+  systemctl try-reload-or-restart fail2ban
+
+  local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
+  if [[ -n "$fail2ban_error" ]]; then
+    ynh_print_err "Fail2ban failed to load the jail for $app"
+    ynh_print_warn "${fail2ban_error#*WARNING}"
+  fi
+}
+
+# Remove the dedicated fail2ban config (jail and filter conf files)
+#
+# usage: ynh_remove_fail2ban_config
+ynh_remove_fail2ban_config () {
+  ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
+  ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
+  systemctl try-reload-or-restart fail2ban
+}
diff --git a/scripts/_getopts_fix.sh b/scripts/_getopts_fix.sh
new file mode 100644
index 0000000..25a71be
--- /dev/null
+++ b/scripts/_getopts_fix.sh
@@ -0,0 +1,213 @@
+#!/bin/bash
+
+#=================================================
+# FIX OF YNH_HANDLE_GETOPTS_ARGS FROM UNSTABLE
+#=================================================
+
+# Internal helper design to allow helpers to use getopts to manage their arguments
+#
+# [internal]
+#
+# example: function my_helper()
+# {
+#     declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
+#     local arg1
+#     local arg2
+#     local arg3
+#     ynh_handle_getopts_args "$@"
+#
+#     [...]
+# }
+# my_helper --arg1 "val1" -b val2 -c
+#
+# usage: ynh_handle_getopts_args "$@"
+# | arg: $@    - Simply "$@" to tranfert all the positionnal arguments to the function
+#
+# This helper need an array, named "args_array" with all the arguments used by the helper
+# 	that want to use ynh_handle_getopts_args
+# Be carreful, this array has to be an associative array, as the following example:
+# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
+# Let's explain this array:
+# a, b and c are short options, -a, -b and -c
+# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
+# For each option, a short and long version has to be defined.
+# Let's see something more significant
+# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
+#
+# NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
+#
+# Please keep in mind that the long option will be used as a variable to store the values for this option.
+# For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
+#
+# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
+# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
+# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
+# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
+#
+# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
+# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
+# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
+ynh_handle_getopts_args () {
+	# Manage arguments only if there's some provided
+	set +x
+	if [ $# -ne 0 ]
+	then
+		# Store arguments in an array to keep each argument separated
+		local arguments=("$@")
+
+		# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
+		# And built parameters string for getopts
+		# ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
+		local getopts_parameters=""
+		local option_flag=""
+		for option_flag in "${!args_array[@]}"
+		do
+			# Concatenate each option_flags of the array to build the string of arguments for getopts
+			# Will looks like 'abcd' for -a -b -c -d
+			# If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
+			# Check the last character of the value associate to the option_flag
+			if [ "${args_array[$option_flag]: -1}" = "=" ]
+			then
+				# For an option with additionnal values, add a ':' after the letter for getopts.
+				getopts_parameters="${getopts_parameters}${option_flag}:"
+			else
+				getopts_parameters="${getopts_parameters}${option_flag}"
+			fi
+			# Check each argument given to the function
+			local arg=""
+			# ${#arguments[@]} is the size of the array
+			for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
+			do
+				# And replace long option (value of the option_flag) by the short option, the option_flag itself
+				# (e.g. for [u]=user, --user will be -u)
+				# Replace long option with =
+				arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }"
+				# And long option without =
+				arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}"
+			done
+		done
+
+		# Read and parse all the arguments
+		# Use a function here, to use standart arguments $@ and be able to use shift.
+		parse_arg () {
+			# Read all arguments, until no arguments are left
+			while [ $# -ne 0 ]
+			do
+				# Initialize the index of getopts
+				OPTIND=1
+				# Parse with getopts only if the argument begin by -, that means the argument is an option
+				# getopts will fill $parameter with the letter of the option it has read.
+				local parameter=""
+				getopts ":$getopts_parameters" parameter || true
+
+				if [ "$parameter" = "?" ]
+				then
+					ynh_die --message="Invalid argument: -${OPTARG:-}"
+				elif [ "$parameter" = ":" ]
+				then
+					ynh_die --message="-$OPTARG parameter requires an argument."
