diff --git a/conf/app.src b/conf/app.src
index b8c853e..26c1c75 100755
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
 SOURCE_URL=https://codeberg.org/zot/osada/archive/0c22781a2271170d0557881ac58a202148351c64.tar.gz
-SOURCE_SUM=0cdd761aac0f1a382f6593868bd66d9919333fda4edeb1f2904d13a01febbeed
+SOURCE_SUM=
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=
diff --git a/conf/cron b/conf/cron
new file mode 100755
index 0000000..fb39087
--- /dev/null
+++ b/conf/cron
@@ -0,0 +1,2 @@
+# Run poller periodically to update Osada
+*/10 * * * * __APP__ cd __FINALPATH__; /usr/bin/php__PHPVERSION__ Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1
diff --git a/conf/htconfig.sample.php b/conf/htconfig.sample.php
new file mode 100644
index 0000000..fad9a67
--- /dev/null
+++ b/conf/htconfig.sample.php
@@ -0,0 +1,95 @@
+<?php
+
+// If automatic system installation fails: 
+
+// Copy or rename this file to .htconfig.php in the top level 
+// Hubzilla directory
+
+// Why .htconfig.php? Because it contains sensitive information which could
+// give somebody complete control of your database. Apache's default 
+// configuration denies access to and refuses to serve any file beginning 
+// with .ht
+
+// Then set the following for your MySQL installation
+
+$db_host = 'localhost'; // Use 'localhost' if you aren't using a remote server
+$db_port = 0;                    // leave 0 for default or set your port
+$db_user = '__DB_NAME__';
+$db_pass = '__DB_PWD__';
+$db_data = '__DB_NAME__';
+$db_type = 0; // use 1 for postgres, 0 for mysql
+
+/*
+ * Notice: Many of the following settings will be available in the admin panel 
+ * after a successful site install. Once they are set in the admin panel, they
+ * are stored in the DB - and the DB setting will over-ride any corresponding
+ * setting in this file
+ *
+ * The command-line tool util/config is able to query and set the DB items 
+ * directly if for some reason the admin panel is not available and a system
+ * setting requires modification. 
+ *
+ */ 
+
+
+// Choose a legal default timezone. If you are unsure, use "America/Los_Angeles".
+// It can be changed later and only applies to timestamps for anonymous viewers.
+
+App::$config['system']['timezone'] = 'America/Los_Angeles';
+
+// What is your site name? DO NOT ADD A TRAILING SLASH!
+
+App::$config['system']['baseurl'] = 'https://__DOMAIN__';
+App::$config['system']['sitename'] = "Zap";
+App::$config['system']['location_hash'] = '__RANDOM_STRING__';
+
+
+// These lines set additional security headers to be sent with all responses
+// You may wish to set transport_security_header to 0 if your server already sends
+// this header. content_security_policy may need to be disabled if you wish to
+// run the piwik analytics plugin or include other offsite resources on a page
+
+App::$config['system']['transport_security_header'] = 1;
+App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
+
+
+// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
+// Be certain to create your own personal account before setting 
+// REGISTER_CLOSED. 'register_text' (if set) will be displayed prominently on 
+// the registration page. REGISTER_APPROVE requires you set 'admin_email'
+// to the email address of an already registered person who can authorise
+// and/or approve/deny the request. 
+
+// In order to perform system administration via the admin panel, admin_email
+// must precisely match the email address of the person logged in.
+
+App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_text'] = '';
+App::$config['system']['admin_email'] = '__EMAIL__';
+
+// Location of PHP command line processor
+
+App::$config['system']['php_path'] = '/usr/bin/php__PHPVERSION__';
+
+
+// Configure how we communicate with directory servers.
+// DIRECTORY_MODE_NORMAL     = directory client, we will find a directory (all of your member's queries will be directed elsewhere)
+// DIRECTORY_MODE_SECONDARY  = caching directory or mirror (keeps in sync with realm primary [adds significant cron execution time])
+// DIRECTORY_MODE_PRIMARY    = main directory server (you do not want this unless you are operating your own realm. one per realm.)
+// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services (only local site members in directory)
+
+App::$config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;
+
+
+// PHP error logging setup
+// Before doing this ensure that the webserver has permission
+// to create and write to php.out in the top level Red directory,
+// or change the name (below) to a file/path where this is allowed.
+
+ini_set('display_errors', '0');
+
+// Uncomment the following 4 lines to turn on PHP error logging.
+error_reporting(E_ERROR | E_PARSE ); 
+ini_set('error_log','php.out'); 
+ini_set('log_errors','1'); 
diff --git a/conf/nginx.conf b/conf/nginx.conf
index a3dd41f..4b25d40 100755
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,16 +1,14 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
+
     alias __FINALPATH__/;
-	# Force https
-	if ($scheme = http)
 
