diff --git a/README.md b/README.md
index 55c42d0..126561a 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Meilisearch for YunoHost
 
 [![Integration level](https://dash.yunohost.org/integration/meilisearch.svg)](https://dash.yunohost.org/appci/app/meilisearch) ![](https://ci-apps.yunohost.org/ci/badges/meilisearch.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/meilisearch.maintain.svg)  
-[![Install Meilisearch with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=meilisearch)
+[![Install Meilisearch with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=meilisearch)
 
 *[Lire ce readme en français.](./README_fr.md)*
 
@@ -12,7 +12,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
 
 Meilisearch is an opensource next generation search API.
 
-**Shipped version:** 0.15.0
+**Shipped version:** 0.20.0
 
 ## Screenshots
 
@@ -32,8 +32,8 @@ It's an API and there is no authentification, without API key.
 
 #### Supported architectures
 
-* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/meilisearch%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/meilisearch/)
-* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/meilisearch%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/meilisearch/)
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/meilisearch.svg)](https://ci-apps.yunohost.org/ci/apps/meilisearch/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/meilisearch.svg)](https://ci-apps-arm.yunohost.org/ci/apps/meilisearch/)
 
 ## Links
 
diff --git a/check_process b/check_process
index 9d3431d..34b5af9 100644
--- a/check_process
+++ b/check_process
@@ -4,11 +4,11 @@
 		echo -n "Here your commands to execute in the container"
 		echo ", before each installation of the app."
 	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		path="/path"	(PATH)
+		domain="domain.tld"
+		path="/path"
 		master_key="YUNOHOST-API-KEY-202020201456452135"
-		is_public=1	(PUBLIC|public=1|private=0)
-		port="3500"	(PORT)
+		is_public=1
+		port="3500"
 		data_path=""
 	; Actions
 		action_argument=arg1|arg2
@@ -34,9 +34,6 @@
 		change_url=1
 		actions=0
 		config_panel=0
-;;; Levels
-	# If the level 5 (Package linter) is forced to 1. Please add justifications here.
-	Level 5=auto
 ;;; Options
 Email=
 Notification=none
diff --git a/conf/systemd.service b/conf/systemd.service
index fb27ea4..8af88a7 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=Lightning Fast, Ultra Relevant, and Typo-Tolerant Search Engine
+Description=Meilisearch: Lightning Fast Search Engine
 After=systemd-user-sessions.service
 
 [Service]
@@ -7,7 +7,7 @@ Type=simple
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/
-ExecStart=/usr/bin/meilisearch --http-addr 127.0.0.1:__PORT__ --env production --master-key __API_KEY__ --no-analytics __ANALYTICS__
+ExecStart=/usr/bin/meilisearch --http-addr 127.0.0.1:__PORT__ --env production --master-key __MASTER_KEY__ --no-analytics __ANALYTICS__
 
 [Install]
 WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index fd28617..36426cc 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
     "en": "Lightning Fast, Ultra Relevant, and Typo-Tolerant Search Engine.",
     "fr": "Moteur de recherche rapide, ultra-performant et tolérant aux fautes de frappe."
   },
-  "version": "0.15.0~ynh1",
+  "version": "0.20.0~ynh1",
   "url": "https://www.meilisearch.com/",
   "license": "GPL-3.0",
   "maintainer": {
@@ -15,7 +15,7 @@
     "url": "https://julien.gomes-dias.dev"
   },
   "requirements": {
-    "yunohost": ">= 3.5"
+    "yunohost": ">= 4.2.0"
   },
   "multi_instance": true,
   "services": [
@@ -26,19 +26,11 @@
       {
         "name": "domain",
         "type": "domain",
-        "ask": {
-          "en": "Choose a dedicated domain name for Meilisearch",
-          "fr": "Choisissez un nom de domaine dédié pour Meilisearch"
-        },
         "example": "example.com"
       },
       {
         "name": "is_public",
         "type": "boolean",
-        "ask": {
-          "en": "Is it a public application?",
-          "fr": "Est-ce une application publique ?"
-        },
         "default": true
       },
       {
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 329de0c..df49d65 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-latest="v0.15.0"
+latest="v0.20.0"
 
 ynh_detect_arch() {
 	local architecture
diff --git a/scripts/install b/scripts/install
index 9ab3628..17005e2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -55,7 +55,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=master_key --value=$master_key
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 ynh_app_setting_set --app=$app --key=allow_analyse --value=$allow_analyse
 