+				else
+					local shift_value=1
+					# Use the long option, corresponding to the short option read by getopts, as a variable
+					# (e.g. for [u]=user, 'user' will be used as a variable)
+					# Also, remove '=' at the end of the long option
+					# The variable name will be stored in 'option_var'
+					local option_var="${args_array[$parameter]%=}"
+					# If this option doesn't take values
+					# if there's a '=' at the end of the long option name, this option takes values
+					if [ "${args_array[$parameter]: -1}" != "=" ]
+					then
+						# 'eval ${option_var}' will use the content of 'option_var'
+						eval ${option_var}=1
+					else
+						# Read all other arguments to find multiple value for this option.
+						# Load args in a array
+						local all_args=("$@")
+
+						# If the first argument is longer than 2 characters,
+						# There's a value attached to the option, in the same array cell
+						if [ ${#all_args[0]} -gt 2 ]; then
+							# Remove the option and the space, so keep only the value itself.
+							all_args[0]="${all_args[0]#-${parameter} }"
+							# Reduce the value of shift, because the option has been removed manually
+							shift_value=$(( shift_value - 1 ))
+						fi
+
+						# Declare the content of option_var as a variable.
+						eval ${option_var}=""
+						# Then read the array value per value
+						local i
+						for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
+						do
+							# If this argument is an option, end here.
+							if [ "${all_args[$i]:0:1}" == "-" ]
+							then
+								# Ignore the first value of the array, which is the option itself
+								if [ "$i" -ne 0 ]; then
+									break
+								fi
+							else
+								# Else, add this value to this option
+								# Each value will be separated by ';'
+								if [ -n "${!option_var}" ]
+								then
+									# If there's already another value for this option, add a ; before adding the new value
+									eval ${option_var}+="\;"
+								fi
+								# Escape double quote to prevent any interpretation during the eval
+								all_args[$i]="${all_args[$i]//\"/\\\"}"
+
+								eval ${option_var}+=\"${all_args[$i]}\"
+								shift_value=$(( shift_value + 1 ))
+							fi
+						done
+					fi
+				fi
+
+				# Shift the parameter and its argument(s)
+				shift $shift_value
+			done
+		}
+
+		# LEGACY MODE
+		# Check if there's getopts arguments
+		if [ "${arguments[0]:0:1}" != "-" ]
+		then
+			# If not, enter in legacy mode and manage the arguments as positionnal ones..
+			# Dot not echo, to prevent to go through a helper output. But print only in the log.
+			set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
+			local i
+			for i in `seq 0 $(( ${#arguments[@]} -1 ))`
+			do
+				# Try to use legacy_args as a list of option_flag of the array args_array
+				# Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
+				# Remove all ':' in getopts_parameters
+				getopts_parameters=${legacy_args:-${getopts_parameters//:}}
+				# Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
+				option_flag=${getopts_parameters:$i:1}
+				if [ -z "$option_flag" ]; then
+						ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
+						continue
+				fi
+				# Use the long option, corresponding to the option_flag, as a variable
+				# (e.g. for [u]=user, 'user' will be used as a variable)
+				# Also, remove '=' at the end of the long option
+				# The variable name will be stored in 'option_var'
+				local option_var="${args_array[$option_flag]%=}"
+
+				# Escape double quote to prevent any interpretation during the eval
+				arguments[$i]="${arguments[$i]//\"/\\\"}"
+
+				# Store each value given as argument in the corresponding variable
+				# The values will be stored in the same order than $args_array
+				eval ${option_var}+=\"${arguments[$i]}\"
+			done
+			unset legacy_args
+		else
+			# END LEGACY MODE
+			# Call parse_arg and pass the modified list of args as an array of arguments.
+			parse_arg "${arguments[@]}"
+		fi
+	fi
+	set -x
+}
diff --git a/scripts/backup b/scripts/backup
index 4ff3af0..a66a284 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -6,12 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-if [ ! -e _common.sh ]; then
-	# Get the _common.sh file if it's not in the current directory
-	cp ../settings/scripts/_common.sh ./_common.sh
-	chmod a+rx _common.sh
-fi
-source _common.sh
+source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -24,39 +19,54 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
+ynh_print_info "Loading installation settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
-# Set app specific variables
-dbname=$app
-
-# Retrieve app settings
-domain=$(ynh_app_setting_get "$app" domain)
-final_path=$(ynh_app_setting_get "$app" final_path)
+domain=$(ynh_app_setting_get $app domain)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)
 