-	{
-		rewrite ^ https://$server_name$request_uri? permanent;
-	}
+	# Force usage of https
+  	if ($scheme = http) {
+    	rewrite ^ https://$server_name$request_uri? permanent;
+  	}
 
-	if (!-e $request_filename)
-
-	{
+	if (!-e $request_filename){
 		rewrite ^(.*)$ /index.php?req=$1;
 	}
 
@@ -21,21 +19,17 @@ location __PATH__/ {
     index  index.php;
     charset utf-8;
 
-
-	# Example PHP configuration
-	location ~* \.php$
-	{
-	try_files $uri =404;
-    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	location ~* \.php$ {
+		try_files $uri =404;
+	    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+	    fastcgi_index index.php;
+	    include fastcgi_params;
+	    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 	}
 
 	# make sure webfinger and other well known services aren't blocked
 	# by denying dot files and rewrite request to the front controller
-	location ^~ /.well-known/
-	{
+	location ^~ /.well-known/ {
 		allow all;
 		if (!-e $request_filename)
 		{
@@ -53,20 +47,17 @@ location __PATH__/ {
 	# }
 
 	# block these file types
-	location ~* \.(tpl|md|tgz|log|out)$
-	{
+	location ~* \.(tpl|md|tgz|log|out)$ {
 		deny all;
 	}
 
 	# deny access to all dot files
-	location ~ /\.
-	{
+	location ~ /\. {
 		deny all;
 	}
 
 	#deny access to store
-	location ~ /store
-	{
+	location ~ /store {
 		deny  all;
 	}
 
@@ -74,5 +65,5 @@ location __PATH__/ {
 	location ~ /util {
         deny  all;
 	}
-
- }
\ No newline at end of file
+ }
+ 
\ No newline at end of file
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
index 096bb76..ab1a471 100755
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@@ -1,10 +1,11 @@
 ; Start a new pool named 'www'.
-; the variable $pool can we used in any directive and will be replaced by the
+; the variable $pool can be used in any directive and will be replaced by the
 ; pool name ('www' here)
 [__NAMETOCHANGE__]
 
 ; Per pool prefix
 ; It only applies on the following directives:
+; - 'access.log'
 ; - 'slowlog'
 ; - 'listen' (unixsocket)
 ; - 'chroot'
@@ -24,28 +25,35 @@ group = __USER__
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
-;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
 ;                            a specific port;
-;   'port'                 - to listen on a TCP socket to all addresses on a
-;                            specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
+listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
 
-; Set listen(2) backlog. A value of '-1' means unlimited.
-; Default Value: 128 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 128
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 511
 
 ; Set permissions for unix socket, if one is used. In Linux, read/write
 ; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions. 
+; BSD-derived systems allow connections regardless of permissions.
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0660
 listen.owner = www-data
 listen.group = www-data
 ;listen.mode = 0660
- 
-; List of ipv4 addresses of FastCGI clients which are allowed to connect.
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
 ; must be separated by a comma. If this value is left blank, connections will be
@@ -59,7 +67,13 @@ listen.group = www-data
 ;       - The pool processes will inherit the master process priority
 ;         unless it specified otherwise
 ; Default Value: no set
-; priority = -19
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
 