@@ -71,6 +70,14 @@ ynh_script_progression --message="Finding an available port..." --weight=2
 port=$(ynh_find_port --port=8095)
 ynh_app_setting_set --app=$app --key=port --value=$port
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=1
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # DOWNLOAD AND INSTALL MEILISEARCH
 #=================================================
@@ -83,28 +90,22 @@ then
     ynh_die --message="Your OS Architecture is not supported"
 fi
 release_file=meilisearch-linux-$arch
-curl -OL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
+curl -sOL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
 chmod +x "$release_file"
 mv "$release_file" /usr/bin/meilisearch
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..." --weight=8
 
-### `ynh_add_nginx_config` will use the file conf/nginx.conf
-
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=1
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@@ -115,21 +116,10 @@ if [ $allow_analyse ]; then
 else
     ynh_replace_string "__ANALYTICS__" "true" "../conf/systemd.service"
 fi
-ynh_replace_string "__PORT__" "$port" "../conf/systemd.service"
-ynh_replace_string "__API_KEY__" "$master_key" "../conf/systemd.service"
 
 # Create a dedicated systemd config
 ynh_add_systemd_config
 
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R $app:$app $final_path
-
 #=================================================
 # SETUP LOGROTATE
 #=================================================
@@ -142,7 +132,7 @@ ynh_use_logrotate
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description "Opensource next generation search API" --log "/var/log/$app/$app.log"
+yunohost service add $app --description="Opensource next generation search API" --log="/var/log/$app/$app.log"
 
 #=================================================
 # START SYSTEMD SERVICE
@@ -152,24 +142,17 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
 
-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
-#
-## Create a dedicated fail2ban config
-#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..." --weight=1
 
-# Make app public if necessary
+# Make app public if necessary or protect it
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
 fi
 
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 8b842a1..cb3d3b1 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -32,7 +32,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 
-
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
@@ -51,6 +50,14 @@ test ! -d $final_path \
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@@ -58,6 +65,10 @@ ynh_script_progression --message="Restoring Meilisearch main directory..." --wei
 
 ynh_restore_file --origin_path="$final_path"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # RESTORE Meilisearch
 #=================================================
@@ -72,18 +83,10 @@ then
 fi
 
 release_file=meilisearch-linux-$arch
-curl -OL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
+curl -sOL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
 chmod +x "$release_file"
 mv "$release_file" /usr/bin/meilisearch
 
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
 #=================================================
@@ -101,13 +104,13 @@ ynh_system_user_create --username=$app
 ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
 
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
-systemctl enable $app.service
+systemctl enable $app.service --quiet
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description "Opensource next generation search API" --log "/var/log/$app/$app.log"
+yunohost service add $app --description="Opensource next generation search API" --log="/var/log/$app/$app.log"
 
 #=================================================
 # START SYSTEMD SERVICE
diff --git a/scripts/upgrade b/scripts/upgrade
index f3c5ec4..61bc011 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 master_key=$(ynh_app_setting_get --app=$app --key=master_key)
 allow_analyse=$(ynh_app_setting_get --app=$app --key=allow_analyse)
@@ -33,17 +32,8 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
-
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
 
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
@@ -51,11 +41,18 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
 
-ynh_script_progression --message="Configuring firewall..." --weight=2
+ynh_script_progression --message="Finding an available port.." --weight=2
 
 # Find an available port
 port=$(ynh_find_port --port=8095)
@@ -75,12 +72,6 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
-#=================================================
-# CHECK THE PATH
-#=================================================
-
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -98,6 +89,14 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # UPGRADING MEILISEARCH
 #=================================================
@@ -110,17 +109,13 @@ then
     ynh_die --message="Your OS Architecture is not supported"
 fi
 release_file=meilisearch-linux-$arch
-curl -OL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
+curl -sOL https://github.com/meilisearch/MeiliSearch/releases/download/$latest/meilisearch-linux-$arch
 chmod +x "$release_file"
 mv "$release_file" /usr/bin/meilisearch
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
@@ -148,40 +143,15 @@ if [ $allow_analyse ]; then
 else
     ynh_replace_string "__ANALYTICS__" "true" "../conf/systemd.service"
 fi
-ynh_replace_string "__PORT__" "$port" "../conf/systemd.service"
-ynh_replace_string "__API_KEY__" "$master_key" "../conf/systemd.service"
 
 # Create a dedicated systemd config
 ynh_add_systemd_config
 
 #=================================================
-# GENERIC FINALIZATION
-#=================================================
-# UPGRADE FAIL2BAN
-#=================================================
-#ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1
-
-# Create a dedicated fail2ban config
-#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
-#=================================================
-# SECURE FILES AND DIRECTORIES
+# INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-# Set permissions on app files
-chown -R $app:$app $final_path
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
+yunohost service add $app --description="Opensource next generation search API" --log="/var/log/$app/$app.log"
 
 #=================================================
 # START SYSTEMD SERVICE