 #=================================================
 # STANDARD BACKUP STEPS
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================
+ynh_print_info "Backing up the main app directory..."
 
-# Copy the app source files
 ynh_backup "$final_path"
 
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
+ynh_print_info "Backing up nginx web server configuration..."
 
-ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # BACKUP THE PHP-FPM CONFIGURATION
 #=================================================
+ynh_print_info "Backing up php-fpm configuration..."
 
-ynh_backup "/etc/php5/fpm/pool.d/${app}.conf"
+ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
+
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+ynh_print_info "Backing up fail2ban configuration..."
+
+ynh_backup "/etc/fail2ban/jail.d/$app.conf"
+ynh_backup "/etc/fail2ban/filter.d/$app.conf"
 
 #=================================================
 # BACKUP THE MYSQL DATABASE
 #=================================================
+ynh_print_info "Backing up the MySQL database..."
 
-ynh_mysql_dump_db "$dbname" > ./db.sql
+ynh_mysql_dump_db "$db_name" > db.sql
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
diff --git a/scripts/install b/scripts/install
index c6be758..a0de8a5 100644
--- a/scripts/install
+++ b/scripts/install
@@ -8,6 +8,9 @@
 
 source _common.sh
 source /usr/share/yunohost/helpers
+# Overload the helper ynh_handle_getopts_args to have fixes from unstable.
+# Needed for ynh_add_fail2ban_config
+source _getopts_fix.sh
 
 #=================================================
 # MANAGE SCRIPT FAILURE
@@ -20,7 +23,6 @@ ynh_abort_if_errors
 # RETRIEVE ARGUMENTS FROM THE MANIFEST
 #=================================================
 
-# Retrieve arguments
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
@@ -31,104 +33,107 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
+ynh_print_info "Validating installation parameters..."
 
 # Check destination directory
-final_path="/var/www/$app"
+final_path=/var/www/$app
 test ! -e "$final_path" || ynh_die "This path already contains a folder"
 
 # Normalize the url path syntax
 path_url=$(ynh_normalize_url_path "$path_url")
 
-# Check web path availability
-ynh_webpath_available "$domain" "$path_url"
 # Register (book) web path
 ynh_webpath_register "$app" "$domain" "$path_url"
 
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
+ynh_print_info "Storing installation settings..."
 
-ynh_app_setting_set "$app" domain "$domain"
-ynh_app_setting_set "$app" final_path "$final_path"
-ynh_app_setting_set "$app" adminusername "$admin"
-ynh_app_setting_set "$app" is_public "$is_public"
-
+ynh_app_setting_set $app domain $domain
+ynh_app_setting_set $app final_path $final_path
+ynh_app_setting_set $app adminusername $admin
+ynh_app_setting_set $app is_public $is_public
 
 #=================================================
 # STANDARD MODIFICATIONS
-#=================================================
-
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
+ynh_print_info "Installing dependencies..."
 
 ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # CREATE A MYSQL DATABASE
 #================================================
+ynh_print_info "Creating a MySQL database..."
 
-# Generate random password
-dbpass=$(ynh_string_random)
-dbname=$app
-dbuser=$app
-
-# Initialize database and store mysql password for upgrade
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
-ynh_app_setting_set "$app" mysqlpwd "$dbpass"
+db_name=$(ynh_sanitize_dbid $app)
+ynh_app_setting_set $app db_name $db_name
+ynh_mysql_setup_db $db_name $db_name
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
+ynh_print_info "Setting up source files..."
 
+ynh_app_setting_set $app final_path $final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source "$final_path"
-mkdir -p "$final_path"/sessions/
+
+mkdir -p $final_path/sessions/
 
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
+ynh_print_info "Configuring nginx web server..."
 
