diff --git a/check_process b/check_process
index f3d5834..06c8904 100755
--- a/check_process
+++ b/check_process
@@ -1,11 +1,11 @@
 ;; Test complet
 	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		admin="john"	(USER)
-		is_public=1	(PUBLIC|public=1|private=0)
+		domain="domain.tld"
+		admin="john"
+		is_public=1
 		password="pass"
 		name="my blog"
-		registration=0 (BOOLEAN)
+		registration=0
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=0
diff --git a/conf/x86-64.src b/conf/amd64.src
similarity index 93%
rename from conf/x86-64.src
rename to conf/amd64.src
index 8951efd..8c85104 100644
--- a/conf/x86-64.src
+++ b/conf/amd64.src
@@ -3,4 +3,3 @@ SOURCE_SUM=faca15f1b036929fd9c0a5cff29dbf12eb559500ee25052ba716138c5b93e63f
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=false
-SOURCE_FILENAME=
diff --git a/conf/arm64.src b/conf/arm64.src
index ea689bf..19c4291 100644
--- a/conf/arm64.src
+++ b/conf/arm64.src
@@ -3,4 +3,3 @@ SOURCE_SUM=c821052f0d7c6cbb2d4eeffd143fb36b3add30b57c4bfc442d6604bd43e2f1b2
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=false
-SOURCE_FILENAME=
diff --git a/conf/nginx.conf b/conf/nginx.conf
index f057d1f..dcbc7d0 100755
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,8 +1,4 @@
 location __PATH__/ {
-  # Force usage of https
-  if ($scheme = http) {
-    rewrite ^ https://$server_name$request_uri? permanent;
-  }
 
   proxy_pass http://localhost:__PORT__/;
   proxy_set_header Host $http_host;
diff --git a/conf/systemd.service b/conf/systemd.service
index e8d2327..4ea0196 100755
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -11,5 +11,36 @@ ExecStart=/bin/sh -c '__FINALPATH__/.cargo/bin/plume >> /var/log/__APP__/__APP__
 TimeoutSec=30
 Restart=always
 
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index bc25a63..d1b6d17 100755
--- a/manifest.json
+++ b/manifest.json
@@ -4,7 +4,7 @@
     "packaging_format": 1,
     "description": {
         "en": "Federated blogging application",
-        "fr": "Une application de blogging fédérée."
+        "fr": "Application de blogging fédérée"
     },
     "version": "0.6.0~ynh2",
     "url": "https://joinplu.me/",
@@ -13,7 +13,7 @@
         "name": "yalh76"
     },
     "requirements": {
-        "yunohost": ">= 4.1.3"
+        "yunohost": ">= 4.3.0"
     },
     "multi_instance": true,
     "services": [
@@ -23,13 +23,11 @@
         "install" : [
             {
                 "name": "domain",
-                "type": "domain",
-                "example": "example.com"
+                "type": "domain"
             },
             {
                 "name": "admin",
-                "type": "user",
-                "example": "johndoe"
+                "type": "user"
             },
             {
                 "name": "is_public",
@@ -38,8 +36,7 @@
             },
             {
                 "name": "password",
-                "type": "password",
-                "example": "Choose a password"
+                "type": "password"
             },
             {
                 "name": "name",
diff --git a/scripts/change_url b/scripts/change_url
index 53e96df..f89d7aa 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..."
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 
-# Add settings here as needed by your application
-#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-#db_user=$db_name
-#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
-
 #=================================================
 # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
 #=================================================
diff --git a/scripts/install b/scripts/install
index 1c083b8..d364237 100755
--- a/scripts/install
+++ b/scripts/install
@@ -7,7 +7,6 @@
 #=================================================
 
 source _common.sh
-source ynh_detect_arch__2
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -33,6 +32,7 @@ instance_name=$YNH_APP_ARG_NAME
 registration=$YNH_APP_ARG_REGISTRATION
 admin_email=$(ynh_user_get_info $admin 'mail')
 secret_key=$(ynh_string_random --length=32 | base64)
+architecture=$YNH_ARCH
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -41,9 +41,8 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 ynh_script_progression --message="Validating installation parameters..."
 
-architecture=$(ynh_detect_arch)
 # Check machine architecture (in particular, we don't support ARM and 32bit machines)
-if [ $architecture == "arm" ]
+if [ $architecture == "armhf" ]
 then
 	ynh_die --message="Sorry, but this app can only be installed on a 64 bits machine :("
 fi
@@ -83,7 +82,7 @@ ynh_app_setting_set --app=$app --key=port --value=$port
 #=================================================
 ynh_script_progression --message="Installing dependencies..."
 
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # CREATE DEDICATED USER
@@ -98,13 +97,10 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 ynh_script_progression --message="Creating a PostgreSQL database..."
 
-ynh_psql_test_if_first_run
 db_name=$(ynh_sanitize_dbid --db_name=$app)
-db_user=$db_name
-db_pwd=$(ynh_string_random --length=30)
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
-ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
+ynh_psql_test_if_first_run
+ynh_psql_setup_db --db_user=$db_name --db_name=$db_name
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
diff --git a/scripts/restore b/scripts/restore
index b15d9a8..9d983e3 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -8,7 +8,6 @@
 
 # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
-source ../settings/scripts/ynh_detect_arch__2
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -33,17 +32,14 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..."
 
-ynh_webpath_available --domain=$domain --path_url=$path_url \
-	|| ynh_die --message="Path not available: ${domain}${path_url}"
-test ! -d $final_path \
-	|| ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
@@ -89,7 +85,7 @@ chown -R "$app":"$app" "/var/log/$app"
 ynh_script_progression --message="Reinstalling dependencies..."
 
 # Define and install dependencies
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
diff --git a/scripts/upgrade b/scripts/upgrade
index a852f9d..597b478 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -7,7 +7,6 @@
 #=================================================
 
 source _common.sh
-source ynh_detect_arch__2
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -23,16 +22,14 @@ admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 port=$(ynh_app_setting_get --app=$app --key=port)
 secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
-
-architecture=$(ynh_detect_arch)
+architecture=$YNH_ARCH
 
 #=================================================
 # CHECK VERSION
 #=================================================
-ynh_script_progression --message="Checking version..."
 
 upgrade_type=$(ynh_check_app_version_changed)
 
@@ -136,7 +133,7 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..."
 
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # SPECIFIC UPGRADE
diff --git a/scripts/ynh_detect_arch__2 b/scripts/ynh_detect_arch__2
deleted file mode 100644
index b1c7375..0000000
--- a/scripts/ynh_detect_arch__2
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-# Check the architecture
-#
-# example: architecture=$(ynh_detect_arch)
-#
-# usage: ynh_detect_arch
-#
-# Requires YunoHost version 2.2.4 or higher.
-
-ynh_detect_arch(){
-	local architecture
-	if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then
-		architecture="arm64"
-	elif [ -n "$(uname -m | grep 64)" ]; then
-		architecture="x86-64"
-	elif [ -n "$(uname -m | grep 86)" ]; then
-		architecture="i386"
-	elif [ -n "$(uname -m | grep arm)" ]; then
-		architecture="arm"
-	else
-		architecture="unknown"
-	fi
-	echo $architecture
-}