 ; Choose how the process manager will control the number of child processes.
 ; Possible Values:
@@ -96,7 +110,7 @@ pm = dynamic
 ; forget to tweak pm.* to fit your needs.
 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 ; Note: This value is mandatory.
-pm.max_children = 10
+pm.max_children = 5
 
 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
@@ -117,12 +131,12 @@ pm.max_spare_servers = 3
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
 ;pm.process_idle_timeout = 10s;
- 
+
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 ; Default Value: 0
-pm.max_requests = 500
+;pm.max_requests = 500
 
 ; The URI to view the FPM status page. If this value is not set, no URI will be
 ; recognized as a status page. It shows the following informations:
@@ -170,7 +184,7 @@ pm.max_requests = 500
 ;
 ; By default the status page only outputs short status. Passing 'full' in the
 ; query string will also return status for each pool process.
-; Example: 
+; Example:
 ;   http://www.foo.bar/status?full
 ;   http://www.foo.bar/status?json&full
 ;   http://www.foo.bar/status?html&full
@@ -215,7 +229,7 @@ pm.max_requests = 500
 ;   last request memory:  0
 ;
 ; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: ${prefix}/share/fpm/status.html
+;       It's available in: /usr/share/php/7.0/fpm/status.html
 ;
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
@@ -275,7 +289,7 @@ pm.max_requests = 500
 ;      - %{megabytes}M
 ;      - %{mega}M
 ;  %n: pool name
-;  %o: ouput header
+;  %o: output header
 ;      it must be associated with embraces to specify the name of the header:
 ;      - %{Content-Type}o
 ;      - %{X-Powered-By}o
@@ -283,7 +297,7 @@ pm.max_requests = 500
 ;      - ....
 ;  %p: PID of the child that serviced the request
 ;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string 
+;  %q: the query string
 ;  %Q: the '?' character if query string exists
 ;  %r: the request URI (without the query string, see %q and %Q)
 ;  %R: remote IP address
@@ -291,47 +305,51 @@ pm.max_requests = 500
 ;  %t: server time the request was received
 ;      it can accept a strftime(3) format:
 ;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
 ;  %T: time the log has been written (the request has finished)
 ;      it can accept a strftime(3) format:
 ;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
 ;  %u: remote user
 ;
 ; Default: "%R - %u %t \"%m %r\" %s"
 ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
- 
+
 ; The log file for slow requests
 ; Default Value: not set
 ; Note: slowlog is mandatory if request_slowlog_timeout is set
-slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
- 
+;slowlog = log/$pool.log.slow
+
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
-request_slowlog_timeout = 5s
- 
+;request_slowlog_timeout = 0
+
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_terminate_timeout = 1d
- 
+
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
- 
+
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
- 
+
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
 ; of its subdirectories. If the pool prefix is not set, the global prefix
 ; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever 
+; Note: chrooting is a great security feature and should be used whenever
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
@@ -347,16 +365,25 @@ chdir = __FINALPATH__
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
-catch_workers_output = yes
+;catch_workers_output = yes
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
 
 ; Limits the extensions of the main script FPM will allow to parse. This can
 ; prevent configuration mistakes on the web server side. You should only limit
 ; FPM to .php extensions to prevent malicious users to use other extensions to
-; exectute php code.
+; execute php code.
 ; Note: set an empty value to allow all extensions.
 ; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5
- 
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
 ; the current environment.
 ; Default Value: clean env
@@ -370,7 +397,7 @@ catch_workers_output = yes
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'. 
+;                                    be overwritten from PHP call 'ini_set'.
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@@ -392,13 +419,12 @@ catch_workers_output = yes
 ;php_admin_value[memory_limit] = 32M
 