+# Create a dedicated nginx config
 ynh_add_nginx_config
 
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
+ynh_print_info "Configuring system user..."
 
 # Create a system user
-ynh_system_user_create "$app"
+ynh_system_user_create $app
 
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
+ynh_print_info "Configuring php-fpm..."
 
+# Create a dedicated php-fpm config
 ynh_add_fpm_config
 
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-# Create config.php
+# CREATE CONFIG.PHP
 #=================================================
+ynh_print_info "Configuring kanboard..."
 
 # Retrieve admin email
-email=$(ynh_user_get_info "$admin" mail)
+email=$(ynh_user_get_info $admin mail)
 
 # Copy and edit config.php
 config_php="${final_path}/config.php"
 
 cp ../conf/config.php "$config_php"
-ynh_replace_string "yuno_dbpdw"  "$dbpass" "$config_php"
-ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php"
-ynh_replace_string "yuno_admin"  "$admin"  "$config_php"
-ynh_replace_string "yuno_email"  "$email"  "$config_php"
-ynh_replace_string "yuno_domain" "$domain" "$config_php"
+ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php"
+ynh_replace_string "__DB_NAME__" $db_name "$config_php"
+ynh_replace_string "__USER__"    $admin   "$config_php"
+ynh_replace_string "__EMAIL__"   $email   "$config_php"
+ynh_replace_string "__DOMAIN__"  $domain  "$config_php"
 
 #=================================================
-# Database initialization
+# DATABASE INITIALIZATION
 #=================================================
+ynh_print_info "Initializing database..."
 
-# Init database
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/Sql/mysql.sql"
+ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "${final_path}/app/Schema/Sql/mysql.sql"
 
 #=================================================
 # GENERIC FINALIZATION
@@ -136,42 +141,47 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/S
 # SECURE FILES AND DIRECTORIES
 #================================================
 
-# Set permissions to kanboard and data directory
-chown -R root:root "$final_path"
-chown -R "$app" "$final_path"/{data,plugins,sessions}
-chmod -R 700 "$final_path"/sessions
+# Set permissions to app files
+chown -R root: $final_path
+chown -R $app $final_path/{data,plugins,sessions}
+chmod -R 700 $final_path/sessions
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_print_info "Configuring fail2ban..."
+
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" --max_retry=5
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
-
-if [[ "$path_url" == "/" ]]
-then
-	# ynh panel is only comptable with non-root installation
-	ynh_replace_string "	include conf.d/"  "	#include conf.d/"  "$finalnginxconf"
-
-	ynh_store_file_checksum "$finalnginxconf"
-else
-	ynh_replace_string "^#sub_path_only"      ""   "$finalnginxconf"
-	ynh_store_file_checksum "$finalnginxconf"
-fi
+ynh_print_info "Configuring SSOwat..."
 
 # Make app public or private
-if [[ "$is_public" -eq 1 ]];
+if [ $is_public -eq 1 ]
 then
-	ynh_app_setting_set "$app" unprotected_uris "/"
+	ynh_app_setting_set $app unprotected_uris "/"
 	ynh_replace_string "define('LDAP_AUTH'.*$"        "define('LDAP_AUTH', true);"        "$config_php"
 	ynh_replace_string "define('HIDE_LOGIN_FORM'.*$"  "define('HIDE_LOGIN_FORM', false);" "$config_php"
 	ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php"
 	ynh_replace_string "define('DISABLE_LOGOUT'.*$"   "define('DISABLE_LOGOUT', false);"  "$config_php"
 else
-	ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php"
+	ynh_app_setting_set $app unprotected_uris "/jsonrpc.php"
 fi
 
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$config_php"
+
 #=================================================
-# RELOAD NGINX & PHP5-FPM
+# RELOAD NGINX
+#=================================================
+ynh_print_info "Reloading nginx web server..."
+
+systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
 #=================================================
 
-# Reload services
-service php5-fpm restart
-service nginx reload
+ynh_print_info "Installation of $app completed"
diff --git a/scripts/remove b/scripts/remove
index 06959c0..ed0ba16 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -12,18 +12,21 @@ source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
+ynh_print_info "Loading installation settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
-domain=$(ynh_app_setting_get "$app" domain)
-final_path=$(ynh_app_setting_get "$app" final_path)
-
-dbname=$app
-dbuser=$app
+domain=$(ynh_app_setting_get $app domain)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)
+final_path=$(ynh_app_setting_get $app final_path)
 
+#=================================================
+# STANDARD REMOVE
 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
+ynh_print_info "Removing dependencies"
 
 # Remove metapackage and its dependencies
 ynh_remove_app_dependencies
@@ -31,19 +34,23 @@ ynh_remove_app_dependencies
 #=================================================
 # REMOVE THE MYSQL DATABASE
 #=================================================
+ynh_print_info "Removing the MySQL database"
 
 # Remove a database if it exists, along with the associated user
-ynh_mysql_remove_db "$dbuser" "$dbname"
+ynh_mysql_remove_db $db_name $db_name
 
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
+ynh_print_info "Removing app main directory"
 
+# Remove the app directory securely
 ynh_secure_remove "$final_path"
 
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
+ynh_print_info "Removing nginx web server configuration"
 
 # Remove the dedicated nginx config
 ynh_remove_nginx_config
@@ -51,5 +58,30 @@ ynh_remove_nginx_config
 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
+ynh_print_info "Removing php-fpm configuration"
 
+# Remove the dedicated php-fpm config
 ynh_remove_fpm_config
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_print_info "Removing fail2ban configuration"
+
+ynh_remove_fail2ban_config
+
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+ynh_print_info "Removing the dedicated system user"
+
+# Delete a system user
+ynh_system_user_delete $app
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Removal of $app completed"
diff --git a/scripts/restore b/scripts/restore
index b37c685..c4b1f73 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -6,12 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-if [ ! -e _common.sh ]; then
-	# Get the _common.sh file if it's not in the current directory
-	cp ../settings/scripts/_common.sh ./_common.sh
-	chmod a+rx _common.sh
-fi
-source _common.sh
+source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -21,88 +16,102 @@ source /usr/share/yunohost/helpers
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
-
 #=================================================
 # LOAD SETTINGS
 #=================================================
+ynh_print_info "Loading settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
-# Set app specific variables
-dbname=$app
-dbuser=$app
-
-# Retrieve old app settings
-domain=$(ynh_app_setting_get "$app" domain)
-path_url=$(ynh_app_setting_get "$app" path)
-dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
-final_path=$(ynh_app_setting_get "$app" final_path)
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
+ynh_print_info "Validating restoration parameters..."
 
 ynh_webpath_available $domain $path_url \
 	|| ynh_die "Path not available: ${domain}${path_url}"
-
 test ! -d $final_path \
-|| ynh_die "There is already a directory: $final_path "
+	|| ynh_die "There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
-#=================================================
-# REINSTALL DEPENDENCIES
-#=================================================
-
-# Define and install dependencies
-ynh_install_app_dependencies $pkg_dependencies
-
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
 
-ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
+ynh_print_info "Restoring the app main directory..."
 
-# Restore the app files
 ynh_restore_file "$final_path"
 
-#=================================================
-# RESTORE THE MYSQL DATABASE
-#=================================================
-
-ynh_mysql_setup_db "$dbuser" "$dbname" "$dbpass"
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
+ynh_print_info "Recreating the dedicated system user..."
 
 # Create the dedicated user (if not existing)
-ynh_system_user_create "$app"
+ynh_system_user_create $app
 
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
 
-chown -R root:root "$final_path"
-chown -R "$app" "$final_path"/{data,plugins,sessions}
-chmod -R 700 "$final_path"/sessions
+# Restore permissions to app files
+chown -R $app $final_path/{data,plugins,sessions}
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
 
-ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf"
+ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
+
+#=================================================
+# SPECIFIC RESTORATION
+#=================================================
+# REINSTALL DEPENDENCIES
+#=================================================
+ynh_print_info "Reinstalling dependencies..."
+
+ynh_install_app_dependencies $pkg_dependencies
+
+#=================================================
+# RESTORE THE MYSQL DATABASE
+#=================================================
+ynh_print_info "Restoring the MySQL database..."
+
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+ynh_mysql_setup_db $db_name $db_name $db_pwd
+ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
+
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
+systemctl restart fail2ban
 
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
+ynh_print_info "Reloading nginx web server and php-fpm..."
 