 ; Common values to change to increase file upload limit
-; upload_max_filesize = 50M
-; post_max_size = 50M
-; mail.add_x_header = Off
+; php_admin_value[upload_max_filesize] = 50M
+; php_admin_value[post_max_size] = 50M
+; php_admin_flag[mail.add_x_header] = Off
 
 ; Other common parameters
-; max_execution_time = 600
-; max_input_time = 300
-; memory_limit = 256M
-; short_open_tag = On
-; cgi.fix_pathinfo = 0;
+; php_admin_value[max_execution_time] = 600
+; php_admin_value[max_input_time] = 300
+; php_admin_value[memory_limit] = 256M
+; php_admin_flag[short_open_tag] = On
diff --git a/conf/poller-cron b/conf/poller-cron
deleted file mode 100755
index 0808434..0000000
--- a/conf/poller-cron
+++ /dev/null
@@ -1,2 +0,0 @@
-# Run poller periodically to update Osada
-*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1
diff --git a/manifest.json b/manifest.json
index 55eb103..b5ef8c9 100755
--- a/manifest.json
+++ b/manifest.json
@@ -3,8 +3,8 @@
     "id": "osada",
     "name": "osada",
     "description": {
-        "en": "Osada is a decentralized publication platform and social network.",
-        "fr": "Osada est une plateforme de publication décentralisée et un réseau social."
+        "en": "Decentralized publication platform and social network",
+        "fr": "Plateforme de publication décentralisée et un réseau social"
     },
     "url": "http://zotlabs.com/osada/",
     "license": "MIT",
@@ -15,12 +15,12 @@
     },
     "services": [
         "nginx",
-        "php7.0-fpm",
+        "php7.3-fpm",
         "mysql",
         "postgresql"
     ],
     "requirements": {
-        "yunohost": ">= 4.0.0"
+        "yunohost": ">= 4.2.4"
     },
     "multi_instance": true,
     "arguments": {
@@ -28,18 +28,12 @@
             {
                 "name": "domain",
                 "type": "domain",
-                "ask": {
-                    "en": "Choose a domain for your Osada. Osada must run in the root of this domain. It means no other app can be accessed/run from this domain. We advise to use a dedicated subdomain such as osada.domain.tld",
-                    "fr": "Indiquez un domain pour Osada. Osada doit être installé à la racine du domaine. Cela implique qu'aucune autre app ne pourra être installée ou accessible sur ce domain. Nous conseillons un sous-domaine dédié par exemple osada.domain.tld."
-                }
+                "example": "example.com"
             },
             {
                 "name": "admin",
                 "type": "user",
-                "ask": {
-                    "en": "Choose the Osada administrator (must be an existing YunoHost user)",
-                    "fr": "Choisissez l'administrateur de Osada (doit être un utilisateur YunoHost existant)"
-                }
+                "example": "johndoe"
             },
             {
                 "name": "database",
diff --git a/scripts/backup b/scripts/backup
index 337578d..524c6cc 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -23,7 +23,8 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."
+ynh_print_info --message="Loading installation settings..."
+
 app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
diff --git a/scripts/install b/scripts/install
index 2d7bb74..ae10fba 100755
--- a/scripts/install
+++ b/scripts/install
@@ -27,7 +27,7 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
 admin=$YNH_APP_ARG_ADMIN
-email=$(yunohost user info $admin | grep "mail:" | cut -d' ' -f2)
+email=$(ynh_user_get_info --username=$admin --key=mail)
 upload="256M"
 random_string="$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)"
 database=`expr $YNH_APP_ARG_DATABASE`
@@ -69,6 +69,14 @@ if [ $database -eq 2 ]; then
 	ynh_install_app_dependencies $pkg_dependencies
 fi
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..."
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -114,7 +122,6 @@ pushd "$final_path"
 
 		ln -s ../extend/addon/zaddons/$base $base
 	done
-
 popd
 
 
@@ -123,17 +130,17 @@ ynh_script_progression --message="Creating smarty3 folder for personal data..."
 