-service php5-fpm restart
-service nginx reload
+systemctl reload php7.0-fpm
+systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Restoration completed for $app"
diff --git a/scripts/upgrade b/scripts/upgrade
index 992d464..3ffd9a5 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -8,60 +8,54 @@
 
 source _common.sh
 source /usr/share/yunohost/helpers
+# Overload the helper ynh_handle_getopts_args to have fixes from unstable.
+# Needed for ynh_add_fail2ban_config
+source _getopts_fix.sh
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_print_info "Loading installation settings..."
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+admin=$(ynh_app_setting_get $app adminusername)
+is_public=$(ynh_app_setting_get $app is_public)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_print_info "Ensuring downward compatibility..."
+
+# Fix is_public as a boolean value
+if [ "$is_public" = "Yes" ]; then
+	ynh_app_setting_set $app is_public 1
+	is_public=1
+elif [ "$is_public" = "No" ]; then
+	ynh_app_setting_set $app is_public 0
+	is_public=0
+fi
+
+# If db_name doesn't exist, create it
+if [ -z $db_name ]; then
+	db_name=$(ynh_sanitize_dbid $app)
+	ynh_app_setting_set $app db_name $db_name
+fi
+
+# If final_path doesn't exist, create it
+if [ -z $final_path ]; then
+	final_path=/var/www/$app
+	ynh_app_setting_set $app final_path $final_path
+fi
 
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
-
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# RETRIEVE ARGUMENTS FROM THE MANIFEST
-#=================================================
-
-app=$YNH_APP_INSTANCE_NAME
-
-# Set app specific variables
-dbuser=$app
-
-# Retrieve settings
-domain=$(ynh_app_setting_get "$app" domain)
-path_url=$(ynh_app_setting_get "$app" path)
-admin=$(ynh_app_setting_get "$app" adminusername)
-email=$(ynh_user_get_info "$admin" mail)
-dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
-is_public=$(ynh_app_setting_get "$app"  is_public)
-final_path=$(ynh_app_setting_get "$app" final_path)
-
-if [[ -z "$is_public" ]]
-then	# Old version doesnt have is_public settings
-	is_public=0
-	ynh_app_setting_set "$app" is_public "$is_public"
-fi
-
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set "$app" is_public 1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set "$app" is_public 0
-	is_public=0
-fi
-
-# If final_path doesn't exist, create it
-if [[ -z "$final_path" ]]
-then
-	final_path="/var/www/$app"
-	ynh_app_setting_set "$app" final_path "$final_path"
-fi
-
-#=================================================
-# CHECK THE PATH
-#=================================================
-
-# Normalize the URL path syntax
-path_url=$(ynh_normalize_url_path $path_url)
+ynh_print_info "Backing up the app before upgrading (may take a while)..."
 
 # Backup the current version of the app
 ynh_backup_before_upgrade
@@ -72,32 +66,29 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+#=================================================
+# CHECK THE PATH
+#=================================================
+
+# Normalize the URL path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
+ynh_print_info "Upgrading source files..."
 
-# Move old app dir
-mv "$final_path" "$final_path.old"
-
+# Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source "$final_path"
-mkdir -p "$final_path"/sessions
 
-# restore data
-cp -a "$final_path.old/data" "$final_path"
-
-# restore plugins
-if [ -e "$final_path.old/plugins" ]
-then
-	cp -a "$final_path.old/plugins" "$final_path"
-fi
-# delete temp directory
-ynh_secure_remove "$final_path.old"
+mkdir -p $final_path/sessions/
 
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
+ynh_print_info "Upgrading nginx web server configuration..."
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
@@ -105,49 +96,60 @@ ynh_add_nginx_config
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
+ynh_print_info "Making sure dedicated system user exists..."
 
-# Create a system user
-ynh_system_user_create "$app"
+# Create a dedicated user (if not existing)
+ynh_system_user_create $app
 
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
+ynh_print_info "Upgrading php-fpm configuration..."
 
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 
 #=================================================
-# INSTALL DEPENDENCIES
+# UPGRADE DEPENDENCIES
 #=================================================
+ynh_print_info "Upgrading dependencies..."
 
 ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# Create config.php
+# CREATE CONFIG.PHP
 #=================================================
+ynh_print_info "Reconfiguring kanboard..."
+
+# Retrieve admin email
+email=$(ynh_user_get_info $admin mail)
 
 # Copy and edit config.php
-config_php="$final_path/config.php"
+config_php="${final_path}/config.php"
+
+ynh_backup_if_checksum_is_different "$config_php"
+
 cp ../conf/config.php "$config_php"
-
-ynh_replace_string "yuno_dbpdw"  "$dbpass" "$config_php"
-ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php"
-ynh_replace_string "yuno_admin"  "$admin"  "$config_php"
-ynh_replace_string "yuno_email"  "$email"  "$config_php"
-ynh_replace_string "yuno_domain" "$domain" "$config_php"
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php"
+ynh_replace_string "__DB_NAME__" $db_name "$config_php"
+ynh_replace_string "__USER__"    $admin   "$config_php"
+ynh_replace_string "__EMAIL__"   $email   "$config_php"
+ynh_replace_string "__DOMAIN__"  $domain  "$config_php"
 
 #=================================================
-# Database initialization
+# UPGRADE KANBOARD
 #=================================================
+ynh_print_info "Upgrading kanboard..."
 
 (
-        cd "$final_path"
-        # Launch database migratio
-        php cli db:migrate --no-interaction --verbose
-        # Launch plugins migration
-        php cli plugin:upgrade --no-interaction --verbose
+	cd "$final_path"
+	# Launch database migration
+	php cli db:migrate --no-interaction --verbose
+	# Launch plugins migration
+	php cli plugin:upgrade --no-interaction --verbose
 )
 
 #=================================================
@@ -156,41 +158,47 @@ ynh_replace_string "yuno_domain" "$domain" "$config_php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to kanboard and data directory
-chown -R root:root "$final_path"
-chown -R "$app" "$final_path"/{data,plugins,sessions}
-chmod -R 700 "$final_path"/sessions
+# Set permissions to app files
+chown -R root: $final_path
+chown -R $app $final_path/{data,plugins,sessions}
+chmod -R 700 $final_path/sessions
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_print_info "Upgrading fail2ban configuration..."
+
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" --max_retry=5
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
-
-if [[ "$path_url" == "/" ]]
-then
-	# ynh panel is only comptable with non-root installation
-	ynh_replace_string "	include conf.d/"  "	#include conf.d/"  "$finalnginxconf"
-
-	ynh_store_file_checksum "$finalnginxconf"
-else
-	ynh_replace_string "^#sub_path_only"      ""   "$finalnginxconf"
-	ynh_store_file_checksum "$finalnginxconf"
-fi
+ynh_print_info "Upgrading SSOwat configuration..."
 
 # Make app public or private
-if [[ "$is_public" -eq 1 ]];
+if [ $is_public -eq 1 ]
 then
-	ynh_app_setting_set "$app" unprotected_uris "/"
+	ynh_app_setting_set $app unprotected_uris "/"
 	ynh_replace_string "define('LDAP_AUTH'.*$"        "define('LDAP_AUTH', true);"        "$config_php"
 	ynh_replace_string "define('HIDE_LOGIN_FORM'.*$"  "define('HIDE_LOGIN_FORM', false);" "$config_php"
 	ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php"
 	ynh_replace_string "define('DISABLE_LOGOUT'.*$"   "define('DISABLE_LOGOUT', false);"  "$config_php"
 else
-	ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php"
+	ynh_app_setting_set $app unprotected_uris "/jsonrpc.php"
 fi
 
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$config_php"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
+ynh_print_info "Reloading nginx web server..."
 
-service php5-fpm restart
 systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Upgrade of $app completed"