 mkdir -p "${final_path}/store"
 mkdir -p  "${final_path}/cache/smarty3"
-chmod -R 777 $final_path/store $final_path/cache
-
-# Copy the template install/htconfig.sample.php to .htconfig.php
-ynh_script_progression --message="Moving .htconfig.php to root of Osada ..."
-config="$final_path/.htconfig.php"
-cp $final_path/install/htconfig.sample.php $config
 
 # Create php.log inside Osada for logs
 ynh_script_progression --message="Create php.log for the Osada debuging..."
+
 touch "$final_path/php.log"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+chmod -R 755 $final_path/store $final_path/cache
+
 #=================================================
 # CREATE A  DATABASE
 #=================================================
@@ -161,46 +168,6 @@ else
 	ynh_die --message="Some problem occured in creating the database, contact maintainer"
 fi
 
-#=================================================
-# MODIFY A CONFIG FILE
-#=================================================
-
-phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
-ynh_replace_string --match_string="your.mysqlhost.com" --replace_string="localhost" --target_file="$config"
-ynh_replace_string --match_string= "mysqlpassword" --replace_string="$db_pwd" --target_file="$config"
-ynh_replace_string --match_string="mysqlusername" --replace_string="$db_name" --target_file="$config"
-ynh_replace_string --match_string= "mysqldatabasename" --replace_string="$db_name" --target_file="$config"
-ynh_replace_string --match_string= "mysite.example" --replace_string="$domain" --target_file="$config"
-ynh_replace_string --match_string= "if the auto install failed, put a unique random string here" --replace_string="$random_string" --target_file="$config"
-sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" "$config"
-ynh_replace_string --match_string= "//error_reporting(E_ERROR | E_WARNING | E_PARSE );" --replace_string="error_reporting(E_ERROR | E_WARNING | E_PARSE );" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('error_log','php.out');" --replace_string="ini_set('error_log','php.log');" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('log_errors','1');" --replace_string="ini_set('log_errors','1');" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('display_errors', '0');" --replace_string="ini_set('display_errors', '0');" --target_file="$config"
-sed -i "s/\['php_path'\] = 'php';/\['php_path'\] = 'php$phpversion';/g" "$config"
-
-# addon ldap config
-ynh_script_progression --message="Push LDAP configuration to .htconfig.php..."
-
-cat ../conf/ldap_conf.php >> $final_path/.htconfig.php
-
-#=================================================
-# NGINX CONFIGURATION
-#=================================================
-ynh_script_progression --message="Configuring NGINX web server..."
-### `ynh_add_nginx_config` will use the file conf/nginx.conf
-
-# Create a dedicated NGINX config
-ynh_add_nginx_config
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..."
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -208,17 +175,31 @@ ynh_script_progression --message="Configuring PHP-FPM..."
 
 # Create a dedicated PHP-FPM config
 ynh_add_fpm_config --package="$extra_php_dependencies"
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
-# Set right permissions for Osada
-ynh_script_progression --message="Set right for Osada..."
-chown -R $app: $final_path
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
 
-# Set up cron job
+ynh_add_config --template="../conf/htconfig.sample.php" --destination="$final_path/.htconfig.php"
+
+# addon ldap config
+ynh_add_config --template="../conf/ldap_conf.php" --destination="$final_path/.htconfig.php"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Configuring NGINX web server..."
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
+#=================================================
+# SETUP CRON JOB
+#=================================================
 ynh_script_progression --message="Setting up cron job..."
-ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path"  --target_file="../conf/poller-cron"
-ynh_replace_string --match_string="__USER__" --replace_string="$app"  --target_file="../conf/poller-cron"
-ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion"  --target_file="../conf/poller-cron"
-cp ../conf/poller-cron /etc/cron.d/$app
+
+ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 
 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
@@ -239,13 +220,15 @@ ynh_use_logrotate "$final_path/php.log"
 # SETUP FAIL2BAN
 #=================================================
 ynh_script_progression --message="Add Fail2Ban..."
+
 ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
+ynh_script_progression --message="Configuring permissions..."
+
 # As Osada is social network and have its own permission there is no need to keep Osada behind SSO
-ynh_script_progression --message="Configuring SSOwat..."
 ynh_permission_update --permission="main" --add="visitors"
 
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 5f8af87..22de558 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -55,6 +55,14 @@ test ! -d $final_path \
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_print_info "Recreating the dedicated system user..."
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@@ -84,14 +92,6 @@ elif [ $database -eq 2 ]; then
 	ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
 fi
 
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_print_info "Recreating the dedicated system user..."
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create $app
-
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
@@ -125,9 +125,6 @@ ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
 ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
 ynh_systemd_action --action=restart --service_name=fail2ban
 
-# Make app public
-ynh_app_setting_set $app skipped_uris "/"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 9d03e17..29eb5af 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -25,14 +25,10 @@ database=$(ynh_app_setting_get --app=$app --key=database)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
-# ENSURE DOWNWARD COMPATIBILITY
+# CHECK VERSION
 #=================================================
 
-# If db_name doesn't exist, create it
-if [ -z "$db_name" ]; then
-	db_name=$(ynh_sanitize_dbid --db_name=$app)
-	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-fi
+upgrade_type=$(ynh_check_app_version_changed)
 
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@@ -49,21 +45,14 @@ ynh_clean_setup () {
 ynh_abort_if_errors
 
 #=================================================
-# STANDARD UPGRADE STEPS
+# ENSURE DOWNWARD COMPATIBILITY
 #=================================================
-# REMOVE APP MAIN DIR
-#=================================================
-ynh_print_info "Upgrading source files..."
 
-# Create a temporary directory
-# tmpdir="$(ynh_smart_mktemp 6000)"
-# Backup the config file in the temp dir
-# cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php"
-# cp -a "$final_path/store" "$tmpdir/store"
-# cp -a "$final_path/php.log" "$tmpdir/php.log"
-
-# Remove the app directory securely
-# ynh_secure_remove "$final_path"
+# If db_name doesn't exist, create it
+if [ -z "$db_name" ]; then
+	db_name=$(ynh_sanitize_dbid --db_name=$app)
+	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
+fi
 
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
@@ -71,6 +60,14 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -123,7 +120,7 @@ if [ `cd $final_path && git rev-parse --is-inside-work-tree` ]; then
 			fi;
 		done
 	popd
-	chmod -R 777 $final_path/store
+	chmod -R 775 $final_path/store
 else
 
     # Create a temporary directory
@@ -151,6 +148,10 @@ else
 
 fi
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -159,17 +160,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
-# Set right permissions for curl install
-chown -R $app: $final_path
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -192,27 +182,25 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
+#=================================================
 # UPGRADE FAIL2BAN
 #=================================================
 ynh_script_progression --message="Re-configure Fail2Ban..."
 
 ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
 
-# Set cron job
-ynh_print_info "Setting up cron job..."
-ynh_replace_string  --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron"
-ynh_replace_string --match_string="__USER__" --replace_string="$app"  --target_file="../conf/poller-cron"
-ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion"  --target_file="../conf/poller-cron"
-cp -f ../conf/poller-cron /etc/cron.d/$app
+#=================================================
+# SETUP CRON JOB
+#=================================================
+
+ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..."
+
 if [  $database -eq 1 ]; then
-	#=================================================
-	# CHECK VERSION FOR SPECIFIC MYSQL UPDATE
-	#=================================================
 
 	# Check version and if this version was a fresh install push mysql query
 	db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@@ -222,13 +210,6 @@ elif [ $database -eq 2 ]; then
 	ynh_install_app_dependencies $pkg_dependencies
 fi
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-# As Osada is social network and have its own permission there is no need to keep Osada behind SSO
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-
 #=================================================
 # RELOAD NGINX
 #=================================================